Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

Page 385/509 | < Previous Page | 381 382 383 384 385 386 387 388 389 390 391 392 | Next Page >

Trouble getting Flash socket policy file to work.

- by Alex

Basically I'm using Flash to connect to a Java server. Despite my Java application replying to the , in the Flash debug log it lists (not sure about the order as there are lots): * Security Sandbox Violation * Connection to 192.168.1.86:4049 halted - not permitted from http://127.0.0.1:8888/Current/wander.swf Warning: Timeout on xmlsocket://192.168.1.86:4049 (at 3 seconds) while waiting for socket policy file. This should not cause any problems, but see http://www.adobe.com/go/strict_policy_files for an explanation. Error: Request for resource at xmlsocket://192.168.1.86:4049 by requestor from http://127.0.0.1:8888/Current/wander.swf is denied due to lack of policy file permissions. What I don't understand is, the server (port 4049) receives the request, outputs the policy file and then closes the connection, surely it shouldn't time out? The policy file I'm using is: <?xml version="1.0"?> <cross-domain-policy><allow-access-from domain="*" to-ports="*" /> </cross-domain-policy>

Read the article
Where to place java applet policy file?

- by makdere

Hi all, I am working on an artificial intelligence project which is a logic game and aims two user connecting to the server on the network who acts as an Admin and then start to play one by one. In order to create connections, i have a server code which is just listening on localhost:8000 and assigning team values to the clients as they arrive. After connecting, clients make their move under Admin's control. The question is that when i try to put my code to work in the browser it fails with the following error: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:8000 connect,resolve) Even though i have created my own policy, first granting only Socket access permission to the codebase of my project folder (file:///home/xxx/projects/-), after it didnt work i granted all permissions from all codebase. I tried placing my policy file both in the home directory and in the same directory where my applet code resides. Appreciate any tips, thanks.

Read the article
Administrators vs Programmers: Who's got more people Interaction / Working hours?

- by sanksjaya

Well, I've heard programmers get to interact with other programmers quiet a lot. But, who gets to meet a lot of new people on a daily basis at work without getting the feeling "Goosh! I'm stuck with him/this for another year :(" - Admins or Coders? And what kind of people domain do each get to interact with? Secondly, I've had this myth for a long time that unlike programmers, Network/System/Security Admins get locked-up in a den and juiced up late nights and early mornings. Most of the time they had to slip out of work without being noticed. But recently one of my seniors from my grad school told he had to work late and on weekends for a product release. How true and often does this happen with programmers and admins?

Read the article
How to force Weblogic to start deployments in active state (i.e. not just prepared)

- by doublep

When I start a Weblogic instance with a deployed application, the deployment is sometimes left in prepared state, not in active state. I have to go to Weblogic Console and start the deployment manually, which is quite slow and annoying repetetive work. Since this is done on a development machine — sometimes 50 times a day, — there are no security implication as the server is only visible on the local network. Is there some way to have it always start the deployment active? Note that I'm not redeploying the application, I instead have it "constantly deployed" and stop/start the Weblogic instance using the scripts in bin directory.

Read the article
Why isn't UTF-8 allowed as the "ANSI" code page?

- by dan04

The Windows _setmbcp function allows any valid code page... (except UTF-7 and UTF-8, which are not supported) OK, not supporting UTF-7 makes sense: Characters have non-unique representations and that introduces complexity and security risks. But why not UTF-8? As I understand it, the "ANSI" versions of the Windows API functions convert their arguments to UTF-16, call the equivalent "W" function, and convert any strings in the output to "ANSI". This is what I've been doing manually. So why can't Windows do it for me?

Read the article
URL encoded POST bad practice?

- by StackedCrooked

I am (just for fun) trying to implement a High Score web-service. I would like it be compatible with REST principles. I want to be able to add a new highscore using url parameters like this http://mydomain.com/hs/add&name=John&score=987. According to REST this must be done using a POST request. Which leads to empty POST request with all data contained in the URL parameters. Would this be considered a bad practice? Update Security is currently not a big concern.

Read the article
Scheduled task username changed

- by Ernst

Hi, I created a user on our exchange server, but later changed the username. Now, when I create a scheduled task for that user, and change it's settings (run only when logged on), the username is automatically changed back to the old username. What's causing this and how do I make sure the correct, new username is used for the task (otherwise it won't run), security settings are okay. I did already log in with a different user to delete the profile on the computer and tried again with this user to no avail. The OS is windows xp, the exchange server is on windows server 2003. Thanks

Read the article
Sessionstate not being saved between pages

- by Grant

Hi, i am having problems with an asp.net c# site whereby i am setting a session state object to true and then redirecting to another page that needs to check the value of the session state object and it is null. Sometimes it is set correctly and other times is is simply null. When i debug on my local machine it works perfectly every time. Only when i upload to my web server does this temperamental behaviour happen. As it is based around the security of the site it is obviously important that the session data be valid and accurate every time. Is session state data unreliable? AFAIK its set to inproc, cookieless, 30 min timeout, vanilla installation of IIS. Does anyone have any suggestions? Perhaps i need to thread.sleep inbetween the storing of the session data and the reading? NB: the time between the write and the read is about 70ms.. ample time for the data to be written to RAM.....

Read the article
Why is this not a bug in qmail?

- by jemfinch

I was reading DJB's "Some thoughts on security after ten years of Qmail 1.0" and he listed this function for moving a file descriptor: int fd_move(to,from) int to; int from; { if (to == from) return 0; if (fd_copy(to,from) == -1) return -1; close(from); return 0; } It occurred to me that this code does not check the return value of close, so I read the man page for close(2), and it seems it can fail with EINTR, in which case the appropriate behavior would seem to be to call close again with the same argument. Since this code was written by someone with far more experience than I in both C and UNIX, and additionally has stood unchanged in qmail for over a decade, I assume there must be some nuance that I'm missing that makes this code correct. Can anyone explain that nuance to me?

Read the article
A web framework where AJAX was not an after thought

- by Pirate for Profit

AJAX is a pain in the ass because it essentially means you'll have to write two sets of similarish code: one for browsers with JavaScript enabled and those without. Not only this, but you have to connect JavaScript events to hook into your models and display the results. And if all that weren't bad enough, you need to send an address change with the request, otherwise the user won't be able to "click back" correctly (if confused look at what happens to the address bar when you click links in GMail). We're searching for something that had the foresight and design goals with all these concerns in mind. Performance and security are also obvious major concerns. We love config-based systems as well, where you don't have to write a lot of code you just drop it into an easily read config format. It's like asking for the holy grail right?

Read the article
Converting SQL to LINQ to XML

- by Morano88

I'm writing the following code to convert SQL to LINQ and then to XML: SqlConnection thisConnection = new SqlConnection(@"Data Source=3BDALLAH-PC;Initial Catalog=XMLC;Integrated Security=True;Pooling=False;"); thisConnection.Open(); XElement eventsGive = new XElement("data", from c in ?????? select new XElement("event", new XAttribute("start", c.start), new XAttribute("end",c.eend), new XAttribute("title",c.title), new XAttribute("Color",c.Color), new XAttribute("link",c.link))); Console.WriteLine(eventsGive); The name of the table is "XMLC" and I want to refer to it. How can I do that? When I put its name directly VS gives an error. Also when I say thisConnection.XMLC it doesn't work.

Read the article
Displaying Powerpoint slides on a web page automatically

- by Jamie

Anyone know of any Flash components that would do the job of displaying an external PPT/PPTX file in a Flash movie on a web page? Or a way of automatically parsing uploaded Powerpoint docs from a PHP-based CMS and displaying them on a web page. Our client needs to be able to upload a Powerpoint documents on their site without any intervention (if necessary). I know about Slideshare and the like, but the content needs to live on the client's web server due to security restrictions. Also, Adobe Presenter seems to require Adobe software/plugins on the clients machine which wouldn't be ideal. Thanks in advance

Read the article
Execute Oracle RAC cluster commands via Solaris RBAC?

- by David Citron

Executing Oracle RAC cluster management commands such as $ORA_CRS_HOME/bin/crs_start requires root permissions. Using Solaris RBAC (Role-Based Access Control), one can give a non-root user permissions to execute those commands, but the commands still fail internally. Example: $pfexec /opt/11.1.0/crs/bin/crs_stop SomeArg CRS-0259: Owner of the resource does not belong to the group. Is there a complete RBAC solution for Oracle RAC or does the executor need to be root? EDIT: Note that my original /etc/security/exec_attr contained: MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0 MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0 As Martin suggests below, this needed to be changed to add gid=0 as: MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0;gid=0 MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0;gid=0

Read the article
What are the pros and cons to keeping SQL in Stored Procs versus Code

- by Guy

What are the advantages/disadvantages of keeping SQL in your C# source code or in Stored Procs? I've been discussing this with a friend on an open source project that we're working on (C# ASP.NET Forum). At the moment, most of the database access is done by building the SQL inline in C# and calling to the SQL Server DB. So I'm trying to establish which, for this particular project, would be best. So far I have: Advantages for in Code: Easier to maintain - don't need to run a SQL script to update queries Easier to port to another DB - no procs to port Advantages for Stored Procs: Performance Security

Read the article
Postback problem downloading zip file

- by Chris Conway

I've got a problem on a webforms application where a user selects some criteria from dropdowns on the page and hits a button on the page which calls this method: protected void btnSearch_Click(object sender, EventArgs e) They then click on button to download a zip file based on the criteria which calls this method: protected void btnDownload_Click(object sender, EventArgs e) In IE, they are prompted with the bar at the top of the browser that tells them "To help protect your security, Internet Explorer blocked this site from downloading files to your computer". When they click on that bar to download the file, it fires the btnSearch_Click event again. Response.ContentType and Response.AddHeader has been set up correctly. The problem is, that btnSearch appends criteria so basically it is being appended twice and causing problems. Is there something I can do to prevent this? This is a vs2008 web app using c# 3.5 for what it's worth. Thanks!

Read the article
accessing pdf via https URL

- by Paul

I send out a newsletter email containing URLs to a https website that then redirects to a pdf document. On first invocation of a URL the user is prompted with the typical https browser "security alert" popup, on selecting "Yes" the display of the PDF fails. The HTTP Header on the failed response is: HTTP/1.1 200 OK Server: ECS/HTTP-Server Date: Tue, 16 Mar 2010 15:57:26 GMT Content-type: application/pdf Content-language: en-US Set-cookie: JSESSIONID=0000r111cRz1Vc-PtCJg8Cdu4eR:-1; Path=/ Expires: Thu, 01 Dec 1994 16:00:00 GMT Cache-control: no-cache="set-cookie, set-cookie2" Connection: close Subsequent invocations of the URL successfully opens the PDF (at this point we have the session id cookie set by the initial failed request). The HTTP Header on the successful response is: HTTP/1.1 200 OK Server: ECS/HTTP-Server Date: Tue, 16 Mar 2010 16:53:03 GMT Content-type: application/pdf Content-language: en-US Connection: close The email client is Lotus Notes 6.5 which launches an IE6 browser Any ideas?

Read the article
Start multiple processes of a dll in delphi

- by Tom

I have a "ActiveX library" project created with Delphi 2007. The library interface return XML data based on input values. This is then used by a PHP script that displays the data on a web page. This works great! The problem is that i can only run one instance of the dll process on the server. However, for security reasons, each of my customer should be able to access their own process of the dll (because the dll is always connected to only one database). Also, because of the way the delphi code is built, it doesn't support multiple threads. (It's a 100 000+ lines project using lots of singleton classes) Is there a way of starting several instances of the same dll? Is there a better way of transferring XML data from delphi to PHP? Sorry for the longish question, any help is appreciated (ps. I know the delphi code should be refactored, but this would mean 6 months of "circular reference" -hell :)

Read the article
Storing script files outside web root

- by memilanuk

I've seen recommendations to store some or all php include files some place other than in the web document root directory (username/public_html in my case) for the specific reason of protecting php files with sensitive information (like database connection and login info) in the event that the web server hiccups and stops protecting php files and they become 'visible' to outsiders who know where to look. It seems somewhat paranoid to me, but I'm guessing people have gotten burned badly on this before so I'm willing to go along. The suggestion usually takes the form of having the include files in something like '../include_files/' so its not directly in the document root and not directly accessible to outsiders through the web server. My question is this: is there a significant difference in security between that way and just putting your 'include_files' directory under the document root and sticking an .htaccess file in there (with the appropriate entries)? Would putting an .htaccess file in '../include_files/' make any significant improvement there? TIA, Monte

Read the article
Criteria for selecting software for embedded device

- by Suresh Kumar

We are currently evaluating Web servers for an embedded device. We have laid down the evaluation criteria for things like HTTP version, Security, Compression etc. On the embeddable side, we have identified the following criteria: Memory footprint Memory management (support for plugging in a custom memory manager) CPU usage Thread usage (support for thread pool) Portability What I want inputs on is: Are there any other criteria that an embeddable software should meet? What exactly does it mean when someone says that a software is designed for embeddable use? We currently have zeroed in on two Web servers: AppWeb Lighttpd (lighty) Feature wise, both the above Web servers seem to be on par. However, it is claimed that AppWeb is designed for embedded use while Lighttpd is not. To choose between the above two Web servers, what criteria should I be looking at?

Read the article
asp.net webservice user management across pages

- by nakori

I'm developing a site that will display confidential readonly information, with data fetched from a WCF service. My question: What is the best approach to user management across different information pages. The service returns a collection with customer info after a secure login. My idea is to have a Customer object class that is stored in session. Is it possible to use things like HttpContext.Current.User.Identity.IsAuthenticated followed by HttpContext.Current.Session["UserId"] without using a database with role-based security? Would I be better off with a combination of local database, Linq to SQL or datasets rather than using just class objects for data fetched from service? thanks, nakori

Read the article
Apache 13 permission denied in user's home directory

- by Dave

Hi, My friend's website was working fine until he moved the document root from /var/www/xxx to /home/user/xxx Apache give 13 permission denied error messages when we try to access the site via a web browser. The site is configured as a virtual directory. All the Apache configurations were unchanged (except for the directory change). We tried to chmod 777 /home/user/xxx, chown apache /home/user/xxx. But they didn't work. Is there some kind of security feature set on the user's home directories? The server OS is CentOS (Godaddy VPS). Any help is appreciated! Thanks!

Read the article
AesCryptoServiceProvider not part of SymmetricAlgorithm?

- by user330006

I have a quick little app that steps through the possible symmetric encryption methods. I get them with the following line: private static List<Type> GetAlgorithmTypes { get { return Assembly.GetAssembly(typeof(SymmetricAlgorithm)).GetTypes().Where( type => type.IsSubclassOf(typeof(SymmetricAlgorithm))).ToList(); } } As you can see when i run this, AesCryptoServiceProvider is not a member of this group, even though it inherits from AES, which does belong to SymmetricAlgorithm and shows up in my list. This wouldn't be so much of a problem, i can manually add the provider in the group if i have too, but then if i try to retrieve this type by its name: Type t = Type.GetType("System.Security.Cryptography.AesCryptoServiceProvider"); i get a null object for AesCryptoServiceProvider, but not for any of the other items in the group. This is really strange, and i'm wondering if anyone has any ideas. It's kinda making me need to use tripleDES because of this (since my machines are all running the FIPS compliance requirement). Thanks for any help!

Read the article
database design suggesion

- by Bharanikumar

Hi , am going to start new travel site, I want some advise from guru's regarding database design , Things coming to picture are, Book taxi online , This is the core idea, So i like to implement lot of jquery,ajax stuff in my site , Main thing site must run veryt fast,safe,security, In mysql , which typw shall i use, MYISAM OR INNODB Which is best type for ajax works, fast,safe ,secure ,performance view . This is my demo site, Just look this site, i implemented some ajax stuff here, my-url In this site please choose the postcode in the taxifrom tab, It ask you value please enter, just enter nw7 , See How long it will take for response,some time no response and system goes to hang or idle mode, Also please look the diversion , select No diversion, There you will list of textbox, enter the nw3 then hit the search icon , See after 80seconds only , you will get response from DB, See this too bad response ... This is DB , my Database type if myisam ,no idexing , no fulltext and nothing...no constraints, So please advise me , which database type i choose, Myisam or innodb, Thanks Bharanikumar

Read the article
protect flash files

- by user172697

Hello Ive a website that create avatars for users and provide them with link for avatar to use it in their website or singuters etc , my problems is the website based on flash . the main page has 1 swf file that load other swfs used to create avatars , if someone knows the link for the these swf files he can download them which means he can have all the website lets say: www.test.com as main page which load main swf and other swfs files which located at www.test.com/resources/flash/swffiles/file1.swf anyone can grap these files and have all the website which is a big security breach ive trying so many way protect these files from not download but protecting them means the main swf cant talk to them and cant load the main page correctaly , any suggestion for these .. thanks in advance

Read the article
Salting example in Zend Framework

- by Geoffrey

Hello all, I am pretty new to the Zend framework and looking to build an application with pretty tight password security. I have been trying to follow the user guides in relation to password salting but haven't had any luck so far. I have setup my database and table adapter (As described in the documentation on the Zend Framework site but it didn't seem to finish the example (or I am not following well enough!) I have started with: $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter, 'users', 'username', 'password', "MD5(CONCAT('".Zend_Registry::get('staticSalt')."', ?, password_salt))" ); But from here, what is done with the password salt? I just need an example and I'll be away! Does anyone have an example or point me in the right direction?? Many thanks!

Read the article

< Previous Page | 381 382 383 384 385 386 387 388 389 390 391 392 | Next Page >