Search Results

Search found 2780 results on 112 pages for 'role'.

Page 33/112 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >

  • Make a Method of the Business Layer secure. best practice / best pattern

    - by gsharp
    We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-)

    Read the article

  • Best way to return result from business layer to presentation layer when using LINQ-to-SQL

    - by samsur
    I have a business layer that has DTOs that are used in the presentation layer. This application uses entity framework. Here is an example of a class called RoleDTO: public class RoleDTO { public Guid RoleId { get; set; } public string RoleName { get; set; } public string RoleDescription { get; set; } public int? OrganizationId { get; set; } } In the BLL I want to have a method that returns a list of DTO. I would like to know which is the better approach: returning IQueryable or list of DTOs. Although I feel that returning IQueryable is not a good idea because the connection needs to be open. Here are the 2 different methods using the different approaches: First approach public class RoleBLL { private servicedeskEntities sde; public RoleBLL() { sde = new servicedeskEntities(); } public IQueryable<RoleDTO> GetAllRoles() { IQueryable<RoleDTO> role = from r in sde.Roles select new RoleDTO() { RoleId = r.RoleID, RoleName = r.RoleName, RoleDescription = r.RoleDescription, OrganizationId = r.OrganizationId }; return role; } Note: in the above method the DataContext is a private attribute and set in the constructor, so that the connection stays opened. Second approach public static List<RoleDTO> GetAllRoles() { List<RoleDTO> roleDTO = new List<RoleDTO>(); using (servicedeskEntities sde = new servicedeskEntities()) { var roles = from pri in sde.Roles select new { pri.RoleID, pri.RoleName, pri.RoleDescription }; //Add the role entites to the DTO list and return. This is necessary as anonymous types can be returned acrosss methods foreach (var item in roles) { RoleDTO roleItem = new RoleDTO(); roleItem.RoleId = item.RoleID; roleItem.RoleDescription = item.RoleDescription; roleItem.RoleName = item.RoleName; roleDTO.Add(roleItem); } return roleDTO; } } Please let me know, if there is a better approach.

    Read the article

  • How can I work with the Tag property of a winforms checked listbox item?

    - by JMSA
    How can I write a C# winforms code like this? CheckedListBox items don't have 'Tag' and 'ValueMember' properties. I know there are many alternatives to this. But I need to work it this way. private void LoadPermissionsToCheckedListBox() { Role selctedRole = (Role)comboBox1.SelectedItem; int i = 0; foreach (Permission p in selctedRole.PermissionItems) { checkedListBox1.Items.Add(p); checkedListBox1.Items[i].Tag = p; } checkedListBox1.DisplayMember = "PermissionKey"; checkedListBox1.ValueMember = "PermissionID"; }

    Read the article

  • As a scrum master introducing scrum to an organization, how do avoid also being product owner?

    - by Michael Rosario
    As a scrum master introducing scrum to an organization, how do avoid also being product owner? problem facts: List item I am working on a project as scrum master. Since the organization is new to scrum, I have assumed the role of setting meetings with stakeholders to form their system vision into user stories. At present, the stakeholders are not writing user stories. At present, our team is guessing what the most important stories should be with light confirmation from stakeholders. Is there anything more that I can do to move the product owner role away from myself?

    Read the article

  • SQL Server db_owner

    - by andrew007
    Hi, in my SQL2008 I have a user which is in the "db_datareader", "db_datawriter" and "db_ddladmin" DB roles, however when he tries to modify a table with SSMS he receives a message saying: You are not logged in as the database owner or system administrator. You might not be able to save changes to tables that you do not own. Of course, I would like to avoid such message, but until now I did find the way... Therefore, I try to modify the user by adding him to the "db_owner" role, and of course I do not have the message above. My question is: Is it possible to keep the user in the "db_owner" role, but deny some actions like alter user or ? I try "alter any user" securable on DB level, but it does not work... THANKS!

    Read the article

  • Struts2 Hibernate Login with User table and group table

    - by J2ME NewBiew
    My problem is, i have a table User and Table Group (this table use to authorization for user - it mean when user belong to a group like admin, they can login into admincp and other user belong to group member, they just only read and write and can not login into admincp) each user maybe belong to many groups and each group has been contain many users and they have relationship are many to many I use hibernate for persistence storage. and struts 2 to handle business logic. When i want to implement login action from Struts2 how can i get value of group member belong to ? to compare with value i want to know? Example I get user from username and password then get group from user class but i dont know how to get value of group user belong to it mean if user belong to Groupid is 1 and in group table , at column adminpermission is 1, that user can login into admincp, otherwise he can't my code: User.java /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package org.dejavu.software.model; import java.io.Serializable; import java.util.Date; import java.util.HashSet; import java.util.Set; import javax.persistence.CascadeType; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; import javax.persistence.GeneratedValue; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.Table; import javax.persistence.Temporal; /** * * @author Administrator */ @Entity @Table(name="User") public class User implements Serializable{ private static final long serialVersionUID = 2575677114183358003L; private Long userId; private String username; private String password; private String email; private Date DOB; private String address; private String city; private String country; private String avatar; private Set<Group> groups = new HashSet<Group>(0); @Column(name="dob") @Temporal(javax.persistence.TemporalType.DATE) public Date getDOB() { return DOB; } public void setDOB(Date DOB) { this.DOB = DOB; } @Column(name="address") public String getAddress() { return address; } public void setAddress(String address) { this.address = address; } @Column(name="city") public String getCity() { return city; } public void setCity(String city) { this.city = city; } @Column(name="country") public String getCountry() { return country; } public void setCountry(String country) { this.country = country; } @Column(name="email") public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } @ManyToMany(fetch = FetchType.LAZY, cascade = CascadeType.ALL) @JoinTable(name="usergroup",joinColumns={@JoinColumn(name="userid")},inverseJoinColumns={@JoinColumn( name="groupid")}) public Set<Group> getGroups() { return groups; } public void setGroups(Set<Group> groups) { this.groups = groups; } @Column(name="password") public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } @Id @GeneratedValue @Column(name="iduser") public Long getUserId() { return userId; } public void setUserId(Long userId) { this.userId = userId; } @Column(name="username") public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } @Column(name="avatar") public String getAvatar() { return avatar; } public void setAvatar(String avatar) { this.avatar = avatar; } } Group.java /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package org.dejavu.software.model; import java.io.Serializable; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.GeneratedValue; import javax.persistence.Id; import javax.persistence.Table; /** * * @author Administrator */ @Entity @Table(name="Group") public class Group implements Serializable{ private static final long serialVersionUID = -2722005617166945195L; private Long idgroup; private String groupname; private String adminpermission; private String editpermission; private String modpermission; @Column(name="adminpermission") public String getAdminpermission() { return adminpermission; } public void setAdminpermission(String adminpermission) { this.adminpermission = adminpermission; } @Column(name="editpermission") public String getEditpermission() { return editpermission; } public void setEditpermission(String editpermission) { this.editpermission = editpermission; } @Column(name="groupname") public String getGroupname() { return groupname; } public void setGroupname(String groupname) { this.groupname = groupname; } @Id @GeneratedValue @Column (name="idgroup") public Long getIdgroup() { return idgroup; } public void setIdgroup(Long idgroup) { this.idgroup = idgroup; } @Column(name="modpermission") public String getModpermission() { return modpermission; } public void setModpermission(String modpermission) { this.modpermission = modpermission; } } UserDAO /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package org.dejavu.software.dao; import java.util.List; import org.dejavu.software.model.User; import org.dejavu.software.util.HibernateUtil; import org.hibernate.Query; import org.hibernate.Session; /** * * @author Administrator */ public class UserDAO extends HibernateUtil{ public User addUser(User user){ Session session = HibernateUtil.getSessionFactory().getCurrentSession(); session.beginTransaction(); session.save(user); session.getTransaction().commit(); return user; } public List<User> getAllUser(){ Session session = HibernateUtil.getSessionFactory().getCurrentSession(); session.beginTransaction(); List<User> user = null; try { user = session.createQuery("from User").list(); } catch (Exception e) { e.printStackTrace(); session.getTransaction().rollback(); } session.getTransaction().commit(); return user; } public User checkUsernamePassword(String username, String password){ Session session = HibernateUtil.getSessionFactory().getCurrentSession(); session.beginTransaction(); User user = null; try { Query query = session.createQuery("from User where username = :name and password = :password"); query.setString("username", username); query.setString("password", password); user = (User) query.uniqueResult(); } catch (Exception e) { e.printStackTrace(); session.getTransaction().rollback(); } session.getTransaction().commit(); return user; } } AdminLoginAction /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package org.dejavu.software.view; import com.opensymphony.xwork2.ActionSupport; import org.dejavu.software.dao.UserDAO; import org.dejavu.software.model.User; /** * * @author Administrator */ public class AdminLoginAction extends ActionSupport{ private User user; private String username,password; private String role; private UserDAO userDAO; public AdminLoginAction(){ userDAO = new UserDAO(); } @Override public String execute(){ return SUCCESS; } @Override public void validate(){ if(getUsername().length() == 0){ addFieldError("username", "Username is required"); }if(getPassword().length()==0){ addFieldError("password", getText("Password is required")); } } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getRole() { return role; } public void setRole(String role) { this.role = role; } public User getUser() { return user; } public void setUser(User user) { this.user = user; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } } other question. i saw some example about Login, i saw some developers use interceptor, im cant understand why they use it, and what benefit "Interceptor" will be taken for us? Thank You Very Much!

    Read the article

  • Sql server execute permission; failure to apply permissions

    - by WestDiscGolf
    I've just migrated from SQL2000 to SQL2008 and I have started getting an execute permission issue on a stored proc which uses sp_OACreate. The rest of the system works fine with the db login which has been setup and added to the database. I've tried: USE master GO GRANT EXEC ON sp_OACreate TO [dbuser] GO But this fails with the following error: Msg 15151, Level 16, State 1, Line 1 Cannot find the user 'dbuser', because it does not exist or you do not have permission. I'm logged into the server as sa with full permissions. I can execute a similar sql statement and apply the permissions to a server role, however not a login/user. How do I apply the changes to the specific user/login? I can apply the permissions to the public role and it resolves my issue; however this seems to be a security issue to me which I don't really want to apply to the live server.

    Read the article

  • layout is not included in all pages in asp.net mvc4 application

    - by Ahmed
    I am developing an asp.net mvc4 application with Bootstrap 3 and i've _Layout.cshtml in "Shared" folder , in Views, i've two pages, "Index and "Register" and i've included Layout in both of these Views but It seems that Layout is included in only "Index and not in "Register" View. Following are my Index and Register Views @{ ViewBag.Title = "Index"; Layout = "~/Views/Shared/_Layout.cshtml"; } <h2 align="center" class="bg-info">Login</h2> <form class="form-horizontal" role="form"> <div class="form-group"> <label for="inputEmail3" class="col-sm-2 control-label"><strong>UserName : </strong></label> <div class="col-sm-10"> <input type="email" class="form-control" id="inputEmail3" placeholder="UserName"> </div> </div> <div class="form-group"> <label for="inputPassword3" class="col-sm-2 control-label"><strong>Password</strong></label> <div class="col-sm-10"> <input type="password" class="form-control" id="inputPassword3" placeholder="Password"> </div> </div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <div class="checkbox"> <label> <input type="checkbox"> Remember me </label> </div> </div> </div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <button type="submit" class="btn btn-primary">Sign in</button> </div> </div> <h2 align="center" class="bg-info">SignIn With Other Services</h2> </form> <form class="form-horizontal" role="form" method="post" action="/Home/FacebookLogin"> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <button type="submit" class="btn btn-primary">SignIn with Facebook</button> </div> </div> </form> <h2 align="center" class="bg-info">Don't Have an Account?</h2> <form class="form-horizontal" role="form" method="post" action="/Home/Register"> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <button type="submit" class="btn btn-primary">Register</button> </div> </div> </form> ![@{ ViewBag.Title = "Register"; Layout = "~/Views/Shared/_Layout.cshtml"; } <h2 align="center" class="bg-info">Register</h2> <form class="form-horizontal" role="form"> <div class="form-group"> <label for="inputEmail3" class="col-sm-2 control-label"><strong>UserName : </strong></label> <div class="col-sm-10"> <input type="email" class="form-control" id="uname" name="uname" placeholder="UserName"> <input type="button" class="btn btn-primary" id="check" value="Check Availability" > <h4 class="bg-warning"></h4> </div> </div> <div class="form-group"> <label for="inputPassword3" class="col-sm-2 control-label"><strong>Password</strong></label> <div class="col-sm-10"> <input type="password" class="form-control" id="upass" name="upass" placeholder="Password"> </div> </div> <div class="form-group"> <label for="inputPassword3" class="col-sm-2 control-label"><strong>Retype Password</strong></label> <div class="col-sm-10"> <input type="password" class="form-control" id="retype" placeholder="Password"> </div> </div> <div class="form-group"> <div class="col-sm-offset-2 col-sm-10"> <button type="submit" class="btn btn-primary">Register</button> </div> </div> </form>]

    Read the article

  • Multiple user database design

    - by dieguitoweb
    I have to develop a basic social network for an academic purpose; but I need some tips for the users management.. The users are subdivided into 3 groups with different privilege: admins,analysts and standards users. For every user should be stored into the database the following information: name,lastname,e-mail,age,password. I'm not quite sure how I should design the database between theese two solutions: 1)one table called 'users' with the 'role' attribute that explain what a user can do and what can't do, and the permissions are managed via php 2)every application user is a database user created with the query 'CREATE ROLE' (It's a postgres database) and he has permissions on some tables granted with the 'GRANT' statement You should take into account that the project is for a database exam.. thanks

    Read the article

  • Align jQuery List

    - by William Lewis
    I'm creating a mobile website with jQuery, and I was wondering if there was a way to align a list to the bottom of a page, I just want the list to stay at the very bottom of the page, and be fixed in the spot. Thanks This is the list im trying to get fixed on the bottom of the page: <div data-role="content"> <div class="content-primary"> <ul data-role="listview"> <li><a href="link.html"><img src="file.jpg" /><h3>List name</h3></a> </li> </div>

    Read the article

  • Capistrano Error

    - by Casey van den Bergh
    I'm Running CentOS 5 32 bit version. This is my deploy.rb file on my local computer: #======================== #CONFIG #======================== set :application, "aeripets" set :scm, :git set :git_enable_submodules, 1 set :repository, "[email protected]:aeripets.git" set :branch, "master" set :ssh_options, { :forward_agent => true } set :stage, :production set :user, "root" set :use_sudo, false set :runner, "root" set :deploy_to, "/var/www/#{application}" set :app_server, :passenger set :domain, "aeripets.co.za" #======================== #ROLES #======================== role :app, domain role :web, domain role :db, domain, :primary => true #======================== #CUSTOM #======================== namespace :deploy do task :start, :roles => :app do run "touch #{current_release}/tmp/restart.txt" end task :stop, :roles => :app do # Do nothing. end desc "Restart Application" task :restart, :roles => :app do run "touch #{current_release}/tmp/restart.txt" end end And this the error I get on my local computer when I try to cap deploy. executing deploy' * executingdeploy:update' ** transaction: start * executing deploy:update_code' executing locally: "git ls-remote [email protected]:aeripets.git master" command finished in 1297ms * executing "git clone -q [email protected]:aeripets.git /var/www/seripets/releases/20111126013705 && cd /var/www/seripets/releases/20111126013705 && git checkout -q -b deploy 32ac552f57511b3ae9be1d58aec54d81f78f8376 && git submodule -q init && git submodule -q sync && export GIT_RECURSIVE=$([ ! \"git --version\" \\< \"git version 1.6.5\" ] && echo --recursive) && git submodule -q update --init $GIT_RECURSIVE && (echo 32ac552f57511b3ae9be1d58aec54d81f78f8376 > /var/www/seripets/releases/20111126013705/REVISION)" servers: ["aeripets.co.za"] Password: [aeripets.co.za] executing command ** [aeripets.co.za :: err] sh: git: command not found command finished in 224ms *** [deploy:update_code] rolling back * executing "rm -rf /var/www/seripets/releases/20111126013705; true" servers: ["aeripets.co.za"] [aeripets.co.za] executing command command finished in 238ms failed: "sh -c 'git clone -q [email protected]:aeripets.git /var/www/seripets/releases/20111126013705 && cd /var/www/seripets/releases/20111126013705 && git checkout -q -b deploy 32ac552f57511b3ae9be1d58aec54d81f78f8376 && git submodule -q init && git submodule -q sync && export GIT_RECURSIVE=$([ ! \"git --version`\" \< \"git version 1.6.5\" ] && echo --recursive) && git submodule -q update --init $GIT_RECURSIVE && (echo 32ac552f57511b3ae9be1d58aec54d81f78f8376 /var/www/seripets/releases/20111126013705/REVISION)'" on aeripets.co.za

    Read the article

  • capistrano initial deployment

    - by Richard G
    I'm trying to set up Capistrano to deploy to an AWS box. This is the first time I've tried to set this up, so please bear with me. Could someone take a look at this and let me know if you can solve this error? The output below is the deploy.rb file, and it's output when it runs. set :application, "apparel1" set :repository, "git://github.com/rgilling/GroceryRun.git" set :scm, :git set :user, "ubuntu" set :scm_passphrase, "pre5ence" # Or: `accurev`, `bzr`, `cvs`, `darcs`, `git`, `mercurial`, `perforce`, `subversion` or `none` ssh_options[:keys] = ["/Users/rgilling/Documents/Projects/Apparel1/abesakey.pem"] ssh_options[:forward_agent] = true set :location, "ec2-107-22-27-42.compute-1.amazonaws.com" role :web, location # Your HTTP server, Apache/etc role :app, location # This may be the same as your `Web` server role :db, location, :primary => true # This is where Rails migrations will run set :deploy_to, "/var/www/#{application}" set :deploy_via, :remote_cache set :use_sudo, true # if you want to clean up old releases on each deploy uncomment this: # after "deploy:restart", "deploy:cleanup" # if you're still using the script/reaper helper you will need # these http://github.com/rails/irs_process_scripts # If you are using Passenger mod_rails uncomment this: namespace :deploy do task :start do ; end task :stop do ; end task :restart, :roles => :app, :except => { :no_release => true } do run "#{try_sudo} touch #{File.join(current_path,'tmp','restart.txt')}" end end Then the execution results in this permission error. I think I"ve set up the SSH etc. correctly... updating the cached checkout on all servers executing locally: "git ls-remote git://github.com/rgilling/GroceryRun.git HEAD" command finished in 1294ms * executing "if [ -d /var/www/apparel1/shared/cached-copy ]; then cd /var/www/apparel1/shared/cached-copy && git fetch -q origin && git fetch --tags -q origin && git reset -q --hard f35dc5868b52649eea86816d536d5db8c915856e && git clean -q -d -x -f; else git clone -q git://github.com/rgilling/GroceryRun.git /var/www/apparel1/shared/cached-copy && cd /var/www/apparel1/shared/cached-copy && git checkout -q -b deploy f35dc5868b52649eea86816d536d5db8c915856e; fi" servers: ["ec2-107-22-27-42.compute-1.amazonaws.com"] [ec2-107-22-27-42.compute-1.amazonaws.com] executing command ** **[ec2-107-22-27-42.compute-1.amazonaws.com :: err] error: cannot open .git/FETCH_HEAD: Permission denied**

    Read the article

  • Entity Framework: Attached Entities not Saving

    - by blog
    Hello: I can't figure out why calling SaveChanges() on the following code results in no changes to the objects I attached: // delete existing user roles before re-attaching if (accountUser.AccountRoles.Count > 0) { foreach (AccountRole role in accountUser.AccountRoles.ToList()) { accountUser.AccountRoles.Remove(role); } } // get roles to add List<int> roleIDs = new List<int>(); foreach (UserRole r in this.AccountRoles) { roleIDs.Add(r.RoleID); } var roleEntities = from roles in db.AccountRoles where roleIDs.Contains(roles.id) select roles; accountUser.AccountRoles.Attach(roleEntities); db.SaveChanges(); In the debugger, I see that the correct roleEntities are being loaded, and that they are valid objects. However, if I use SQL Profiler I see no UPDATE or INSERT queries coming in, and as a result none of my attached objects are being saved.

    Read the article

  • @OrderBy: Sorting references

    - by Sven Moschel
    We have the following entity structure: @Entity public class SecurityRole { private List<Account> accounts; // ManyToMany } @Entity public class Account { private Employee owner; // OneToOne } @Entity public class Employee { private String lastName; } A security role can have many accounts. A account always has an employee. On the GUI we show the security roles in an mastertable. In the detail table we show the accounts of the role. To display the employee information we show "account.getOwner().getLastName()"; How can we use the @OrderBy annotation with this model? Is this possible? The problem is that the Account entity has no employee information that we can sort.

    Read the article

  • How to return null value if the query has no corresponding value?

    - by Holicreature
    Hi i've a query select c.name as companyname, u.name,u.email,u.role,a.date from useraccount u, company c, audittrial a where u.status='active' and u.companyid=c.id and (u.companyid=a.companyID and a.activity like 'User activated%' and a.email=u.email) order by u.companyid desc limit 10 So if the following part doesnt't satisfy, (u.companyid=a.companyID and a.activity like 'User activated%' and a.email=u.email) no rows will be returned.. but i want to return the result of the following query select c.name as companyname, u.name,u.email,u.role,a.date from useraccount u, company c, audittrial a where u.status='active' and u.companyid=c.id order by u.companyid desc limit 10 but to add that, i should return the date if available and return null value if date is not available.. how can i do this?

    Read the article

  • Spring security with database and multiple roles?

    - by Joe
    I'm trying to make an application using spring 3.0. Now I've decided to try my hand at spring-security and hibernate. I've already seen that it's possible to back it with a databasem and I've seen a reference to defining your own queries? Now the problem I have is that the tutorials I've been finding aren't too clear and that they assume that a user can only have one role. I want to give some users multiple roles. So I was thinking about a database scheme along the lines of: User: user_id username password registrationDate User_Role: user_id role_id Role: role_id rolename Now I was wondering if anyone had some pointers to some usefull tutorials/advice/comments.

    Read the article

  • button click expand and collapse using jquery.

    - by kumar
    <script type="text/javascript"> $(document).ready(function() { $('#tmpOpen').click(function() { var value = $("#tmpOpen").attr("value"); if (value == "Expand") { document.getElementById("tmpOpen").value = "Collapse"; $('#Grid tr[role="row"] td a').not('.icon-minus').click(); } else { document.getElementById("tmpOpen").value = "Expand"; $('#Grid tr[role="row"] td a').not('.icon-plus').click(); } }); </script> is this right what i am doign here? icon-plus is class name for a...

    Read the article

  • PHP Variable Passing in Foreach on same page

    - by tooly228
    I've been struggling this for a while and I simply can't figure this out. Here is my code: <?php foreach($list as $id =>$name) { echo("<td style=\"vertical-align:middle;\"> <a href=\"item=$id#confirm\" role=\"button\" data-toggle=\"modal\"> Buy</a></td></tr>"); }?> <html> <div class="modal small hide fade" id="confirm" tabindex="-1" role="dialog" aria- labelledby="myModalLabel" aria-hidden="true"> <a href="redeem.php?item=<?php echo $id; ?>"><button class="btn btn-danger"> Buy</button></a></div> The main issue here is that the $id from the foreeach is not the same as the $id in the div class link. Instead the link is the end value of the foreach list.

    Read the article

  • SQL Check Constraint cannot reference other column

    - by user1777711
    I trying to add this sql check in ALTER TABLE School add Role check_role CHECK (check_role IN ('Teaching Assistant', 'Lecturer', 'Professor')); I get the error below ERROR at line 3: ORA-02438: Column check constraint cannot reference other columns SQL> desc School; Name Null? Type ----------------------------------------- -------- ---------------------------- STAFFNUM NOT NULL VARCHAR2(12) NAME NOT NULL VARCHAR2(50) ADDRESS NOT NULL VARCHAR2(300) DOB DATE I am trying add a column call Role, with the check constraint check_role I am using Oracle SQL. Thanks for all help!

    Read the article

  • Capistrano asks for SSH password when deploying from local machine to server

    - by GhostRider
    When I try to ssh to a server, I'm able to do it as my id_rsa.pub key is added to the authorized keys in the server. Now when I try to deploy my code via Capistrano to the server from my local project folder, the server asks for a password. I'm unable to understand what could be the issue if I'm able to ssh and unable to deploy to the same server. $ cap deploy:setup "no seed data" triggering start callbacks for `deploy:setup' * 13:42:18 == Currently executing `multistage:ensure' *** Defaulting to `development' * 13:42:18 == Currently executing `development' * 13:42:18 == Currently executing `deploy:setup' triggering before callbacks for `deploy:setup' * 13:42:18 == Currently executing `db:configure_mongoid' * executing "mkdir -p /home/deploy/apps/development/flyingbird/shared/config" servers: ["dev1.noob.com", "176.9.24.217"] Password: Cap script: # gem install capistrano capistrano-ext capistrano_colors begin; require 'capistrano_colors'; rescue LoadError; end require "bundler/capistrano" # RVM bootstrap # $:.unshift(File.expand_path('./lib', ENV['rvm_path'])) require 'rvm/capistrano' set :rvm_ruby_string, 'ruby-1.9.2-p290' set :rvm_type, :user # or :user # Application setup default_run_options[:pty] = true # allow pseudo-terminals ssh_options[:forward_agent] = true # forward SSH keys (this will use your SSH key to get the code from git repository) ssh_options[:port] = 22 set :ip, "dev1.noob.com" set :application, "flyingbird" set :repository, "repo-path" set :scm, :git set :branch, fetch(:branch, "master") set :deploy_via, :remote_cache set :rails_env, "production" set :use_sudo, false set :scm_username, "user" set :user, "user1" set(:database_username) { application } set(:production_database) { application + "_production" } set(:staging_database) { application + "_staging" } set(:development_database) { application + "_development" } role :web, ip # Your HTTP server, Apache/etc role :app, ip # This may be the same as your `Web` server role :db, ip, :primary => true # This is where Rails migrations will run # Use multi-staging require "capistrano/ext/multistage" set :stages, ["development", "staging", "production"] set :default_stage, rails_env before "deploy:setup", "db:configure_mongoid" # Uncomment if you use any of these databases after "deploy:update_code", "db:symlink_mongoid" after "deploy:update_code", "uploads:configure_shared" after "uploads:configure_shared", "uploads:symlink" after 'deploy:update_code', 'bundler:symlink_bundled_gems' after 'deploy:update_code', 'bundler:install' after "deploy:update_code", "rvm:trust_rvmrc" # Use this to update crontab if you use 'whenever' gem # after "deploy:symlink", "deploy:update_crontab" if ARGV.include?("seed_data") after "deploy", "db:seed" else p "no seed data" end #Custom tasks to handle resque and redis restart before "deploy", "deploy:stop_workers" after "deploy", "deploy:restart_redis" after "deploy", "deploy:start_workers" after "deploy", "deploy:cleanup" 'Create symlink for public uploads' namespace :uploads do task :symlink do run <<-CMD rm -rf #{release_path}/public/uploads && mkdir -p #{release_path}/public && ln -nfs #{shared_path}/public/uploads #{release_path}/public/uploads CMD end task :configure_shared do run "mkdir -p #{shared_path}/public" run "mkdir -p #{shared_path}/public/uploads" end end namespace :rvm do desc 'Trust rvmrc file' task :trust_rvmrc do run "rvm rvmrc trust #{current_release}" end end namespace :db do desc "Create mongoid.yml in shared path" task :configure_mongoid do db_config = <<-EOF defaults: &defaults host: localhost production: <<: *defaults database: #{production_database} staging: <<: *defaults database: #{staging_database} EOF run "mkdir -p #{shared_path}/config" put db_config, "#{shared_path}/config/mongoid.yml" end desc "Make symlink for mongoid.yml" task :symlink_mongoid do run "ln -nfs #{shared_path}/config/mongoid.yml #{release_path}/config/mongoid.yml" end desc "Fill the database with seed data" task :seed do run "cd #{current_path}; RAILS_ENV=#{default_stage} bundle exec rake db:seed" end end namespace :bundler do desc "Symlink bundled gems on each release" task :symlink_bundled_gems, :roles => :app do run "mkdir -p #{shared_path}/bundled_gems" run "ln -nfs #{shared_path}/bundled_gems #{release_path}/vendor/bundle" end desc "Install bundled gems " task :install, :roles => :app do run "cd #{release_path} && bundle install --deployment" end end namespace :deploy do task :start, :roles => :app do run "touch #{current_path}/tmp/restart.txt" end desc "Restart the app" task :restart, :roles => :app do run "touch #{current_path}/tmp/restart.txt" end desc "Start the workers" task :stop_workers do run "cd #{current_path}; RAILS_ENV=#{default_stage} bundle exec rake resque:stop_workers" end desc "Restart Redis server" task :restart_redis do "/etc/init.d/redis-server restart" end desc "Start the workers" task :start_workers do run "cd #{current_path}; RAILS_ENV=#{default_stage} bundle exec rake resque:start_workers" end end

    Read the article

  • How can I work around problems with certificate configuration in Remote Desktop Services?

    - by Michael Steele
    I am setting up a Remote Desktop Services farm, and am having trouble configuring certificates for it to use. A demonstration of the problem I'm seeing can be found in Step #4. At this point I am convinced that there are problems with the user interface, and am looking for ways around them. Is there any way to configure certificates in Remote Desktop Services so that the settings hold and are reflected in the GUI? If not, is there any way for me to verify that the settings are correct? Step #1 - Create certificate to be used. I've configured a certificate to use with RD Web Access. The certificate is stored with in the Certificates MMC on my RD Connection Broker, and I am configuring the farm from that computer. I found by letting RD Web Access generate its own certificate that the following properties are required: Enhanced Key Usage Server Authentication Client Authentication This may not be required, but the self-signed certificate includes it. Key Usage Digital Signature Key Agreement Subject Alternative Name DNS Name=domain.com Detour about self-signed certificate generation As a quick detour, I was able to work around a problem with creating self-signed certificates using powershell. The documentation for the New-RDCertificate cmdlet gives the following example: PS C:\> $password = ConvertTo-SecureString -string "password" -asplaintext -force New-RDCertificate -Role RDWebAccess -DnsName "test-rdwa.contoso.com" -Password $password -ConnectionBroker rdcb.contoso.com -ExportPath "c:\test-rdwa.pfx" Typing this into the shell will result in an error message claiming that a function, Get-Server cannot be found. Prior to using New-RDCertificate, you must import the RemoteDesktop Module with Import-Module RemoteDesktop. Step #2 - Observe out-of-box behavior The first time you visit the Deployment Properties dialog box by navigating to Server Manager - Remote Desktop Services - Collections and selecting "Edit Deployment Properties" from the "TASKS" dropdown list in the "COLLECTIONS" grouping, you will see the following screen: This window is misleading because the level field is listed as "Not Configured". If I understand correctly all three of the role services are using a self-signed certificate. For the RD Web Access role this can be verified by visiting the website: The certificate being used also appears in the Certificates MMC: Step #3 - Assign new certificate The Deployment Properties dialog box will allow me to select my existing certificate. The certificate must be placed within the local computers Certificates MMC in the "Personal" certificate store. The private key will need to be exportable, and you will need to provide the password. I temporarily exported my certificate to a file named temp.pfx with a password, and then imported it into Remote Desktop Services from there. Once this is done the GUI will indicate that it is ready to accept the new configuration. Once I click the "Apply" button, the GUI indicates success. This can be verified by visiting the RD Web Access web site a second time. There is no certificate error. Step #4 - The GUI fails to maintain its state If the GUI is closed and reopened, all of these settings appear to be lost. Actually, the certificate I configured is still being used. I am able to continue accessing the RD Web Access site without any certificate errors. Oddly, if I use the "Create new certificate..." button to generate a self-signed certificate this window will update to an "Untrusted" level. This setting will then be maintained through the opening and closing of the Deployment Properties dialog box. Is there anything I can do to have my settings appear to stick? I feel like something is wrong when the GUI claims I haven't fully configured certificates.

    Read the article

  • Securing an ASP.NET MVC 2 Application

    - by rajbk
    This post attempts to look at some of the methods that can be used to secure an ASP.NET MVC 2 Application called Northwind Traders Human Resources.  The sample code for the project is attached at the bottom of this post. We are going to use a slightly modified Northwind database. The screen capture from SQL server management studio shows the change. I added a new column called Salary, inserted some random salaries for the employees and then turned off AllowNulls.   The reporting relationship for Northwind Employees is shown below.   The requirements for our application are as follows: Employees can see their LastName, FirstName, Title, Address and Salary Employees are allowed to edit only their Address information Employees can see the LastName, FirstName, Title, Address and Salary of their immediate reports Employees cannot see records of non immediate reports.  Employees are allowed to edit only the Salary and Title information of their immediate reports. Employees are not allowed to edit the Address of an immediate report Employees should be authenticated into the system. Employees by default get the “Employee” role. If a user has direct reports, they will also get assigned a “Manager” role. We use a very basic empId/pwd scheme of EmployeeID (1-9) and password test$1. You should never do this in an actual application. The application should protect from Cross Site Request Forgery (CSRF). For example, Michael could trick Steven, who is already logged on to the HR website, to load a page which contains a malicious request. where without Steven’s knowledge, a form on the site posts information back to the Northwind HR website using Steven’s credentials. Michael could use this technique to give himself a raise :-) UI Notes The layout of our app looks like so: When Nancy (EmpID 1) signs on, she sees the default page with her details and is allowed to edit her address. If Nancy attempts to view the record of employee Andrew who has an employeeID of 2 (Employees/Edit/2), she will get a “Not Authorized” error page. When Andrew (EmpID 2) signs on, he can edit the address field of his record and change the title and salary of employees that directly report to him. Implementation Notes All controllers inherit from a BaseController. The BaseController currently only has error handling code. When a user signs on, we check to see if they are in a Manager role. We then create a FormsAuthenticationTicket, encrypt it (including the roles that the employee belongs to) and add it to a cookie. private void SetAuthenticationCookie(int employeeID, List<string> roles) { HttpCookiesSection cookieSection = (HttpCookiesSection) ConfigurationManager.GetSection("system.web/httpCookies"); AuthenticationSection authenticationSection = (AuthenticationSection) ConfigurationManager.GetSection("system.web/authentication"); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket( 1, employeeID.ToString(), DateTime.Now, DateTime.Now.AddMinutes(authenticationSection.Forms.Timeout.TotalMinutes), false, string.Join("|", roles.ToArray())); String encryptedTicket = FormsAuthentication.Encrypt(authTicket); HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket); if (cookieSection.RequireSSL || authenticationSection.Forms.RequireSSL) { authCookie.Secure = true; } HttpContext.Current.Response.Cookies.Add(authCookie); } We read this cookie back in Global.asax and set the Context.User to be a new GenericPrincipal with the roles we assigned earlier. protected void Application_AuthenticateRequest(Object sender, EventArgs e){ if (Context.User != null) { string cookieName = FormsAuthentication.FormsCookieName; HttpCookie authCookie = Context.Request.Cookies[cookieName]; if (authCookie == null) return; FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); string[] roles = authTicket.UserData.Split(new char[] { '|' }); FormsIdentity fi = (FormsIdentity)(Context.User.Identity); Context.User = new System.Security.Principal.GenericPrincipal(fi, roles); }} We ensure that a user has permissions to view a record by creating a custom attribute AuthorizeToViewID that inherits from ActionFilterAttribute. public class AuthorizeToViewIDAttribute : ActionFilterAttribute{ IEmployeeRepository employeeRepository = new EmployeeRepository(); public override void OnActionExecuting(ActionExecutingContext filterContext) { if (filterContext.ActionParameters.ContainsKey("id") && filterContext.ActionParameters["id"] != null) { if (employeeRepository.IsAuthorizedToView((int)filterContext.ActionParameters["id"])) { return; } } throw new UnauthorizedAccessException("The record does not exist or you do not have permission to access it"); }} We add the AuthorizeToView attribute to any Action method that requires authorization. [HttpPost][Authorize(Order = 1)]//To prevent CSRF[ValidateAntiForgeryToken(Salt = Globals.EditSalt, Order = 2)]//See AuthorizeToViewIDAttribute class[AuthorizeToViewID(Order = 3)] [ActionName("Edit")]public ActionResult Update(int id){ var employeeToEdit = employeeRepository.GetEmployee(id); if (employeeToEdit != null) { //Employees can edit only their address //A manager can edit the title and salary of their subordinate string[] whiteList = (employeeToEdit.IsSubordinate) ? new string[] { "Title", "Salary" } : new string[] { "Address" }; if (TryUpdateModel(employeeToEdit, whiteList)) { employeeRepository.Save(employeeToEdit); return RedirectToAction("Details", new { id = id }); } else { ModelState.AddModelError("", "Please correct the following errors."); } } return View(employeeToEdit);} The Authorize attribute is added to ensure that only authorized users can execute that Action. We use the TryUpdateModel with a white list to ensure that (a) an employee is able to edit only their Address and (b) that a manager is able to edit only the Title and Salary of a subordinate. This works in conjunction with the AuthorizeToViewIDAttribute. The ValidateAntiForgeryToken attribute is added (with a salt) to avoid CSRF. The Order on the attributes specify the order in which the attributes are executed. The Edit View uses the AntiForgeryToken helper to render the hidden token: ......<% using (Html.BeginForm()) {%><%=Html.AntiForgeryToken(NorthwindHR.Models.Globals.EditSalt)%><%= Html.ValidationSummary(true, "Please correct the errors and try again.") %><div class="editor-label"> <%= Html.LabelFor(model => model.LastName) %></div><div class="editor-field">...... The application uses View specific models for ease of model binding. public class EmployeeViewModel{ public int EmployeeID; [Required] [DisplayName("Last Name")] public string LastName { get; set; } [Required] [DisplayName("First Name")] public string FirstName { get; set; } [Required] [DisplayName("Title")] public string Title { get; set; } [Required] [DisplayName("Address")] public string Address { get; set; } [Required] [DisplayName("Salary")] [Range(500, double.MaxValue)] public decimal Salary { get; set; } public bool IsSubordinate { get; set; }} To help with displaying readonly/editable fields, we use a helper method. //Simple extension method to display a TextboxFor or DisplayFor based on the isEditable variablepublic static MvcHtmlString TextBoxOrLabelFor<TModel, TProperty>(this HtmlHelper<TModel> htmlHelper, Expression<Func<TModel, TProperty>> expression, bool isEditable){ if (isEditable) { return htmlHelper.TextBoxFor(expression); } else { return htmlHelper.DisplayFor(expression); }} The helper method is used in the view like so: <%=Html.TextBoxOrLabelFor(model => model.Title, Model.IsSubordinate)%> As mentioned in this post, there is a much easier way to update properties on an object. Download Demo Project VS 2008, ASP.NET MVC 2 RTM Remember to change the connectionString to point to your Northwind DB NorthwindHR.zip Feedback and bugs are always welcome :-)

    Read the article

  • Programme d'étude sur le C++ bas niveau n° 3 : la Pile, un article d'Alex Darby traduit par ram-0000

    L'objectif de cette série d'articles d'Alex Darby sur la programmation « bas-niveau » est de permettre aux développeurs ayant déjà des connaissances de la programmation C++ de mieux comprendre comment ses programmes sont exécutés en pratique. Ce troisième article explique le rôle et le fonctionnement de la Pile, son usage lors de l'appel d'une fonction, la gestion des variables locales ainsi que la gestion de la valeur de retour d'une fonction. Programme d'étude sur le C++ bas niveau n° 3 : la Pile Connaissiez-vous bien le fonctionnement de la Pile et des appels de fonctions ?

    Read the article

  • The Chinese SEO in the Internet SEO Formula

    Most ecommerce websites are designed in order to drive the Chinese internet users to the website thus delivering a good user experience that converts the users into customers. According to a statistical report on the internet development in China, conducted during the year 2009, the Chinese SEO of the ecommerce site plays an important role in determining the perception of the internet users towards internet as an information gateway and its impact on the user's behavior and attitude on internet trust.

    Read the article

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >