Search Results

Search found 6535 results on 262 pages for '3d secure'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 246/262 | < Previous Page | 242 243 244 245 246 247 248 249 250 251 252 253  | Next Page >

  • How to launch a Windows service network process to listen to a port on a localhost socket that is vi

    - by rwired
    Here's the code (in a standard TService in Delphi): const ProcessExe = 'MyNetApp.exe'; function RunService: Boolean; var StartInfo : TStartupInfo; ProcInfo : TProcessInformation; CreateOK : Boolean; begin CreateOK := false; FillChar(StartInfo,SizeOf(TStartupInfo),#0); FillChar(ProcInfo,SizeOf(TProcessInformation),#0); StartInfo.cb := SizeOf(TStartupInfo); CreateOK := CreateProcess(nil, PChar(ProcessEXE),nil,nil,False, CREATE_NEW_PROCESS_GROUP+NORMAL_PRIORITY_CLASS, nil, PChar(InstallDir), StartInfo, ProcInfo); CloseHandle(ProcInfo.hProcess); CloseHandle(ProcInfo.hThread); Result := CreateOK; end; procedure TServicel.ServiceExecute(Sender: TService); const IntervalsBetweenRuns = 4; //no of IntTimes between checks IntTime = 250; //ms var Count: SmallInt; begin Count := IntervalsBetweenRuns; //first time run immediately while not Terminated do begin Inc(Count); if Count >= IntervalsBetweenRuns then begin Count := 0; //We check to see if the process is running, //if not we run it. That's all there is to it. //if ProcessEXE crashes, this service host will just rerun it if processExists(ProcessEXE)=0 then RunService; end; Sleep(IntTime); ServiceThread.ProcessRequests(False); end; end; MyNetApp.exe is a SOCKS5 proxy listening on port 9870. Users configure their browser to this proxy which acts as a secure-tunnel/anonymizer. All works perfectly fine on 2000/XP/2003, but on Vista/Win7 with UAC the service runs in Session0 under LocalSystem and port 9870 doesn't show up in netstat for the logged-in user or Administrator. Seems UAC is getting in my way. Is there something I can do with the SECURITY_ATTRIBUTES or CreateProcess, or is there something I can do with CreateProcessAsUser or impersonation to ensure that a network socket on a service is available to logged-in users on the system (note, this app is for mass deployment, I don't have access to user credentials, and require the user elevate their privileges to install a service on Vista/Win7)

    Read the article

  • ublas::bounded_vector<> being resized?

    - by n2liquid
    Now, seriously... I'll refrain from using bad words here because we're talking about the Boost fellows. It MUST be my mistake to see things this way, but I can't understand why, so I'll ask it here; maybe someone can enlighten me in this matter. Here it goes: uBLAS has this nice class template called bounded_vector<> that's used to create fixed-size vectors (or so I thought). From the Effective uBLAS wiki (http://www.crystalclearsoftware.com/cgi-bin/boost_wiki/wiki.pl?Effective_UBLAS): The default uBLAS vector and matrix types are of variable size. Many linear algebra problems involve vectors with fixed size. 2 and 3 elements are common in geometry! Fixed size storage (akin to C arrays) can be implemented efficiently as it does not involve the overheads (heap management) associated with dynamic storage. uBLAS implements fixed sizes by changing the underling storage of a vector/matrix to a "bounded_array" from the default "unbounded_array". Alright, this bounded_vector<> thing is used to free you from specifying the underlying storage of the vector to a bounded_array<> of the specified size. Here I ask you: doesn't it look like this bounded vector thing has fixed size to you? Well, it doesn't have. At first I felt betrayed by the wiki, but then I reconsidered the meaning of "bounded" and I think I can let it pass. But in case you, like me (I'm still uncertain), is still wondering if this makes sense, what I found out is that the bounded_vector<> actually can be resized, it may only not be greater than the size specified as template parameter. So, first off, do you think they've had a good reason not to make a real fixed<< size vector or matrix type? Do you think it's okay to "sell" this bounded -- as opposed to fixed-size -- vector to the users of my library as a "fixed-size" vector replacement, even named "Vector3" or "Vector2", like the Effective uBLAS wiki did? Do you think I should somehow implement a vector with fixed size for this purpose? If so, how? (Sorry, but I'm really new to uBLAS; just tried it today) I am developing a 3D game. Should uBLAS be used for the calculations involved in this ("hey, geometry!", per Effective uBLAS wiki)? What replacement would you suggest, if not? -- edit And just in case, yes, I've read this warning: It should be noted that this only changes the storage uBLAS uses for the vector3. uBLAS will still use all the same algorithm (which assume a variable size) to manipulate the vector3. In practice this seems to have no negative impact on speed. The above runs just as quickly as a hand crafted vector3 which does not use uBLAS. The only negative impact is that the vector3 always store a "size" member which in this case is redundant [or isn't it? I mean......]. I see it uses the same algorithm, assuming a variable size, but if an operation were to actually change its size, shouldn't it be stopped (assertion)? ublas::bounded_vector<float,3> v3; ublas::bounded_vector<float,2> v2; v3 = v2; std::cout << v3.size() << '\n'; // prints 2 Oh, come on, isn't this just plain betrayal?

    Read the article

  • Java HTTP Request Occasionally Hangs

    - by behrk2
    Hello Everyone, For the majority of the time, my HTTP Requests work with no problem. However, occasionally they will hang. The code that I am using is set up so that if the request succeeds (with a response code of 200 or 201), then call screen.requestSucceeded(). If the request fails, then call screen.requestFailed(). When the request hangs, however, it does so before one of the above methods are called. Is there something wrong with my code? Should I be using some sort of best practice to prevent any hanging? The following is my code. I would appreciate any help. Thanks! HttpConnection connection = (HttpConnection) Connector.open(url + connectionParameters); connection.setRequestMethod(method); connection.setRequestProperty("WWW-Authenticate", "OAuth realm=api.netflix.com"); if (method.equals("POST")) { connection.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); } int responseCode = connection.getResponseCode(); System.out.println("RESPONSE CODE: " + responseCode); if (connection instanceof HttpsConnection) { HttpsConnection secureConnection = (HttpsConnection) connection; String issuer = secureConnection.getSecurityInfo() .getServerCertificate().getIssuer(); UiApplication.getUiApplication().invokeLater( new DialogRunner( "Secure Connection! Certificate issued by: " + issuer)); } if (responseCode != 200 && responseCode != 201) { screen.requestFailed("Unexpected response code: " + responseCode); connection.close(); return; } String contentType = connection.getHeaderField("Content-type"); ByteArrayOutputStream baos = new ByteArrayOutputStream(); InputStream responseData = connection.openInputStream(); byte[] buffer = new byte[20000]; int bytesRead = 0; while ((bytesRead = responseData.read(buffer)) > 0) { baos.write(buffer, 0, bytesRead); } baos.close(); connection.close(); screen.requestSucceeded(baos.toByteArray(), contentType); } catch (IOException ex) { screen.requestFailed(ex.toString()); }

    Read the article

  • Escaping Code for Different Shells

    - by Jon Purdy
    Question: What characters do I need to escape in a user-entered string to securely pass it into shells on Windows and Unix? What shell differences and version differences should be taken into account? Can I use printf "%q" somehow, and is that reliable across shells? Backstory (a.k.a. Shameless Self-Promotion): I made a little DSL, the Vision Web Template Language, which allows the user to create templates for X(HT)ML documents and fragments, then automatically fill them in with content. It's designed to separate template logic from dynamic content generation, in the same way that CSS is used to separate markup from presentation. In order to generate dynamic content, a Vision script must defer to a program written in a language that can handle the generation logic, such as Perl or Python. (Aside: using PHP is also possible, but Vision is intended to solve some of the very problems that PHP perpetuates.) In order to do this, the script makes use of the @system directive, which executes a shell command and expands to its output. (Platform-specific generation can be handled using @unix or @windows, which only expand on the proper platform.) The problem is obvious, I should think: test.htm: <!-- ... --> <form action="login.vis" method="POST"> <input type="text" name="USERNAME"/> <input type="password" name="PASSWORD"/> </form> <!-- ... --> login.vis: #!/usr/bin/vision # Think USERNAME = ";rm -f;" @system './login.pl' { USERNAME; PASSWORD } One way to safeguard against this kind of attack is to set proper permissions on scripts and directories, but Web developers may not always set things up correctly, and the naive developer should get just as much security as the experienced one. The solution, logically, is to include a @quote directive that produces a properly escaped string for the current platform. @system './login.pl' { @quote : USERNAME; @quote : PASSWORD } But what should @quote actually do? It needs to be both cross-platform and secure, and I don't want to create terrible problems with a naive implementation. Any thoughts?

    Read the article

  • Variable lenght arguments in log4cxx LOG4CXX_ macros

    - by Horacio
    I am using log4cxx in a big C++ project but I really don't like how log4cxx handles multiple variables when logging: LOG4CXX_DEBUG(logger, "test " << var1 << " and " << var3 " and .....) I prefer using printf like variable length arguments: LOG4CXX_DEBUG(logger, "test %d and %d", var1, var3) So I implemented this small wrapper on top of log4cxx #include <string.h> #include <stdio.h> #include <stdarg.h> #include <log4cxx/logger.h> #include "log4cxx/basicconfigurator.h" const char * log_format(const char *fmt, ...); #define MYLOG_TRACE(logger, fmt, ...) LOG4CXX_TRACE(logger, log_format(fmt, ## __VA_ARGS__)) #define MYLOG_DEBUG(logger, fmt, ...) LOG4CXX_DEBUG(logger, log_format(fmt, ## __VA_ARGS__)) #define MYLOG_INFO(logger, fmt, ...) LOG4CXX_INFO(logger, log_format(fmt, ## __VA_ARGS__)) #define MYLOG_WARN(logger, fmt, ...) LOG4CXX_WARN(logger, log_format(fmt, ## __VA_ARGS__)) #define MYLOG_ERROR(logger, fmt, ...) LOG4CXX_ERROR(logger, log_format(fmt, ## __VA_ARGS__)) #define MYLOG_FATAL(logger, fmt, ...) LOG4CXX_FATAL(logger, log_format(fmt, ## __VA_ARGS__)) static log4cxx::LoggerPtr logger(log4cxx::Logger::getRootLogger()); int main(int argc, char **argv) { log4cxx::BasicConfigurator::configure(); MYLOG_INFO(logger, "Start "); MYLOG_WARN(logger, log_format("In running this in %d threads safe?", 1000)); MYLOG_INFO(logger, "End "); return 0; } const char *log_format(const char *fmt, ...) { va_list va; static char formatted[1024]; va_start(va, fmt); vsprintf(formatted, 1024, fmt, va); va_end(va); return formatted; } And this works perfectly but I know using that static variable (formatted) can become problematic if I start using threads and each thread logging to the same place. I am no expert in log4cxx so I was wondering if the LOG4CXX macros are handling concurrent thread access automatically? or do I have to implement some sort of locking around the log_format method? something that I wan't to avoid due to performance implications. Also I would like to ask why if I replace the vsprintf inside the log_format method with vsnprintf (that is more secure) then I get nothing printed? To compile and test this program (in Ubuntu) use : g++ -o loggertest loggertest.cpp -llog4cxx

    Read the article

  • sendmail and MX records when mail server is not on web host

    - by Jim Nelson
    This is a problem I'm sure is easy to fix, but I've been banging my head on it all day. I'm developing a new web site for a client. The web site resides at (this is an example) website.com. I have a PHP form script to email visitors' requests to [email protected]. When I coded this on a staging server on a different domain, all worked fine. When I moved it to website.com, the mail messages never arrived. The web server is on a virtual host with a major ISP. Here's what I've learned since then: My client's mail server is Microsoft Exchange on a box physically in their office. Whenever someone on the outside world emails [email protected], the mail arrives. But if the web server sends to the same email address, it fails every time. This is not a PHP problem. I secure shell in to the web server and have tested this both with sendmail and the UNIX mail application. I've also tested it by emailing various email accounts from the shell. I can email myself, for example, just nobody at the website.com domain. In short, when I'm logged in to website.com, mail to [email protected], [email protected], [email protected] all fail. All other addresses work fine. What I've discovered is those dropped emails are routed to the web server's "catchall" account where they sit in its inbox. I've done an MX lookup on website.com. The MX record points to mailsec.website.com. I can telnet to mailsec.website.com port 25 and see the SMTP server. It appears to me that website.com isn't doing an MX lookup when it's sending mail to [email protected]. My theory is that it recognizes the domain as local, sees that there's no "requests" user account to deliver it to, and drops the mail into the catchall account. What I want is to force sendmail to do the MX lookup and send the message on to the Exchange server. I'm at wit's end here. I can't figure out how to do this. For that matter, I may be way off base here and have misdiagnosed this entirely. Internet mail and MX has always seemed a black art to me, and my ignorance is certainly showing in this question.

    Read the article

  • How would a php or java client authenticate if I'm using WCF w/ forms auth?

    - by Toran Billups
    I have a generic proof of concept WCF service that is using forms authentication to secure access. All works great when my client is .NET (vb code below) Dim client As SupplierServiceClient = New SupplierServiceClient() client.ClientCredentials.UserName.UserName = "[email protected]" client.ClientCredentials.UserName.Password = "password" Dim SupplierList As List(Of Supplier) = client.GetSuppliers() but as I want this to interop w/ anyone who can do SOAP 1.1/1.2 - how would a PHP or Java client connect? My WCF web.config is listed below (fyi) <system.serviceModel> <services> <service name="SampleApplicationWCF.Library.SupplierService" behaviorConfiguration="NorthwindBehavior"> <endpoint address="" name="wsHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="wsHttpBinding" bindingConfiguration="wsHttp"/> <endpoint address="https://server/SampleApplicationWCF/SupplierService.svc/Basic" name="basicHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="basicHttpBinding" bindingConfiguration="basicHttp"/> <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"/> </service> </services> <bindings> <wsHttpBinding> <binding name="wsHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/> </security> </binding> </wsHttpBinding> <basicHttpBinding> <binding name="basicHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName"/> </security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="NorthwindBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceAuthorization principalPermissionMode="UseAspNetRoles"/> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel>

    Read the article

  • Populating a GridView with ImageViews dynamically/programmatically using a ImageAdapter

    - by Julian Vogels
    Hi folks, this is my first question at stackoverflow, but it's a little tricky already... I try to develop an Android App which allows the user to fetch data from flickr and show it in a gridview (with some nice 3D-Animation). After some adventures i got it almost running, but now I'm stuck. Here's the problem: I got a UI Thread "LoadPhotosTask" which gets the pictures from flickr, just like the open source application photostream. In the method onProgressUpdate(LoadedPhoto... value) of that subclass I call addPhoto(). Until now everythings fine - I got some nice Bitmap and Flickr.photo data with all the information I need. @Override public void onProgressUpdate(LoadedPhoto... value) { addPhoto(value); } On the other hand I have got a GridView. Now I want to fill it with the Photos. It has got an adapter called ImageAdapter (which extends BaseAdapter, see this tutorial). If I use an array inside the ImageAdapter class I can populate the GridView with some sample images. But if I want to populate it at runtime, I don't know what to do. How do I have to set up the getView method in the ImageAdapter? I was trying to fill the array inside the ImageAdapter class with my values in addPhoto, but it doesn't display anything. So first of all I was setting up the array with the amount of Photos i wanted to display in the grid like that (code is inside the ImageAdapter class): // class variable private ImageView[] mThumbIds; [...] public void setupArray(int count) { this.mThumbIds = new ImageView[count]; } Then I call this method with the lenght of my photolist: final Flickr.PhotoList list = params[0]; final int count = list.getCount(); int helper = 0; imagead.setupArray(count); Afterwards I call the getView method manually inside the addPhoto method: private void addPhoto(LoadedPhoto... value) { ImageView image = (ImageView) mInflater.inflate( R.layout.grid_item_photo, null); image.setImageBitmap(value[0].mBitmap); image.setTag(value[0].mPhoto); imagead.setmThumbIds(image, value[0].mPosition); imagead.getView(value[0].mPosition, null, mpicturesGrid); } That is the getView method inside ImageAdapter: public View getView(int position, View convertView, ViewGroup parent) { if (convertView == null) { // if it's not recycled, initialize some // attributes imageView = new ImageView(mContext); imageView.setLayoutParams(new GridView.LayoutParams(EDGE_LENGTH, EDGE_LENGTH)); imageView.setScaleType(ImageView.ScaleType.CENTER_CROP); imageView.setPadding(0, 0, 0, 0); imageView.setVisibility(View.VISIBLE); } else { imageView = (ImageView) convertView; } imageView.setImageDrawable(mThumbIds[position].getDrawable()); imageView.setTag(mThumbIds[position].getTag()); return imageView; } Ok, finally I apologize for my poor english and I hope you can give me some help with the information I provided. Greetings, Julian

    Read the article

  • Accessing a web service and a HTTP interface using certificate authentication

    - by ADC
    It is the first time I have to use certificate authentication. A commercial partner expose two services, a XML Web Service and a HTTP service. I have to access both of them with .NET clients. What I have tried 0. Setting up the environment I have installed the SSLCACertificates (on root and two intermediate) and the client certificate in my local machine (win 7 professional) using certmgr.exe. 1. For the web service I have the client certificate (der). The service will be consumed via a .NET proxy. Here's the code: OrderWSService proxy = new OrderWSService(); string CertFile = "ClientCert_DER.cer"; proxy.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(CertFile)); orderTrackingTO ot = new orderTrackingTO() { order_id = "80", tracking_id = "82", status = stateOrderType.IN_PREPARATION }; resultResponseTO res = proxy.insertOrderTracking(ot); Exception reported at last statement: The request failed with an empty response. 2. For the HTTP interface it is a HTTPS interface I have to call through POST method. The HTTPS request will be send from a .NET client using HTTPWebRequest. Here's the code: string PostData = "MyPostData"; //setting the request HttpWebRequest req; req = (HttpWebRequest)HttpWebRequest.Create(url); req.UserAgent = "MyUserAgent"; req.Method = "POST"; req.ContentType = "application/x-www-form-urlencoded"; req.ClientCertificates.Add(new System.Security.Cryptography.X509Certificates.X509Certificate(CertFile, "MyPassword")); //setting the request content byte[] byteArray = Encoding.UTF8.GetBytes(PostData); Stream dataStream = req.GetRequestStream(); dataStream.Write(byteArray, 0, byteArray.Length); dataStream.Close(); //obtaining the response WebResponse res = req.GetResponse(); r = new StreamReader(res.GetResponseStream()); Exception reported at last statement: The request was aborted: Could not create SSL/TLS secure channel. 3. Last try: using the browser In Chrome, after installing the certificates, if I try to access both urls I get a 107 error: Error 107 (net::ERR_SSL_PROTOCOL_ERROR) I am stuck.

    Read the article

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • DCVS + hosting for a startup commercial multiplatform phone app

    - by AG
    I'm in lean startup mode, working on a simple phone app that will be published initially as a iThingy app and an Android app with, possibly, Blackberry and Symbian versions to follow. I'm about to go from no repository to needing a central repository that up to 4 very part-time resources will be sharing. Two of us have no version control background, one has used Subversion, and I've used most of the major centralized VCS systems. I'm not going to be pushing the technical limitations of any VCS for a long time; I'm sure that any of the major systems would work fine. And the hosting accounts I've looked at seem reasonable. So I'm really focussed on minimizing the downside risks. That is, I'd like to find a stable setup that is easy to learn in general, easy to use from Windows/Eclipse, and won't paint me into any obvious corners for the next 12 months or so. A quick search of the web had led me to consider the following pairs of DVCS and hosting service, with what I think I'm hearing as their strengths and weaknesses (for my purposes): Bazaar/Launchpad -- My initial choice since I need to get more familiar with this pair for the Google Summer of Code mentoring I'm doing. But, whatever the technical merits, a non-starter for me because they are purely open source, no private repositories plans to purchase that I can see. Git/GitHub -- Git: Fast, light, ultimately flexible, but relatively less Windows friendly, Eclipse plugin (eGit) available but relatively young, GitHub: widely used, pricing is fine Mercurial/BitBucket -- Mercurial: a little less flexible, a little more Windows friendly, Eclipse plugin seems a bit more mature, BitBucket: widely used, pricing is fine, includes a wiki and an issue tracker that we might be able to use instead of something like BaseCamp, at least for a while. Mercurial/BitBucket seem like the winning pair so far for my particular situation; at least two of us are definitely going to be working mostly from Eclipse on Windows and reducing my own learning curve is a priority. ;-) But I have two specific questions: 1) Am I wrong about Bazaar/Launchpad and is there a viable, secure way to use them for proprietary code? 2) Any reason to think that the Mecurial/Bitbucket pair will end up being a headache for my Mac developer, soon, or for Blackberry or Symbian developers a little later? ag

    Read the article

  • Implementing a scalable and high-performing web app

    - by Christopher McCann
    I have asked a few questions on here before about various things relating to this but this is more of a consolidation question as I would like to check I have got the gist of everything. I am in the middle of developing a social media web app and although I have a lot of experience coding in Java and in PHP I am trying things a bit different this time. I have modularised each component of the application. So for example one component of the application allows users to private message each other and I have split this off into its own private messaging service. I have also created a user data service the purpose of which is to return data about the user for example their name, address, age etc etc from the database. Their is also another service, the friends service, which will work off the neo4j database to create a social graph. My reason for doing all this is to allow me up to update seperate modules when I need to - so while they mostly all run off MySQL right now I could move one to Cassandra later if I thought it approriate. The actual code of the web app is really just used for the final construction. The modules behind it dont really follow any strict REST or SOAP protocol. Basically each method on our API is turned into a PHP procedural script. This then may make calls to other back-end code which tends to be OO. The web app makes CURL requests to these pages and POSTs data to them or GETs data from them. These pages then return JSON where data is required. I'm still a little mixed up about how I actually identify which user is logged in at that moment. Do I just use sessions for that? Like if we called the get-messages.php script which equates to the getMessages() method for that user - returning all the private messages for that user - how would the back-end code know which user it is as posting the users ID to the script would not be secure. Anyone could do that and get all the messages. So I thought I would use sessions for it. Am I correct on this? Can anyone spot any other problems with what I am doing here? Thanks

    Read the article

  • Does anyone know how to layout a JToolBar that does't move or re-size any components placed in it?

    - by S1.Mac
    Can anyone help with this problem i'm trying to create a JToolBar and I want all its components to be fixed in size and position. I'v tried a few different layout managers but they all center and/or re-size the components when the frame its in is re-sized. here is an example using GridbagLayout, I have also used the default layout manager using the toolbar.add( component ) method but the result is the same : ' import java.awt.BorderLayout; import java.awt.Component; import java.awt.Dimension; import java.awt.GridBagConstraints; import java.awt.GridBagLayout; import javax.swing.*; public class ToolBarTest extends JFrame { private JToolBar toolbar; private JPanel mainPanel; private JPanel toolBarPanel; private JButton aButton; private JCheckBox aCheckBox; private JList aList; private Box toolbarBox; private GridBagConstraints toolbarConstraints; private GridBagLayout toolbarLayout; private JLabel shapeLabel; private JComboBox<ImageIcon> shapeChooser; private JLabel colorLabel; private JComboBox colorChooser; private String colorNames[] = { "Black" , "Blue", "Cyan", "Dark Gray", "Gray", "Green", "Light Gray", "Magenta", "Orange", "Pink", "Red", "White", "Yellow", "Custom" }; private String shapeNames[] = { "Line", "Oval", "Rectangle", "3D Rectangle","Paint Brush", "Rounded Rectangle" }; public ToolBarTest() { setLayout( new BorderLayout() ); setDefaultCloseOperation( JFrame.EXIT_ON_CLOSE ); setSize( 500, 500 ); add( createToolBar(), BorderLayout.PAGE_START ); setVisible( true ); } public void addToToolbar( Component component, int row, int column ) { toolbarConstraints.gridx = column; toolbarConstraints.gridy = row; toolbarConstraints.anchor = GridBagConstraints.WEST; toolbarConstraints.fill = GridBagConstraints.NONE; toolbarConstraints.weightx = 0; toolbarConstraints.weighty = 0; toolbarConstraints.gridwidth = 1; toolbarConstraints.gridheight = 1; toolbarLayout.setConstraints( component, toolbarConstraints ); toolbar.add( component ); }// end addToToolbar public final JToolBar createToolBar() { toolbarLayout = new GridBagLayout(); toolbarConstraints = new GridBagConstraints(); // create the tool bar which holds the items to draw toolbar = new JToolBar(); toolbar.setBorderPainted(true); toolbar.setLayout( toolbarLayout ); toolbar.setFloatable( true ); shapeLabel = new JLabel( "Shapes: " ); addToToolbar( shapeLabel, 0, 1 ); String iconNames[] = { "PaintImages/Line.jpg", "PaintImages/Oval.jpg", "PaintImages/Rect.jpg", "PaintImages/3DRect.jpg","PaintImages/PaintBrush.jpg", "PaintImages/RoundRect.jpg"}; ImageIcon shapeIcons[] = new ImageIcon[ shapeNames.length ]; // create image icons for( int shapeButton = 0; shapeButton < shapeNames.length; shapeButton++ ) { shapeIcons[ shapeButton ] = new ImageIcon( iconNames[ shapeButton ] ); }// end for shapeChooser = new JComboBox< ImageIcon >( shapeIcons ); shapeChooser.setSize( new Dimension( 50, 20 )); shapeChooser.setPrototypeDisplayValue( shapeIcons[ 0 ] ); shapeChooser.setSelectedIndex( 0 ); addToToolbar( shapeChooser, 0, 2 ); colorLabel = new JLabel( "Colors: " ); addToToolbar( colorLabel, 0, 3 ); colorChooser = new JComboBox( colorNames ); addToToolbar( colorChooser, 0, 4 ); return toolbar; }// end createToolBar public static void main( String args[] ) { new ToolBarTest(); }// end main }// end class ToolBarTest'

    Read the article

  • How to query data from a password protected https website

    - by Addie
    I'd like my application to query a csv file from a secure website. I have no experience with web programming so I'd appreciate detailed instructions. Currently I have the user login to the site, manually query the csv, and have my application load the file locally. I'd like to automate this by having the user enter his login information, authenticating him on the website, and querying the data. The application is written in C# .NET. The url of the site is: https://www2.emidas.com/default.asp. I've tested the following code already and am able to access the file once the user has already authenticated himself and created a manual query. System.Net.WebClient Client = new WebClient(); Stream strm = Client.OpenRead("https://www3.emidas.com/users/<username>/file.csv"); Here is the request sent to the site for authentication. I've angle bracketed the real userid and password. POST /pwdVal.asp HTTP/1.1 Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; Tablet PC 2.0; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; .NET4.0C; .NET4.0E) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Cookie: ASPSESSIONID<unsure if this data contained password info so removed>; ClientId=<username> Host: www3.emidas.com Content-Length: 36 Connection: Keep-Alive Cache-Control: no-cache Accept-Language: en-US client_id=<username>&password=<password>

    Read the article

  • convert pixels into image

    - by Zeta Op
    what i am trying to do is to convert a pixel from a video cam, into an image to expalin it better imagine a 3d model so.. the pixels would be each polying, and i want to do is to conver each polyigon into an image. what i have so far is this ** import processing.video.*; PImage hoja; Capture cam; boolean uno, dos, tres, cuatro; import ddf.minim.*; Minim minim; AudioPlayer audio; float set; void setup() { //audio minim = new Minim(this); // audio = minim.loadFile("audio"); // audio.loop(); // uno=false; dos=false; tres=false; cuatro=true; size(640, 480); hoja=loadImage("hoja.gif"); cam = new Capture(this, width, height); cam.start(); } void draw() { if (cam.available() == true) { cam.read(); if (uno==true) { filtroUno(); image(cam, 0, 0, 640, 480); } if (dos==true) { filtroDos(); } if(tres==true){ filtroTres(); } if(cuatro==true){ filtroCuatro(); image(cam, set, 0,640,480); } } // The following does the same, and is faster when just drawing the image // without any additional resizing, transformations, or tint. //set(0, 0, cam); } void filtroUno() { cam.loadPixels(); hoja.loadPixels(); for (int i=0;i<cam.pixels.length;i++) { if (brightness(cam.pixels[i])>110) { cam.pixels[i]=color(0, 255, 255); } else { cam.pixels[i]=color(255, 0, 0); } } for (int i=0;i<cam.width;i+=10) { for (int j=0;j<cam.height;j+=10) { int loc=i+(j*cam.width); if (cam.pixels[loc]==color(255, 0, 0)) { for (int x=i;x<i+10;x++) { for (int y=j;y<j+10;y++) { // println("bla"); int locDos=i+(j*cam.width); cam.pixels[locDos]=hoja.get(x, y); } } } } } cam.updatePixels(); } ** the broblem is that each pixel is creating me a matrix, so.. is not recreating what id that to do. i had the method filtroUno but it wasn't showing ok.. and was the result void filtroUno() { cam.loadPixels(); hoja.loadPixels(); for (int i=0;i<cam.pixels.length;i++) { if (brightness(cam.pixels[i])>110) { cam.pixels[i]=color(0, 255, 255); } else { cam.pixels[i]=color(255, 0, 0); } } for (int i=0;i<cam.width;i+=10) { for (int j=0;j<cam.height;j+=10) { int loc=i+j*hoja.width*10; if (cam.pixels[loc]==color(255, 0, 0)) { for (int x=i;x<i+10;x++) { for (int y=j;y<j+10;y++) { // println("bla"); int locDos=x+y*hoja.height*10; cam.pixels[locDos]=hoja.get(x, y); } } } } } cam.updatePixels(); } i hope you can help me thanks note: each red pixel should be the gif image the imge size is 10x10

    Read the article

  • Wordpress blog with Joomla?

    - by user427902
    Hi, I had this Wordpress installation which was installed in a subfolder (not root). Like http: //server/blog/. Now, I installed Joomla on the root (http: //server/). Everything seems to be working fine with the Joomla part. However, the blog part is messed up. If I try to browse the homepage of my blog which is http: //server/blog/ it works like a charm. But while trying to view individual blog pages like say, http: //server/blog/some_category/some_post I get a Joomla 404 page. So, I was wondering if it was possible to use both Wordpress and Joomla in the same server in the setup I am trying to. Let me clarify that I am NOT looking to integrate user login and other such things. I just want the blog to be functional under a subfolder while I run the Joomla site in the root. So, what is the correct way to go about it. Can this be solved by any .config edits or something else? Edit: Here's the .htaccess for Joomla ... (I can't find any .htaccess for Wp though, still looking for it.) ## # @version $Id: htaccess.txt 14401 2010-01-26 14:10:00Z louis $ # @package Joomla # @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved. # @license http://www.gnu.org/copyleft/gpl.html GNU/GPL # Joomla! is Free Software ## ##################################################### # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE # # The line just below this section: 'Options +FollowSymLinks' may cause problems # with some server configurations. It is required for use of mod_rewrite, but may already # be set by your server administrator in a way that dissallows changing it in # your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work, # it has been set by your server administrator and you do not need it set here. # ##################################################### ## Can be commented out if causes errors, see notes above. Options +FollowSymLinks # # mod_rewrite in use RewriteEngine On ########## Begin - Rewrite rules to block out some common exploits ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # ## Deny access to extension xml files (uncomment out to activate) #<Files ~ "\.xml$"> #Order allow,deny #Deny from all #Satisfy all #</Files> ## End of deny access to extension xml files RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # ########## End - Rewrite rules to block out some common exploits # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla! Directory (just / for root) # RewriteBase / ########## Begin - Joomla! core SEF Section # RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/index.php RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC] RewriteRule (.*) index.php RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L] # ########## End - Joomla! core SEF Section

    Read the article

  • Decomposing a rotation matrix

    - by DeadMG
    I have a rotation matrix. How can I get the rotation around a specified axis contained within this matrix? Edit: It's a 3D matrix (4x4), and I want to know how far around a predetermined (not contained) axis the matrix rotates. I can already decompose the matrix but D3DX will only give the entire matrix as one rotation around one axis, whereas I need to split the matrix up into angle of rotation around an already-known axis, and the rest. Sample code and brief problem description: D3DXMATRIX CameraRotationMatrix; D3DXVECTOR3 CameraPosition; //D3DXVECTOR3 CameraRotation; inline D3DXMATRIX GetRotationMatrix() { return CameraRotationMatrix; } inline void TranslateCamera(float x, float y, float z) { D3DXVECTOR3 rvec, vec(x, y, z); #pragma warning(disable : 4238) D3DXVec3TransformNormal(&rvec, &vec, &GetRotationMatrix()); #pragma warning(default : 4238) CameraPosition += rvec; RecomputeVPMatrix(); } inline void RotateCamera(float x, float y, float z) { D3DXVECTOR3 RotationRequested(x, y, z); D3DXVECTOR3 XAxis, YAxis, ZAxis; D3DXMATRIX rotationx, rotationy, rotationz; XAxis = D3DXVECTOR3(1, 0, 0); YAxis = D3DXVECTOR3(0, 1, 0); ZAxis = D3DXVECTOR3(0, 0, 1); #pragma warning(disable : 4238) D3DXVec3TransformNormal(&XAxis, &XAxis, &GetRotationMatrix()); D3DXVec3TransformNormal(&YAxis, &YAxis, &GetRotationMatrix()); D3DXVec3TransformNormal(&ZAxis, &ZAxis, &GetRotationMatrix()); #pragma warning(default : 4238) D3DXMatrixIdentity(&rotationx); D3DXMatrixIdentity(&rotationy); D3DXMatrixIdentity(&rotationz); D3DXMatrixRotationAxis(&rotationx, &XAxis, RotationRequested.x); D3DXMatrixRotationAxis(&rotationy, &YAxis, RotationRequested.y); D3DXMatrixRotationAxis(&rotationz, &ZAxis, RotationRequested.z); CameraRotationMatrix *= rotationz; CameraRotationMatrix *= rotationy; CameraRotationMatrix *= rotationx; RecomputeVPMatrix(); } inline void RecomputeVPMatrix() { D3DXMATRIX ProjectionMatrix; D3DXMatrixPerspectiveFovLH( &ProjectionMatrix, FoV, (float)D3DDeviceParameters.BackBufferWidth / (float)D3DDeviceParameters.BackBufferHeight, FarPlane, NearPlane ); D3DXVECTOR3 CamLookAt; D3DXVECTOR3 CamUpVec; #pragma warning(disable : 4238) D3DXVec3TransformNormal(&CamLookAt, &D3DXVECTOR3(1, 0, 0), &GetRotationMatrix()); D3DXVec3TransformNormal(&CamUpVec, &D3DXVECTOR3(0, 1, 0), &GetRotationMatrix()); #pragma warning(default : 4238) D3DXMATRIX ViewMatrix; #pragma warning(disable : 4238) D3DXMatrixLookAtLH(&ViewMatrix, &CameraPosition, &(CamLookAt + CameraPosition), &CamUpVec); #pragma warning(default : 4238) ViewProjectionMatrix = ViewMatrix * ProjectionMatrix; D3DVIEWPORT9 vp = { 0, 0, D3DDeviceParameters.BackBufferWidth, D3DDeviceParameters.BackBufferHeight, 0, 1 }; D3DDev->SetViewport(&vp); } Effectively, after a certain time, when RotateCamera is called, it begins to rotate in the relative X axis- even though constant zero is passed in for that request when responding to mouse input, so I know that when moving the mouse, the camera should not roll at all. I tried spamming 0,0,0 requests and saw no change (one per frame at 1500 frames per second), so I'm fairly sure that I'm not seeing FP error or matrix accumulation error. I tried writing a RotateCameraYZ function and stripping all X-axis from the function. I've spent several days trying to discover why this is the case, and eventually decided on just hacking around it. Just for reference, I've seen some diagrams on Wikipedia, and I actually have a relatively strange axis layout, which is Y axis up, but X axis forwards and Z axis right, so Y axis yaw, Z axis pitch, X axis roll.

    Read the article

  • I need help converting a C# string from one character encoding to another?

    - by Handleman
    According to Spolsky I can't call myself a developer, so there is a lot of shame behind this question... Scenario: From a C# application, I would like to take a string value from a SQL db and use it as the name of a directory. I have a secure (SSL) FTP server on which I want to set the current directory using the string value from the DB. Problem: Everything is working fine until I hit a string value with a "special" character - I seem unable to encode the directory name correctly to satisfy the FTP server. The code example below uses "special" character é as an example uses WinSCP as an external application for the ftps comms does not show all the code required to setup the Process "_winscp". sends commands to the WinSCP exe by writing to the process standardinput for simplicity, does not get the info from the DB, but instead simply declares a string (but I did do a .Equals to confirm that the value from the DB is the same as the declared string) makes three attempts to set the current directory on the FTP server using different string encodings - all of which fail makes an attempt to set the directory using a string that was created from a hand-crafted byte array - which works Process _winscp = new Process(); byte[] buffer; string nameFromString = "Sinéad O'Connor"; _winscp.StandardInput.WriteLine("cd \"" + nameFromString + "\""); buffer = Encoding.UTF8.GetBytes(nameFromString); _winscp.StandardInput.WriteLine("cd \"" + Encoding.UTF8.GetString(buffer) + "\""); buffer = Encoding.ASCII.GetBytes(nameFromString); _winscp.StandardInput.WriteLine("cd \"" + Encoding.ASCII.GetString(buffer) + "\""); byte[] nameFromBytes = new byte[] { 83, 105, 110, 130, 97, 100, 32, 79, 39, 67, 111, 110, 110, 111, 114 }; _winscp.StandardInput.WriteLine("cd \"" + Encoding.Default.GetString(nameFromBytes) + "\""); The UTF8 encoding changes é to 101 (decimal) but the FTP server doesn't like it. The ASCII encoding changes é to 63 (decimal) but the FTP server doesn't like it. When I represent é as value 130 (decimal) the FTP server is happy, except I can't find a method that will do this for me (I had to manually contruct the string from explicit bytes). Anyone know what I should do to my string to encode the é as 130 and make the FTP server happy and finally elevate me to level 1 developer by explaining the only single thing a developer should understand?

    Read the article

  • Type for use in template object to compare double values

    - by DaClown
    I got this n-dimensional point object: template <class T, unsigned int dimension> class Obj { protected: T coords[dimension]; static const unsigned int size = dimension; public: Obj() { }; Obj(T def) { for (unsigned int i = 0; i < size; ++i) coords[i]=def; }; Obj(const Obj& o) { for (unsigned int i = 0; i < size; ++i) coords[i] = o.coords[i]; } const Obj& operator= (const Obj& rhs) { if (this != &rhs) for (unsigned int i = 0; i < size; ++i) coords[i] = rhs.coords[i]; return *this; } virtual ~Obj() { }; T get (unsigned int id) { if (id >= size) throw std::out_of_range("out of range"); return coords[id]; } void set (unsigned int id, T t) { if (id >= size) throw std::out_of_range("out of range"); coords[id] = t; } }; and a 3D point class which uses Obj as base class: template <class U> class Point3DBase : public Obj<U,3> { typedef U type; public: U &x, &y, &z; public: Point3DBase() : x(Obj<U,3>::coords[0]), y(Obj<U,3>::coords[1]), z(Obj<U,3>::coords[2]) { }; Point3DBase(U def) : Obj<U,3>(def), x(Obj<U,3>::coords[0]), y(Obj<U,3>::coords[1]), z(Obj<U,3>::coords[2]) { }; Point3DBase(U x_, U y_, U z_) : x(Obj<U,3>::coords[0]), y(Obj<U,3>::coords[1]), z(Obj<U,3>::coords[2]) { x = x_; y = y_; z= z_; }; Point3DBase(const Point3DBase& other) : x(Obj<U,3>::coords[0]), y(Obj<U,3>::coords[1]), z(Obj<U,3>::coords[2]) { x = other.x; y = other.y; z = other.z; } // several operators ... }; The operators, basically the ones for comparison, use the simple compare-the-member-object approach like: virtual friend bool operator== (const Point3DBase<U> &lhs, const Point3DBase<U> rhs) { return (lhs.x == rhs.x && lhs.y == rhs.y && lhs.z == rhs.z); } Then it occured to me that for the comparion of double values the simply equality approach is not very useful since double values should be compared with an error margin. What would be the best approach to introduce an error margin into the point? I thought about an epsDouble type as template parameter but I can't figure out how to achieve this.

    Read the article

  • How should I ethically approach user password storage for later plaintext retrieval?

    - by Shane
    As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to email a forgotten password link, walk them through over the phone, etc.) When I can I fight bitterly against this practice and I do a lot of ‘extra’ programming to make password resets and administrative assistance possible without storing their actual password. When I can’t fight it (or can’t win) then I always encode the password in some way so that it at least isn’t stored as plaintext in the database—though I am aware that if my DB gets hacked that it won’t take much for the culprit to crack the passwords as well—so that makes me uncomfortable. In a perfect world folks would update passwords frequently and not duplicate them across many different sites—unfortunately I know MANY people that have the same work/home/email/bank password, and have even freely given it to me when they need assistance. I don’t want to be the one responsible for their financial demise if my DB security procedures fail for some reason. Morally and ethically I feel responsible for protecting what can be, for some users, their livelihood even if they are treating it with much less respect. I am certain that there are many avenues to approach and arguments to be made for salting hashes and different encoding options, but is there a single ‘best practice’ when you have to store them? In almost all cases I am using PHP and MySQL if that makes any difference in the way I should handle the specifics. Additional Information for Bounty I want to clarify that I know this is not something you want to have to do and that in most cases refusal to do so is best. I am, however, not looking for a lecture on the merits of taking this approach I am looking for the best steps to take if you do take this approach. In a note below I made the point that websites geared largely toward the elderly, mentally challenged, or very young can become confusing for people when they are asked to perform a secure password recovery routine. Though we may find it simple and mundane in those cases some users need the extra assistance of either having a service tech help them into the system or having it emailed/displayed directly to them. In such systems the attrition rate from these demographics could hobble the application if users were not given this level of access assistance, so please answer with such a setup in mind. Thanks to Everyone This has been a fun questions with lots of debate and I have enjoyed it. In the end I selected an answer that both retains password security (I will not have to keep plain text or recoverable passwords), but also makes it possible for the user base I specified to log into a system without the major drawbacks I have found from normal password recovery. As always there were about 5 answers that I would like to have marked correct for different reasons, but I had to choose the best one--all the rest got a +1. Thanks everyone!

    Read the article

  • use simplexml to get attributes of elements

    - by user1291894
    I am trying to parse an xml file with a soap envelope from a web service using php. I would like to use SoapClient, but I get an error back that 'page must be viewed over secure channel SSL', which I think is an issue on their end, so I gave up on that. Currently I am using curl to get a result back. Then I put it into a simplexml object like so: <?php $xml = @simplexml_load_string($result, NULL, NULL, "http://schemas.xmlsoap.org/soap/envelope/"); $xml->registerXPathNamespace('xs', 'http://www.w3.org/2001/XMLSchema'); $output = $xml->xpath('//soap:Body'); ?> I now have this: Array ( [0] => SimpleXMLElement Object ( [GetDocumentListResponse] => SimpleXMLElement Object ( [GetDocumentListResult] => <NewDataSet> <xs:schema id="NewDataSet" xmlns="" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:msdata="urn:schemas-microsoft-com:xml-msdata"> <xs:element name="_x0023_temp_list"> <xs:complexType> <xs:attribute name="tran_datetime" type="xs:string" /> <xs:attribute name="sender" type="xs:string" /> <xs:attribute name="doc_type_num" type="xs:string" /> <xs:attribute name="doc_date" type="xs:string" /> <xs:attribute name="doc_num" type="xs:string" /> <xs:attribute name="doc_sys_no" type="xs:string" /> <xs:attribute name="is_new" type="xs:string" /> </xs:complexType> </xs:element> <xs:element name="NewDataSet" msdata:IsDataSet="true" msdata:UseCurrentLocale="true"> <xs:complexType> <xs:choice minOccurs="0" maxOccurs="unbounded"> <xs:element ref="_x0023_temp_list" /> </xs:choice> </xs:complexType> </xs:element> </xs:schema> <_x0023_temp_list tran_datetime="2012-03-22T13:37:17.237" sender="webservice" doc_type_num="100" doc_date="2012-03-22T13:37:17.253" doc_num="12345" doc_sys_no="1234567" is_new="1" /> </NewDataSet> ) ) ) I am able to loop through this object and get to the part between the "NewDataSet" tags, but I can't seem to get to the individual elements. What I need is the attributes in the last tag that starts with _x0023_temp_list. I'm not sure if the tag is always going to be named that, so I will probably also have to deal with getting attributes from the tag with the xs namespace as well. I've read quite a few other posts and have tried several different methods of getting the info and so far nothing has seemed to work.

    Read the article

  • Webservice for uploading data: security considerations

    - by Philip Daubmeier
    Hi everyone! Im not sure about what authentification method I should use for my webservice. I've searched on SO, and found nothing that helped me. Preliminary Im building an application that uploads data from a local database to a server (running my webservice), where all records are merged and stored in a central database. I am currently binary serializing a DataTable, that holds a small fragment of the local database, where all uninteresting stuff is already filtered out. The byte[] (serialized DataTable), together with the userid and a hash of the users password is then uploaded to the webservice via SOAP. The application together with the webservice already work exactly like intended. The Problem The issue I am thinking about is now: What is if someone just sniffs the network traffic, 'steals' the users id and password hash to send his own SOAP message with modified data that corrupts my database? Options The approaches to solving that problem, I already thought of, are: Using ssl + certificates for establishing the connection: I dont really want to use ssl, I would prefer a simpler solution. After all, every information that is transfered to the webservice can be seen on the website later on. What I want to say is: there is no secret/financial/business-critical information, that has to be hidden. I think ssl would be sort of an overkill for that task. Encrypting the byte[]: I think that would be a performance killer, considering that the goal of the excercise was simply to authenticate the user. Hashing the users password together with the data: I kind of like the idea: Creating a checksum from the data, concatenating that checksum with the password-hash and hashing this whole thing again. That would assure the data was sent from this specific user, and the data wasnt modified. The actual question So, what do you think is the best approach in terms of meeting the following requirements? Rather simple solution (As it doesnt have to be super secure; no secret/business-critical information transfered) Easily implementable retrospectively (Dont want to write it all again :) ) Doesnt impact to much on performance What do you think of my prefered solution, the last one in the list above? Is there any alternative solution I didnt mention, that would fit better? You dont have to answer every question in detail. Just push me in the right direction. I very much appreciate every well-grounded opinion. Thanks in advance!

    Read the article

  • Authenticating users in iPhone app

    - by Myron
    I'm developing an HTTP api for our web application. Initially, the primary consumer of the API will be an iPhone app we're developing, but I'm designing this with future uses in mind (such as mobile apps for other platforms). I'm trying to decide on the best way to authenticate users so they can access their accounts from the iPhone. I've got a design that I think works well, but I'm no security expert, so I figured it would be good to ask for feedback here. The design of the user authentication has 3 primary goals: Good user experience: We want to allow users to enter their credentials once, and remain logged in indefinitely, until they explicitly log out. I would have considered OAuth if not for the fact that the experience from an iPhone app is pretty awful, from what I've heard (i.e. it launches the login form in Safari, then tells the user to return to the app when authentication succeeds). No need to store the user creds with the app: I always hate the idea of having the user's password stored in either plain text or symmetrically encrypted anywhere, so I don't want the app to have to store the password to pass it to the API for future API requests. Security: We definitely don't need the intense security of a banking app, but I'd obviously like this to be secure. Overall, the API is REST-inspired (i.e. treating URLs as resources, and using the HTTP methods and status codes semantically). Each request to the API must include two custom HTTP headers: an API Key (unique to each client app) and a unique device ID. The API requires all requests to be made using HTTPS, so that the headers and body are encrypted. My plan is to have an api_sessions table in my database. It has a unique constraint on the API key and unique device ID (so that a device may only be logged into a single user account through a given app) as well as a foreign key to the users table. The API will have a login endpoint, which receives the username/password and, if they match an account, logs the user in, creating an api_sessions record for the given API key and device id. Future API requests will look up the api_session using the API key and device id, and, if a record is found, treat the request as being logged in under the user account referenced by the api_session record. There will also be a logout API endpoint, which deletes the record from the api_sessions table. Does anyone see any obvious security holes in this?

    Read the article

  • Javascript problem when setting src for img element in FireFox - string parsing error?

    - by Kevin
    I'm having problems with image's on the page. I'm using Javascript to create the elements, and in FireFox it seems the string that I'm using to set the innerHTML is not being parsed correctly. I'll see this when the server page is requested with invalid GET variables. They look like this (from the PHP script's error handler): GET[] = Array ( [shrink] => true [file_id] => \' file_id \' [refresh] => \' now.getTime() \' ) This only happens for about 5% of requests, which is making it difficult to solve. I have been able to reproduce this myself in FireFox, and Firebug will show that the URL it is trying to fetch is: https://www.domain.com/secure/%27%20+%20image_src%20+%20%27 I read somewhere that it might be related to FireFox prefetching content (can't find it googling now), since it seems to only happen on FireFox. Disabling prefetching in about:config does prevent the problem from occurring, but I'm looking for another solution or workaround that doesn't involve end users changing their configurations. Here's the specifics and code: I have an empty table cell on an HTML page. In JQuery's $(document).ready() function for the page, I used JQuery's $.ajax() method to get some data from the server about what should be in that cell. It returns the file_id variable, which for simplicity I just set below. It then sets the empty table cell to have an image with src that points to a page that will serve the image file depending on what file_id is passed. This part of the code was JQuery originally, so I changed it to straight Javascript but that didn't help anything. //get data about image from server //this is actually done through JQuery's $.ajax() but you get the idea var file_id = 12; //create the src for the img //the refresh is to prevent the image from being cached ever, since the page's //javascript will be it changes //during the course of the page's life var now = new Date(); var image_src = 'serve_image.php?shrink=true&file_id=' + file_id + '&refresh=' + now.getTime(); //create document.getElementById('image_cell').innerHTML = '<A target="_blank" href="serve_image.php?file_id=' + file_id + '">' + '<IMG id=image_element src="' + image_src + '" alt="Loading...">' + '</A>';` Any help would be greatly appreciated. Thanks!

    Read the article

  • Web service security not working. Java

    - by Nitesh Panchal
    Hello, I have a ejb module which contains my ejbs as well as web services. I am using Netbeans 6.8 and Glassfish V3 I right clicked on my web service and clicked "edit web service attributes" and then checked "secure service" and then selected keystore of my server. This is my sun-ejb-jar.xml file :- <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd"> <sun-ejb-jar> <security-role-mapping> <role-name>Admin</role-name> <group-name>Admin</group-name> </security-role-mapping> <security-role-mapping> <role-name>General</role-name> <group-name>General</group-name> </security-role-mapping> <security-role-mapping> <role-name>Member</role-name> <group-name>Member</group-name> </security-role-mapping> <enterprise-beans> <ejb> <ejb-name>MemberBean</ejb-name> <webservice-endpoint> <port-component-name>wsMember</port-component-name> <login-config> <auth-method>BASIC</auth-method> <realm>file</realm> </login-config> </webservice-endpoint> </ejb> </enterprise-beans> </sun-ejb-jar> Here MemberBean is my ejb and wsMember is my webservice. Then i made another project and added web service client and again right clicked on "edit web service attributes" and gave password as test and test. This username and password (test) is in Glassfish server in file realm. But when i try to invoke my webservice i always get SEC5046: Audit: Authentication refused for [test]. SEC1201: Login failed for user: test What am i doing wrong? Am i missing something?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 242 243 244 245 246 247 248 249 250 251 252 253  | Next Page >