Search Results

Search found 28388 results on 1136 pages for 'install metro apps'.

Page 24/1136 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • Windows 8 Professional didn't come with Internet Explorer 10(Metro)

    - by Joel Dean
    When I installed Windows 8 Professional Edition I noticed that Internet Explorer 10 was missing. I tried to find some source to acquire the installer but none of the sites are providing it. One of my colleagues upgraded recently and he got the new Internet Explorer after his installation was completed. So is there a way to acquire the installer? Update: I should have mentioned that I was talking about the Metro version.

    Read the article

  • Running Modern UI/Metro Apps as Administrator in Windows 8

    - by Shail
    I noticed that on Windows 8's Start screen, I could right click a Windows legacy program (A program which runs on Windows XP, Vista and 7), and I could run it as Administrator. However, whenever I clicked on a Windows 8 Modern UI or a Metro app, I didn't have that option. So here are my questions:- Why can't I run the Modern UI apps as an Administrator? Does it make any difference as far as security is concerned?

    Read the article

  • Using Metro style in Internet Explorer 10 [closed]

    - by shoyip
    Possible Duplicate: Is it possible to use the IE10 App without making Internet Explorer the default browser? I'm using Windows 8 Pro with Internet Explorer 10 on, and I downloaded Google Chrome, setting it the default browser. After that I saw that when I click on the Internet Explorer shortcut on the Start screen it opened me IE10 in the Desktop. Now I want to ask: can I use the IE10 App in Metro Style without making her the default browser?

    Read the article

  • Can I install Win 7 Pro with a Win 7 Home Premium disc?

    - by SeanJA
    So I got the 64bit Win 7 Pro disc from the Ultimate steal for cheap enough... but I found out that some stuff that I want to run (games mostly... since that is the only reason I keep Windows around...) did not do too well on the 64bit OS. So I have borrowed my friend's install disc, but it turns out that his is only Home Premium rather than Pro which I have a serial for. Can I still just run through the Home Premium install and use my Pro serial number (seems like I should be able to with the whole 'any time upgrade' deal)? Or do I have to go and find a 32bit pro disc to do the install? Are there any hoops that I have to jump through?

    Read the article

  • Domain transfer from Yahoo to Godaddy. Google apps downtime

    - by Kedar
    I am moving my domain from Yahoo to Godaddy (cause yahoo charges ridiculously hugh amounts than others). My problem is I use this domain for Google apps and one of those is my custom email. So here are a few questions that I have - 1) Godaddy told me there is going to be a 48 hours of downtime. Is there anything that I can do to minimize the downtime? 2) Will I lose all the email that I get during this downtime? or they be stored in the cloud and bulk emailed me once my domain is up with Godaddy? If they are lost is there any workaround to forward them to my gmail during the downtime (i know sounds stupid, but I have to ask). Any help is much appreciated. Thanks in advance.

    Read the article

  • Can't install MailParse on cpanel server

    - by Tom
    Hi, I've got a linux vps running CentOs 5.5 (cpanel/whm), I've installed MailParse via Module Installers section on whm, and it did install it, the end of setup log: running: make INSTALL_ROOT="/root/tmp/pear-build-root/install-mailparse-2.1.5" install Installing shared extensions: /root/tmp/pear-build-root/install-mailparse-2.1.5/usr/lib/php/extensions/no-debug-non-zts-20090626/ running: find "/root/tmp/pear-build-root/install-mailparse-2.1.5" | xargs ls -dils 508718 4 drwxr-xr-x 3 root root 4096 Feb 6 21:08 /root/tmp/pear-build-root/install-mailparse-2.1.5 508745 4 drwxr-xr-x 3 root root 4096 Feb 6 21:08 /root/tmp/pear-build-root/install-mailparse-2.1.5/usr 508746 4 drwxr-xr-x 3 root root 4096 Feb 6 21:08 /root/tmp/pear-build-root/install-mailparse-2.1.5/usr/lib 508747 4 drwxr-xr-x 3 root root 4096 Feb 6 21:08 /root/tmp/pear-build-root/install-mailparse-2.1.5/usr/lib/php 508748 4 drwxr-xr-x 3 root root 4096 Feb 6 21:08 /root/tmp/pear-build-root/install-mailparse-2.1.5/usr/lib/php/extensions 508749 4 drwxr-xr-x 2 root root 4096 Feb 6 21:08 /root/tmp/pear-build-root/install-mailparse-2.1.5/usr/lib/php/extensions/no-debug-non-zts-20090626 508744 196 -rwxr-xr-x 1 root root 193502 Feb 6 21:08 /root/tmp/pear-build-root/install-mailparse-2.1.5/usr/lib/php/extensions/no-debug-non-zts-20090626/mailparse.so Build process completed successfully Installing '/usr/lib/php/extensions/no-debug-non-zts-20090626/mailparse.so' install ok: channel://pecl.php.net/mailparse-2.1.5 Extension mailparse enabled in php.ini The mailparse.so object is not in /usr/local/lib/php/extensions/no-debug-non-zts-20090626 Now, when i try to use mailparse functions using php i get the following error: PHP Warning: PHP Startup: Unable to load dynamic library '/usr/local/lib/php/extensions/no-debug-non-zts-20090626/mailparse.so' - /usr/local/lib/php/extensions/no-debug-non-zts-20090626/mailparse.so: cannot open shared object file: No such file or directory in Unknown on line 0 What should i do?

    Read the article

  • Windows 8 Metro UI with Multiple Monitors -- Keep in always maximized?

    - by Jersey Dude
    Before installing Win 8 today, my plan was to keep the Metro UI up on my smaller, laptop monitor and have the classic UI running on my two larger monitors. However, in reality, as soon as I click on something in one of the classic UI monitors, the Metro UI minimizes (thus exposing the classic UI in its place). Is there any way to keep the Metro UI from minimizing when I do something in another monitor? Oddly enough, if there is an app running/suspended in the Metro Window, then the Metro UI is not minimized. If the Start screen is currently viewed, clicking in a classic window/monitor switches the Metro UI from the start screen to the last run app. Very peculiar .. Thanks

    Read the article

  • iTunes want to remove my existing apps on iPad

    - by Pablo
    Here is the situation. I connected my iPad to some new PC, Synced, then ticking Sync Apps from Devices-Apps will give me warning that all existing apps on my iPad will be replaced with those from Library-Apps. But in Library I have just couple old apps, which long time ago I used. So how I can sync the library in iTunes with my existing apps from iPad? EDIT: I have tried to click on Transfer Purchases, but not all of the items went to the library, just few of them.

    Read the article

  • iTunes want to remove my existing apps on iPad

    - by Michael
    Here is the situation. I connected my iPad to some new PC, Synced, then ticking Sync Apps from Devices-Apps will give me warning that all existing apps on my iPad will be replaced with those from Library-Apps. But in Library I have just couple old apps, which long time ago I used. So how I can sync the library in iTunes with my existing apps from iPad? EDIT: I have tried to click on Transfer Purchases, but not all of the items went to the library, just few of them.

    Read the article

  • How can I migrate mails from Yahoo! Mail to Google Apps?

    - by alnorth29
    We'd like to move from using Yahoo! Mail to our Google Apps account. It'd be great to be able to migrate all the mails across from the old accounts to the new. If we were using Gmail accounts this would be easy as the migration is offered by Google, for some reason they don't offer this to those using custom domains. As far as I know Yahoo! don't offer POP or IMAP access to non-paying customers and I'd rather not pay $20 per account that I want to migrate. Anyone know of any easy and cheap solutions?

    Read the article

  • Windows 8 Metro/Modern Start Screen with Multiple Monitors -- Keep it always maximized?

    - by Jersey Dude
    Before installing Win 8 today, my plan was to keep the Metro UI up on my smaller, laptop monitor and have the classic UI running on my two larger monitors. However, in reality, as soon as I click on something in one of the classic UI monitors, the Metro UI minimizes (thus exposing the classic UI in its place). Is there any way to keep the Metro UI from minimizing when I do something in another monitor? Oddly enough, if there is an app running/suspended in the Metro Window, then the Metro UI is not minimized. If the Start screen is currently viewed, clicking in a classic window/monitor switches the Metro UI from the start screen to the last run app. Very peculiar..

    Read the article

  • Move email off Small Business Server to Google Apps, retain other SBS functions?

    - by Paul S.
    Recently, an in-house Microsoft Small Business Server 2011 was installed where I work. Unfortunately, our buildings have a bad electrical power supply and we suffer frequent outages. We have a large percentage of staff working off-site. Now when the power goes off here, everyone everywhere loses email functionality. I have been assigned to research the possibility of routing our email to Google Apps while maintaining LAN functions on the SBS. I haven't worked with Microsoft products for several years now, so do not know how SBS is structured. Can anyone here tell me if this is possible, or point me to good resources that explain our options?

    Read the article

  • Great Free Courses on Building HTML5 apps using ASP.NET Web API, Knockout.js and jQuery

    - by ScottGu
    Pluralsight has developed some great training courses on the new .NET 4.5 and VS 2012 release, including two fantastic courses from John Papa that cover how to build HTML5 web apps using ASP.NET Web API, Knockout and jQuery: Single Page Apps with HTML5, Web API, Knockout and jQuery Building HTML5 and JavaScript Apps with MVVM and Knockout Free 1-Month Subscription to the Courses Pluralsight is offering a special promotion that allows you to get a free 1-month subscription to watch the above courses at no cost.  There is no obligation to buy anything at the end of the offer and you don’t need to supply a credit card in order to take part in it. To get access to the course you simply follow @pluralsight and @john_papa on Twitter and then visit this page and enter your Twitter name using the form on it.  Pluralsight will then send you a private twitter message containing the access code that you can use to subscribe to the courses (and download the course exercise files).  Once you are subscribed to the course you have one month to watch the course (and you can watch it as many times as you want during the month). Pluralsight is running the promotion through Sept 18th – so sign-up now to get access.  Once you are signed up you then have a month to watch the course. Hope this helps, Scott P.S. And if you are new to Twitter you can also optionally follow me: @scottgu

    Read the article

  • BUILD 2013 Session&ndash;Testing Your C# Base Windows Store Apps

    - by Tim Murphy
    Originally posted on: http://geekswithblogs.net/tmurphy/archive/2013/06/27/build-2013-sessionndashtesting-your-c-base-windows-store-apps.aspx Testing an application is not what most people consider fun and the number of situation that need to be tested seems to grow exponentially when building mobile apps.  That is why I found the topic of this session interesting.  When I found out that the speaker, Francis Cheung, was from the Patterns and Practices group I knew I was in the right place.  I have admired that team since I first met Ron Jacobs around 2001.  So what did Francis have to offer? He started off in a rather confusing who’s on first fashion.  It seems that one of his tester was originally supposed to give the talk, but then it was decided that it would be better to have someone who does development present a testing topic.  This didn’t hinder the content of the talk in the least.  He broke the process down in a logical manner that would be straight forward to understand if not implement. Francis hit the main areas we usually think of such as tombstoning, network connectivity and asynchronous code, but he approached them with tools they we may not have thought of until now.  He relied heavily on Fiddler to intercept and change the behavior of network requests. Then there are the areas you might not normal think to check.  This includes localization, accessibility and updating client code to a new version.  These are important aspects of your app that can severely impact how customers feel about your app.  Take the time to view this session and get a new appreciation for testing and where it fits in your development lifecycle. del.icio.us Tags: BUILD 2013,Testing,C#,Windows Store Apps,Fiddler

    Read the article

  • Technology stack for CRUD apps [closed]

    - by Panoy
    In the past years, I have been using VB6 + MySQL when developing CRUD applications. Now I am currently learning how to develop web applications, as my plan is to go through the "browser/web app" path every time I build a CRUD app. I'm leaning on Ruby on Rails + MySQL/PostgreSQL/any NoSQL database now. I would like to know what other technology/tools stack to include in my architecture when developing these web apps? I'm asking your inputs with regards to the UI, database and reporting stack/toolset. Currently I have these in mind: UI = jQuery, jQueryUI (add your comments for other good UI stack) database = will be considering NoSQL or simply but RDBMS reporting tool = i'm clueless here Will it also make sense to use NoSQL database on these CRUD applications? I am assuming that the data would balloon later on. The desktop/native app route is an option only if there is a requirement, that in my limited experience, believes that a web app can't solve. Like for example those imaging apps/document forms and point-of-sale systems. I believe that web apps are gaining ground now and I find it most fun and intriguing to play and experiment with them. Please share your suggestions!

    Read the article

  • Building apps that work Together

    - by Tim Murphy
    Originally posted on: http://geekswithblogs.net/tmurphy/archive/2013/07/03/building-apps-that-work-together.aspx  Writing apps that stand alone will only get yon so far.  If your app can allow the user to leverage other applications and share data you Can have a real winner on your hands. Jake Sabulsky started off by explaining that you should be concentrating on the core functionality of your app and letting the framework take care of the features that users require these days.  This is implemented be leveraging contracts.  When Windows 8 was released it included the File, Share and Pickers contracts.  With the release of Windows 8.1 they have added the Contacts and Calendar contracts. There have been a number of improvements to the original contracts. The File URI contract will now automatically detect the size that a new windows should be opened and will also allow you to programmatically influence new window size.  The Share contract has been enhanced by allowing apps to always share screenshots and links to the app in the store. To my thinking the contracts are one of the most powerful features of Windows 8.  Take the time view this session and learn how to leverage them. Technorati Tags: BUILD 2013,Windows 8,Live tiles

    Read the article

  • Security Issues with Single Page Apps

    - by Stephen.Walther
    Last week, I was asked to do a code review of a Single Page App built using the ASP.NET Web API, Durandal, and Knockout (good stuff!). In particular, I was asked to investigate whether there any special security issues associated with building a Single Page App which are not present in the case of a traditional server-side ASP.NET application. In this blog entry, I discuss two areas in which you need to exercise extra caution when building a Single Page App. I discuss how Single Page Apps are extra vulnerable to both Cross-Site Scripting (XSS) attacks and Cross-Site Request Forgery (CSRF) attacks. This goal of this blog post is NOT to persuade you to avoid writing Single Page Apps. I’m a big fan of Single Page Apps. Instead, the goal is to ensure that you are fully aware of some of the security issues related to Single Page Apps and ensure that you know how to guard against them. Cross-Site Scripting (XSS) Attacks According to WhiteHat Security, over 65% of public websites are open to XSS attacks. That’s bad. By taking advantage of XSS holes in a website, a hacker can steal your credit cards, passwords, or bank account information. Any website that redisplays untrusted information is open to XSS attacks. Let me give you a simple example. Imagine that you want to display the name of the current user on a page. To do this, you create the following server-side ASP.NET page located at http://MajorBank.com/SomePage.aspx: <%@Page Language="C#" %> <html> <head> <title>Some Page</title> </head> <body> Welcome <%= Request["username"] %> </body> </html> Nothing fancy here. Notice that the page displays the current username by using Request[“username”]. Using Request[“username”] displays the username regardless of whether the username is present in a cookie, a form field, or a query string variable. Unfortunately, by using Request[“username”] to redisplay untrusted information, you have now opened your website to XSS attacks. Here’s how. Imagine that an evil hacker creates the following link on another website (hackers.com): <a href="/SomePage.aspx?username=<script src=Evil.js></script>">Visit MajorBank</a> Notice that the link includes a query string variable named username and the value of the username variable is an HTML <SCRIPT> tag which points to a JavaScript file named Evil.js. When anyone clicks on the link, the <SCRIPT> tag will be injected into SomePage.aspx and the Evil.js script will be loaded and executed. What can a hacker do in the Evil.js script? Anything the hacker wants. For example, the hacker could display a popup dialog on the MajorBank.com site which asks the user to enter their password. The script could then post the password back to hackers.com and now the evil hacker has your secret password. ASP.NET Web Forms and ASP.NET MVC have two automatic safeguards against this type of attack: Request Validation and Automatic HTML Encoding. Protecting Coming In (Request Validation) In a server-side ASP.NET app, you are protected against the XSS attack described above by a feature named Request Validation. If you attempt to submit “potentially dangerous” content — such as a JavaScript <SCRIPT> tag — in a form field or query string variable then you get an exception. Unfortunately, Request Validation only applies to server-side apps. Request Validation does not help in the case of a Single Page App. In particular, the ASP.NET Web API does not pay attention to Request Validation. You can post any content you want – including <SCRIPT> tags – to an ASP.NET Web API action. For example, the following HTML page contains a form. When you submit the form, the form data is submitted to an ASP.NET Web API controller on the server using an Ajax request: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> <form data-bind="submit:submit"> <div> <label> User Name: <input data-bind="value:user.userName" /> </label> </div> <div> <label> Email: <input data-bind="value:user.email" /> </label> </div> <div> <input type="submit" value="Submit" /> </div> </form> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { user: { userName: ko.observable(), email: ko.observable() }, submit: function () { $.post("/api/users", ko.toJS(this.user)); } }; ko.applyBindings(viewModel); </script> </body> </html> The form above is using Knockout to bind the form fields to a view model. When you submit the form, the view model is submitted to an ASP.NET Web API action on the server. Here’s the server-side ASP.NET Web API controller and model class: public class UsersController : ApiController { public HttpResponseMessage Post(UserViewModel user) { var userName = user.UserName; return Request.CreateResponse(HttpStatusCode.OK); } } public class UserViewModel { public string UserName { get; set; } public string Email { get; set; } } If you submit the HTML form, you don’t get an error. The “potentially dangerous” content is passed to the server without any exception being thrown. In the screenshot below, you can see that I was able to post a username form field with the value “<script>alert(‘boo’)</script”. So what this means is that you do not get automatic Request Validation in the case of a Single Page App. You need to be extra careful in a Single Page App about ensuring that you do not display untrusted content because you don’t have the Request Validation safety net which you have in a traditional server-side ASP.NET app. Protecting Going Out (Automatic HTML Encoding) Server-side ASP.NET also protects you from XSS attacks when you render content. By default, all content rendered by the razor view engine is HTML encoded. For example, the following razor view displays the text “<b>Hello!</b>” instead of the text “Hello!” in bold: @{ var message = "<b>Hello!</b>"; } @message   If you don’t want to render content as HTML encoded in razor then you need to take the extra step of using the @Html.Raw() helper. In a Web Form page, if you use <%: %> instead of <%= %> then you get automatic HTML Encoding: <%@ Page Language="C#" %> <% var message = "<b>Hello!</b>"; %> <%: message %> This automatic HTML Encoding will prevent many types of XSS attacks. It prevents <script> tags from being rendered and only allows &lt;script&gt; tags to be rendered which are useless for executing JavaScript. (This automatic HTML encoding does not protect you from all forms of XSS attacks. For example, you can assign the value “javascript:alert(‘evil’)” to the Hyperlink control’s NavigateUrl property and execute the JavaScript). The situation with Knockout is more complicated. If you use the Knockout TEXT binding then you get HTML encoded content. On the other hand, if you use the HTML binding then you do not: <!-- This JavaScript DOES NOT execute --> <div data-bind="text:someProp"></div> <!-- This Javacript DOES execute --> <div data-bind="html:someProp"></div> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { someProp : "<script>alert('Evil!')<" + "/script>" }; ko.applyBindings(viewModel); </script>   So, in the page above, the DIV element which uses the TEXT binding is safe from XSS attacks. According to the Knockout documentation: “Since this binding sets your text value using a text node, it’s safe to set any string value without risking HTML or script injection.” Just like server-side HTML encoding, Knockout does not protect you from all types of XSS attacks. For example, there is nothing in Knockout which prevents you from binding JavaScript to a hyperlink like this: <a data-bind="attr:{href:homePageUrl}">Go</a> <script src="Scripts/jquery-1.7.1.min.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { homePageUrl: "javascript:alert('evil!')" }; ko.applyBindings(viewModel); </script> In the page above, the value “javascript:alert(‘evil’)” is bound to the HREF attribute using Knockout. When you click the link, the JavaScript executes. Cross-Site Request Forgery (CSRF) Attacks Cross-Site Request Forgery (CSRF) attacks rely on the fact that a session cookie does not expire until you close your browser. In particular, if you visit and login to MajorBank.com and then you navigate to Hackers.com then you will still be authenticated against MajorBank.com even after you navigate to Hackers.com. Because MajorBank.com cannot tell whether a request is coming from MajorBank.com or Hackers.com, Hackers.com can submit requests to MajorBank.com pretending to be you. For example, Hackers.com can post an HTML form from Hackers.com to MajorBank.com and change your email address at MajorBank.com. Hackers.com can post a form to MajorBank.com using your authentication cookie. After your email address has been changed, by using a password reset page at MajorBank.com, a hacker can access your bank account. To prevent CSRF attacks, you need some mechanism for detecting whether a request is coming from a page loaded from your website or whether the request is coming from some other website. The recommended way of preventing Cross-Site Request Forgery attacks is to use the “Synchronizer Token Pattern” as described here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet When using the Synchronizer Token Pattern, you include a hidden input field which contains a random token whenever you display an HTML form. When the user opens the form, you add a cookie to the user’s browser with the same random token. When the user posts the form, you verify that the hidden form token and the cookie token match. Preventing Cross-Site Request Forgery Attacks with ASP.NET MVC ASP.NET gives you a helper and an action filter which you can use to thwart Cross-Site Request Forgery attacks. For example, the following razor form for creating a product shows how you use the @Html.AntiForgeryToken() helper: @model MvcApplication2.Models.Product <h2>Create Product</h2> @using (Html.BeginForm()) { @Html.AntiForgeryToken(); <div> @Html.LabelFor( p => p.Name, "Product Name:") @Html.TextBoxFor( p => p.Name) </div> <div> @Html.LabelFor( p => p.Price, "Product Price:") @Html.TextBoxFor( p => p.Price) </div> <input type="submit" /> } The @Html.AntiForgeryToken() helper generates a random token and assigns a serialized version of the same random token to both a cookie and a hidden form field. (Actually, if you dive into the source code, the AntiForgeryToken() does something a little more complex because it takes advantage of a user’s identity when generating the token). Here’s what the hidden form field looks like: <input name=”__RequestVerificationToken” type=”hidden” value=”NqqZGAmlDHh6fPTNR_mti3nYGUDgpIkCiJHnEEL59S7FNToyyeSo7v4AfzF2i67Cv0qTB1TgmZcqiVtgdkW2NnXgEcBc-iBts0x6WAIShtM1″ /> And here’s what the cookie looks like using the Google Chrome developer toolbar: You use the [ValidateAntiForgeryToken] action filter on the controller action which is the recipient of the form post to validate that the token in the hidden form field matches the token in the cookie. If the tokens don’t match then validation fails and you can’t post the form: public ActionResult Create() { return View(); } [ValidateAntiForgeryToken] [HttpPost] public ActionResult Create(Product productToCreate) { if (ModelState.IsValid) { // save product to db return RedirectToAction("Index"); } return View(); } How does this all work? Let’s imagine that a hacker has copied the Create Product page from MajorBank.com to Hackers.com – the hacker grabs the HTML source and places it at Hackers.com. Now, imagine that the hacker trick you into submitting the Create Product form from Hackers.com to MajorBank.com. You’ll get the following exception: The Cross-Site Request Forgery attack is blocked because the anti-forgery token included in the Create Product form at Hackers.com won’t match the anti-forgery token stored in the cookie in your browser. The tokens were generated at different times for different users so the attack fails. Preventing Cross-Site Request Forgery Attacks with a Single Page App In a Single Page App, you can’t prevent Cross-Site Request Forgery attacks using the same method as a server-side ASP.NET MVC app. In a Single Page App, HTML forms are not generated on the server. Instead, in a Single Page App, forms are loaded dynamically in the browser. Phil Haack has a blog post on this topic where he discusses passing the anti-forgery token in an Ajax header instead of a hidden form field. He also describes how you can create a custom anti-forgery token attribute to compare the token in the Ajax header and the token in the cookie. See: http://haacked.com/archive/2011/10/10/preventing-csrf-with-ajax.aspx Also, take a look at Johan’s update to Phil Haack’s original post: http://johan.driessen.se/posts/Updated-Anti-XSRF-Validation-for-ASP.NET-MVC-4-RC (Other server frameworks such as Rails and Django do something similar. For example, Rails uses an X-CSRF-Token to prevent CSRF attacks which you generate on the server – see http://excid3.com/blog/rails-tip-2-include-csrf-token-with-every-ajax-request/#.UTFtgDDkvL8 ). For example, if you are creating a Durandal app, then you can use the following razor view for your one and only server-side page: @{ Layout = null; } <!DOCTYPE html> <html> <head> <title>Index</title> </head> <body> @Html.AntiForgeryToken() <div id="applicationHost"> Loading app.... </div> @Scripts.Render("~/scripts/vendor") <script type="text/javascript" src="~/App/durandal/amd/require.js" data-main="/App/main"></script> </body> </html> Notice that this page includes a call to @Html.AntiForgeryToken() to generate the anti-forgery token. Then, whenever you make an Ajax request in the Durandal app, you can retrieve the anti-forgery token from the razor view and pass the token as a header: var csrfToken = $("input[name='__RequestVerificationToken']").val(); $.ajax({ headers: { __RequestVerificationToken: csrfToken }, type: "POST", dataType: "json", contentType: 'application/json; charset=utf-8', url: "/api/products", data: JSON.stringify({ name: "Milk", price: 2.33 }), statusCode: { 200: function () { alert("Success!"); } } }); Use the following code to create an action filter which you can use to match the header and cookie tokens: using System.Linq; using System.Net.Http; using System.Web.Helpers; using System.Web.Http.Controllers; namespace MvcApplication2.Infrastructure { public class ValidateAjaxAntiForgeryToken : System.Web.Http.AuthorizeAttribute { protected override bool IsAuthorized(HttpActionContext actionContext) { var headerToken = actionContext .Request .Headers .GetValues("__RequestVerificationToken") .FirstOrDefault(); ; var cookieToken = actionContext .Request .Headers .GetCookies() .Select(c => c[AntiForgeryConfig.CookieName]) .FirstOrDefault(); // check for missing cookie or header if (cookieToken == null || headerToken == null) { return false; } // ensure that the cookie matches the header try { AntiForgery.Validate(cookieToken.Value, headerToken); } catch { return false; } return base.IsAuthorized(actionContext); } } } Notice that the action filter derives from the base AuthorizeAttribute. The ValidateAjaxAntiForgeryToken only works when the user is authenticated and it will not work for anonymous requests. Add the action filter to your ASP.NET Web API controller actions like this: [ValidateAjaxAntiForgeryToken] public HttpResponseMessage PostProduct(Product productToCreate) { // add product to db return Request.CreateResponse(HttpStatusCode.OK); } After you complete these steps, it won’t be possible for a hacker to pretend to be you at Hackers.com and submit a form to MajorBank.com. The header token used in the Ajax request won’t travel to Hackers.com. This approach works, but I am not entirely happy with it. The one thing that I don’t like about this approach is that it creates a hard dependency on using razor. Your single page in your Single Page App must be generated from a server-side razor view. A better solution would be to generate the anti-forgery token in JavaScript. Unfortunately, until all browsers support a way to generate cryptographically strong random numbers – for example, by supporting the window.crypto.getRandomValues() method — there is no good way to generate anti-forgery tokens in JavaScript. So, at least right now, the best solution for generating the tokens is the server-side solution with the (regrettable) dependency on razor. Conclusion The goal of this blog entry was to explore some ways in which you need to handle security differently in the case of a Single Page App than in the case of a traditional server app. In particular, I focused on how to prevent Cross-Site Scripting and Cross-Site Request Forgery attacks in the case of a Single Page App. I want to emphasize that I am not suggesting that Single Page Apps are inherently less secure than server-side apps. Whatever type of web application you build – regardless of whether it is a Single Page App, an ASP.NET MVC app, an ASP.NET Web Forms app, or a Rails app – you must constantly guard against security vulnerabilities.

    Read the article

  • Which mailx package should I install for Nagios?

    - by user1196
    I'm following the Nagios Ubuntu quickstart instructions. I'm on Ubuntu 10.10 and installing Nagios 3.2.3. At the bottom of the docs it says I need to install the mailx and postfix packages. (Postfix is already installed.) But when I try to install mailx, I get asked which of 3 packages to install: $ sudo apt-get install mailx [sudo] password for nagios: Reading package lists... Done Building dependency tree Reading state information... Done Package mailx is a virtual package provided by: mailutils 1:2.1+dfsg1-4ubuntu1 heirloom-mailx 12.4-1.1 bsd-mailx 8.1.2-0.20090911cvs-2ubuntu1 You should explicitly select one to install. E: Package mailx has no installation candidate Which one should I install?

    Read the article

  • Top Tips and Tricks Documents for Oracle Install Base

    - by Oracle_EBS
     EBS Install Base Implementer?  Consider the following references as identified by Oracle Install Base Engineers as our Top Tips and Tricks knowledge documents. Top Install Base Tips and Tricks Documents Troubleshoot: Oracle Install Base (Doc ID 1351860.1) How to Use Installed Base Error Transaction Diagnostics Script IBtxnerr.sql (Doc ID 365697.1) Cannot See Customer Product Instance in Installed Base after Item is Shipped (Doc ID 1309943.1) How To Obtain the CSE/CSI Log and Debug Files For Your Oracle Support Engineer (Doc ID 239627.1) Troubleshooting Install Base Errors in the Transaction Errors Processing Form (Doc ID 577978.1) How to Solve Installed Base Error Transactions Using Installed Base Data Correction and Synchronization Program (Doc ID 734933.1) Common Installed Base Transaction Error Messages (Doc ID 856825.1) Install Base Transaction Errors Master Repository (Doc ID 1289858.1) How To Remove Extended Attributes From IB? (Doc ID 1357667.1) 

    Read the article

  • how to apt-get install with only minimal components necessary for an application

    - by ib84
    apt-get is really great. However, when you want to install an application, you often are forced to install a lot of dependencies which I believe are very often optional. For example, I want to install okular and I'm ask to install 97 packages / 233MB ! That is a lot. I particularly dislike that it wants me to install nepomuk and a lot of other stuff that has nothing to do with PDF viewing per se, and which implies demons, and many of which are clearly optional but not necessary. Question: How to do minimal install with apt-get for a given package, with only the necessary componentents to get the thing run? It's ok if some features disabled at first.

    Read the article

  • How to install mongoDB on windows?

    - by Industrial
    Hi! I am trying to test out mongoDB and see if it is anything for me. I downloaded the 32bit windows version, but have no idea on how to continue from now on. I normally use the WAMP services for developing on my local computer. Can i run mongoDB on Wamp? However, what's the best (easiest!) way to make it work on windows? Thanks!

    Read the article

  • Automatically install and launch a code-signed application from Safari

    - by Thomas Jung
    Is it possible and if so what are the steps necessary to package (or build) a Mac OS X application and code-sign it so that it can be downloaded with Safari and automatically launch? ... possibly after the user responds to some sort of dialog explaining that it is a signed application and the publisher has been verified. An example of the user experience I am trying to create is "installing Google Chrome for the first time on Windows", which is a 3-click, less-than-a-minute process. For the concerned among you: I am not trying to create a drive-by download. I am fine with some sort of intermittent user step approving the download. I just want to make the installation as quick and painless as possible and not require the user drag the app from a mounted DMG into the application folder. This may not 100% jibe with established Mac OS X user interaction guidelines, but it would work better for the not-power users. I only need the high-level steps or pointers to resources ... my google-fu was weak on this one.

    Read the article

  • SQL 2005 Express Edition - Install new instance

    - by Douglas Anderson
    Looking for a way to programatically, or otherwise, add a new instance of SQL 2005 Express Edition to a system that already has an instance installed. Traditionally, you run Micrsoft's installer like I am in the command line below and it does the trick. Executing the command in my installer is not the issue, it's more a matter of dragging around the 40 MBs of MS-SQL installer that I don't need if they have SQL Express already installed. This is what my installer currently executes: SQLEXPR32.EXE /qb ADDLOCAL=ALL INSTANCENAME=<instancename> SECURITYMODE=SQL SAPWD=<password> SQLAUTOSTART=1 DISABLENETWORKPROTOCOLS=0 I don't need assistance with launching this command, rather the appropriate way to add a new instance of SQL 2005 Express without actually running the full installer again. I'd go into great detail about why I want to do this but I'd simply bore everyone. Suffice to say, having this ability to create a new instance without the time it takes to reinstall SQL Express etc. would greatly assist me for the deployment of my application and it's installer. If makes any difference to anyone, I'm using a combination of NSIS and Advanced Installer for this installation project.

    Read the article

  • How to install MinGW Correctly on Windows

    - by Ell
    Hello all, I have recently started learning C++ but I require a compiler. I have tried the one packaged with Code::Blocks but I have been told it is out of date. I have tried reading the instructions on the website but I simply don't know which files to download and un-zip. Does anyone know of a list of files to download? (latest version) and a folder structure I need? thanks in advance, ell.

    Read the article

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >