Search Results

Search found 12055 results on 483 pages for 'password complexity'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 296/483 | < Previous Page | 292 293 294 295 296 297 298 299 300 301 302 303  | Next Page >

  • What does capital W do in VIM?

    - by tesmar
    Hi, in VIM sometimes when saving, I accidentally hit capital W instead of its lowercase brother. I am prompted for my system password, so I assume it is running a sudo command of some sort, but do you know what? Thank you!

    Read the article

  • I am unsure of how to access a persistence entity from a JSP page?

    - by pharma_joe
    Hi, I am just learning Java EE, I have created a Persistence entity for a User object, which is stored in the database. I am now trying to create a JSP page that will allow a client to enter a new User object into the System. I am unsure of how the JSP page interacts with the User facade, the tutorials are confusing me a little. This is the code for the facade: <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Add User to System</title> </head> <body> <h2>Add User</h2> <h3>Please fill out the details to add a user to the system</h3> <form action=""> <label>Email:</label> <input type="text" name="email"><br /> <label>Password:</label> <input type="password" name="name"><br /> <label>Name:</label> <input type="text" name="name"><br /> <label>Address:</label> <input type="text" name="address"><br /> <label>Type:</label> <select name="type"> <option>Administrator</option> <option>Member</option> </select><br /> <input type="submit" value="Add" name="add"/> <input type="reset" value="clear" /> </form> </body> This is the code I have to add a new User object within the User facade class: @Stateless public class CinemaUserFacade { @PersistenceContext(unitName = "MonashCinema-warPU") private EntityManager em; public void create(CinemaUser cinemaUser) { em.persist(cinemaUser); } I am finding it a little difficult to get my head around the whole MVC thing, getting there but would appreciate it if someone could turn the light on for me!

    Read the article

  • How to use urllib2 when users only have a API token?

    - by jorrebor
    how would i tranfoms this curl command: curl -v -u 82xxxxxxxxxxxx63e6:api_token -X GET https://www.toggl.com/api/v6/time_entries.json into urlib2? I found this tutorial: http://www.voidspace.org.uk/python/articles/authentication.shtml but they use a password and username. I can only use an API token. Thank you. see also this question: Urllib2 raises 403 error while the same request in curl works fine

    Read the article

  • Which user account to assign as owner when attaching an SQL Server database?

    - by FreshCode
    This is a simple database security & performance question, but I've always used either a special user (eg. mydbuser), or Windows' built-in NETWORK SECURITY account as the owner when attaching databases to my SQL Server instances. When deploying my database to a production server, is there a specific user I should stick to or avoid? I would think that using an account with a set password could open the database up to a potential security issue.

    Read the article

  • Unable to login to SQL Server + SQL Server Authentication + Error: 18456

    - by Nev_Rahd
    Hello I have created login account on my localhost\sql2008 Server (Eg. User123) Mapped to Database (default) Authentication Mode on SQL Server is set to both (Windows and SQL) But login to SQL Server fails with following message (for User123) Note: Have checked mutliple time that UserName / Password are typed in correctly Error Details: Login failed for user 'User123' (Net.SqlClient Data Provider) Server Name : localhost\sql2008 Error Number: 18456 Severity : 14 State : 1 Line Number : 65536 any help on this please. Thanks

    Read the article

  • viewing files in python?

    - by Galilsnap
    I am creating a sort of "Command line" in Python. I already added a few functions, such as changing login/password, executing, etc., But is it possible to browse files in the directory that the main file is in with a command/module, or will I have to make the module myself and use the import command? Same thing with changing directories to view, too.

    Read the article

  • My mobile does not cache , but i have a manifest file,...

    - by Ploetzeneder
    Hello, i have now put the site on: http://www.ploetzeneder.eu/Dateien/test/index4.html the manifest is there: http://www.ploetzeneder.eu/Dateien/test/app-cache-demo.manifest Why does it not work? The Webserver where the relevant problem has this url: http://www.pharao.mobi/WebAppproblem/ Username is the Username Passwort is the Password the problem is on index4.html where all images should be cached but are not

    Read the article

  • Is Active Directory required for a team using TFS 2010?

    - by Andy
    I am new to TFS 2010 and wanted to give it a fair try for a small project with a team of 2-3 remote people. Is it a requirement that all my team users are part of an Active Directory network setup? or can I have my team-members to be loosely coupled and be able to login using username/password?

    Read the article

  • How to do a SOAP wsdl web services call from the command line

    - by Marina
    I need to make a SOAP webservice call to https://sandbox.mediamind.com/Eyeblaster.MediaMind.API/V2/AuthenticationService.svc?wsdl and to use the operation ClientLogin while passing through the parameters: ApplicationKey, Password, and UserName. The response is UserSecurityToken. They are all strings. Here is the link fully explaining what I am trying to do: https://sandbox.mediamind.com/Eyeblaster.MediaMind.API.Doc/?v=3 How can I do this on the command line? (Windows and/or Linux would be helpful) Thanks!

    Read the article

  • How to protect an ASP Classic Page?

    - by SH
    How can I protect an ASP Classic page with either HTTP AUTH (you must provide a username and password to service) or a randomly generated access key that will be included as one of the parameters of the HTTP POST using the variable name access_key. Can anybody provide asp classic code in this regard? Quick help will be appreciated... PS: OrderGroove is a 3rd party service... neglect it.

    Read the article

  • Replicated filesystem and EC2 MySQL

    - by El Yobo
    I'm currently investigating migrating our infrastructure over to run on Amazon's EC2 and am trying to figure out the best way to set up a MySQL service. I'm leaning towards running our own MySQL instances, rather than going with Amazon's RDS, but am still considering the best approach for performance and cost on the instance itself. In order to have persistent data, the MySQL data needs to be on an EBS volume (with some form of striped RAID, e.g. RAID0 or RAID10) to improve persistence. However, EBS IO is limited by the network interface (gigabit, so a theoretical maximum of 128 MB/s), while the ephemeral volumes have no such problem. I did see a suggestion for running two MySQL servers on an instance, with a master running on the ephemeral disk (which we would also RAID) and a slave storing changes to an EBS volume, but this has some additional overhead and complexity (two servers). What I was imagining is using some form of replicated file system such that I could have a filesystem on top of a RAID0 of ephemeral volumes to maximise performance all changes from the above immediately replicated to another RAID1 volume backed by multiple EBS volumes to ensure no data loss The advantages of this would be best possible IO performance for the DB server; no network delay in IO decreased IO on EBS volumes (as all read IO will be done on the ephemeral volumes) so decreased cost good data security, as it's backed onto redundant EBS volumes However, I haven't seen an appropriate system to replicate all changes from one volume to the other; is there a filesystem, or any other approach, which will do this? The distributed file systems, e.g. GlusterFS, DRBD etc seem to focus on replicating disks between servers, can they be set up to do what I'm interested in here? I also haven't seen anything about other's taking this approach. Do I have a solution in need of a problem here (i.e. is performance good enough, so this whole idea is redundant)? Is there some flaw in the plan?

    Read the article

  • Tomcat6 fails to update User parameter on a stopped service

    - by Woot4Moo
    At the moment I have installed tomcat via the service.bat command. After install I stop the service and execute the following command: //US//TOMCAT6 --User=MyUser this fails to update the service with the user MyUser, in addition this command also fails //US//TOMCAT6 --User=MyUser --Password=MyPassword I am running xp sp3 and it is Tomcat 6.20

    Read the article

  • Cannot add or update a child row: a foreign key constraint fails

    - by Tom
    table 1 +----------+-------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +----------+-------------+------+-----+---------+----------------+ | UserID | int(11) | NO | PRI | NULL | auto_increment | | Password | varchar(20) | NO | | | | | Username | varchar(25) | NO | | | | | Email | varchar(60) | NO | | | | +----------+-------------+------+-----+---------+----------------+ table2 +------------------+--------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +------------------+--------------+------+-----+---------+----------------+ | UserID | int(11) | NO | MUL | | | | PostID | int(11) | NO | PRI | NULL | auto_increment | | Title | varchar(50) | NO | | | | | Summary | varchar(500) | NO | | | | +------------------+--------------+------+-----+---------+----------------+ com.mysql.jdbc.exceptions.MySQLIntegrityConstraintViolationException: Cannot add or update a child row: a foreign key constraint fails (myapp/table2, CONSTRAINT table2_ibfk_1 FOREIGN KEY (UserID) REFERENCES table1 (UserID)) What have I done wrong? I read this: http://www.w3schools.com/Sql/sql_foreignkey.asp and i don't see whats wrong. :S

    Read the article

  • Foreign Keys in SQLITE in the Google Gears framework

    - by Maxim Gershkovich
    Hi all, Could someone please tell me why the following foreign key constraint (although executes fine) is not enforced by SQLITE? Could someone pleasse provide an example of how I can go about enforcing the relationship? CREATE TABLE User (UserID TEXT Unique NOT NULL PRIMARY KEY, FirstName TEXT NOT NULL, LastName TEXT NOT NULL, Username TEXT NOT NULL, Password TEXT NOT NULL, Email TEXT NOT NULL, SignupDate TEXT NOT NULL) CREATE TABLE Category (CategoryID TEXT Unique NOT NULL PRIMARY KEY, UserID TEXT, FOREIGN KEY(UserID) REFERENCES User(UserID))

    Read the article

  • authlogic rails question - how to code for an API

    - by phil swenson
    I have authlogic going on my app, but now I need to have an an API. I don't want to establish a session, just want a user to send in data in a json request such as: {"type":"address","password":"mypassword","name":"my notificaiton name goes here","user":"myusername","text":"my interesting stuff goes here"} So questions - 1) is this a decent approach? 2) how do i do the auth inside my rails controller?

    Read the article

  • Secure WS client with UsernameToken(SOAP security header)

    - by user79163
    Hi, I'm trying to secure my WS client to be able to call the WS. My code looks like this: SendSmsService smsService = new SendSmsService(); SendSms sendSMS = smsService.getSendSms(); BindingProvider stub = (BindingProvider)sendSMS; //Override endpoint with local copy of wsdl. String URL ="";//here is the wsdl url Map<String,Object> requestContext = stub.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, URL); //Set usernametoken URL fileURL = loader.getResource("client-config.xml"); File file = new File(fileURL.getFile()); FileInputStream clientConfig = null; try { clientConfig = new FileInputStream(file); } catch (FileNotFoundException e) { e.printStackTrace(); } XWSSecurityConfiguration config = null; try { config = SecurityConfigurationFactory.newXWSSecurityConfiguration(clientConfig); } catch (Exception e) { e.printStackTrace(); log.warn("Exception: "+e.getMessage()); } requestContext.put(XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config); //Invoke the web service String requestId = null; try { requestId = sendSMS.sendSms(addresses, senderName, charging, message, receiptRequest); } catch (PolicyException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (ServiceException e) { // TODO Auto-generated catch block e.printStackTrace(); } and the config file looks like this: <xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" optimize="true"> <xwss:Service> <xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"> <xwss:UsernameToken name="username" password="password> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> util.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler> </xwss:JAXRPCSecurity> The SecurityEnviromentHandler is a dummy class that implements javax.security.auth.callback.CallbackHandler. Authentication must be in compliance with Oasis Web Services Security Username Token Profile 1.0. But I'm constantly getting "Security header not valid" error. Where am I going wrong, can anyone tell me. I used wsimport(JAX_WS 2.1 to generate classes for my client) Note:Only thing I know about this WS is WSDL URL and user&pass for authentication

    Read the article

  • My login controller doesn't work. Problem with fetching username.

    - by misterwebz
    Currently my login controller doesn't work because i can't seem to fetch the username and password. I'm currently using something like this: form_username = str(request.params.get('username')) db_user = meta.Session.query(User).filter_by(username=form_username) if db_user is None: return redirect('auth/error') No matter which username is use, db_user always returns True and thus never goes to auth/error. I used the shell to play with this and i was able establish a connection with the database, so i'm not sure what i'm doing wrong here.

    Read the article

  • Not able to create a datasource registration with WAMP MysQL 5.0 in DBArtisan

    - by Alf Christophersen
    I try in a test version of DBArtisan to set up a datasource and register both servere as localhost, database to use, my username and password, but, when testing the connection, I get message that connection failed. Hooking up from eg. Delphi and other utilities run nicely. But not DBArtisan, Is MySQL 5.0 not supported yet ?? Or is it WAMP that is the culprit naming the service wampmysqld insted of just mysqld ??

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 292 293 294 295 296 297 298 299 300 301 302 303  | Next Page >