Search Results

Search found 22139 results on 886 pages for 'security testing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 185/886 | < Previous Page | 181 182 183 184 185 186 187 188 189 190 191 192  | Next Page >

  • Public ASPXAUTH cookie and security

    - by Bara
    Due to a bug in Flash, I have to use the ASPXAuth cookie to log a user in on a page that a flash upload script calls after upload. See this page for more information: http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx I have to make the ASPXAUTH string "public" in the sense that it will be in the HTML of the page. My question is, how secure is this? I understand that anyone that can get to the string in the HTML can probably get to it from the cookie just as easily, but let's say someone does have this ASPXAUTH string. Is it possible that they can login as another user using this cookie? Would they be able to decrypt it? Bara

    Read the article

  • PHP URL Security Question

    - by TaG
    I want to have users store the url in my database I'm using php mysql and htmlpurifier I was wondering if the following code was good way to filter out bad data? Here is the Partial PHP code. $url = mysqli_real_escape_string($mysqli, $purifier->purify(htmlspecialchars(strip_tags($_POST['url'])));

    Read the article

  • Paypal IPN security

    - by keithics
    Hello! I am developing a website which will allow users to pay via Paypal. Paypal IPN seems to be easy to integrate and it works on my localhost. Now the problem is that, the amount and the business name are passed to paypal using POST Data. I know it's very dangerous to put it that way, but I am not sure what are the alternatives. How can I make Paypal IPN secure?

    Read the article

  • Mocking objects with complex Lambda Expressions as parameters

    - by iCe
    Hi there, I´m encountering this problem trying to mock some objects that receive complex lambda expressions in my projects. Mostly with with proxy objects that receive this type of delegate: Func<Tobj, Fun<TParam1, TParam2, TResult>> I have tried to use Moq as well as RhinoMocks to acomplish mocking those types of objects, however both fail. (Moq fails with NotSupportedException, and in RhinoMocks simpy does not satisgy expectation). This is simplified example of what I´m trying to do: I have a Calculator object that does calculations: public class Calculator { public Calculator() { } public int Add(int x, int y) { var result = x + y; return result; } public int Substract(int x, int y) { var result = x - y; return result; } } I need to validate parameters on every method in the Calculator class, so to keep with the Single Responsability principle, I create a validator class. I wire everything up using a Proxy class, that prevents having duplicate code: public class CalculatorProxy : CalculatorExample.ICalculatorProxy { private ILimitsValidator _validator; public CalculatorProxy(Calculator _calc, ILimitsValidator _validator) { this.Calculator = _calc; this._validator = _validator; } public int Operation(Func&lt;Calculator, Func&lt;int, int, int&gt;&gt; operation, int x, int y) { _validator.ValidateArgs(x, y); var calcMethod = operation(this.Calculator); var result = calcMethod(x, y); _validator.ValidateResult(result); return result; } public Calculator Calculator { get; private set; } } Now, I´m testing a component that does use the CalculatorProxy, so I want to mock it, for example using Rhino Mocks: [TestMethod] public void ParserWorksWithCalcultaroProxy() { var calculatorProxyMock = MockRepository.GenerateMock&lt;ICalculatorProxy&gt;(); calculatorProxyMock.Expect(x =&gt; x.Calculator).Return(_calculator); calculatorProxyMock.Expect(x =&gt; x.Operation(c =&gt; c.Add, 2, 2)).Return(4); var mathParser = new MathParser(calculatorProxyMock); mathParser.ProcessExpression("2 + 2"); calculatorProxyMock.VerifyAllExpectations(); } However I cannot get it to work! Any ideas about how this can be done? Thanks a lot!

    Read the article

  • Facebook Flash app security?

    - by mhdouglas
    I'm developing a Facebook app implemented in Flash, and I'd like to authenticate communication between my app and my server. In other words, I'd like to guarantee that all communication with my server is coming from my app, which has been launched from within facebook by a valid facebook user. Does the Facebook actionscript API support this type of operation? Or am I on my own?

    Read the article

  • False sense of security with `snprintf_s`

    - by xtofl
    MSVC's "secure" sprintf funcions have a template version that 'knows' the size of the target buffer. However, this code happily paints 567890 over the stack after the end of bytes... char bytes[5]; _snprintf_s( bytes, _TRUNCATE, "%s", "1234567890" ); Any idea what I do wrong, or is this a known bug? (I'm working in VS2005 - didn't test in 2008 or 2010)

    Read the article

  • What fields have job security?

    - by computergeek6
    I can program pretty well, and I'm trying to think of a programming area that I can practice so I have a better chance of getting a job when I finish my education. I'm currently learning game development, but there are a ton of other people trying to get into game dev, so I want to find something a little more secure and sustainable to develop skills in. I've thought of things like financial systems and engineering stuff, but nothing I can think of is accessible to someone in high school. I'm trying to find something that involves physics or networking and isn't as popular a field as game dev. Does anyone have any ideas?

    Read the article

  • XML security in world wide web

    - by nikky
    Hi, Im a newbie in XML and i have some questions Can XML be used in stead of normal database (store data in a tuple and column) in website? XML is built to share information easier (from my understanding) such as can share cross platform and in different language used so Is it secure to store secure data in XML? thank you so much

    Read the article

  • Google Chrome showing javascript security error

    - by Clint
    I need help resolving this Google Chrome Error..."Uncaught Error: SECURITY_ERR: DOM Exception 18" Here is the code. //Get Cookie function get_cookie (cookie_name) { var results = document.cookie.match ( '(^|;) ?' + cookie_name + '=([^;]*)(;|$)' ); if (results) return ( unescape ( results[2] ) ); else return null; }; Many thanks, C

    Read the article

  • Coldbox Security Interceptor

    - by faheem
    Hi I am new to coldbox and working on a guestbook messaging forum. does anyone know how I can apply some rule in coldbox to show edit and delete for specified users of admin or user in the edit page. I am not sure how to specify this as I already have my rules here as shown in securityRules.xml: SecurityRules.XML <?xml version="1.0" encoding="UTF-8"?> <!-- Declare as many rule elements as you want, order is important Remember that the securelist can contain a list of regular expression if you want ex: All events in the user handler user\..* ex: All events .* ex: All events that start with admin ^admin If you are not using regular expression, just write the text that can be found in an event. <whitelist>ehSecurity\.dspLogin,ehSecurity\.doLogin,ehSecurity\.dspLogoff</whitelist> --> <rules> <rule> <whitelist>^entries,ehSecurity\..*,registry\..*</whitelist> <securelist></securelist> <roles>admin</roles> <permissions>read,write</permissions> <redirect>ehSecurity.dspLogin</redirect> </rule> <rule> <whitelist>^entries,ehSecurity\..*,main\..*,^registry</whitelist> <securelist></securelist> <roles>author,admin</roles> <permissions>read</permissions> <redirect>ehSecurity.dspLogin</redirect> </rule> </rules>

    Read the article

  • Security issue using Nant

    - by Diego C.
    I need to store authentication information and I rather not have the password in plain text: <property name="user" value="theUser"/> <property name="password" value="secret"/> Has anyone figured out a way to encrypt property values in Nant? I've looked in Nant and Nantcontrib docs but no mention of encryption. I am considering going the route of creating my own Nant Task. Any suggestions?

    Read the article

  • Help needed wit the XPath statement for Selenium test

    - by mgeorge
    I am testing a calendar component using selenium.In my test i want to click on the current date.Please help me with the XPath statement for doing that.I am adding the HTML for the calender component <input id="event_date" type="text" on="click then l:show.event.calendar" style="border: 1px solid rgb(187, 187, 187); width: 100px;" fieldset="new_event" decorator="redbox" validator="date"/> <img id="app_136" style="position: relative; top: 2px;" on="click then l:show.event.calendar" src="images/calendar.png"/> <div id="app_137" style="margin: 0pt; padding: 0pt;"> <div id="app_calendar_2" class="yui-calcontainer single withtitle" style="position: absolute; z-index: 1000;"> <div class="title">Select Event Date</div> <table id="app_calendar_2_cal" class="yui-calendar y2010" cellspacing="0"> <thead> <tr> </tr> <tr class="calweekdayrow"> <th class="calweekdaycell">Su</th> <th class="calweekdaycell">Mo</th> <th class="calweekdaycell">Tu</th> <th class="calweekdaycell">We</th> <th class="calweekdaycell">Th</th> <th class="calweekdaycell">Fr</th> <th class="calweekdaycell">Sa</th> </tr> </thead> <tbody class="m6 calbody"> <tr class="w22"> <td id="app_calendar_2_cal_cell0" class="calcell oom calcelltop calcellleft">30</td> <td id="app_calendar_2_cal_cell1" class="calcell oom calcelltop">31</td> <td id="app_calendar_2_cal_cell2" class="calcell wd2 d1 selectable calcelltop"> </td> <td id="app_calendar_2_cal_cell3" class="calcell wd3 d2 today selectable calcelltop selected"> <a class="selector" href="#">2</a> </td> I want to click the date component described in <td id="app_calendar_2_cal_cell3" class="calcell wd3 d2 today selectable calcelltop selected"> <a class="selector" href="#">2</a> </td> Thanks in advance mgeorge

    Read the article

  • Stream post URL security and wall post links

    - by Jeff Lee
    Our app's mobile client can create wall post links to our app's web-facing pages. Since this happens in the context of a mobile app, we do this on behalf of our user using the Graph API's feed/message endpoint. I noticed that the links showing up in the wall posts are being routed through our app's auth dialog, which is NOT what we want. We just want transparent links, without forcing the client to auth our app, similar to what happens when you share to FB in Path. I went ahead and disabled the "Stream post URL option" several hours ago, but we still seem to be getting the re-routed links for wall posts. The target URLs for these links are within the domain we've registered for our Facebook app. Is there anything else I need to do fix this?

    Read the article

  • IE6 https security message appearing after closing jQuery colorbox overlay

    - by RyanP13
    I am working on a secure site, https. I am using the colorbox jquery plugin to iframe another page from the same site over the current content. In IE6 when i close the colorbox overlay i get the following message: "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" Any ideas why this is happening? Can it be prevented? Assume i would have to make the whole site http rather than https but this is not possible as we have online payments.

    Read the article

  • .NET ORM and Security

    - by Sphynx
    We're going to use an ORM tool with a .NET desktop application. The tool allows creation of persistent classes. It generates all database tables automatically. In addition to other data, our system needs to store user credentials, and deliver access control. The question is, is there any possibility of access control by means of ORM, without creating the database authentication mechanisms manually? Is there any product on the market which allows this? We thought of limiting the access in the program itself, but users can easily access the database directly, and bypass the program limitations. Thanks.

    Read the article

  • code access security

    - by rkrauter
    Why do I need to Demand permission? Why can't it simply fail (commenting out the .Demand() call)? ref: http://support.microsoft.com/kb/315529 Thanks! try { // Demand the permission to access the C:\Temp folder. permFileIO.Demand(); resultText.Append("The demand for permission to access the C:\\Temp folder succeeded.\n\n"); }

    Read the article

  • Hide public method used to help test a .NET assembly

    - by ChrisW
    I have a .NET assembly, to be released. Its release build includes: A public, documented API of methods which people are supposed to use A public but undocumented API of other methods, which exist only in order to help test the assembly, and which people are not supposed to use The assembly to be released is a custom control, not an application. To regression-test it, I run it in a testing framework/application, which uses (in addition to the public/documented API) some advanced/undocumented methods which are exported from the control. For the public methods which I don't want people to use, I excluded them from the documentation using the <exclude> tag (supported by the Sandcastle Help File Builder), and the [EditorBrowsable] attribute, for example like this: /// <summary> /// Gets a <see cref="IEditorTransaction"/> instance, which helps /// to combine several DOM edits into a single transaction, which /// can be undone and redone as if they were a single, atomic operation. /// </summary> /// <returns>A <see cref="IEditorTransaction"/> instance.</returns> IEditorTransaction createEditorTransaction(); /// <exclude/> [EditorBrowsable(EditorBrowsableState.Never)] void debugDumpBlocks(TextWriter output); This successfully removes the method from the API documentation, and from Intellisense. However, if in a sample application program I right-click on an instance of the interface to see its definition in the metadata, I can still see the method, and the [EditorBrowsable] attribute as well, for example: // Summary: // Gets a ModelText.ModelDom.Nodes.IEditorTransaction instance, which helps // to combine several DOM edits into a single transaction, which can be undone // and redone as if they were a single, atomic operation. // // Returns: // A ModelText.ModelDom.Nodes.IEditorTransaction instance. IEditorTransaction createEditorTransaction(); // [EditorBrowsable(EditorBrowsableState.Never)] void debugDumpBlocks(TextWriter output); Questions: Is there a way to hide a public method, even from the meta data? If not then instead, for this scenario, would you recommend making the methods internal and using the InternalsVisibleTo attribute? Or would you recommend some other way, and if so what and why? Thank you.

    Read the article

  • Security & Authentication: SSL vs SASL

    - by 4herpsand7derpsago
    My understanding is that SSL combines an encryption algorithm (like AES, DES, etc.) with akey exchange method (like Diffier-Hellman) to provide secure encryption and identification services between two endpoints on an un-secure network (like the Internet). My understanding is that SASL is an MD5/Kerberos protocol that pretty much does the same thing. So my question: what are the pros/cons to choosing both and what scenarios make both more preferable? Basically, I'm looking for a guidelines to follow when choosing SSL or to go with SASL instead. Thanks in advance!

    Read the article

  • WCF cross-domain policy security error

    - by George2
    Hello everyone, I am using VSTS 2008 + C# + WCF + .Net 3.5 + Silverlight 3.0. I host Silverlight control in an html page and debug it from VSTS 2008 (press F5, then run in VSTS 2008 built-in ASP.Net development web server), then call another WCF service (hosted in another machine running IIS 7.0 + Vista). The WCF service is very simple, just return a constant string to client. When invoking the WCF service from Silverlight, I got the following error message, An error occurred while trying to make a request to URI 'https://LabTest/Test.svc'. This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for SOAP services. You may need to contact the owner of the service to publish a cross-domain policy file and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be caused by using internal types in the web service proxy without using the InternalsVisibleToAttribute attribute. Please see the inner exception for more details. Here is the clientaccesspolicy.xml file, anything wrong? <?xml version="1.0" encoding="utf-8" ?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="*"> </domain> </allow-from> <grant-to> <resource path="/" include-subpaths="true"></resource> </grant-to> </policy> </cross-domain-access> </access-policy> thanks in advance, George

    Read the article

  • Castle windsor security exception

    - by Sunil
    I developed a small WCF service that uses Castle Windsor IoC container and it works fine on my PC. When I deploy it onto a Win 2008 R2 server and host the WCF service in IIS 7 it fails with the following error. I checked the server level web.config and the trust level is set to "Full". What do I need to do to get this to work. As a test I deployed the same service as it is onto a Windows 2003 server with the trust level set to "Full" and it works fine. I am unable to figure out what setting/configuration I am missing on the 2008 server that is making the service fail. Stack Trace: [SecurityException: That assembly does not allow partially trusted callers.] Castle.Windsor.WindsorContainer..ctor() +0 WMS.ServiceContractImplementation.IoC.IoCInstanceProvider..ctor(Type serviceType) in D:\WCF\WCFProofOfConcept\WMSServices \WMS.ServiceContractImplementation\IoC\IoCInstanceProvider.cs:19 WMS.ServiceContractImplementation.IoC.IoCServiceBehavior.ApplyDispatchBehav­ior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) in D:\WCF \WCFProofOfConcept\WMSServices\WMS.ServiceContractImplementation\IoC \IoCServiceBehavior.cs:24 System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(Ser­viceDescription description, ServiceHostBase serviceHost) +377 System.ServiceModel.ServiceHostBase.InitializeRuntime() +37 System.ServiceModel.ServiceHostBase.OnBeginOpen() +27 System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +49 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +261 System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +121 System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +479

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 181 182 183 184 185 186 187 188 189 190 191 192  | Next Page >