Search Results

Search found 22139 results on 886 pages for 'security testing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 186/886 | < Previous Page | 182 183 184 185 186 187 188 189 190 191 192 193  | Next Page >

  • Castle windsor security exception

    - by Sunil
    I developed a small WCF service that uses Castle Windsor IoC container and it works fine on my PC. When I deploy it onto a Win 2008 R2 server and host the WCF service in IIS 7 it fails with the following error. I checked the server level web.config and the trust level is set to "Full". What do I need to do to get this to work. As a test I deployed the same service as it is onto a Windows 2003 server with the trust level set to "Full" and it works fine. I am unable to figure out what setting/configuration I am missing on the 2008 server that is making the service fail. Stack Trace: [SecurityException: That assembly does not allow partially trusted callers.] Castle.Windsor.WindsorContainer..ctor() +0 WMS.ServiceContractImplementation.IoC.IoCInstanceProvider..ctor(Type serviceType) in D:\WCF\WCFProofOfConcept\WMSServices \WMS.ServiceContractImplementation\IoC\IoCInstanceProvider.cs:19 WMS.ServiceContractImplementation.IoC.IoCServiceBehavior.ApplyDispatchBehav­ior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase) in D:\WCF \WCFProofOfConcept\WMSServices\WMS.ServiceContractImplementation\IoC \IoCServiceBehavior.cs:24 System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(Ser­viceDescription description, ServiceHostBase serviceHost) +377 System.ServiceModel.ServiceHostBase.InitializeRuntime() +37 System.ServiceModel.ServiceHostBase.OnBeginOpen() +27 System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +49 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +261 System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +121 System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +479

    Read the article

  • read java.security.key stored as object inside a file which is in jar

    - by Tal
    I saved a PublicKey instance in a file using ObjectOutputStream. This file is then stored inside a jar file which is then loaded by JBoss. I'm trying to read this file but it throws me an exception telling that it's not serializable. Here is the code : InputStream input = KeyLoader.class.getClassLoader().getResourceAsStream(resource); ObjectInputStream objectInputStream = new ObjectInputStream(input); Object obj = objectInputStream.readObject(); Key output = (Key) obj; objectInputStream.close(); return output; which throws me this exception An exception occurred: java.io.NotSerializableException

    Read the article

  • Servlet Security question about j_security_check, j_username and j_password

    - by Nitesh Panchal
    Hello, I used jdbcRealm in my web application and it's working fine. I defined all constraints also in my web.xml. Like all pages of url pattern /Admin/* should be accessed by only admin. I have a login form with uses standard j_security_check, j_username and j_password. Now, when i type Admin/home.jsf it rightly redirects me login.jsf and there when i type the password i am redirected to home.jsf. This works alright but problem comes i directly go to login.jsf and then type password and username. This time it again redirects me to login.jsf. Is there any way through which i can specify which page to go when successful login is there? I need to specify different different pages for different roles. For Admin, it is /Admin/home.jsf for general users it is /General/home.jsf because login form is shared between different type of users. Where do i specify all these things? Secondly, i want to have a remember me checkbox at the end of login form. How do i do this? By default, it is submitted to j_security_check servlet and i have no control over its execution. Please help. This doesn't seem so hard but looks like i am missing something.

    Read the article

  • Security / Protecting code in JavaScript

    - by Evans
    With all the recent hype about JavaScript and HTML5 replacing Flash, I wanted to know - How would it be possible to protect client-side js code? Of course, it is possible to obfuscate it, but that would only make it a little harder. Also, for games which submit high scores to the server, wouldn't it be incredibly easy to modify those scores before they are sent to the server? I know even Flash files can be decompiled, but they can be obfuscated and flash decompilation is not as easy as modifying data in JS - could be done easily using a plugin such as Firebug. I'd like to know everyone's views on this.

    Read the article

  • Where do you put your unit test?

    - by soulmerge
    I have found several conventions to housekeeping unit tests in a project and I'm not sure which approach would be suitable for our next PHP project. I am trying to find the best convention to encourage easy development and accessibility of the tests when reviewing the source code. I would be very interested in your experience/opinion regarding each: One folder for productive code, another for unit tests: This separates unit tests from the logic files of the project. This separation of concerns is as much a nuisance as it is an advantage: Someone looking into the source code of the project will - so I suppose - either browse the implementation or the unit tests (or more commonly: the implementation only). The advantage of unit tests being another viewpoint to your classes is lost - those two viewpoints are just too far apart IMO. Annotated test methods: Any modern unit testing framework I know allows developers to create dedicated test methods, annotating them (@test) and embedding them in the project code. The big drawback I see here is that the project files get cluttered. Even if these methods are separated using a comment header (like UNIT TESTS below this line) it just bloats the class unnecessarily. Test files within the same folders as the implementation files: Our file naming convention dictates that PHP files containing classes (one class per file) should end with .class.php. I could imagine that putting unit tests regarding a class file into another one ending on .test.php would render the tests much more present to other developers without tainting the class. Although it bloats the project folders, instead of the implementation files, this is my favorite so far, but I have my doubts: I would think others have come up with this already, and discarded this option for some reason (i.e. I have not seen a java project with the files Foo.java and FooTest.java within the same folder.) Maybe it's because java developers make heavier use of IDEs that allow them easier access to the tests, whereas in PHP no big editors have emerged (like eclipse for java) - many devs I know use vim/emacs or similar editors with little support for PHP development per se. What is your experience with any of these unit test placements? Do you have another convention I haven't listed here? Or am I just overrating unit test accessibility to reviewers?

    Read the article

  • TestNG - Factories and Dataproviders

    - by Tim K
    Background Story I'm working at a software firm developing a test automation framework to replace our old spaghetti tangled system. Since our system requires a login for almost everything we do, I decided it would be best to use @BeforeMethod, @DataProvider, and @Factory to setup my tests. However, I've run into some issues. Sample Test Case Lets say the software system is a baseball team roster. We want to test to make sure a user can search for a team member by name. (Note: I'm aware that BeforeMethods don't run in any given order -- assume that's been taken care of for now.) @BeforeMethod public void setupSelenium() { // login with username & password // acknowledge announcements // navigate to search page } @Test(dataProvider="players") public void testSearch(String playerName, String searchTerm) { // search for "searchTerm" // browse through results // pass if we find playerName // fail (Didn't find the player) } This test case assumes the following: The user has already logged on (in a BeforeMethod, most likely) The user has already navigated to the search page (trivial, before method) The parameters to the test are associated with the aforementioned login The Problems So lets try and figure out how to handle the parameters for the test case. Idea #1 This method allows us to associate dataproviders with usernames, and lets us use multiple users for any specific test case! @Test(dataProvider="players") public void testSearch(String user, String pass, String name, String search) { // login with user/pass // acknowledge announcements // navigate to search page // ... } ...but there's lots of repetition, as we have to make EVERY function accept two extra parameters. Not to mention, we're also testing the acknowledge announcements feature, which we don't actually want to test. Idea #2 So lets use the factory to initialize things properly! class BaseTestCase { public BaseTestCase(String user, String password, Object[][] data); } class SomeTest { @Factory public void ... } With this, we end up having to write one factory per test case... Although, it does let us have multiple users per test-case. Conclusion I'm about fresh out of ideas. There was another idea I had where I was loading data from an XML file, and then calling the methods from a program... but its getting silly. Any ideas?

    Read the article

  • JUnit for Functions with Void Return Values

    - by RobotNerd
    I've been working on a Java application where I have to use JUnit for testing. I am learning it as I go. So far I find it to be useful, especially when used in conjunction with the Eclipse JUnit plugin. After playing around a bit, I developed a consistent method for building my unit tests for functions with no return values. I wanted to share it here and ask others to comment. Do you have any suggested improvements or alternative ways to accomplish the same goal? Common Return Values First, there's an enumeration which is used to store values representing test outcomes. public enum UnitTestReturnValues { noException, unexpectedException // etc... } Generalized Test Let's say a unit test is being written for: public class SomeClass { public void targetFunction (int x, int y) { // ... } } The JUnit test class would be created: import junit.framework.TestCase; public class TestSomeClass extends TestCase { // ... } Within this class, I create a function which is used for every call to the target function being tested. It catches all exceptions and returns a message based on the outcome. For example: public class TestSomeClass extends TestCase { private UnitTestReturnValues callTargetFunction (int x, int y) { UnitTestReturnValues outcome = UnitTestReturnValues.noException; SomeClass testObj = new SomeClass (); try { testObj.targetFunction (x, y); } catch (Exception e) { UnitTestReturnValues.unexpectedException; } return outcome; } } JUnit Tests Functions called by JUnit begin with a lowercase "test" in the function name, and they fail at the first failed assertion. To run multiple tests on the targetFunction above, it would be written as: public class TestSomeClass extends TestCase { public void testTargetFunctionNegatives () { assertEquals ( callTargetFunction (-1, -1), UnitTestReturnValues.noException); } public void testTargetFunctionZeros () { assertEquals ( callTargetFunction (0, 0), UnitTestReturnValues.noException); } // and so on... } Please let me know if you have any suggestions or improvements. Keep in mind that I am in the process of learning how to use JUnit, so I'm sure there are existing tools available that might make this process easier. Thanks!

    Read the article

  • Security Exception while implementing global search for Messaging

    - by Sunil
    I am trying to enable global search for messaging application (i.e., messages can be searched from home screen search box). I have followed all the steps given in http://developer.android.com/reference/android/app/SearchManager.html I am getting the following exception 04-16 12:49:26.917: ERROR/DatabaseUtils(102): java.lang.SecurityException: Permission Denial: reading com.android.providers.telephony.MmsSmsProvider uri content://mms-sms/search_suggest_query/m?limit=58 from pid=106, uid=10000 requires android.permission.READ_SMS I have set permission in MmsSmsProvider.java file for read, write sms and global search, but still I get this error. Can anyone help. Regards, Sunil.

    Read the article

  • how to connect to MSSQL using activerecord, JDBC, JTDS and Integrated Security

    - by Rob
    As per the above, I've tried: establish_connection(:adapter => "jdbcmssql", :url => "jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain='mynetwork';", :username => 'user', :password=>'pass' ) establish_connection(:adapter => "jdbcmssql", :url => 'jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain="mynetwork";user="mynetwork\user"' ) establish_connection(:adapter => "jdbcmssql", :url => "jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain='mynetwork';", :username=>'user' ) establish_connection(:adapter => "jdbcmssql", :url => "jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain='mynetwork';integratedSecurity='true'", :username=>'user' ) .. and various other combinations. Each time I get: net/sourceforge/jtds/jdbc/SQLDiagnostic.java:368:in `addDiagnostic': java.sql.SQLException: Login failed for user ''. The user is not associated with a trusted SQL Server connection. (NativeException) Any tips? Thanks, activerecord (2.3.5) activerecord-jdbc-adapter (0.9.6) activerecord-jdbcmssql-adapter (0.9.6) jdbc-jtds (1.2.5) jruby 1.4.0 (ruby 1.8.7 patchlevel 174) (2009-11-02 69fbfa3) (Java HotSpot(TM) Client VM 1.6.0_18) [x86-java]

    Read the article

  • Java reflection framework and security

    - by Jijoy
    Hi , Assume I have a singleton class in an external lib to my application. But still I can create instances of that particular class using reflection. Like this Class clas = Class.forName(Private.class.getName()); for(Constructor c : clas.getDeclaredConstructors()){ c.setAccessible(true); Private p = (Private) c.newInstance(); System.out.println(p); } How can I restrict this ? . Thanks J

    Read the article

  • organizing unit test

    - by soulmerge
    I have found several conventions to housekeeping unit tests in a project and I'm not sure which approach would be suitable for our next PHP project. I am trying to find the best convention to encourage easy development and accessibility of the tests when reviewing the source code. I would be very interested in your experience/opinion regarding each: One folder for productive code, another for unit tests: This separates unit tests from the logic files of the project. This separation of concerns is as much a nuisance as it is an advantage: Someone looking into the source code of the project will - so I suppose - either browse the implementation or the unit tests (or more commonly: the implementation only). The advantage of unit tests being another viewpoint to your classes is lost - those two viewpoints are just too far apart IMO. Annotated test methods: Any modern unit testing framework I know allows developers to create dedicated test methods, annotating them (@test) and embedding them in the project code. The big drawback I see here is that the project files get cluttered. Even if these methods are separated using a comment header (like UNIT TESTS below this line) it just bloats the class unnecessarily. Test files within the same folders as the implementation files: Our file naming convention dictates that PHP files containing classes (one class per file) should end with .class.php. I could imagine that putting unit tests regarding a class file into another one ending on .test.php would render the tests much more present to other developers without tainting the class. Although it bloats the project folders, instead of the implementation files, this is my favorite so far, but I have my doubts: I would think others have come up with this already, and discarded this option for some reason (i.e. I have not seen a java project with the files Foo.java and FooTest.java within the same folder.) Maybe it's because java developers make heavier use of IDEs that allow them easier access to the tests, whereas in PHP no big editors have emerged (like eclipse for java) - many devs I know use vim/emacs or similar editors with little support for PHP development per se. What is your experience with any of these unit test placements? Do you have another convention I haven't listed here? Or am I just overrating unit test accessibility to reviewing developers?

    Read the article

  • Understanding Security Certificates (and thier pricing)

    - by John Robertson
    I work at a very small company so certificate costs need to be absolutely minimal. However for some applications we do Need to have our customers get that warm fuzzy not-using-a-self-signed certificate feeling. Since creating a "certificate authority" with makecert really just means creating a public/private key pair, it seems pretty clear that creating a public/private key pair FROM such a "certificate authority" really just means generating a second public/private key pair and signing both with the private key that belongs to the "certificate authority". Since the keys are signed anyone can verify they came from the certificate authority I created, or if verisign gave me the pair they sign it with one of their own private keys, and anyone can use verisigns corresponding public key to confirm verisign as the source of the keys. Given this I don't understand when I go to verisign or godaddy why they have rates only for yearly plans, when all I really want from them is a single public/private key pair signed with one of their private keys (so that anyone else can use their public keys to confirm that, yes, they gave me that public/private key pair and they confirmed I was who I said I was so you can trust my public/private key pair as belonging to a legitimate third party). Clearly I am misunderstanding something, what is it? Does verisign retire their public/private key pairs periodically so that my verisign signed key pair "expires" and I need new ones?

    Read the article

  • Getting back from security & location to my application

    - by sandman42
    Hi, I have an application that allows the user to enable GPS. In order to do it, first in the main activity I do: lm = (LocationManager) getSystemService(Context.LOCATION_SERVICE); if (!lm.isProviderEnabled(LocationManager.GPS_PROVIDER)){ showGpsOptions(); } showGpsOptions() is: private void showGpsOptions() { Intent gpsOptionsIntent = new Intent(android.provider.Settings.ACTION_LOCATION_SOURCE_SETTINGS); startActivityForResult(gpsOptionsIntent, BACK_FROM_GPS_ACT); } and finally I override main activity onActivityResult in this way: protected void onActivityResult(int requestCode, int resultCode, Intent data) { if (requestCode == BACK_FROM_GPS_ACT){ ; } super.onActivityResult(requestCode, resultCode, data); } Problem: the page show up and works, but when I press back I get back to home screen. Question: how can I get back to my application? Thanks a lot

    Read the article

  • ajax security ?

    - by Tony
    When I look back my codes that written earlier time, I found something terribly bad. Whenever I want to delete a record in the database, I did like this : $.post("deleteAction.do",{recordId:10}); I cannot prevent a malicious user visit my database operation url directly : deleteAction.do?recordId=10 What's the solution for this kind of problem ?

    Read the article

  • Rails multi level model security

    - by rballz
    I have the need to do the following in Rails to mirror a desktop application: a User and an Office 'owns' a record, if you don't own the record on a user or office level you're kicked into the public realm. user gets read,write,delete to the model record office gets read/write/delete to the model record other or public gets read/write/delete to the model record e.g. UserA owns a model record with read/write/delete OfficeA owns a model with read/write other/public gets read I was wondering if a plugin/gem existed to grant this functionality?

    Read the article

  • Flash Security help needed

    - by Ela
    Hi, I am developing a player and i want to make it for only one domain usage for one download. If user needs again then again hew needs to download another version from my site. How can i make it. Please some one tell me

    Read the article

  • Will these security functions be enough? (PHP)

    - by ggfan
    I am trying to secure my site so I don't have sql injections and xss scripting. Here's my code. //here's the from, for brevity, i just show a field for users to put firstname <form> <label for="first_name" class="styled">First Name:</label> <input type="text" id="first_name" name="first_name" value="<?php if (!empty($first_name)) echo $first_name; ?>" /><br /> //submit button etc </form> if (isset($_POST['submit'])) { //gets rid of extra whitesapce and escapes $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //check if $first_name is a string if(!is_string($first_name) { echo "not string"; } //then insert into the database. ....... } mysqli_real_espace_string: I know that this func escapes certain letters like \n \r, so when the data gets inputted into the dbc, it would have '\' next to all the escaped letters? --Will this script be enough to prevent most sql injections? just escaping and checking if the data is a string. For integers values(like users putting in prices), i just: is_numeric(). --How should I use htmlspecialchars? Should I use it only when echoing and displaying user data? Or should I also use this too when inputting data to a dbc? --When should I use strip_tags() or htmlspecialchars? SOO with all these function... if (isset($_POST['submit'])) { //gets rid of extra whitesapce and escapes $first_name = mysqli_real_escape_string($dbc, trim($_POST['first_name'])); //check if $first_name is a string if(!is_string($first_name) { echo "not string"; } //gets rid of any <,>,& htmlspecialchars($first_name); //strips any tags with the first name strip_tags($first_name) //then insert into the database. ....... } Which funcs should I use for sql injections and which ones should I use for xss?

    Read the article

  • A Security (encryption) Dilemma

    - by TravisPUK
    I have an internal WPF client application that accesses a database. The application is a central resource for a Support team and as such includes Remote Access/Login information for clients. At the moment this database is not available via a web interface etc, but one day is likely to. The remote access information includes the username and passwords for the client's networks so that our client's software applications can be remotely supported by us. I need to store the usernames and passwords in the database and provide the support consultants access to them so that they can login to the client's system and then provide support. Hope this is making sense. So the dilemma is that I don't want to store the usernames and passwords in cleartext on the database to ensure that if the DB was ever compromised, I am not then providing access to our client's networks to whomever gets the database. I have looked at two-way encryption of the passwords, but as they say, two-way is not much different to cleartext as if you can decrypt it, so can an attacker... eventually. The problem here is that I have setup a method to use a salt and a passcode that are stored in the application, I have used a salt that is stored in the db, but all have their weaknesses, ie if the app was reflected it exposes the salts etc. How can I secure the usernames and passwords in my database, and yet still provide the ability for my support consultants to view the information in the application so they can use it to login? This is obviously different to storing user's passwords as these are one way because I don't need to know what they are. But I do need to know what the client's remote access passwords are as we need to enter them in at the time of remoting to them. Anybody have some theories on what would be the best approach here? update The function I am trying to build is for our CRM application that will store the remote access details for the client. The CRM system provides call/issue tracking functionality and during the course of investigating the issue, the support consultant will need to remote in. They will then view the client's remote access details and make the connection

    Read the article

  • SVN access/security concern

    - by user167850
    I'm considering using a third party hosting company to house an SVN repository. (I'm looking at Dreamhost but this may apply to other hosts as well.) The hosting company sets up the repository at http://svn.yourdomain.com/path. The problem I have noticed is that anyone could come along and export the files using: svn export http://svn.yourdomain.com/path Obviously I will need to export the files myself, but is there a way to secure this on a shared host so others don't have the ability to export this over http? Or is the real solution to manage your own SVN server? Thanks for your thoughts.

    Read the article

  • Php security question

    - by Camran
    I have a linux server, and I am about to upload a classifieds website to it. The website is php based. That means php code adds/removes classifieds, with the help of the users offcourse. The php-code then adds/removes a classified to a database index called Solr (like MySql). Problem is that anybody can currently access the database, but I only want the website to access the database (solr). Solr is on port 8983 as standard btw. My Q is, if I add a rule in my firewall (iptables), to only allow connections coming from the servers IP to the Solr port nr, would this solve my issue? Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 182 183 184 185 186 187 188 189 190 191 192 193  | Next Page >