Search Results

Search found 818 results on 33 pages for 'trusted'.

Page 20/33 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >

  • LocalReport (WebForms) and Partial Trust, for PDF Generation

    - by Peet Brits
    My goal is to generate a PDF for display in a web page, either as aspx or with a generic handler. (This will link from a Silverlight page, but this is irrelevant to the problem.) The problem is that LocalReport (Microsoft.Reporting.WebForms; Microsoft.ReportViewer.WebForms.dll) requires full trust, and our hosting server does not allow full trust. I am aware that ReportViewer has a remote mode that will allow it to run with partial trust, but for that I need a report server url which should probably have full trust as well, which does not solve anything. So how do I generate PDFs from WebForms in a partially trusted environment?

    Read the article

  • Is preg_match safe enaught in input satinization?

    - by DaNieL
    Im building a new web-app, LAMP environment... im wondering if preg_match can be trusted for user's input validation (+ prepared stmt, of course) for all the text-based fields (aka not html fields; phone, name, surname, etc..). For example, for a classic 'email field', if i check the input like: $email_pattern = "/^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)" . "|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}" . "|[0-9]{1,3})(\]?)$/"; $email = $_POST['email']; if(preg_match($email_pattern, $email)){ //go on, prepare stmt, execute, etc... }else{ //email not valid! do nothing except warn the user } can i sleep easy against the sql/xxs injection? I write the regexp to be the more restrictive as they can.

    Read the article

  • WCF Certificate issue

    - by Morgeh
    I am developing a WCF service on my local computer using Visual Studios built in ASP.NET development sever and I'm having issues creating and using temporary Certificates. I have created a cert call TempCA and added it to the Trusted Root Certificate folder and I have created another called SignedByCA which has been added to the personal folder. The service config file has been set up to use SignedByCA but when I run the service I get the following error. The certificate 'CN=SignedByCA' must have a private key that is capable of key exchange. The process must have access rights for the private key. I have tried using WinHttpCertCfg.exe to give other users access to the key but I have since found out that WinHttpCertCfg.exe has be deprecated in windows Vista. Has anyone had this issue before in a similar circumstance??

    Read the article

  • Security for ASP.NET application running on intranet / VPN

    - by Ryan
    Hi, I have an ASP.NET app that sits on our intranet, using the WindowsIdentity to identify the user: WindowsIdentity wi = HttpContext.Current.User.Identity as WindowsIdentity; if (wi == null || wi.Name == null) { noAccess("No WindowsIdentity"); return; } string username = wi.Name; if (username.Contains("\\")) username = username.Substring(username.LastIndexOf("\\") + 1); This works fine on our Intranet. However, when users from other offices (separate network, with firewall open) they get a password request input box. Why are they getting the password dialogue? What is the recommended way identify users of the app? I want to avoid using password, but windows identities. Anyone attempting to access the application is inside a trusted network. Thanks a lot for any help Ryan

    Read the article

  • Configure Active Relying Party STS to Trust Multiple Identity Provider STSes

    - by CodeChef
    I am struggling with the configuration for the scenario below. I have a custom WCF/WIF STS (RP-STS) that provides security tokens to my WCF services RP-STS is an "Active" STS RP-STS acts as a claims transformation STS RP-STS trusts tokens from many customer-specific identity provider STSes (IdP-STS) When a WCF Client connects to a service it should authenticate with it's local IdP-STS The reading that I've done describes this as Home Realm Discovery. HRD is usually described within the context of web applications and Passive STSes. My questions is, for my situation, does the logic for choosing an IdP-STS endpoint belong in the RP-STS or the WCF Client application? I thought it belonged in the RP-STS, but I cannot figure out the configuration to make this happen. RP-STS has a single endpoint, but I cannot figure out how to add more than one trusted issuer per endpoint. Any guidance on this would be very appreciated (I'm out of useful keywords to Google.) Also, if I'm way off please offer alternative approaches. Thanks!

    Read the article

  • What web browser engine, version, and capabilities are used to display web pages inside Visual Studio 2010?

    - by Phrogz
    My company is developing a plugin/add-on for Visual Studio 2010. When the user asks to display the help for our product, we plan on opening an HTML page (or suite of pages) within Visual Studio. I'm helping to design and implement the help system. What web engine/version is used within Visual Studio 2010? According to Wikipedia it is not Trident(!). Am I allowed to load remote JavaScript content (via a <script> element)? Am I allowed to use XHR to load remote content? Will my page be trusted and have access to the FileSystemObject? I would appreciate any resources you can give me on programming specifically to the 'web' capabilities of VisualStudio2010-as-a-browser.

    Read the article

  • Flash ActionScript 3 runtime SecurityError

    - by dd
    I have swf that loads swf, which loads another swf(video player). Is there a trick in publish settings? everything works fine on my local machine, when I upload it on the sever error happen and video doesnt load SecurityError: Error #2148: SWF file http:// (URL where Site is hosted)/video.swf cannot access local resource file:///Macintosh%20HD/Users/..flash.flv. Only local-with-filesystem and trusted local SWF files may access local resources. at flash.net::NetStream/play() at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_play() at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_setUpStream() at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_load() at fl.video::VideoPlayer/load() at fl.video::FLVPlayback/doContentPathConnect()

    Read the article

  • ELMAH with IIS6.0 and SQL Server 2005

    - by RajeshT
    On production I have ELMAH configured so that the errors are logged into a SQL Server 2005 database created specially for ELMAH. The sites run on IIS6.0 web server. ELMAH is able to send emails for the errors, but nothing is getting logged into the SQL Server database. The connection is a trusted connection and I have <section name="errorLog" requirePermission="false" type="Elmah.ErrorLogSectionHandler, Elmah"/> in section group <errorLog type="Elmah.SqlErrorLog, Elmah" connectionStringName="Elmah.Sql" applicationName="VBCPortal"/> under elmah <add name="Elmah.Sql" connectionString="Data Source=(local);Initial Catalog=ELMAH;Trusted_Connection=True" /> in connectionStrings in my web.config file. Any idea why the errors are not getting logged into the database?

    Read the article

  • Open a document from library Word opened but the contents is not loaded

    - by user300440
    [Environment] Server Sharepoint Portal Server 2003 Client Windows XP Internet Explorer 6.0 Microsoft Office 2003 Hello~ Today I received a call from one of my client and she said that she received an alert, "Ambiguous name detected: tempDDE" when attemping to open a doc from library. So I googled some and found solutions from MS and others and modified from Normal.dot to Normal1.dot. But after that, when I opened it again from library another problem happend and it is the doc contents is not loaded. When I click the link of doc, then the WIN?WORD.exe pops up but the contents of the document is not showing up (Silent). I tried some Open the doc file using Word Open Menu (Library Link) = Worked Get the url of the file and open it uing using Word Open Menu = Worked Add the url to Trusted Site = Done but not helped Any advices are welcomed. Thanks, Karl

    Read the article

  • SecurityException in Sandboxed AppDomain

    - by Galen
    I'm attempting to use C# as a scripting language using CSharpCodeProvider (using VS2010 and .NET 4.0). I want the scripts to be run in a restricted AppDomain with minimal permissions. Currently, I'm getting an exception while trying to instantiate a class in the AppDomain (The call to CreateInstanceAndUnwrap()). Here is some simplified code that reproduces the exception: using System; using System.Collections.Generic; using Microsoft.CSharp; using System.CodeDom; using System.CodeDom.Compiler; using System.Security; using System.Security.Policy; using System.Security.Permissions; using System.Reflection; using System.Runtime.Remoting; namespace ConsoleApp { class Program { static void Main(string[] args) { // set permissions PermissionSet permissions = new PermissionSet(PermissionState.None); permissions.AddPermission(new SecurityPermission( SecurityPermissionFlag.Execution)); AppDomainSetup adSetup = new AppDomainSetup(); adSetup.ApplicationBase = AppDomain.CurrentDomain.BaseDirectory; //Create a list of fully trusted assemblies Assembly[] asms = AppDomain.CurrentDomain.GetAssemblies(); List<StrongName> sns = new List<StrongName>(); for (int x = 0; x < asms.Length; x++) { StrongName sn = asms[x].Evidence.GetHostEvidence<StrongName>(); if (sn != null && sns.Contains(sn) == false) sns.Add(sn); } //this includes: "mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" AppDomain domain = AppDomain.CreateDomain("NewAppDomain", AppDomain.CurrentDomain.Evidence, adSetup, permissions);//, sns);//, sn4, sn, sn2, sn3); try { String asmName = Assembly.GetExecutingAssembly().FullName; String typeName = typeof(ConsoleApp.ScriptRunner).FullName; //Throws exception here ScriptRunner scriptRunner = domain.CreateInstanceAndUnwrap(asmName, typeName) as ScriptRunner; } catch (SecurityException se) { System.Diagnostics.Debug.WriteLine(se.Message); } catch (Exception ex) { System.Diagnostics.Debug.WriteLine(ex.Message); } } } public class ScriptRunner : MarshalByRefObject { public ScriptRunner() { //A breakpoint placed here is never reached. CompilerParameters param; param = new CompilerParameters(); param.CompilerOptions = ""; param.GenerateExecutable = false; param.GenerateInMemory = true; param.IncludeDebugInformation = false; // C# compiler CSharpCodeProvider codeProvider = new CSharpCodeProvider(); CompilerResults results = codeProvider.CompileAssemblyFromFile(param, "Danger.cs"); } } } The exception is being thrown from mscorlib and it is a System.Reflection.TargetInvocationException that has an inner System.Security.SecurityException. Here is the exception: System.Reflection.TargetInvocationException was unhandled Message=Exception has been thrown by the target of an invocation. Source=mscorlib StackTrace: at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache) at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipVisibilityChecks, Boolean skipCheckThis, Boolean fillCache) at System.Activator.CreateInstance(Type type, Boolean nonPublic) at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) at System.Activator.CreateInstance(String assemblyName, String typeName, Boolean ignoreCase, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, Evidence securityInfo, StackCrawlMark& stackMark) at System.Activator.CreateInstance(String assemblyName, String typeName) at System.AppDomain.CreateInstance(String assemblyName, String typeName) at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String typeName) at System.AppDomain.CreateInstanceAndUnwrap(String assemblyName, String typeName) at ConsoleApp.Program.Main(String[] args) in C:\Documents and Settings\NaultyCS\my documents\visual studio 2010\Projects\ConsoleApplication4\ConsoleApplication4\Program.cs:line 46 at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args) at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args) at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly() at System.Threading.ThreadHelper.ThreadStart_Context(Object state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart() InnerException: System.Security.SecurityException Message=Request failed. Source=ConsoleApplication4 GrantedSet=<PermissionSet class="System.Security.PermissionSet" version="1"> <IPermission class="System.Security.Permissions.SecurityPermission, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" version="1" Flags="Execution"/> </PermissionSet> PermissionState=<PermissionSet class="System.Security.PermissionSet" version="1" Unrestricted="true"/> RefusedSet="" Url=file:///C:/Documents and Settings/NaultyCS/my documents/visual studio 2010/Projects/ConsoleApplication4/ConsoleApplication4/bin/Debug/ConsoleApplication4.EXE StackTrace: at ConsoleApp.ScriptRunner..ctor() InnerException: So it appears to me that mscorlib is demanding full trust. I've added it as a fully trusted assembly, but it has no effect. What am I doing wrong here?

    Read the article

  • Is it possible to bundle a unique file for each copy of iPhone app downloaded from App Store?

    - by futureelite7
    Hi, I would like to verify the identity of each instance of the iPhone application that a user might use to connect to my service. To that end, I would like each instance of the iPhone app downloaded to include a certificate that I generate, or even some sort of UUID that I have generated. Does the App Store support the inclusion of unique files in an app bundle? Or, must such identifiers be downloaded only after the app is installed? If that is the case, is there a mechanism to ensure that the app downloaded is trusted (from me), instead of from an impersonator?

    Read the article

  • Are there commercially deployed and used .NET CAS (Code Access Security) based applications?

    - by Dinis Cruz
    I've seen a couple threads here on SO that ask about what CAS is and how to use it.My specific is specifically focused on real-world usages of CAS. For example: DotNetNuke did some efforts in the past to be able to run under Medium Trust: is that still true? what is the % of DNN that run in partial trust (i.e. not full trust)? what & of DNN modules run in partial trust?) Sharepoint defaults to a Partially-Trusted environment on dlls executed from the bin folder: How many 'commercially' available WebParts can run in this bin folder (without changing the policy)? The key here is to be able to point to CAS success stories, so that other companies feel that they should also invest in writing CAS-enabled apps

    Read the article

  • Best way to implement a Rest API with PHP on Wamp web server

    - by DomingoSL
    Hello, i own a web server running windows (WAMP). I want to know the best way to implement a Rest API (a very simple one) in order to let a user do something. Diagram flow: I have programming skills, in fact, i developed some time ago a web server in VB6 who process the querys and when it find the command (http:/serverIP/webform.php?cmd=run&item=any) it do something, but know i really want to develop a solution using the WAMP server. Some people consider the solution of executing a exe when a command is detected a bad solution for security issues, but this specific proyect i have is for the use of only some people (trusted people) who dont have intentions of hacking the server. So, what do you think? Remember: Its not a public API, its for some people and some programs who will use the API Its a very simple one, only one command using POST or GET. Thanks

    Read the article

  • JDBC character encoding

    - by wheelie
    Hi there, I have a Java Web application using GlassFish 3, JSF2.0 (facelets) and JPA (EclipseLink) on MySQL (URL: jdbc:mysql://localhost:3306/administer). The problem I'm facing is that if I'm saving entities to the database with the update() method, String data loses integrity; '?' is shown instead of some characters. The server, pages and database is/are configured to use UTF-8. After I post form data, the next page shows the data correctly. Furthermore it "seems" in debug that the String property of the current entity stores the correct value too. Dunno if NetBeans debug can be trusted; might be that it decodes correctly, however it's incorrect. Any help would be appreciated, thanks in advance! Daniel

    Read the article

  • JPA character encoding

    - by wheelie
    Hi there, I have a Java Web application using GlassFish 3, JSF2.0 (facelets) and JPA (EclipseLink) on MySQL (URL: jdbc:mysql://localhost:3306/administer). The problem I'm facing is that if I'm saving entities to the database with the update() method, String data loses integrity; '?' is shown instead of some characters. The server, pages and database is/are configured to use UTF-8. After I post form data, the next page shows the data correctly. Furthermore it "seems" in debug that the String property of the current entity stores the correct value too. Dunno if NetBeans debug can be trusted; might be that it decodes correctly, however it's incorrect. Any help would be appreciated, thanks in advance! Daniel

    Read the article

  • Trouble with using ActiveX control in .net windows application

    - by alex dee
    C#, visual studio 2005 I have several 3rd party activeX control. I need to use them in my .net windows application. These controls are graphical. I created a wrapper with aximp.exe for them. But it seems that something wrong. When I call some methods of wrapped activeX control == targetinvocativeexception occured. Or visual studio writes "you are attempting to write or read protected memory". I know that something wrong. But what is exactly wrong - i don't know. I find out about method CreateControl() or STAthread attribute. but it doesn't help me. What is the common problem and common solution for my type of problem ? These activex control from big and trusted company, other developers work with them.

    Read the article

  • Admin required for Visual Studio 2008 Setup Project

    - by user54064
    I have a VS 2008 Setup Project that is installing a very simple application in the local user's App Folder. When the Setup Project runs, it is requiring the Admin to login to run it. How can I allow a Standard User to run the installation. There are no Prerequisites. The MSI file is the only file to be run (no Setup.exe). I have signed the msi with a certificate that is installed on the user's machine as Trusted. I just can't get rid of the Admin login requirement.

    Read the article

  • Does NInject work in medium trust hosting?

    - by Gabriel
    I'm doing shared hosting with GoDaddy and I developed a sample ASP.NET MVC app using Castle Windsor and unfortunately, it didn't work in a medium trust setting. Specifically, I got this error: "[SecurityException: That assembly does not allow partially trusted callers"... etc. GoDaddy is sadly not flexible in their trust policy. I'm not tied to Windsor and would like to try another one that will work under Medium Trust. I'd actually like to use NInject, but I've read people having mixed success. The only one I've read that works with no problem is Microsoft's Unity. My question is, does NInject work in medium trust? If not, what are my options?

    Read the article

  • Messy bash variable

    - by Kyle
    I'm writing a script to ssh in to a list of machines and compare a variable to another value.. I've run into a problem (I have a couple workarounds, but at this point I'm just wondering why this method isn't working). VAR=ssh $i "awk -F: '/^bar/ {print \$2}' /local/foo.txt" ($i would be a hostname. The hosts are trusted, no password prompt is given) Example of foo.txt: foo:123456:abcdef bar:789012:ghijkl baz:345678:mnopqr I'm assuming it's a problem with quotes, or \'s needed somewhere. I've tried several methods (different quoting, using $() instead of ``, etc) but can't seem to get it right. My script is working correctly using the following: VAR=ssh $i "grep bar /local/foo.txt" | awk -F: '{print \$2}' Like I said, just a curiousity, any response is appreciated.

    Read the article

  • How to make prevent public key inside jar to be saved using Java code

    - by Abhijith V R
    After signing a jar , we can retrieve the public keys from jar using Certificate[] cert = jarentry.getCertificates(); Once certificate is extracted we can save this to a new keystore as trusted cert. Once this is done , then second user can sign any jar using this certificate , isn't ? I want to distribute content as jars , contents will contain properties files for a application init. I want to make sure that an user is not capable to rebuilding the property files using the certificate he extracted from jarentry. In the code which reads the jar contents i am checking that jar is signed with my certificate only and also checking that jar is not tampered with . But the issue came to my mind that if i am able to extract the cerificate from jar then why don;t a third guy ? Can any one help me in this............

    Read the article

  • Java WebApp - Integrate a Payment method system

    - by spike07
    I've a java webApp where people can sell their items like in ebay. I need to integrate a payment system and I'm wondering what's the best (from a customer point of view) and easiest to integrate in my app. I was thinking to integrate paypal and require all the sellers to have an account on it. Maybe Google Checkout can be a good option as well, but I don't know if it's used a lot. I think I'll redirect the user to Paypal and then remove the item once I receive the confirmation from paypal that the item has been payed. Would you suggest another easier to integrate/more trusted solution? Thank you

    Read the article

  • Which IOC runs in medium trust

    - by Rippo
    Hi I am trying to get a website running with Mosso that has Castle Windsor as my IOC, however I am getting the following error. [SecurityException: That assembly does not allow partially trusted callers.] GoldMine.WindsorControllerFactory..ctor() in WindsorControllerFactory.cs:33 GoldMine.MvcApplication.Application_Start() in Global.asax.cs:70 My questions are Does Castle Windsor run under medium trust? Can I download the DLL's without having to recompile with nant? (as I don't have this set up and don't know nant at all) Or is there another IOC that I can use that I can download and works in Medium Trust? Thanks

    Read the article

  • How Can I Automatically Execute A Link In Internet Explorer

    - by Martin
    I am trying to create an application to print documents over the web. I have created my document, and made a web page with a meta refresh tag, along the lines of this: <meta http-equiv="refresh" content="3;http://example.com/download.epl2" /> I specify that the document has a content-type of application/x-epl2, and I have associated .epl2 files on my computer with a program that silently sends them to the printer. I have put the website into my trusted sites zone. Currently Internet Explorer pops up the "Open, Save, Cancel" dialog box with no option to automatically open the file. Is there a setting in IE6/7/8 that I can use to have IE just open the file without prompting?

    Read the article

  • Programmatically adding a site to the Allowed Sites of the IE Pop-up Blocker (VB.NET)

    - by GlueR
    A few more details. I need to programmatically (Winforms, VB.NET) check if a site is in the Allowed Sites list of the IE Pop-Up Blocker (IE 7 and 8 and Windows XP, Vista and 7) and if not, add it. The application is fully trusted and I don't want to disable the Pop-Up blocker entirely. To clarify some things, this is for a web-automation application with several users across 3 countries. I want to avoid receiving tons of emails and explaining each time how to add the website to the Allowed Sites manually. Also, some of the users have Google Toolbar installed, which also has a Popup Blocker creating trouble to my app. Can this also be done programmatically?

    Read the article

  • Delphi 2010: how to stamp file version in *.pas and increment it on each save w/o CVS/SVN tools?

    - by FractalizeR
    Hello. How do I have in each *.pas file it's version, incrementing on each save in some comment line? I have plenty of files on three PCs and I need to have a possibility to quickly check their versions against each other. This problem is easily solved by some centralized version control, but some sources I have cannot be trusted to external servers and are kept on TrueCrypt volumes. May be some addon can do that for me? Something like changing $Version: to $Version: 121212 on each save, incrementing this value? May be there is another way also of solving this problem?

    Read the article

< Previous Page | 16 17 18 19 20 21 22 23 24 25 26 27  | Next Page >