Search Results

Search found 6001 results on 241 pages for 'requires'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 209/241 | < Previous Page | 205 206 207 208 209 210 211 212 213 214 215 216  | Next Page >

  • How to avoid open-redirect vulnerability and safely redirect on successful login (HINT: ASP.NET MVC

    - by Brad B.
    Normally, when a site requires that you are logged in before you can access a certain page, you are taken to the login screen and after successfully authenticating yourself, you are redirected back to the originally requested page. This is great for usability - but without careful scrutiny, this feature can easily become an open redirect vulnerability. Sadly, for an example of this vulnerability, look no further than the default LogOn action provided by ASP.NET MVC 2: [HttpPost] public ActionResult LogOn(LogOnModel model, string returnUrl) { if (ModelState.IsValid) { if (MembershipService.ValidateUser(model.UserName, model.Password)) { FormsService.SignIn(model.UserName, model.RememberMe); if (!String.IsNullOrEmpty(returnUrl)) { return Redirect(returnUrl); // open redirect vulnerability HERE } else { return RedirectToAction("Index", "Home"); } } else { ModelState.AddModelError("", "User name or password incorrect..."); } } return View(model); } If a user is successfully authenticated, they are redirected to "returnUrl" (if it was provided via the login form submission). Here is a simple example attack (one of many, actually) that exploits this vulnerability: Attacker, pretending to be victim's bank, sends an email to victim containing a link, like this: http://www.mybank.com/logon?returnUrl=http://www.badsite.com Having been taught to verify the ENTIRE domain name (e.g., google.com = GOOD, google.com.as31x.example.com = BAD), the victim knows the link is OK - there isn't any tricky sub-domain phishing going on. The victim clicks the link, sees their actual familiar banking website and is asked to logon Victim logs on and is subsequently redirected to http://www.badsite.com which is made to look exactly like victim's bank's website, so victim doesn't know he is now on a different site. http://www.badsite.com says something like "We need to update our records - please type in some extremely personal information below: [ssn], [address], [phone number], etc." Victim, still thinking he is on his banking website, falls for the ploy and provides attacker with the information Any ideas on how to maintain this redirect-on-successful-login functionality yet avoid the open-redirect vulnerability? I'm leaning toward the option of splitting the "returnUrl" parameter into controller/action parts and use "RedirectToRouteResult" instead of simply "Redirect". Does this approach open any new vulnerabilities? Side note: I know this open-redirect may not seem to be a big deal compared to the likes of XSS and CSRF, but us developers are the only thing protecting our customers from the bad guys - anything we can do to make the bad guys' job harder is a win in my book. Thanks, Brad

    Read the article

  • Django: What's an awesome plugin to maintain images in the admin?

    - by meder
    I have an articles entry model and I have an excerpt and description field. If a user wants to post an image then I have a separate ImageField which has the default standard file browser. I've tried using django-filebrowser but I don't like the fact that it requires django-grappelli nor do I necessarily want a flash upload utility - can anyone recommend a tool where I can manage image uploads, and basically replace the file browse provided by django with an imagepicking browser? In the future I'd probably want it to handle image resizing and specify default image sizes for certain article types. Edit: I'm trying out adminfiles now but I'm having issues installing it. I grabbed it and added it to my python path, added it to INSTALLED_APPS, created the databases for it, uploaded an image. I followed the instructions to modify my Model to specify adminfiles_fields and registered but it's not applying in my admin, here's my admin.py for articles: from django.contrib import admin from django import forms from articles.models import Category, Entry from tinymce.widgets import TinyMCE from adminfiles.admin import FilePickerAdmin class EntryForm( forms.ModelForm ): class Media: js = ['/media/tinymce/tiny_mce.js', '/media/tinymce/load.js']#, '/media/admin/filebrowser/js/TinyMCEAdmin.js'] class Meta: model = Entry class CategoryAdmin(admin.ModelAdmin): prepopulated_fields = { 'slug': ['title'] } class EntryAdmin( FilePickerAdmin ): adminfiles_fields = ('excerpt',) prepopulated_fields = { 'slug': ['title'] } form = EntryForm admin.site.register( Category, CategoryAdmin ) admin.site.register( Entry, EntryAdmin ) Here's my Entry model: class Entry( models.Model ): LIVE_STATUS = 1 DRAFT_STATUS = 2 HIDDEN_STATUS = 3 STATUS_CHOICES = ( ( LIVE_STATUS, 'Live' ), ( DRAFT_STATUS, 'Draft' ), ( HIDDEN_STATUS, 'Hidden' ), ) status = models.IntegerField( choices=STATUS_CHOICES, default=LIVE_STATUS ) tags = TagField() categories = models.ManyToManyField( Category ) title = models.CharField( max_length=250 ) excerpt = models.TextField( blank=True ) excerpt_html = models.TextField(editable=False, blank=True) body_html = models.TextField( editable=False, blank=True ) article_image = models.ImageField(blank=True, upload_to='upload') body = models.TextField() enable_comments = models.BooleanField(default=True) pub_date = models.DateTimeField(default=datetime.datetime.now) slug = models.SlugField(unique_for_date='pub_date') author = models.ForeignKey(User) featured = models.BooleanField(default=False) def save( self, force_insert=False, force_update= False): self.body_html = markdown(self.body) if self.excerpt: self.excerpt_html = markdown( self.excerpt ) super( Entry, self ).save( force_insert, force_update ) class Meta: ordering = ['-pub_date'] verbose_name_plural = "Entries" def __unicode__(self): return self.title Edit #2: To clarify I did move the media files to my media path and they are indeed rendering the image area, I can upload fine, the <<<image>>> tag is inserted into my editable MarkItUp w/ Markdown area but it isn't rendering in the MarkItUp preview - perhaps I just need to apply the |upload_tags into that preview. I'll try adding it to my template which posts the article as well.

    Read the article

  • Eventlet or gevent or Stackless + Twisted, Pylons, Django and SQL Alchemy

    - by Khorkrak
    We're using Twisted extensively for apps requiring a great deal of asynchronous io. There are some cases where stuff is cpu bound instead and for that we spawn a pool of processes to do the work and have a system for managing these across multiple servers as well - all done in Twisted. Works great. The problem is that it's hard to bring new team members up to speed. Writing asynchronous code in Twisted requires a near vertical learning curve. It's as if humans just don't think that way naturally. We're considering a mixed approach perhaps. Maybe do the xmlrpc server part and process management in Twisted still but the other stuff in code that at least looks synchronous while not being as such. Then again I like explicit over implicit so hmmm. Anyway onto greenlets - how well does that stuff work? So there's Stackless and as you can see from my Gallentean avatar I'm well aware of the tremendous success in it's use for CCP's flagship EVE Online game first hand. What about Eventlet or gevent? Well for now only Eventlet works with Twisted. However gevent claims to be faster since it's not a pure python implementation it instead uses libevent. It also has fewer idiosyncrasies and defects supposedly. The documentation there is minimal in comparison to Eventlet and it's maintained by 1 guy as far as I can tell. This makes me leery but all great projects start this way so... Then there's PyPy - I haven't even finished reading about that one yet - just saw it in this thread: Drawbacks of Stackless. So confusing - I'm wondering what the heck to do - sounds like Eventlet is probably the best bet but is it really stable enough? Anyone out there have any experience with it? Should we go with Stackless instead as it's been around and is proven technology - just like Twisted is as well - and they do work together nicely. But still I hate having to have a separate version of Python to do this. what to do.... This somewhat obnoxious blog entry hit the nail on the head for me though: Asynchronous IO for Grownups We're stuck using MySQL as well - I never knew how great PostgreSQL was until having had to work on a production OLTP system in MySQL instead - but that's another story. But if that monkey patch thing really works then wow. Just wow.

    Read the article

  • How to use Bouncy Castle lightweight API with AES and PBE

    - by Adrian
    I have a block of ciphertext that was created using the JCE algorithim "PBEWithSHA256And256BitAES-CBC-BC". The provider is BouncyCastle. What I'd like to do it decrypt this ciphertext using the BouncyCastle lightweight API. I don't want to use JCE because that requires installing the Unlimited Strength Jurisdiction Policy Files. Documentation seems to be thin on the ground when it comes to using BC with PBE and AES. Here's what I have so far. The decryption code runs without exception but returns rubbish. The encryption code, String password = "qwerty"; String plainText = "hello world"; byte[] salt = generateSalt(); byte[] cipherText = encrypt(plainText, password.toCharArray(), salt); private static byte[] generateSalt() throws NoSuchAlgorithmException { byte salt[] = new byte[8]; SecureRandom saltGen = SecureRandom.getInstance("SHA1PRNG"); saltGen.nextBytes(salt); return salt; } private static byte[] encrypt(String plainText, char[] password, byte[] salt) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchPaddingException, InvalidKeyException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException { Security.addProvider(new BouncyCastleProvider()); PBEParameterSpec pbeParamSpec = new PBEParameterSpec(salt, 20); PBEKeySpec pbeKeySpec = new PBEKeySpec(password); SecretKeyFactory keyFac = SecretKeyFactory.getInstance("PBEWithSHA256And256BitAES-CBC-BC"); SecretKey pbeKey = keyFac.generateSecret(pbeKeySpec); Cipher encryptionCipher = Cipher.getInstance("PBEWithSHA256And256BitAES-CBC-BC"); encryptionCipher.init(Cipher.ENCRYPT_MODE, pbeKey, pbeParamSpec); return encryptionCipher.doFinal(plainText.getBytes()); } The decryption code, byte[] decryptedText = decrypt(cipherText, password.getBytes(), salt); private static byte[] decrypt(byte[] cipherText, byte[] password, byte[] salt) throws DataLengthException, IllegalStateException, InvalidCipherTextException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException { BlockCipher engine = new AESEngine(); CBCBlockCipher cipher = new CBCBlockCipher(engine); PKCS5S1ParametersGenerator keyGenerator = new PKCS5S1ParametersGenerator(new SHA256Digest()); keyGenerator.init(password, salt, 20); CipherParameters keyParams = keyGenerator.generateDerivedParameters(256); cipher.init(false, keyParams); byte[] decryptedBytes = new byte[cipherText.length]; int numBytesCopied = cipher.processBlock(cipherText, 0, decryptedBytes, 0); return decryptedBytes; }

    Read the article

  • RuntimeBinderException with dynamic in C# 4.0

    - by Terence Lewis
    I have an interface: public abstract class Authorizer<T> where T : RequiresAuthorization { public AuthorizationStatus Authorize(T record) { // Perform authorization specific stuff // and then hand off to an abstract method to handle T-specific stuff // that should happen when authorization is successful } } Then, I have a bunch of different classes which all implement RequiresAuthorization, and correspondingly, an Authorizer<T> for each of them (each business object in my domain requires different logic to execute once the record has been authorized). I'm also using a UnityContainer, in which I register various Authorizer<T>'s. I then have some code as follows to find the right record out of the database and authorize it: void Authorize(RequiresAuthorization item) { var dbItem = ChildContainer.Resolve<IAuthorizationRepository>() .RetrieveRequiresAuthorizationById(item.Id); var authorizerType = type.GetType(String.Format("Foo.Authorizer`1[[{0}]], Foo", dbItem.GetType().AssemblyQualifiedName)); dynamic authorizer = ChildContainer.Resolve(type) as dynamic; authorizer.Authorize(dbItem); } Basically, I'm using the Id on the object to retrieve it out of the database. In the background NHibernate takes care of figuring out what type of RequiresAuthorization it is. I then want to find the right Authorizer for it (I don't know at compile time what implementation of Authorizer<T> I need, so I've got a little bit of reflection to get the fully qualified type). To accomplish this, I use the non-generic overload of UnityContainer's Resolve method to look up the correct authorizer from configuration. Finally, I want to call Authorize on the authorizer, passing through the object I've gotten back from NHibernate. Now, for the problem: In Beta2 of VS2010 the above code works perfectly. On RC and RTM, as soon as I make the Authorize() call, I get a RuntimeBinderException saying "The best overloaded method match for 'Foo.Authorizer<Bar>.Authorize(Bar)' has some invalid arguments". When I inspect the authorizer in the debugger, it's the correct type. When I call GetType().GetMethods() on it, I can see the Authorize method which takes a Bar. If I do GetType() on dbItem it is a Bar. Because this worked in Beta2 and not in RC, I assumed it was a regression (it seems like it should work) and I delayed sorting it out until after I'd had a chance to test it on the RTM version of C# 4.0. Now I've done that and the problem still persists. Does anybody have any suggestions to make this work? Thanks Terence

    Read the article

  • Detecting which UIButton was pressed in a UITableView

    - by rein
    Hi, I have a UITableView with 5 UITableViewCells. Each cell contains a UIButton which is set up as follows: - (UITableViewCell *)tableView:(UITableView *)tableView cellForRowAtIndexPath:(NSIndexPath *)indexPath { NSString *identifier = @"identifier"; UITableViewCell *cell = [tableView dequeueReusableCellWithIdentifier:identifier]; if (cell == nil) { cell = [[UITableView alloc] initWithStyle:UITableViewCellStyleDefault reuseIdentifier:identifier]; [cell autorelelase]; UIButton *button = [[UIButton alloc] initWithFrame:CGRectMake(10, 5, 40, 20)]; [button addTarget:self action:@selector(buttonPressedAction:) forControlEvents:UIControlEventTouchUpInside]; [button setTag:1]; [cell.contentView addSubview:button]; [button release]; } UIButton *button = (UIButton *)[cell viewWithTag:1]; [button setTitle:@"Edit" forState:UIControlStateNormal]; return cell; } My question is this: in the buttonPressedAction: method, how do I know which button has been pressed. I've considered using tags but I'm not sure this is the best route. I'd like to be able to somehow tag the indexPath onto the control. - (void)buttonPressedAction:(id)sender { UIButton *button = (UIButton *)sender; // how do I know which button sent this message? // processing button press for this row requires an indexPath. } What's the standard way of doing this? Edit: I've kinda solved it by doing the following. I would still like to have an opinion whether this is the standard way of doing it or is there a better way? - (UITableViewCell *)tableView:(UITableView *)tableView cellForRowAtIndexPath:(NSIndexPath *)indexPath { NSString *identifier = @"identifier"; UITableViewCell *cell = [tableView dequeueReusableCellWithIdentifier:identifier]; if (cell == nil) { cell = [[UITableView alloc] initWithStyle:UITableViewCellStyleDefault reuseIdentifier:identifier]; [cell autorelelase]; UIButton *button = [[UIButton alloc] initWithFrame:CGRectMake(10, 5, 40, 20)]; [button addTarget:self action:@selector(buttonPressedAction:) forControlEvents:UIControlEventTouchUpInside]; [cell.contentView addSubview:button]; [button release]; } UIButton *button = (UIButton *)[cell.contentView.subViews objectAtIndex:0]; [button setTag:indexPath.row]; [button setTitle:@"Edit" forState:UIControlStateNormal]; return cell; } - (void)buttonPressedAction:(id)sender { UIButton *button = (UIButton *)sender; int row = button.tag; } What's important to note is that I can't set the tag in the creation of the cell since the cell might be dequeued instead. It feels very dirty. There must be a better way.

    Read the article

  • Android -- autoLink

    - by Ryan
    Is there any way to Linkify a specific TextView that is contained within a ListView? I tried using android:autoLink="all" but that didn't work. I was getting an out of context error. Important also to note: the ListView is my second view in the ViewFlipper. I have also tried: View mItemView = mAdapter.getView(2, null, null); TextView infoText = (TextView) mItemView.findViewById(R.id.rowText2); Linkify.addLinks(infoText, Linkify.ALL); Right after the adapter was bound to the ListView and the View was switched. No luck. Here is the stack trace: 06-03 21:19:25.180: ERROR/AndroidRuntime(1214): Uncaught handler: thread main exiting due to uncaught exception 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): android.util.AndroidRuntimeException: Calling startActivity() from outside of an Activity context requires the FLAG_ACTIVITY_NEW_TASK flag. Is this really what you want? 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.app.ApplicationContext.startActivity(ApplicationContext.java:550) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.content.ContextWrapper.startActivity(ContextWrapper.java:248) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.text.style.URLSpan.onClick(URLSpan.java:62) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.text.method.LinkMovementMethod.onTouchEvent(LinkMovementMethod.java:216) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.widget.TextView.onTouchEvent(TextView.java:6560) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.view.View.dispatchTouchEvent(View.java:3709) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:884) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:884) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:884) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:884) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:884) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:884) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:884) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at com.android.internal.policy.impl.PhoneWindow$DecorView.superDispatchTouchEvent(PhoneWindow.java:1659) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at com.android.internal.policy.impl.PhoneWindow.superDispatchTouchEvent(PhoneWindow.java:1107) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.app.Activity.dispatchTouchEvent(Activity.java:2061) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at com.android.internal.policy.impl.PhoneWindow$DecorView.dispatchTouchEvent(PhoneWindow.java:1643) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.view.ViewRoot.handleMessage(ViewRoot.java:1691) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.os.Handler.dispatchMessage(Handler.java:99) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.os.Looper.loop(Looper.java:123) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at android.app.ActivityThread.main(ActivityThread.java:4363) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at java.lang.reflect.Method.invokeNative(Native Method) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at java.lang.reflect.Method.invoke(Method.java:521) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:860) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:618) 06-03 21:19:25.219: ERROR/AndroidRuntime(1214): at dalvik.system.NativeStart.main(Native Method) Any Ideas? Thanks in advance!!!

    Read the article

  • HLSL, Program pixel shader with different Texture2D downscaling algorithms

    - by Kaminari
    I'm trying to port some image interpolation algorithms into HLSL code, for now i got: float2 texSize; float scale; int method; sampler TextureSampler : register(s0); float4 PixelShader(float4 color : COLOR0, float2 texCoord : TEXCOORD0) : COLOR0 { float2 newTexSize = texSize * scale; float4 tex2; if(texCoord[0] * texSize[0] > newTexSize[0] || texCoord[1] * texSize[1] > newTexSize[1]) { tex2 = float4( 0, 0, 0, 0 ); } else { if (method == 0) { tex2 = tex2D(TextureSampler, float2(texCoord[0]/scale, texCoord[1]/scale)); } else { float2 step = float2(1/texSize[0], 1/texSize[1]); float4 px1 = tex2D(TextureSampler, float2(texCoord[0]/scale-step[0], texCoord[1]/scale-step[1])); float4 px2 = tex2D(TextureSampler, float2(texCoord[0]/scale , texCoord[1]/scale-step[1])); float4 px3 = tex2D(TextureSampler, float2(texCoord[0]/scale+step[0], texCoord[1]/scale-step[1])); float4 px4 = tex2D(TextureSampler, float2(texCoord[0]/scale-step[0], texCoord[1]/scale )); float4 px5 = tex2D(TextureSampler, float2(texCoord[0]/scale+step[0], texCoord[1]/scale )); float4 px6 = tex2D(TextureSampler, float2(texCoord[0]/scale-step[0], texCoord[1]/scale+step[1])); float4 px7 = tex2D(TextureSampler, float2(texCoord[0]/scale , texCoord[1]/scale+step[1])); float4 px8 = tex2D(TextureSampler, float2(texCoord[0]/scale+step[0], texCoord[1]/scale+step[1])); tex2 = (px1+px2+px3+px4+px5+px6+px7+px8)/8; tex2.a = 1; } } return tex2; } technique Resample { pass Pass1 { PixelShader = compile ps_2_0 PixelShader(); } } The problem is that programming pixel shader requires different approach because we don't have the control of current position, only the 'inner' part of actual loop through pixels. I've been googling for about whole day and found none open source library with scaling algoriths used in loop. Is there such library from wich i could port some methods? I found http://www.codeproject.com/KB/GDI-plus/imgresizoutperfgdiplus.aspx but I really don't understand His approach to the problem, and porting it will be a pain in the ... Wikipedia tells a matematic approach. So my question is: Where can I find easy-to-port graphic open source library wich includes simple scaling algorithms? Of course if such library even exists :)

    Read the article

  • Error accessing a Web Service with SSL

    - by Elie
    I have a program that is supposed to send a file to a web service, which requires an SSL connection. I run the program as follows: SET JAVA_HOME=C:\Program Files\Java\jre1.6.0_07 SET com.ibm.SSL.ConfigURL=ssl.client.props "%JAVA_HOME%\bin\java" -cp ".;Test.jar" ca.mypackage.Main This was works fine, but when I change the first line to SET JAVA_HOME=C:\Program Files\IBM\SDP\runtimes\base_v7\java\jre I get the following error: com.sun.xml.internal.ws.client.ClientTransportException: HTTP transport error: java.net.SocketException: java.lang.ClassNotFoundException: Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:119) at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:140) at com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:86) at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Fiber.java:593) at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Fiber.java:552) at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Fiber.java:537) at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Fiber.java:434) at com.sun.xml.internal.ws.client.Stub.process(Stub.java:247) at com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(SEIStub.java:132) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:242) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:222) at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:115) at $Proxy26.fileSubmit(Unknown Source) at com.testing.TestingSoapProxy.fileSubmit(TestingSoapProxy.java:81) at ca.mypackage.Main.main(Main.java:63) Caused by: java.net.SocketException: java.lang.ClassNotFoundException: Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory at javax.net.ssl.DefaultSSLSocketFactory.a(SSLSocketFactory.java:7) at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:1) at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:110) at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:14) at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:902) at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:86) at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:107) ... 14 more Caused by: java.lang.ClassNotFoundException: Cannot find the specified class com.ibm.websphere.ssl.protocol.SSLSocketFactory at javax.net.ssl.SSLJsseUtil.b(SSLJsseUtil.java:20) at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:36) at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:16) at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:36) at com.ibm.net.ssl.www2.protocol.https.b.<init>(b.java:1) at com.ibm.net.ssl.www2.protocol.https.Handler.openConnection(Handler.java:11) at java.net.URL.openConnection(URL.java:995) at com.sun.xml.internal.ws.api.EndpointAddress.openConnection(EndpointAddress.java:206) at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.createHttpConnection(HttpClientTransport.java:277) at com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.getOutput(HttpClientTransport.java:103) ... 14 more So it seems that this problem would be related to the JRE I'm using, but what doesn't seem to make sense is that the non-IBM JRE works fine, but the IBM JRE does not. Any ideas, or suggestions?

    Read the article

  • Cannot use standard android color attribute in custom color selector

    - by Manish Gupta
    So, android defines the following in themes.xml: <style name="Theme"> ... <item name="colorPressedHighlight">@color/legacy_pressed_highlight</item> </style> and: <style name="Theme.Holo"> ... <item name="colorPressedHighlight">@color/holo_blue_light</item> </style> I want to use this colorPressedHighlight as the background color for my custom Button when it is pressed. So I defined the following in res/color/app_button_background.xml: <?xml version="1.0" encoding="utf-8"?> <selector xmlns:android="http://schemas.android.com/apk/res/android" > <item android:state_pressed="true" android:drawable="?android:colorPressedHighlight"/> <item android:drawable="@android:color/transparent" /> </selector> Finally, I define my custom ImageButton style: <style name="App_ImageButtonStyle" parent="@android:style/Widget.ImageButton"> <item name="android:gravity">center</item> <item name="android:background">@color/app_button_background</item> </style> I crash on app launch with the following call stack: 06-27 20:24:41.954: E/AndroidRuntime(532): Caused by: org.xmlpull.v1.XmlPullParserException: Binary XML file line #6: <item> tag requires a 'drawable' attribute or child tag defining a drawable 06-27 20:24:41.954: E/AndroidRuntime(532): at android.graphics.drawable.StateListDrawable.inflate(StateListDrawable.java:178) 06-27 20:24:41.954: E/AndroidRuntime(532): at android.graphics.drawable.Drawable.createFromXmlInner(Drawable.java:867) 06-27 20:24:41.954: E/AndroidRuntime(532): at android.graphics.drawable.Drawable.createFromXml(Drawable.java:804) 06-27 20:24:41.954: E/AndroidRuntime(532): at android.content.res.Resources.loadDrawable(Resources.java:1920) I know that directly accessing @color/legacy_pressed_highlight or @color/holo_blue_light instead of accessing them through the colorPressedHighlight fixes the crash but it does not solve the problem. Themes can vary, hence I need to access it through the colorPressedHighlight attribute. PS: I had a similar problem to which I haven't found an answer yet. Can someone please help!

    Read the article

  • Server side Xforms form validation and integration into ASP.NET

    - by Nigel
    I have recently been investigating methods of creating web-based forms for an ASP.NET web application that can be edited and managed at runtime. For example an administrator might wish to add a new validation rule or a new set of fields. The holy grail would provide a means of specifying a form along with (potentially very complex) arbitrary validation rules, and allocation of data sources for each field. The specification would then be used to update the deployed form in the web application which would then validate submissions both on the client side and on the server side. My investigations led me to Xforms and a number of technologies that support it. One solution appears to be IBM Lotus Forms, but this requires a very large investment in terms of infrastructure, which makes it infeasible, although the forms designer may be useful as a stand-alone tool for creating the forms. I have also discounted browser plug-ins as the form must be publicly visible and cross-browser compliant. I have noticed that there are numerous javascript libraries that provide client side implementations given an Xforms schema. These would provide a partial solution but server side validation is still a requirement. Another option seems to involve the use of server side solutions such as the Java application Orbeon. Orbeon provides a tool for specifying the forms (although not as rich as Lotus Forms Designer), but the most interesting point is that it can translate an XForms schema into an XHTML form complete with validation. The fact that it is written in Java is not a big problem if it is possible to integrate with the existing ASP.NET application. So my question is whether anyone has done this before. It sounds like a problem that should have been solved but is inherently very complex. It seems possible to use an off-the-shelf tool to design the form and export it to an Xforms schema and xhtml form, and it seems possible to take that xforms schema and form and publish it using a client side library. What seems to be difficult is providing a means of validating the form submission on the server side and integrating the process nicely with .NET (although it seems the .NET community doesn't involve themselves with XForms; please correct me if I'm wrong on this count). I would be more than happy if a product provided something simple like a web service that could validate a submission against a schema. Maybe Orbeon does this but I'd be grateful if somebody in the know could point me in the right direction before I research it further. Many thanks.

    Read the article

  • Apache HttpClient Digest authentication

    - by Milan Jovic
    Hi, Basically what I need to do is to perform digest authentication. First thing I tried is the official example available here. But when I try to execute it(with some small changes, Post instead of the the Get method) I get a org.apache.http.auth.MalformedChallengeException: missing nonce in challange at org.apache.http.impl.auth.DigestScheme.processChallenge(DigestScheme.java:132) When this failed I tried using: DefaultHttpClient client = new DefaultHttpClient(); client.getCredentialsProvider().setCredentials(new AuthScope(null, -1, null), new UsernamePasswordCredentials("<username>", "<password>")); HttpPost post = new HttpPost(URI.create("http://<someaddress>")); List<NameValuePair> nvps = new ArrayList<NameValuePair>(); nvps.add(new BasicNameValuePair("domain", "<username>")); post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8)); DigestScheme digestAuth = new DigestScheme(); digestAuth.overrideParamter("algorithm", "MD5"); digestAuth.overrideParamter("realm", "http://<someaddress>"); digestAuth.overrideParamter("nonce", Long.toString(new Random().nextLong(), 36)); digestAuth.overrideParamter("qop", "auth"); digestAuth.overrideParamter("nc", "0"); digestAuth.overrideParamter("cnonce", DigestScheme.createCnonce()); Header auth = digestAuth.authenticate(new UsernamePasswordCredentials("<username>", "<password>"), post); System.out.println(auth.getName()); System.out.println(auth.getValue()); post.setHeader(auth); HttpResponse ret = client.execute(post); ByteArrayOutputStream v2 = new ByteArrayOutputStream(); ret.getEntity().writeTo(v2); System.out.println("----------------------------------------"); System.out.println(v2.toString()); System.out.println("----------------------------------------"); System.out.println(ret.getStatusLine().getReasonPhrase()); System.out.println(ret.getStatusLine().getStatusCode()); At first I have only overridden "realm" and "nonce" DigestScheme parameters. But it turned out that PHP script running on the server requires all other params, but no matter if I specify them or not DigestScheme doesn't generate them when I call its authenticate() method. I've been struggling with this for two days, and no luck. Based on everything I think that the cause of the problem is the PHP script. It looks to me that it doesn't send a challenge when app tries to access it unauthorized. Any ideas anyone?

    Read the article

  • ASP.NET Web Service Throws 401 (unauthorized) Error

    - by user268611
    Hi Experts, I have this .NET application to be run in an intranet environment. It is configured so that it requires Windows Authentication before you can access the website (Anonymous access is disabled). This website calls a web service (enable anonymous access) and the web service calls the DB. We do have a token-based authentication between the web application and the web service to secure the communication between them. The issue I'm facing is that when I deploy this to production, I'm having an intermittent issue whereby the communication between the web application and the web service failed. The 401 issue was thrown. This is actually working fine in our QA environment. Is this an issue with Active Directory? Or could it be an isssue with FQDN as mentioned here: http://support.microsoft.com/default.aspx?scid=kb;en-us;896861? The weirdest thing is that this is happening intermittently when tested in both on the server itself and a remote workstation in my client's environment. But, this is working perfectly in my environment. OS: Windows Server SP1 IIS 6 .NET 3.5 Framework Any idea about the 401 (Unauthorized) issue?? Thx for the help... This is from the log... Event code: 3005 Event message: An unhandled exception has occurred. Event time: 4/5/2010 10:44:57 AM Event time (UTC): 4/5/2010 2:44:57 AM Event ID: 6c8ea2607b8d4e29a7f0b1c392b1cb21 Event sequence: 155112 Event occurrence: 2 Event detail code: 0 Application information: Application domain: xxx Trust level: Full Application Virtual Path: xxx Application Path: xxx Machine name: xxx Process information: Process ID: 4424 Process name: w3wp.exe Account name: NT AUTHORITY\NETWORK SERVICE Exception information: Exception type: WebException Exception message: The request failed with HTTP status 401: Unauthorized. Request information: Request URL: http://[ip]/[app_path] Request path: xxx User host address: [ip] User: xxx Is authenticated: True Authentication Type: Negotiate Thread account name: xxx Thread information: Thread ID: 6 Thread account name: xxx Is impersonating: False Stack trace: at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) at wsVulnerabilityAdvisory.Service.test() at test.Page_Load(Object sender, EventArgs e) at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) at System.Web.UI.Control.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)

    Read the article

  • Entrepreneur Needs Programmers, Architects, or Engineers?

    - by brand-newbie
    Hi guys (Ladies included). I posted on a related site, but THIS is the place to be. I want to build a specialized website. I am an entrepreneur and refining valuations now for venture capitalsists: i.e., determining how much cash I will need. I need help in understanding what human resources I need (i.e., Software Programmers, Architects, Engineers, etc.)??? Trust me, I have read most--if not all--of the threads here on the subject, and I can tell you I am no closer to the answer than ever. Here's my technology problem: The website will include (2) main components: a search engine (web crawler)...and a very large database. The search engine will not be a competitor to google, obviously; however, it "will" require bots to scour the web. The website will be, basically, a statistical database....where users should be able to pull up any statistic from "numerous" fields. Like any entrepreneur with a web-based vision, I'm "hoping" to get 100+ million registered users eventually. However, practically, we will start as small as feasible. As regards the technology (database architecture, servers, etc.), I do want quality, quality, quality. My priorities are speed, and the capaility to be scalable...so that if I "did" get globally large, we could do it without having to re-engineer anything. In other words, I want the back-end and the "infrastructure" to be scalable and professional....with emphasis on quality. I am not an IT professional. Although I've built several Joomla-based websites, I'm just a rookie who's only used minor javascript coding to modify a few plug-ins and components. The business I'm trying to create requires specialization and experts. I want to define the problem and let a capable team create the final product, and I will stay totally hands off. So who do you guys suggest I hire to run this thing? A software engineer? I was thinking I would need a "database engineer," a "systems security engineer", and maybe 2 or 3 "programmers" for the search engine. Also a web designer...and maybe a part-time graphic designer...everyone working under a single software engineer. What do you guys think? Who should I hire?...I REALLY need help from some people in the industry (YOU guys) on this. Is this project do-able in 6 months? If so, how many people will I need? Who exactly needs to head up this thing?...Senior software engineer, an embedded engineer, a CC++ engineer, a java engineer, a database engineer? And do I build this thing is Ruby or Java?

    Read the article

  • When -exactly- does the Rails3 application get initialized?

    - by bergyman
    I've been fighting left and right with rails 3 and bundler. There are a few gems out there that don't work properly if the rails application hasn't been loaded yet. factory_girl and shoulda are both examples, even on the rails3 branch. Taking shoulda as an example, when trying to run rake test:units I get the following error: DEPRECATION WARNING: RAILS_ROOT is deprecated! Use Rails.root instead. (called from autoload_macros at c:/code/test_harness/vendor/windows_gems/gems/shoulda-2.10.3/lib/shoulda/autoload_macros.rb:40) c:/code/test_harness/vendor/windows_gems/gems/shoulda-2.10.3/lib/shoulda/autoload_macros.rb:44:in 'join': can't convert #<Class:0x232b7c0> into String (TypeError) from c:/code/test_harness/vendor/windows_gems/gems/shoulda-2.10.3/lib/shoulda/autoload_macros.rb:44:in 'block in autoload_macros' from c:/code/test_harness/vendor/windows_gems/gems/shoulda-2.10.3/lib/shoulda/autoload_macros.rb:44:in 'map' from c:/code/test_harness/vendor/windows_gems/gems/shoulda-2.10.3/lib/shoulda/autoload_macros.rb:44:in 'autoload_macros' from c:/code/test_harness/vendor/windows_gems/gems/shoulda-2.10.3/lib/shoulda/rails.rb:17:in '<top (required)>' Digging a bit deeper into lib/shoulda/rails, I see this: root = if defined?(Rails.root) && Rails.root Rails.root else RAILS_ROOT end # load in the 3rd party macros from vendorized plugins and gems Shoulda.autoload_macros root, File.join("vendor", "{plugins,gems}", "*") So...what's happening here is while Rails.root is defined, Rails.root == nil, so RAILS_ROOT is used, and RAILS_ROOT==nil, which is then being passed on to Shoulda.autoload_macros. Obviously the rails app has yet to be initialized. With Rails3 using Bundler now, there's been some hubub over on the Bundler side about being able to specify an order in which the gems are required, but I'm not sure whether or not this would solve the problem at hand. Ultimately my questions is this: When exactly does the environment.rb file (which actually initializes the application) get pulled in? Is there any harm to bumping up when the app is initialized and have it happen before the Bundler.require line in config/application.rb? I've tried to hack bundler to specify the order myself, and have the rails gem pulled in first, but it doesn't appear to me that requiring the rails gem actually initializes the application. As this line (in config/application.rb) is being called before the app is initialized, any gem in the bundler Gemfile that requires rails to be initialized is going to tank. # Auto-require default libraries and those for the current Rails environment. Bundler.require :default, Rails.env

    Read the article

  • Save gcc compile status to a text file for Java

    - by JohnBore
    I'm making a C Assessment Program through Java, which has a bunch of programming questions for C, and it lets the user input an answer in the form of C code, and then press a "Compile" button, which is linked to a bat file that runs the user input code through gcc. I've got the input and compiling working, but I need to get the output from the compiler and get that to print textarea within the program. I can get a simple "Hello, world" compiling, but I'm having trouble getting programs that require a user input with scanf, for example, to be printed. else if(e.getSource().equals(compile)){ if(questionNumber<1){ JOptionPane.showMessageDialog(programFrame, "Please start the assessment", "Compile Error", JOptionPane.ERROR_MESSAGE); } else{ FileOutputStream fileWrite; try { fileWrite = new FileOutputStream("demo/demo.c"); new PrintStream(fileWrite).println(input.getText());//saves what the user has entered in to a C source file fileWrite.close(); @SuppressWarnings("unused") Process process = Runtime.getRuntime().exec("cmd /c compile.bat");//runs the batch file to compile the source file compileCode(); try{ fileStream = new FileInputStream("demo/output.txt"); inputStream = new DataInputStream(fileStream); bufferRead = new BufferedReader(new InputStreamReader(inputStream)); while((stringLine = bufferRead.readLine())!=null){ compiled.append(stringLine); compiled.append("\n"); } inputStream.close(); } catch(IOException exc){ System.err.println("Unable to read file"); System.exit(-1); } } catch (IOException exc) { JOptionPane.showMessageDialog(programFrame, "Demo file not found", "File Error", JOptionPane.ERROR_MESSAGE); } } This is the actionPerformed method for the "Compile" button, the compileCode() is the JFrame that displays the output and "compiled" is the textArea for the output. My batch file is: C: cd dev-cpp\bin gcc.exe H:\workspace\QuestionProgram\demo\demo.c -o demo > H:\workspace\QuestionProgram\demo\compilestatus.txt demo > H:\workspace\QuestionProgram\demo\output.txt I'm not sure how I can do it, so the frame is created for the output of the code if the code requires a user input as the command prompt doesn't open without adding "START" to .exec(), but then the frame appears before the program has finished running. Also, how would I get the output of the compiler if the compile fails because of an error? The way I've got it in my batch file at the moment doesn't put anything in a text file if it fails.

    Read the article

  • XCode linking error when targeting armv7.

    - by Tom
    I've already spent countless hours puzzling over this, utilizing Google searches and other Stack Overflow questions to no avail. I have an iPhone/iPad universal application, which seems to compile fine when the target is armv6. However, when the device is iPad, I get this warning: warning: building for SDK 'Device - iPhone OS 3.2' requires an armv7 architecture. Oddly enough, the app still runs great on iPad in spite of this warning. However, I do want to do things the "right way" what ever that means in this case. When I switch the target architecture to armv7, I get linking errors: "___restore_vfp_d8_d15_regs", referenced from: *redacted* "___save_vfp_d8_d15_regs", referenced from: *redacted* ld: symbol(s) not found collect2: ld returned 1 exit status The "redacted" portions of the errors are references to the static library to which I'm trying to link. Here's what I've tried from the many suggestions online. Each of these were suggested more than once without any explanation, which leads me to believe nobody quite understands this problem: "Never use the drop down menu in the upper left of the XCode window to choose the target. Instead, set this to Base SDK and then the Base SDK to iPhone OS 3.0 in the target configuration. Set the target device to your preferred target (iPad, iPhone OS 3.2 in my situation.)" This yields the error "Library not found for -lcrt1.3.1.o" "Make sure that GCC isn't linking against the wrong version of the standard library. (You'll have to make sure the LIBRARY_SEARCH_PATH doesn't have the wrong path in it.)" My LIBRARY_SEARCH_PATH is already empty, so this doesn't seem relevant. "Try compiling with GCC 4.0 rather than GCC 4.2." I get a syntax error inside a UIKit header file. The error is "Syntax error before 'AT_NAME' token." The line is "UIKIT_EXTERN @interface UILocalizedIndexedCollation : NSObject." Another project compiles just fine with the same target settings, which is really making me question my sanity. Could I be dealing with a corrupt XCode project? If anyone knows what's actually happening and has a reference or doesn't mind explaining it, I would be so very grateful. Cheers!

    Read the article

  • Client-side policy error using JacORB (Java/CORBA) with SSL

    - by jason
    I'm trying to add SSL to an existing CORBA app, and I keep getting this error: org.omg.CORBA.NO_PERMISSION: Client-side policy requires SSL/TLS, but server doesn't support it vmcid: 0x0 minor code: 0 completed: No at org.jacorb.orb.iiop.ClientIIOPConnection.checkSSL(ClientIIOPConnection.java:535) at org.jacorb.orb.iiop.ClientIIOPConnection.connect(ClientIIOPConnection.java:144) at org.jacorb.orb.giop.GIOPConnection.sendMessage(GIOPConnection.java:835) at org.jacorb.orb.giop.GIOPConnection.sendRequest(GIOPConnection.java:805) at org.jacorb.orb.giop.ClientConnection.sendRequest(ClientConnection.java:302) at org.jacorb.orb.giop.ClientConnection.sendRequest(ClientConnection.java:282) at org.jacorb.orb.Delegate.invoke_internal(Delegate.java:919) at org.jacorb.orb.Delegate.invoke(Delegate.java:868) at org.jacorb.orb.Delegate.is_a(Delegate.java:1268) at org.omg.CORBA.portable.ObjectImpl._is_a(ObjectImpl.java:112) at databridge.autogen.ILoginManagerHelper.narrow(ILoginManagerHelper.java:57) at databridge.test.Client.main(Client.java:59) I have generated keystores for both client and server and exchanged the keys between the two. Using this setup, I can get the demo application that came in the JacORB download to run successfully. The only difference I can tell is that my test is using the Tie method to get the POA. There are some policies that go into that, but I can't find any information on what policies need to go in there to enable SSL, if any. I'm not even sure that's the problem as the JacORB demo doesn't set any policies on the server or poa. When I run the -Djavax.net.debug=ssl, I can see the keystores load up the trusted certs on both the client and the server. I'm just not sure what policies are being referred to here, but it's odd that the demo works and the test doesn't using the exact same keystores and properties. I've emailed the mailing list, but I'm not holding out much hope as that doesn't seem to be very active. Any help would be greatly appreciated. Below are my properties files. Server Props: jacorb.security.support_ssl=on jacorb.security.ssl.server.supported_options=60 jacorb.security.ssl.server.required_options=20 jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory jacorb.ssl.server_socket_factory=org.jacorb.security.ssl.sun_jsse.SSLServerSocketFactory jacorb.security.keystore=dbserver.jks jacorb.security.keystore_password=dbsslserver_pass jacorb.security.jsse.trustees_from_ks=on jacorb.security.jsse.log.verbosity=4 jacorb.implname=StandardImplName client props jacorb.security.support_ssl=on jacorb.security.ssl.client.supported_options=60 jacorb.security.ssl.client.required_options=20 jacorb.ssl.socket_factory=org.jacorb.security.ssl.sun_jsse.SSLSocketFactory jacorb.security.keystore=dbclient.jks jacorb.security.keystore_password=dbsslclient_pass jacorb.security.jsse.trustees_from_ks=on jacorb.security.jsse.log.verbosity=4 jacorb.implname=StandardImplName

    Read the article

  • What Is The Best Database For Delphi Desktop Applications That Supports Stored Procedures?

    - by Cape Cod Gunny
    I started with Turbo Pascal 3, went to TP5, Bought TP6 called Borland the next day and downgraded to TP5.5. Bought Delphi 3, and now have Delphi 5 Enterprise. I sort of lost interest in writing code about 4-5 years ago for two reasons; Spent all day writing ASP & SQL for someone else. PC Techniques magazine went away. I've got a few programs in the shareware market that are solid performers but are in need of serious updating. I love Delphi or did when it was Borland (before Borland bought DBase and all the other crap), I'd like to salvage as much of my D5E code as possible but I doubt I can. I plan on upgrading to Delphi 2010. My next software release needs to interact with a database. I'm very proficient with MS Sql and like to put all of the database code in stored procedures. What is the best database choice that interacts well with Delphi, allows stored procedures and is so easy to deploy that even the Geico gecko could deploy it? 10/25/2009 18:53 PM EST Re-Opened After Reading Install Docs for Delphi 2010 I downloaded a trial version of Delphi 2010 and unzipped the install. I've been reading the install docs included in the package. I started with the install.htm inside the zip package. install.htm wisely tells you to see the following two articles: Installation Notes: http://edn.embarcadero.com/article/39754 Release Notes: http://edn.embarcadero.com/article/39758 the release notes state the following... MSSQL driver requires the installation of the SQL Native Client. SQL Native Client 2008 is required for dbxmss.dll. SQL Native Client 2005 is required for dbxmss9.dll I checked my machine to see if SQL Native Client is installed. Nope. I wasn't done reading the docs so I made a note to install SQL Native Client. I googled dbxmss.dll and dbxmss9.dll and found a very interesting thread on the Embarcadero forums. read thread here. After reading this thread and some careful thought I don't think I will be using Microsoft SQL Express. I can't rely on my customers having the right drivers installed. So, I'm back to looking for a different solution. If I'm selling a $40 product to the general masses I need to have a bulletproof solution that doesn't require my brand new customer to update their machine before my software will work.

    Read the article

  • [JavaScript-CSS-Firefox] Cannot change borderColor of TD

    - by Tadeus Prastowo
    Using JS to set the background color of a TD is fine. But, setting the border color is problematic in FF 3.0.18 although IE 6 doesn't experience this. FF is problematic in that it requires the TD element to have an attribute style initialized to border-style: solid. Without that, setting border color of a TD won't work. Is this known bug? How do I set the border color without having to set style attribute as well as the initialization value? I know another trick of setting the class attribute instead of setting the border color directly. Is this an indication that somehow TD hates having its border color set dynamically? Is this known as well? The problematic code is below (the goal is find out why setting the border color of simple truth 1 does not work while simple truth 3 works when I employ the trick described above): <html> <head> <title>Quirks FF 3.0.18</title> <style type="text/css"> table { border-collapse: collapse; } </style> <script type="text/javascript"> function changeBgColor() { document.getElementById('simple').style.backgroundColor='yellow'; document.getElementById('simple2').style.backgroundColor='yellow'; document.getElementById('simple3').style.backgroundColor='yellow'; } function quirk(id) { var x = document.getElementById(id); x.style.border = '2px solid red'; } </script> </head> <body> <input type="button" onclick="changeBgColor()" value="Change background color"/> <input type="button" onclick="quirk('simple')" value="Change border color 1"/> <input type="button" onclick="quirk('simple2')" value="Change border color 2"/> <input type="button" onclick="quirk('simple3')" value="Change border color 3"/> <table> <tr><td id="simple">Simple truth 1</td></tr> </table> <table> <tr><td><span id="simple2">Simple truth 2</span></td></tr> <table> <tr><td id="simple3" style="border-style: solid">Simple truth 3</td></tr> </table> </body> </html>

    Read the article

  • practical security ramifications of increasing WCF clock skew to more than an hour

    - by Andrew Patterson
    I have written a WCF service that returns 'semi-private' data concerning peoples name, addresses and phone numbers. By semi-private, I mean that there is a username and password to access the data, and the data is meant to be secured in transit. However, IMHO noone is going to expend any energy trying to obtain the data, as it is mostly available in the public phone book anyway etc. At some level, the security is a bit of security 'theatre' to tick some boxes imposed on us by government entities. The client end of the service is an application which is given out to registered 'users' to run within their own IT setups. We have no control over the IT of the users - and in fact they often tell us to 'go jump' if we put too many requirements on their systems. One problem we have been encountering is numerous users that have system clocks that are not accurate. This can either be caused by a genuine slow/fast clocks, or more than likely a timezone or daylight savings zone error (putting their machine an hour off the 'real' time). A feature of the WCF bindings we are using is that they rely on the notion of time to detect replay attacks etc. <wsHttpBinding> <binding name="normalWsBinding" maxBufferPoolSize="524288" maxReceivedMessageSize="655360"> <reliableSession enabled="false" /> <security mode="Message"> <message clientCredentialType="UserName" negotiateServiceCredential="false" algorithmSuite="Default" establishSecurityContext="false" /> </security> </binding> </wsHttpBinding> The inaccurate client clocks cause security exceptions to be thrown and unhappy users. Other than suggesting users correct their clocks, we know that we can increase the clock skew of the security bindings. http://www.danrigsby.com/blog/index.php/2008/08/26/changing-the-default-clock-skew-in-wcf/ My question is, what are the real practical security ramifications of increasing the skew to say 2 hours? If an attacker can perform some sort of replay attack, why would a clock skew window of 5 minutes be necessarily safer than 2 hours? I presume performing any attack with security mode of 'message' requires more than just capturing some data at a proxy and sending the data back in again to 'replay' the call? In a situation like mine where data is only 'read' by the users, are there indeed any security ramifications at all to allowing 'replay' attacks?

    Read the article

  • F# Add Constructor to a Record?

    - by akaphenom
    Basically I want to have a single construct to deal with serializing to both JSON and formatted xml. Records workd nicley for serializing to/from json. However XmlSerializer requires a parameterless construtor. I don't really want to have to go through the exercise of building class objects for these constructs (principal only). I was hoping there could be some shortcut for getting a parameterless constructor onto a record (perhaps with a wioth statement or something). I can't get it to behave - has anybody in the community had any luck? module JSONExample open System open System.IO open System.Net open System.Text open System.Web open System.Xml open System.Security.Authentication open System.Runtime.Serialization //add assemnbly reference System.Runtime.Serialization System.Xml open System.Xml.Serialization open System.Collections.Generic [<DataContract>] type ChemicalElementRecord = { [<XmlAttribute("name")>] [<field: DataMember(Name="name") >] Name:string [<XmlAttribute("name")>] [<field: DataMember(Name="boiling_point") >] BoilingPoint:string [<XmlAttribute("atomic-mass")>] [<field: DataMember(Name="atomic_mass") >] AtomicMass:string } [<XmlRoot("freebase")>] [<DataContract>] type FreebaseResultRecord = { [<XmlAttribute("code")>] [<field: DataMember(Name="code") >] Code:string [<XmlArrayAttribute("results")>] [<XmlArrayItem(typeof<ChemicalElementRecord>, ElementName = "chemical-element")>] [<field: DataMember(Name="result") >] Result: ChemicalElementRecord array [<XmlElement("message")>] [<field: DataMember(Name="message") >] Message:string } let getJsonFromWeb() = let query = "[{'type':'/chemistry/chemical_element','name':null,'boiling_point':null,'atomic_mass':null}]" let query = query.Replace("'","\"") let queryUrl = sprintf "http://api.freebase.com/api/service/mqlread?query=%s" "{\"query\":"+query+"}" let request : HttpWebRequest = downcast WebRequest.Create(queryUrl) request.Method <- "GET" request.ContentType <- "application/x-www-form-urlencoded" let response = request.GetResponse() let result = try use reader = new StreamReader(response.GetResponseStream()) reader.ReadToEnd(); finally response.Close() let data = Encoding.Unicode.GetBytes(result); let stream = new MemoryStream() stream.Write(data, 0, data.Length); stream.Position <- 0L stream let test = // get some JSON from the web let stream = getJsonFromWeb() // convert the stream of JSON into an F# Record let JsonSerializer = Json.DataContractJsonSerializer(typeof<FreebaseResultRecord>) let result: FreebaseResultRecord = downcast JsonSerializer.ReadObject(stream) // save the Records to disk as JSON use fs = new FileStream(@"C:\temp\freebase.json", FileMode.Create) JsonSerializer.WriteObject(fs,result) fs.Close() // save the Records to disk as System Controlled XML let xmlSerializer = DataContractSerializer(typeof<FreebaseResultRecord>); use fs = new FileStream(@"C:\temp\freebase.xml", FileMode.Create) xmlSerializer.WriteObject(fs,result) fs.Close() use fs = new FileStream(@"C:\temp\freebase-pretty.xml", FileMode.Create) let xmlSerializer = XmlSerializer(typeof<FreebaseResultRecord>) xmlSerializer.Serialize(fs,result) fs.Close() ignore(test)

    Read the article

  • NSInvalidArgumentException: Illegal attempt to establish a relationship between objects in different

    - by iPhoneDollaraire
    I have an app based on the CoreDataBooks example that uses an addingManagedObjectContext to add an Ingredient to a Cocktail in order to undo the entire add. The CocktailsDetailViewController in turn calls a BrandPickerViewController to (optionally) set a brand name for a given ingredient. Cocktail, Ingredient and Brand are all NSManagedObjects. Cocktail requires at least one Ingredient (baseLiquor) to be set, so I create it when the Cocktail is created. If I add the Cocktail in CocktailsAddViewController : CocktailsDetailViewController (merging into the Cocktail managed object context on save) without setting baseLiquor.brand, then it works to set the Brand from a picker (also stored in the Cocktails managed context) later from the CocktailsDetailViewController. However, if I try to set baseLiquor.brand in CocktailsAddViewController, I get: Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: 'Illegal attempt to establish a relationship 'brand' between objects in different contexts' From this question I understand that the issue is that Brand is stored in the app's managedObjectContext and the newly added Ingredient and Cocktail are stored in addingManagedObjectContext, and that passing the ObjectID instead would avoid the crash. What I don't get is how to implement the picker generically so that all of the Ingredients (baseLiquor, mixer, garnish, etc.) can be set during the add, as well as one-by-one from the CocktailsDetailViewController after the Cocktail has been created. In other words, following the CoreDataBooks example, where and when would the ObjectID be turned into the NSManagedObject from the parent MOC in both add and edit cases? -IPD UPDATE - Here's the code: - (IBAction)addCocktail:(id)sender { CocktailsAddViewController *addViewController = [[CocktailsAddViewController alloc] init]; addViewController.title = @"Add Cocktail"; addViewController.delegate = self; // Create a new managed object context for the new book -- set its persistent store coordinator to the same as that from the fetched results controller's context. NSManagedObjectContext *addingContext = [[NSManagedObjectContext alloc] init]; self.addingManagedObjectContext = addingContext; [addingContext release]; [addingManagedObjectContext setPersistentStoreCoordinator:[[fetchedResultsController managedObjectContext] persistentStoreCoordinator]]; Cocktail *newCocktail = (Cocktail *)[NSEntityDescription insertNewObjectForEntityForName:@"Cocktail" inManagedObjectContext:self.addingManagedObjectContext]; newCocktail.baseLiquor = (Ingredient *)[NSEntityDescription insertNewObjectForEntityForName:@"Ingredient" inManagedObjectContext:self.addingManagedObjectContext]; newCocktail.mixer = (Ingredient *)[NSEntityDescription insertNewObjectForEntityForName:@"Ingredient" inManagedObjectContext:self.addingManagedObjectContext]; newCocktail.volume = [NSNumber numberWithInt:0]; addViewController.cocktail = newCocktail; UINavigationController *navController = [[UINavigationController alloc] initWithRootViewController:addViewController]; [self.navigationController presentModalViewController:navController animated:YES]; [addViewController release]; [navController release]; }

    Read the article

  • Connecting to a WSE 3.0 Web Service From a WCF Client

    - by Dave
    I'm having difficulty connecting to a 3rd party WSE 3.0 web service from a WCF client. I have implemented the custom binding class as indicated in this KB article: http://msdn.microsoft.com/en-us/library/ms734745.aspx The problem seems to have to do with the security assertion used by the web service - UsernameOverTransport. When I attempt to call a method, I get the following exception: System.InvalidOperationException: The 'WseHttpBinding'.'[namespace]' binding for the 'MyWebServiceSoap'.'[namespace]' contract is configured with an authentication mode that requires transport level integrity and confidentiality. However the transport cannot provide integrity and confidentiality.. It is expecting a username, password, and CN number. In the example code supplied to us by the vendor, these credentials are bundled in a Microsoft.Web.Services3.Security.Tokens.UsernameToken. Here's the example supplied by the vendor: MyWebServiceWse proxy = new MyWebServiceWse(); UsernameToken token = new UsernameToken("Username", "password", PasswordOption.SendPlainText); token.Id = "<supplied CN Number>"; proxy.SetClientCredential(token); proxy.SetPolicy(new Policy(new UsernameOverTransportAssertion(), new RequireActionHeaderAssertion())); MyObject mo = proxy.MyMethod(); This works fine from a 2.0 app w/ WSE 3.0 installed. Here is a snippet of the code from my WCF client: EndpointAddress address = new EndpointAddress(new Uri("<web service uri here>")); WseHttpBinding binding = new WseHttpBinding(); // This is the custom binding I created per the MS KB article binding.SecurityAssertion = WseSecurityAssertion.UsernameOverTransport; binding.EstablishSecurityContext = false; // Not sure about the value of either of these next two binding.RequireDerivedKeys = true; binding.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; MembershipServiceSoapClient proxy = new MembershipServiceSoapClient(binding, address); // This is where I believe the problem lies – I can’t seem to properly setup the security credentials the web service is expecting proxy.ClientCredentials.UserName.UserName = "username"; proxy.ClientCredentials.UserName.Password = "pwd"; // How do I supply the CN number? MyObject mo = proxy.MyMethod(); // this throws the exception I've scoured the web looking for an answer to this question. Some sources get me close (like the MS KB article), but I can't seem to get over the hump. Can someone help me out?

    Read the article

  • How can we implement change notification propagation for WPF and SL in the MVVM pattern?

    - by Firoso
    Here's an example scenario targetting MVVM WPF/SL development: View data binds to view model Property "Target" "Target" exposes a field of an object called "data" that exists in the local application model, called "Original" when "Original" changes, it should raise notification to the view model and then propogate that change notification to the View. Here are the solutions I've come up with, but I don't like any of them all that much. I'm looking for other ideas, by the time we come up with something rock solid I'm certain Microsoft will have released .NET 5 with WPF/SL extensions for better tools for MVVM development. For now the question is, "What have you done to solve this problem and how has it worked out for you?" Option 1. Proposal: Attach a handler to data's PropertyChanged event that watches for string values of properties it cares about that might have changed, and raises the appropriate notification. Why I don't like it: Changes don't bubble naturally, objects must be explicitly watched, if data changes to a new source, events must be un-registered/registered. Why I kind of like it: I get explicit control over propogation of changes, and I don't have to use any types that belong at a higher level of the application such as dependancy properties. Option 2. Proposal: Attach a handler to data's PropertyChanged event that re-raises the event across all properties using the name property name. Why I don't like it: This is essentially the same as option 1, but less intelligent, and forces me to never change my property names, as they have to be the same as the property names on data Why I kind of like it: It's very easy to set up and I don't have to think about it... Then again if I try to think, and change names to things that make sense, I shoot myself in the foot, and then I have to think about it! Option 3. Proposal: Inherit my view model from dependancy object, and notify binding sources of changes directly. Why I don't like it: I'm not even 100% sure dependancy properties/objects can DO this, it was just a thought to look into. Also I don't personally feel that WPF/SL types like Dep Obj belong at the view model level. Why I kind of like it: IF it has the capability that I'm seeking then it's a good answer! minus that pesky layering issue. Option 4. Proposal: Use a consistant agent messaging system based off of Task Parallels DataFlow Library to propogate everything through linked pipelining. Why I don't like it: I've never tried this, and somehow I think it will be lacking, plus it requires me to think about my code completely differently all the way around. Why I kind of like it: It has the possiblity of allowing me to do some VERY fun manipulations with a push based data model and using ActionBlocks as validation AND setters to then privately change view model properties and explicitly control PropertyChanged notifications.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 205 206 207 208 209 210 211 212 213 214 215 216  | Next Page >