Search Results

Search found 41147 results on 1646 pages for 'database security'.

Page 195/1646 | < Previous Page | 191 192 193 194 195 196 197 198 199 200 201 202  | Next Page >

• How to resolve a java.security.AccessControlException?

  - by thisisananth

  I have written an SAX parser in my Google App Engine Web application. in that I try to validate my xml file with an xsd. But I am getting an access control exception when my code is tyring to access that xsd. java.security.AccessControlException: access denied (java.io.FilePermission \WEB-INF\ApplicationResponse.xsd read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264) at java.security.AccessController.checkPermission(AccessController.java:427) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at com.google.appengine.tools.development.DevAppServerFactory$CustomSecurityManager.checkPermission(DevAppServerFactory.java:166) at java.lang.SecurityManager.checkRead(SecurityManager.java:871) at java.io.FileInputStream.(FileInputStream.java:100) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.xsdToXMLInputSource(XMLSchemaLoader.java:830) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.processJAXPSchemaSource(XMLSchemaLoader.java:708) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaLoader.loadSchema(XMLSchemaLoader.java:554) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.findSchemaGrammar(XMLSchemaValidator.java:2459) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1807) at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.startElement(XMLSchemaValidator.java:705) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:330) at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl$NSContentDispatcher.scanRootElementHook(XMLNSDocumentScannerImpl.java:779) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1794) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:368) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1242) at sax.SAXLocalNameCount.parse(SAXLocalNameCount.java:220) at com.sms2mint.InterfaceServlet.doGet(InterfaceServlet.java:54) Please let me know how to debug this? I have tried to place the xsd in classes, webcontent, /WEB-INF but didn't help. Also declared this as a resource file in appengine-web.xml also but no avail.

  Read the article

• Cannot connect to database,.Login failed for user

  - by kishorejangid

  Yesterday my database was connected perfectly.. We have installed Windows Server 2008 R2 on our server and the i have added the user to the client PC name SMTECH5 with user jangid Now my database is not connecting using windows authentication. only the master database is connecting.. here are somw of the error throwned TITLE: Connect to Database Engine Cannot connect to SMTECH5\COLLEGEERP. ADDITIONAL INFORMATION: Cannot open user default database. Login failed. Login failed for user 'SMTECH\jangid'. (Microsoft SQL Server, Error: 4064) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=4064&LinkId=20476 BUTTONS: OK TITLE: Connect to Database Engine Cannot connect to SMTECH5\COLLEGEERP. ADDITIONAL INFORMATION: Cannot open user default database. Login failed. Login failed for user 'SMTECH\jangid'. (Microsoft SQL Server, Error: 4064) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=4064&LinkId=20476 BUTTONS: OK this happens on all the pcs in our lab

  Read the article

• ActiveX not working properly with default security settings

  - by Ummar

  I have written an ActiveX control in C# and have made it working using regasm command, and it works fine as long as the security level is set to low.. Then as a next step I have made a .cab installer (ICD - Internet component downloader), and have signed my .cab file and ActiveX .dll file with a test certificate. when I hit the html page from my browser the installation parts works fine with default security settings of IE, but at the end it seems that nothing is installed and a red cross is shown on place of ActiveX. Moreover I have explored the Download Program Files folder under Windows directory, in status column it is showing word "unknown". while it is "installed" for all other activeX. what may be the problem. Moreover if i use the regasm command to register the assembly it works fine, and I have signed the ActiveX but still I have to move the security bar to low in my browser setting? why it is so? then what is the purpose of signing? I have used RegisterServer=yes in my .inf file Please let me know, if some one has gone through this problem already?

  Read the article

• Getting rid of the Expires node (xml) in the WS security header

  - by Nick

  From the snippet below, how do i get rid of the (xml node) <wsu:Expires> tag? I want to either get rid of it or pass it in as a empty element. It is a read only property in objClient.RequestSoapContext.Security.Timestamp.Expires. Any help is appreciated. <wsse:Security soap:mustUnderstand="1"> <wsu:Timestamp wsu:Id="Timestamp-26d09d54-10ef-4141-aa2c-11c75ed8172b"> <wsu:Created>2010-03-08T15:32:16Z</wsu:Created> <wsu:Expires>2010-03-08T15:37:16Z</wsu:Expires> </wsu:Timestamp> <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-7c9b80ec-98e9-4e41-af2e-ad37070cbdd3"> <wsse:Username>bubba</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">dsfdfsdfsfs+-dasdf=</wsse:Password> <wsse:Nonce>QQ3C4HUfO2CyGx7HrjzMzg==</wsse:Nonce> <wsu:Created>2010-03-08T15:32:16Z</wsu:Created> </wsse:UsernameToken> </wsse:Security>

  Read the article

• Selecting a whole database over an individual table to output to file

  - by Daniel Wrigley

  :::::::: EDIT :::::::: New code for people to have a look at, one question I have with this is where do I set were the *.gz file is saved? $backupFile = $dbname . date("Y-m-d-H-i-s") . '.gz'; $command = "mysqldump --opt -h $dbhost -u $dbuser -p $dbpass $dbname | gzip > $backupFile"; system($command); Also why the hell can you not reply yo your own post with answering it? :( :::::::: EDIT :::::::: Ok Im having trouble finding out how to select a full database for backup as an *.sql file rather than only an individual table. On the localhost I have several databases with one named "foo" and it is that which I want to backup and not any of the individual tables inside the database "foo". The code to connect to the database; //Database Information $dbhost = "localhost"; $dbname = "foo"; $dbuser = "bar"; $dbpass = "rulz"; //Connect to database mysql_connect ($dbhost, $dbuser, $dbpass) or die("Could not connect: ".mysql_error()); mysql_select_db($dbname) or die(mysql_error()); The code to backup the database; // Grab the time to know when this post was submitted $time = date('Y-m-d-H-i-s'); $tableName = 'foo'; $backupFile = '/sql/backup/'. $time .'.sql'; $query = "SELECT * INTO OUTFILE '". $backupFile ."' FROM ". $tableName .""; $result = mysql_query($query)or die("Database query died: " . mysql_error()); My brain is hurting near to the end of the day so no doubts i've missed something out very obvious. Thanks in advance to anyone helping me out.

  Read the article

• authentication question (security code generation logic)

  - by Stick it to THE MAN

  I have a security number generator device, small enough to go on a key-ring, which has a six digit LCD display and a button. After I have entered my account name and password on an online form, I press the button on the security device and enter the security code number which is displayed. I get a different number every time I press the button and the number generator has a serial number on the back which I had to input during the account set-up procedure. I would like to incorporate similar functionality in my website. As far as I understand, these are the main components: Generate a unique N digit aplha-numeric sequence during registration and assign to user (permanently) Allow user to generate an N (or M?) digit aplha-numeric sequence remotely For now, I dont care about the hardware side, I am only interested in knowing how I may choose a suitable algorithm that will allow the user to generate an N (or M?) long aplha-numeric sequence - presumably, using his unique ID as a seed Identify the user from the number generated in step 2 (which decryption method is the most robust to do this?) I have the following questions: Have I identified all the steps required in such an authentication system?, if not please point out what I have missed and why it is important What are the most robust encryption/decryption algorithms I can use for steps 1 through 3 (preferably using 64bits)?

  Read the article

• Storing float numbers as strings in android database

  - by sandis

  So I have an app where I put arbitrary strings in a database and later extract them like this: Cursor DBresult = myDatabase.query(false, Constant.DATABASE_NOTES_TABLE_NAME, new String[] {"myStuff"}, where, null, null, null, null, null); DBresult.getString(0); This works fine in all cases except for when the string looks like a float number, for example "221.123123123". After saving it to the database I can extract the database to my computer and look inside it with a DB-viewer, and the saved number is correct. However, when using cursor.getString() the string "221.123" is returned. I cant for the life of me understand how I can prevent this. I guess I could do a cursor.getDouble() on every single string to see if this gives a better result, but that feels sooo ugly and inefficient. Any suggestions? Cheers, edit: I just made a small test program. This program prints "result: 123.123", when I would like it to print "result: 123.123123123" SQLiteDatabase database = openOrCreateDatabase("databas", Context.MODE_PRIVATE, null); database.execSQL("create table if not exists tabell (nyckel string primary key);"); ContentValues value = new ContentValues(); value.put("nyckel", "123.123123123"); database.insert("tabell", null, value); Cursor result = database.query("tabell", new String[]{"nyckel"}, null, null, null, null, null); result.moveToFirst(); Log.d("TAG","result: " + result.getString(0));

  Read the article

• Providing custom database functionality to custom asp.net membership provider

  - by IrfanRaza

  Hello friends, I am creating custom membership provider for my asp.net application. I have also created a separate class "DBConnect" that provides database functionality such as Executing SQL statement, Executing SPs, Executing SPs or Query and returning SqlDataReader and so on... I have created instance of DBConnect class within Session_Start of Global.asax and stored to a session. Later using a static class I am providing the database functionality throughout the application using the same single session. In short I am providing a single point for all database operations from any asp.net page. I know that i can write my own code to connect/disconnect database and execute SPs within from the methods i need to override. Please look at the code below - public class SGI_MembershipProvider : MembershipProvider { ...... public override bool ChangePassword(string username, string oldPassword, string newPassword) { if (!ValidateUser(username, oldPassword)) return false; ValidatePasswordEventArgs args = new ValidatePasswordEventArgs(username, newPassword, true); OnValidatingPassword(args); if (args.Cancel) { if (args.FailureInformation != null) { throw args.FailureInformation; } else { throw new Exception("Change password canceled due to new password validation failure."); } } ..... //Database connectivity and code execution to change password. } .... } MY PROBLEM - Now what i need is to execute the database part within all these overriden methods from the same database point as described on the top. That is i have to pass the instance of DBConnect existing in the session to this class, so that i can access the methods. Could anyone provide solution on this. There might be some better techniques i am not aware of that. The approach i am using might be wrong. Your suggessions are always welcome. Thanks for sharing your valuable time.

  Read the article

• Acessing a wordpress database from an iPhone App.

  - by Code

  Hi guys, I've been asked to create an app that will get data back from a database where the CMS will be Wordpress. I've never used a CMS so I'm trying to get a (overview)picture in my head of how it could all work and what each of the components would be. And what a CMS actually brings to the party. Creating the app itself is pretty clear. I've done a few already. I've made a database before and shouldnt cause a problem. But what is going to be in the middle between the app and the database? Part A: I'm guessing iphone apps typically would call some php file that's hosted on the server? The php then would make a call to the database and return the data somehow, maybe as xml. But this is really basic and wouldnt require a CMS. Just a database and a phpfile, or am I wrong? Part B: If i wanted to run a check on the database every minute to see if any of the data in database was no longer valid and remove it if needed, that would require somekind of program running on the server. So that program would be Wordpress, since it is managing the content, so a content management system is actually needed and is for these kind of taskes. Am i understanding the role of CMS? Many Thanks, -Code

  Read the article

• SQL SERVER – Introduction to Big Data – Guest Post

  - by pinaldave

  BIG Data – such a big word – everybody talks about this now a days. It is the word in the database world. In one of the conversation I asked my friend Jasjeet Sigh the same question – what is Big Data? He instantly came up with a very effective write-up.  Jasjeet is working as a Technical Manager with Koenig Solutions. He leads the SQL domain, and holds rich IT industry experience. Talking about Koenig, it is a 19 year old IT training company that offers several certification choices. Some of its courses include SharePoint Training, Project Management certifications, Microsoft Trainings, Business Intelligence programs, Web Design and Development courses etc. Big Data, as the name suggests, is about data that is BIG in nature. The data is BIG in terms of size, and it is difficult to manage such enormous data with relational database management systems that are quite popular these days. Big Data is not just about being large in size, it is also about the variety of the data that differs in form or type. Some examples of Big Data are given below : Scientific data related to weather and atmosphere, Genetics etc Data collected by various medical procedures, such as Radiology, CT scan, MRI etc Data related to Global Positioning System Pictures and Videos Radio Frequency Data Data that may vary very rapidly like stock exchange information Apart from difficulties in managing and storing such data, it is difficult to query, analyze and visualize it. The characteristics of Big Data can be defined by four Vs: Volume: It simply means a large volume of data that may span Petabyte, Exabyte and so on. However it also depends organization to organization that what volume of data they consider as Big Data. Variety: As discussed above, Big Data is not limited to relational information or structured Data. It can also include unstructured data like pictures, videos, text, audio etc. Velocity:  Velocity means the speed by which data changes. The higher is the velocity, the more efficient should be the system to capture and analyze the data. Missing any important point may lead to wrong analysis or may even result in loss. Veracity: It has been recently added as the fourth V, and generally means truthfulness or adherence to the truth. In terms of Big Data, it is more of a challenge than a characteristic. It is difficult to ascertain the truth out of the enormous amount of data and the one that has high velocity. There are always chances of having un-precise and uncertain data. It is a challenging task to clean such data before it is analyzed. Big Data can be considered as the next big thing in the IT sector in terms of innovation and development. If appropriate technologies are developed to analyze and use the information, it can be the driving force for almost all industrial segments. These include Retail, Manufacturing, Service, Finance, Healthcare etc. This will help them to automate business decisions, increase productivity, and innovate and develop new products. Thanks Jasjeet Singh for an excellent write up.  Jasjeet Sign is working as a Technical Manager with Koenig Solutions. Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: Database, PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology Tagged: Big Data

  Read the article

• 11???OTN?????????????&???? (10/24 ??)

  - by OTN-J Master

  ???????????????????????????????????????????????????????????????????????????? ???11????????????????????????????????????????????????????????????????????????????????????????????11?????????????????????????????????????????Oracle DBA & Developer Day??14?????????????????????????????????????????????????????????????????????????????????????????????????????????!10??????????? ?10/24???????? Oracle Database Appliance??? 11?6?(?)15:30 ~ 17:00 @ ??????????(??????)??????????????????????????????????·?????Oracle Database Appliance????????????????????????????????????????????????Oracle Database Appliance?????·???????????????·??????????????????????????Oracle Database Appliance????????????????? ?????!?????????????????? 11?7?(?)13:30 ~ 17:10 @  ??????????(??????)????????Oracle Database 11g Release2??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????·????????????????????????????? ???Java?3?????!Java?????? 11?12?(?)14:30 ~ 17:30 @  ??????????(??????)????????????????????????????????????·?????????????Java???????????????????Java???????????????????????????????????????????????????????????????????????? ?????????????????Java?????????????????????????????????????Java????????????????????????????? JPOUG Tech Talk Night #3 “Upgrade, Migrate and Consolidate to Oracle Database 12c(?)” 11?12?(?)19:00 ~20:30 @ ??????????(??·???) ???????? JPOUG??????????????????????????US?Oracle ????? 2?????Oracle Database 12c??????????????????????? ???????Oracle OpenWorld?????????????????????? ???????????Web??????????????????????? ??????????????????????????????????! ????! ???????? ~WebLogic Server???????????~ ]?1?] ???????????????11?13?(?)18:30 ~20:00 @ ?????? ????????????(??)?WebLogic Server ??????????????????Java???????????????Java EE??????WebLogic Server?JVM???????????????????????????????????????????????WebLogic Server???????????????????WebLogic Server?????????????????????????????????????11g(10.3.6)????12c(12.1.2)??????????????????????????????? ??????WebLogic Server???????????!Oracle DBA & Developer Day 2013 11?14?(?) @ ???????????(??·???)Oracle Database?Oracle WebLogic Server?Oracle Coherence?Oracle Solaris??????????????????????????????????????1?????????????????????????? ??????????????????????·????????????????????????????????6???????????????· Oracle Database - ???????·???????????????·????· Oracle Database - ??????·??????????· Oracle Database - ??????????· Oracle Database 12c?????? (Oracle University??)· Oracle Fusion Middleware????????· Oracle Solaris?Oracle Hardware????????? ">????!????????????????????????11?19?(?)14:30 ~ 16:50 @ ??????????(??????)??????????????????????????????????????????????????????????????????????????????????????????????????????? ???? ??????????????????????????????????????????????????????????????????????????????????????????????????????????E??????????????????????????????????????????????????????????? ????~!!?????????????????!~????????????~?presented by ???? 11?20?(?)18:30~20:00 @ ?????????? ???? ???????(??)????·??????????????????????????????????????????????????????????????!???????????????Oracle??????????????????????????????????Oracle Database ?????????????????????????????????????????Database Configuration Assitant??????????????????????????????????????????????? ??Oracle Database????????????????????????????????????????Database??(??·???·??????)???????????????????????!?????! ?????????/???????????? 11?21?(?)10:00 ~ 17:30 @ ??????????(??????)?Oracle Application Testing Suite??Web?????????????????????????????????????????????????????????????????????????????????????????????????????????????????Oracle Application Testing Suite?????????????????????????????????????????????????????Oracle Exadata ???? ???? 11?21?(?)13:30 ~ 17:30 @ ??????????(??????)11?28?(?)13:30 ~ 17:30 @ ?????? ????????????(??)?????????????????Oracle Exadata X3 Database In-Memory Machine???·????????????????????????????????????????????????????????????????????Oracle Exadata????????????????????????????????????????????????????????????????? ?! Click??????? in ?? ~90?????! Oracle Database 12c??? & Oracle Database ??????? ~11?22?(?)13:30~16:50 @  ???????? 406???????Oracle Database ??????????????????????????·????????????????????????????? Oracle Database12c ?????90?????????! ???????????? ~Oracle Database 12c ??? ??? ~11?27?(?)18:30 ~20:00 @ ?????????????????(???)Oracle ???????SQL????????????????????????????????????SQL?????????????????????Oracle Database 12c?????????????????????????????????????????????????????????Oracle Database 12c???????????????11g?????????????? ???????????35???? ~??????·??????&Oracle Database?????? ~11?29?(?)13:30 ~16:40 @ RCC?????? 7F 704???(??)?35?????????????????? Oracle?????????????·?????? ?Enterprise Manager???????????????Tips ?????????????????!?????????????????!!

  Read the article

• WCF client endpoint identity - configuration question

  - by Roel

  Hi all, I'm having a strange situation here. I got it working, but I don't understand why. Situation is as follows: There is a WCF service which my application (a website) has to call. The WCF service exposes a netTcpBinding and requires Transport Security (Windows). Client and server are in the same domain, but on different servers. So generating a client results in the following config (mostly defaults) <system.serviceModel> <bindings> <netTcpBinding> <binding name="MyTcpEndpoint" ...> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Transport"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/> <message clientCredentialType="Windows" /> </security> </binding> </netTcpBinding> </bindings> <client> <endpoint address="net.tcp://localhost:xxxxx/xxxx/xxx/1.0" binding="netTcpBinding" bindingConfiguration="MyTcpEndpoint" contract="Service.IMyService" name="TcpEndpoint"/> </client> </system.serviceModel> When I run the website and make the call to the service, I get the following error: System.ServiceModel.Security.SecurityNegotiationException: Either the target name is incorrect or the server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: Either the target name is incorrect or the server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed --- End of inner exception stack trace --- at System.Net.Security.NegoState.EndProcessAuthentication(IAsyncResult result) at System.Net.Security.NegotiateStream.EndAuthenticateAsClient(IAsyncResult asyncResult) at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.InitiateUpgradeAsyncResult.OnCompleteAuthenticateAsClient(IAsyncResult result) at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorAsyncResult.CompleteAuthenticateAsClient(IAsyncResult result) --- End of inner exception stack trace --- Server stack trace: at System.ServiceModel.AsyncResult.End[TAsyncResult](IAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result) at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result) .... Now, if I just alter the configuration of the client like so: <endpoint address="net.tcp://localhost:xxxxx/xxxx/xxx/1.0" binding="netTcpBinding" bindingConfiguration="MyTcpEndpoint" contract="Service.IMyService" name="TcpEndpoint"> <identity> <dns /> </identity> </endpoint> everything works and my server happily reports that it got called by the service account which hosts the AppPool for my website. All good. My question now is: why does this work? What does this do? I got to this solution by mere trial-and-error. To me it seems that all the <dns /> tag does is tell the client to use the default DNS for authentication, but doesn't it do that anyway? Thanks for providing me with some insight.

  Read the article

• The HTTP request was forbidden with client authentication scheme 'Anonymous'

  - by dudia

  I am trying to configure a WCF server\client to work with SSL I get the following exception: The HTTP request was forbidden with client authentication scheme 'Anonymous' I have a self hosted WCF server. I have run hhtpcfg both my client and server certificates are stored under Personal and Trusted People on the Local Machine Here is the server code: binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; binding.Security.Mode = WebHttpSecurityMode.Transport; _host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust; _host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck; _host.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine; _host.Credentials.ServiceCertificate.SetCertificate("cn=ServerSide", StoreLocation.LocalMachine, StoreName.My); Client Code: binding.Security.Mode = WebHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; WebChannelFactory<ITestClientForServer> cf = new WebChannelFactory<ITestClientForServer>(binding, url2Bind); cf.Credentials.ClientCertificate.SetCertificate("cn=ClientSide", StoreLocation.LocalMachine, StoreName.My); ServicePointManager.ServerCertificateValidationCallback += RemoteCertificateValidate; Looking at web_tracelog.svclog and trace.log reveals that the server cannot autheticate the client certificate My certificate are not signed by an Authorized CA but this is why I added them to the Trusted People.... What Am I missing? What am I missing?

  Read the article

• Query specific logs from event log using nxlog

  - by user170899

  Below is my nxlog configuration define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Extension json> Module xm_json </Extension> <Input internal> Module im_internal </Input> <Input eventlog> Module im_msvistalog Query <QueryList>\ <Query Id="0">\ <Select Path="Security">*</Select>\ </Query>\ </QueryList> </Input> <Output out> Module om_tcp Host localhost Port 3515 Exec $EventReceivedTime = integer($EventReceivedTime) / 1000000; \ to_json(); </Output> <Route 1> Path eventlog, internal => out </Route> <Select Path="Security">*</Select>\ - * gets everything from the Security log, but my requirement is to get specific logs starting with EventId - 4663. How do i do this? Please help. Thanks.

  Read the article

• Configuring multiple distinct WCF binding configurations causes an exception to be thrown

  - by Sandor Drieënhuizen

  I have a set of IIS7-hosted net.tcp WCF services that serve my ASP.NET MVC web application. The web application is accessed over the internet. WCF Services (IIS7) <--> ASP.NET MVC Application <--> Client Browser The services are username authenticated, the account that a client (of my web application) uses to logon ends up as the current principal on the host. I want one of the services to be authenticated differently, because it serves the view model for my logon view. When it's called, the client is obviously not logged on yet. I figure Windows authentication serves best or perhaps just certificate based security (which in fact I should use for the authenticated services as well) if the services are hosted on a machine that is not in the same domain as the web application. That's not the point here though. Using multiple TCP bindings is what's giving me trouble. I tried setting it up like this: <bindings> <netTcpBinding> <binding> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> <binding name="public"> <security mode="Transport"> <message clientCredentialType="Windows"/> </security> </binding> </netTcpBinding> </bindings> The thing is that both bindings don't seem to want live together in my host. When I remove either of them, all's fine but together they produce the following exception on the client: The requested upgrade is not supported by 'net.tcp://localhost:8081/Service2.svc'. This could be due to mismatched bindings (for example security enabled on the client and not on the server). In the server trace log, I find the following exception: Protocol Type application/negotiate was sent to a service that does not support that type of upgrade. Am I looking into the right direction or is there a better way to solve this?

  Read the article

• From AutoComplete textbox to database search and display?

  - by svebee

  Hello everyone, I have a small problem so I would be grateful if anyone could help me in any way. Thank you ;) I have this little "application", and I want when someone type in a AutoComplete textbox for example "New" it automatically displays "New York" as a option and that (AutoComplete function) works fine. But I want when user type in full location (or AutoComplete do it for him) - that text (location) input is forwarded to a database search which then searches through database and "collects" all rows with user-typed location. For example if user typed in "New York", database search would find all rows with "New York" in it. When it finds one/more row(s) it would display them below. In images... I have this when user is typing... http://www.imagesforme.com/show.php/1093305_SNAG0000.jpg I have this when user choose a AutoComplete location (h)ttp://www.imagesforme.com/show.php/1093306_SNAG0001.jpg (remove () on the beggining) But I wanna this when user choose a AutoComplete location (h)ttp://www.imagesforme.com/show.php/1093307_CopyofSNAG0001.jpg (remove () on the beggining) Complete Code package com.svebee.prijevoz; import android.app.Activity; import android.database.Cursor; import android.database.sqlite.SQLiteDatabase; import android.os.Bundle; import android.util.Log; import android.widget.ArrayAdapter; import android.widget.AutoCompleteTextView; import android.widget.TextView; public class ZelimDoci extends Activity { TextView lista; static final String[] STANICE = new String[] { "New York", "Chicago", "Dallas", "Los Angeles" }; /** Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.zelimdoci); AutoCompleteTextView textView = (AutoCompleteTextView) findViewById(R.id.autocomplete_country); ArrayAdapter<String> adapter = new ArrayAdapter<String>(this, R.layout.list_item, STANICE); textView.setAdapter(adapter); lista = (TextView)findViewById(R.id.lista); SQLiteDatabase myDB= null; String TableName = "Database"; String Data=""; /* Create a Database. */ try { myDB = this.openOrCreateDatabase("Database", MODE_PRIVATE, null); /* Create a Table in the Database. */ myDB.execSQL("CREATE TABLE IF NOT EXISTS " + TableName + " (Field1 INT(3) UNIQUE, Field2 INT(3) UNIQUE, Field3 VARCHAR UNIQUE, Field4 VARCHAR UNIQUE);"); Cursor a = myDB.rawQuery("SELECT * FROM Database where Field1 == 1", null); a.moveToFirst(); if (a == null) { /* Insert data to a Table*/ myDB.execSQL("INSERT INTO " + TableName + " (Field1, Field2, Field3, Field4)" + " VALUES (1, 119, 'New York', 'Dallas');"); myDB.execSQL("INSERT INTO " + TableName + " (Field1, Field2, Field3, Field4)" + " VALUES (9, 587, 'California', 'New York');"); } myDB.execSQL("INSERT INTO " + TableName + " (Field1, Field2, Field3, Field4)" + " VALUES (87, 57, 'Canada', 'London');"); } /*retrieve data from database */ Cursor c = myDB.rawQuery("SELECT * FROM " + TableName , null); int Column1 = c.getColumnIndex("Field1"); int Column2 = c.getColumnIndex("Field2"); int Column3 = c.getColumnIndex("Field3"); int Column4 = c.getColumnIndex("Field4"); // Check if our result was valid. c.moveToFirst(); if (c != null) { // Loop through all Results do { String LocationA = c.getString(Column3); String LocationB = c.getString(Column4); int Id = c.getInt(Column1); int Linija = c.getInt(Column2); Data =Data +Id+" | "+Linija+" | "+LocationA+"-"+LocationB+"\n"; }while(c.moveToNext()); } lista.setText(String.valueOf(Data)); } catch(Exception e) { Log.e("Error", "Error", e); } finally { if (myDB != null) myDB.close(); } } } .xml file <?xml version="1.0" encoding="utf-8"?> <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android" android:orientation="vertical" android:layout_width="fill_parent" android:layout_height="fill_parent" > <TextView android:layout_width="fill_parent" android:layout_height="wrap_content" android:textSize="20sp" android:gravity="center_horizontal" android:padding="10sp" android:text="Test AutoComplete"/> <LinearLayout xmlns:android="http://schemas.android.com/apk/res/android" android:orientation="horizontal" android:layout_width="fill_parent" android:layout_height="wrap_content" android:padding="5dp"> <TextView android:layout_width="wrap_content" android:layout_height="wrap_content" android:text="AutoComplete" /> <AutoCompleteTextView android:id="@+id/autocomplete_country" android:layout_width="fill_parent" android:layout_height="wrap_content" android:layout_marginLeft="5dp"/> </LinearLayout> </LinearLayout>

  Read the article

• Warning flagged by the 'rkhunter'

  - by gkt.pro

  when I scanned my Ubuntu 10.04 with rkhunter a root kit hunter toolkit, it gave following warning: Is there something that I have to worry about. [23:06:19] /usr/sbin/adduser [ Warning ] [23:06:19] Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script text executable [23:06:20] /usr/sbin/rsyslogd [ Warning ] [23:06:20] Warning: The file properties have changed: [23:06:22] /usr/bin/dpkg [ Warning ] [23:06:22] Warning: The file properties have changed: [23:06:22] /usr/bin/dpkg-query [ Warning ] [23:06:22] Warning: The file properties have changed: [23:06:24] /usr/bin/ldd [ Warning ] [23:06:24] Warning: The file properties have changed: [23:06:24] Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable [23:06:24] /usr/bin/logger [ Warning ] [23:06:24] Warning: The file properties have changed: [23:06:25] /usr/bin/mail [ Warning ] [23:06:25] Warning: The file '/usr/bin/mail' exists on the system, but it is not present in the rkhunter.dat file. [23:06:27] /usr/bin/sudo [ Warning ] [23:06:27] Warning: The file properties have changed: [23:06:29] /usr/bin/whereis [ Warning ] [23:06:29] Warning: The file properties have changed: [23:06:29] /usr/bin/lwp-request [ Warning ] [23:06:29] Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable [23:06:29] /usr/bin/bsd-mailx [ Warning ] [23:06:29] Warning: The file '/usr/bin/bsd-mailx' exists on the system, but it is not present in the rkhunter.dat file. [23:06:30] /sbin/fsck [ Warning ] [23:06:30] Warning: The file properties have changed: [23:06:30] /sbin/ifdown [ Warning ] [23:06:30] Warning: The file properties have changed: [23:06:31] /sbin/ifup [ Warning ] [23:06:31] Warning: The file properties have changed: [23:06:34] /bin/dmesg [ Warning ] [23:06:34] Warning: The file properties have changed: [23:06:35] /bin/more [ Warning ] [23:06:35] Warning: The file properties have changed: [23:06:36] /bin/mount [ Warning ] [23:06:36] Warning: The file properties have changed: [23:06:37] /bin/which [ Warning ] [23:06:37] Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable [23:08:58] Checking /dev for suspicious file types [ Warning ] [23:08:58] Warning: Suspicious file types found in /dev: [23:08:58] Checking for hidden files and directories [ Warning ] [23:08:58] Warning: Hidden directory found: /etc/.java [23:08:58] Warning: Hidden directory found: /dev/.udev [23:08:58] Warning: Hidden directory found: /dev/.initramfs [23:09:01] Checking version of Exim MTA [ Warning ] [23:09:01] Warning: Application 'exim', version '4.71', is out of date, and possibly a security risk. [23:09:01] Checking version of GnuPG [ Warning ] [23:09:01] Warning: Application 'gpg', version '1.4.10', is out of date, and possibly a security risk. [23:09:01] Checking version of OpenSSL [ Warning ] [23:09:01] Warning: Application 'openssl', version '0.9.8k', is out of date, and possibly a security risk.

  Read the article

• How to inspect remote SMTP server's TLS certificate?

  - by Miles Erickson

  We have an Exchange 2007 server running on Windows Server 2008. Our client uses another vendor's mail server. Their security policies require us to use enforced TLS. This was working fine until recently. Now, when Exchange tries to deliver mail to the client's server, it logs the following: A secure connection to domain-secured domain 'ourclient.com' on connector 'Default external mail' could not be established because the validation of the Transport Layer Security (TLS) certificate for ourclient.com failed with status 'UntrustedRoot. Contact the administrator of ourclient.com to resolve the problem, or remove the domain from the domain-secured list. Removing ourclient.com from the TLSSendDomainSecureList causes messages to be delivered successfully using opportunistic TLS, but this is a temporary workaround at best. The client is an extremely large, security-sensitive international corporation. Our IT contact there claims to be unaware of any changes to their TLS certificate. I have asked him repeatedly to please identify the authority that generated the certificate so that I can troubleshoot the validation error, but so far he has been unable to provide an answer. For all I know, our client could have replaced their valid TLS certificate with one from an in-house certificate authority. Does anyone know a way to manually inspect a remote SMTP server's TLS certificate, as one can do for a remote HTTPS server's certificate in a web browser? It could be very helpful to determine who issued the certificate and compare that information against the list of trusted root certificates on our Exchange server.

  Read the article

• NHibernate + Remoting = ReflectionPermission Exception

  - by Pedro

  Hi all, We are dealing with a problem when using NHibernate with Remoting in a machine with full trust enviroment (actually that's our dev machine). The problem happens when whe try to send as a parameter an object previously retrieved from the server, that contains a NHibernate Proxy in one of the properties (a lazy one). As we are in the dev machine, there's no restriction in the trust level of the web app (it's set to Full) and, as a plus, we've configured NHibernate's and Castle's assemblies to full trust in CAS (even thinking that it'd not be necessary as the remoting app in IIS has the full trust level). Does anyone have any idea of what can be causing this exception? Stack trace below. InnerException: System.Security.SecurityException Message="Falha na solicitação da permissão de tipo 'System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'." Source="mscorlib" GrantedSet="" PermissionState="<IPermission class=\"System.Security.Permissions.ReflectionPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089\"\r\nversion=\"1\"\r\nFlags=\"ReflectionEmit\"/>\r\n" RefusedSet="" Url="" StackTrace: em System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) em System.Security.CodeAccessPermission.Demand() em System.Reflection.Emit.AssemblyBuilder.DefineDynamicModuleInternalNoLock(String name, Boolean emitSymbolInfo, StackCrawlMark& stackMark) em System.Reflection.Emit.AssemblyBuilder.DefineDynamicModuleInternal(String name, Boolean emitSymbolInfo, StackCrawlMark& stackMark) em System.Reflection.Emit.AssemblyBuilder.DefineDynamicModule(String name, Boolean emitSymbolInfo) em Castle.DynamicProxy.ModuleScope.CreateModule(Boolean signStrongName) em Castle.DynamicProxy.ModuleScope.ObtainDynamicModuleWithWeakName() em Castle.DynamicProxy.ModuleScope.ObtainDynamicModule(Boolean isStrongNamed) em Castle.DynamicProxy.Generators.Emitters.ClassEmitter.CreateTypeBuilder(ModuleScope modulescope, String name, Type baseType, Type[] interfaces, TypeAttributes flags, Boolean forceUnsigned) em Castle.DynamicProxy.Generators.Emitters.ClassEmitter..ctor(ModuleScope modulescope, String name, Type baseType, Type[] interfaces, TypeAttributes flags, Boolean forceUnsigned) em Castle.DynamicProxy.Generators.Emitters.ClassEmitter..ctor(ModuleScope modulescope, String name, Type baseType, Type[] interfaces, TypeAttributes flags) em Castle.DynamicProxy.Generators.Emitters.ClassEmitter..ctor(ModuleScope modulescope, String name, Type baseType, Type[] interfaces) em Castle.DynamicProxy.Generators.BaseProxyGenerator.BuildClassEmitter(String typeName, Type parentType, Type[] interfaces) em Castle.DynamicProxy.Generators.BaseProxyGenerator.BuildClassEmitter(String typeName, Type parentType, IList interfaceList) em Castle.DynamicProxy.Generators.ClassProxyGenerator.GenerateCode(Type[] interfaces, ProxyGenerationOptions options) em Castle.DynamicProxy.Serialization.ProxyObjectReference.RecreateClassProxy() em Castle.DynamicProxy.Serialization.ProxyObjectReference.RecreateProxy() em Castle.DynamicProxy.Serialization.ProxyObjectReference..ctor(SerializationInfo info, StreamingContext context) Thank you in advance.

  Read the article

• SecurityFlushSessionListener in jboss

  - by techzen

  In jboss-web.deployer/conf/web.xml there is a listener defined called SecurityFlustSessionListener. This listener searches for the component java:comp/env/security/securityMgr and if not found prints that info in the debug log. It is understood that if this security feature is not needed then, one can simply remove this listener. How have you used this listener for configuring security at the time of session destroying? As in, can you highlight the use cases of this listener and the scenarios where it was found useful?

  Read the article

• SecurityException in Sandboxed AppDomain

  - by Galen

  I'm attempting to use C# as a scripting language using CSharpCodeProvider (using VS2010 and .NET 4.0). I want the scripts to be run in a restricted AppDomain with minimal permissions. Currently, I'm getting an exception while trying to instantiate a class in the AppDomain (The call to CreateInstanceAndUnwrap()). Here is some simplified code that reproduces the exception: using System; using System.Collections.Generic; using Microsoft.CSharp; using System.CodeDom; using System.CodeDom.Compiler; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Reflection; using System.Runtime.Remoting; namespace ConsoleApp { class Program { static void Main(string[] args) { // set permissions PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(new SecurityPermission( SecurityPermissionFlag.Execution)); AppDomainSetup adSetup = new AppDomainSetup(); adSetup.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory; //Create a list of fully trusted assemblies Assembly[] asms = AppDomain.CurrentDomain.GetAssemblies(); List<StrongName> sns = new List<StrongName>(); for (int x = 0; x < asms.Length; x++) { StrongName sn = asms[x].Evidence.GetHostEvidence<StrongName>(); if (sn != null && sns.Contains(sn) == false) sns.Add(sn); } //this includes: "mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" AppDomain domain = AppDomain.CreateDomain("NewAppDomain", AppDomain.CurrentDomain.Evidence, adSetup, permissions);//, sns);//, sn4, sn, sn2, sn3); try { String asmName = Assembly.GetExecutingAssembly().FullName; String typeName = typeof(ConsoleApp.ScriptRunner).FullName; //Throws exception here ScriptRunner scriptRunner = domain.CreateInstanceAndUnwrap(asmName, typeName) as ScriptRunner; } catch (SecurityException se) { System.Diagnostics.Debug.WriteLine(se.Message); } catch (Exception ex) { System.Diagnostics.Debug.WriteLine(ex.Message); } } } public class ScriptRunner : MarshalByRefObject { public ScriptRunner() { //A breakpoint placed here is never reached. CompilerParameters param; param = new CompilerParameters(); param.CompilerOptions = ""; param.GenerateExecutable = false; param.GenerateInMemory = true; param.IncludeDebugInformation = false; // C# compiler CSharpCodeProvider codeProvider = new CSharpCodeProvider(); CompilerResults results = codeProvider.CompileAssemblyFromFile(param, "Danger.cs"); } } } The exception is being thrown from mscorlib and it is a System.Reflection.TargetInvocationException that has an inner System.Security.SecurityException. Here is the exception: System.Reflection.TargetInvocationException was unhandled Message=Exception has been thrown by the target of an invocation. Source=mscorlib StackTrace: at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache) at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo, StackCrawlMark& stackMark) at System.Activator.CreateInstance(String assemblyName, String typeName) at System.AppDomain.CreateInstance(String assemblyName, String typeName) at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String typeName) at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String typeName) at ConsoleApp.Program.Main(String[] args) in C:\Documents and Settings\NaultyCS\my documents\visual studio 2010\Projects\ConsoleApplication4\ConsoleApplication4\Program.cs:line 46 at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args) at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args) at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly() at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() InnerException: System.Security.SecurityException Message=Request failed. Source=ConsoleApplication4 GrantedSet=<PermissionSet class="System.Security.PermissionSet" version="1"> <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execution"/> </PermissionSet> PermissionState=<PermissionSet class="System.Security.PermissionSet" version="1" Unrestricted="true"/> RefusedSet="" Url=file:///C:/Documents and Settings/NaultyCS/my documents/visual studio 2010/Projects/ConsoleApplication4/ConsoleApplication4/bin/Debug/ConsoleApplication4.EXE StackTrace: at ConsoleApp.ScriptRunner..ctor() InnerException: So it appears to me that mscorlib is demanding full trust. I've added it as a fully trusted assembly, but it has no effect. What am I doing wrong here?

  Read the article

• SharePoint 2010 Custom WCF Service - Windows and FBA Authentication

  - by e-rock

  I have SharePoint 2010 configured for Claims Based Authentication with both Windows and Forms Based Authentication (FBA) for external users. I also need to develop custom WCF Services. The issue is that I want Windows credentials passed into the WCF Service(s); however, I cannot seem to get the Windows credentials passed into the services. My custom WCF service appears to be using Anonymous authentication (which has to be enabled in IIS in order to display the FBA login screen). The example I have tried to follow is found at http://msdn.microsoft.com/en-us/library/ff521581.aspx. The WCF service gets deployed to _vti_bin (ISAPI folder). Here is the code for the .svc file <%@ ServiceHost Language="C#" Debug="true" Service="MyCompany.CustomerPortal.SharePoint.UI.ISAPI.MyCompany.Services.LibraryManagers.LibraryUploader, $SharePoint.Project.AssemblyFullName$" Factory="Microsoft.SharePoint.Client.Services.MultipleBaseAddressBasicHttpBindingServiceHostFactory, Microsoft.SharePoint.Client.ServerRuntime, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c" CodeBehind="LibraryUploader.svc.cs" %> Here is the code behind for the .svc file [ServiceContract] public interface ILibraryUploader { [OperationContract] string SiteName(); } [BasicHttpBindingServiceMetadataExchangeEndpoint] [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)] public class LibraryUploader : ILibraryUploader { //just try to return site title right now… public string SiteName() { WindowsIdentity identity = ServiceSecurityContext.Current.WindowsIdentity; ClaimsIdentity claimsIdentity = new ClaimsIdentity(identity); return SPContext.Current.Web.Title; } } The WCF test client I have just to test it out (WPF app) uses the following code to call the WCF service... private void Button1Click(object sender, RoutedEventArgs e) { BasicHttpBinding binding = new BasicHttpBinding(); binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm; EndpointAddress endpoint = new EndpointAddress( "http://dev.portal.data-image.local/_vti_bin/MyCompany.Services/LibraryManagers/LibraryUploader.svc"); LibraryUploaderClient libraryUploader = new LibraryUploaderClient(binding, endpoint); libraryUploader.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation; MessageBox.Show(libraryUploader.SiteName()); } I am somewhat inexperienced with IIS security settings/configurations when it comes to Claims and trying to use both Windows and FBA. I am also inexperienced when it comes to WCF configurations for security. I usually develop internal biz apps and let Visual Studio decide what to use because security is rarely a concern.

  Read the article

• RSA example that do not use NoPadding

  - by Tom Brito

  Where can I find a RSA encrypt example that does not use "NoPadding"? --update Better: how to make this code run correctly without throw the "too much data for RSA block" exception? import java.math.BigInteger; import java.security.KeyFactory; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; import java.security.spec.RSAPrivateKeySpec; import java.security.spec.RSAPublicKeySpec; import javax.crypto.Cipher; /** * Basic RSA example. */ public class TestRSA { public static void main(String[] args) throws Exception { byte[] input = new byte[100]; Cipher cipher = Cipher.getInstance("RSA/None/NoPadding", "BC"); KeyFactory keyFactory = KeyFactory.getInstance("RSA", "BC"); // create the keys RSAPublicKeySpec pubKeySpec = new RSAPublicKeySpec(new BigInteger("d46f473a2d746537de2056ae3092c451", 16), new BigInteger("11", 16)); RSAPrivateKeySpec privKeySpec = new RSAPrivateKeySpec(new BigInteger( "d46f473a2d746537de2056ae3092c451", 16), new BigInteger("57791d5430d593164082036ad8b29fb1", 16)); RSAPublicKey pubKey = (RSAPublicKey) keyFactory.generatePublic(pubKeySpec); RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(privKeySpec); // encryption step cipher.init(Cipher.ENCRYPT_MODE, pubKey); byte[] cipherText = cipher.doFinal(input); // decryption step cipher.init(Cipher.DECRYPT_MODE, privKey); byte[] plainText = cipher.doFinal(cipherText); } }

  Read the article

• Access denied error 3221225578 with file sharing to Windows server

  - by Ian Boyd

  i'm trying to access the shares on a server. The credential box appears, and i enter in a correct username and password, and i get access denied. The silly thing is that i can Remote Desktop to the server (using the same credentials), and i can check the Security event log for the access denied errors: Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 681 Date: 3/19/2011 Time: 11:54:39 PM User: NT AUTHORITY\SYSTEM Computer: STALWART Description: The logon to account: Administrator by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: HARPAX failed. The error code was: 3221225578 and Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 3/19/2011 Time: 11:54:39 PM User: NT AUTHORITY\SYSTEM Computer: STALWART Description: Logon Failure: Reason: Unknown user name or bad password User Name: Administrator Domain: stalwart Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: HARPAX Looking up the error code (3221225578), i get an article on Technet: Audit Account Logon Events By Randy Franklin Smith ... Table 1 - Error Codes for Event ID 681 Error Code Reason for Logon Failure 3221225578 The username is correct, but the password is wrong. Which would seem to indicate that the username is correct, but the password is wrong. i've tried the password many times, uppercase, lowercase, on different user accounts, with and without prefixing the username with servername\username. What gives that i cannot access the server over file sharing, but i can access it over RDP?

  Read the article

• protecting grails melody with grails filter

  - by batmannavneet

  I have an application where I am using spring security along with grails melody. I am planning to run grails melody in production environment, but don't want visitors to have access to it. How should I achieve that ? I tried creating a filter in grails (just showing the sample of what I am trying, not the actual code)- def filters = { allURIs(uri:'/**') { before = { //... if(request.forwardURI.indexOf("admin") != -1 || request.forwardURI.indexOf("monitoring") != -1) { response.sendError 404 return false } } } } But this doesnt work as the request for "monitoring" doesnt hit this filter. I dont even want the user to know that such a URL exists, so I want to check in the filter that if "monitoring" is the URL, I show the 404 error page. Thats also the reason why I dont want to protect this URL with spring security as it will show "access denied" page. Basically I want the URL to exist but they should be invisible to users. I want the access to be open to only certain IP addresses for these special URLs. On another note, Is it possible to write a grails filter that "acts" before the spring security filter is hit ? I want to be able to do some filtering before I forward requests to spring security. Writing a grails filter like above doesnt help. Spring security filter gets hit first if I access a protected resource and this filter doesn't get called. Thanks

  Read the article

< Previous Page | 191 192 193 194 195 196 197 198 199 200 201 202  | Next Page >