Search Results

Search found 922 results on 37 pages for 'sensitive'.

Page 21/37 | < Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >

• *Client* scalability for large numbers of remote web service calls

  - by Yuriy

  Hey Guys, I was wondering if you could share best practices and common mistakes when it comes to making large numbers of time-sensitive web service calls. In my case, I have a SOAP and an XML-RPC based web service to which I'm constantly making calls. I predict that this will soon become an issue as the number of calls per second will grow. On a higher level, I was thinking of batching those calls and submitting those to the web services every 100 ms. Could you share what else works? On a lower level side of the things, I use Apache Xml-Rpc client and standard javax.xml.soap.* packages for my client implementations. Are you aware of any client scalability related tricks/tips/warnings with these packages? Thanks in advance Yuriy

  Read the article

• Specifying culture for http request/reponse

  - by Akash

  I have a ReSTful web service which needs to parse culture-sensitive data from the request. This data could either be in an XML body or part of the query string. Is there any acepted way of determining which culture the data is being sent in (and by extension the culture in which the response should be sent)? One option is simply to specify to the clients the culture in which all requests should be sent. A friendlier option seems to be to allow the client to specify the culture. I've considered: a) using the accept-language http header to encode this information. b) using the xml:lang attribute for XML POSTs, and an extra field for query strings (e.g. ...&culture=en-GB) http://www.w3.org/International/questions/qa-accept-lang-locales warns of limitations in using the accept-language header, but most of the warnings seem to center around requests originating from browsers. In my case the requests will come from other applications. All advice greatly appreciated!

  Read the article

• Invalid padding on ASP 2.0 cookie, MVC looks ok

  - by brian b

  We have a cookie management library that writes a cookie containing some sensitive information, encrypted with Rijndael. The cookie encrypts and decrypts fine in unit tests (using Moq), works fine for MVC web applications, but when called from an ASP.net 2.0 website, the cookie cannot be decrypted. "Padding is invalid and cannot be removed." We are sure that the cookie value is valid because we tested it 10,000 times with random data in a unit test. There is something about what ASP.NET 2.0 does when it reads and writes the cookie that causes trouble. There has to be a gotcha. Any suggestions?

  Read the article

• Does Google index HTTPS ASP.NET pages?

  - by ncakmak

  I have an online application that all of its pages use HTTPS. I have 3 questions: Does Google index HTTPS pages? I have a password protected single ASP.NET page (using HTTPS). Password protection is basically achieved by a Session object. When the correct password is entered, it hides the login panel and displays the same page which has a sensitive data. Is this page indexed by Google? I have a Secure folder that I implemented Forms Authentication. All pages in folder use HTTPS as well. Are the pages in this folder indexed by Google? Thank you for your help, Niyazi

  Read the article

• Efficiently Combine MatchCollections in .Net Regex

  - by Laramie

  In the simplified example, there are 2 Regular Expressions, one case sensitive, the other not. The idea would be to efficiently create an IEnumerable collection (see "combined" below) combining the results. string test = "abcABC"; string regex = "(?<grpa>a)|(?<grpb>b)|(?<grpc>c)]"; Regex regNoCase = new Regex(regex, RegexOptions.IgnoreCase); Regex regCase = new Regex(regex); MatchCollection matchNoCase = regNoCase.Matches(test); MatchCollection matchCase = regCase.Matches(test); //Combine matchNoCase and matchCase into an IEnumerable IEnumerable<Match> combined= null; foreach (Match match in combined) { //Use the Index and (successful) Groups properties //of the match in another operation } In practice, the MatchCollections might contain thousands of results and be run frequently using long dynamically created REGEXes, so I'd like to shy away from copying the results to arrays, etc. I am still learning LINQ and am fuzzy on how to go about combining these or what the performance hits to an already sluggish process will be.

  Read the article

• Seam/JSF/Facelets Compiler or Validator (equivalent of JspC for JSP)

  - by Drew

  Is there such a thing as JspC in the Seam/JSF/Facelets world? I used the Tomcat's JspC to validate a JSP/Struts application to validate if there are typos in the JSPs or some JSP was calling a Java function that didn't exist, etc. etc. From time to time I come across bugs in my current project (Seam/Facelets/RichFaces) where it's caused by a typo in action/value binding. And I think bugs like these can be caught using a program. Just wondering if someone has already written one. Basically a tool that can validate if the method/value binding are correct. I know this would be specially hard in Seam since names are Context sensitive and the tool should somehow figure out what the context is. But I think it should be easier to just check if the names are valid and the Objects bound to those names have the methods and/or properties being referred to in the JSF page. Thanks

  Read the article

• Questions and considerations to ask client for designing a database

  - by Julia

  Hi guys! so as title says, I would like to hear your advices what are the most important questions to consider and ask end-users before designing database for their application. We are to make database-oriented app, with special attenion to pay on db security (access control, encryption, integrity, backups)... Database will also keep some personal information about people, which is considered sensitive by law regulations, so security must be good. I worked on school projects with databases, but this is first time working "in real world", where this db security has real implications. So I found some advices and questions to ask on internet, but here I always get best ones. All help appreciated! Thank you!

  Read the article

• String comparison with a collation in javascript

  - by fsb

  I use jquery.autocomplete, which uses a javascript regexp to highlight substrings in the list of suggestions that match the autocomplete key string. So if the use types "Beat" and one of the autocomplete suggestions the server returns is "The Beatles" then plugin displays that suggestion as "The Beatles". I'm trying to think of ways to make this work with string matching that isn't sensitive to accents, diacriticals and the rest. So if the user typed "Huske" and the server suggested "Hüsker Dü" then this would be displayed as "Hüsker Dü". The principle is the same as string comparison with specified collations such as in MySql or ICU, or with Oracle's sorts. In SphinxSearch a charset_table works for this. A collation such as utf8_general_ci would be ideal for my purposes.

  Read the article

• Is it viable and necessary to encrypt bytes?

  - by Shervin

  We have a requirement from customer that if someone gets access to the database, all data that includes personal information should be encrypted, so that when they do select calls, they shouldn't be able to see anything in clear text. Now this isn't any problem for Strings, but what about bytearrays? (that can potentially be quite huge (several 100mb)) When you do a select call, you get gibberish anyways. Is it possible for a hacker to somehow read the bytes and get the sensitive information without knowing how the structure of the object it is mapped against is? Because if that is the case, then I guess we should encrypt those bytes, even if they can potentially be quite huge. (I am guessing adding encryption will make them even bigger)

  Read the article

• Splitting a string according to a delimiter when elements in the string can contain the delimiter

  - by Vivin Paliath

  I have a string that looks like this: "#Text() #SomeMoreText() #TextThatContainsDelimiter(#blah) #SomethingElse()" I'd like to get back [#Text(), #SomeMoreText(), #TextThatContainsDelimiter(#blah), #SomethingElse()] One way I thought about doing this was to require that the # to be escaped into \#, which makes the input string: "#Text() #SomeMoreText() #TextThatContainsDelimiter(\#blah) #SomethingElse()" I can then split it using /[^\\]#/ which gives me: [#Text(), SomeMoreText, TextThatContainsDelimiter(\#blah), SomethingElse()] The first element will contain # but I can strip it out. However, is there a cleaner way to do this without having to escape the #, and which ensures that the first element will not contain a #? Basically I'd like it to split by # only if the # is not enclosed by parentheses. My hunch is that since the # is context-sensitive and and regular expressions are only suited for context-free strings, this may not be the right tool. If so, would I have to write a grammar for this and roll my own parser/lexer?

  Read the article

• Web Services: Secure? Asp.net

  - by Jacques

  Hey there, Something I can't wrap my head around is how secure web services are. For example we're writing a desktop application that will interact with data on one of our websites as well as local data. This data is sensitive though and the last thing we want is anybody calling the web services. I've not yet found anything that says web services has some kind of authentication methods and the only security I've seen people talk about is using certificates to encrypt the message. I'm no guru on this and would appreciate anyone's input and perhaps a link to somewhere that will explain this in simple terms. Thanks Jacques

  Read the article

• Recording SELECT statements in PostgreSQL 8.4

  - by David Anniwell

  Hi All I've got a table which contains sensitive data and according to data protection policy we have to keep a record of every read/write of the data including a row identifier and the user who accessed the table. The writing is no issue using triggers but obviously triggers aren't supported for SELECT statements. What's the best method of doing this? I've looked at rules but I can't get them to INSERT into a table, and I've tried logging every query but this doesn't seem to log SELECT statements. Ideally for security I'd like to keep the log within a table on the database but logging to a file is fine too. Thanks David

  Read the article

• Handling button presses in Gtk2::Image objects

  - by willert

  I've been trying to get an Gtk2::Image object in this perl Gtk2 application to get to react to button presses, but to no avail. The image shows as expected but the button events don't get handled. What am I missing? my $img = Gtk2::Image-new_from_file( $file ); $img-set_property( sensitive = 1 ); $img-can_focus( 1 ); $img-set_events([qw/ button-press-mask button-release-mask /]); $img-signal_connect( 'button-press-event' = sub { my ( $self, $event ) = @_; print STDERR "Coords: ", $event-get_coords; return; }); $window-add( $img ); $window-show_all;

  Read the article

• How to secure connection between PHP and Android

  - by Elad Cohen

  I am developing an application for the Android that requires a connection with PHP pages in order to add sensitive data to a database that will affect the application. Since it's very easy to reverse engineer an android app, one can simply find the url where the data is sent to and manipulate it. I thought about creating a registration based on IMEI, but one can still able to manipulate it for his malicious purposes. I have also checked OAuth but I didn't really understand how it works and if it can help in my condition. What can I do to fully secure my application? Thanks in advance! EDIT: By the way, what I am mostly trying to achieve here is to make sure the requests are being sent from an Android and not from any other device.

  Read the article

• FIPS-compliant encryption in .NET 2.0

  - by Odrade

  We have a .NET 2.0 application that uses the RijindaelManaged class to encrypt some sensitive data. This was fine until we ran into some machines that require the use of FIPS-compliant algorithms. We'd like to switch to AesCryptoServiceProvider, but most of our target machines haven't upgraded past .NET 2.0. Requiring an upgrade is out of the question. After all, upgrades are scary! Is there any way we could use AesCryptoServiceProvider in a .NET 2.0 application? Since 3.5 uses the 2.0 CLR, I was hoping there might be a way to build the needed libraries into the app. Failing that, could someone point me to a reference on the native API that's wrapped by AesCryptoServiceProvider?

  Read the article

• WCF, 4.0, Bidirectional...

  - by TomTom

  ...what options are there now with .NET 4.0, in a way that does support NAT for the client side (i.e. client behind NAT). I would prefer to use something HTTP based, but that is a weak condition - I think mid term I will have some non http communication outside WCF anyway, so proxy traversal is something I could delay. Pre .NET 4.0 there was the issue that basically the server-client channel would be opened from the server, which made NAT something non-traversable. Polling is not acceptable - we talk time sensitive information here. So, what are my options now?

  Read the article

• Zend Framework - no public folder

  - by poru

  Hello, I'm going to host an app on a shared host and there I couldn't create virtual host or change something at apache. Often apps with ZF looks like that: root public index.php .htaccess application library I have sth. like that: root application index.php .htaccess All my code is in the application folder. But there are also some .ini and .xml files with sensitive information e.g. login names and passwords and so on... If I add a .htaccess in the application folder with deny from all is the information secure inside the folder?

  Read the article

• How to authenticate WCF calls using forms authentication and secutity

  - by Fixer

  I'm planning a set up for a distributed application that spans serveral machines and will use WCF to send data in between. Machine A Front end website http://www.site.com Password protected site using Forms Authentication Machine B WCF Application Service http://service1.site.com/DoSomething.svc Machine C WCF Application Service http://service2.site.com/DoSomething.svc The WCF services on Machine B and Machine C should check that the request from Machine A has been authenticated. How can i check that the request is authenticated across the different machines? I only care that the request is authenticated and not concerned about securing the message body (because we are not sending any sensitive data across the wire), so SSL is not required. What authentication methods can i use for the above scenario?

  Read the article

• How do Scala parser combinators compare to Haskell's Parsec?

  - by artif

  I have read that Haskell parser combinators (in Parsec) can parse context sensitive grammars. Is this also true for Scala parser combinators? If so, is this what the "into" (aka "") function is for? What are some strengths/weaknesses of Scala's implementation of parser combinators, vs Haskell's? Do they accept the same class of grammars? Is it easier to generate error messages or do other miscellaneous useful things with one or the other? How does packrat parsing (introduced in Scala 2.8) fit into this picture? Is there a webpage or some other resource that shows how different operators/functions/DSL-sugar from one language's implementation maps onto the other's?

  Read the article

• Verify my form workflow

  - by Shackrock

  I have a form, with some sensitive info (CC numbers). My work flow is: One page to take all form items Upon submission, values are validated. If all is well, all data is stored in a session variable, and the page reloads and displays this info from the session variable. If everything is ok on the review page, the user clicks submit and the session variable is sent to another form for processing (sending payment). Upon success, the session is destroyed. Upon failure (bad CC number, for example) - the user is sent back to the form, with all of the fields filled in just like before, so that they can check for errors and try again (session is NOT destroyed). Does anyone see anything wrong with this, from a security or best practices stand point? UPDATE I'm thinking I can get rid of a step - storing the info in a session EVER. Just have a one page checkout, no review page... makes sense.

  Read the article

• Best way to encrypt certain fiels in SQL Server 2008?

  - by Josh

  I'm writing a .net web app that will read and write information to a SQL 2008 backend database. Some of this information will be highly confidential in nature so I want to encrypt certain data elements. I dont want to use TDE or any full-database encryption for performance reasons. My main concern is protecting this sensitive data as a last resort against a SQL injection or even a database server compromise. My question is what is the best way to do this to preserve performance? Is it faster to use the SQL2008 encryption functions such as EncryptByKey, or would it be faster to encrypt and decrypt the data in the .NET web app itself using a symmetric key stored in the secure web.config and store the encrypted values in the DB?

  Read the article

• Git ignore file for vb.net projects

  - by John C

  Placing a vb.net project under git control in windows (was previously under VSS - long sad story of repository corruption, etc). How should I set up the ignore file? The exclusions I'm thinking of using are: *.exe *.pdb *.manifest *.xml *.log (is git case sensitive on windows? Should I exclude *.Log as well?) *.scc (I gather these were left over from VSS - maybe I should delete them?) Is this a sensible list? Should I be excluding directories?

  Read the article

• std::string == operator not working

  - by Paul

  Hello, I've been using std::string's == operator for years on windows and linux. Now I am compiling one of my libraries on linux, it uses == heavily. On linux the following function fails, because the == returns false even when the strings are equal (case sensitive wise equal) const Data* DataBase::getDataByName( const std::string& name ) const { for ( unsigned int i = 0 ; i < m_dataList.getNum() ; i++ ) { if ( m_dataList.get(i)->getName() == name ) { return m_dataList.get(i); } } return NULL; } The getName() method is declared as follows virtual const std::string& getName() const; I am building with gcc 4.4.1 and libstdc++44-4.4.1. Any ideas? it looks perfectly valid to me. Paul

  Read the article

• need identical string comparison function in php and java

  - by steelbytes

  I have sorted list of strings that I move between php and java. to be able to bsearch on this data, I need the same comparison function. any idea what string compare functions I can use that will always give the same result in both? eg php's strcmp() vs java's String.compareTo() yes I know I could make my own string compare that does char by char carefully, but I was hoping there's a simple answer. PS, don't care if case sensitive or not, as long as it is consistant.

  Read the article

• SSRS 2008 Snapshotting Security

  - by Holy Christ

  Hi, I'm writing a report that will show data based on the User!UserID built into the SSRS infrastructure. The data is sensitive to the user's department. In addition to these department users, there will be admins that should be able to run for all departments, or have a report parameter to run for a specific department. Ideally, I'd like to use SSRS snapshotting so that users can rerun a report they ran on a previous date. It's important that a user can only view the snapshots he created for his department. My questions are: 1.) Does SSRS snapshotting provide a mechanism to limit viewing snapshots by the user that created them? 2.) Will I need to write two reports, one for the admin and one for the department users? I think I do since there isn't a way to secure report parameters. Thanks!

  Read the article

< Previous Page | 17 18 19 20 21 22 23 24 25 26 27 28  | Next Page >