Search Results

Search found 59864 results on 2395 pages for 'application security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 165/2395 | < Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >

  • Implementing Security on custom BCS/.net class?

    - by Michael Stum
    I'm implementing a custom BCS Model to get data from a backend system. As the backend uses it's own user management, I'm accessing it through a service account. All of this works well and allows me to pull data into SharePoint. However because it's channeled through the service account, everyone can access it, which is bad. Can anyone give me some tips which method to implement? The backend does not give me NT ACLs, but I wonder if I could just "fake" them somehow? (Essentially saying "This NT Group has Read Access" is good enough). I am aware of ISecurityTrimmer2 for Search Results, but ideally I want to cover security inside the BCS Model so that it applies to external lists as well. I want to avoid using Secure storage and mapping each individual user to the backend.

    Read the article

  • Wrapping a C# service in a console app to debug it.

    - by Jack Smit
    I want to debug a service written in C# and the old fashioned way is just too long. I have to stop the service, start my application that uses the service in debug mode (Visual studio 2008), start the service, attach to the service process and then navigate in my Asp.Net application to trigger the service. I basically have the service running in the background, waiting for a task. The web application will trigger a task to be picked up by the service. What I would like to do is to have a console application that fires the service in an effort for me to debug. Is there any simple demo that anybody knows about? Thank you Jack

    Read the article

  • Need strategy to phone home to a Pyton web app and check licensing information for a commercial Wind

    - by Cornish
    What's a good strategy for building licensing checking into a Windows desktop app using a Python web application? This is a very open ended question because I don't have the slightest clue how to start to build this feature. What I do have is a number of general concerns: I have developed a commercial Windows desktop application and I want to make money from it but I don't want to build the licensing into the app since it's inevitable that someone will create a keygen or a crack, circulate it online and then it's 'game over' for me. So my idea was to create a web application where people could purchase a license key that is generated by the web app and every time the desktop application is started up, it will 'phone home' to the web app to check whether the license is valid and whether it seems to be in use at multiple locations. I'm just not sure how to do this. Would appreciate any general technical strategies and/or pointers to libraries/modules that might be of use.

    Read the article

  • BrowserField or CustomControls? What is the best to use when submitting and fetching data from web?

    - by SIA
    Hi Everybody, I am unable to decide whether what to use for my blackberry application. I am developing an application for Blackberry Device. This application send and recieves data from website. Thats the only functionality. I wanted to know what the best approach to go with. Shall i use BrowserField and display html in the application?? OR Shall i develop the custom controls and update the UI with the data fetched from the web?? Please Suggest, advice. thanks SIA

    Read the article

  • Flash security popup is unclickable on a layered window

    - by sjlewis
    I have a layered (TransparencyKey is set) winform w/ a WebBrowser control on it that navigates to a page that contains flash (swf). Everything works okay except that when flash shows a security popup, none of the buttons on the popup respond to mouse click, so I can't click Allow/Deny. Right-click works but only shows the context menu that is normal to flash. I tried overriding WndProc on the WebBrowser control, as suggested here, but it still does not respond to mouse click. If I comment out the TransparencyKey setting, even w/o the WndProc override, the buttons respond. I thought this'd be a container issue so I decided to host the swf file on the form, using the example here, but this, too, had the same problem w/ layered window. So, is there another way that can get around this problem? What is it w/ layered window that renders the buttons on the flash popup unclickable? What is it w/ flash...?

    Read the article

  • Flex Inheriting Logged in User

    - by Nick
    I am trying to secure my Flex application within my Java web application. Currently my Java web application, handles logging and managing user accounts and the like. I was wondering if there is a way to essentially share that user credentials with the Flash movie in a secure mechanism? For instance, if you log in, we want you to be able to save items in the Flex application for that user, only if that user is logged in of course. Any ideas? Any help is greatly appreciated.

    Read the article

  • outputting html in runtime in asp.net

    - by madness800
    Hi all, I'm building a website at the moment, I've some html fragment that is being stored into the database, I've been reading around that inserting HTML at runtime poses security risks by using the InnerHTML property of any html tag with runat server on it. So, my question is there any alternative way to safely display the html code and won't pose security risks and is it best to assume any textboxes on any given page is dangerous and process the text in the textboxes with Server.HtmlEncode before I store it to database? Cheers

    Read the article

  • ie6 p3p 'file download security warning'

    - by cometta
    i have a page inside iframe, so i set the header to "P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"" after that my page inside iframe able to load properly and i able to authenticate user with 'form' post . but on ie6, when i post 'form' inside iframe, i get ie6 message 'file download security warning on javascript file' . those javascript files are put on 'head' of pages inside iframe. how comes ie6 suddenly pop up dialog asking to download those files? anyone know which p3p parameter cause this problem?

    Read the article

  • Making sure a web page is not cached, across all browsers.

    - by Edward Wilde
    Our investigations have shown us that not all browsers respect the http cache directives in a uniform manner. For security reasons we do not want certain pages in our application to cached, ever, by the web browser. This must work for at least the following browsers: Internet Explorer versions 6-8 FireFox versions 1.5 - 3.0 Safari version 3 Opera 9 Our requirement came from a security test. After logging out from our website you could press the back button and view cached pages.

    Read the article

  • Android - display specific contacts information

    - by Donal Rafferty
    In my application when a user clicks on a button I want to open the contacts application and display a particular contacts information. At the minute I have this: Intent intent = new Intent(Intent.ACTION_VIEW, People.CONTENT_URI); startActivity(intent); This displays the contact application with all the contacts displayed. But how do I get it to display just one contact according to the contacts name or number?

    Read the article

  • ASP.NET: disabling authentication for a single aspx page (custom error page)?

    - by Richard Collette
    I am using a custom error page: <customErrors redirectMode="ResponseRedirect" mode="On" defaultRedirect="Error2.aspx"/> I want to disable authentication for the custom error page because the error being raised is related to an authentication module and I don't want to get into an infinite loop and I want to display a clean error page to the user. I have been trying the following configuration to do that. <location path="Error2.aspx"> <system.web> <authentication mode="None"/> <authorization> <allow users="?"/> <allow users="*"/> </authorization> </system.web> </location> I am getting a System.Configuration.ConfigurationErrorsException for the line that sets the authentication mode. It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS. I have verified that there are no other web.config files in subdirectories under the application's folder. The applications folder is configured as an application in IIS and the error page is at the application's root. File permissions set for the error page in IIS include anonymous and windows authentication (I have tried just anonymous as well).

    Read the article

  • Import received e-mails from Outlook to MSSQL database

    - by _simon_
    How can I automatically import some data from received e-mail from Outlook to MSSQL database? So, when I receive an e-mail (from a preset sender), Outlook should be able to run an external application with the subject and body as parameter. This application will then parse the body of the e-mail and send it to database. Is it possible to set this in 'Rules and alerts' in Outlook (I don't think so)? Or is it possible to do it with macros (an example would be nice). Or else...? I am using Microsoft Outlook 2007 (no Exchange Server), let's say, that incoming mail is from @gmail domain, the externam application would probably be a C# console application, database is SQL SERVER 2005.

    Read the article

  • serving files using django - is this a security vulnerability

    - by Tom Tom
    I'm using the following code to serve uploaded files from a login secured view in a django app. Do you think that there is a security vulnerability in this code? I'm a bit concerned about that the user could place arbitrary strings in the url after the upload/ and this is directly mapped to the local filesystem. Actually I don't think that it is a vulnerability issue, since the access to the filesystem is restricted to the files in the folder defined with the UPLOAD_LOCATION setting. UPLOAD_LOCATION = is set to a not publicly available folder on the webserver url(r'^upload/(?P<file_url>[/,.,\s,_,\-,\w]+)', 'aeon_infrastructure.views.serve_upload_files', name='project_detail'), @login_required def serve_upload_files(request, file_url): import os.path import mimetypes mimetypes.init() try: file_path = settings.UPLOAD_LOCATION + '/' + file_url fsock = open(file_path,"r") file_name = os.path.basename(file_path) file_size = os.path.getsize(file_path) print "file size is: " + str(file_size) mime_type_guess = mimetypes.guess_type(file_name) if mime_type_guess is not None: response = HttpResponse(fsock, mimetype=mime_type_guess[0]) response['Content-Disposition'] = 'attachment; filename=' + file_name #response.write(file) except IOError: response = HttpResponseNotFound() return response

    Read the article

  • Unable to Sign in to the Microsoft Online Services Signin application from Windows 7 client located behind ISA firewall

    - by Ravindra Pamidi
    A while ago i helped a customer troubleshoot authentication problem with Microsoft Online Services Signin application.  This customer was evaluating Microsoft BPOS (Business Productivity Online Services) and was having trouble using the single sign on application behind ISA 2004 firewall.The network structure is fairly simple with single Windows 2003 Active Directory domain and Windows 7 clients. On a successful logon to the Microsoft Online Services Signin application, this application provides single signon functionality to all of Microsoft online services in the BPOS package. Symptoms:When trying to signin it fails with error "The service is currently unavailable. Please try again later. If problems continue, contact your service administrator". If ISA 2004 firewall is removed from the picture the authentication succeeds.Troubleshooting: Enabled ISA Server firewall logging along with Microsoft Network Monitor tool on the Windows 7 Client while reproducing the issue. Analysis of the ISA Server Firewall logs and Microsoft Network capture revealed that the Microsoft Online Services Sign In application when sending request to ISA Server does not send the domain credentials and as a result ISA Server responds with an error code of HTTP 407 Proxy authentication required listing out the supported authentication mechanisms.  The application in question is expected to send the credentials of the domain user in response to this request. However in this case, it fails to send the logged on user's domain credentials. Bit of researching on the Internet revealed that The "Microsoft Online Services Sign In" application by default does not support Outbound Internet Proxy authentication. In order for it to send the logged on user's domain credentials we had to make  changes to its configuration file "SignIn.exe.config" located under "Program Files\Microsoft Online Services\Sign In" folder. Step by Step details to configure the configuration file are documented on Microsoft TechNet website given below.  Configure your outbound authenticating proxy serverhttp://www.microsoft.com/online/help/en-us/helphowto/cc54100d-d149-45a9-8e96-f248ecb1b596.htm After the above problem was addressed we were still not able to use the "Microsoft Online Services Sign In" application and it failed with the same error.  Analysis of another network capture revealed that the application in question is now sending the required credentials and the connection seems to terminate at a later stage. Enabled verbose logging for the "Microsoft Online Services Sign In" application and then reproduced the problem. Analysis of the logs revealed a time difference between the local client and Microsoft Online services server of around seven minutes which is above the acceptable time skew of five minutes. Excerpt from Microsoft Online Services Sign In application verbose log:  1/26/2012 1:57:51 PM Verbose SingleSignOn.GetSSOGenericInterface SSO Interface URL: https://signinservice.apac.microsoftonline.com/ssoservice/UID1/26/2012 1:57:52 PM Exception SSOSignIn.SignIn The security timestamp is invalid because its creation time ('2012-01-26T08:34:52.767Z') is in the future. Current time is '2012-01-26T08:27:52.987Z' and allowed clock skew is '00:05:00'.1/26/2012 1:57:52 PM Exception SSOSignIn.SignIn  Although the Windows 7 Clients successfully synchronized time to the domain controller for the domain, the domain controller was not configured to synchronize time with external NTP servers. This caused a gradual drift in time on the network thus resulting in the above issue. Reconfigured the domain controller holding the PDC FSMO role to synchronize time with external time source ( time.nist.gov ) and edited the system policy on the ISA server firewall to allow NTP traffic to time.nist.gov Configure the time source for the forest:Windows Time Servicehttp://technet.microsoft.com/en-us/library/cc794937(WS.10).aspx Forced synchronization of Windows time using the command w32tm /resync on the domain controller and later on the clients each of which had corrected the seven minutes difference. This resolved the problem with logon to Microsoft Online Services Sign In.

    Read the article

  • How would a php or java client authenticate if I'm using WCF w/ forms auth?

    - by Toran Billups
    I have a generic proof of concept WCF service that is using forms authentication to secure access. All works great when my client is .NET (vb code below) Dim client As SupplierServiceClient = New SupplierServiceClient() client.ClientCredentials.UserName.UserName = "[email protected]" client.ClientCredentials.UserName.Password = "password" Dim SupplierList As List(Of Supplier) = client.GetSuppliers() but as I want this to interop w/ anyone who can do SOAP 1.1/1.2 - how would a PHP or Java client connect? My WCF web.config is listed below (fyi) <system.serviceModel> <services> <service name="SampleApplicationWCF.Library.SupplierService" behaviorConfiguration="NorthwindBehavior"> <endpoint address="" name="wsHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="wsHttpBinding" bindingConfiguration="wsHttp"/> <endpoint address="https://server/SampleApplicationWCF/SupplierService.svc/Basic" name="basicHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="basicHttpBinding" bindingConfiguration="basicHttp"/> <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"/> </service> </services> <bindings> <wsHttpBinding> <binding name="wsHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/> </security> </binding> </wsHttpBinding> <basicHttpBinding> <binding name="basicHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName"/> </security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="NorthwindBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceAuthorization principalPermissionMode="UseAspNetRoles"/> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel>

    Read the article

  • Security Token/Cross Domain Cookie in Classic ASP?

    - by jlrolin
    I have an interesting conundrum. We have a site that is a completely separate domain, we'll say http://www.x.com and our own site that is http://www.y.com. The y.com site is actually a classic ASP site, and we aren't converting it to .NET at this time. The problem is that there is a link on x.com that redirects to y.com from a members area. We want to "authenticate" the user to make sure they are a member from the other site. If they are, they are directed to a members area on y.com. If not, they have to provide login information on y.com. Cookies obviously don't work due to the cross domain security, but is there a way around this? I've also looked at a service for tokens, but I'm not sure exactly how that works in Classic ASP. Any ideas or suggestions?

    Read the article

  • Multiple login locations for an online app.

    - by Goro
    Hello, I am working on a browser based application that will have many users. The catch is that every user should have their own customized login page, but the actual application is the same for everyone, and needs to be in a central location. What is the most secure way of doing this? Would it make more sense to have a copy of the application for each user, and keep the database centralized? The projected number of users is not very high, probably around 20-80. Thank you,

    Read the article

  • No component for supporting the service was found error

    - by Deepa
    We have setup a .net application developed with .net framework 4.0 using MVC framework and WCF service on a Windows 2003, 32-bit server containing IIS 6 successfully. However, when the same application is set up on a Win 2008 R2, 64-bit server, we get the following error when the application is accessing the WCF service: No component for supporting the service was found Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: Castle.MicroKernel.ComponentNotFoundException: No component for supporting the service was found We have set the flag for Enable 32-bit apps in "Application Pool" to true on the 64-bit server.

    Read the article

  • About SQL Server security

    - by Felipe Fiali
    I have an ASP.NET application which runs under the Classic .NET AppPool in IIS. I have a report to render from my website. The problem is SQL Server keeps telling me that it failed to create a connection to the datasource, because login failed for user IUSR. After adding that user directly to the databse I could get the report to work, but I'm concerned about security. By doing that, am I opening my specified databases to all websites hosted on IIS? Or is that account identity-specific?

    Read the article

  • Using a password to generate two distinct hashes without reducing password security

    - by Nevins
    Hi there, I'm in the process of designing a web application that will require the storage of GPG keys in an encrypted format in a database. I'm planning on storing the user's password in a bCrypt hash in the database. What I would like to be able to do is to use that bCrypt to authenticate the user then use the combination of the stored bCrypt hash and another hash of the password to encrypt and decrypt the GPG keys. My question is whether I can do this without reducing the security of the password? I was thinking I may be able to use something like an HMAC-SHA256 of a static string using the password and a salt as the secret key. Is there a better way to do this that I haven't thought of? Thanks

    Read the article

  • Is web.config more secure than a class?

    - by o-logn
    I was reading a tutorial on ASP.NET and third party API's and it mentioned that the API KEY and SECRET KEY should be stored in the web.config file, for security on production servers, instead of in the classes that use them. However, I'm not quite sure what's more secure about a web.config file than a class? I understand the convenience of storing it in a config file, but I don't see the security benefit?

    Read the article

  • Security sandbox violation when connecting to Socket from flex

    - by KensoDev
    Hi, I am using a Socket (not xmlSocket) connection between flex applications and the server pushing messages. Now, when I connect from the local machine to the server everything is working file and running, connection is succesful and I get data back and forth. When I upload the application (flex) to the server and run it from there, I get a security sandBox violation message. Note: 1. I do have a crossdomain file with * wildcard both on port and on domain. 2. I created a Securiy.allowDomain("*") as well. Another thing. I also created another listener on that same server, listening to connections for port 843 (default) and this service just waited for a connection send policy file to the client and that's it. That did not solve the problem as well... That's next? What should I do to fix the problem? Appreciate your help. Avi

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >