Search Results

Search found 20607 results on 825 pages for 'secure global desktop'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 177/825 | < Previous Page | 173 174 175 176 177 178 179 180 181 182 183 184  | Next Page >

  • What does flushing thread local memory to global memory mean?

    - by Jack Griffith
    Hi, I am aware that the purpose of volatile variables in Java is that writes to such variables are immediately visible to other threads. I am also aware that one of the effects of a synchronized block is to flush thread-local memory to global memory. I have never fully understood the references to 'thread-local' memory in this context. I understand that data which only exists on the stack is thread-local, but when talking about objects on the heap my understanding becomes hazy. I was hoping that to get comments on the following points: When executing on a machine with multiple processors, does flushing thread-local memory simply refer to the flushing of the CPU cache into RAM? When executing on a uniprocessor machine, does this mean anything at all? If it is possible for the heap to have the same variable at two different memory locations (each accessed by a different thread), under what circumstances would this arise? What implications does this have to garbage collection? How aggressively do VMs do this kind of thing? Overall, I think am trying to understand whether thread-local means memory that is physically accessible by only one CPU or if there is logical thread-local heap partitioning done by the VM? Any links to presentations or documentation would be immensely helpful. I have spent time researching this, and although I have found lots of nice literature, I haven't been able to satisfy my curiosity regarding the different situations & definitions of thread-local memory. Thanks very much.

    Read the article

  • How can I validate/secure/authenticate a JavaScript-based POST request?

    - by Bungle
    A product I'm helping to develop will basically work like this: A Web publisher creates a new page on their site that includes a <script> from our server. When a visitor reaches that new page, that <script> gathers the text content of the page and sends it to our server via a POST request (cross-domain, using a <form> inside of an <iframe>). Our server processes the text content and returns a response (via JSONP) that includes an HTML fragment listing links to related content around the Web. This response is cached and served to subsequent visitors until we receive another POST request with text content from the same URL, at which point we regenerate a "fresh" response. These POSTs only happen when our cached TTL expires, at which point the server signifies that and prompts the <script> on the page to gather and POST the text content again. The problem is that this system seems inherently insecure. In theory, anyone could spoof the HTTP POST request (including the referer header, so we couldn't just check for that) that sends a page's content to our server. This could include any text content, which we would then use to generate the related content links for that page. The primary difficulty in making this secure is that our JavaScript is publicly visible. We can't use any kind of private key or other cryptic identifier or pattern because that won't be secret. Ideally, we need a method that somehow verifies that a POST request corresponding to a particular Web page is authentic. We can't just scrape the Web page and compare the content with what's been POSTed, since the purpose of having JavaScript submit the content is that it may be behind a login system. Any ideas? I hope I've explained the problem well enough. Thanks in advance for any suggestions.

    Read the article

  • View Models (ViewData), UserControls/Partials and Global variables - best practice?

    - by elado
    Hi I'm trying to figure out a good way to have 'global' members (such as CurrentUser, Theme etc.) in all of my partials as well as in my views. I don't want to have a logic class that can return this data (like BL.CurrentUser) I do think it needs to be a part of the Model in my views So I tried inheriting from BaseViewData with these members. In my controllers, in this way or another (a filter or base method in my BaseController), I create an instance of the inheriting class and pass it as a view data. Everything's perfect till this point, cause then I have my view data available on the main View with the base members. But what about partials? If I have a simple partial that needs to display a blog post then it looks like this: <%@ Control Language="C#" AutoEventWireup="true" Inherits="ViewUserControl<Post>" %> and simple code to render this partial in my view (that its model.Posts is IEnumerable<Post>): <%foreach (Post p in this.Model.Posts) {%> <%Html.RenderPartial("Post",p); %> <%}%> Since the partial's Model isn't BaseViewData, I don't have access to those properties. Hence, I tried to make a class named PostViewData which inherits from BaseViewData, but then my containing views will have a code to actually create the PostViewData in them in order to pass it to the partial: <%Html.RenderPartial("Post",new PostViewData { Post=p,CurrentUser=Model.CurrentUser,... }); %> Or I could use a copy constructor <%Html.RenderPartial("Post",new PostViewData(Model) { Post=p }); %> I just wonder if there's any other way to implement this before I move on. Any suggestions? Thanks!

    Read the article

  • How to secure login and member area with SSL certificate?

    - by citronas
    Background: I have a asp.net webapplication project that should contain a public and a member area. Now I want to implement a SSL decription to secure communication between the client and the server. (In the university we have a unsecured wireless network and you can use a wlan sniffer to read username/password. I do not want to have this security problem for my application, so I thought of a ssl decription) The application is running on a IIS 7.5. It it possible to have one webapp that has unsecured pages (like the public area) and a secured area (like the member area, which requires a login)? If yes, how can I relealise the communication between these too areas? Example: My webapp is hosted on http://foo.abc. I have pages like http://foo.abc/default.aspx and http://foo.abc/foo.aspx. In the same project is page like /member/default.aspx which is protected by a login on the page http://foo.abc/login.aspx. So I would need to implement SSL for the page /login.aspx and all pages in /member/ How can I do that? I just found out how to create SSL certificates in IIS 7.5 and how to add such a binding to a webapp. How how can I tell my webapp which page should be called with https and not with http. What is the best practise there?

    Read the article

  • What is the optimum way to secure a company wide wiki?

    - by Mark Robinson
    We have a wiki which is used by over half our company. Generally it has been very positively received. However, there is a concern over security - not letting confidential information fall into the wrong hands (i.e. competitors). The default answer is to create a complicated security matrix defining who can read what document (wiki page) based on who created it. Personally I think this mainly solves the wrong problem because it creates barriers within the company instead of a barrier to the external world. But some are concerned that people at a customer site might share information with a customer which then goes to the competitor. The administration of such a matrix is a nightmare because (1) the matrix is based on department and not projects (this is a matrix organisation), and (2) because in a wiki all pages are by definition dynamic so what is confidential today might not be confidential tomorrow (but the history is always readable!). Apart from the security matrix, we've considered restricting content on the wiki to non super secret stuff, but off course that needs to be monitored. Another solution (the current) is to monitor views and report anything suspicious (e.g. one person at a customer site having 2000 views in two days was reported). Again - this is not ideal because this does not directly imply a wrong motive. Does anyone have a better solution? How can a company wide wiki be made secure and yet keep its low threshold USP? BTW we use MediaWiki with Lockdown to exclude some administrative staff.

    Read the article

  • Global Temporary Table "On commit delete rows" functionality discrepancy.

    - by TomatoSandwich
    I have a global temporary table. I called my GTT, for that was it's initials. My GTT never hurt anyone, and did everything I bade of it. I asked my GTT to delete rows on commit. This is a valid function in the creation script of my GTT in oracle. I wanted to be able to have different users see GTT with their own data, and not the data of other people's sessions. 'Delete rows on commit' worked perfectly in our test environment. GTT and I were happy. But then, I deployed GTT as part of an update to functionality to a client's database. The database doesn't like to play well with GTT. GTT called me up all upset and worried, because it wasn't holding any data any more, and didn't know why. GTT told me that if someone did: insert into my_GTT (description) values ('Happy happy joy joy') he would sing-song back: 1 row inserted. However, if the same person tried select * from my_GTT; GTT didn't know what to do, and he replied 0 rows returned. GTT was upset that he didn't know what his playmate had inserted. Please, Stackoverflow, why would GTT forget what was placed into him? He can remember perfectly well at home, but out in the cold harsh world, he just gets so scared. :(

    Read the article

  • Are there more secure alternatives to the .Net SQLConnection class?

    - by KeyboardMonkey
    Hi SO people, I'm very surprised this issue hasn't been discussed in-depth: This article tells us how to use windbg to dump a running .Net process strings in memory. I spent much time researching the SecureString class, which uses unmanaged pinned memory blocks, and keeps the data encrypted too. Great stuff. The problem comes in when you use it's value, and assign it to the SQLConnection.ConnectionString property, which is of the System.String type. What does this mean? Well... It's stored in plain text Garbage Collection moves it around, leaving copies in memory It can be read with windbg memory dumps That totally negates the SecureString functionality! On top of that, the SQLConnection class is non-inheritable, I can't even roll my own with a SecureString property instead; Yay for closed-source. Yay. A new DAL layer is in progress, but for a new major version and for so many users it will be at least 2 years before every user is upgraded, others might stay on the old version indefinitely, for whatever reason. Because of the frequency the connection is used, marshalling from a SecureString won't help, since the immutable old copies stick in memory until GC comes around. Integrated Windows security isn't an option, since some clients don't work on domains, and other roam and connect over the net. How can I secure the connection string, in memory, so it can't be viewed with windbg?

    Read the article

  • Is it impossible to secure .net code (intellectual property) ?

    - by JL
    I used to work in JavaScript a lot and one thing that really bothered my employers was that the source code was too easy to steal. Even with obfuscation, nothing really helped, because we all knew that any competent developer would be able to read that code if they wanted to. JS Scripts are one thing, but what about SOA projects that have millions invested in IP (Intellectual Property). I love .net, and especially C#, but I recently again had to answer the question "If we give this compiled program over to our clients, can their developers reverse engineer it?" I had gone out of my way to obfuscate the code, but I knew it wouldn't take that much for another determined C# developer to get at the code. So I earnestly pose the question, is it impossible to secure .net code? The considerations I have as as follows: Even regular native executables can be reversed, but not every developer has the skill to be able to do this. Its a lot harder to disassemble a native executable than a .net assembly. Obfuscation will only get you so far, but it does help a little. Why have I never seen any public acknowledgement by Microsoft that anything written in .net is subject to relatively easy IP theft? Why have I never seen a scrap of counter measure training on any Microsoft site? Why does VS come with a community obfuscater as an optional component? Ok maybe I have just had my head in the sand here, but its not exactly high on most developers priority list. Are there any plans to address my concerns in any future version of .net? I'm not knocking .net, but I would like some realistic answers, thank you, question marked as subjective and community!

    Read the article

  • Is DB logging more secure than file logging for my PHP web app?

    - by iama
    I would like to log errors/informational and warning messages from within my web application to a log. I was initially thinking of logging all of these onto a text file. However, my PHP web app will need write access to the log files and the folder housing this log file may also need write access if log file rotation is desired which my web app currently does not have. The alternative is for me to log the messages to the MySQL database since my web app is already using the MySQL database for all its data storage needs. However, this got me thinking that going with the MySQL option is much better than the file option since I already have a configuration file with the database access information protected using file system permissions. If I now go with the log file option I need to tinker the file and folder access permissions and this will only make my application less secure and defeats the whole purpose of logging. Is this correct? I am using XAMPP for development and am a newbie to LAMP. Please let me know your recommendations for logging. Thanks.

    Read the article

  • How should I secure my webapp written using Wicket, Spring, and JPA?

    - by Martin
    So, I have an web-based application that is using the Wicket 1.4 framework, and it uses Spring beans, the Java Persistence API (JPA), and the OpenSessionInView pattern. I'm hoping to find a security model that is declarative, but doesn't require gobs of XML configuration -- I'd prefer annotations. Here are the options so far: Spring Security (guide) - looks complete, but every guide I find that combines it with Wicket still calls it Acegi Security, which makes me think it must be old. Wicket-Auth-Roles (guide 1 and guide 2) - Most guides recommend mixing this with Spring Security, and I love the declarative style of @Authorize("ROLE1","ROLE2",etc). I'm concerned about having to extend AuthenticatedWebApplication, since I'm already extending org.apache.wicket.protocol.http.WebApplication, and Spring is already proxying that behind org.apache.wicket.spring.SpringWebApplicationFactory. SWARM / WASP (guide) - This looks the newest (though the main contributor passed away years ago), but I hate all of the JAAS-styled text files that declare permissions for principals. I also don't like the idea of making an Action class for every single thing a user might want to do. Secure models also aren't immediately obvious to me. Plus, there isn't an Authn example. Additionally, it looks like lots of folks recommend mixing the first and second options. I can't tell what the best practice is at all, though.

    Read the article

  • Am I going the right way to make login system secure with this simple password salting?

    - by LoVeSmItH
    I have two fields in login table password salt And I have this little function to generate salt function random_salt($h_algo="sha512"){ $salt1=uniqid(rand(),TRUE); $salt2=date("YmdHis").microtime(true); if(function_exists('dechex')){ $salt2=dechex($salt2); } $salt3=$_SERVER['REMOTE_ADDR']; $salt=$salt1.$salt2.$salt3; if(function_exists('hash')){ $hash=(in_array($h_algo,hash_algos()))?$h_algo:"sha512"; $randomsalt=hash($hash,md5($salt)); //returns 128 character long hash if sha512 algorithm is used. }else{ $randomsalt=sha1(md5($salt)); //returns 40 characters long hash } return $randomsalt; } Now to create user password I have following $userinput=$_POST["password"] //don't bother about escaping, i have done it in my real project. $static_salt="THIS-3434-95456-IS-RANDOM-27883478274-SALT"; //some static hard to predict secret salt. $salt=random_salt(); //generates 128 character long hash. $password =sha1($salt.$userinput.$static_salt); $salt is saved in salt field of database and $password is saved in password field. My problem, In function random_salt(), I m having this FEELING that I'm just making things complicated while this may not generate secure salt as it should. Can someone throw me a light whether I m going in a right direction? P.S. I do have an idea about crypt functions and like such. Just want to know is my code okay? Thanks.

    Read the article

  • How do you lock down & secure files stored on server in ASP.NET?

    - by Jon
    How do I go about securing files that are stored on the server? We have an ASP.NET app which generates PDFs. These are not stored in the wwwroot folder but in another folder i.e. C:\inetpub\data. This provides more security but maybe not enough. The ASP.NET/IIS process will need write access to this folder so it generate the PDFs there. Once the pdf is generated, it can be viewed using an ASP.NET form called viewpdf.aspx with the file to be viewed add to the query string like so viewpdf.aspx?FILE=mynewfile.pdf. This is loaded from a gridview. The full path to C:\inetpub\data is resolved and loaded in the Page_load event of the viewer page. Now I'm wondering how to secure this. Anybody could just view the file. Not by entering in the URL, as it won't been seen by IIS (its not in wwwroot), but could change the querystring in the viewpdf page. How do I stop anybody hacking this?

    Read the article

  • Intercepting mouse events using a global hook. Stop an action from happening.

    - by fMinkel
    I'm attempting to intercept and interrupt mouse events. Lets say I wanted to disable the right mouse button down event, or even the mouse move event. I haven't been able to figure out the interrupting part. I am using the (I assume pretty widely used) following code for Global Hooking of the mouse. Private Structure MSLLHOOKSTRUCT Public pt As Point Public mouseData As Int32 Public flags As Int32 Public time As Int32 Public extra As IntPtr End Structure Private _mouseHook As IntPtr Private Const WH_MOUSE_LL As Int32 = 14 Private Delegate Function MouseHookDelegate(ByVal nCode As Int32, ByVal wParam As IntPtr, ByRef lParam As MSLLHOOKSTRUCT) As Int32 <MarshalAs(UnmanagedType.FunctionPtr)> Private _mouseProc As MouseHookDelegate Private Declare Function SetWindowsHookExW Lib "user32.dll" (ByVal idHook As Int32, ByVal HookProc As MouseHookDelegate, ByVal hInstance As IntPtr, ByVal wParam As Int32) As IntPtr Private Declare Function UnhookWindowsHookEx Lib "user32.dll" (ByVal hook As IntPtr) As Boolean Private Declare Function CallNextHookEx Lib "user32.dll" (ByVal idHook As Int32, ByVal nCode As Int32, ByVal wParam As IntPtr, ByRef lParam As MSLLHOOKSTRUCT) As Int32 Private Declare Function GetCurrentThreadId Lib "kernel32.dll" () As Integer Private Declare Function GetModuleHandleW Lib "kernel32.dll" (ByVal fakezero As IntPtr) As IntPtr Public Function HookMouse() As Boolean Debug.Print("Mouse Hooked") If _mouseHook = IntPtr.Zero Then _mouseProc = New MouseHookDelegate(AddressOf MouseHookProc) _mouseHook = SetWindowsHookExW(WH_MOUSE_LL, _mouseProc, GetModuleHandleW(IntPtr.Zero), 0) End If Return _mouseHook <> IntPtr.Zero End Function Public Sub UnHookMouse() Debug.Print("Mouse UnHooked") If _mouseHook = IntPtr.Zero Then Return UnhookWindowsHookEx(_mouseHook) _mouseHook = IntPtr.Zero End Sub Private Function MouseHookProc(ByVal nCode As Int32, ByVal wParam As IntPtr, ByRef lParam As MSLLHOOKSTRUCT) As Int32 'Debug.Print("Message = {0}, x={1}, y={2}", wParam.ToInt32, lParam.pt.X, lParam.pt.Y) If wParam.ToInt32 = 513 Then '''interrupt the left mouse button event here, but don't know what to return to do so. End If Return CallNextHookEx(WH_MOUSE_LL, nCode, wParam, lParam) End Function

    Read the article

  • Where should global Application Settings be stored on Windows 7?

    - by Kerido
    Hi everybody, I'm working hard on making my product work seamlessly on Windows 7. The problem is that there is a small set of global (not user-specific) application settings that all users should be able to change. On previous versions I used HKLM\Software\__Company__\__Product__ for that purpose. This allowed Power Users and Administrators to modify the Registry Key and everything worked correctly. Now that Windows Vista and Windows 7 have this UAC feature, by default, even an Administrator cannot access the Key for writing without elevation. A stupid solution would, of course, mean adding requireAdministrator option into the application manifest. But this is really unprofessional since the product itself is extremely far from administration-related tasks. So I need to stay with asInvoker. Another solution could mean programmatic elevation during moments when write access to the Registry Key is required. Let alone the fact that I don't know how to implement that, it's pretty awkward also. It interferes with normal user experience so much that I would hardly consider it an option. What I know should be relatively easy to accomplish is adding write access to the specified Registry Key during installation. I created a separate question for that. This also very similar to accessing a shared file for storing the settings. My feeling is that there must be a way to accomplish what I need, in a way that is secure, straightforward and compatible with all OS'es. Any ideas?

    Read the article

  • What are the possible tags inside the "global" tag in Magento "config.xml" file?

    - by Knowledge Craving
    Can someone professional experienced Magento developer tell me how to accomplish the following in Magento? I want to know what are the possible tags that can fit in the "global" tag of the "config.xml" page of every module's etc folder? I have tried searching for this answer at many places in Internet but in vain. Please provide the full details along with it for Magento version = 1.4.0.0, because I want at least the users accessing this website find it useful enough, instead of scratching their heads. I really want a detailed explanation, because every newbie like me gets totally confused at this point. From what I know till now, is that in this page, you can set routers, rewrites, cron jobs, admin html, front-end html and many more. But without any strong concepts, none can go ahead with the belief that his code is 100% correct w.r.t. the Magento MVC architecture. So please I want that strong fundamental concept, getting underlined here, with a detailed explanation about it, so that no one gets into this pitfall ever again. Many many thanks to those who can answer only upon knowing the total concept clearly.

    Read the article

  • PHP - How do you secure a unique variable name?

    - by 102319141763223461745
    This function cropit, which I shamelessly stole off the internet, crops a 90x60 area from an existing image. In this code, when I use the function for more than one item (image) the one will display on top of the other (they come to occupy the same output space). I think this is because the function has the same (static) name ($dest) for the destination of the image when it's created (imagecopy). I tried, as you can see to include a second argument to the cropit function which would serve as the "name" of the $dest variable, but it didn't work. In the interest of full disclosure I have 22 hours of PHP experience (incidentally the same number of hours since the last I slept) and I am not that smart to begin with. Even if there's something else at work here entirely, seems to me that generally it must be useful to have a way to secure that a variable is always given a unique name. function cropit($srcimg, $dest) { $im = imagecreatefromjpeg($srcimg); $img_width = imagesx($im); $img_height = imagesy($im); $width = 90; $height = 60; $tlx = floor($img_width / 2) - floor ($width / 2); $tly = floor($img_height / 2) - floor ($height / 2); if ($tlx < 0) { $tlx = 0; } if ($tly < 0) { $tly = 0; } if (($img_width - $tlx) < $width) { $width = $img_width - $tlx; } if (($img_height - $tly) < $height) { $height = $img_height - $tly; } $dest = imagecreatetruecolor ($width, $height); imagecopy($dest, $im, 0, 0, $tlx, $tly, $width, $height); imagejpeg($dest); imagedestroy($dest); } $img = "imagefolder\imageone.jpg"; $img2 = "imagefolder\imagetwo.jpg"; cropit($img, $i1); cropit($img2, $i2); ?

    Read the article

  • Remove duplicates from a list of nested dictionaries

    - by user2924306
    I'm writing my first python program to manage users in Atlassian On Demand using their RESTful API. I call the users/search?username= API to retrieve lists of users, which returns JSON. The results is a list of complex dictionary types that look something like this: [ { "self": "http://www.example.com/jira/rest/api/2/user?username=fred", "name": "fred", "avatarUrls": { "24x24": "http://www.example.com/jira/secure/useravatar?size=small&ownerId=fred", "16x16": "http://www.example.com/jira/secure/useravatar?size=xsmall&ownerId=fred", "32x32": "http://www.example.com/jira/secure/useravatar?size=medium&ownerId=fred", "48x48": "http://www.example.com/jira/secure/useravatar?size=large&ownerId=fred" }, "displayName": "Fred F. User", "active": false }, { "self": "http://www.example.com/jira/rest/api/2/user?username=andrew", "name": "andrew", "avatarUrls": { "24x24": "http://www.example.com/jira/secure/useravatar?size=small&ownerId=andrew", "16x16": "http://www.example.com/jira/secure/useravatar?size=xsmall&ownerId=andrew", "32x32": "http://www.example.com/jira/secure/useravatar?size=medium&ownerId=andrew", "48x48": "http://www.example.com/jira/secure/useravatar?size=large&ownerId=andrew" }, "displayName": "Andrew Anderson", "active": false } ] I'm calling this multiple times and thus getting duplicate people in my results. I have been searching and reading but cannot figure out how to deduplicate this list. I figured out how to sort this list using a lambda function. I realize I could sort the list, then iterate and delete duplicates. I'm thinking there must be a more elegant solution. Thank you!

    Read the article

  • multi-shop orders table and sequential order numbers based on shop

    - by imanc
    Hey, I am looking at building a shop solution that needs to be scalable. Currently it retrieves 1-2000 orders on average per day across multiple country based shops (e.g. uk, us, de, dk, es etc.) but this order could be 10x this amount in two years. I am looking at either using separate country-shop databases to store the orders tables, or looking to combine all into one order table. If all orders exist in one table with a global ID (auto num) and country ID (e.g uk,de,dk etc.), each countries orders would also need to have sequential ordering. So in essence, we'd have to have a global ID and a country order ID, with the country order ID being sequential for countries only, e.g. global ID = 1000, country = UK, country order ID = 1000 global ID = 1001, country = DE, country order ID = 1000 global ID = 1002, country = DE, country order ID = 1001 global ID = 1003, country = DE, country order ID = 1002 global ID = 1004, country = UK, country order ID = 1001 THe global ID would be DB generated and not something I would need to worry about. But I am thinking that I'd have to do a query to get the current country order based ID+1 to find the next sequential number. Two things concern me about this: 1) query times when the table has potentially millions of rows of data and I'm doing a read before a write, 2) the potential for ID number clashes due to simultaneous writes/reads. With a MyISAM table the entire table could be locked whilst the last country order + 1 is retrieved, to prevent ID number clashes. I am wondering if anyone knows of a more elegant solution? Cheers, imanc

    Read the article

  • Storing an encrypted cookie with Rails

    - by J. Pablo Fernández
    I need to store a small piece of data (less than 10 characters) in a cookie in Rails and I need it to be secure. I don't want anybody being able to read that piece of data or injecting their own piece of data (as that would open up the app to many kinds of attacks). I think encrypting the contents of the cookie is the way to go (should I also sign it?). What is the best way to do it? Right now I'm doing this, which looks secure, but many things looked secure to people that knew much more than I about security and then it was discovered it wasn't really secure. I'm saving the secret in this way: encryptor = ActiveSupport::MessageEncryptor.new(Example::Application.config.secret_token) cookies[:secret] = { :value => encryptor.encrypt(secret), :domain => "example.com", :secure => !(Rails.env.test? || Rails.env.development?) } and then I'm reading it like this: encryptor = ActiveSupport::MessageEncryptor.new(Example::Application.config.secret_token) secret = encryptor.decrypt(cookies[:secret]) Is that secure? Any better ways of doing it? Update: I know about Rails' session and how it is secure, both by signing the cookie and by optionally storing the contents of the session server side and I do use the session for what it is for. But my question here is about storing a cookie, a piece of information I do not want in the session but I still need it to be secure.

    Read the article

  • SSL setup: UCC or wildcard certificates?

    - by quanza
    I've scoured the web for a clear and concise answer to my SSL question, but to no avail. So here goes: I have a web-service requiring SSL support for authentication pages. The root-level domain does not have the "www" - i.e., secure://domain.com - but localized pages use "language-code.domain.com", i.e. secure://ja.domain.com So I need at least a wildcard SSL certificate that supports secure://*.domain.com However, we also have a public sandbox environment at sandbox.domain.com, which we also need to support under localized domains - so secure://ja.sandbox.domain.com needs to also work. The previous admin managed to purchase a wildcard SSL certificate for .domain.com, but with a Subject Alternative Name for "domain.com". So, I'm thinking of trying to get a wildcard certificate with SANs defined as "domain.com" and ".*.domain.com". But now I'm getting confused because there seem to be separate SAN certificates, also called UCC certificates. Can someone clarify whether it's possible to get a wildcard certificate with additional SAN fields, and ultimately what the best way is to support: secure://domain.com secure://.domain.com secure://.*.domain.com with the fewest (and cheapest!) number of SSL certificates? Thanks!

    Read the article

  • How to host my own cloud so that videos are viewable via desktop web browser?

    - by jake9115
    I want to host my own cloud storage solution, something like Dropbox but entirely dependent on my own central machine. This way things are more secure if setup correctly, and there are artificial storage limitations or pay-walls. Some thing similar to ownCloud: http://owncloud.org/ There is one important feature I want to have: the ability the stream movies in a web browser from my personal cloud to anywhere in the world. In the past I tried this with a NAS, and I mapped XBMC to the NAS via SFTP, and certain media types could stream in this manner. I've also used things like PLEX. In this case, I am looking for a single solution for personal cloud storage and movie streaming from that cloud into a web browser. Does anyone know if this can be accomplished? Thanks for the suggestions!

    Read the article

  • Patterns: Local Singleton vs. Global Singleton?

    - by Mike Rosenblum
    There is a pattern that I use from time to time, but I'm not quite sure what it is called. I was hoping that the SO community could help me out. The pattern is pretty simple, and consists of two parts: A singleton factory, which creates objects based on the arguments passed to the factory method. Objects created by the factory. So far this is just a standard "singleton" pattern or "factory pattern". The issue that I'm asking about, however, is that the singleton factory in this case maintains a set of references to every object that it ever creates, held within a dictionary. These references can sometimes be strong references and sometimes weak references, but it can always reference any object that it has ever created. When receiving a request for a "new" object, the factory first searches the dictionary to see if an object with the required arguments already exits. If it does, it returns that object, if not, it returns a new object and also stores a reference to the new object within the dictionary. This pattern prevents having duplicative objects representing the same underlying "thing". This is useful where the created objects are relatively expensive. It can also be useful where these objects perform event handling or messaging - having one object per item being represented can prevent multiple messages/events for a single underlying source. There are probably other reasons to use this pattern, but this is where I've found this useful. My question is: what to call this? In a sense, each object is a singleton, at least with respect to the data it contains. Each is unique. But there are multiple instances of this class, however, so it's not at all a true singleton. In my own personal terminology, I tend to call the factory method a "global singleton". I then call the created objects "local singletons". I sometimes also say that the created objects have "reference equality", meaning that if two variables reference the same data (the same underlying item) then the reference they each hold must be to the same exact object, hence "reference equality". But these are my own invented terms, and I am not sure that they are good ones. Is there standard terminology for this concept? And if not, could some naming suggestions be made? Thanks in advance...

    Read the article

  • Spring 3 simple extentionless url mappings with annotation-based mapping - impossible?

    - by caerphilly
    Hi, I'm using Spring 3, and trying to set up a simple web-app using annotations to define controller mappings. This seems to be incredibly difficult without peppering all the urls with *.form or *.do Because part of the site needs to be password protected, these urls are all under /secure. There is a <security-constraint> in the web.xml protecting everything under that root. I want to map all the Spring controllers to /secure/app/. Example URLs would be: /secure/app/landingpage /secure/app/edit/customer/{id} each of which I would handle with an appropriate jsp/xml/whatever. So, in web.xml I have this: <servlet> <servlet-name>dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>dispatcher</servlet-name> <url-pattern>/secure/app/*</url-pattern> </servlet-mapping> And in despatcher-servlet.xml I have this: <context:component-scan base-package="controller" /> In the Controller package I have a controller class: package controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; @Controller @RequestMapping("/secure/app/main") public class HomePageController { public HomePageController() { } @RequestMapping(method = RequestMethod.GET) public ModelAndView getPage(HttpServletRequest request) { ModelAndView mav = new ModelAndView(); mav.setViewName("main"); return mav; } } Under /WEB-INF/jsp I have a "main.jsp", and a suitable view resolver set up to point to this. I had things working when mapping the despatcher using *.form, but can't get anything working using the above code. When Spring starts up it appears to map everything correctly: 13:22:36,762 INFO main annotation.DefaultAnnotationHandlerMapping:399 - Mapped URL path [/secure/app/main] onto handler [controller.HomePageController@2a8ab08f] I also noticed this line, which looked suspicious: 13:25:49,578 DEBUG main servlet.DispatcherServlet:443 - No HandlerMappings found in servlet 'dispatcher': using default And at run time any attempt to view /secure/app/main just returns a 404 error in Tomcat, with this log output: 13:25:53,382 DEBUG http-8080-1 servlet.DispatcherServlet:842 - DispatcherServlet with name 'dispatcher' determining Last-Modified value for [/secure/app/main] 13:25:53,383 DEBUG http-8080-1 servlet.DispatcherServlet:850 - No handler found in getLastModified 13:25:53,390 DEBUG http-8080-1 servlet.DispatcherServlet:690 - DispatcherServlet with name 'dispatcher' processing GET request for [/secure/app/main] 13:25:53,393 WARN http-8080-1 servlet.PageNotFound:962 - No mapping found for HTTP request with URI [/secure/app/main] in DispatcherServlet with name 'dispatcher' 13:25:53,393 DEBUG http-8080-1 servlet.DispatcherServlet:677 - Successfully completed request So... Spring maps a URL, and then "forgets" about that mapping a second later? What is going on? Thanks.

    Read the article

  • how to target css to iPad but exclude Safari 4 desktop using a media query?

    - by miriam835work
    I am trying to use a media rule to target css to iPad only. I want to exclude iPhone/iPod and desktop browsers. I would like to to also exclude other mobile devices if possible. I have used <style type="text/css" media="only screen and (min-device-width: 768px) and (max-device-width: 1024px)"> but just found out that desktop Safari 4 reads it. I have tried variations with "481px" instead of "768px" and another that adds an orientation to that: <style type="text/css" media="only screen and (min-device-width: 481px) and (max-device-width: 1024px) and (orientation:portrait)"> but not luck. (Later we will be sniffing user-agent strings for iPad, but for now that solution won't work.) Thanks!

    Read the article

  • What Swing look and feel should I use for a Java desktop application?

    - by waiting
    I am developing a Java desktop application and I use Swing to build the GUI. I realize that I can change the look of my app by setting different L&Fs. The JRE (from SUN) provides me at least two L&Fs, one is the default Metal L&F and the other is the "System" L&F which let my app have a native look. Also I can find some really cool L&Fs on the internet. The question is: which L&F should I use for my desktop app? Someone said the native look will be more user friendly, is that true? If I use the system L&F, should I make different versions of my user handbook (since the UI will change according to the OS)?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 173 174 175 176 177 178 179 180 181 182 183 184  | Next Page >