Search Results

Search found 4763 results on 191 pages for 'policy administration'.

Page 167/191 | < Previous Page | 163 164 165 166 167 168 169 170 171 172 173 174 | Next Page >

mod_rewrite with location-based ACL in apache?

- by Alexey

Hi. There is a CGI-script that provides some API for our customers. Call syntax is: script.cgi?module=<str>&func=<str>[&other-options] The task is to make different authentiction rules for different modules. Optionally, it will be great to have nice URLs. My config: <VirtualHost *:80> DocumentRoot /var/www/example ServerName example.com # Global policy is to deny all <Location /> Order deny,allow Deny from all </Location> # doesn't work :( <Location /api/foo> Order deny,allow Deny from all Allow from 127.0.0.1 </Location> RewriteEngine On # The only allowed type of requests: RewriteRule /api/(.+?)/(.+) /cgi-bin/api.cgi?module=$1&func=$2 [PT] # All others are forbidden: RewriteRule /(.*) - [F] RewriteLog /var/log/apache2/rewrite.log RewriteLogLevel 5 ScriptAlias /cgi-bin /var/www/example <Directory /var/www/example> Options -Indexes AddHandler cgi-script .cgi </Directory> </VirtualHost> Well, I know that problem is order of processing that directives. <Location>s will be processed after mod_rewrite has done its work. But I believe there is a way to change it. :) Using of standard Order deny,allow + Allow from <something> directives is preferable because it's commonly used in other places like this. Thank you for your attention. :)

Read the article
Raw types and subtyping

- by Dmitrii

We have generic class SomeClass<T>{ } We can write the line: SomeClass s= new SomeClass<String>(); It's ok, because raw type is supertype for generic type. But SomeClass<String> s= new SomeClass(); is correct to. Why is it correct? I thought that type erasure was before type checking, but it's wrong. From Hacker's Guide to Javac When the Java compiler is invoked with default compile policy it performs the following passes: parse: Reads a set of *.java source files and maps the resulting token sequence into AST-Nodes. enter: Enters symbols for the definitions into the symbol table. process annotations: If Requested, processes annotations found in the specified compilation units. attribute: Attributes the Syntax trees. This step includes name resolution, type checking and constant folding. flow: Performs data ow analysis on the trees from the previous step. This includes checks for assignments and reachability. desugar: Rewrites the AST and translates away some syntactic sugar. generate: Generates Source Files or Class Files. Generic is syntax sugar, hence type erasure invoked at 6 pass, after type checking, which invoked at 4 pass. I'm confused.

Read the article
Backdoor in OpenBSD how is it that no developer saw it ? And what about other Linux ? [closed]

- by user310291

It had been revealed that there have been backdoor implanted in OpenBSD http://www.infoworld.com/d/developer-world/software-security-honesty-the-best-policy-285 OpenBSD is opensource, how is it that nobody in the community developper could see it in the source code ? So how can one trust all the other "opensource" Linux Of course OpenBSD is only a case, the point is not about OpenBSD, it is about opensource in general. my question is not about Openbsd per se it's about source code os inspection especially c/c++ since most are written in these languages. Also once the source is compiled how one can be sure that it really reflects the source code ? If a law requires that a backdoor being implanted and obliges to deny that kind of action under the guise of security, how can you be sure that the system has not been corrupted by some tools ? As said there is there is a "nondisclosure agreement" My guess is that 99.99% of developpers in the world are just incapable of understanding os source code and won't even bother to look at it. And above all nobody wonders about why the gov wants such massive backdoor, and that of course they will pressure medias to deny.

Read the article
bin-deploying DLLs banned in leiu of GAC on shared IIS 6 servers

- by craigmoliver

I need to solicit feedback about a recent security policy change at an organization I work with. They have recently banned the bin-deployment of DLLs to shared IIS 6 application servers. These servers host many isolated web application pools. The new rules require all DLLs to be installed in GAC. The is a problem for me because I bin-deploy several dlls including the ASP.NET MVC Framework, HTML Agility Pack, ELMAH, and my own shared class libraries. I do this because: Eliminates web application server dependencies to the Global Assembly Cache. Allows me (the developer) to have control of what goes on inside my application. Enables the application to deployed as a "package". Removes application deployment burden from the server administrators. Now, here are my questions. From a security perspective what are the advantages to using the GAC vs. bin-deployment? Is it possible to host multiple versions of the same DLL in the GAC? Has anyone run into similar restrictions?

Read the article
Security Exception when using Custom ASP.NET Healthmonitoring event in medium trust

- by Elementenfresser

Hi, I'm using custom healthmonitoring events in ASP.NET We recently moved to a new server with default High Trust Permissions. Literature says that healthmonitoring and custom events should work under Medium or higher trust (http://msdn.microsoft.com/en-us/library/bb398933.aspx). Problem is - it doesn't. In less than full trust I get a SecurityException saying The application attempted to perform an operation not allowed by the security policy It works in Full trust or when I remove the inheritance of System.Web.Management.WebErrorEvent. Any suggestions anyone? Here is the super simple code behind with a custom event defined: public partial class Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { try { CallCustomEvent(); } catch (Exception ex) { Response.Write(ex.Message); throw ex; } } /// <summary> /// this metho is never called due to lacking permissions... /// </summary> private void CallCustomEvent() { try { //do something useful here } catch (Exception) { //code to instantiate the forbidden inheritance... WebBaseEvent.Raise(new CustomEvent()); } } } /// <summary> /// custom error inheriting WebErrorEvent which is not allowed in high trust? can't believe that... /// </summary> public class CustomEvent : WebErrorEvent { public CustomEvent() : base("test", HttpContext.Current.Request, 100001, new ApplicationException("dummy")) { } } and the Web Config excerpt for high trust: <system.web> <trust level="High" originUrl="" />

Read the article
Problems with display of UTF-8 encoded content from a DB

- by LookUp Webmaster

Dear members of the Stackoverflow community, We are developing a web application using the Zend Framework, and we are facing some encoding issues that we hope you might help us solve. The situation goes something like this: There are certain tables on a MySQL database that need to be displayed as html. Because the site is designed using the Spanish language, the database contains some characters like "á" or "ñ". Our internal policy is to set all the encodings as UTF-8, including all the databases and the tables. The problem is, that when we retrieve the content from the DB, some characters are displayed as question marks. We are out of ideas. These are all the things that we have already tried and double-checked: 1. The SQL file from which we load all the data is properly UTF-8 encoded. 2. The SQL is loaded through phpmyadmin (which is configured as UTF-8), and the resulting tables are displayed properly. 3. The netbeans environment used for coding is also set as UTF-8. The weird thing is that all the content that is hard-coded either as php or html is displayed properly. Only the values that are extracted from the database have issues. Any ideas? Thank you very much.

Read the article
Null Pointer Exception in Primavera P6 8.1

- by gwrichard

I am getting a null pointer exception in a Primavera P6 8.1 installation. The exception only occurs in one section of the web-client: Application settings.P6 web and the P6 API are deployed on the same WebLogic (10.3.5) node running on a Windows Server 2008 R2 installation. I have done this installation using this same software stack a dozen times and don't have this issue on any of the other installs. Exact error below: Match: beginTraversal Match: digest selected JREDesc: JREDesc[version 1.6.0_20+, heap=-1--1, args=null, href=http://java.sun.com/products/autodl/j2se, sel=false, null, null], JREInfo: JREInfo for index 0: platform is: 1.7 product is: 1.7.0_17 location is: http://java.sun.com/products/autodl/j2se path is: C:\Program Files (x86)\Java\jre7\bin\javaw.exe args is: null native platform is: Windows, x86 [ x86, 32bit ] JavaFX runtime is: JavaFX 2.2.7 found at C:\Program Files (x86)\Java\jre7\ enabled is: true registered is: true system is: true Match: ignoring maxHeap: -1 Match: ignoring InitHeap: -1 Match: digesting vmargs: null Match: digested vmargs: [JVMParameters: isSecure: true, args: ] Match: JVM args after accumulation: [JVMParameters: isSecure: true, args: ] Match: digest LaunchDesc: http://localhost:7001/p6/action/jnlp/appletsjnlp.jnlp?mainClass=com.primavera.pvapplets.adminpreferences.AdminPreferencesApplet&classPath=adminpreferences.jar,prm-applets-common.jar,forms-1.0.7.jar,prm-guisupport.jar,prm-to.jar,jide.jar,tablesupport.jar,formsupport.jar,applets-bo.jar,commons-lang.jar,prm-common.jar,resource_strings.jar,prm-img.jar,commons-logging.jar&name=AdminPreferences&version=8.1.2.0.0602 Match: digest properties: [] Match: JVM args: [JVMParameters: isSecure: true, args: ] Match: endTraversal .. Match: JVM args final: Match: Running JREInfo Version match: 1.7.0.17 == 1.7.0.17 Match: Running JVM args match: have:<> satisfy want:<> Java Plug-in 10.17.2.02 Using JRE version 1.7.0_17-b02 Java HotSpot(TM) Client VM User home directory = C:\Users\gwrichard ---------------------------------------------------- c: clear console window f: finalize objects on finalization queue g: garbage collect h: display this help message l: dump classloader list m: print memory usage o: trigger logging q: hide console r: reload policy configuration s: dump system and deployment properties t: dump thread list v: dump thread stack x: clear classloader cache 0-5: set trace level to <n> ----------------------------------------------------

Read the article
apache web server configuration problem

- by mohit

i want to have apache server to serve only /var/www/ directory now it serves all my files on system from directory "/" i tried to edit httpd.conf placed in /etc/apache2 and placed the folllowing content in it(intially it was empty) <Directory /> Options None AllowOverride None </Directory> DocumentRoot "/var/www" <Directory "/var/www"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> then saved it,restarted apache server put the location /var/www in the web browser address bar,still it shows the higher level directories too then i edited the file Default,Default-ssl in the sites-available folder repeated the same process still apache serves all files on my system 2.when i try to use the following command gedit httpd.conf I get the error gedit:2696): EggSMClient-WARNING **: Failed to connect to the session manager: None of the authentication protocols specified are supported GConf Error: Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for information. (Details - 1: Failed to get connection to session: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.)

Read the article
Pull specific information from a long list with Perl

- by melignus

The file that I've got to work with here is the result of an LDAP extraction but I need to ultimately get the information formatted over to something that a spreadsheet can use. So, the data is as follows: DataDataDataDataDataDataDataDataDataDataDataDataDataDataDataData DataDataDataDataDataDataDataDataDataDataDataDataDataDataDataData displayName: John Doe name: ##userName DataDataDataDataDataDataDataDataDataDataDataDataDataDataDataData DataDataDataDataDataDataDataDataDataDataDataDataDataDataDataData displayName: Jane Doe name: ##userName DataDataDataDataDataDataDataDataDataDataDataDataDataDataDataData DataDataDataDataDataDataDataDataDataDataDataDataDataDataDataData displayName: Ted Doe name: ##userName The format that I need to export to is: firstName lastName userName firstName lastName userName firstName lastName userName Where the spaces are tabs so I can then impor that file into a database. I have experience doing this in VBScript but I'm trying to switch over to using Perl for as much server administration as possible. I'm not sure on the syntax for what I want which is basically while not endoffile{ detect "displayName: " & $firstName & " " & $lastName detect "name: ##" & $userName write $firstName tab $lastName tab $userName to file } Also if someone could point me to a resource specifically on the text parsing syntax that Perl uses, I'd be very grateful. Most of the resources that I've come across haven't been very helpful.

Read the article
How to Detect in Windows Registry if user has .Net Framework installed?

- by Sarah Weinberger

How do I detect in the Windows Registry if a user has .Net Framework installed? I am not looking for a .Net based solution, as the query is from InnoSetup. I know from reading another post here on Stack Overflow that .Net Framework is an inplace upgrade to 4.0. I already know how to check if a user has version 4.0 installed on the system, namely by checking the following: function FindFramework(): Boolean; var bVer4x0: Boolean; bVer4x0Client: Boolean; bVer4x0Full: Boolean; bSuccess: Boolean; iInstalled: Cardinal; begin Result := False; bVer4x0Client := False; bVer4x0Full := False; bVer4x0 := RegKeyExists(HKLM, 'SOFTWARE\Microsoft\.NETFramework\policy\v4.0'); bSuccess := RegQueryDWordValue(HKLM, 'Software\Microsoft\NET Framework Setup\NDP\v4 \Client', 'Install', iInstalled); if (1 = iInstalled) AND (True = bSuccess) then bVer4x0Client := True; bSuccess := RegQueryDWordValue(HKLM, 'Software\Microsoft\NET Framework Setup\NDP\v4 \Full', 'Install', iInstalled); if (1 = iInstalled) AND (True = bSuccess) then bVer4x0Full := True; if (True = bVer4x0Full) then begin Result := True; end; end; I checked the registry and there is no v4.5 folder, which makes sense if .Net Framework 4.5 is an inplace upgrade. Still, the Control Panel Programs and Features includes the listing. I know that probably "issuing dotNetFx45_Full_setup.exe /q" will have no bad effect if installing on a system that already has version 4.5, but I still would like to not install the upgrade if the upgrade already exists, faster and less problems.

Read the article
Developping an online music store

- by Simon

We need to develop an application to sell music online. No need to specify that all will be done quite legally and in so doing, we have to plan an interface to pay artists. However, we are confronted with a question: What is the best way to store music on the server? Should we save it on server's disk from a HTTP fileupload? Should we save via FTP or would it be wiser to save it in the database? No need to say that we need it to be the most safiest as possible. So maybe an https is required here. But, we what you think is the best way? Maybe other idea? Because in all HTTP case, upload songs (for administration) is quite long and boring, but easly linkable to a song that admin create in his web application comparativly to an FTP application to upload song on server and then list directory in admin part to link the correct uploaded song to the song informations in database. I know that its maybe not quite clear, it's because i'm french but tell me and I will try to explain part that you don't understand.

Read the article
How do you verify that 2 copies of a VB 6 executable came from the same code base?

- by Tim Visher

I have a program under version control that has gone through multiple releases. A situation came up today where someone had somehow managed to point to an old copy of the program and thus was encountering bugs that have since been fixed. I'd like to go back and just delete all the old copies of the program (keeping them around is a company policy that dates from before version control was common and should no longer be necessary) but I need a way of verifying that I can generate the exact same executable that is better than saying "The old one came out of this commit so this one should be the same." My initial thought was to simply MD5 hash the executable, store the hash file in source control, and be done with it but I've come up against a problem which I can't even parse. It seems that every time the executable is generated (method: Open Project. File Make X.exe) it hashes differently. I've noticed that Visual Basic messes with files every time the project is opened in seemingly random ways but I didn't think that would make it into the executable, nor do I have any evidence that that is indeed what's happening. To try to guard against that I tried generating the executable multiple times within the same IDE session and checking the hashes but they continued to be different every time. So that's: Generate Executable Generate MD5 Checksum: md5sum X.exe > X.md5 Verify MD5 for current executable: md5sum -c X.md5 Generate New Executable Verify MD5 for new executable: md5sum -c X.md5 Fail verification because computed checksum doesn't match. I'm not understanding something about either MD5 or the way VB 6 is generating the executable but I'm also not married to the idea of using MD5. If there is a better way to verify that two executables are indeed the same then I'm all ears. Thanks in advance for your help!

Read the article
How to disable server-side caching on IIS 7.5 (asp net mvc3)

- by troebr

I'm struggling with my IIS setup regarding caching, here's a brief description of my problem: I'm making a site for mobile and non-mobile, sharing the same controllers. IE: mysite/page will serve either mysite/page.cshtml, or mysite/M/page.cshtml, depending on the device. Here's the catch, it worked fine with my local and integration environment (cassiini and iis 6), but on another machine (2008r2/iis 7.5), apparently there is an aggressive server-side caching policy: If I access the website from a desktop machine, I have the correct pages (desktop version) If now I use my mobile phone to access the site, I will have the desktop version, (which implies a server-side cache, my phone is not using the same network). On the contrary, if I were to restart the server and access the site using my phone first, then I will get the mobile version on my desktop (only for the pages I already visited of course). I tried 2 solutions so far: Disabling OutputCache from my Web.config: <httpModules> [..] <remove name="OutputCache" /> </httpModules> And unchecking "Enable output cache" in "Output Caching" for my site in IIS. What's bugging me is that I do not have this problem with my other server (iis 6.0), although caching is enabled on this one, which leads me to think it is related to iis 7 caching addition. My question is simple: how does one disable server-side caching on IIS 7.5? Thanks in advance for your iis lights!

Read the article
Does it ever make sense to make a fundamental (non-pointer) parameter const?

- by Scott Smith

I recently had an exchange with another C++ developer about the following use of const: void Foo(const int bar); He felt that using const in this way was good practice. I argued that it does nothing for the caller of the function (since a copy of the argument was going to be passed, there is no additional guarantee of safety with regard to overwrite). In addition, doing this prevents the implementer of Foo from modifying their private copy of the argument. So, it both mandates and advertises an implementation detail. Not the end of the world, but certainly not something to be recommended as good practice. I'm curious as to what others think on this issue. Edit: OK, I didn't realize that const-ness of the arguments didn't factor into the signature of the function. So, it is possible to mark the arguments as const in the implementation (.cpp), and not in the header (.h) - and the compiler is fine with that. That being the case, I guess the policy should be the same for making local variables const. One could make the argument that having different looking signatures in the header and source file would confuse others (as it would have confused me). While I try to follow the Principle of Least Astonishment with whatever I write, I guess it's reasonable to expect developers to recognize this as legal and useful.

Read the article
Outgoing Emails (Git Patches) Blocked by Windows Live

- by SteveStifler

Just recently I dove into the VideoLAN open source project. This was my first time using git, and when sending in my first patch (using git send-email --to [email protected] patches), I was sent the following message from my computer's local mail in the terminal (I'm on OSX 10.6 by the way): Mail rejected by Windows Live Hotmail for policy reasons. We generally do not accept email from dynamic IP's as they are not typically used to deliver unauthenticated SMTP e-mail to an Internet mail server. http:/www.spamhaus.org maintains lists of dynamic and residential IP addresses. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support They must think I'm a spammer. I have a dynamic IP and my ISP (Charter) won't let me get a static one, so I tried editing git preferences: git config --global user.email "[email protected]" to my gmail account. However I got the exact same message again. My guess is that it has something to do with the native mail's preferences, but I have no idea how to access them or modify them. Anybody have any ideas for solving this? Thanks!

Read the article
Cookie blocked/not saved in IFRAME in Internet Explorer

- by Piskvor

I have two websites, let's say they're example.com and anotherexample.net. On anotherexample.net/page.html, I have an IFRAME SRC="http://example.com/someform.asp". That IFRAME displays a form for the user to fill out and submit to http://example.com/process.asp. When I open the form ("someform.asp") in its own browser window, all works well. However, when I load someform.asp as an IFRAME in IE 6 or IE 7, the cookies for example.com are not saved. In Firefox this problem doesn't appear. For testing purposes, I've created a similar setup on http://newmoon.wz.cz/test/page.php . example.com uses cookie-based sessions (and there's nothing I can do about that), so without cookies, process.asp won't execute. How do I force IE to save those cookies? Results of sniffing the HTTP traffic: on GET /someform.asp response, there's a valid per-session Set-Cookie header (e.g. Set-Cookie: ASPKSJIUIUGF=JKHJUHVGFYTTYFY), but on POST /process.asp request, there is no Cookie header at all. Edit3: some AJAX+serverside scripting is apparently capable to sidestep the problem, but that looks very much like a bug, plus it opens a whole new set of security holes. I don't want my applications to use a combination of bug+security hole just because it's easy. Edit: the P3P policy was the root cause, full explanation below.

Read the article
Getting batch_action functionality in Symfony 1.0

- by Alex Ciminian

I'm currently working on a web app written in Symfony. I'm supposed to add an "export to CSV" feature in the backend/administration part of the app for some modules. In the list view, there should be an "Export" button which should provide the user with a csv file of the elements that are displayed (considering filtering criteria). I've created a method in the actions class of the module that takes a comma separated list of ids and generates the CSV, but I'm not really sure how to add the link to it in the view. The problem is that the view doesn't exist anywhere, it's generated on the fly from the data in the generator.yml configuration file. I've posted the relevant part of the file below. I'm new to Symfony, so any help would be appreciated :). Thanks, Alex Update list: display: [id, =name, indemn, _status, _participants, _approved_, created_at] title: Lista actiuni object_actions: _edit: ~ _delete: ~ actions: _create: ~ export_csv: name: Export to CSV action: CSVExport params: id=csvActionSubmit filters: [name, county_id, _status_filter, activity_id] fields: id: name: Nr. crt. ... Thanks to your advice, I've managed to add a button that is linked to my action. The problem is that I also need to send some parameters to the action, because I may not want all the elements - filters may have been used. Unfortunately, the project is using Symfony 1.0, which doesn't support batch_actions. Currently, I'm working around this with Javascript (I parse the DOM to get the numeric ids (from the display table) and then build the link for the button. I really think there could be a better way for this.

Read the article
Drupal: allowing users to sign up to content using a form

- by james6848

My apologies if this is a little broad, but I'm struggling to know where to start here! OK, so I have a Drupal site and I need users to be able to sign up for certain content, here is the workflow in detail: I need a form within a block consisting of the following elements: First Name (required) Last Name (required) Organisation (optional) Email Address (required) Then there will be a choice of content to sign up to (using checkboxes): Policy Bulletin Action News eBulletin (which only members can sign up to) Then the usual submit button of course! Upon submission, users will: 1) Be taken to a confirmation page, or 2) Be informed about incorrectly filled in fields, and/or the need to become a user to be able to sign up for the eBulletin. Users will then receive an email when new content of the type(s) they signed up to is created, along with a link to the node. There should be details about how to unsubscribe within this email. I have used the Subscriptions module in the past, but I am not sure if it is possible to use a sign-up form with it. Plus, there is the added complexity that one of the content types, eBulletin, is only available for site members. Like I say, I'm struggling to know where to start, and any ideas would be gratefully received!

Read the article
AppFabric caching's local cache isnt working for us... What are we doing wrong?

- by Olly

We are using appfabric as the 2ndlevel cache for an NHibernate asp.net application comprising a customer facing website and an admin website. They are both connected to the same cache so when admin updates something, the customer facing site is updated. It seems to be working OK - we have a CacheCLuster on a seperate server and all is well but we want to enable localcache to get better performance, however, it dosnt seem to be working. We have enabled it like this... bool UseLocalCache = int LocalCacheObjectCount = int.MaxValue; TimeSpan LocalCacheDefaultTimeout = TimeSpan.FromMinutes(3); DataCacheLocalCacheInvalidationPolicy LocalCacheInvalidationPolicy = DataCacheLocalCacheInvalidationPolicy.TimeoutBased; if (UseLocalCache) { configuration.LocalCacheProperties = new DataCacheLocalCacheProperties( LocalCacheObjectCount, LocalCacheDefaultTimeout, LocalCacheInvalidationPolicy ); // configuration.NotificationProperties = new DataCacheNotificationProperties(500, TimeSpan.FromSeconds(300)); } Initially we tried using a timeout invalidation policy (3mins) and our app felt like it was running faster. HOWEVER, we noticed that if we changed something in the admin site, it was immediatley updated in the live site. As we are using timeouts not notifications, this demonstrates that the local cache isnt being queried (or is, but is always missing). The cache.GetType().Name returns "LocalCache" - so the factory has made a local cache. Running "Get-Cache-Statistics MyCache" in PS on my dev environment (asp.net app running local from vs2008, cache cluster running on a seperate w2k8 machine) show a handful of Request Counts. However, on the Production environment, the Request Count increases dramaticaly. We tried following the method here to se the cache cliebt-server traffic... http://blogs.msdn.com/b/appfabriccat/archive/2010/09/20/appfabric-cache-peeking-into-client-amp-server-wcf-communication.aspx but the log file had nothing but the initial header in it - i.e no loggin either. I cant find anything in SO or Google. Have we done something wrong? Have we got a screwy install of AppFabric - we installed it via WebPlatform Installer - I think? (note: the IIS box running ASp.net isnt in yhe cluster - it is just the client). Any insights greatfully received!

Read the article
Codeigniter return config file as array with autoload enabled

- by Fverswijver

So I'm using CodeIgniter to build a website and I've made it so that all my specific settings are stored in a config file that's automatically loaded. I've also built a page that loads the settings file, makes a nice little table and allows me to edit everything from that page, afterwards it saves the entire page again (I know I could've done the same with a database but I want to try it this way). My problem is that I can't seem to use this bit when autoloading of my config file is enabled, but when I disable autoloading I can't seem to manually load it, it never finds my variables. So what I'm doing here is just taking all values from the config file and putting them in a single array so I can pass this array onto my settings administration page (edit/show all settings). $this->config->load('site_settings', TRUE); $data['settings'] = $this->config->item('site_settings'); ... $this->load->view('template', $data); config/site_settings.php <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); $config['header_img'] = './img/header/'; $config['copyright_text'] = 'Copyright Instituto Kabu'; $config['copyright_font'] = './system/fonts/motoroil.ttf'; $config['copyright_font_color'] = 'ffffff'; $config['copyright_font_size'] = '32';

Read the article
asp.net 3.5 app - can not load asemblies, "Strong name signature could not be verified", only when d

- by hitsolutions

Have developed an asp.net 3.5 application which consists of a we-site, some developed assemblies and some 3rd party assembles such as Telerik, Jayrock etc, all very much standard 3rd party apps. Created and built this app, tested on Win 2008 Eval running on a VM, all fine. Imagine my frustration when after installing on clients production Win 2008 server, that the app could not run and the error message was the "Strong name signature could not be verified. The assembly may have been tampered with, or it was delay signed ..." one. This was for all assembles in app (removed one and this kept popping up for a different assembly). Attempted to install on a machine on the network and received the same error. I am fairly baffled and a little freaked as I can not figure this out and time is rapidly running out. Have inspected all parts of server I know about (.NET, IIS7) but all seems fine. What could cause this? It sounds like there is a stricter security manifest on the production server - but where would I look and for what? It must be a group policy. only other item is that the machines are running Symantec ante-virus. The IT head is on hols so can't quiz him which is also frustrating - but as they say time waits for no man!

Read the article
Do new Apple SDKs patch previous releases?

- by Francisco Garcia

A new iPhone will be soon out there along a new iOS release. Sooner or later there will also be a Xcode upgrade with the SDK for iOS 6 Does Apple do any type of bugfix on previous SDKs or are bugfixes just solved on new releases? As an example: Core Data with iCloud still have some issues but it is getting better over time. Let's say I have an app that really depends on that combo. I would require iOS6, however not all users upgrade the handsets. Ideally an app compiled with a newer XCode release could patch some error on previous SDKs if the target is set to an older iOS release. Should I expect that a project compiled with future SDK releases to work better on devices running on older iOS versions? will be some SDKs bugfixes backported? I understand that there are some bugs that cannot be fixed without an iOS update on the client. Also that it is a lot of work (and unlikely) to backport bugfixes. I am just wondering what is the normal release policy of Apple.

Read the article
Is it "right" to translate error messages?

- by Iraklis

This is somehow subjective depending on the target translation language, but bear with me for a sec. I have recently been involved in a translation project. The goal was to translate the strings of an MVC framework to the Greek language. 70% of the language strings of the framework where translated, however 30% where intentionally left out. The decision was that we will not translate error messages aimed towards the developer of the application. The reasoning behind this (in short) was: are aimed towards designers/programmers. Programmers ( and even designers :) ) should have a basic understanding of English, at least enough so they can search on it on Google if they do not know what it means. (racist?) are aimed towards the developer and in a perfect world should not be displayed to the end user of the application as they concern the inner workings of the web application itself. i.e "You must set the database name in your database config file." and perhaps most importantly, they make the life of the developer harder when he tries to get more information/help regarding the error. For example the above error yields 8 results in Google (in quotes), whereas its Greek translation yields exactly 0. I know that this depends on the popularity of the target translation language and the application itself. For example I'm guessing that there are is vast amount of documentation regarding German SAP error messages (i know, i know, SAP IS German, but you get the point), as opposed to Greek Error Messages documentation regarding random application X which has about 500 installations worldwide. So to summarize: When you develop language translation packs for your applications do you translate error messages? Do you only do for predominant languages like English/Spanish/German/French? Or do you live them intact? I'm not looking for the "right" or "correct" answer, I'm looking for a "best-practices" answer, or if this problem is defined in any "official" standard/policy that you have had experience with.

Read the article
Web Applications Development: Security practices for Application design

- by Shyam

Hi, As I am creating more web applications that are targeted for multiple users, I figured out that I have to start thinking about user management and security. At a glance and in my ideal world, all users belong to a group. Permissions and access is thus defined per group (and inherited by the users of that group). Logically, I have my group of administrators, which are identified with a level "7" (integer) clearance. A group of webusers have for example level "1". This in generally all works great for me, but I need some kind of list that I have to keep in mind how I secure my system, and some general practices. I am not looking for a specific environment; I want to learn the why's and how's. An example is privilege escalation. If someone would be able to "push" themselves inside a group with higher privileges, for example the Administration, how can I prevent this, or what measures should I take to have some sort of precaution? I don't like in that case to walk into a caveat. My question is basically: where can I find a good resource, list, policy, book that explains the security of web applications, the why's, the how's and readable if you don't have any experience in the realm of advanced security? I prefer a free resource, as I believe I couldn't be the first one who thought about this. Thank you for your answers, comments and feedback.

Read the article
Flex vs GWT again

- by CK Lee

Hi all, I am working on a customized web ontology editor (something like http://webprotege.stanford.edu/ which is built by GWT). My backend will be Java+Spring+Hibernate and domain models are in Java. My frontend will be something like WebProtege which requires extensive RPC call. It is quite clear that I should use GWT as I can refer to the open source code. However, due to company policy, I shall consider Flex as well. I understand Flex can remotely invoke Java backend methods via BlazeDS using AMF (Is there a Flex equivalent of GWT-RPC?). I have read discussion on GWT vs Flex vs ?. If I can make full decision sure I will go with GWT. GWT strengths like support right to left characters, support iPhone/iPad, smaller size, support JSON out of the box, support printing are not important considerations for my project. Besides GWT supports Java generic, enum; domain objects can be shared with both GWT client and server; coding are more seamlessly... anyone can suggest other strong reasons that I should only go with GWT? FYI, I have plenty of Java experience but both GWT and Flex are new to me. Thanks.

Read the article

< Previous Page | 163 164 165 166 167 168 169 170 171 172 173 174 | Next Page >