Search Results

Search found 22139 results on 886 pages for 'security testing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 177/886 | < Previous Page | 173 174 175 176 177 178 179 180 181 182 183 184  | Next Page >

  • wss4j: - Cannot find key for alias: monit

    - by feiroox
    Hi I'm using axis1.4 and wss4j. When I define in client-config.wsdd for WSDoAllSender and WSDoAllReceiver different signaturePropFiles where I have different key stores defined with different certificates, I'm able to have different certificates for sending and receiving. But when I use the same signaturePropFiles' with the same keystore. I get this message when I try to send a message: org.apache.ws.security.components.crypto.CryptoBase -- Cannot find key for alias: [monit] in keystore of type [jks] from provider [SUN version 1.5] with size [2] and aliases: {other, monit} - Error during Signature: ; nested exception is: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is: java.lang.Exception: Cannot find key for alias: [monit] org.apache.ws.security.WSSecurityException: Error during Signature: ; nested exception is: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is: java.lang.Exception: Cannot find key for alias: [monit] at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:60) at org.apache.ws.security.handler.WSHandler.doSenderAction(WSHandler.java:202) at org.apache.ws.axis.security.WSDoAllSender.invoke(WSDoAllSender.java:168) at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32) at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118) at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:127) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) at org.apache.axis.client.Call.invoke(Call.java:2443) at org.apache.axis.client.Call.invoke(Call.java:2366) at org.apache.axis.client.Call.invoke(Call.java:1812) at cz.ing.oopf.model.wsclient.ModelWebServiceSoapBindingStub.getStatus(ModelWebServiceSoapBindingStub.java:213) at cz.ing.oopf.wsgemonitor.monitor.util.MonitorUtil.checkStatus(MonitorUtil.java:18) at cz.ing.oopf.wsgemonitor.monitor.Test02WsMonitor.runTest(Test02WsMonitor.java:23) at cz.ing.oopf.wsgemonitor.Main.main(Main.java:75) Caused by: org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is: java.lang.Exception: Cannot find key for alias: [monit] at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:721) at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:780) at org.apache.ws.security.action.SignatureAction.execute(SignatureAction.java:57) ... 15 more Caused by: java.lang.Exception: Cannot find key for alias: [monit] at org.apache.ws.security.components.crypto.CryptoBase.getPrivateKey(CryptoBase.java:214) at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:713) ... 17 more How to have two certificates for wss4j in the same keystore? why it cannot find my certificate there when i have two certificates in one keystore. I have the same password for both certificates regarding PWCallback (CallbackHandler) My properties file: org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks org.apache.ws.security.crypto.merlin.keystore.password=keystore org.apache.ws.security.crypto.merlin.keystore.alias=monit org.apache.ws.security.crypto.merlin.alias.password=*** org.apache.ws.security.crypto.merlin.file=key.jks My client-config.wsdd: <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <globalConfiguration> <requestFlow> <handler name="WSSecurity" type="java:org.apache.ws.axis.security.WSDoAllSender"> <parameter name="user" value="monit"/> <parameter name="passwordCallbackClass" value="cz.ing.oopf.common.ws.PWCallback"/> <parameter name="action" value="Signature"/> <parameter name="signaturePropFile" value="monit.properties"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> <parameter name="mustUnderstand" value="0"/> </handler> <handler type="java:org.apache.axis.handlers.JWSHandler"> <parameter name="scope" value="session"/> </handler> <handler type="java:org.apache.axis.handlers.JWSHandler"> <parameter name="scope" value="request"/> <parameter name="extension" value=".jwr"/> </handler> </requestFlow> <responseFlow> <handler name="DoSecurityReceiver" type="java:org.apache.ws.axis.security.WSDoAllReceiver"> <parameter name="user" value="other"/> <parameter name="passwordCallbackClass" value="cz.ing.oopf.common.ws.PWCallback"/> <parameter name="action" value="Signature"/> <parameter name="signaturePropFile" value="other.properties"/> <parameter name="signatureKeyIdentifier" value="DirectReference" /> </handler> </responseFlow> </globalConfiguration> <transport name="http" pivot="java:org.apache.axis.transport.http.HTTPSender"> </transport> </deployment> Listing from keytool: keytool -keystore monit-key.jks -v -list Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries Alias name: other Creation date: Jul 22, 2009 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: .... Alias name: monit Creation date: Oct 19, 2009 Entry type: trustedCertEntry

    Read the article

  • Session Id in url and/or cookie? [closed]

    - by Jacco
    Most people advice against rewriting every (internal) url to include the sessionId (both GET and POST). The standard argument against it seems to be:   If an attacker gets hold of the sessionId, they can hijack the session.   With the sessionId in the url, it easily leaks to the attacker (by referer etc.) But what if you put the sessionId in both an (encrypted) cookie and the url. if the sessionId in either the cookie or the url is missing or if they do not match, decline the request. Let's pretend the website in question is free of xss holes, the cookie encryption is strong enough, etc. etc. Then what is the increased risk of rewriting every url to include the sessionId? UPDATE: @Casper That is a very good point. so up to now there are 2 reasons: bad for search engines / SEO if used in public part of the website can cause trouble when users post an url with a session Id on a forum, send it trough email or bookmark the page apart from the:   It increases the security risk, but it is not clear what the increased risk is. some background info: I've a website that offers blog-like service to travellers. I cannot be sure cookies work nor can I require cookies to work. Most computers in internet cafes are old and not (even close to) up-to-date. The user has no control over them and the connection can be very unreliable for some more 'off the beaten path' locations. Binding the session to an IP-address is not possible, some places use load-balancing proxies with multiple IP addresses. (and from China there is The Great Firewall). Upon receiving the first cookie back, I flag cookies as mandatory. However, if the cookie was flagged as mandatory but not there, I ask for their password once more, knowing their session from the url. (Also cookies have a 1 time token in them, but that's not the point of this question). UPDATE 2: The conclusion seems to be that there are no extra *security* issues when you expose you session id trough the URL while also keeping a copy of the session id in an encrypted cookie. Do not hesitate to add additional information about any possible security implications

    Read the article

  • Can I override task :environment in test_helper.rb to test rake tasks?

    - by Michael Barton
    I have a series of rake tasks in a Rakefile which I'd like to test as part of my specs etc. Each task is defined in the form: task :do_somthing => :environment do # Do something with the database here end Where the :environment task sets up an ActiveRecord/DataMapper database connection and classes. I'm not using this as part of Rails but I have a series of tests which I like to run as part of BDD. This snippet illustrates how I'm trying to test the rake tasks. def setup @rake = Rake::Application.new Rake.application = @rake load File.dirname(__FILE__) + '/../../tasks/do_something.rake' end should "import data" do @rake["do_something"].invoke assert something_in_the_database end So my request for help - is it possible to over-ride the :environment task in my test_helper.rb file so I my rake testing interacts with the my test database, rather than production? I've tried redefining the task in the helper file, but this doesn't work. Any help for a solution would be great, as I've been stuck on this for the past week.

    Read the article

  • CSS regression tool?

    - by ronaldwidha
    I'm looking for a visual regression testing tool for CSS refactoring and see whether or not there are any unintended cascading behavior in a website. Ideally, the tool that can crawl a website (even locally) and grab snapshots of each page and store it in a single repository. When run for the second time, it will show the pages that are visually different since the last time it was run. Even better: if it can show the overlapper XOR view of the 2 version of the page. compare rendering results of different browsers (almost like an automated Microsoft Expression Web compare feature). Thanks

    Read the article

  • How to unit test asynchronous APIs?

    - by Ben Clayton
    Hi all. I have installed Google Toolbox for Mac (http://code.google.com/p/google-toolbox-for-mac/) into Xcode and followed the instructions to set up unit testing found here (http://code.google.com/p/google-toolbox-for-mac/wiki/iPhoneUnitTesting). It all works great, and I can test my synchronous methods on all my objects absolutely fine. However, most of the complex APIs I actually want to test return results asynchronously via calling a method on a delegate - for example a call to a file download and update system will return immediately and then run a -fileDownloadDidComplete: method when the file finishes downloading. How would I test this as a unit test? It seems like I'd want to the testDownload function, or at least the test framework to 'wait' for fileDownloadDidComplete: method to run. Any ideas much appreciated!

    Read the article

  • Unit-test FileSystemWatcher.Error Event

    - by dotNetkow
    I'm trying to unit test a private method that I have attached to my FileSystemWatcher's Error event. MSDN says that this event "occurs when the internal buffer overflows." I've tried to cause a buffer overflow but have not been successful so far. The FileSystemWatcher's various properties are: fileWatcher.IncludeSubdirectories = false; fileWatcher.Filter = "*"; fileWatcher.NotifyFilter = (NotifyFilters.FileName | NotifyFilters.LastAccess | NotifyFilters.Size); What is the best way of raising this event for the purpose of unit-testing?

    Read the article

  • Recommendations for keeping a build server updated

    - by gareth_bowles
    As a guy who frequently switches between QA, build and operations, I keep running into the issue of what to do about operating system updates on the build server. The dichotomy is the same on Windows, Linux, MacOS or any other o/s that can update itself via the internet: The QA team wants to keep the build server exactly as it is from the beginning of the product release cycle to the end, since installing updates could destabilize the server and means that successive builds aren't made against the same baseline. The ops team wants the software to be deployed on a system with all the latest security patches; this can mean that the software isn't deployed on exactly the same version of the o/s that it was built on. I usually mitigate this by taking release candidate builds and installing them on a test server that has a completely up-to-date o/s, repeating the automated tests that are run on the build server and doing some additional system level testing to make sure everything looks good before deployment. However, this seems inefficient to me; does anyone have a better way ?

    Read the article

  • <100% Test coverage - best practices in selecting test areas

    - by Paul Nathan
    Suppose you're working on a project and the time/money budget does not allow 100% coverage of all code/paths. It then follows that some critical subset of your code needs to be tested. Clearly a 'gut-check' approach can be used to test the system, where intuition and manual analysis can produce some sort of test coverage that will be 'ok'. However, I'm presuming that there are best practices/approaches/processes that identify critical elements up to some threshold and let you focus your test elements on those blocks. For example, one popular process for identifying failures in manufacturing is Failure Mode and Effects Analysis. I'm looking for a process(es) to identify critical testing blocks in software.

    Read the article

  • How to Test a Multi-Tenant App with support for multiple domains

    - by asifch
    HI, we are building a multi-tenant application, which will support that each tenant can have a unique top level domain, the application is build using the asp.net 3.5 and SQL servr 2005, while each tenant will have different database. I have seen a number of questions about the similar applications on the StackOverFlow, but none of them is related to the Testing, I want to know is how one can test the application in a development environment, specially How can we test that each customer connects to his own DB based on the URL. how can we emulate different domains on the local system. like abc.com and xyz.com all goes to dev machine's IIS. Any recommendations which might help us in the developing process of such an application.

    Read the article

  • How do you debug a unit test in Xcode 3?

    - by Dov
    I followed Apple's instructions to set up Unit Testing in my project. I followed the directions for making them dependent, so the tests run with every build of my main project. This works, and when my tests pass the application runs; when they don't, I get build errors on the lines of the unit tests that failed. I would like, however, to be able to step through my application code when the tests are failing, but can't get Xcode (3.2.5) configured properly. The project is a Mac project, not iOS. I tried the instructions here and here, but execution never stopped at the breakpoints I set, neither in the the unit test code or in my application code. After following the first set of instructions, the breakpoints I set turned yellow with blue outlines, and I don't know what that meant, either. What do I need to do to step through my tests?

    Read the article

  • Authorizing a computer to access a web application

    - by HackedByChinese
    I have a web application, and am tasked with adding secure sign-on to bolster security, akin to what Google has added to Google accounts. Use Case Essentially, when a user logs in, we want to detect if the user has previously authorized this computer. If the computer has not been authorized, the user is sent a one-time password (via email, SMS, or phone call) that they must enter, where the user may choose to remember this computer. In the web application, we will track authorized devices, allowing users to see when/where they logged in from that device last, and deauthorize any devices if they so choose. We require a solution that is very light touch (meaning, requiring no client-side software installation), and works with Safari, Chrome, Firefox, and IE 7+ (unfortunately). We will offer x509 security, which provides adequate security, but we still need a solution for customers that can't or won't use x509. My intention is to store authorization information using cookies (or, potentially, using local storage, degrading to flash cookies, and then normal cookies). At First Blush Track two separate values (local data or cookies): a hash representing a secure sign-on token, as well as a device token. Both values are driven (and recorded) by the web application, and dictated to the client. The SSO token is dependent on the device as well as a sequence number. This effectively allows devices to be deauthorized (all SSO tokens become invalid) and mitigates replay (not effectively, though, which is why I'm asking this question) through the use of a sequence number, and uses a nonce. Problem With this solution, it's possible for someone to just copy the SSO and device tokens and use in another request. While the sequence number will help me detect such an abuse and thus deauthorize the device, the detection and response can only happen after the valid device and malicious request both attempt access, which is ample time for damage to be done. I feel like using HMAC would be better. Track the device, the sequence, create a nonce, timestamp, and hash with a private key, then send the hash plus those values as plain text. Server does the same (in addition to validating the device and sequence) and compares. That seems much easier, and much more reliable.... assuming we can securely negotiate, exchange, and store private keys. Question So then, how can I securely negotiate a private key for authorized device, and then securely store that key? Is it more possible, at least, if I settle for storing the private key using local storage or flash cookies and just say it's "good enough"? Or, is there something I can do to my original draft to mitigate the vulnerability I describe?

    Read the article

  • How to overcome drawbacks and enjoy the job of a software tester?

    - by mgj
    Dear all, One notion that has been prevalent mostly as rumours for many aspiring programmers is that the testing phase of the SDLC(Software Development Life Cycle) is not that challenging and interesting as one's job as a tester after a period of time becomes monotonous because a person does the same thing repeatedly over and over again. Boredom is a very important issue a software tester has to deal with. With regard to this I have the following questions: How can one overcome this in their day to day activities of their job as a software tester? What are the possible new avenues a tester can explore on a general note in a s/w co. ? Could you also please highlight what challenge's a tester could also face in real life situations.Something that would make their job also interesting and fun-filled. Thanks..:)

    Read the article

  • Can any Palm Pre be used for development?

    - by teedyay
    We're about to start developing software for the Palm, using WebOS. Though an emulator is available for testing, I always feel more confident seeing it run on a physical device as well. I can't find anywhere on Palm's website that tells me whether I can just buy an off-the-shelf Palm Pre and run my app on it, or if I have to buy one with a particular type of contract/ have it unlocked in some way/ whatever. Does anyone know? Have you done this? (Sorry this is barely programming-related, but I couldn't think where else to ask. I'm sure someone has done this and can give me a quick yay or nay. Thanks.) Oh - I'm in the UK, if that makes any difference.

    Read the article

  • unittest tests reuse for family of classes

    - by zaharpopov
    I have problem organizing my unittest based class test for family of tests. For example assume I implement a "dictionary" interface, and have 5 different implementations want to testing. I do write one test class that tests a dictionary interface. But how can I nicely reuse it to test my all classes? So far I do ugly: DictType = hashtable.HashDict In top of file and then use DictType in test class. To test another class I manually change the DictType to something else. How can do this otherwise? Can't pass arguments to unittest classes so is there a nicer way?

    Read the article

  • Does ActiveRecord make Ruby on Rails code hard to test?

    - by Erik Öjebo
    I've spent most of my time in statically typed languages (primarily C#). I have some bad experiences with the Active Record pattern and unit testing, because of the static methods and the mix of entities and data access code. Since the Ruby community probably is the most test driven of the communities out there, and the Rails ActiveRecord seems popular, there must be some way of combining TDD and ActiveRecord based code in Ruby on Rails. I would guess that the problem goes away in dynamic languages, somehow, but I don't see how. So, what's the trick?

    Read the article

  • Good tools which generate NUnit unit tests for .NET assemblies in Visual Studio 2008

    - by andy
    Hey guys, I'm pretty new to Unit Testing so bare with me. I realize that best best practice is not to auto generate unit tests, however I'd like to use Code Generation to set-up the basic skeleton of the tests. Now, I know Visual Studio 2008 already has the built in "create tests", however, it just creates a flat list of all the classes it's going to test... and it's not for NUnit right? Ideally, I'd like the code generation to follow the folder AND namespace structure of the assembly its generating tests for. Can you guys recommend any good tools which generate NUnit unit tests for .NET assemblies in Visual Studio 2008? cheers!

    Read the article

  • TDD and encapsulation priority conflict

    - by Hanseh
    Hi, I just started practicing TDD in my projects. I'm developing a project now using php/zend/mysql and phpunit/dbunit for testing. I'm just a bit distracted on the idea of encapsulation and the test driven approach. My idea behind encapsulation is to hide access to several object functionalities. To make it more clear, private and protected functions are not directly testable(unless you will create a public function to call it). So I end up converting some private and protected functions to public functions just to be able to test them. I'm really violating the principles of encapsulation to give way to micro function testability. Is this the correct way of doing it?

    Read the article

  • Best practices for TDD BDD with code that uses external services / api

    - by adam
    I'm using a twitter gem which basically accesses twitter and lets me grab tweets, timeline etc. Its really good but I have a lot of my code that uses the stuff it returns and I need to test it. The things the gem returns aren't exactly simple strings, there pretty complex objects (scary as well) so im left scratching my head. So basically I'm looking for an answer, book, blog, open-source project that can show me the rights and wrongs of testing around external services. answers that are either not language centric or ruby/rails centric would most greatly be appreciated.

    Read the article

  • ASP/NET MVC: Test Controllers w/Sessions? Mocking?

    - by Codewerks
    I read some of the answers on here re: testing views and controllers, and mocking, but I still can't figure out how to test an ASP.NET MVC controller that reads and sets Session values (or any other context based variables.) How do I provide a (Session) context for my test methods? Is mocking the answer? Anybody have examples? Basically, I'd like to fake a session before I call the controller method and have the controller use that session. Any ideas?

    Read the article

  • How can I run NUnit(Selenium Grid) tests in parallel?

    - by Benjamin Lee
    My current project uses NUnit for unit tests and to drive UATs written with Selenium. Developers normally run tests using ReSharper's test runner in VS.Net 2003 and our build box kicks them off via NAnt. We would like to run the UAT tests in parallel so that we can take advantage of Selenium Grid/RCs so that they will be able to run much faster. Does anyone have any thoughts on how this might be achieved? and/or best practices for testing Selenium tests against multiple browsers environments without writing duplicate tests automatically? Thank you.

    Read the article

  • Good way to capture/replay sessions from Apache Log?

    - by Mark Harrison
    For performance testing, I would like to capture some traffic from a production server and use that as a basis to replay the request to a test server in order to simulate a realistic load in our development environment. These are all stateless queries, so no issues regarding cookies, sessions, etc. The Apache log timestamps everything down to a 1 second resolution, but that's not fine enough granularity for our peak times. What's the best way to capture more fine-grained timestamps for replay? And is there some ab-like load generating program that can use this data to replicate load?

    Read the article

  • How much of Grails GORM to test?

    - by Lloyd Meinholz
    Is there a "best practice" or defacto standard with how much of the GORM functionality one should test in the unit/functional tests? My take is that one should probably do most of the domain testing as functional tests so that you get the full grails environment. But what do you test? Inserts, updates, deletes? Do you test constraints even though they were probably more thoroughly tested by the grails release? Or do you just assume that GORM does what it is supposed to do and move to other parts of the application?

    Read the article

  • showSettings callback in Flex?

    - by Jim Robert
    I am pretty new to flex, so forgive me if this is an obvious question. Is there a way to open the Security.showSettings (flash.system.Security) with a callback? or at least to detect if it is currently open or not? My flex application is used for streaming audio, and is normally controlled by javascript, so I keep it hidden for normal use (via absolute positioning it off the page). When I need microphone access I need to make the flash settings dialog visible, which works fine, I move it into view and open the dialog. When the user closes it, I need to move it back off the screen so they don't see an empty flex app sitting there after they change their settings. thanks :)

    Read the article

  • Mock Repository vs. Real Repository w/Mocked Data

    - by n8wrl
    I must be doing something fundamentally wrong. I am implmenting my repositories and then testing them with mocked data. All is well. Now I want to test my domain objects so I point them at mock repositories. But I'm finding that I have to re-implement logic from the 'real' repositories into the mocks, or, create 'helper classes' that encapsulate the logic and interact with the repositories (real or mock), and then I have to test those too. So what am I missing - why implement and test mock repositories when I could use the real ones with mocked data? EDIT: To clarify, by 'mocked data' I do not hit the actual database. I have a 'DB mock layer' I can insert under the real repositories that returns known-data.

    Read the article

  • iPHone: Unit/Logic Tests initWithNibName

    - by pion
    I have setup my Logic Tests following the instructions on http://developer.apple.com/iphone/library/documentation/Xcode/Conceptual/iphone_development/135-Unit_Testing_Applications/unit_testing_applications.html. I could test a couple classes successfully. But I got error when testing the following: - (id)init { if (self = [super initWithNibName:@"Foo" bundle:nil]) { ... } return self; } The error message is -[UIViewController _loadViewFromNibNamed:bundle:] was unable to load a nib named "Foo" My question: Did I do something wrong? Missed something? or I cannot test -initWithNibName using Logic Tests technique. Thanks in advance for your help.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 173 174 175 176 177 178 179 180 181 182 183 184  | Next Page >