Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 306/509 | < Previous Page | 302 303 304 305 306 307 308 309 310 311 312 313  | Next Page >

  • Automated regression tests for java applets?

    - by Roy Tang
    We're working on a project with a number of applets that has to work across a large range of OS (WIndows, Mac, Linux), browsers (IE, FF, Safari, etc) and Java versions (1.5+), and it often happens that a fix we apply will cause some sort of security exception an another platform or some other error. Is there any way for us to prepare automated tests to immediately catch those problems in different platforms? I think it's not necessary to check that the gui parts are appearing as intended, but just to detect whether unexpected exceptions are occuring.

    Read the article

  • MVC 2 AntiForgeryToken - Why symmetric encryption + IPrinciple?

    - by Brad R
    We recently updated our solution to MVC 2, and this has updated the way that the AntiForgeryToken works. Unfortunately this does not fit with our AJAX framework any more. The problem is that MVC 2 now uses symmetric encryption to encode some properties about the user, including the user's Name property (from IPrincipal). We are able to securely register a new user using AJAX, after which subsequent AJAX calls will be invalid as the anti forgery token will change when the user has been granted a new principal. There are also other cases when this may happen, such as a user updating their name etc. My main question is why does MVC 2 even bother using symmetric encryption? Any then why does it care about the user name property on the principal? If my understanding is correct then any random shared secret will do. The basic principle is that the user will be sent a cookie with some specific data (HttpOnly!). This cookie is then required to match a form variable sent back with each request that may have side effects (POST's usually). Since this is only meant to protect from cross site attacks it is easy to craft up a response that would easily pass the test, but only if you had full access to the cookie. Since a cross site attacker is not going to have access to your user cookies you are protected. By using symmetric encryption, what is the advantage in checking the contents of the cookie? That is, if I already have sent an HttpOnly cookie the attacker cannot override it (unless a browser has a major security issue), so why do I then need to check it again? After having a think about it it appears to be one of those 'added layer of security' cases - but if your first line of defence has fallen (HttpOnly) then the attacker is going to get past the second layer anyway as they have full access to the users cookie collection, and could just impersonate them directly, instead of using an indirect XSS/CSRF attack. Of course I could be missing a major issue, but I haven't found it yet. If there are some obvious or subtle issues at play here then I would like to be aware of them.

    Read the article

  • Verify a X.509 certificate with Java ME and Bouncy Castle

    - by Dino
    Hi, Can anybody point me to an example of verifying a X.509 certificate with Bouncy Castle under Java ME? I can see how to easily do this in Java SE code with java.security.cert.Certificate.verify(), but I could not find an equivalent method in the lightweight BC API. Thanks in advance! Cheers Dino

    Read the article

  • .NET Impersonate and file upload issues

    - by Jagd
    I have a webpage that allows a user to upload a file to a network share. When I run the webpage locally (within VS 2008) and try to upload the file, it works! However, when I deploy the website to the webserver and try to upload the file through the webpage, it doesn't work! The error being returned to me on the webserver says "Access to the path '\05prd1\emp\test.txt' is denied. So, obviously, this is a permissions issue. The network share is configured to allow full access both to me (NT authentication) and to the NETWORK SERVICE (which is .NET's default account and what we have set in our IIS application pool as the default user for this website). I have tried this with and without impersonation upon the webserver and neither way works, yet both ways work on my local machine (in other words, with and without impersonation works on my local machine). The code that does the file upload is below. Please note that the code below includes impersonation, but like I said above, I've tried it with and without impersonation and it's made no difference. if (fuCourses.PostedFile != null && fuCourses.PostedFile.ContentLength > 0) { System.Security.Principal.WindowsImpersonationContext impCtx; impCtx = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate(); try { lblMsg.Visible = true; // The courses file to be uploaded HttpPostedFile file = fuCourses.PostedFile; string fName = file.FileName; string uploadPath = "\\\\05prd1\\emp\\"; // Get the file name if (fName.Contains("\\")) { fName = fName.Substring( fName.LastIndexOf("\\") + 1); } // Delete the courses file if it is already on \\05prd1\emp FileInfo fi = new FileInfo(uploadPath + fName); if (fi != null && fi.Exists) { fi.Delete(); } // Open new file stream on \\05prd1\emp and read bytes into it from file upload FileStream fs = File.Create(uploadPath + fName, file.ContentLength); using (Stream stream = file.InputStream) { byte[] b = new byte[4096]; int read; while ((read = stream.Read(b, 0, b.Length)) > 0) { fs.Write(b, 0, read); } } fs.Close(); lblMsg.Text = "File Successfully Uploaded"; lblMsg.ForeColor = System.Drawing.Color.Green; } catch (Exception ex) { lblMsg.Text = ex.Message; lblMsg.ForeColor = System.Drawing.Color.Red; } finally { impCtx.Undo(); } } Any help on this would be very appreciated!

    Read the article

  • WebService doesn't read web.config

    - by phenevo
    Hi, I've got 3 connectionstrings in web.config, and I used theirs like this: using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SomeName"].ConnectionString)) Every metgod is called by winforms application. One of webmethods doesn't work properly because it reads only one connectionString: data source=.\\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true It's not a connectionString from my web.config . I invoke every method in the same way. How it's impossible ??

    Read the article

  • Connected host failed to respond (internal NAT address)

    - by MostRandom
    I'm writing my first C# web application that connects to an XML based service. It requires that I present a certificate and feed the XML stream. It seems to authenticate properly but then it gives the following error: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 10.1.10.4:3128 The funny thing is that I'm not on a proxy or anything like that. I'm connecting directly to the internet. At one point I we did use a proxy that with internal NAT address. So my question is: Does Visual Studio have some sort of default proxy setting that I need to change? This IP is no longer used for anything, so I know that I don't need to use any proxy authentication code. using System; using System.Data; using System.Configuration; using System.Collections; using System.Web; using System.Net; using System.Security.Cryptography.X509Certificates; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; namespace WebApplication1 { public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { Uri requestURI = new Uri("*site omitted*"); //Create the Request Object HttpWebRequest pageRequest = (HttpWebRequest)WebRequest.Create(requestURI); //After installing the cert on the server export a client cert to the working directory as Deluxe.cer string certFile = "*certificate omitted*"; X509Certificate cert = X509Certificate.CreateFromCertFile(certFile); //Pull in your Data, if it is from an external xml as below or create an xml string with variables if a dynamic post is required. string xmlPath = "*XML omitted*"; System.Xml.XmlDocument passXML = new System.Xml.XmlDocument(); passXML.Load(xmlPath); //XML String with the data needed to pass string postData = passXML.OuterXml; //Set the Request Object parameters pageRequest.ContentType = "application/x-www-form-urlencoded"; pageRequest.Method = "POST"; pageRequest.AllowWriteStreamBuffering = false; pageRequest.AllowAutoRedirect = false; pageRequest.ClientCertificates.Add(cert); postData = "xml_data=" + Server.UrlEncode(postData); pageRequest.ContentLength = postData.Length; //Create the Post Stream Object System.IO.StreamWriter postStream = new System.IO.StreamWriter(pageRequest.GetRequestStream()); //Write the data to the post stream postStream.Write(postData); postStream.Flush(); postStream.Close(); //Set the Response Object HttpWebResponse postResponse = (HttpWebResponse)pageRequest.GetResponse();

    Read the article

  • Is there any way to monitor the number of CAS stackwalks that are occurring?

    - by Anonymous
    I'm working with a time sensitive desktop application that uses p/invoke extensively, and I want to make sure that the code is not wasting a lot of time on CAS stackwalks. I have used the SuppressUnmanagedCodeSecurity attribute where I think it is necessary, but I might have missed a few places. Does anyone know if there is a way to monitor the number of CAS stackwalks that are occurring, and better yet pinpoint the source of the security demands?

    Read the article

  • Data Import in SQL Server Express

    - by bobsmith123
    SQL Server Express does not have the Tasks - Import Data option that other editions of SQL Server has. Has anyone come across a free tool to import data? I understand I can use the bulk import but I have run into a security issue with it and would like a quick and a dirty way of importing a csv file to a sql express table.

    Read the article

  • How to ad users using A shiro Plugin

    - by Anirudh
    Hello, I am using Shiro plugin for my grails application security, My application already has a user .Using the shiro plugin, we get a shiro user, now how do i integrate the shiro user with the normal user of my application,show i go ahead and use relationships or is it that the user class ahould be only a shiro user class now ??

    Read the article

  • Help! Access is Denied!

    - by user228058
    I'm having major trouble with my desktop. OS Windows XP Professional. All the files have become access-denied overnight. I unchecked the file sharing option, I tried resetting the user in security settings, but still no luck. Anyone have any other tricks to try?! Thanks!

    Read the article

  • WCF doesn't find client configuration

    - by ultraman69
    Hi ! I have a WCF service on server B. Then on the machine A is the client, which is a Windows service. In a separate dll stands all the business logic for this service. So my proxy for the WCF is on that side. I have 2 app.config (client side only) : 1 for the service and another one in the dll. So I tried (for test purpose) puting the servicemodel config section in both. Both still, it doesn't work, it says that it can't find the endpoint with that name and for that contract... What I'm trying to do here is modify the configuration programatically. Here' the code in the business layer dll : Dim ep As New EndpointAddress(New Uri(ConfigurationManager.AppSettings(nomServeurCible)), _ EndpointIdentity.CreateDnsIdentity(ConfigurationManager.AppSettings("Identity_" & nomServeurCible))) serviceCible = New ServiceProxy.ExecOperClient("wsHttp", ep) And here is a sample of the config file : <add key="TEST1" value="http://TEST1:8000/MySpacePerso/ExecOperService"/> <add key="TEST1_CertificateSerialNumber" value="10 hj 6y 7b 00 01 32 12 01 21"/> <add key="Identity_TEST1" value="TEST1"/> <system.serviceModel> <client> <endpoint address="http://SERV_NAME:8000/CSSTQDA/ExecOperService" binding="wsHttpBinding" behaviorConfiguration="myClientBehavior" bindingConfiguration="MybindingCon" contract="ExecOper.Service.IExecOper" name="wsHttp"> <identity> <dns value="SERV_CERT_NAME"/> </identity> </endpoint> </client> <bindings> <wsHttpBinding> <binding name="MybindingCon"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="ServiceTraitementBehavior"> <serviceMetadata httpGetEnabled="True"/> <serviceDebug includeExceptionDetailInFaults="True" /> </behavior> </serviceBehaviors> <endpointBehaviors> <behavior name="myClientBehavior"> <clientCredentials> <serviceCertificate> <authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"/> </serviceCertificate> </clientCredentials> </behavior> </endpointBehaviors> </behaviors>

    Read the article

  • How to set up a wcf-structure over internet, and not on the localhost

    - by djerry
    Hey guys, I want to convert the wcf-structure i have from localhost to a service which runs over the internet. My server starts when replacing the localhost with my ip-address. But then my clients cannot connect to the server anymore. This is my server setup : static void Main(string[] args) { NetTcpBinding binding = new NetTcpBinding(SecurityMode.Message); Uri address = new Uri("net.tcp://192.168.10.26"); //_svc = new ServiceHost(typeof(MonitoringSystemService), address); _monSysService = new MonitoringSystemService(); _svc = new ServiceHost(_monSysService, address); publishMetaData(_svc, "http://192.168.10.26"); _svc.AddServiceEndpoint(typeof(IMonitoringSystemService), binding, "Monitoring Server"); _svc.Open(); } My app.config for the client looks like this : <configuration> <system.diagnostics> <sources> <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true"> <listeners> <add name="traceListener" type="System.Diagnostics.XmlWriterTraceListener" initializeData= "c:\log\Traces.svclog" /> </listeners> </source> </sources> </system.diagnostics> <system.serviceModel> <bindings> <netTcpBinding> <binding name="NetTcpBinding_IMonitoringSystemService" closeTimeout="00:00:10" openTimeout="00:00:10" receiveTimeout="00:10:00" sendTimeout="00:00:10" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="500" maxReceivedMessageSize="2147483647"> <readerQuotas maxDepth="32" maxStringContentLength="100000" maxArrayLength="100000" maxBytesPerRead="100000" maxNameTableCharCount="100000" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Message"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"> <extendedProtectionPolicy policyEnforcement="Never" /> </transport> <message clientCredentialType="Windows" /> </security> </binding> </netTcpBinding> </bindings> <client> <endpoint address="net.tcp://192.168.10.26/Monitoring%20Server" binding="netTcpBinding" bindingConfiguration="NetTcpBinding_IMonitoringSystemService" contract="IMonitoringSystemService" > <!--name="NetTcpBinding_IMonitoringSystemService"--> <identity> <userPrincipalName value="DJERRYY\djerry" /> </identity> </endpoint> </client> </system.serviceModel> </configuration>

    Read the article

  • Federated Identity- Windows Identity Server - disable cookies in the browser

    - by vinoj
    Hello, I see that Federated Identity stores Security token to a cookie, after its first request to the STS(Secure Token Service). In that case if I disable cookie in my browser, how does it work. Does the authentication module again connects to the STS to retrieve the user information or will it throw any error ? Is there any way that I can use federated authentication cookieless ?

    Read the article

  • .NET Impersonate not working!

    - by Jagd
    I have a webpage that allows a user to upload a file to a network share. When I run the webpage locally (within VS 2008) and try to upload the file, it works! However, when I deploy the website to the webserver and try to upload the file through the webpage, it doesn't work! The error being returned to me on the webserver says "Access to the path '\05prd1\emp\test.txt' is denied. So, obviously, this is a permissions issue. The network share is configured to allow full access both to me (NT authentication) and to the NETWORK SERVICE (which is .NET's default account and what we have set in our IIS application pool as the default user for this website). I have tried this with and without authentication, and neither one works on the webserver, yet both ways works on my local machine. The code that does the file upload is below. Please note that the code below includes impersonation, but like I said above, I've tried it with and without impersonation and it's made no difference. if (fuCourses.PostedFile != null && fuCourses.PostedFile.ContentLength > 0) { System.Security.Principal.WindowsImpersonationContext impCtx; impCtx = ((System.Security.Principal.WindowsIdentity)User.Identity).Impersonate(); try { lblMsg.Visible = true; // The courses file to be uploaded HttpPostedFile file = fuCourses.PostedFile; string fName = file.FileName; string uploadPath = "\\\\05prd1\\emp\\"; // Get the file name if (fName.Contains("\\")) { fName = fName.Substring( fName.LastIndexOf("\\") + 1); } // Delete the courses file if it is already on \\05prd1\emp FileInfo fi = new FileInfo(uploadPath + fName); if (fi != null && fi.Exists) { fi.Delete(); } // Open new file stream on \\05prd1\emp and read bytes into it from file upload FileStream fs = File.Create(uploadPath + fName, file.ContentLength); using (Stream stream = file.InputStream) { byte[] b = new byte[4096]; int read; while ((read = stream.Read(b, 0, b.Length)) > 0) { fs.Write(b, 0, read); } } fs.Close(); lblMsg.Text = "File Successfully Uploaded"; lblMsg.ForeColor = System.Drawing.Color.Green; } catch (Exception ex) { lblMsg.Text = ex.Message; lblMsg.ForeColor = System.Drawing.Color.Red; } finally { impCtx.Undo(); } } Any help on this would be very appreciated!

    Read the article

  • AspNetHostingPermission set to Load User Profile

    - by IP
    Very quick question, does anyone know what the effect of setting an application pool in IIS7 o "Load User Profile" would have? Is it advisable etc. Reference: http://dbvt.com/blog/post/AspNetHostingPermission-Security-Exception-Fix-with-Ajax-in-IIS7.aspx

    Read the article

  • Convert this Linq query from query syntax to lambda expression

    - by Jinkinz
    I'm not sure I like linq query syntax...its just not my preference. But I don't know what this query would look like using lambda expressions, can someone help? from securityRoles in user.SecurityRoles from permissions in securityRoles.Permissions where permissions.SecurableEntity.Name == "Unit" && permissions.PermissionType.Name == "Read" orderby permissions.PermissionLevel.Value descending select permissions There is a many-to-many relationship between users and security roles that makes this extra confusing. Thanks! Kelly

    Read the article

  • How to configure IIS authentication password?

    - by salvationishere
    I am developing a C# / ASP.NET web application in VS 2008 on a 32-bit XP. I created a Login.aspx file for the user to enter a user name and password initially before seeing any data. This functionality works now from VS. I added users and roles by entering ASP.NET Configuration. However, after publishing to IIS 6.0, the password does not work there. How do I configure Directory Security in IIS for the same user name and password to work?

    Read the article

  • Javascript iFrame Limitations

    - by Matrym
    I know that, for security reasons, javascript can't read the contents of an iframe if it belongs to a different domain. This makes sense, given that the entire page could be an iframe with snooping scripts outside of the frame. The question is - are there equal limitations in the other direction? Can javascript within an iframe (from a different domain) read and manipulate the dom in its parent window? Thanks!

    Read the article

  • Parameterized include in Classic ASP with VBScript

    - by Thom Smith
    I want to write a function that will include an external file, much like Server.Execute, but will pass along parameters. I'm aware that Server.Execute will pass along query parameters, but I'd like to pass data more generally. For instance: ' main.asp MyInclude("external.inc", Array("mykey", "myval")) ' external.inc Response.Write mykey I doubt I can get quite that far without reading the external fine, twiddling it, and executing, but I'd like to get as close as reasonably possible. Also, if possible, I'd prefer avoiding using the query passing option for security reasons.

    Read the article

  • use bouncy castle to create public key on j2me

    - by mike
    I got the public key from the certificate, keypair is a java.security.KeyPair object String public_key = keypair.getPublic().toString(); I want to send this to the via an http connection to a J2me application. I cannot find any documentation to convert the transmitted string to a Public key that can be used to encrypt Strings. I also want the J2me to verify signed strings from the server. I want to then send the encrypted strings back to the server.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 302 303 304 305 306 307 308 309 310 311 312 313  | Next Page >