Search Results

Search found 15648 results on 626 pages for 'wcf security'.

Page 23/626 | < Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >

  • Automate publishing of a WCF library using MSBuild

    - by user438334
    I searched and couldn't find anything releated to this topic. When using Visual Studio 2010 for a WCF library, you can right-click it and publish the WCF Library, which generates/creates the .svc and web.config file as well as deploys it. I have been trying to mimic this in msbuild and have had no success. Is this possible? I have build scripts to deploy a WCF application, website, and have had no luck using these scripts to successfully deploy a WCF library. When i do use them, it compiles the Dll's but not the .svc or web.config file. Any advice would be greatly appreciated.

    Read the article

  • Login loop in Snow Leopard

    - by hgpc
    I can't get out of a login loop of a particular admin user. After entering the password the login screen is shown again after about a minute. Other users work fine. It started happening after a simple reboot. Can you please help me? Thank you! Tried to no avail: Change the password Remove the password Repair disk (no errors) Boot in safe mode Reinstall Snow Leopard and updating to 10.6.6 Remove content of ~/Library/Caches Removed content of ~/Library/Preferences Replaced /etc/authorization with Install DVD copy The system.log mentions a crash report. I'm including both below. system.log Jan 8 02:43:30 loginwindow218: Login Window - Returned from Security Agent Jan 8 02:43:30 loginwindow218: USER_PROCESS: 218 console Jan 8 02:44:42 kernel[0]: Jan 8 02:44:43: --- last message repeated 1 time --- Jan 8 02:44:43 com.apple.launchd[1] (com.apple.loginwindow218): Job appears to have crashed: Bus error Jan 8 02:44:43 com.apple.UserEventAgent-LoginWindow223: ALF error: cannot find useragent 1102 Jan 8 02:44:43 com.apple.UserEventAgent-LoginWindow223: plugin.UserEventAgentFactory: called with typeID=FC86416D-6164-2070-726F-70735C216EC0 Jan 8 02:44:43 /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow233: Login Window Application Started Jan 8 02:44:43 SecurityAgent228: CGSShutdownServerConnections: Detaching application from window server Jan 8 02:44:43 com.apple.ReportCrash.Root232: 2011-01-08 02:44:43.936 ReportCrash232:2903 Saved crash report for loginwindow218 version ??? (???) to /Library/Logs/DiagnosticReports/loginwindow_2011-01-08-024443_localhost.crash Jan 8 02:44:44 SecurityAgent228: MIG: server died: CGSReleaseShmem : Cannot release shared memory Jan 8 02:44:44 SecurityAgent228: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged. Jan 8 02:44:44 SecurityAgent228: CGSDisplayServerShutdown: Detaching display subsystem from window server Jan 8 02:44:44 SecurityAgent228: HIToolbox: received notification of WindowServer event port death. Jan 8 02:44:44 SecurityAgent228: port matched the WindowServer port created in BindCGSToRunLoop Jan 8 02:44:44 loginwindow233: Login Window Started Security Agent Jan 8 02:44:44 WindowServer234: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged. Jan 8 02:44:44 com.apple.WindowServer234: Sat Jan 8 02:44:44 .local WindowServer234 <Error>: kCGErrorFailure: Set a breakpoint @ CGErrorBreakpoint() to catch errors as they are logged. Jan 8 02:44:54 SecurityAgent243: NSSecureTextFieldCell detected a field editor ((null)) that is not a NSTextView subclass designed to work with the cell. Ignoring... Crash report Process: loginwindow 218 Path: /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow Identifier: loginwindow Version: ??? (???) Code Type: X86-64 (Native) Parent Process: launchd [1] Date/Time: 2011-01-08 02:44:42.748 +0100 OS Version: Mac OS X 10.6.6 (10J567) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: 0x000000000000000a, 0x000000010075b000 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.security 0x00007fff801c6e8b Security::ReadSection::at(unsigned int) const + 25 1 com.apple.security 0x00007fff801c632f Security::DbVersion::open() + 123 2 com.apple.security 0x00007fff801c5e41 Security::DbVersion::DbVersion(Security::AppleDatabase const&, Security::RefPointer<Security::AtomicBufferedFile> const&) + 179 3 com.apple.security 0x00007fff801c594e Security::DbModifier::getDbVersion(bool) + 330 4 com.apple.security 0x00007fff801c57f5 Security::DbModifier::openDatabase() + 33 5 com.apple.security 0x00007fff801c5439 Security::Database::_dbOpen(Security::DatabaseSession&, unsigned int, Security::AccessCredentials const*, void const*) + 221 6 com.apple.security 0x00007fff801c4841 Security::DatabaseManager::dbOpen(Security::DatabaseSession&, Security::DbName const&, unsigned int, Security::AccessCredentials const*, void const*) + 77 7 com.apple.security 0x00007fff801c4723 Security::DatabaseSession::DbOpen(char const*, cssm_net_address const*, unsigned int, Security::AccessCredentials const*, void const*, long&) + 285 8 com.apple.security 0x00007fff801d8414 cssm_DbOpen(long, char const*, cssm_net_address const*, unsigned int, cssm_access_credentials const*, void const*, long*) + 108 9 com.apple.security 0x00007fff801d7fba CSSM_DL_DbOpen + 106 10 com.apple.security 0x00007fff801d62f6 Security::CssmClient::DbImpl::open() + 162 11 com.apple.security 0x00007fff801d8977 SSDatabaseImpl::open(Security::DLDbIdentifier const&) + 53 12 com.apple.security 0x00007fff801d8715 SSDLSession::DbOpen(char const*, cssm_net_address const*, unsigned int, Security::AccessCredentials const*, void const*, long&) + 263 13 com.apple.security 0x00007fff801d8414 cssm_DbOpen(long, char const*, cssm_net_address const*, unsigned int, cssm_access_credentials const*, void const*, long*) + 108 14 com.apple.security 0x00007fff801d7fba CSSM_DL_DbOpen + 106 15 com.apple.security 0x00007fff801d62f6 Security::CssmClient::DbImpl::open() + 162 16 com.apple.security 0x00007fff802fa786 Security::CssmClient::DbImpl::unlock(cssm_data const&) + 28 17 com.apple.security 0x00007fff80275b5d Security::KeychainCore::KeychainImpl::unlock(Security::CssmData const&) + 89 18 com.apple.security 0x00007fff80291a06 Security::KeychainCore::StorageManager::login(unsigned int, void const*, unsigned int, void const*) + 3336 19 com.apple.security 0x00007fff802854d3 SecKeychainLogin + 91 20 com.apple.loginwindow 0x000000010000dfc5 0x100000000 + 57285 21 com.apple.loginwindow 0x000000010000cfb4 0x100000000 + 53172 22 com.apple.Foundation 0x00007fff8721e44f __NSThreadPerformPerform + 219 23 com.apple.CoreFoundation 0x00007fff82627401 __CFRunLoopDoSources0 + 1361 24 com.apple.CoreFoundation 0x00007fff826255f9 __CFRunLoopRun + 873 25 com.apple.CoreFoundation 0x00007fff82624dbf CFRunLoopRunSpecific + 575 26 com.apple.HIToolbox 0x00007fff8444493a RunCurrentEventLoopInMode + 333 27 com.apple.HIToolbox 0x00007fff8444473f ReceiveNextEventCommon + 310 28 com.apple.HIToolbox 0x00007fff844445f8 BlockUntilNextEventMatchingListInMode + 59 29 com.apple.AppKit 0x00007fff80b01e64 _DPSNextEvent + 718 30 com.apple.AppKit 0x00007fff80b017a9 -NSApplication nextEventMatchingMask:untilDate:inMode:dequeue: + 155 31 com.apple.AppKit 0x00007fff80ac748b -NSApplication run + 395 32 com.apple.loginwindow 0x0000000100004b16 0x100000000 + 19222 33 com.apple.loginwindow 0x0000000100004580 0x100000000 + 17792 Thread 1: Dispatch queue: com.apple.libdispatch-manager 0 libSystem.B.dylib 0x00007fff8755216a kevent + 10 1 libSystem.B.dylib 0x00007fff8755403d _dispatch_mgr_invoke + 154 2 libSystem.B.dylib 0x00007fff87553d14 _dispatch_queue_invoke + 185 3 libSystem.B.dylib 0x00007fff8755383e _dispatch_worker_thread2 + 252 4 libSystem.B.dylib 0x00007fff87553168 _pthread_wqthread + 353 5 libSystem.B.dylib 0x00007fff87553005 start_wqthread + 13 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x000000010075b000 rbx: 0x00007fff5fbfd990 rcx: 0x00007fff875439da rdx: 0x0000000000000000 rdi: 0x00007fff5fbfd990 rsi: 0x0000000000000000 rbp: 0x00007fff5fbfd5d0 rsp: 0x00007fff5fbfd5d0 r8: 0x0000000000000007 r9: 0x0000000000000000 r10: 0x00007fff8753beda r11: 0x0000000000000202 r12: 0x0000000100133e78 r13: 0x00007fff5fbfda50 r14: 0x00007fff5fbfda50 r15: 0x00007fff5fbfdaa0 rip: 0x00007fff801c6e8b rfl: 0x0000000000010287 cr2: 0x000000010075b000

    Read the article

  • How to fix some damages from site hack?

    - by Towhid
    My site had been hacked. I found vulnerability,fixed it, and removed shell scripts. But hacker had uploaded thousands of web pages on my web server. after I removed those pages I got over 4 thousand "Not Found" Pages on my site(All linked from an external free domain and host which is removed now). Also hundreds of Keywords had been added to my site. after 3 weeks I can still see keywords from removed pages on my Google Webmaster Tools. I had 1st result on google search for certain keywords but now I am on 3rd page for the same keywords. 50% of my traffic was from google which is now reduced to 6%. How can I fix both those "Not Found" pages problem and new useless keywords? and Will it be enough to get me back on first result on google? P.S: 1)Both vulnerability and uploaded files are certainly removed. 2)My site is not infected, checked on google webmaster and a few other security web scan tools. 3) all files had been uploaded on one directory so i got something like site.com/hacked/page1.html and site.com/hacked/webpage2.html

    Read the article

  • Delphi and Microsoft ATL security issue

    - by Jens Nordenbro
    My impression is that standard Delphi uses the Win32 API. Recently Microsoft has been communicating a problem regarding ATL that requires application developers to rebuild ATL-using applications after installing an update on their machines. Will this practice be the general case also for Delphi developers, or are they in the clear with the exception of Delphi code using third party ATL COM objects? Sources: Microsoft Security: Protect your computer from the Active Template Library (ATL) security vulnerability MSDN VC++ DevCenter: Active Template Library Security Update for Developers Microsoft Security Advisory (973882): Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution Microsoft Security Bulletin MS09-034 - Critical: Cumulative Security Update for Internet Explorer (972260) Microsoft Security Bulletin MS09-035 - Moderate: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706)

    Read the article

  • .NET Security Part 3

    - by Simon Cooper
    You write a security-related application that allows addins to be used. These addins (as dlls) can be downloaded from anywhere, and, if allowed to run full-trust, could open a security hole in your application. So you want to restrict what the addin dlls can do, using a sandboxed appdomain, as explained in my previous posts. But there needs to be an interaction between the code running in the sandbox and the code that created the sandbox, so the sandboxed code can control or react to things that happen in the controlling application. Sandboxed code needs to be able to call code outside the sandbox. Now, there are various methods of allowing cross-appdomain calls, the two main ones being .NET Remoting with MarshalByRefObject, and WCF named pipes. I’m not going to cover the details of setting up such mechanisms here, or which you should choose for your specific situation; there are plenty of blogs and tutorials covering such issues elsewhere. What I’m going to concentrate on here is the more general problem of running fully-trusted code within a sandbox, which is required in most methods of app-domain communication and control. Defining assemblies as fully-trusted In my last post, I mentioned that when you create a sandboxed appdomain, you can pass in a list of assembly strongnames that run as full-trust within the appdomain: // get the Assembly object for the assembly Assembly assemblyWithApi = ... // get the StrongName from the assembly's collection of evidence StrongName apiStrongName = assemblyWithApi.Evidence.GetHostEvidence<StrongName>(); // create the sandbox AppDomain sandbox = AppDomain.CreateDomain( "Sandbox", null, appDomainSetup, restrictedPerms, apiStrongName); Any assembly that is loaded into the sandbox with a strong name the same as one in the list of full-trust strong names is unconditionally given full-trust permissions within the sandbox, irregardless of permissions and sandbox setup. This is very powerful! You should only use this for assemblies that you trust as much as the code creating the sandbox. So now you have a class that you want the sandboxed code to call: // within assemblyWithApi public class MyApi { public static void MethodToDoThings() { ... } } // within the sandboxed dll public class UntrustedSandboxedClass { public void DodgyMethod() { ... MyApi.MethodToDoThings(); ... } } However, if you try to do this, you get quite an ugly exception: MethodAccessException: Attempt by security transparent method ‘UntrustedSandboxedClass.DodgyMethod()’ to access security critical method ‘MyApi.MethodToDoThings()’ failed. Security transparency, which I covered in my first post in the series, has entered the picture. Partially-trusted code runs at the Transparent security level, fully-trusted code runs at the Critical security level, and Transparent code cannot under any circumstances call Critical code. Security transparency and AllowPartiallyTrustedCallersAttribute So the solution is easy, right? Make MethodToDoThings SafeCritical, then the transparent code running in the sandbox can call the api: [SecuritySafeCritical] public static void MethodToDoThings() { ... } However, this doesn’t solve the problem. When you try again, exactly the same exception is thrown; MethodToDoThings is still running as Critical code. What’s going on? By default, a fully-trusted assembly always runs Critical code, irregardless of any security attributes on its types and methods. This is because it may not have been designed in a secure way when called from transparent code – as we’ll see in the next post, it is easy to open a security hole despite all the security protections .NET 4 offers. When exposing an assembly to be called from partially-trusted code, the entire assembly needs a security audit to decide what should be transparent, safe critical, or critical, and close any potential security holes. This is where AllowPartiallyTrustedCallersAttribute (APTCA) comes in. Without this attribute, fully-trusted assemblies run Critical code, and partially-trusted assemblies run Transparent code. When this attribute is applied to an assembly, it confirms that the assembly has had a full security audit, and it is safe to be called from untrusted code. All code in that assembly runs as Transparent, but SecurityCriticalAttribute and SecuritySafeCriticalAttribute can be applied to individual types and methods to make those run at the Critical or SafeCritical levels, with all the restrictions that entails. So, to allow the sandboxed assembly to call the full-trust API assembly, simply add APCTA to the API assembly: [assembly: AllowPartiallyTrustedCallers] and everything works as you expect. The sandboxed dll can call your API dll, and from there communicate with the rest of the application. Conclusion That’s the basics of running a full-trust assembly in a sandboxed appdomain, and allowing a sandboxed assembly to access it. The key is AllowPartiallyTrustedCallersAttribute, which is what lets partially-trusted code call a fully-trusted assembly. However, an assembly with APTCA applied to it means that you have run a full security audit of every type and member in the assembly. If you don’t, then you could inadvertently open a security hole. I’ll be looking at ways this can happen in my next post.

    Read the article

  • Partner Webcast – Implementing Web Services & SOA Security with Oracle Fusion Middleware - 20 September 2012

    - by Thanos
    Security was always one of the main pain points for the IT industry, and new security challenges has been introduced with the proliferation  of the service-oriented approach to building modern software. Oracle Fusion Middleware provides a wide variety of features that ease the building service-oriented solutions, but how these services can be secured?Should we implement the security features in each and every service or there’s a better way? During the webinar we are going to show how to implement non-intrusive declarative security for your SOA components by introducing the Oracle product portfolio in this area, such as Oracle Web Services Manager and Oracle IDM. Agenda: SOA & Web Services basics: quick refresher Building your SOA with Oracle Fusion Middleware: product review Common security risks in the Web Services world SOA & Web Services security standards Implementing Web Services Security with the Oracle products Web Services Security with Oracle – the big picture Declarative end point security with Oracle Web Services Manager Perimeter Security with Oracle Enterprise Gateway Utilizing the other Oracle IDM products for the advanced scenarios Q&A session Delivery Format This FREE online LIVE eSeminar will be delivered over the Web. Registrations received less than 24hours prior to start time may not receive confirmation to attend. Thursday, September 20, 2012 - 10:00 AM to 11:00 AM CET (GMT/UTC+1)Duration: 1 hour Register Now Send your questions and migration/upgrade requests [email protected] Visit regularly our ISV Migration Center blog or Follow us @oracleimc to learn more on Oracle Technologies, upcoming partner webcasts and events. All content is made available through our YouTube - SlideShare - Oracle Mix.

    Read the article

  • Implementing SOA & Security with Oracle Fusion Middleware in your solution – partner webcast September 20th 2012

    - by JuergenKress
    Security was always one of the main pain points for the IT industry, and new security challenges has been introduced with the proliferation  of the service-oriented approach to building modern software. Oracle Fusion Middleware provides a wide variety of features that ease the building service-oriented solutions, but how these services can be secured? Should we implement the security features in each and every service or there’s a better way? During the webinar we are going to show how to implement non-intrusive declarative security for your SOA components by introducing the Oracle product portfolio in this area, such as Oracle Web Services Manager and Oracle Enterprise Gateway. Agenda: SOA & Web Services basics: quick refresher Building your SOA with Oracle Fusion Middleware: product review Common security risks in the Web Services world SOA & Web Services security standards Implementing Web Services Security with the Oracle products Web Services Security with Oracle – the big picture Declarative end point security with Oracle Web Services Manager Perimeter Security with Oracle Enterprise Gateway Utilizing the other Oracle IDM products for the advanced scenarios Q&A session Delivery Format This FREE online LIVE eSeminar will be delivered over the Web. Registrations received less than 24hours prior to start time may not receive confirmation to attend. Duration: 1 hour Register Now Send your questions and migration/upgrade requests [email protected] Visit regularly our ISV Migration Center blog or Follow us @oracleimc to learn more on Oracle Technologies, upcoming partner webcasts and events. All content is made available through our YouTube - SlideShare - Oracle Mix. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit  www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Technorati Tags: Technorati Tags: ISV migration center,SOA,IDM,SOA Community,Oracle SOA,Oracle BPM,BPM,Community,OPN,Jürgen Kress

    Read the article

  • Security Controls on data for P6 Analytics

    - by Jeffrey McDaniel
    The Star database and P6 Analytics calculates security based on P6 security using OBS, global, project, cost, and resource security considerations. If there is some concern that users are not seeing expected data in P6 Analytics here are some areas to review: 1. Determining if a user has cost security is based on the Project level security privileges - either View Project Costs/Financials or Edit EPS Financials. If expecting to see costs make sure one of these permissions are allocated.  2. User must have OBS access on a Project. Not WBS level. WBS level security is not supported. Make sure user has OBS on project level.  3. Resource Access is determined by what is granted in P6. Verify the resource access granted to this user in P6. Resource security is hierarchical. Project access will override Resource access based on the way security policies are applied. 4. Module access must be given to a P6 user for that user to come over into Star/P6 Analytics. For earlier version of RDB there was a report_user_flag on the Users table. This flag field is no longer used after P6 Reporting Database 2.1. 5. For P6 Reporting Database versions 2.2 and higher, the Extended Schema Security service must be run to calculate all security. Any changes to privileges or security this service must be rerun before any ETL. 6. In P6 Analytics 2.0 or higher, a Weblogic user must exist that matches the P6 username. For example user Tim must exist in P6 and Weblogic users for Tim to be able to log into P6 Analytics and access data based on  P6 security.  In earlier versions the username needed to exist in RPD. 7. Cache in OBI is another area that can sometimes make it seem a user isn't seeing the data they expect. While cache can be beneficial for performance in OBI. If the data is outdated it can retrieve older, stale data. Clearing or turning off cache when rerunning a query can determine if the returned result set was from cache or from the database.

    Read the article

  • Free E-Book from APress - Platform Embedded Security Technology Revealed

    - by TATWORTH
    Originally posted on: http://geekswithblogs.net/TATWORTH/archive/2014/08/23/free-e-book-from-apress---platform-embedded-security-technology-revealed.aspxAt  http://www.apress.com/9781430265719, APress are providing a free E-Book - Platform Embedded Security Technology Revealed. “Platform Embedded Security Technology Revealed is an in-depth introduction to Intel’s security and management engine, with details on the security features and the steps for configuring and invoking them. It's written for security professionals and researchers; embedded-system engineers; and software engineers and vendors.”

    Read the article

  • WCF: What happens if a channel is established but no method is called?

    - by mafutrct
    In my specific case: A WCF connection is established, but the only method with "IsInitiating=true" (the login method) is never called. What happens? In case the connection is closed due to inactivity after some time: Which setting configures this timeout? Is there still a way for a client to keep the connection alive? Reason for this question: I'm considering the above case as a possible security hole. Imagine many clients connecting to a server without logging in thus preventing other clients from connecting due to bandwidth problems or port shortage or lack of processing power or ... Am I dreaming, or is this an actual issue?

    Read the article

  • WCF RIA Services DomainContext Abstraction Strategies–Say That 10 Times!

    - by dwahlin
    The DomainContext available with WCF RIA Services provides a lot of functionality that can help track object state and handle making calls from a Silverlight client to a DomainService. One of the questions I get quite often in our Silverlight training classes (and see often in various forums and other areas) is how the DomainContext can be abstracted out of ViewModel classes when using the MVVM pattern in Silverlight applications. It’s not something that’s super obvious at first especially if you don’t work with delegates a lot, but it can definitely be done. There are various techniques and strategies that can be used but I thought I’d share some of the core techniques I find useful. To start, let’s assume you have the following ViewModel class (this is from my Silverlight Firestarter talk available to watch online here if you’re interested in getting started with WCF RIA Services): public class AdminViewModel : ViewModelBase { BookClubContext _Context = new BookClubContext(); public AdminViewModel() { if (!DesignerProperties.IsInDesignTool) { LoadBooks(); } } private void LoadBooks() { _Context.Load(_Context.GetBooksQuery(), LoadBooksCallback, null); } private void LoadBooksCallback(LoadOperation<Book> books) { Books = new ObservableCollection<Book>(books.Entities); } } Notice that BookClubContext is being used directly in the ViewModel class. There’s nothing wrong with that of course, but if other ViewModel objects need to load books then code would be duplicated across classes. Plus, the ViewModel has direct knowledge of how to load data and I like to make it more loosely-coupled. To do this I create what I call a “Service Agent” class. This class is responsible for getting data from the DomainService and returning it to a ViewModel. It only knows how to get and return data but doesn’t know how data should be stored and isn’t used with data binding operations. An example of a simple ServiceAgent class is shown next. Notice that I’m using the Action<T> delegate to handle callbacks from the ServiceAgent to the ViewModel object. Because LoadBooks accepts an Action<ObservableCollection<Book>>, the callback method in the ViewModel must accept ObservableCollection<Book> as a parameter. The callback is initiated by calling the Invoke method exposed by Action<T>: public class ServiceAgent { BookClubContext _Context = new BookClubContext(); public void LoadBooks(Action<ObservableCollection<Book>> callback) { _Context.Load(_Context.GetBooksQuery(), LoadBooksCallback, callback); } public void LoadBooksCallback(LoadOperation<Book> lo) { //Check for errors of course...keeping this brief var books = new ObservableCollection<Book>(lo.Entities); var action = (Action<ObservableCollection<Book>>)lo.UserState; action.Invoke(books); } } This can be simplified by taking advantage of lambda expressions. Notice that in the following code I don’t have a separate callback method and don’t have to worry about passing any user state or casting any user state (the user state is the 3rd parameter in the _Context.Load method call shown above). public class ServiceAgent { BookClubContext _Context = new BookClubContext(); public void LoadBooks(Action<ObservableCollection<Book>> callback) { _Context.Load(_Context.GetBooksQuery(), (lo) => { var books = new ObservableCollection<Book>(lo.Entities); callback.Invoke(books); }, null); } } A ViewModel class can then call into the ServiceAgent to retrieve books yet never know anything about the DomainContext object or even know how data is loaded behind the scenes: public class AdminViewModel : ViewModelBase { ServiceAgent _ServiceAgent = new ServiceAgent(); public AdminViewModel() { if (!DesignerProperties.IsInDesignTool) { LoadBooks(); } } private void LoadBooks() { _ServiceAgent.LoadBooks(LoadBooksCallback); } private void LoadBooksCallback(ObservableCollection<Book> books) { Books = books } } You could also handle the LoadBooksCallback method using a lambda if you wanted to minimize code just like I did earlier with the LoadBooks method in the ServiceAgent class.  If you’re into Dependency Injection (DI), you could create an interface for the ServiceAgent type, reference it in the ViewModel and then inject in the object to use at runtime. There are certainly other techniques and strategies that can be used, but the code shown here provides an introductory look at the topic that should help get you started abstracting the DomainContext out of your ViewModel classes when using WCF RIA Services in Silverlight applications.

    Read the article

  • WCF/MSMQ Transport Security with Certificates

    - by user104295
    Hi there, my goal is to secure the communication between MSMQ Queue Managers – I don’t want unknown clients sending messages to my MSMQ server. I have spent many hours now trying to get Transport security working for the net.msmq binding in WCF, where MSMQ is in Workgroup mode and the client and server do not have Active Directory… so I’m using certificates. I have created a new X.509 certificate, called Kristan and put it into the “Trusted people” store on the server and into the My store of Current User of the client. The error I’m getting is: An error occurred while sending to the queue: Unrecognized error -1072824272 (0xc00e0030).Ensure that MSMQ is installed and running. If you are sending to a local queue, ensure the queue exists with the required access mode and authorization. Using smartsniff, I see that there’s no attempted connection with the remote MSMQ, however, it’s an error probably coming from the local queue manager. The stack trace is: at System.ServiceModel.Channels.MsmqOutputChannel.OnSend(Message message, TimeSpan timeout) at System.ServiceModel.Channels.OutputChannel.Send(Message message, TimeSpan timeout) at System.ServiceModel.Dispatcher.OutputChannelBinder.Send(Message message, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message) The code:- EndpointAddress endpointAddress = new EndpointAddress(new Uri(endPointAddress)); NetMsmqBinding clientBinding = new NetMsmqBinding(); clientBinding.Security.Mode = NetMsmqSecurityMode.Transport; clientBinding.Security.Transport.MsmqAuthenticationMode = MsmqAuthenticationMode.Certificate; clientBinding.Security.Transport.MsmqProtectionLevel = System.Net.Security.ProtectionLevel.Sign; clientBinding.ExactlyOnce = false; clientBinding.UseActiveDirectory = false; // start new var channelFactory = new ChannelFactory<IAsyncImportApi>(clientBinding, endpointAddress); channelFactory.Credentials.ClientCertificate.SetCertificate("CN=Kristan", StoreLocation.CurrentUser, StoreName.My); The queue is flagged as ‘Authenticated’ on the server. I have checked the effect of this and if I turn off all security in the client send, then I get ‘Signature is invalid’ – which is understandable and shows that it’s definitely looking for a sig. Are there are special ports that I need to check are open for cert-based msmq auth? thanks Kris

    Read the article

  • Client unable to authenticate when connecting to WCF service

    - by davecoulter
    I have a WCF service hosted in a Windows service. The application is an intranet app, and I have programmatically set the bindings on both the service and the client as: NetTcpBinding aBinding = new NetTcpBinding(SecurityMode.Transport); aBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows; aBinding.Security.Transport.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign; Both the service and client have endpoints configured with SPNs: EndpointAddress = new EndpointAddress(uri, EndpointIdentity.CreateSpnIdentity("Service1")); As far as I know, I have setup the bindings correctly-- and I am usually able to connect to the service just fine. I did however run into a case where on a server running Windows Server 2003 R2, x64, SP2 I get the following exception immediately when the client tries to connect: INNEREXCEPTION -- Exception Message: InvalidCredentialException: Either the target name is incorrect or the server has rejected the client credentials. Stack Trace: at System.Net.Security.NegoState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Net.Security.NegotiateStream.AuthenticateAsClient(NetworkCredential credential, String targetName, ProtectionLevel requiredProtectionLevel, TokenImpersonationLevel allowedImpersonationLevel) at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity) I get the exception when I try to connect to the service from another machine in the domain, but if I connect to the service on the same machine running the service it works fine. The hosting service itself is running as a domain user account-- but I have tried running the service as a Local System and Network Service to no avail. I have checked the Local Security Policies for the server and didn't see anything amiss (i.e. 'Access this computer from the network' includes 'Everyone'). Anyone have an idea of what could resolve this? I am wondering if I need to do something in Active Directory with respect to the service's SPN? I have read some about using setspn.exe to register or refresh SPNs, but I haven't needed to do this before. Why would this be working with other configurations but not the one above?

    Read the article

  • WCF timeout exception detailed investigation

    - by Jason Kealey
    We have an application that has a WCF service (*.svc) running on IIS7 and various clients querying the service. The server is running Win 2008 Server. The clients are running either Windows 2008 Server or Windows 2003 server. I am getting the following exception, which I have seen can in fact be related to a large number of potential WCF issues. System.TimeoutException: The request channel timed out while waiting for a reply after 00:00:59.9320000. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout. ---> System.TimeoutException: The HTTP request to 'http://www.domain.com/WebServices/myservice.svc/gzip' has exceeded the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout. I have increased the timeout to 30min and the error still occurred. This tells me that something else is at play, because the quantity of data could never take 30min to upload or download. The error comes and goes. At the moment, it is more frequent. It does not seem to matter if I have 3 clients running simultaneously or 100, it still occurs once in a while. Most of the time, there are no timeouts but I still get a few per hour. The error comes from any of the methods that are invoked. One of these methods does not have parameters and returns a bit of data. Another takes in lots of data as a parameter but executes asynchronously. The errors always originate from the client and never reference any code on the server in the stack trace. It always ends with: at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) On the server: I've tried (and currently have) the following binding settings: maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647" It does not seem to have an impact. I've tried (and currently have) the following throttling settings: <serviceThrottling maxConcurrentCalls="1500" maxConcurrentInstances="1500" maxConcurrentSessions="1500"/> It does not seem to have an impact. I currently have the following settings for the WCF service. [ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Single)] I ran with ConcurrencyMode.Multiple for a while, and the error still occurred. I've tried restarting IIS, restarting my underlying SQL Server, restarting the machine. All of these don't seem to have an impact. I've tried disabling the Windows firewall. It does not seem to have an impact. On the client, I have these settings: maxReceivedMessageSize="2147483647" <system.net> <connectionManagement> <add address="*" maxconnection="16"/> </connectionManagement> </system.net> My client closes its connections: var client = new MyClient(); try { return client.GetConfigurationOptions(); } finally { client.Close(); } I have changed the registry settings to allow more outgoing connections: MaxConnectionsPerServer=24, MaxConnectionsPer1_0Server=32. I have now just recently tried SvcTraceViewer.exe. I managed to catch one exception on the client end. I see that its duration is 1 minute. Looking at the server side trace, I can see that the server is not aware of this exception. The maximum duration I can see is 10 seconds. I have looked at active database connections using exec sp_who on the server. I only have a few (2-3). I have looked at TCP connections from one client using TCPview. It usually is around 2-3 and I have seen up to 5 or 6. Simply put, I am stumped. I have tried everything I could find, and must be missing something very simple that a WCF expert would be able to see. It is my gut feeling that something is blocking my clients at the low-level (TCP), before the server actually receives the message and/or that something is queuing the messages at the server level and never letting them process. If you have any performance counters I should look at, please let me know. (please indicate what values are bad, as some of these counters are hard to decypher). Also, how could I log the WCF message size? Finally, are there any tools our there that would allow me to test how many connections I can establish between my client and server (independently from my application) Thanks for your time! Extra information added June 20th: My WCF application does something similar to the following. while (true) { Step1GetConfigurationSettingsFromServerViaWCF(); // can change between calls Step2GetWorkUnitFromServerViaWCF(); DoWorkLocally(); // takes 5-15minutes. Step3SendBackResultsToServerViaWCF(); } Using WireShark, I did see that when the error occurs, I have a five TCP retransmissions followed by a TCP reset later on. My guess is the RST is coming from WCF killing the connection. The exception report I get is from Step3 timing out. I discovered this by looking at the tcp stream "tcp.stream eq 192". I then expanded my filter to "tcp.stream eq 192 and http and http.request.method eq POST" and saw 6 POSTs during this stream. This seemed odd, so I checked with another stream such as tcp.stream eq 100. I had three POSTs, which seems a bit more normal because I am doing three calls. However, I do close my connection after every WCF call, so I would have expected one call per stream (but I don't know much about TCP). Investigating a bit more, I dumped the http packet load to disk to look at what these six calls where. 1) Step3 2) Step1 3) Step2 4) Step3 - corrupted 5) Step1 6) Step2 My guess is two concurrent clients are using the same connection, that is why I saw duplicates. However, I still have a few more issues that I can't comprehend: a) Why is the packet corrupted? Random network fluke - maybe? The load is gzipped using this sample code: http://msdn.microsoft.com/en-us/library/ms751458.aspx - Could the code be buggy once in a while when used concurrently? I should test without the gzip library. b) Why would I see step 1 & step 2 running AFTER the corrupted operation timed out? It seems to me as if these operations should not have occurred. Maybe I am not looking at the right stream because my understanding of TCP is flawed. I have other streams that occur at the same time. I should investigate other streams - a quick glance at streams 190-194 show that the Step3 POST have proper payload data (not corrupted). Pushing me to look at the gzip library again.

    Read the article

  • Role of Microsoft certifications ADO.Net, ASP.Net, WPF, WCF and Career?

    - by Steve Johnson
    I am a Microsoft fan and .Net enthusiast. I want to align my career in the lines of current and future .Net technologies. I have an MCTS in ASP.Net 3.5. The question is about the continuation of certifications and my career growth and maybe a different job! I want to keep pace with future Microsoft .Net technologies. My current job however doesn't allow so.So i bid to do .Net based certifications to stay abreast with latest .Net technologies. My questions: What certifications should i follow next? I have MCTS .Net 3.5 WPF(Exam 70-502) and MCTS .Net 3.5 WCF(Exam 70-504) in my mind so that i can go for Silverlight development and seek jobs related to Silverlight development. What other steps i need to take in order to develop professional expertise in technologies such as WPF, WCF and Silverlight when my current employer is reluctant to shift to latest .Net technologies? I am sure that there are a lot of people of around here who are working with .Net technologies and they have industrial experience. I being a new comer and starter in my career need to take right decision and so i am seeking help from this community in guiding me to the right path. Expert replies are much appreciated and thanks in advance. Best Regards Steve.

    Read the article

  • When adding WCF service reference, configuration details are not added to web.config

    - by Mikey Cee
    Hi, I am trying to add a WCF service reference to my web application using VS2010. It seems to add OK, but the web.config is not updated, meaning I get a runtime exception: Could not find default endpoint element that references contract 'CoolService.CoolService' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this contract could be found in the client element. Obviously, because the service is not defined in my web.config. Steps to reproduce: Right click solution Add New Project ASP.NET Empty Web Application. Right click Service References in the new web app Add Service Reference. Enter address of my service and click Go. My service is visible in the left-hand Services section, and I can see all its operations. Type a namespace for my service. Click OK. The service reference is generated correctly, and I can open the Reference.cs file, and it all looks OK. Open the web.config file. It is still empty! <system.web> <compilation debug="true" targetFramework="4.0" /> </system.web> <system.serviceModel> <bindings /> <client /> </system.serviceModel> Why is this happening? It also happens with a console application, or any other project type I try. Any help? Here is the app.config from my WCF service: <?xml version="1.0"?> <configuration> <system.web> <compilation debug="true" /> </system.web> <!-- When deploying the service library project, the content of the config file must be added to the host's app.config file. System.Configuration does not support config files for libraries. --> <system.serviceModel> <services> <service name="CoolSQL.Server.WCF.CoolService"> <endpoint address="" binding="webHttpBinding" contract="CoolSQL.Server.WCF.CoolService" behaviorConfiguration="SilverlightFaultBehavior"> <identity> <dns value="localhost" /> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> <host> <baseAddresses> <add baseAddress="http://localhost:8732/Design_Time_Addresses/CoolSQL.Server.WCF/CoolService/" /> </baseAddresses> </host> </service> </services> <behaviors> <endpointBehaviors> <behavior name="webBehavior"> <webHttp /> </behavior> <behavior name="SilverlightFaultBehavior"> <silverlightFaults /> </behavior> </endpointBehaviors> <serviceBehaviors> <behavior name=""> <serviceMetadata httpGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <bindings> <webHttpBinding> <binding name="DefaultBinding" bypassProxyOnLocal="true" useDefaultWebProxy="false" hostNameComparisonMode="WeakWildcard" sendTimeout="00:05:00" openTimeout="00:05:00" receiveTimeout="00:00:10" maxReceivedMessageSize="2147483647" transferMode="Streamed"> <readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647" /> </binding> </webHttpBinding> </bindings> <extensions> <behaviorExtensions> <add name="silverlightFaults" type="CoolSQL.Server.WCF.SilverlightFaultBehavior, CoolSQL.Server.WCF" /> </behaviorExtensions> </extensions> <diagnostics> <messageLogging logEntireMessage="true" logMalformedMessages="false" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="false" maxMessagesToLog="3000" maxSizeOfMessageToLog="2000" /> </diagnostics> </system.serviceModel> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" /> </startup> <system.diagnostics> <sources> <source name="System.ServiceModel.MessageLogging" switchValue="Information, ActivityTracing"> <listeners> <add name="messages" type="System.Diagnostics.XmlWriterTraceListener" initializeData="c:\messages.e2e" /> </listeners> </source> </sources> </system.diagnostics> </configuration>

    Read the article

  • Spring Security: how to implement Brute Force Detection (BFD)?

    - by Kdeveloper
    My web applications security is handled by Spring Security 3.02 but I can't find any out of the box support for Brute Force Detection. I would like to implement some application level BFD protection. For example by storing failed login attempt per user in the database (JPA). The attacked user accounts could then get a lockout period or a forced account re-activation by e-mail. What's the best way to implement this with Spring Security? Does any body have example code or best practices on this?

    Read the article

  • Exposing BL as WCF service

    - by Oren Schwartz
    I'm working on a middle-tier project which encapsulates the business logic (uses a DAL layer, and serves a web application server [ASP.net]) of a product deployed in a LAN. The BL serves as a bunch of services and data objects that are invoked upon user action. At present times, the DAL acts as a separate application whereas the BL uses it, but is consumed by the web application as a DLL. Both the DAL and the web application are deployed on different servers inside organization, and since the BL DLL is consumed by the web application, it resides in the same server. The worst thing about exposing the BL as a DLL is that we lost track with what we expose. Deployment is not such a big issue since mostly, product versions are deployed together. Would you recommend migrating from DLL to WCF service? if so, why ? Do you know anyone who had a similar experience ?

    Read the article

  • Exposing BL as WCF service

    - by Oren Schwartz
    I'm working on a middle-tier project which encapsulates the business logic (uses a DAL layer, and serves a web application server [ASP.net]) of a product deployed in a LAN. The BL serves as a bunch of services and data objects that are invoked upon user action. At present times, the DAL acts as a separate application whereas the BL uses it, but is consumed by the web application as a DLL. Both the DAL and the web application are deployed on different servers inside organization, and since the BL DLL is consumed by the web application, it resides in the same server. The worst thing about exposing the BL as a DLL is that we lost track with what we expose. Deployment is not such a big issue since mostly, product versions are deployed together. Would you recommend migrating from DLL to WCF service? if so, why ? Do you know anyone who had a similar experience ? Thank you !

    Read the article

  • Reality behind wireless security - the weakness of encrypting

    - by Cawas
    I welcome better key-wording here, both on tags and title, and I'll add more links as soon as possible. For some years I'm trying to conceive a wireless environment that I'd setup anywhere and advise for everyone, including from big enterprises to small home networks of 1 machine. I've always had the feeling using any kind of the so called "wireless security" methods is actually a bad design. I'm talking mostly about encrypting and pass-phrasing (which are actually two different concepts), since I won't even considering hiding SSID and mac filtering. I understand it's a natural way of thinking. With cable networking nobody can access the network unless they have access to the physical cable, so you're "secure" in the physical way. In a way, encrypting is for wireless what walling (building walls) is for the cables. And giving pass-phrases is adding a door with a key. But the cabling without encryption is also insecure. Someone just need to plugin and get your data! And while I can see the use for encrypting data, I don't think it's a security measure in wireless networks. As I said elsewhere, I believe we should encrypt only sensitive data regardless of wires. And passwords should be added to the users, always, not to wifi. For securing files, truly, best solution is backup. Sure all that doesn't happen that often, but I won't consider the most situations where people just don't care. I think there are enough situations where people actually care on using passwords on their OS users, so let's go with that in mind. For being able to break the walls or the door someone will need proper equipment such as a hammer or a master key of some kind. Same is true for breaking the wireless walls in the analogy. But, I'd say true data security is at another place. I keep promoting the Fonera concept as an instance. It opens up a free wifi port, if you choose so, and anyone can connect to the internet through that, without having any access to your LAN. It also uses a QoS which will never let your bandwidth drop from that public usage. That's security, and it's open. And who doesn't want to be able to use internet freely anywhere you can find wifi spots? I have 3G myself, but that's beyond the point here. If I have a wifi at home I want to let people freely use it for internet as to not be an hypocrite and even guests can easily access my files, just for reading access, so I don't need to keep setting up encryption and pass-phrases that are not whole compatible. I'll probably be bashed for promoting the non-usage of WPA 2 with AES or whatever, but I wanted to know from more experienced (super) users out there: what do you think? Is there really a need for encryption to have true wireless security?

    Read the article

  • WCF Communication Problem

    - by vincpa
    Two separate servers, one is an IIS7 web application trying to connect to a WCF service on the other server. The initial connect always fails, sometimes the second, after that, everything works normal. What could be the cause of this problem? The exception that gets thrown is EndpointNotFoundException Could not connect to net.tcp://192.168.0.83/MgrService/Manager.svc. The connection attempt lasted for a time span of 00:00:21.0289348. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 192.168.0.83:808.

    Read the article

  • Calling webservice from WCF service

    - by Balaji
    I am having an issue consuming a webservice (c#.net) from a WCF service. The error i am getting is EndPointNotFoundException "TCP error code 10061: No connection could be made because the target machine actively refused it" I wrote a unit test to check if i could send a request to the web service and it worked fine [The unit test is using the same binding configuration as my WCF service] The web service and WCF service (client) have basichttp binding. Did anyone had similar kind of issue calling a webservice from a WCF service? The service Model section is as follows <system.serviceModel> <bindings> <basicHttpBinding> <binding name="DataService" closeTimeout="00:05:00" openTimeout="00:05:00" receiveTimeout="00:10:00" sendTimeout="00:05:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/> <security mode="None"> <transport clientCredentialType="None" proxyCredentialType="None" realm=""/> <message clientCredentialType="UserName" algorithmSuite="Default"/> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="http://10.22.33.67/Service/DataService.asmx" binding="basicHttpBinding" bindingConfiguration="DataService" contract="Service.DataService" name="DataService"/> </client> <services> <service name="TestToConsumeDataService.WCFHost.Service1" behaviorConfiguration="TestToConsumeDataService.WCFHost.Service1Behavior"> <!-- Service Endpoints --> <endpoint address="" binding="basicHttpBinding" contract="TestToConsumeDataService.WCFHost.IService1"> <!-- Upon deployment, the following identity element should be removed or replaced to reflect the identity under which the deployed service runs. If removed, WCF will infer an appropriate identity automatically. --> <identity> <dns value="localhost"/> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="TestToConsumeDataService.WCFHost.Service1Behavior"> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> The unit test project is also using the same service model section and it works. The only issue is while calling the service from another WCF service. Could you please suggest.

    Read the article

  • Is a security seal or EV SLL more important?

    - by Guy
    Does anybody know of a survey or study that compares site visitor attitudes/perceptions to security between an EV SSL cert and a security seal? The EV SSL cert will show up green in the URL (like a bank) and the security seal is usually in the footer and says something like "secured by" or "hacker proof" or "website protection" I'm looking for evidence that if you could only chose one, which would it be?

    Read the article

  • GlassFish v3: Security related updates + Repository/Publisher?

    - by chris_l
    I've used GlassFish v3.0 as my main development application server for a few weeks now. Now that I want to install it on my VPS, I'd like to get the latest security updates, because Glassfish v3 Release 3.0 (Open Source Edition or not) is already a few months old, and v3.1 is only available as "early access" nightlies (see https://glassfish.dev.java.net/public/downloadsindex.html). GlassFish offers an update mechanism (via pkg or updateTool), but when I simply try to get the latest updates (pkg image-update), it finds nothing. However, when I change the preferred publisher to dev.glassfish.org, I get a list with lots of updates. The interesting thing is, that I haven't been able to find any description about the contents of the diverse publishers/repositories (release, stable, contrib and dev) anywhere on the web, most importantly answering the question: Am I supposed to use the dev repository for security updates, or does it contain unstable updates? (The name suggests unstable updates, but the version numbers, like "3.0.1,0-11:20100331T082227Z" leave me guessing. The build is more than a week old, so it's obviously not "nightly" or "weekly", but what is it?) Where do I get security updates from then? Or are there simply no security updates yet? Asking on the GlassFish forum resulted in 56 views, but 0 answers.

    Read the article

  • GlassFish v3: Security related updates?

    - by chris_l
    I've used GlassFish v3.0 as my main development application server for a few weeks now. Now that I want to install it on my VPS, I'd like to get the latest security updates, because Glassfish v3 Release 3.0 (Open Source Edition or not) is already a few months old, and v3.1 is only available as "early access" nightlies (see https://glassfish.dev.java.net/public/downloadsindex.html). GlassFish offers an update mechanism (via pkg or updateTool), but when I simply try to get the latest updates (pkg image-update), it finds nothing. However, when I change the preferred publisher to dev.glassfish.org, I get a list with lots of updates. The interesting thing is, that I haven't been able to find any description about the exact meaning of the diverse publishers/repositories (release, stable, contrib and dev) anywhere on the web, most importantly answering the question: Am I supposed to use the "dev" repository for security updates, or is it (probably more likely) for unstable updates? Where do I get security updates from then? Or are there simply no security updates yet? Asking on the GlassFish forum resulted in 56 views, but 0 answers.

    Read the article

< Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >