Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

Page 234/509 | < Previous Page | 230 231 232 233 234 235 236 237 238 239 240 241  | Next Page >

• What is the safest way for a PHP script to connect to a local PostgreSQL instance on Linux?

  - by Botond Balázs

  I think if I granted the apache user appropriate privileges and used the ident authentication method, that would make the connection more secure because then the password wouldn't need to be stored in a connection string. Also, that way the security of the connection would depend on how secure the host system is. I disabled root login over ssh and only permit public key authentication so I think it is pretty secure. Does this have any significant security benefits or is it just wishful thinking? Is it necessary at all?

  Read the article

• Embed external images for use in HTML canvas?

  - by Philipp Lenssen

  I'm using JavaScript to load an image into my Canvas element in Firefox. This works fine for local images, but throws a security exception for external images. Is there any way to avoid this security exception, one that does not involve my server having to act as proxy to load the image locally (because that would stress my server)? PS: The current code is similar to this: var img = new Image(); var contextSource = canvasSource.getContext('2d'); contextSource.drawImage(img, 0, 0); // get image data to do stuff with pixels var imageDataSource = contextSource.getImageData(0, 0, width - 1, height - 1);

  Read the article

• Translate from Java to C#: simple code to re-encode a string

  - by Dr. Zim

  We were sent this formula to encrypt a string written in Java: String myInput = "test1234"; MessageDigest md = MessageDigest.getInstance("SHA"); byte[] myD = md.digest(myInput.getBytes()); BASE64Encoder en64 = new BASE64Encoder(); String myOutput = new String ( Java.net.URLEncoder.encode( en64.encode(myD))); // myOutput becomes "F009U%2Bx99bVTGwS3cQdHf%2BJcpCo%3D" Our attempt at writing this in C# is: System.Security.Cryptography.SHA1 sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider(); string myOutput = HttpUtility.UrlEncode( Convert.ToBase64String( sha1.ComputeHash( ASCIIEncoding.Default.GetBytes(myInput)))); However the output is no where near the same. It doesn't even have percent signs in it. Any chance anyone would know where we are going wrong?

  Read the article

• help designing a method, should I use out or ref or return the type?

  - by Blankman

  I have a method that I will use in the following contexts: 1. User user = null; if(...) { user = defaultUser; SetUser(a,b,user); } else { SetUser(a,b,user); } SaveUser(user); So some cases are where user may be null, while in other cases it will already be initialized. How should I design the SetUser method? I currently have it like so, but this causes an error when user is null. public void SetUser(object a, object b, User user) { if(user == null) user = new User(); user.Security = a.security; user.Blah = b.type; }

  Read the article

• WCF client using basic HTTP authentication

  - by AZ

  I'm trying to connect to a service that uses basic HTTP authentication. I've configured my binding like this <bindings> <basicHttpBinding> <binding name ="binding"> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings> and i'm setting the credentials like this: client.ClientCredentials.UserName.UserName = Settings.UserName; client.ClientCredentials.UserName.Password = Settings.Password; Sill when i make a request i get a "The HTTP request is unauthorized with client authentication scheme 'Basic'" fault back. What am i doing wrong? (i don't have control over the service so all solutions must relate to the client configuration)

  Read the article

• How secure are GUIDs in terms of predictability?

  - by ssg

  We're using .NET's Guid.NewGuid() to generate activation codes and API keys currently. I wonder if that poses a security problem since their algorithm is open. .NET Guid uses Win32 CoCreateGuid and I don't know it's internals (possibly MAC address + timestamp?). Can someone derive a second GUID out of the first one, or can he hit it with some smart guesses or is the randomness good enough so search space becomes too big? Generating random keys have the problem of collision, they need a double check before adding to a database. That's why we stuck with GUIDs but I'm unsure about their security for these purposes. Here are the 4 consecutive UUIDGEN outputs: c44dc549-5d92-4330-b451-b29a87848993 d56d4c8d-bfba-4b95-8332-e86d7f204c1c 63cdf958-9d5a-4b63-ae65-74e4237888ea 6fd09369-0fbd-456d-9c06-27fef4c8eca5 Here are 4 of them by Guid.NewGuid(): 0652b193-64c6-4c5e-ad06-9990e1ee3791 374b6313-34a0-4c28-b336-bb2ecd879d0f 3c5a345f-3865-4420-a62c-1cdfd2defed9 5b09d7dc-8546-4ccf-9c85-de0bf4f43bf0

  Read the article

• Google App Engine with Java. Can't start:(

  - by anatolix

  Hello all! I have a problem with GAE. Even simpliest 'helloworld' app doesn't work in Eclipse. Such error appears: java.lang.IllegalStateException: SecurityManagerInstaller must be loaded in the system ClassLoader; was sun.misc.Launcher$ExtClassLoader@35ce36 at com.google.apphosting.utils.security.SecurityManagerInstaller.generatePolicyFile(SecurityManagerInstaller.java:103) at com.google.apphosting.utils.security.SecurityManagerInstaller.install(SecurityManagerInstaller.java:66) at com.google.appengine.tools.development.DevAppServerFactory.createDevAppServer(DevAppServerFactory.java:72) at com.google.appengine.tools.development.DevAppServerFactory.createDevAppServer(DevAppServerFactory.java:38) at com.google.appengine.tools.development.DevAppServerMain$StartAction.apply(DevAppServerMain.java:153) at com.google.appengine.tools.util.Parser$ParseResult.applyArgs(Parser.java:48) at com.google.appengine.tools.development.DevAppServerMain.<init>(DevAppServerMain.java:113) at com.google.appengine.tools.development.DevAppServerMain.main(DevAppServerMain.java:89) What does it mean, any idea, please?:)

  Read the article

• Not getting redirection to custom error page using custom errors - ASP.Net

  - by weevie

  Here's my Application_OnError event sink in global.asax.vb: Sub Application_OnError(ByVal sender As Object, ByVal e As EventArgs) Dim innerMostException As Exception = getInnerMostException(Me.Context.Error) If TypeOf innerMostException Is AccessDeniedException Then Security.LogAccessDeniedOccurrence(DirectCast(innerMostException, AccessDeniedException)) Dim fourOhThree As Integer = DirectCast(HttpStatusCode.Forbidden, Integer) Throw New HttpException(fourOhThree, innerMostException.Message, innerMostException) End If End Sub You'll see that if we've got an innermost Exception of type AccessDeniedException we throw a new HTTPExcpetion with a status code of 403 AKA 'forbidden' Here's the relevant web.config entry: <customErrors defaultRedirect="~/Application/ServerError.aspx" mode="On"> <error statusCode="403" redirect="~/Secure/AccessDenied.aspx" /> </customErrors> So what we're expecting is a redirect to the AccessDenied.aspx page. What we get is a redirect to the ServerError.aspx page. We've also tried this: Sub Application_OnError(ByVal sender As Object, ByVal e As EventArgs) Dim innerMostException As Exception = getInnerMostException(Me.Context.Error) If TypeOf innerMostException Is AccessDeniedException Then Security.LogAccessDeniedOccurrence(DirectCast(innerMostException, AccessDeniedException)) Context.Response.StatusCode = DirectCast(HttpStatusCode.Forbidden, Integer) End If End Sub Which unsuprisingly doesn't work either. Any ideas what we're doing wrong?

  Read the article

• How do I fix SVC-FILWRT on Windows?

  - by rajpal

  I have to do some processing (enhancing metadata) on the XML document that are on my Marklogic database. For that I have created a new HTTP server that is pointing towards the database. Using that HTTP server, I write a XQuey that loop through all the XML documents in Marklogic database and send these XML documents to particular URL that reads the content from that document, append some metadata and then store back to ML. This is something I have tried on Linux platform with same version of Marklogic and it works great for me. But now, when I am trying the same on window platform (Windows 7 Enterprise addition) and it's not working. Approaches I tried to resolve that: Running Marklogic Server as "Run as Administrator". Putting HTTP server's Base directory into D:/ directory i.e. directory that does not have windows installed within it. Above same with putting forest to D:/ directory. The error on windows is: XDMP-FORESTNOT: Forest Security not available: XDMP-FORESTERR: Error in startup of forest Security: SVC-FILWRT:

  Read the article

• C++/CLI: CA2123: Requires SecurityCriticalAttribute?

  - by TomTom

  I am a little lost on erros like that: Warning 7 CA2123 : Microsoft.Security : Add the following security attribute to 'RithmicConnector::Connect(String^)' in order to match a LinkDemand on base method 'IConnector::Connect(String^)': 'SecurityCriticalAttribute'. c:\work\nettecture\tradex\source\tradex.connectivity.rithmic\rithmicconnector.cpp 52 Tradex.Connectivity.Rithmic Where do I add the SecurityCriticalAttribute? I tried on the header file - but the error does not disappear. I have one of those pretty much on every exposed method of a (managed C++) interface DLL. And I want CA to run through. How do I fix those? Regards

  Read the article

• Sql CLR calling webservice throws exception

  - by TonyP

  I have clr stored procedure that calls a Webservice method. Webmethod in turn call a com object .. and do some processing on a remote Unix server. When I invoke webmethod by it self it works fine. But when called from the CLR I get the following exception.. What am I doing wrong ? Msg 6522, Level 16, State 1, Procedure PrintOa, Line 0 A .NET Framework error occurred during execution of user-defined routine or aggregate "PrintOa": System.Security.HostProtectionException: Attempted to perform an operation that was forbidden by the CLR host. The protected resources (only available with full trust) were: All The demanded resources were: Synchronization System.Security.HostProtectionException: at System.Reflection.MethodBase.PerformSecurityCheck(Object obj, RuntimeMethodHandle method, IntPtr parent, UInt32 invocationFlags) at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) at System.Diagnostics.TraceUtils.GetRuntimeObject(String className, Type baseType, String initializeData) at System.Diagnostics.TypedElement.BaseGetRuntimeObject() at System.Diagnostics.ListenerElement.GetRuntimeObject() at System.Diagnostics.ListenerElementsCollection.GetRuntimeObject() at System.Diagnostics.TraceInternal.get_Listeners() at System.Diagnostics.TraceInternal.WriteLine(Object value) at System.Diagnostics.Debug.WriteLine(Object value) at BaaNOA.PrintOA(String trid)

  Read the article

• Creating compound applications in Windows 7

  - by Mmarquee

  I need to port a suite of Windows applications (running under XP with little security turned on) to Windows 7 with various levels of security, depending on how our clients may configure it. Each functional area is a seperate executable or DLL that is downloaded and registered by a central 'compound' application. This means that the different parts are all joined together to form in effect a large single application. My problem is that the compound application knows about the other applications via COM registery, either as a typelibrary or as OCXs, where appropriate. I have tried several questions here to try and solve the problems I am getting, but I don't seem to be able to get around the problem of needing elevated access to register applications and access the registry. Our clients will be expecting the same (relatively) seemless download and activation process as current under XP. So does anyone have a solution for registering typelibraries and OCX controls without need to go through an elevation process. Thanks in advance

  Read the article

• Is it possible to prevent a locally-running SWF (AS3) from downloading from my website?

  - by Matt

  I've got a crossdomain.xml file which allows SWFs running on only a certain few domains to download resources from my domain. However, one simple way around this is for a user to download the SWF to their local machine, and run it there (i.e. by double-clicking on it within Windows Explorer, not by running through http://localhost). It seems that when this happens, the crossdomain.xml file is ignored. I understand that in my actionscript, I can do this: if (Security.sandboxType.indexOf(Security.REMOTE) == -1) // running locally - don't allow However it is incredibly easy for someone to decompile the SWF and simply remove this line. Is it possible to do something on the server side to stop a locally running SWF to download from my site? I tried checking the referrer but this field often isn't populated. Does anyone have any other ideas? Thanks, Matt

  Read the article

• How to retrieve Google Blogger feed in ASP.NET medium trust?

  - by ChrisP

  I have an ASP.NET web site hosted at HostMySite.com and they recently changed the shared accounts to run in medium trust. In my web site I query my Blogger account and get blog posts to display on my web site. I am using Google.GData.Client v1.4.0.2 The retrieval works locally (and worked until medium trust was invoked at the ISP). Now I receive the following error: [SecurityException: Request for the permission of type 'System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.] System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0 System.Security.CodeAccessPermission.Demand() +58 System.Net.HttpWebRequest..ctor(Uri uri, ServicePoint servicePoint) +147 System.Net.HttpRequestCreator.Create(Uri Uri) +26 System.Net.WebRequest.Create(Uri requestUri, Boolean useUriBase) +216 System.Net.WebRequest.Create(Uri requestUri) +31 Google.GData.Client.GDataRequest.EnsureWebRequest() +77 Google.GData.Client.GDataRequest.Execute() +42 Google.GData.Client.Service.Query(Uri queryUri, DateTime ifModifiedSince, String etag, Int64& contentLength) +193 Google.GData.Client.Service.Query(FeedQuery feedQuery) +202 I've search the Google documentation and on-line but have not been able to find out what I need to change. Thanks

  Read the article

• Strategy for developing a multi function asp.net web application

  - by user247023

  I'm about to start a new project and want some advice on how to implement. I need a web application which contains a booking module for reserving timeslots, and a time management module which will enable employees to clock in / clock out. If I am writing an update to the time managment module, I don't want to disrupt the booking engine availability by releasing a new solution containing both modules. to make things more difficult, there is some shared functionality like common users, roles and security. Here's a suggestion I've gotten, which sounds a bit cruddy, but may be functional. Write a 'container' web application which consists of basically a frame, and authentication / security features. This then has links which, will load the 2 independantly built and released web applications into the frame. I can see that say, if I wanted to update the time management module, I would only need to build and release this separately, and the rest of the solution would be 'untouched' Any better alternatives?

  Read the article

• SharePoint form-based authentication with custom database

  - by Clodin

  Hi, I have SharePoint site and I want to use form-based authentication, not Windows how it is by default. For this I read that I have to modify the web.config from Central Administration and web.config from my site with the membership and roleManager tags configured properly. But if I use this: <membership> <providers> <add name="MyProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" .../> </providers> </membership> System.Web.Security.SqlMembershipProvider requires a database generated with ASP.NET SQL Server Setup Wizard (aspnet_regsql.exe), and this is my problem! I want to use another database with cunstom table 'Users' from where to take the username and password for authentication. How can I do this? Thank you in advance

  Read the article

• Implode error for PHP

  - by Pete Herbert Penito

  Hi Everyone! I have a form where I've got three checkboxes like this: <td>Wireless <input type="checkbox" name="services[]" value="wireless" /></td> </tr> <tr> <td>Cellular <input type="checkbox" name="services[]" value="cellular" /></td> </tr> <tr> <td>Security <input type="checkbox" name="services[]" value="Security" /></td> <input type="submit" name="submit"> and then I extract($_POST), and have this code $comServices = implode(",", $services); but I get an error: Warning: implode() [function.implode]: Invalid arguments passed in .. does anyone know why Im getting this error?

  Read the article

• Best Practice to write Connection string for heavy traffic ASP.NET Web Application

  - by hungrycoder

  What is the best way to define connection string for a web application that has minimum 500 live users on the internet in terms of connection pooling. And load factors to consider? Suppose I have connection string as follows: initial catalog=Northwind; Min Pool Size=20;Max Pool Size=500; data source=localhost; Connection Timeout=30; Integrated security=sspi" as Max Pool Size is 500 and as live users exceed 500 say 520 will the remaining 20 users experience slower page load?? Or what if I have connection string as follows which doesn't talks anything about pooling or Connection time out? How the application behaves then? initial catalog=Northwind; data source=localhost; Integrated security=sspi" I'm using "Using statements" however to access the MYSQL database.

  Read the article

• how to store passwords in database?

  - by rgksugan

  I use jsp and servlets in my web application. i need to store passwords in the database. I found that hashing will be the best way to do that. I used this code to do it. java.security.MessageDigest d = null; d = java.security.MessageDigest.getInstance("SHA-1"); d.reset(); d.update(pass.getBytes("UTF-8")); byte b[] = d.digest(); String tmp = (new BASE64Encoder()).encode(b); When i tried to print the value of tmp, i get some other value.i guess its the hash value of the password. But when i persist this data to the database the original password gets saved there other than the value in tmp.. What is the problem???

  Read the article

• Table prefix for MySqlMembershipProvider

  - by choudeshell

  I have MySqlMembershipProvider working with Asp.Net MVC. My question is how can I configure the table prefix... so instead of 'my_aspnet_' prefix on the tables, I want this to be either none or defined by me. My web.config: <?xml version="1.0"?> <add name="ApplicationServices" connectionString="server=localhost;user id=root;Password=*********;database=sparkSources" providerName="MySql.Data.MySqlClient"/> <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" /> </authentication> <membership defaultProvider="MySqlMembershipProvider"> <providers> <clear/> <add name="MySqlMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider, MySql.Web, Version=6.3.4.0, Culture=neutral, PublicKeyToken=c5687fc88969c44d" autogenerateschema="true" tablePrefix="ss" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="sparkSources" /> </providers> </membership> <profile> <providers> <clear/> <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/" /> </providers> </profile> <roleManager enabled="false"> <providers> <clear/> <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/" /> <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/" /> </providers> </roleManager> <pages> <namespaces> <add namespace="System.Web.Mvc" /> <add namespace="System.Web.Mvc.Ajax" /> <add namespace="System.Web.Mvc.Html" /> <add namespace="System.Web.Routing" /> </namespaces> </pages>

  Read the article

• Searching for empty methods

  - by Brian McCord

  I am currently working on a security audit/code review of our system. This requires me to check all pages in the system and make sure that the code behind contains two methods that are used to check security. Sometimes the code in these methods get commented out to make testing easier. So, my question is does anyone know an easy way to search code, make sure the methods are present, and to determine which ones have no code or have all the code commented out. It would make my job much easier if I can get a list instead of having to look at every file... I'm sure I could write this myself, but I thought someone may know of something that already exists. Thanks!

  Read the article

• Calling C# from ColdFusion

  - by stomcavage

  I've written a .dll in C# to change the permissions on a folder. I also wrote an .exe to test the .dll and it successfully changes the permissions. Now I'm trying to call the .dll from ColdFusion, but I'm getting an error about System/Security/IPermission not being found. I'm assuming this is an interface in C# that ColdFusion can't find in any of the available assemblies on my system. I've added the System.Security assembly to my References in the C# project. Is there something else I need to do to make sure ColdFusion can find the interface? Here's how I'm using the .dll: <cfobject type="dotnet" name="permObj" assembly="#pathToDLLs#CoursePortal.dll" class="CoursePortal.Permissions"> <cfset permObj.revokePermissions(dir, username)>

  Read the article

• Useful design patterns when dealing with spring 3 controllers

  - by Mat Banik

  Recently I was overlooking my controllers and they are bit of mess. I'd like to organize they way I set returning views Do more elegant mesageSource massaging back to the users and account for i18n Security checking, what user can access an what they can't Consistent way of calling the service layer And somehow bring consistency to the debugging lines. Do better job with error handling and serving it to the user. I'm already on mission to do security logging with AOP :) I'm just looking for patterns I could implement to help me to do all of the above. Or just some general advice in case no patterns apply, or advice on something I didn't mention but is common practice.

  Read the article

• Asp.net - Invalid postback or callback argument. Event validation is enabled using '<pages enableEv

  - by Jangwenyi

  I am getting the following error when I post back a page from the client-side. I have javascript code that modifies an asp:listbox on the client side. How do we fix this? Error details below: Server Error in '/XXX' Application. -------------------------------------------------------------------------------- Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.ArgumentException: Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [ArgumentException: Invalid postback or callback argument. Event validation is enabled using <pages enableEventValidation="true"/> in configuration or <%@ Page EnableEventValidation="true" %> in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation.] System.Web.UI.ClientScriptManager.ValidateEvent(String uniqueId, String argument) +2132728 System.Web.UI.Control.ValidateEvent(String uniqueID, String eventArgument) +108 System.Web.UI.WebControls.ListBox.LoadPostData(String postDataKey, NameValueCollection postCollection) +274 System.Web.UI.WebControls.ListBox.System.Web.UI.IPostBackDataHandler.LoadPostData(String postDataKey, NameValueCollection postCollection) +11 System.Web.UI.Page.ProcessPostData(NameValueCollection postData, Boolean fBeforeLoad) +353 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1194 -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:2.0.50727.1433; ASP.NET Version:2.0.50727.1433

  Read the article

• How does java LoginContext.login() work?

  - by tangens

  I have this code to create a configuration of a java client to connect to a JBoss application server: System.setProperty( "java.security.auth.login.config", "auth.conf" ); LoginContext auth = new LoginContext( "myAuth", new LoginCallbackHandler( username, password ) ); auth.login(); The file auth.conf contains the following lines: myAuth { org.jboss.security.ClientLoginModule required; }; Now, somewhere else in the code (the LoginContext auth isn't known there) I have an EJB that does a initialContext.lookup( jndiName ) and a narrow() to access a Bean on the JBoss application server. This narrow only succeeds if the login information of the first step was correct. Question How does the login information propagate from the LoginContext to the narrow()? I don't see any connection between these two places. And further, how could I do two or more different logins inside of one client?

  Read the article

< Previous Page | 230 231 232 233 234 235 236 237 238 239 240 241  | Next Page >