Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 270/509 | < Previous Page | 266 267 268 269 270 271 272 273 274 275 276 277  | Next Page >

  • AS3 ExternalInterface works in IE but not Firefox

    - by user567602
    Hi all, I am trying to execute an AS3 function from my javascript using the ExternalInterface. Seems to work fine in IE, but firefox is always returning javascript error method undefined. I have been Googling this for ages and eliminated the following possibilities: 1) Some people say you need to have an embed tag inside your object tag, so added one - no luck. 2) Many people say that you need to make sure that your flash is loaded before calling the javascript. Well my call is after pressing a link on the page. I am always using the flash application first and only pressing the link at the end. 3) Then I thought that maybe it is a security problem so added the following: try { ExternalInterface.addCallback("test", testing); trace("added callback"); } catch (error:SecurityError) { trace("Security Error:"+error.message); } catch (error:Error) { trace("Error:"+error.message); } But it prints out "added callback" :( Anyone else have any ideas what else could I possible try? I am running the latest Firefox and FlashPlayer 10. Regards, Olli

    Read the article

  • How to fix Java Image Fetcher error ?

    - by Frank
    My code looks like this : private static JFileChooser fc; if (fc==null) { fc=new JFileChooser(Image_Dir); fc.addChoosableFileFilter(new Image_Filter()); // Add a custom file filter and disable the default (Accept All) file filter. fc.setAcceptAllFileFilterUsed(false); fc.setAccessory(new Image_Preview(fc)); // Add the preview pane. } int returnVal=fc.showDialog(JFileChooser_For_Image.this,"Get Image"); // Show it. After I select an image from the panel, I got the following error message : Exception in thread "Image Fetcher 0" java.lang.UnsatisfiedLinkError: Native Library C:\Program Files (x86)\Java\jre6\bin\jpeg.dll already loaded in another classloader at java.lang.ClassLoader.loadLibrary0(Unknown Source) at java.lang.ClassLoader.loadLibrary(Unknown Source) at java.lang.Runtime.loadLibrary0(Unknown Source) at java.lang.System.loadLibrary(Unknown Source) at sun.security.action.LoadLibraryAction.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.awt.image.JPEGImageDecoder.<clinit>(Unknown Source) at sun.awt.image.InputStreamImageSource.getDecoder(Unknown Source) at sun.awt.image.FileImageSource.getDecoder(Unknown Source) at sun.awt.image.InputStreamImageSource.doFetch(Unknown Source) at sun.awt.image.ImageFetcher.fetchloop(Unknown Source) at sun.awt.image.ImageFetcher.run(Unknown Source) When I run it from an executable Jar file, it works fine, but after I wrapped it into an exe file, I got the above error, why ? How to fix it ?

    Read the article

  • Optimization in Common Decalaration

    - by Pratik
    Its a 3-tier ASP.NET Website Project In Data Layer there is class "Common Decalaration" in which lot of common things are mentioned. Something this way : public class CommonDeclartion { #region Common Messages public const string RECORD_INSERT_MSG = "Record Inserted Successfully "; public const string RECORD_UPDATE_MSG = "Record Updated Successfully"; public const string RECORD_DELETE_MSG = "Record Deleted Successfully"; public const string ERROR_MSG = "Error Ocuured while Perfoming This Action."; public const string UserID_Incorrect = "Please Enter The Correct User ID."; public const string RECORD_ALREADY_EXIT = "Record Already Exit"; public const string NO_RECORD = "No Record found."; #endregion } Can this be more optimized in terms of : 1.Perfomance 2.Security(if any) 3.Code Readablity or Reusablity I thought of using enum but can't figure that out : enum CommonMessages { RECORD_INSERT_MSG "Record Inserted Successfully.", RECORD_UPDATE_MSG "Record Updated Successfully.", RECORD_DELETE_MSG "Record Deleted Successfully.", ERROR_MSG "Error Ocuured while Perfoming This Action.", UserID_Incorrect "Please Enter The Correct User ID.", RECORD_ALREADY_EXIT "Record Already Exit.", NO_RECORD "No Record found.", } or else should keep them in some collections like dictionary/NameValueCollection or so or i have to keep them in XML in form of key/value pair and reterive from it ? What can be better way keeping in mind 1.Perfomance 2.Security(if any) 3.Code Readablity or Reusablity

    Read the article

  • Problems with video conversions through the web (local host)

    - by ron-d
    Hello, I get the following errors when I attempt video format conversions called from the local host: “An invalid media type was specified” for M4V to WMV conversions. “One or more arguments are invalid” for MP4 to WMV conversions. Here are the details of the problems: I’ve written a dll in C# that accepts videos in the formats AVI, WMV, M4V and MP4 and performs the following actions: Creates a copy of the input video in WMV format . Creates a WAV file of the input video audio portion. Creates a JPG image from a frame of the input video. I attached the dll to an ASP.NET web project that performs the dll actions. When tested through the developer studio, the actions are performed as intended for all formats. When I place the web project in place to be read when the local host is called through the web browser, the following behavior takes place: WMV format: All actions performed as intended. AVI format: Creates WMV file – OK Creates JPG image – OK Creates empty WAV file – problem. M4V format: Creates empty WAV file – problem. Does not create WMV file -problem Does not create JPG file –problem Throws me the error “An invalid media type was specified” MP4 format: Creates empty WAV file – problem. Does not create WMV file -problem Does not create JPG file –problem Throws me the error “One or more arguments are invalid” When I check their security property, all the files have the same permission access parameters (when I check their security property. Can anyone guide me as to how to solve these problems when the web project is called from the local host? Thank you.

    Read the article

  • Remote connection to SQL Server Express fails

    - by worlds-apart89
    I have two computers that share the same Internet IP address. Using one of the computers, I can remotely connect to a SQL Server database on the other. Here is my connection string: SqlConnection connection = new SqlConnection(@"Data Source=192.168.1.101\SQLEXPRESSNI,1433;Network Library=DBMSSOCN;Initial Catalog=FirstDB;Persist Security Info=True;User ID=username;Password=password;"); 192.168.1.101 is the server, SQLEXPRESSNI is the SQL Server instance name, and FirstDB is the name of the database. Now, I have another computer with a different Internet IP address. I want to connect to the server above using the third computer that does not belong to my local area network. I dont have access to that third computer at the moment, so I want to use (if possible) the client computer in LAN again. SqlConnection connection = new SqlConnection(@"Data Source=SharedInternetIP\SQLEXPRESSNI,1433;Network Library=DBMSSOCN;Initial Catalog=FirstDB;Persist Security Info=True;User ID=username;Password=password;"); Does not work Note that I am a beginner, so I am not quite sure what I am doing even though I know what I want to do. By passing the Internet IP to the SqlConnection object rather than the local IP address, how can I successfully connect to the server computer, using the client computer in the same network? Also note that my ultimate goal is to connect to the server with an external client, but I don't have access to that computer right now. I'd appreciate any help.

    Read the article

  • Using Lucene to index private data, should I have a separate index for each user or a single index

    - by Nathan Bayles
    I am developing an Azure based website and I want to provide search capabilities using Lucene. (structured json objects would be indexed and stored in Lucene and other content such as Word documents, etc. would be indexed in lucene but stored in blob storage) I want the search to be secure, such that one user would never see a document belonging to another user. I want to allow ad-hoc searches as typed by the user. Lastly, I want to query programmatically to return predefined sets of data, such as "all notes for user X". I think I understand how to add properties to each document to achieve these 3 objectives. (I am listing them here so if anyone is kind enough to answer, they will have better idea of what I am trying to do) My questions revolve around performance and security. Can I improve document security by having a separate index for each user, or is including the user's ID as a parameter in each search sufficient? Can I improve indexing speed and total throughput of the system by having a separate index for each user? My thinking is that having separate indexes would allow me to scale the system by having multiple index writers (perhaps even on different server instances) working at the same time, each on their own index. Any insight would be greatly appreciated. Regards, Nate

    Read the article

  • WCF + Azure = Nightmare!

    - by lsb
    Hi! I've spent the prior week trying to get a secure form of WCF to work on Azure, but all to no avail! My use case is pretty simple. I want to call a WCF endpoint in the cloud and pass messages to be queued for a Worker Role. Beyond that I want to limit access to pre-authrorized users, authenticated via username & password. I've tried to get this working with Transport, TransportWithMessageCredential and Message security but nothing seems to work. Indeed, I've worked through every example and snippet that I could find, most recently the "Service using binary HTTP binding with transport security and message credentials and Silverlight client" example on the http://code.msdn.microsoft.com/wcfazure page. I'm pretty sure that I'm being knocked down by small bugs and beta changes but the end result is that I'm totally stuck. This is a critical path item for me so any suggestions would be greatly appreciated. A complete working example or a walkthrough would be even better!

    Read the article

  • Best practice how to store HTML in a database column

    - by tbrandao
    I have an application that modifies a table dynamically, think spreadsheet), then upon saving the form (which the table is part of) ,I store that changed table (with user modifications) in a database column named html_Spreadhseet,along with the rest of the form data. right now I'm just storing the html in a plain text format with basic escaping of characters... I'm aware that this could be stored as a separate file, the source table (html_workseeet) already is. But from a data handling perspective its easier to save the changed html table to and from a column so as to avoid having to come up with a file management strategy (which folder will this live in, now must include folder in backups, security issues now need to apply to files, how to sync db security with file system etc.), so to minimize these issues I'm only storing the ... part in the database column. My question is should I gzip the HTML , maybe use JSON, or some other format to easily store and retrieve the HTML from the database column, what is the best practice to store HTML content in a datbase? Or just store it as I currently am as an escaped text column?

    Read the article

  • Silverlight 4 webclient authentication - anyone have this working yet?

    - by Toran Billups
    So one of the best parts about the new Silverlight 4 beta is that they finally implemented the big missing feature of the networking stack - Network Credentials! In the below I have a working request setup, but for some reason I get a "security error" when the request comes back - is this because twitter.com rejected my api call or something that I'm missing in code? It might be good to point out that when I watch this code execute via fiddler it shows that the xml file for cross domain is pulled down successfully, but that is the last request shown by fiddler ... public void RequestTimelineFromTwitterAPI() { WebRequest.RegisterPrefix("https://", System.Net.Browser.WebRequestCreator.ClientHttp); WebClient myService = new WebClient(); myService.AllowReadStreamBuffering = true; myService.UseDefaultCredentials = false; myService.Credentials = new NetworkCredential("username", "password"); myService.UseDefaultCredentials = false; myService.OpenReadCompleted += new OpenReadCompletedEventHandler(TimelineRequestCompleted); myService.OpenReadAsync(new Uri("https://twitter.com/statuses/friends_timeline.xml")); } public void TimelineRequestCompleted(object sender, System.Net.OpenReadCompletedEventArgs e) { //anytime I query for e.Result I get a security error }

    Read the article

  • Paramiko ssh output stops at --more--

    - by Anesh
    The output stops printing at --more-- any idea how to get the end of the output >>> import paramiko >>> ssh = paramiko.SSHClient() >>> ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) >>> conn=ssh.connect("ipaddress",username="user", password="pass") >>> channel = ssh.invoke_shell() >>> channel.send("en\n") 3 >>> channel.send("password\n") 9 >>> channel.send("show security local-user-list\n") 30 >>> results = '' >>> channel.send("\n") 1 >>> results += channel.recv(5000) >>> print results bluecoat>en Password: bluecoat#show security local-user-list Default List: local_user_database Append users loaded from file to default list: false local_user_database Lockout parameters: Max failed attempts: 60 Lockout duration: 3600 Reset interval: 7200 Users: Groups: admin_local Lockout parameters: Max failed attempts: 60 Lockout duration: 3600 Reset interval: 7200 Users: <username> Hashed Password: Enabled: true Groups: <username> Hashed Password: Enabled: true **--More--** As you can see above the output stops printing at --more-- any idea how to get the output to print till the end.

    Read the article

  • Am I encrypting my passwords correctly in ASP.NET

    - by Nick
    I have a security class: public class security { private static string createSalt(int size) { //Generate a random cryptographic number RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); byte[] b = new byte[size]; rng.GetBytes(b); //Convert to Base64 return Convert.ToBase64String(b); } /// <summary> /// Generate a hashed password for comparison or create a new one /// </summary> /// <param name="pwd">Users password</param> /// <returns></returns> public static string createPasswordHash(string pwd) { string salt = "(removed)"; string saltAndPwd = string.Concat(pwd, salt); string hashedPwd = FormsAuthentication.HashPasswordForStoringInConfigFile( saltAndPwd, "sha1"); return hashedPwd; } } This works fine, but I am wondering if it is sufficient enough. Also, is this next block of code better? Overkill? static byte[] encrInitVector = new byte[] { 0x12, 0x34, 0x56, 0x78, 0x90, 0xAB, 0xCD, 0xEF }; static string encrKey = "(removed)"; public static string EncryptString(string s) { byte[] key; try { key = Encoding.UTF8.GetBytes(encrKey.Substring(0, 8)); DESCryptoServiceProvider des = new DESCryptoServiceProvider(); byte[] inputByteArray = Encoding.UTF8.GetBytes(s); MemoryStream ms = new MemoryStream(); CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(key, encrInitVector), CryptoStreamMode.Write); cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); return Convert.ToBase64String(ms.ToArray()); } catch (Exception e) { throw e; }

    Read the article

  • An Erroneous SQL Query makes browser hang until script timeout exceeded

    - by Jimbo
    I have an admin page in a Classic ASP web application that allows the admin user to run queries against the database (SQL Server 2000) Whats really strange is that if the query you send has an error in it (an invalid table join, a column you've forgotten to group by etc) the BROWSER hangs (CPU usage goes to maximum) until the SERVER script timeout is exceeded and then spits out a timeout exceeded error (server and browser are on different machines, so not sure how this happens!) I have tried this in IE 8 and FF 3 with the same result. If you run that same query (with errors) directly from SQL Enterprise Manager, it returns the real error immediately. Is this a security feature? Does anyone know how to turn it off? It even happens when the connection to the database is using 'sa' credentials so I dont think its a security setting :( Dim oRS Set oRS = Server.CreateObject("ADODB.Recordset") oRS.ActiveConnection = sConnectionString // run the query - this is for the admin only so doesnt check for sql safe commands etc. oRS.Open Request.Form("txtSQL") If Not oRS.EOF Then // list the field names from the recordset For i = 0 to oRS.Fields.Count - 1 Response.Write oRS.Fields(i).name & "&nbsp;" Next // show the data for each record in the recordset While Not oRS.EOF For i = 0 to oRS.Fields.Count - 1 Response.Write oRS.Fields(i).value & "&nbsp;" Next Response.Write "<br />" oRS.Movenext() Wend End If

    Read the article

  • Why does this program require MSVCR80.dll and what's the best solution for this kinda problem?

    - by Runner
    #include <gtk/gtk.h> int main( int argc, char *argv[] ) { GtkWidget *window; gtk_init (&argc, &argv); window = gtk_window_new (GTK_WINDOW_TOPLEVEL); gtk_widget_show (window); gtk_main (); return 0; } I tried putting various versions of MSVCR80.dll under the same directory as the generated executable(via cmake),but none matched. Is there a general solution for this kinda problem? UPDATE Some answers recommend install the VS redist,but I'm not sure whether or not it will affect my installed Visual Studio 9, can someone confirm? Manifest file of the executable <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel> </requestedPrivileges> </security> </trustInfo> <dependency> <dependentAssembly> <assemblyIdentity type="win32" name="Microsoft.VC90.DebugCRT" version="9.0.21022.8" processorArchitecture="x86" publicKeyToken="1fc8b3b9a1e18e3b"></assemblyIdentity> </dependentAssembly> </dependency> </assembly> It seems the manifest file says it should use the MSVCR90, why it always reporting missing MSVCR80.dll? FOUND After spending several hours on it,finally I found it's caused by this setting in PATH: D:\MATLAB\R2007b\bin\win32 After removing it all works fine.But why can that setting affect my running executable from using msvcr90 to msvcr80 ???

    Read the article

  • Sharepoint Active directory forms authentication

    - by Sushant
    Hi, I am devloping a sharepoint website in Forms authentication mode. I am trying to authenticate myself/ my company users against company's active directory. The ldap path I received from my technical team is LDAP://infinmumcfac.inf.com OU=Infotech,DC=inf,DC=com I got this piece of code from microsoft site. <membership defaultProvider="LdapMembershipProvider"> <providers> <add name="LdapMembership" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server="DC" port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer="CN=Users,DC=userName,DC=local" userObjectClass="person" userFilter="(|(ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> </providers> </membership> The site asked me to change the Server and Usercontainer attribute. I have modified the code to <membership defaultProvider="LdapMembershipProvider"> <providers> <add name="LdapMembership" type="Microsoft.Office.Server.Security.LDAPMembershipProvider, Microsoft.Office.Server, Version=12.0.0.0, Culture=neutral, PublicKeyToken=71E9BCE111E9429C" server=” infinmumcfac.inf.com” port="389" useSSL="false" userDNAttribute="distinguishedName" userNameAttribute="sAMAccountName" userContainer=" OU=Infotech,DC=inf,DC=com " userObjectClass="person" userFilter="(|(ObjectCategory=group)(ObjectClass=person))" scope="Subtree" otherRequiredUserAttributes="sn,givenname,cn" /> </providers> </membership> I placed this code in web.config file of central administration site and my sharepoint website . I am still facing login issues. Any help or insight would be highly grateful.Thanking in anticipation.

    Read the article

  • Custom PHP Framework Feedback

    - by Jascha
    I've been learning OOP programming for about a year and a half now and have developed a fairly standard framework to which I generally abide by. I'd love some feedback or input on how I might improve some functionality or if there are some things I'm overlooking. VIEW MODE 1) Essentially everything starts at the Index.php page. The first thing I do is require my "packages.php" file that is basically a config file that imports all of the classes and function lists I'll be using. 2) I have no direct communication between my index.php file and my classes, what I've done is "pretty them up" with my viewfunctions.php file which is essentially just a conduit to the classes so that in my html I can write <?php get_title('page'); ?> instead of <?php echo $pageClass->get_title('page'); ?> Plus, I can run a couple small booleans and what not in the view function script that can better tailor the output of the class. 3) Any information brought in via the database is started from it's corresponding class that has direct communication with the database class, the only class that is allowed direct to communicate with the database (allowed in the sense that I run all of my queries with custom class code). INPUT MODE 1) Any user input is sent to my userFunctions.php. 2) My security class is then instantiated where I send whatever user input that has been posted for verification and validation. 3) If the input passes my security check, I then pass it to my DB class for input into my Database. FEEDBACK I'm wondering if there are any glaringly obvious pitfalls to the general structure, or ways I can improve this. Thank you in advance for your input. I know there is real no "right" answer for this, but I imagine a couple up votes would be in order for some strong advice regarding building frameworks. -J

    Read the article

  • .NET Embedded Manifest Crashes XP

    - by Alan Spark
    Hi, I am embedding a manifest in a .NET exe so that it can request elevated permissions in Vista and Windows 7. The manifest that I am using is as follows: <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <assemblyIdentity version="1.0.0.0" name="ElevationTest" type="win32"/> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator"/> </requestedPrivileges> </security> </trustInfo> </assembly> It works as expected in Vista and Windows 7 but crashes XP with the standard "... has encountered a problem and needs to close..." error. If I don't embed any manifest then it works as expected but will obviously not have the required permissions in Vista and Windows 7. What is a standard way of producing an exe that will function with the correct permissions in XP and Vista / Windows 7? Thanks, Alan

    Read the article

  • Basic user authentication with records in AngularFire

    - by ajkochanowicz
    Having spent literally days trying the different, various recommended ways to do this, I've landed on what I think is the most simple and promising. Also thanks to the kind gents from this SO question: Get the index ID of an item in Firebase AngularFire Curent setup Users can log in with email and social networks, so when they create a record, it saves the userId as a sort of foreign key. Good so far. But I want to create a rule so twitter2934392 cannot read facebook63203497's records. Off to the security panel Match the IDs on the backend Unfortunately, the docs are inconsistent with the method from is firebase user id unique per provider (facebook, twitter, password) which suggest appending the social network to the ID. The docs expect you to create a different rule for each of the login method's ids. Why anyone using 1 login method would want to do that is beyond me. (From: https://www.firebase.com/docs/security/rule-expressions/auth.html) So I'll try to match the concatenated auth.provider with auth.id to the record in userId for the respective registry item. According to the API, this should be as easy as In my case using $registry instead of $user of course. { "rules": { ".read": true, ".write": true, "registry": { "$registry": { ".read": "$registry == auth.id" } } } } But that won't work, because (see the first image above), AngularFire sets each record under an index value. In the image above, it's 0. Here's where things get complicated. Also, I can't test anything in the simulator, as I cannot edit {some: 'json'} To even authenticate. The input box rejects any input. My best guess is the following. { "rules": { ".write": true, "registry": { "$registry": { ".read": "data.child('userId').val() == (auth.provider + auth.id)" } } } } Which both throws authentication errors and simultaneously grants full read access to all users. I'm losing my mind. What am I supposed to do here?

    Read the article

  • When to use basic types (Integer, String), and when to write a new class?

    - by belgarat
    Stackoverflow users: A lot of things can be represented in programs by using the basic types, or we can create a new class for it. Example: A social security number can be a number, string or its own object. (Other common examples: Phone numbers, names, zip codes, user id, order id and other id's.) My question is: When should the basic types be used, and when should we write ourselves a new class? I see that when you need to add behavior, you'll want to create a class (example, social security number parsing, validation, formatting, etc). But is this the only criteria? I have come across cases where many of these things are represented as java Integers and/or Strings. We loose the benefit of type-checking, and I have often seen bugs caused by parameters being mixed in calls to function(Intever, Integer, Integer, Integer). On the other hand, some programmers are opposed to over-designing by creating classes for "eveything". Obviously, the answer is "it depends". But, what do you think, and what do you normally do?

    Read the article

  • Peoplesoft queries - performance

    - by DBa
    Hi, I'm facing a problem with PeopleSoft queries (using Oracle backend database): when a rather complex query involving multiple records is set off by a user, PS does an enforced join of security records, thus producing SQL like this: select .... from ps_job a, PS_EMPL_SRCQRY a1, ps_table2 b, ps_sec_rcd2 b1, ps_table3 c, ps_sec_rcd3 c1 where (...security joins a-a1, b-b1, c-c1...) and (...joins of a, b and c...) and a.setid_dept = 'XYZ'; (let's assume the last condition has a high selectivity and there is an index on the column) Obviously, due to the arrangement of the conditions, first a huge join is created, written to the temp segment, and when the last condition is finally applied, only a small subset is selected. A query formulated in this way is very likely to hit the preset timeout of the APPSRV, and even of the QRYSRV. When writing the query manually, I would rather move the most selective condition to the start, thus limiting the amount of the data being handled, to a considerable level. Any ideas on how to make PS behave like this? Actually, already rewriting "Oracle-styled" SQL to ANSI SQL seems to accelerate the queries - however, PS writes Oracle-style queries... Thanks in advance DBa

    Read the article

  • Finding out inside which iframe a script is executing

    - by juandopazo
    I have a page with several iframes. One of this iframes has a page from a different domain. Inside this iframe there's another iframe with a page from the parent domain. my page from mydomain.com -> an iframe -> iframe "#foo" from another-domain.com> -> iframe "#bar" from mydomain.com -> another iframe I need to get a reference to the "#foo" node inside the main page. The security model should allow me to do that because "#bar" has the same domain as the main page. So what I'm doing is iterating through the window.top array and comparing each element to the window object which is currently the "#bar" window object. My test code looks like: for (var i = 0; i < top.length; i++) { for (var j = 0; j < top[i].length; j++) { if (top[i][j] == window) { alert("The iframe number " + i + " contains me"); } } } This works fine in all browsers, but Internet Explorer 6 throws a security error when accesing top[i][j]. Any ideas on how to solve this on IE6? Thanks!

    Read the article

  • IIS publish of WCF service -- fails with no error message

    - by tavistmorph
    I havea WCF service which I publish from Visual Studio 2008 to an IIS 6. According to the output window of VS, the publish succeeded, no error messages or warnings. When I look at IIS, the virtual directory was created, but there is no .svc listed in the directory. The directory just has my web.config and a bin. Any attempts to call my WCF service fail cause they don't exist. How can I see an error message of what's going wrong? By trial-and-error, I discovered changing my app.config before publishing will make the service show up. Namely my app.config file has these lines: <binding ...> <security mode="Transport"> <transport clientCreditionalType="None"/> </security> </binding> If I switch "Transport" to "None", then my service shows up on IIS. But I do have a certificate installed on IIS on the server, and as far as I can tell, everything is configured correctly on the server. There is no error message in the event log. How can I get a find more error messages about why the service is failing to show up?

    Read the article

  • Codeigniter xss_clean dilemma

    - by Henson
    I know this question has been asked over and over again, but I still haven't found the perfect answer for my liking, so here it goes again... I've been reading lots and lots polarizing comments about CI's xss_filter. Basically majority says that it's bad. Can someone elaborate how it's bad, or at least give 1 most probable scenario where it can be exploited? I've looked at the security class in CI 2.1 and I think it's pretty good as it doesn't allow malicious strings like document.cookie, document.write, etc. If the site has basically non-html presentation, is it safe to use global xss_filter (or if it's REALLY affecting performance that much, use it on per form post basis) before inserting to database ? I've been reading about pros and cons about whether to escape on input/output with majority says that we should escape on output only. But then again, why allow strings like <a href="javascript:stealCookie()">Click Me</a> to be saved in the database at all? The one thing I don't like is javascript: and such will be converted to [removed]. Can I extend the CI's security core $_never_allowed_str arrays so that the never allowed strings return empty rather than [removed]. The best reasonable wrongdoing example of this I've read is if a user has password of javascript:123 it will be cleaned into [removed]123 which means string like this document.write123 will also pass as the user's password. Then again, what is the odds of that to happen and even if it happens, I can't think of any real harm that can do to the site. Thanks

    Read the article

  • Java to JavaScript (Encryptation related)

    - by balexandre
    Hi guys, I'm having dificulties to get the same string in Javascript and I'm thinking that I'm doing something wrong... Java code: import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.Date; import java.util.GregorianCalendar; import sun.misc.BASE64Encoder; private static String getBase64Code(String input) throws UnsupportedEncodingException, NoSuchAlgorithmException { String base64 = ""; byte[] txt = input.getBytes("UTF8"); byte[] text = new byte[txt.length+3]; text[0] = (byte)239; text[1] = (byte)187; text[2] = (byte)191; for(int i=0; i<txt.length; i++) text[i+3] = txt[i]; MessageDigest md = MessageDigest.getInstance("MD5"); md.update(text); byte digest[] = md.digest(); BASE64Encoder encoder = new BASE64Encoder(); base64 = encoder.encode(digest); return base64; } I'm trying this using Paj's MD5 script as well Farhadi Base 64 Encode script but my tests fail completly :( my code: function CalculateCredentialsSecret(type, user, pwd) { var days = days_between(new Date(), new Date(2000, 1, 1)); var str = type.toUpperCase() + user.toUpperCase() + pwd.toUpperCase() + days; var md5 = any_md5('', str); var b64 = base64Encode(md5); return encodeURIComponent(b64); } Does anyone know how can I convert this Java method into a Javascript one? Thank you

    Read the article

  • Download Canvas Image Png Chome/Safari

    - by user2639176
    Works in Firefox, and won't work in Safari, or Chrome. function loadimage() { var canvas = document.getElementById("canvas"); if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); xmlhttp2=new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); xmlhttp2=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { rasterizeHTML.drawHTML(xmlhttp.responseText, canvas); var t=setTimeout(function(){copy()},3000) } } xmlhttp.open("GET","/sm/<?=$sm[0];?>",true); xmlhttp.send(); } function copy() { var canvas = document.getElementById("canvas"); var img = canvas.toDataURL("image/png"); document.getElementById('dl').href = img; document.getElementById('dl').innerHTML = "Download"; } Now I didn't write this, so I don't know too much javascript. But the script works in Firefox. In Chrome, getting: Uncaught Security Error: An attempt was made to break through the security policy of the user-agent. For toDataURL("image/png")

    Read the article

  • AS3 and cross-domain

    - by Davide Arcinotti
    I think i'm a little confused. I'm loading an swf, located at domainB.com/secondsubfolder, from an swf located at domainA.com/firstsubfolder. I always put the crossdomain.xml near the "loader" swf in domainA.com/firstsubfolder. It seems to not work, except if I put the crossdomain.xml in the root of the loaded content, domainB.com/crossdomain.xml. Did I always do it wrong, or is it because of some server setting? Using another domain for the loaded content, e.g. domainB_beta.com/secondsubfolder on another server just works as usual. Where do I have to look to change these settings? Does it depend on server settings, or am I doing something wrong? This is the loader actionscript code: import flash.display.Loader; import flash.net.URLRequest; import flash.system.Security; Security.allowDomain("domainB.com"); var context:LoaderContext = new LoaderContext(); context.securityDomain = SecurityDomain.currentDomain; var loaderMain:Loader = new Loader(); loaderMain.contentLoaderInfo.addEventListener(IOErrorEvent.IO_ERROR, errorHandler); loaderMain.contentLoaderInfo.addEventListener(SecurityErrorEvent.SECURITY_ERROR, errorHandler); loaderMain.load(new URLRequest('domainB/secondsubfolder/file.swf'),context); addChild(loaderMain); function errorHandler(event:ErrorEvent):void { trace("errorHandler says: " + event); }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 266 267 268 269 270 271 272 273 274 275 276 277  | Next Page >