Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

Page 383/509 | < Previous Page | 379 380 381 382 383 384 385 386 387 388 389 390 | Next Page >

Spring - MVC - Sanitize URL before redisplaying to the user

- by Raghav

In my application , a HTTP GET request URL to the application with script tag is getting redisplayed as it is although it fails the authorization. Example: http://www.example.com/welcome<script>alert("hi")</script> The issue is sanitizing external input entered directly into address bar by modifying existing GET URL. Spring redisplays the submitted URL as it is. Though the script does not get executed in the browser(FF), is there anyway to strip the URL of these values before displaying it back to the user Reference: Spring MVC application filtering HTML in URL - Is this a security issue?

Read the article
Running custom Javascript on every page in Mozilla Firefox

- by saturn

I have a custom piece of Javascript which I would like to run on every web page from specific domains, or perhaps simply on every web page. (If you are wondering: it is not malicious. It allows to display formulas by using MathJax.) Is that possible? I tried including it in userContent.css, that of course did not work. A simple Greasemonkey script I tried did not insert it. Is it because of the security precautions? (Which would be very logical). Still, there should be a way to do it on the machine I physically control, by changing something in Mozilla chrome directory, shouldn't it? Anyway, how can I do this for myself?

Read the article
How to create virtual Environment for users on server

- by Bhushan Nagaonkar

I have a web application where users can register them self and then save Java and C++ programs in their account. Programs are saved in a tmp directory like, /tmp -user1 --program1 --program2 -user2 --program1 --program2 So all the users folders are in same "tmp" directory. I want to know how can I proved security by not allowing a user to access files of other users. A user will be executing a java or c++ program in his folder which can be used to read files on the server. How to prevent this? I am new to this thing I don't know how to go about this. The server is Linux server and project is in python using Django. Thank in advance

Read the article
problem in loading class from 'me.prettyprint.hector.api.Serializer'

- by dhananjay patil

I have created executable jar but having some problem with Class not found Exception. When I type command: java -jar JarFileName.jar arguments.. I get error message, Exception in thread "main" java.lang.NoClassDefFoundError: me/prettyprint/hector/api/Serializer at com.ensarm.niidle.web.scraper.NiidleScrapeManager.main(NiidleScrapeManager.java:21) Caused by: java.lang.ClassNotFoundException: me.prettyprint.hector.api.Serializer at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) ... 1 more please tell me solution for this,class is not getting loaded from the external jar

Read the article
Is writing eSQL database independant or not?

- by Robert Koritnik

Using EF we can use LINQ to read data which is rather simple (especialy using fluent calls), but we have less control unless we write eSQL on our own. Is writing eSQL database actually data store independant code? So if we decide to change data store, can the same statements still be used? Is writing eSQL strings in your code pose any serious security threats similar to writing TSQL statements in plain strings? So we moved to SPs. Could we still mode eSQL scripts outside of code as well and use some other technique to make them a bit more secure?

Read the article
How do you detect a website visitor's country (Specifically, US or not)?

- by BigDave

I need to show different links for US and non-US visitors to my site. This is for convenience only, so I am not looking for a super-high degree of accuracy, and security or spoofing are not a concern. I know there are geotargeting services and lists, but this seems like overkill since I only need to determine (roughly) if the person is in the US or not. I was thinking about using JavaScript to get the user's timezone, but this appears to only give the offset, so users in Canada, Mexico, and South America would have the same value as people in the US. Are there any other bits of information available either in JavaScript, or PHP, short of grabbing the IP address and doing a lookup, to determine this?

Read the article
System.Web.AspNetHostingPermission Exception on New Deployment

- by Jason N. Gaylord

I have a friend that is moving a web application from one server over to another. The new server has the same settings as the first server, however, he's running into a Security issue. Here's the error details: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. The Event Viewer does not point to anything specific in the web.config file or anything. The web applicaiton is on the C: drive. This is a Windows Server 2008 R2 x64 server with a brand new IIS 7 installation. IIS is set in classic mode for this app pool.

Read the article
Why don't web fonts in Firefox don't work on a different domain?

- by mikez302

I was experimenting with the fancy new OpenType font capability in Firefox 3.5 and I ran into a problem. I was trying to embed a font on a different domain than the page it would be used on, and it didn't work. I thought it may have been a bug, but from what I read on the MDC reference page, I noticed this note: In Gecko, web fonts are subject to the same domain restriction (font files must be on the same domain as the page using them), unless HTTP access controls are used to relax this restriction. It looks like they designed the browser that way on purpose. Out of curiosity, why would they do that? Is there any security risk with embedding a font? Or is it for legal trademark or copyright issues? Or something else?

Read the article
How should I use random.jumpahead in Python

- by Peter Smit

I have a application that does a certain experiment 1000 times (multi-threaded, so that multiple experiments are done at the same time). Every experiment needs appr. 50.000 random.random() calls. What is the best approach to get this really random. I could copy a random object to every experiment and do than a jumpahead of 50.000 * expid. The documentation suggests that jumpahead(1) already scrambles the state, but is that really true? Or is there another way to do this in 'the best way'? (No, the random numbers are not used for security, but for a metropolis hasting algorithm. The only requirement is that the experiments are independent, not whether the random sequence is somehow predictable or so)

Read the article
Getting "Object is read only" error when setting ClientCredentials in WCF

- by Paul Mrozowski

I have a proxy object generated by Visual Studio (client side) named ServerClient. I am attempting to set ClientCredentials.UserName.UserName/Password before opening up a new connection using this code: InstanceContext context = new InstanceContext(this); m_client = new ServerClient(context); m_client.ClientCredentials.UserName.UserName = "Sample"; As soon as the code hits the UserName line it fails with an "Object is read-only" error. I know this can happen if the connection is already open or faulted, but at this point I haven't called context.Open() yet. I have configured the Bindings (which uses netTcpBinding) to use Message as it's security mode, and MessageClientCredentialType is set to UserName. Any ideas?

Read the article
Getting COM object to run in Vista

- by rainslg

We expose an interface to our simulation software using a COM/ActiveX object. This worked just fine in XP, but in Vista, we get "Error 429: ActiveX can't create object" when a VB client executes CreateObject(). The COM object has been registered by hand so that the Vista Registry is identical to XP's Registry. I run the VB interface from a DOS window that I started using "Run As Administrator". The client is correctly accessing and reading the Registry as I walk through using the debugger in VB, so it's apparently not a security setting, as near as I can tell. I have also loaded the files into VS2005 (the object was originally created in VS6) and rebuilt them to get a later ATL version, but that hasn't helped - we still get the 429 error. Is this a symptom of UAC problems, or should I be looking for something deeper?

Read the article
How to find a programmer for my project?

- by Al

I'm building a web application to generate monthly subscription fees, but I've quickly realised I'm going to need some help with the project to finish it this century. I don't have any money upfront for a freelancer and every website I've found takes bids for project work. The tasks that need doing are flexible too because I can do whatever the other coder doesn't want to. I'm also happy to guide the developer and offer tips for performance/security/etc etc. My question is; how do I go about finding someone to work with on a profit-share basis? I'm sure there are a billion people like me with the "next killer app" but I genuinely believe in it. Can anyone offer some advice? Thanks in advance! EDIT: I guess the trick is to find someone passionate enough about the subject as I am. Where would I find someone? Are there websites that broker profit-share deals on programming work?

Read the article
Javascript/iframe/embed/object question

- by thinkfuture

OK, so here is my issue. I'm building a system which will allow people to embed lists of links on their pages. When the link is clicked, i'd like to use something like Lightview or Lightwindow to open it up over the whole window, not just in the iframe. I don't have access to the page that the user will be embedding this object into. Everything I've tried so far tells me that I can't open anything over the parent window, since I don't have access to it from the iframe or object, javacript security issue. However, I've seen sites that do that kind of overlay. so it must be possible. If anyone can point me to any resources that could help, that would be great. if it matters, i'm using Ruby on Rails... Thanks...chris

Read the article
Generate SQL Server Express database from Entity Framework 4 model

- by Cranialsurge

I am able to auto-generate a SQL Server CE 4.0 *.sdf file using code-first generation as explained by Scott Guthrie here. The connection string for the same is as follows: <add name="NerdDinners" providerName="System.Data.SqlServerCe.4.0" connectionString="data source=|DataDirectory|NerdDinner.sdf"/> However if I try to generate an mdf instead using the following connection string, it fails to do so with the following error - "The provider did not return a ProviderManifestToken string.". <add name="NerdDinners" providerName="System.Data.SqlClient" connectionString="data source=|DataDirectory|NerdDinner.mdf"/> Even directly hooking into a SQLEXPRESS instance using the following connection string fails <add name="NerdDinners" providerName="System.Data.SqlClient" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=NerdDinner;Integrated Security=True"/> Does EF 4 only support SQL CE 4.0 for database creation from a model for now or am I doing something wrong here?

Read the article
Error in PushNotification from iPhone Device

- by Shibin Moideen

Hi All, I am trying to do a sample project on the Apple the push notification. I created an AppID, done some terminal commands, and finally got a Provisional Certificate for do the same. I got the certificate installed on my device and SDK. Till now every thing goes fine. But when i try to run the app on the device.... it doesnt. It throws an error stating "Error from debugger:Error launching remote program:security policy error." Can any one help me to overcome this. Please Help needed. thanks in advance Shibin

Read the article
Decompressing file with gzip produces file with no read-permissions on Windows 7

- by Abiel

I am attempting to decompress a .gz file using the GnuWin32 gzip program in Windows 7. I have full permissions on the compressed file, and my user account is an administrator. However, I end up not having read permissions on the decompressed file. To get read permissions I would have to manually change the permissions on it through right-clicking and selecting Properties Security. I am able to do this exact same thing with no permission problems in Windows XP, which leads me to believe that Windows 7's user account control system is causing problems. Does anyone know what I can do to make things work as I would expect (read permission on the decompressed file) in Windows 7? Thanks.

Read the article
Concepts a web application developer should know?

- by iama

I think it is imperative for web application developers to know the answers surrounding the following general questions on web development irrespective of the programming language/framework used. What authentication mechanisms HTTP offer & what are their pros and cons? Why should one go for FORMS authentication? How to secure authentication or for that matter any transactions via HTTP? How to maintain state in HTTP? What are the downsides to maintaining state via cookie & what happens when browsers disable them? Security issues like cross site scripting, session hijacking etc. What other questions a web developer should have answers for similar to the ones above that are programming language/web framework agnostic?

Read the article
Subscribing to MSMQ over the internet

- by Nathan Palmer

I haven't been able to find a clear answer to this problem. Is there a good way to subscribe to a MSMQ through the internet? Ideally I need security both in authentication and encryption for this connection. But I would like the subscriber to act just like any other client that would be subscribed on the local network. I believe I have a couple of options here Expose the MSMQ ports publicly Put the MSMQ behind some type of WCF service (not sure if that works for a subscriber) What other options do I have? We're sitting in a .NET environment and the main problem domain that is trying to be solved is to change the remote connections from a pulling system to an event based system to reduce the load on the main server.

Read the article
WCF Windows service permissions problem

- by Elad

I have created a WCF service and hosted it using Windows Services host. To install the project I created an installation project (as described here). In the tutorial, it says to define in the ProjectInstaller.cs the serviceProcessInstaller1 Account property to be Network Service. When using this setting the service did not started on the server. When I tried to start the process manually, it immediately return to stopped state. After when I changed the Account to LocalSystem the service works properly. My questions are: Any ideas why it won't work with Network Service account? What are the security implications of using a server with LocalSystem account? This server is used locally in the intranet as a reporting server for other servers.

Read the article
Problem Loading AS2 swf into AS3 swf

- by dani

I've been trying very hard to get an AS2 swf to load properly inside an AS3 swf - but to no avail ... The AS2 file (which is a rather big app referencing many external xml files etc.) works perfectly when launched in Flash Player. When trying to load the same file through an AS3 swf (using URLRequest and Loader classes), the file starts loading but stops abruptly during the preloading phase. (Same happens if I try to load it using AS2 "loadMovie".) What is there more to try? Security settings, custom loader classes - any advice is appreciated.

Read the article
WCF 4: Fileless Activation Fails On XP (IIS 5) that has SSL port enabled.

- by Richard Collette

I have a service being hosted in IIS on XP via fileless activation. The service starts fine when there is no SSL port enabled for IIS but when the SSL port is enabled, I get the error message: System.ServiceModel.ServiceActivationException: The service '/SkillsPrototype.Web/services/Linkage.svc' cannot be activated due to an exception during compilation. The exception message is: A binding instance has already been associated to listen URI 'http://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc'. If two endpoints want to share the same ListenUri, they must also share the same binding object instance. The two conflicting endpoints were either specified in AddServiceEndpoint() calls, in a config file, or a combination of AddServiceEndpoint() and config. . ---> System.InvalidOperationException: A binding instance has already been associated to listen URI 'http://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc'. If two endpoints want to share the same ListenUri, they must also share the same binding object instance. The two conflicting endpoints were either specified in AddServiceEndpoint() calls, in a config file, or a combination of AddServiceEndpoint() and config. My service model configuration is <system.serviceModel> <diagnostics wmiProviderEnabled="true"> <messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="3000"/> </diagnostics> <standardEndpoints> <webHttpEndpoint> <standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" /> </webHttpEndpoint> </standardEndpoints> <behaviors> <serviceBehaviors> <behavior> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <bindings> <webHttpBinding> <binding> <security mode="None"> <transport clientCredentialType="None"/> </security> </binding> </webHttpBinding> </bindings> <protocolMapping> </protocolMapping> <services> </services> <serviceHostingEnvironment multipleSiteBindingsEnabled="false"> <serviceActivations> <clear/> <add factory="System.ServiceModel.Activation.WebScriptServiceHostFactory" service="SkillsPrototype.ServiceModel.Linkage" relativeAddress="~/Services/Linkage.svc"/> </serviceActivations> </serviceHostingEnvironment> </system.serviceModel> When you look in the svclog file, there two base addresses that are returned when SSL is enabled, one for http and one for https. I suspect that this is part of the issue but I am not sure how to resolve it. <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>524333</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2010-06-16T17:40:55.8168605Z" /> <Source Name="System.ServiceModel" /> <Correlation ActivityID="{95927f9a-fa90-46f4-af8b-721322a87aaa}" /> <Execution ProcessName="aspnet_wp" ProcessID="1888" ThreadID="5" /> <Channel/> <Computer>RCOLLET</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Information"> <TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.ServiceHostBaseAddresses.aspx</TraceIdentifier> <Description>ServiceHost base addresses.</Description> <AppDomain>/LM/w3svc/1/ROOT/SkillsPrototype.Web-1-129211836532542949</AppDomain> <Source>System.ServiceModel.WebScriptServiceHost/49153359</Source> <ExtendedData xmlns="http://schemas.microsoft.com/2006/08/ServiceModel/CollectionTraceRecord"> <BaseAddresses> <Address>http://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc</Address> <Address>https://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc</Address> </BaseAddresses> </ExtendedData> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent> I can't post the full service log due to character limits on the post.

Read the article
Class declaration bug

- by aladine

Please advise me what's wrong with this class declaration: ExchEngine.java package engine; public class ExchEngine { public ExchEngine() { } public static void main(String[] args) { ExchEngine engine=new ExchEngine() ; } } When I compile this file, I always get exception: java.lang.NoClassDefFoundError: test_engine/ExchEngine Caused by: java.lang.ClassNotFoundException: test_engine.ExchEngine at java.net.URLClassLoader$1.run(URLClassLoader.java:202) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:248) Exception in thread "main" This seems very weird that ExchEngine.java is inside a package and it cannot run itself. Thanks for any help.

Read the article
Microsoft Speech Recognition in web service

- by Diana

I'm trying to use the System.Speech.Recognition namespace for recognizing speech in a web service. Actually, the WS calls a dll that uses this namespace. The problem is that...I can't. First, I had a Access denied error. After changing the Identity of my application pool to LocalSystem (security break, I know), that disappeared. But a timeout appeared. I receive no error, but no response either. I did some tests, and, the same code (very simple) that I use for recognizing the text in a WAV returns the answer in around 2 seconds, when integrated in a desktop application, but hangs and does nothing in a web application. I think I'm missing something... I'm not supposed to use System.Speech.Recognition in a web application? Am I supposed to use something else? Any help is greatly appreciated. Thank you!

Read the article
How can I get Hudson to be able to access JUnit?

- by Bedwyr Humphreys

I've got Hudson running on TOMCAT, it can build my Netbeans project using the ant build.xml, but it won't run any of my unit tests because of what I assume is a problem with the classpath: package org.junit does not exist [javac] import org.junit.After; [javac] ^ But I've got the junit-4.8.1.jar on the classpath in /etc/environment and I can successfuly run the junit tests from a console using java org.junit.runner.JUnitCore org.junit.tests.AllTests My CLASSPATH is set to /home/bedwyr/junit4.8.1/junit-4.8.1.jar:. Am I going wrong somewhere or is there anything else I need to set? [edit] What I did was to export/include (using the ide) all libraries (including Junit) hudson then reads all it needs from the subversion repo. I then ran into an issue with exposing hudson to the internet, and pretty soon gave up on tomcat on ubuntu server (again, to do with the tomcat security manager) - glassfish is a lot smoother and that's where I am now - apache front end with ajp_proxy to hudson on glassfish.

Read the article
[ASP.NET] Problems with error: "Access to the path <path> is denied."

- by Tony

Hi, I was looking for the the trick to resolve that error (google, stackoverflow.com etc) and every nothing works. I need to dinamically create an .aspx file via the asp.net application. What I've done to try fix it: 1) In the folder's Properties - Security, I've added IUSR_TONY and also IIS_IUSRS and allow them the Full control to the folder. Just to check if that will help. Nope, it won't. 2) in the IIS Manager, I tried to change the Application's Pool Defaults Identity (based on that) I checked all options, with no success I don't know what to do more to fix it. Any ideas ?

Read the article

< Previous Page | 379 380 381 382 383 384 385 386 387 388 389 390 | Next Page >