Search Results

Search found 14784 results on 592 pages for 'spring security'.

Page 201/592 | < Previous Page | 197 198 199 200 201 202 203 204 205 206 207 208  | Next Page >

• How long can a hash left out in the open be considered safe?

  - by Xeoncross

  If I were to leave a SHA2 family hash out on my website - how long would it be considered safe? How long would I have before I could be sure that someone would find a collision for it and know what was hashed? I know that the amount of time would be based on the computational power of the one seeking to break it. It would also depend on the string length, but I'm curious just how secure hashes are. Since many of us run web-servers we constantly have to be prepared for the day when someone might make it all the way to the database which stores the user hashes. So, move the server security out of the way and then what do you have? This is a slightly theoretical area for many of the people I have talked with, so I would love to actually have some more information about average expectations for cracking.

  Read the article

• Secure to store an ID in an ASP.NET control ID?

  - by Curtis White

  I'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if: If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it? If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?

  Read the article

• how to change constraints errors messange in grails

  - by nightingale2k1

  Hi, I have domain with constraints like min value must greater than 0 I have no idea how to change the message if the constraints are not passed. which file i need to edit to do that ? I also need to display the value as well .. like "you cannot make any transaction because your balance is less than 100. Your current balance is xxxx "

  Read the article

• Exception Could not open Hibernate Session for transaction .

  - by anupam3m

  Sometime i m getting this problem in my NHibernate log .My application stops at that moment.

  Read the article

• External user domain in grails

  - by archer

  We're currently using Acegi 0.5.2 plugin for Grails 1.2.1. However, we're going to move our user management to external CRM. What would be the best way to link existing Person domain with external CRM entity?

  Read the article

• Secure xml messages being read from database into app.

  - by scope-creep

  I have an app that reads xml from a database using NHibernate Dal. The dal calls stored procedures to read and encapsulate the data from the schema into an xml message, wrap it up to a message and enqueue it on an internal queue for processing. I would to secure the channel from the database reads to the dequeue action. What would be the best way to do it. I was thinking of signing the xml using System.Security.Cryptography.Xml namespace, but is their any other techniques or approaches I need to know about? Any help would be appreciated. Bob.

  Read the article

• Securing Web Services approach valid?

  - by NBrowne

  Hi , Currently I am looking at securing our web services. At the moment we are not using WCF so this is not an option. One approach I have seen and implemented locally fairly easily was the approach described in article: http://www.codeproject.com/KB/aspnet/wsFormsAuthentication.aspx Which describes adding a HttpModule which prompts for user credentials if the user browses to any pages (web services) which are contained in a services folder. Does anyone see any way that this security could fall down and could be bypassed etc. I'm really just trying to decide whether this is a valid approach to take or not? thanks

  Read the article

• PHP - How to determine if request is coming from a specific file.

  - by John

  I have fileA.php on SERVER_A and fileB.php on SERVER_B fileB.php makes a curl request to fileA.php for it's contents How can fileA.php determine that the request is coming specifically from fileB.php? -- I was thinking about sending the $_SERVER['SCRIPT_NAME'] in fileB.php to fileA.php but since someone can go into fileB.php or any file in general and just do $_SERVER['SCRIPT_NAME'] = 'fileB.php'; it's not really that secure. So how can I determine, for security reasons, that the request is coming from a specific file on a different server?

  Read the article

• Retrieve web user's Identity outside of request scope

  - by Kendrick

  I have an ASP.NET app that logs Audit reports using nHibernate's IPreUpdateListener. In order to set the current user in the Listener events, I was using System.Security.Principal.WindowsIdentity.GetCurrent(). This works fine when debugging on my machine, but when I move it to the staging server, I'm getting the ASP.NET process credentials, not the requesting user. In the ASP.NET page, I can use Request.LogonUserIdentity (which works fine since I'm using integrated authentication), but how do I reference this user directly without having to pass it directly to my event? I don't want to have to pass this info through the pipeline because it really doesn't belong in the intermediate events/calls.

  Read the article

• Web Application - Authentication / Login Framework

  - by user456563

  This is a very simple, probably a most asked question and frequently developed as part of any web application. Say I'm planning to build a web application and some of the functional requirements include (apart from the usual hard hitting security reqs), - Need to have users sign up for a new account profile - Authenticate user using the native app authentication / Facebook or Google or Yahoo or OpenId login - Allow lost password retrieval - Session handling needs Is there an out of the box frameworks (Drupal, Liferay??) that I can use to wrap my application which can be a bunch of JSP's or HTML's with JS? I know I'm asking a very simple and maybe a naive question. But this is a topic every web developer guru will go thru. Any help, advise and pointers much appreciated.

  Read the article

• How can I qualify an autowired property with a variable from a config file using annotations?

  - by jiggy

  My specific problem is that I have configured two beans that implement the same interface and I have a third bean that has a property of that interface's type. I inject the property using a config property. So, assuming RemoteDataSource and LocalDataSource implement IDataSource and dao1 has a property of type IDataSource, my XML config might look like this: <bean id="datasource1" class="com.foo.RemoteDataSource"> <property name="url">${url}</property> </bean> <bean id="datasource2" class="com.foo.LocalDataSource"> <property name="path">${filepath}</property> </bean> <bean id="dao1" class="com.foo.MyDAO"> <property name="dataSource">${datasource}</property> </bean> With url, filepath and datasource being defined in an included properties file. We are now making a push for annotation-driven configuration and I'm not sure how to annotate my dao to put the data source configured in the property file. I want to do something like this, but it is evidently not allowed: @Autowired @Qualifier("${datasource}") public void setDataSource(IDataSource datasource) {...}

  Read the article

• when to use Hibernate vs. Simple ResultSets for small application

  - by luke

  I just started working on upgrading a small component in a distributed java application. The main application is a rather complicated applet/servlet combo running on JBoss and it extensively uses Hibernate for its DataAccess. The component i am working on however is very a very straightforward data importing service. Basically the workflow is Listen for a network event Parse the data packet, extract a set of identifiers Map the identifier set to a primary key in our database Parse the rest of the packet and insert items in a related table using the foreign key found in step 3 Repeat in the previous version of this component it used a hibernate based DAL, that is no longer usable for a variety of reasons (in particular it is EOL), so I am in charge of replacing the Data Access layer for this component. So on the one hand I think i should use Hibernate because that's what the rest of the application does, but on the other i think i should just use regular java.sql.* classes because my requirements are really straightforward and aren't expected to change any time soon. So my question is (and i understand it is subjective) at what point do you think that the added complexity of using an ORM tool (in terms of configuration, dependencies...) is worth it? UPDATE due to the way the DataAccesLayer for the main application was written (weird dependencies) i cannot easily use it, i would have to implement it myself.

  Read the article

• HibernateTemplate alwaysUseNewSession

  - by DD

  Hi, I had a problem where I was using the hibernate template to do most of my DB work but I had a part of the system that directly accessed the session to do batch persisting. I noticed that the hibernate template session was old and would be storing cached values which didnt take into account the objects save with the session directly. What are the drawbacks of using alwaysUseNewSession? This fixes the problem as I always get up-to-date objects. Thanks.

  Read the article

• Established javascript solution for secure registration & authentication without SSL

  - by Tomas

  Is there any solution for secure user registration and authentication without SSL? With "secure" I mean safe from passive eavesdropping, not from man-in-the-middle (I'm aware that only SSL with signed certificate will reach this degree of security). The registration (password setup, i.e. exchanging of pre-shared keys) must be also secured without SSL (this will be the hardest part I guess). I prefer established and well tested solution. If possible, I don't want to reinvent the wheel and make up my own cryptographic protocols. Thanks in advance.

  Read the article

• Leaving SQL Management open on the internet

  - by Tim Fraud

  I am a developer, but every so often need access to our production database -- yeah, poor practice, but anyway... My boss doesn't want me directly on the box using RDP, and so we decided to just permit MS SQL Management Console access so that I can do my tasks. So right now we have the SQL box somewhat accessible on the internet (on port 1433 if I am not mistaken), which opens a security hole. But I am wondering, how much of an uncommon practice is this, and what defaults should I be concerned about? We use MSSQL2008 and I created an account that has Read-Only access, because my production tasks only need that. I didn't see any unusual default accounts with default passwords on the system, so I would be interested to hear your take. (And of-course, is there a better way?)

  Read the article

• ApplicationContext ctx = new FileSystemXmlApplicationContext error

  - by GigaPr

  Hi I am completely new to Java, so sorry if my question may sound a bit stupid. I am following a tutorial on hibernate and i am trying to get the context definition files from the file system. ApplicationContext ctx = new FileSystemXmlApplicationContext( new String[] { "conf/rssWebApplication-services.xml", "conf/rssWebApplication-data-hibernate.xml" }); But i get the following error: found : org.springframework.context.support.FileSystemXmlApplicationContext required: org.jboss.weld.context.ApplicationContext ApplicationContext ctx = new FileSystemXmlApplicationContext( new String[] { "conf/rssWebApplication-services.xml", Any idea what is the problem? Thanks

  Read the article

• How do I use a custom select statement in Hibernate using the HibernateDaoSupport class

  - by Bill Leeper

  I am trying to write a custom select statement in Hibernate using the getHibernateTemplate() method. I am having problems with the resulting mapping. Example Code: List<User> users = getHibernateTemplate().find("Select user, sysdate as latestPost from User as user"); for (User user : users) { assertNotNull(users.name); } The goal of the above line is to eventually have a join where I get the max(date) of posts made by the user. The problem I am having is that the resulting users list is not a list of User objects and I get a class cast exception. Hopefully that is enough code. It is a greatly simplified version of my problem and a combination of snippets from various parts of my application.

  Read the article

• Images with unknown content: Dangerous for a browser?

  - by chris_l

  Let's say I allow users to link to any images they like. The link would be checked for syntactical correctness, escaping etc., and then inserted in an <img src="..."/> tag. Are there any known security vulnerabilities, e.g. by someone linking to "evil.example.com/evil.jpg", and evil.jpg contains some code that will be executed due to a browser bug or something like that? (Let's ignore CSRF attacks - it must suffice that I will only allow URLs with typical image file suffixes.)

  Read the article

• WCF: What happens if a channel is established but no method is called?

  - by mafutrct

  In my specific case: A WCF connection is established, but the only method with "IsInitiating=true" (the login method) is never called. What happens? In case the connection is closed due to inactivity after some time: Which setting configures this timeout? Is there still a way for a client to keep the connection alive? Reason for this question: I'm considering the above case as a possible security hole. Imagine many clients connecting to a server without logging in thus preventing other clients from connecting due to bandwidth problems or port shortage or lack of processing power or ... Am I dreaming, or is this an actual issue?

  Read the article

• How to send exceptions to exceptionController?

  - by ivar

  <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> <property name="mappedHandlers"> <set> <ref bean="exceptionController" /> </set> </property> <property name="defaultErrorView" value="tiles/content/error" /> </bean> I'm trying to send exceptions to a controller so I can create a redirect. If I comment out the mappedHandlers part then the error tile is displayed but it is only a tile. The rest of the tiles load normally. I need to make a redirect in the controller so I can show an error page not just an error tile. I can't find enough information or an example how the exception invokes some method in exceptionController.

  Read the article

• Cross domain secure cookie usage?

  - by asdasda

  I have a website that came with a SSL site for HTTPS but its on a different server. Example being my website: http://example.com my SSL site: http://myhostingcompany.com/~myuseraccount/ So I can do transactions over HTTPS and we have user accounts and everything but it is located on a different domain. The cookie domain is set for that one. Is there a way I can check on my actual site to see if a cookie is set for the other one? And possibly grab its data and auth a user? I think this violates a major principle of security and can't be done for good reasons, but am i wrong? is this possible?

  Read the article

• asp.net impersonation identity: Where does it come from?

  - by Rising Star

  Here's a simple question I've been stuck on for a while. When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from? This document: http://msdn.microsoft.com/en-us/library/ff649264.aspx shows three places you can retrieve information about the logged on user: Httpcontext.Current.user System.Threading.Thread.Current System.Security.Principal.WindowsIdentity.GetCurrent It seems that none of these locations consistently match the identity that gets impersonated when I set < identity impersonate=true > in web.config. I would like to know where the impersonated identity comes from.

  Read the article

• java.lang.ClassNotFoundException error using enum as a key in Map

  - by LCYSoft

  <util:map id="myMap" key-type="com.myClass.Foo.myEnum" value-type="com.myClass.Foo"> <entry> <key> <value type="com.myClass.Foo.myEnum">ONE</value> </key> <ref bean="myObj"/> </entry> </util:map> package com.myClass public class Foo { public enum myEnum {ONE, TWO;} } I am trying to create a map from Spriong 2.5. Map<myEnum, Foo> myMap; I am getting nested exception is java.lang.ClassNotFoundException:com.myClass.Foo.myEnum I definitely have com.myClass.Foo.myEnumin com.myClass.Foo I don't know why I am getting java.lang.ClassNotFoundException Thanks in advance

  Read the article

• How secure is encryption?

  - by Stomped

  Let me preface this by saying I know nothing about encryption. I understand the basic concept of public key / private key encryption but I don't how easily it can be broken, if at all. If one were to believe the movies, encrypted data can be broken by a teenager with a decent computer in a few hours. I have a client who wants credit card information sent via email - encrypted of course, but I'm still not feeling terribly good about the idea. I feel it would be safer to store the info on the VPS, but even then its an unmanaged server and there's nobody watching it who knows much about security. So can anyone tell me if there's a safe way to store and/or send this data out? Thanks

  Read the article

• On Linux do people chroot a Java Web Application or use IPTables and run as non-root?

  - by Adam Gent

  When you run a Java Servlet Container that you would like to serve both static and dynamic content on port 80 you have the classic question of whether to run the server as: As root in hopefully a chroot jail if you can (haven't gotten this working yet) As a non root user and then use IPTables to forward port 80 to some other port (1024) that the container is running on Both: As a non root user, IPTables, and chroot jail. The problem with opt. 1 is the complexity of chrooting and still the security problems of running root.The problem with opt. 2 is that each Linux distro has a different way of persisting IPTables. Option 3 of course is probably idea but very hard to setup. Finally every distro has the annoying differences in daemon scripts. What do people find as the best distro agnostic solution and are there resources to show how to do this?

  Read the article

< Previous Page | 197 198 199 200 201 202 203 204 205 206 207 208  | Next Page >