Search Results

Search found 10670 results on 427 pages for 'session cookie'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 291/427 | < Previous Page | 287 288 289 290 291 292 293 294 295 296 297 298  | Next Page >

  • How to protect/monitor your site from crawling by malicious user

    - by deathy
    Situation: Site with content protected by username/password (not all controlled since they can be trial/test users) a normal search engine can't get at it because of username/password restrictions a malicious user can still login and pass the session cookie to a "wget -r" or something else. The question would be what is the best solution to monitor such activity and respond to it (considering the site policy is no-crawling/scraping allowed) I can think of some options: Set up some traffic monitoring solution to limit the number of requests for a given user/IP. Related to the first point: Automatically block some user-agents (Evil :)) Set up a hidden link that when accessed logs out the user and disables his account. (Presumably this would not be accessed by a normal user since he wouldn't see it to click it, but a bot will crawl all links.) For point 1. do you know of a good already-implemented solution? Any experiences with it? One problem would be that some false positives might show up for very active but human users. For point 3: do you think this is really evil? Or do you see any possible problems with it? Also accepting other suggestions.

    Read the article

  • Sharepoint isn't accepting new Credentials initially when switching users.

    - by Tiziani
    Hi all, I have a standard website (one webapplication and one site collection) with some custom pages and webparts. The issue I'm having is that when I try to switch users, using the "Sign In As a Different User" and entering new credentials (even for another site collection admin account), IE tries the account three times, and then it presents a 401 Access Denied screen. After that, if I erase all the stuff of access denied page from the browser's url, I'm logged as the new account I just had entered and was not accepted. After researching for a while on google, I found a KB ( http://support.microsoft.com/kb/970814 ) that might relate, but just tested here and it didn't work at all. The modified method suggested by the KB is the following: function LoginAsAnother(url, bUseSource) { document.cookie="loginAsDifferentAttemptCount=0"; if (bUseSource=="1") { GoToPage(url); } else { //var ch=url.indexOf("?") =0 ? "&" : "?"; //url+=ch+"Source="+escapeProperly(window.location.href); //STSNavigate(url); document.execCommand("ClearAuthenticationCache"); } } But after making this change, it no longer asks for a new credential. Any ideas?

    Read the article

  • php curl login problem

    - by user331329
    <?php // create a new CURL resource $file_path = '/mail'; define("COOKIE_FILE", "c:\cookie.txt"); $ch = curl_init(); // set URL and other appropriate options curl_setopt($ch, CURLOPT_URL, "https://mail.gov.in/iwc/signin"); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt ($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"); curl_setopt ($ch, CURLOPT_TIMEOUT, 60); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($ch, CURLOPT_COOKIESESSION, TRUE); session_write_close(); $strCookie = 'PHPSESSID=d095af0e30afc021dd3652734009' . $_COOKIE['PHPSESSID'] . '; path=/mail'; curl_setopt( $ch, CURLOPT_COOKIE, $strCookie ); curl_setopt ($ch, CURLOPT_COOKIEJAR, COOKIE_FILE); curl_setopt($ch, CURLOPT_COOKIEFILE, COOKIE_FILE); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS,'fromLogin=true&domainName=nic.in&username=&password=&button=Sign%20In'); $url = curl_getinfo($ch); // grab URL and pass it to the browser $data = curl_exec($ch); echo $data."<pre>"; echo "<pre>"; print_r($url); // close CURL resource, and free up system resources curl_close($ch); ?> whats wrong with my code why i am not able to login directly in their mail

    Read the article

  • How to implement the Facebook "Like" button for my website

    - by vamsivanka
    I am trying to implement facebook like button on my website. The first four lines in the code is already there on my site after the end of the "" tag. To implement the "Like button" i have added the second script (Line five to the end) and ran the application. Its giving me an error as "Microsoft Jscript runtime error:'_onLoad' is null or not an object" Please Let me know. Thanks <script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php"></script> <script type="text/javascript"> FB.init("myapikey", "xd_receiver.htm", { "reloadIfSessionStateChanged": true }); </script> <script type="text/javascript"> window.fbAsyncInit = function() { FB.init({appId: 'myappid', status: true, cookie: true, xfbml: true}); }; (function() { var e = document.createElement('script'); e.async = true; e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js'; document.getElementById('fb-root').appendChild(e); }()); </script> References: http://developers.facebook.com/docs/reference/plugins/like <fb:like href="http://webclip.in" layout="standard" show-faces="true" width="450" action="like" font="arial" colorscheme="light"/>

    Read the article

  • Submit WordPress form password programmatically

    - by songdogtech
    How can I let a user access a WordPress protected page with a URL that will submit the password in the form below? I want to be able to let a user get to a password protected WordPress page without needing to type the password, so when they go to the page, the password is submitted by a POST URL on page load. This not intended to be secure in any respect; I'll need to hardcode the password in the URL and the PHP. It's just for simplicity for the user, and once they're in, the cookie will let them in for 10 more days. I will select the particular user with separate PHP function that determines their IP or WordPress login status. I used Wireshark to find the POST string: post_password=mypassword&Submit=Submit but using this URL mydomain.com/wp-pass.php?post_password=mypassword&Submit=Submit gives me a blank page. This is the form: <form action="http://mydomain.com/wp-pass.php" method="post"> Password: <input name="post_password" type="password" size="20" /> <input type="submit" name="Submit" value="Submit" /></form> This is wp-pass.php: <?php require( dirname(__FILE__) . '/wp-load.php'); if ( get_magic_quotes_gpc() ) $_POST['post_password'] = stripslashes($_POST['post_password']); setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH); wp_safe_redirect(wp_get_referer()); ?> What am I doing wrong? Or is there a better way to let a user into a password protected page automatically?

    Read the article

  • How to make Facebook Authentication from Silverlight secure?

    - by SondreB
    I have the following scenario I want to complete: Website running some HTTP(S) services that returns data for a user. Same website is additionally hosting a Silverlight 4 app which calls these services. The Silverlight app is integrating with Facebook using the Facebook Developer Toolkit (http://facebooktoolkit.codeplex.com/). I have not fully decided whether I want Facebook-integration to be a "opt-in" option such as Spotify, or if I want to "lock" down my service with Facebook-only authentication. That's another discussion. How do I protect my API Key and Secret that I receive from Facebook in a Silverlight app? To me it's obvious that this is impossible as the code is running on the client, but is there a way I can make it harder or should I just live with the fact that third parties could potentially "act" as my own app? Using the Facebook Developer Toolkit, there is a following C# method in Silverlight that is executed from the JavaScript when the user has fully authenticated with Facebook using the Facebook Connect APIs. [ScriptableMember] public void LoggedIn(string sessionKey, string secret, int expires, long userId) { this.SessionKey = sessionKey; this.UserId = userId; Obvious the problem here is the fact that JavaScript is injection the userId, which is nothing but a simple number. This means anyone could potentially inject a different userId in JavaScript and have my app think it's someone else. This means someone could hijack the data within the services running on my website. The alternative that comes to mind is authenticating the users on my website, this way I'm never exposing any secrets and I can return an auth-cookie to the users after the initial authentication. Though this scenario doesn't work very well in an out-of-browser scenario where the user is running the Silverlight app locally and not from my website.

    Read the article

  • SerializationException with custom GenericIdentiy?

    - by MunkiPhD
    I'm trying to implement my own GenericIdentity implementation but keep receiving the following error when it attempts to load the views (I'm using asp.net MVC): System.Runtime.Serialization.SerializationException was unhandled by user code Message="Type is not resolved for member 'OpenIDExtendedIdentity,Training.Web, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'." Source="WebDev.WebHost" I've ended up with the following class: [Serializable] public class OpenIDExtendedIdentity : GenericIdentity { private string _nickName; private int _userId; public OpenIDExtendedIdentity(String name, string nickName, int userId) : base(name, "OpenID") { _nickName = nickName; _userId = userId; } public string NickName { get { return _nickName; } } public int UserID { get { return _userId; } } } In my Global.asax I read a cookie's serialized value into a memory stream and then use that to create my OpenIDExtendedIdentity object. I ended up with this attempt at a solution after countless tries of various sorts. It works correctly up until the point where it attempts to render the views. What I'm essentially attempting to achieve is the ability to do the following (While using the default Role manager from asp.net): User.Identity.UserID User.Identity.NickName ... etc. I've listed some of the sources I've read in my attempt to get this resolved. Some people have reported a Cassini error, but it seems like others have had success implementing this type of custom functionality - thus a boggling of my mind. http://forums.asp.net/p/32497/161775.aspx http://ondotnet.com/pub/a/dotnet/2004/02/02/effectiveformsauth.html http://social.msdn.microsoft.com/Forums/en-US/netfxremoting/thread/e6767ae2-dfbf-445b-9139-93735f1a0f72

    Read the article

  • retrieve events where uid is the creator and application id is the admin - Facebook API

    - by Anup Parekh
    I would like to know if there is a Facebook API call to retrieve the events (eids) for all the events a user has created using my facebook connect application. The events are created using the following REST api call: https://api.facebook.com/method/events.create?event_info=' . $e_i . '&access_token=' . $cookie['access_token'] $e_i is the event info array where the 'host' value is set to 'Me' as follows $event_info['host'] = 'Me'; On Facebook events under the "Created by:" section it lists "My user name,Application Name", I presume this is because I am the creator and the application is the admin as stated in the REST api documentation http://developers.facebook.com/docs/reference/rest/events.create/ Unfortunately I cannot seem to find out how (neither REST nor GPRAPH API) to return a list of events where I am the creator and the application is the admin as in the above scenario. If this is possible I would really appreciate some assistance with how it is done. So far I have tried: REST API events.get using uid=application_id. This only returns events created by the application not those including the user who created them GRAPH API https://graph.facebook.com/me/events?fields=owner&access_token=... this returns all the events for 'me' but not where the application is also the admin. It seems strange that there's no reference to the linkage between the event creator and the event admin through the API but in Facebook it is able to pull both and display them on the event details.

    Read the article

  • Thread Local Memory, Using std::string's internal buffer for c-style Scratch Memory.

    - by Hassan Syed
    I am using Protocol Buffers and OpensSSL to generate, HMACs and then CBC encrypt the two fields to obfuscate the session cookies -- similar Kerberos tokens. Protocol Buffers' API communicates with std::strings and has a buffer caching mechanism; I exploit the caching mechanism, for successive calls in the the same thread, by placing it in thread local memory; additionally the OpenSSL HMAC and EVP CTX's are also placed in the same thread local memory structure ( see this question for some detail on why I use thread local memory and the massive amount of speedup it enables even with a single thread). The generation and deserialization, "my algorithms", of these cookie strings uses intermediary void *s and std::strings and since Protocol Buffers has an internal memory retention mechanism I want these characteristics for "my algorithms". So how do I implement a common scratch memory ? I don't know much about the rdbuf(streambuf - strinbuf ??) of the std::string object. I would presumeably need to grow it to the lowest common size ever encountered during the execution of "my algorithms". Thoughts ? My question I guess would be: " is the internal buffer of a string re-usable, and if so, how ?" Edit: See comments to Vlad's answer please.

    Read the article

  • Submit WordPress form programmatically

    - by songdogtech
    How can I let a user access a WordPress protected page with a URL that will submit the password in the form below? I want to be able to let a user get to a password protected WordPress page without needing to type the password, so when they go to the page, the password is submitted by a POST URL on page load. This not intended to be secure in any respect; I'll need to hardcode the password in the URL and the PHP. It's just for simplicity for the user, and once they're in, the cookie will let them in for 10 more days. I will select the particular user with separate PHP function that determines their IP or WordPress login status. I used Wireshark to find the POST string: post_password=mypassword&Submit=Submit but using this URL mydomain.com/wp-pass.php?post_password=mypassword&Submit=Submit gives me a blank page. This is the form: <form action="http://mydomain.com/wp-pass.php" method="post"> Password: <input name="post_password" type="password" size="20" /> <input type="submit" name="Submit" value="Submit" /></form> This is wp-pass.php: <?php require( dirname(__FILE__) . '/wp-load.php'); if ( get_magic_quotes_gpc() ) $_POST['post_password'] = stripslashes($_POST['post_password']); setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH); wp_safe_redirect(wp_get_referer()); ?> What am I doing wrong? Or is there a better way to let a user into a password protected page automatically?

    Read the article

  • asp.net mvc and portal like functionality

    - by richard-heesbeen
    fHi, I need to build an site with some portal like functionality where an param in the request will indentify the portal. like so http:/domain/controller/action/portal Now my problem is if an portal doesn't exists there must be an redirect to an other site/page and an user can login in to one portal but if the user comes to an other portal the user must be redirected back to the login page for that portal. I have something working now, but i feel like there must be an central place in the pipeline to handle this. My current solution uses an custom action filter which checks the portal param and sees if the portal exists and checks if the user logged on in that portal (the portal the user logged on for is in the authentication cookie). I make my own IIndentiy and IPrincipal in the application_postauthentication event. I have 2 problems with my current approach: 1: It's not really enforced, i have to add the attributes to all controllers and/or actions. 2: The isauthenticated on an user isn't really working, i would like that to work. But for that i need to have access to the params of the route when i create my IPrincipal/IIndenty and i can't seem to find an correct place to do that. Hope someone can give me some pointers, Richard.

    Read the article

  • C# client to Java web service

    - by tomislavg
    I have received wsdl file from outside company. I'm using VS2005 c#. With wsdl.exe I have created class containing methods and types for the given web service. To connect to the service outside company requires that certificate from the smart card is inputed in the header. I think i have achieved this with service.ClientCertificates.Add("Path to exported cert" - at least for now, after probably later i will take it from Certificate Store When service is called there are three steps that are taken and visible by the Fidller(Web Debugging Proxy)). service is called on the url http://test.company.com/webservice.wsdl service redirects the request to certificate server and pin needs to be inputed to get cookie for the server service is again redirected to url http://test.company.com/webservice.wsdl At point 1. I can see that my request send to the server contains .... but at point 3. i can not see request` just a empty string. The exception is thrown Msg: Possible SOAP version mismatch: Envelope namespace http://schemas.xmlsoap.org/wsdl/ was unexpected. Expecting http://schemas.xmlsoap.org/soap/envelope/. Does somebody have an example how to connect to java web service with certificate and AlowRedirect enabled for the web service? Any ideas what i am doing wrong are more that welcome.

    Read the article

  • Use the output of logs in the execution of a program

    - by myle
    When I try to create a specific object, the program crashes. However, I use a module (mechanize) which logs useful information just before the crash. If I had somehow this information available I could avoid it. Is there any way to use the information which is logged (when I use the function set_debug_redirects) during the normal execution of the program? Just to be a bit more specific, I try to emulate the login behavior in a webpage. The program crashes because it can't handle a specific Following HTTP-EQUIV=REFRESH to <omitted_url>. Given this url, which is available in the logs but not as part of the exception which is thrown, I could visit this page and complete successfully the login process. Any other suggestions that may solve the problem are welcomed. It follows the code so far. SERVICE_LOGIN_BOX_URL = "https://www.google.com/accounts/ServiceLoginBox?service=adsense&ltmpl=login&ifr=true&rm=hide&fpui=3&nui=15&alwf=true&passive=true&continue=https%3A%2F%2Fwww.google.com%2Fadsense%2Flogin-box-gaiaauth&followup=https%3A%2F%2Fwww.google.com%2Fadsense%2Flogin-box-gaiaauth&hl=en_US" def init_browser(): # Browser br = mechanize.Browser() # Cookie Jar cj = cookielib.LWPCookieJar() br.set_cookiejar(cj) # Browser options br.set_handle_equiv(True) br.set_handle_gzip(False) br.set_handle_redirect(True) br.set_handle_referer(True) br.set_handle_robots(True) br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time=30.0, honor_time=False) # Want debugging messages? #br.set_debug_http(True) br.set_debug_redirects(True) #br.set_debug_responses(True) return br def adsense_login(login, password): br = init_browser() r = br.open(SERVICE_LOGIN_BOX_URL) html = r.read() # Select the first (index zero) form br.select_form(nr=0) br.form['Email'] = login br.form['Passwd'] = password br.submit() req = br.click_link(text='click here to continue') try: # this is where it crashes br.open(req) except HTTPError, e: sys.exit("post failed: %d: %s" % (e.code, e.msg)) return br

    Read the article

  • Whats wrong with my cookies?

    - by William
    For some reason This php script won't echo my cookie variable: <?php require 'connection.php'; require 'variables.php'; $name = $_POST['name']; $pass = $_POST['pass']; if(($name == $admin_name) && ($pass == $admin_pass)){ setcookie($forum_url."name",$name,time()+604800); setcookie($forum_url."pass",$pass,time()+604800); } else echo 'Failed'; ?> heres the html that gets sent to admin_login.php <form method=post action=admin_login.php> <div id="formdiv"> <div class="fieldtext1">Name</div> <div class="fieldtext1">Pass</div> <input type="text" name=name size=25 /> <input type="password" name=pass size=25 /> </div> <input type=submit value="Submit" id="submitbutton"> </form> here is the index, where I want the info echoed <?php echo $_COOKIE[$forum_url."name"]; ?> What am I doing wrong?

    Read the article

  • How to cache an HTTP POST response?

    - by KARASZI István
    I would like to create a cacheable HTTP response for a POST request. My actual implementation responses the following for the POST request: HTTP/1.1 201 Created Expires: Sat, 03 Oct 2020 15:33:00 GMT Cache-Control: private,max-age=315360000,no-transform Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 9 ETag: 2120507660800737950 Last-Modified: Wed, 06 Oct 2010 15:33:00 GMT ......... But it looks like that the browsers (Safari, Firefox tested) are not cacheing the response. In the HTTP RFC the corresponding part says: Responses to this method are not cacheable, unless the response includes appropriate Cache-Control or Expires header fields. However, the 303 (See Other) response can be used to direct the user agent to retrieve a cacheable resource. So I think it should be cached. I know I could set a session variable and set a cookie and do a 303 redirect, but I want to cache the response of the POST request. Is there any way to do this? P.S.: I've started with a simple 200 OK, so it does not work. Thanks,

    Read the article

  • Problem pulling data from website in .NET and C#

    - by Cptcecil
    I have written a web scraping program to go to a list of pages and write all the html to a file. The problem is that when I pull a block of text some of the characters get written as '?'. How do I pull those characters into my text file? Here is my code: string baseUri = String.Format("http://www.rogersmushrooms.com/gallery/loadimage.asp?did={0}&blockName={1}", id.ToString(), name.Trim()); // our third request is for the actual webpage after the login. HttpWebRequest request = (HttpWebRequest)WebRequest.Create(baseUri); request.Method = "GET"; request.UserAgent = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)"; //get the response object, so that we may get the session cookie. HttpWebResponse response = (HttpWebResponse)request.GetResponse(); StreamReader reader = new StreamReader(response.GetResponseStream()); // and read the response string page = reader.ReadToEnd(); StreamWriter SW; string filename = string.Format("{0}.txt", id.ToString()); SW = File.AppendText("C:\\Share\\" + filename); SW.Write(page); reader.Close(); response.Close();

    Read the article

  • First site going live real soon. Last minute questions

    - by user156814
    I am really close to finishing up on a project that I've been working on. I have done websites before, but never on my own and never a site that involved user generated data. I have been reading up on things that should be considered before you go live and I have some questions. 1) Staging... (Deploying updates without affecting users). I'm not really sure what this would entail, since I'm sure that any type of update would affect users in some way. Does this mean some type of temporary downtime for every update? can somebody please explain this and a solution to this as well. 2) Limits... I'm using the Kohana framework and I'm using the Auth module for logging users in. I was wondering if this already has some type of limit (on login attempts) built in, and if not, what would be the best way to implement this. (save attempts in database, cookie, etc.). If this is not whats meant by limits, can somebody elaborate. 3) Caching... Like I said, this is my first site built around user content. Considering that, should I cache it? 4) Back Ups... How often should I backup my (MySQL) database, and how should I back it up (MySQL export?). The site is currently up, yet not finished, if anybody wants to look at it and see if something pops out to you that should be looked at/fixed. Clashing Thoughts. If there is anything else I overlooked, thats not already in the list linked to above, please let me know. Thanks.

    Read the article

  • facebook javascript api

    - by ngreenwood6
    I am trying to get my status from facebook using the javascript api. I have the following code: <div id="fb-root"></div> <div id="data"></div> <script src="http://connect.facebook.net/en_US/all.js"></script> <script type="text/javascript"> (function(){ FB.init({ appId : 'SOME ID', status : true, // check login status cookie : true, // enable cookies to allow the server to access the session xfbml : true // parse XFBML }); }); getData(); function getData(){ var query = FB.Data.query('SELECT message FROM status WHERE uid=12345 LIMIT 10'); query.wait(function(rows) { for(i=0;i<rows.length;i++){ document.getElementById('data').innerHTML += 'Your status is ' + rows[i].message + '<br />'; } }); } </script> When i try to get my name it works fine but the status is not working. Can someone please tell me what I am doing wrong because the documentation for this is horrible. And yes I replaced the uid with a fake one and yes i put in my app id because like i said when i try to get my name it works fine. Any help is appreciated.

    Read the article

  • how to get the source code as register user.

    - by nir143
    hi. i downloaded a sourcecode of a site,but i downloaded it i saw it identify my program as a guest,i search at google and figure out that i can send a cookie when i "ask" the source code. that what i have managed to do and it still dont identify me as register user: CookieContainer cj = new CookieContainer(); string all = ""; HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Url); req.CookieContainer = cj; HttpWebResponse res = (HttpWebResponse)req.GetResponse(); CookieCollection cs=cj.GetCookies(req.RequestUri); CookieContainer cc = new CookieContainer(); cc.Add(cs); req.CookieContainer = cc; StreamReader read = new StreamReader(res.GetResponseStream()); all = read.ReadToEnd(); read.Close(); return all; what is wrong here? tyvm for help:) (if that help,i can have a simple details of a register user of the site).

    Read the article

  • Server side form validation and POST data

    - by tomcritchlow
    Hi, I have a user input form here: http://www.7bks.com/create (Google login required) When you first create a list you are asked to create a public username. Unfortuantely currently there is no constraint to make this unique. I'm working on the code to enforce unique usernames at the moment and would like to know the best way to do it. Tech details: appengine, python, webapp framework What I'm planning is something like this: first the /create form posts the data to /inputlist/ (this is the same as currently happens) /inputlist/ queries the datastore for the given username. If it already exists then redirect back to /create display the /create page with all the info previously but with an additional error message of "this username is already taken" My question is: Is this the best way of handling server side validation? What's the best way of storing the list details while I verify and modify the username? As I see it I have 3 options to store the list details but I'm not sure which is "best": Store the list details in the session cookie (I am using GAEsessions for cookies) Define a separate POST class for /create and post the list data back from /inputlist/ to the /create page (currently /create only has a GET class) Store the list in the datastore, even though the username is non-unique. Thank you very much for your help :) I'm pretty new to python and coding in general so if I've missed something obvious my apologies. Tom PS - I'm sure I can eventually figure it out but I can't find any documentation on POSTing data using the webapp appengine framework which I'd need in order to do solution 2 above :s maybe you could point me in the right direction for that too? Thanks! PPS - It's a little out of date now but you can see roughly how the /create and /inputlist/ code works at the moment here: 7bks.com Gist

    Read the article

  • requesting ajax via HttpWebRequest

    - by Sami Abdelgadir Mohammed
    Hi guys: I'm writing a simple application that will download some piece of data from a website then I can use it later for any purpose The following is the request and response copied from Firebug as the browser did that... when u type http://x5.travian.com.sa/ajax.php?f=k7&x=18&y=-186&xx=12&yy=-192 you will get a php file has some data.. But when I make a request with HttpWebRequest I get wrong data (some unknown letters) Can anyone help me in that.. and if I have to make some encodings or what?? I will be so appreciated.. Response Server nginx Date Tue, 04 Jan 2011 23:03:49 GMT Content-Type application/json; charset=UTF-8 Transfer-Encoding chunked Connection keep-alive X-Powered-By PHP/5.2.8 Expires Mon, 26 Jul 1997 05:00:00 GMT Last-Modified Tue, 04 Jan 2011 23:03:49 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache Content-Encoding gzip Vary Accept-Encoding Request Host x5.travian.com.sa User-Agent Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie CAD=57878984%231292375897%230%230%23%230; T3E=%3DImYykTN2EzMmhjO5QTM2QDN2oDM1ITOyoDOxIjM4EDN5ITM6gjO4MDOxIWZyQWMipTZu9metl2ctl2c6MDNxADN6MDNxADNjMDNxADNjMDNxADN; orderby_b1=0; orderby_b=0; orderby2=0; orderby=0

    Read the article

  • Is a GWT app running on Google App Engine protected from CSRF

    - by gerdemb
    I'm developing a GWT app running on the Google App Engine and wondering if I need to worry about Cross-site request forgery or is that automatically taken care of for me? For every RPC request that requires authentication, I have the following code: public class BookServiceImpl extends RemoteServiceServlet implements BookService { public void deleteInventory(Key<Inventory> inventoryKey) throws NotLoggedInException, InvalidStateException, NotFoundException { DAO dao = new DAO(); // This will throw NotLoggedInException if user is not logged in User user = dao.getCurrentUser(); // Do deletion here } } public final class DAO extends DAOBase { public User getCurrentUser() throws NotLoggedInException { currentUser = UserServiceFactory.getUserService().getCurrentUser(); if(currentUser == null) { throw new NotLoggedInException(); } return currentUser; } I couldn't find any documentation on how the UserService checks authentication. Is it enough to rely on the code above or do I need to to more? I'm a beginner at this, but from what I understand to avoid CSRF attacks some of the strategies are: adding an authentication token in the request payload instead of just checking a cookie checking the HTTP Referer header I can see that I have cookies set from Google with what look like SID values, but I can't tell from the serialized Java objects in the payloads if tokens are being passed or not. I also don't know if the Referer header is being used or not. So, am I worrying about a non-issue? If not, what is the best strategy here? This is a common enough problem, that there must be standard solutions out there...

    Read the article

  • Facebook graph API post to user's wall

    - by Lance
    I'm using the FB graph api to post content to the user's wall. I orginally tried using this method: $wall_post = array(array('message' => 'predicted the', 'name' => 'predicted the'), array('message' => $winning_team, 'name' => $winning_team, 'link' => 'http://www.sportannica.com/teams.php?team='.$winning_team.'&amp;year=2012'), array('message' => 'to beat the', 'name' => 'to beat the',), array('message' => $losing_team, 'name' => $losing_team, 'link' => 'http://www.sportannica.com/teams.php?team='.$losing_team.'&amp;year=2012'), array('message' => 'on '.$game_date.'', 'name' => 'on '.$game_date.''), array('picture' => 'http://www.sportannica.com/img/team_icons/current_season_logos/large/'.$winning_team.'.png')); $res = $facebook->api('/me/feed/', 'post', '$wall_post'); But, much to my surprise, you can't post multiple links to a users wall. So, now I'm using the graph api to post content to a user's wall much like the way spotify does. So, now I've figured out that I need to create custom actions and objects with the open graph dashboard. So, I've created the "predict" action and gave it permission to edit the object "game." So, now I have the code: $facebook = new Facebook(array( 'appId' => 'appID', 'secret' => 'SECRET', 'cookie' => true )); $access_token = $facebook->getAccessToken(); $user = $facebook->getUser(); if($user != 0) { curl -F 'access_token='$.access_token.'' \ -F 'away_team=New York Yankees' \ -F 'home_team=New York Mets' \ -F 'match=http://samples.ogp.me/413385652011237' \ 'https://graph.facebook.com/me/predict-edit-add:predict' } I keep getting an error reading: Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING Any ideas?

    Read the article

  • Facebook new js api and cross-domain file

    - by vondip
    Hi all, I am building a simple facebook iframe application. I've decided since the code is separate from facebook none the less, I will also create a connect website as well. In my connect website I'm trying to figure out the following: I am using facebook's new api and I am calling the init function. I can't seem to figure out where I combine my cross-domain file. There's no mention of it in their documentation either. http://developers.facebook.com/docs/reference/javascript/FB.init I am referring to these lines of code: <div id="fb-root"></div> <script> window.fbAsyncInit = function() { FB.init({appId: 'your app id', status: true, cookie: true, xfbml: true}); }; (function() { var e = document.createElement('script'); e.async = true; e.src = document.location.protocol + '//connect.facebook.net/en_US/all.js'; document.getElementById('fb-root').appendChild(e); }()); </script>

    Read the article

  • EOFException in ObjectInputStream thrown accessing Servlet. Only for Webstart ?!

    - by Houtman
    Hi, My app. is started from both the commandline and by using an JNLP file. Im running java version 1.6.0_14 First i had the problem that i created the Buffered input and output streams in incorrect order. Found the solution here at StackOverflow . So starting from the commandline works fine now. But when starting the app using Webstart, it ends here java.io.EOFException at java.io.ObjectInputStream$PeekInputStream.readFully(Unknown Source) at java.io.ObjectInputStream$BlockDataInputStream.readShort(Unknown Source) at java.io.ObjectInputStream.readStreamHeader(Unknown Source) at java.io.ObjectInputStream.<init>(Unknown Source) at <..>remoting.thinclient.RemoteSocketChannel.<init>(RemoteSocketChannel.java:76) I found some posts regarding similar problems; at bugs.sun.com - identifies problem as solved in 6u10(b12)? at ibm.com - identifies cookies problem The latter suggests that there is a problem in Webstart with cookies. It doesn't seem to be acknowledged as a proper java bug though.. Still i am a bit lost in the solution provided regarding the cookies. Can anyone expand on the cookie solution? Many thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 287 288 289 290 291 292 293 294 295 296 297 298  | Next Page >