Search Results

Search found 13853 results on 555 pages for 'soa security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 191/555 | < Previous Page | 187 188 189 190 191 192 193 194 195 196 197 198  | Next Page >

  • How to implement Administrator rights in Java Application?

    - by Yatendra Goel
    I am developing a Data Modeling Software that is implemented in Java. This application converts the textual data (stored in a database) to graphical form so that users can interpret the data in a more efficient form. Now, this application will be accessed by 3 kinds of persons: 1. Managers (who can fill the database with data and they can also view the visual form of the data after entering the data into the database) 2. Viewers (who can only view the visual form of data that has been filled by managers) 3. Administrators (who can create and manage other administrators, managers and viewers) Now, how to implement 3 diff. views of the same application. Note: Managers, Viewers and Administrators can be located in any part of the world and should access the application through internet. One idea that came in my mind is as follows: Step1: Code all the business logic in EJBs so that it can be used in distributed environment (means which can be accessed by several users through internet) Step2: Code 3 Swing GUI Clients: One for administrators, one for managers and one for viewers. These 3 GUI clients can access business logic written in EJBs. Step3: Distribute the clients corresponding to their users. For instance, manager client to managers. =================================QUESTIONS======================================= Q1. Is the above approach is correct? Q2. This is very common functionality that various softwares have. So, Do they implement this kind of functionality through this way or any other way? Q3. If any other approach would be more better, then what is that approach?

    Read the article

  • What is a good way of checking to see if a particular user may access a particular file?

    - by Rising Star
    I am working on application which runs as a special unprivileged user. I would like to be able to easily check to see if the user can read a given file. It seems like this should be easy, even when I go into the file in Windows Explorer and see that the read permission is checked, it sometimes seems that there is still something preventing the user from reading the file (such as a parent directory that the user cannot browse) when I try to read it as the user programmatically. The user has no console logon permission, so I can't just log in as the user and try to read the file. So... If I want to know, "Does UserBob have access to file c:\specialPath\specialFile, what is an easy way to find out? BTW, my environment is Windows Server 2003.

    Read the article

  • ASP.NET server data persistence

    - by Wayne Werner
    Hi, I'm not really sure exactly how the question should be phrased, so please be patient if I ask the wrong thing. I'm writing an ASP.NET application using VB as the code behind language. I have a data access class that connects to the DB to run the query (parameterized, of course), and another class to perform the validation tasks - I access this class from my aspx page. What I would like is to be able to store the data server side and wait for the user to choose from a few options based on the validity of the data. But unless my understanding is completely off, having persistent data objects on the server will give problems when multiple users connect? My ultimate goal is that once the data has been validated the end user can't modify it. Currently I'm validating the data, but I still have to retrieve it from the web form AFTER the user says OK, which obviously leaves open the possibility of injecting bad data either accidentally (unlikely) or on purpose (also unlikely for the use, but I'd prefer not to take the chance). So am I completely off in my understanding? If so, can someone point me to a resource that provides some instructions on keeping persistent data on the server, or provide instruction? Thanks!

    Read the article

  • Is it immoral to put a captcha on a login form?

    - by azkotoki
    In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

    Read the article

  • unfounded Secure Unsecure Messages

    - by Marty Trenouth
    I'm having significant difficulty locating the root cause for a secure/insecure message comming from IE. I've looked through the entire output and there are NO references to http: I've searched for unsource Iframes, which cause this message, and there are none and other than jquery 1.4 there isn't even the text "iframe" in the source. I'm almost at an end trying the cause for this. Does anyone have any ideas

    Read the article

  • Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

    - by Damian Hickey
    Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like to take advantage of the in-built internet caching infrastructure for 'reads'. If the caching proxy servers can't cache SSL delivered content, would simply encrypting the content of a response be a viable option? I am considering all GET requests that we wish to be cachable be requested over http with the body encrypted using asymmetric encryption, where each client has the decryption key. Anytime we wish to perform a GET that is not cachable, or a POST operation, it will be performed over SSL.

    Read the article

  • [0-9a-zA-Z]* string expressed with primes or prime-factorization-style way to break it into parts?

    - by HH
    Suppose a string consists of numbers and alphabets. You want to break it into parts, an analogy is primes' factorization, but how can you do similar thing with strings [0-9a-zA-Z]* or even with arbitrary strings? I could express it in alphabets and such things with octal values and then prime-factorize it but then I need to keep track of places where I had the non-numbers things. Is there some simple way to do it? I am looking for simple succinct solutions and don't want too much side-effects. [Update] mvds has the correct idea, to change the base, how would you implement it?

    Read the article

  • Firing through HTTP a Perl script for sending signals to daemons

    - by Eric Fortis
    Hello guys, I'm using apache2 on Ubuntu. I have a Perl script which basically read the files names of a directory, then rewrites a text file, then sends a signal to a daemon. How can this be done, as secure as possible through a web-page? Actually I can run the code below, but not if I remove the comments. I'm looking for advise considering: Using HTTP Requests? How about Apache file permissions on the directory shown in code? Is htaccess enough to enable user/pass access to the cgi? Should I use a database instead of writing to a file and run a cron querying the db with permission granted to write and send the signal? Granting as less permissions as possible to the webserver. Should I set a VPN? #!/usr/bin/perl -wT use strict; use CGI; #@fileList = </home/user/*>; #read a directory listing my $query = CGI->new(); print $query->header( "text/html" ), $query->p( "FirstFileNameInArray" ), #$query->p( $fileList[0] ), #output the first file in directory $query->end_html;

    Read the article

  • Accessing Identity.AuthenticationType

    - by Tewr
    While implementing a custom authentication type in a wcf service, I'm trying to read the property IIdentity.AuthenticationType using the call Thread.CurrentPrincipal.Identity.AuthenticationType. Unless the account running the service is local administrator, UnauthorizedAccessException is thrown when accessing this property, much like described in this support thread. I can however reset the Thread.CurrentPrincipalobject without hassle, thus altering the Authentication Type - But read it, I cannot. Is running as an administrator the only way here or is there some trick to let the user running the service "just" access this property?

    Read the article

  • Evaluating server certificate

    - by Raven
    Hi, How can I detect a self signed certificate from a revoked or expired ones? I'm using NSURLConnection and implementing connection:didReceiveAuthenticationChallenge: on delegate: - (void)connection:(NSURLConnection *)connection didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge{ if ([challenge.protectionSpace.authenticationMethod isEqualToString:NSURLAuthenticationMethodServerTrust]){ NSURLProtectionSpace *tmpSpace=[challenge protectionSpace]; SecTrustRef currentServerTrust=[tmpSpace serverTrust]; SecTrustResultType trustResult; OSStatus err = SecTrustEvaluate(currentServerTrust, &trustResult); BOOL trusted = (err == noErr) && ((trustResult == kSecTrustResultProceed) || (trustResult == kSecTrustResultUnspecified)); if (trusted){ // Do something } } } Currently the "if (trusted){}" block only work for certificates trusted by iOS, I want it to work for others as well, but only if the certificate isn't revoked or expired. The documentation is using SecTrustSettingsSetTrustSettings for changing the settings and reevaluate the trust. but I couldn't find this method (or the SecTrustSetting) for iOS, only for Mac. Thanks

    Read the article

  • How do I secure a folder used to let users upload files?

    - by Eduardo Molteni
    I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

    Read the article

  • Bruteforcing Blackberry PersistentStore?

    - by Haoest
    Hello, I am experimenting with Blackberry's Persistent Store, but I have gotten nowhere so far, which is good, I guess. So I have written a a short program that attempts iterator through 0 to a specific upper bound to search for persisted objects. Blackberry seems to intentionally slow the loop. Check this out: String result = "result: \n"; int ub = 3000; Date start = Calendar.getInstance().getTime(); for(int i=0; i<ub; i++){ PersistentObject o = PersistentStore.getPersistentObject(i); if (o.getContents() != null){ result += (String) o.getContents() + "\n"; } } result += "end result\n"; result += "from 0 to " + ub + " took " + (Calendar.getInstance().getTime().getTime() - start.getTime()) / 1000 + " seconds"; From 0 to 3000 took 20 seconds. Is this enough to conclude that brute-forcing is not a practical method to breach the Blackberry? In general, how secure is BB Persistent Store?

    Read the article

  • SQL Server db_owner

    - by andrew007
    Hi, in my SQL2008 I have a user which is in the "db_datareader", "db_datawriter" and "db_ddladmin" DB roles, however when he tries to modify a table with SSMS he receives a message saying: You are not logged in as the database owner or system administrator. You might not be able to save changes to tables that you do not own. Of course, I would like to avoid such message, but until now I did find the way... Therefore, I try to modify the user by adding him to the "db_owner" role, and of course I do not have the message above. My question is: Is it possible to keep the user in the "db_owner" role, but deny some actions like alter user or ? I try "alter any user" securable on DB level, but it does not work... THANKS!

    Read the article

  • Chunks of javascript added to webpages on server

    - by SteD
    I've found out that my web pages (mainly index.php, main.html, include.inc) have been injected with a chunk of javascript codes at the very bottom after my original code. <script>try {this.l="";var d=window[unescape("%75%6e%65%73%63%61%70%65")];var M;if(M!='' && M!='a'){M='bt'};var A="";var Mc=new String();var e=null;this.k="";var t;if(t!='' && t!='iX'){t=''};var K=window[d("%52%65%67%45%78%70")];var p=d("%72%65%70%6c%61%63%65");function C(H,Z){var N=d("%5b" Is it possible for SQL injections to add the chunk of js code to the webpages(like 50 of them are infected)? Or is it a virus on the server itself? I am using Drupal + Ubercart with quite minimal forms inputs.

    Read the article

  • How to design authentication in a thick client, to be fail safe?

    - by Jay
    Here's a use case: I have a desktop application (built using Eclipse RCP) which on start, pops open a dialog box with 'UserName' and 'Password' fields in it. Once the end user, inputs his UserName and Password, a server is contacted (a spring remote-servlet, with the client side being a spring httpclient: similar to the approaches here.), and authentication is performed on the server side. A few questions related to the above mentioned scenario: If said this authentication service were to go down, what would be the best way to handle further proceedings? Authentication is something that I cannot do away with. Would running the desktop client in a "limited" mode be a good idea? For instance, important features/menus/views will be disabled, rest of the application will be accessible? Should I have a back up authentication service running on a different machine, working as a backup? What are the general best-practices in this scenario? I remember reading about google gears and how it would let you edit and do stuff offline - should something like this be designed? Please let me know your design/architectural comments/suggestions. Appreciate your help.

    Read the article

  • Best way to get a reasonably random key for MYSQL records

    - by Steve N
    Hi there, I need to generate a reasonably random unique key for a table. It should be something like a GUID for MYSQL. I've tried UUID, but it looks like only the first few characters are actually random- the rest are the same every time I insert them. Essentially, it is desirable for this key field to be very difficult to guess, even if you already have one known value in the column. What is the best way to do this, and how should I set up the field data type to store the value efficiently? Thank you, Steve

    Read the article

  • Automatic User Authentication Framework for Controllers in ASP.NET MVC?

    - by Austin
    In rails I could do something like this to make sure a user is authenticated before accessing an action in the controller: before_filter :checked_logged_in, :only => [:edit, :update] I was wondering if ASP.NET MVC had something similar or if there was a framework out there that could essentially do something like the following: For certain methods with actions that take a certain parameter, I want to point the action to a method, check to see if the user owns that object, and if so, proceed to the controller action. If not, I want to redirect him to another action where I can show him he has invalid credentials. So basically I am looking for a sort of "before_filter." Anyone know of anything out there that can do this? Thanks!

    Read the article

  • Does HttpWebRequest automatically take care of certificate validation?

    - by Kevin Pang
    I'm using an HttpWebRequest object to access a web service via an HTTP POST. Part of the requirement is that I: Verify that the URL in the certificate matches the URL I'm posting to Verify that the certificate is valid and trusted Verify that the certificate has not expired Does HttpWebRequest automatically handle that for me? I'd assume that if any of these conditions came up, I'd get the standard "could not establish trust relationship for the SSL/TLS secure channel" exception.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 187 188 189 190 191 192 193 194 195 196 197 198  | Next Page >