Search Results

Search found 68155 results on 2727 pages for 'data security'.

Page 398/2727 | < Previous Page | 394 395 396 397 398 399 400 401 402 403 404 405 | Next Page >

Asp.net: Replace GenericPrincipal

- by Pickels

Hello, I was wondering what the best way is to replace the genericPrincipal with my own CustomGenericPrincipal. At the moment I have something like this but I aint sure if it's correct. protected void Application_AuthenticateRequest(Object sender, EventArgs e) { HttpCookie authCookie = Request.Cookies[FormsAuthentication.FormsCookieName]; if (authCookie != null) { FormsAuthenticationTicket authTicket = FormsAuthentication.Decrypt(authCookie.Value); var identity = new CustomIdentity(authTicket); var principal = new CustomPrincipal(identity); Context.User = principal; } else { //Todo: check if this is correct var genericIdentity = new CustomGenericIdentity(); Context.User = new CustomPrincipal(genericIdentity); } } I need to replace it because I need a Principal that implements my ICustomPrincipal interface because I am doing the following with Ninject: Bind<ICustomPrincipal>().ToMethod(x => (ICustomPrincipal)HttpContext.Current.User) .InRequestScope(); So what's the best way to replace the GenericPrincipal? Thanks in advance, Pickels

Read the article
RedirectFromLogin in Silverlight Login Page

- by Oliver

I am busy writing a login page in Silverlight. I am using an Authentication Service that processes the logins and I am also creating a custom Membership and Roles providers. Everything is working but I need some assistance. I would like some advice on how to redirect the user to page they came from before they were pushed to the Login page. Basically I want the same behavior as the standard ASP.Net login. I am fully aware of the differences between ASP and Silverlight regarding Client and Server side models. I can do the navigation but I always lose the session and cookie when I perform HtmlPage.Window.Navigate() to the ReturnUrl...

Read the article
Populate data Crystal Report from a query

- by Selom

hi big bro and sis, Im having a problem with how to display data using crystal report programmatically and need your help. Im using vb.net for my project. I have a form that I called reportFrm on which I put the CrystalReportViewer1. I also added the CrystalReport1.rpt to my project and the CrystalReport1.rpt contains a textbox called firstname. i would like that when the reportFrm loads, it makes the following query and to fetch the firstname and put it in the textbox firstname: query: Dim cmd As New SQLiteCommand("SELECT * FROM personal_details JOIN studies USING staff_ID WHERE staff_ID = '" + detailsFrm.Label13.Text + "'", conn) my problem is that Im fetching data from two different tables and I don't how to do this. Thanks for helping

Read the article
DataMining / Analyzing responses to Multiple Choice Questions in a survey

- by Shailesh Tainwala

Hi, I have a set of training data consisting of 20 multiple choice questions (A/B/C/D) answered by a hundred respondents. The answers are purely categorical and cannot be scaled to numerical values. 50 of these respondents were selected for free product trial. The selection process is not known. What interesting knowledge can be mined from this information? The following is a list of what I have come up with so far- A study of percentages (Example - Percentage of people who answered B on Qs.5 and got selected for free product trial) Conditional probabilities (Example - What is the probability that a person will get selected for free product trial given that he answered B on Qs.5) Naive Bayesian classifier (This can be used to predict whether a person will be selected or not for a given set of values for any subset of questions). Can you think of any other interesting analysis or data-mining activities that can be performed? The usual suspects like correlation can be eliminated as the response is not quantifiable/scoreable. Is my approach correct?

Read the article
LINQ support in Enterprise Library Data Access Application Block

- by Rishabh Ohri

Is LINQ support available in the Data Access Application Block.

Read the article
Deploying software on compromised machines

- by Martin

I've been involved in a discussion about how to build internet voting software for a general election. We've reached a general consensus that there exist plenty of secure methods for two way authentication and communication. However, someone came along and pointed out that in a general election some of the machines being used are almost certainly going to be compromised. To quote: Let me be an evil electoral fraudster. I want to sample peoples votes as they vote and hope I get something scandalous. I hire a bot-net from some really shady dudes who control 1000 compromised machines in the UK just for election day. I capture the voting habits of 1000 voters on election day. I notice 5 of them have voted BNP. I look these users up and check out their machines, I look through their documents on their machine and find out their names and addresses. I find out one of them is the wife of a tory MP. I leak 'wife of tory mp is a fascist!' to some blogger I know. It hits the internet and goes viral, swings an election. That's a serious problem! So, what are the best techniques for running software where user interactions with the software must be kept secret, on a machine which is possibly compromised?

Read the article
Calling IPrincipal.IsInRole on Windows 7

- by adrianbanks

We use NTLM auth in our application to determine whether a user can perform certain operations. We use the IPrincipal of their current Windows login (in WinForms applications), calling IsInRole to check for specific group memberships. To check that a user is a local administrator on the machine, we use: AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal); ... bool allowed = Thread.CurrentPrincipal.IsInRole(@"Builtin\Administrators") This works if the current user is the Administrator user, or is another user that is a member of the Builtin\Administrators group. In our testing on Windows 7, we have found that this no longer works as expected. The Administrator user still works fine, but any other user that is a member of the Builtin\Administrators group returns false for the IsInRole call. What could be causing this difference? I have a gut feeling that a default setting has changed somewhere (possible in gpedit), but cannot find anything that looks like the culprit.

Read the article
Getting the CVE ID Property of an update from WSUS API via Powershell

- by thebitsandthebytes

I am writing a script in Powershell to get the update information from each computer and correlate the information with another System which identifies updates by CVE ID. I have discovered that there is a "CVEIDs" property for an update in WSUS, which is documented in MSDN, but I have no idea how to access the property. Retrieving the CVE ID from WSUS is the key to this script, so I am hoping someone out there can help! Here is the property that I am having difficulty accessing: IUpdate2::CveIDs Property - http://msdn.microsoft.com/en-us/library/aa386102(VS.85).aspx According to this, the IUnknown::QueryInterface method is needed to interface IUpdate2 - "http://msdn.microsoft.com/en-us/library/ee917057(PROT.10).aspx" "An IUpdate instance can be retrieved by calling the IUpdateCollection::Item (opnum 8) (section 3.22.4.1) method. The client can use the IUnknown::QueryInterface method to then obtain an IUpdate2, IUpdate3, IUpdate4, or IUpdate5 interface. Additionally, if the update is a driver, the client can use the IUnknown::QueryInterface method to obtain an IWindowsDriverUpdate, IWindowsDriverUpdate2, IWindowsDriverUpdate3, IWindowsDriverUpdate4, or IWindowsDriverUpdate5 interface. " Here is a skeleton of my code: [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration") | Out-Null if (!$wsus) { Returns an object that implements IUpdateServer $wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($server, $false, $port) } $computerScope = New-Object Microsoft.UpdateServices.Administration.ComputerTargetScope $updateScope = New-Object Microsoft.UpdateServices.Administration.UpdateScope $updateScope.UpdateSources = [Microsoft.UpdateServices.Administration.UpdateSources]::MicrosoftUpdate $wsusMachines = $wsus.GetComputerTargets($computerScope) foreach machine in QSUS, write the full domain name $wsusMachines | ForEach-Object { Write-host $.FullDomainName $updates = $.GetUpdateInstallationInfoPerUpdate($updateScope) foreach update for each machine, write the update title, installation state and securitybulletin $updates | ForEach-Object { $update = $wsus.GetUpdate($.UpdateId) # Returns an object that implements Microsoft.UpdateServices.Administration.IUpdate $updateTitle = $update.Title | Write-Host $updateInstallationState = $.UpdateInstallationState | Write-Host $updateSecurityBulletin = $update.SecurityBulletins | Write-Host $updateCveIds = $update.CveIDs # ERROR: Property 'CveIDs' belongs to IUpdate2, not IUpdate } }

Read the article
Import JSON data into Google Spreadsheet

- by Jeremy Petzold

I am pulling data down from a webservice and it is formated as JSON. I am writing a google apps script for google spreadsheet that will populate the data form me. my problem is, I can't seem to get it to parse out. doing: var dataset = myJSONtext; Browser.msgbox(dataset.item[0].key); errors out, saying item[0] is not defined. Is there some built in way I should be doing this? Any help would be apreciated.

Read the article
WPF - Have a list source defined at runtime but still have sample data for design time

- by Vaccano

I have some ListBoxes in my WPF app. I would like to be able to view how the design looks with out having to run the app. But I still want to be able to bind to ItemsSource to my View Model. I know I saw a blog post on how to do this, but I cannot seem to find it now. To reiterate, I want dummy data at design time, but real data at run time and not break the MVVM pattern. Any ideas?

Read the article
FPSE, folder permissions and SharePoint Designer

- by David Lively

All, A few of our internal users are editing one of our classic ASP sites (Not a SharePoint site) via Sharepoint Designer which I believe uses FrontPage Server Extensions. I would like to give a particular user author rights to a single folder - ie, /products and any items and folders it contains. Any suggestions?

Read the article
WCF - Passing CurrentPrincipal in the Header

- by David Ward

I have a WCF service that needs to know the Principal of the calling user. In the constructor of the service I have: Principal = OperationContext.Current.IncomingMessageHeaders.GetHeader<MyPrincipal>("myPrincipal", "ns"); and in the calling code I have something like: using (var factory = new ChannelFactory<IMyService>(localBinding, endpoint)) { var proxy = factory.CreateChannel(); using (var scope = new OperationContextScope((IContextChannel)proxy)) { var customHeader = MessageHeader.CreateHeader("myPrincipal", "ns", Thread.CurrentPrincipal); OperationContext.Current.OutgoingMessageHeaders.Add(customHeader); newList = proxy.CreateList(); } } This all works fine. My question is, how can I avoid having to wrap all proxy method calls in the using (var scope...{ [create header and add to OperationContext]? Could I create a custom ChannelFactory that will handle adding the myPrincipal header to the operation context? Something like that would save a whole load of copy/paste which I'd rather not do but I'm not sure how to achieve it:) Thanks

Read the article
SSIS- Sharepoint list data transfer issue

- by Vicky

Hi , We are trying to transfer data from oracle database (about 60,0000) records only to a sharepoint list using SSIS. But we are getting following error when records reaches around 19000 . The attempt to add a row to the Data Flow task buffer failed with error code 0xC0047020 and System.ServiceModel.ProtocolException: The remote server returned an unexpected response: (400) Bad Request. Earlier we thought if could because of Sharepoint list limit so we tried by reducing two of the columns and then it has went fine. So we left with one of the column of Datatype DT_STR and length 400 in oracle beacuse of which issue might be happening, It is mapped to sharepoint custom list field of multiline type. We also verified if length of field is issue but in oracle DB for all records max length for this column is only 239 so length issue is also ruled out. Any one who has faced this kind of issue or knows cause of this issue.Kindly let us know.. Thanks and regards, Vicky

Read the article
Can not call web service with basic authentication using WCF

- by RexM

I've been given a web service written in Java that I'm not able to make any changes to. It requires the user authenticate with basic authentication to access any of the methods. The suggested way to interact with this service in .NET is by using Visual Studio 2005 with WSE 3.0 installed. This is an issue, since the project is already using Visual Studio 2008 (targeting .NET 2.0). I could do it in VS2005, however I do not want to tie the project to VS2005 or do it by creating an assembly in VS2005 and including that in the VS2008 solution (which basically ties the project to 2005 anyway for any future changes to the assembly). I think that either of these options would make things complicated for new developers by forcing them to install WSE 3.0 and keep the project from being able to use 2008 and features in .NET 3.5 in the future... ie, I truly believe using WCF is the way to go. I've been looking into using WCF for this, however I'm unsure how to get the WCF service to understand that it needs to send the authentication headers along with each request. I'm getting 401 errors when I attempt to do anything with the web service. This is what my code looks like: WebHttpBinding webBinding = new WebHttpBinding(); ChannelFactory<MyService> factory = new ChannelFactory<MyService>(webBinding, new EndpointAddress( "http://127.0.0.1:80/Service/Service/")); factory.Endpoint.Behaviors.Add(new WebHttpBehavior()); factory.Credentials.UserName.UserName = "username"; factory.Credentials.UserName.Password = "password"; MyService proxy = factory.CreateChannel(); proxy.postSubmission(_postSubmission); This will run and throw the following exception: "The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm=realm'." And this has an inner exception of: "The remote server returned an error: (401) Unauthorized." Any thoughts about what might be causing this issue would be greatly appreciated.

Read the article
Protect .net Web Service URL

- by Nirmal

Hello All... I have created Web Service using Asp.net 3.5. Now it's working perfectly in live windows server, and giving me perfect xml while invoking it using some url like : http://www.somedomain.com/Service.asmx?op=fetchData Now My question is when I am accessing url like : http://www.somedomain.com/Service.asmx it's listing my created web services. What if I don't wanna list down the available web services to end users. Thanks in advance...

Read the article
PHP OOP Concepts (Value Objects / Data Access Objects)

- by Iuhiz

Hi, I've just started to learn PHP OOP, previously I have been doing PHP in a procedural manner. I was reading this article and I've got a couple of quick questions, How is the constructor for value objects commonly defined? As one that takes in all "data members" as parameters or stick to the default constructor and use mutator / accessor methods to set / get data members? Is this actually the recommended way to start doing PHP OOP? Cos honestly, the concepts explained in the article was a tad confusing for me. Cheers

Read the article
Preventing LDAP injection

- by Matias

I am working on my first desktop app that queries LDAP. I'm working in C under unix and using opends, and I'm new to LDAP. After woking a while on that I noticed that the user could be able to alter the LDAP query by injecting malicious code. I'd like to know which sanitizing techniques are known, not only for C/unix development but in more general terms, i.e., web development etc. I thought that escaping equals and semicolons would be enough, but not sure. Here is a little piece of code so I can make clearer the question: String ldapSearchQuery = "(cn=" + $userName + ")"; System.out.println(ldapSearchQuery); Obviously I do need to sanitize $userName, as stated in this OWASP ARTICLE

Read the article
ASP.NET Membership Provider - Single Login

- by RSolberg

I'm considering utilizing the ASP.NET Membership Provider for a few different web apps/tools with a single login approach. REQUIREMENTS User logs in to my.domain.com and sees a list of apps/tools that they have permission to use. The user selects the tool they'd like to use and clicks the link. When the tool opens, it is able to identify that they are currently logged in and who they are to identify any unique permissions to the application. I know that each app could simply point to the same back end Membership Provider DB, however will each app require a login or will it be able to identify if the user is already logged in?

Read the article
Use my own tomcat authentication in tomcat

- by mabuzer

how can I force tomcat to use my own implementation of Authenticator, and not the existing one like [FORM, BASIC, DIGEST,, etc]. I know if I added my name in org.apache.catalina.startup.Authenticators.properties,,, any help please...

Read the article
Symfony user authentication using Active Directory

- by Radu Dragomir

Is there a way to authenticate users in symfony apps using Active Directory? Can you please point out some documentation? edit What i need is to have a transparent login in my application. The user authenticates once at windows logon, then all applications should be accessed with the same credentials without being asked for the domain\username and password again. I tried the following in a simple php script: if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="my realm"'); header('HTTP/1.0 401 Unauthorized'); exit; } else { echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>"; } but then i get the authentication form popped up. Is there any way to pass the header the credentials used at windows logon? Thanks, Radu.

Read the article
What should I do when the managed object context fails to save?

- by dontWatchMyProfile

Example: I have an Cat entity with an catAge attribute. In the data modeler, I configured catAge as int with a max of 100. Then I do this: [newManagedObject setValue:[NSNumber numberWithInt:125] forKey:@"catAge"]; // Save the context. NSError *error = nil; if (![context save:&error]) { NSLog(@"Unresolved error %@, %@", error, [error userInfo]); } I'm getting an error in the console, like this: 2010-06-12 11:40:41.947 CatTest[2250:207] Unresolved error Error Domain=NSCocoaErrorDomain Code=1610 UserInfo=0x10164d0 "Operation could not be completed. (Cocoa error 1610.)", { NSLocalizedDescription = "Operation could not be completed. (Cocoa error 1610.)"; NSValidationErrorKey = catAge; NSValidationErrorObject = <NSManagedObject: 0x10099f0> (entity: Cat; id: 0x1006a90 <x-coredata:///Cat/t3BCBC34B-8405-4F16-B591-BE804B6811562> ; data: { catAge = 125; catName = "No Name"; }); NSValidationErrorPredicate = SELF <= 100; NSValidationErrorValue = 125; } Well, so I have an validation error. But the odd thing is, that it seems the MOC is broken after this. If I just tap "add" to add another invalid Cat object and save that, I'm getting this: 2010-06-12 11:45:13.857 CatTest[2250:207] Unresolved error Error Domain=NSCocoaErrorDomain Code=1560 UserInfo=0x1232170 "Operation could not be completed. (Cocoa error 1560.)", { NSDetailedErrors = ( Error Domain=NSCocoaErrorDomain Code=1610 UserInfo=0x1215f00 "Operation could not be completed. (Cocoa error 1610.)", Error Domain=NSCocoaErrorDomain Code=1610 UserInfo=0x1209fc0 "Operation could not be completed. (Cocoa error 1610.)" ); } That seems to report two errors now. BUT: When I try to delete now an valid, existing object from the table view (using the default core data template in a navigation-based app), then the app crashes! All I get in the console is: 2010-06-12 11:47:18.931 CatTest[2250:207] Unresolved error Error Domain=NSCocoaErrorDomain Code=1560 UserInfo=0x123eb30 "Operation could not be completed. (Cocoa error 1560.)", { NSDetailedErrors = ( Error Domain=NSCocoaErrorDomain Code=1610 UserInfo=0x1217010 "Operation could not be completed. (Cocoa error 1610.)", Error Domain=NSCocoaErrorDomain Code=1610 UserInfo=0x123ea80 "Operation could not be completed. (Cocoa error 1610.)" ); } ...so no idea where or why it crashes, but it does. So the question is, what are the neccessary steps to take when there's an validation error?

Read the article
SQLite data-types

- by Alan Harris-Reid

Hi there, When creating a table in SQLite3, I get confused when confronted with all the possible datatypes which imply similar contents, so could anyone tell me the difference between the following data-types? INT, INTEGER, SMALLINT, TINYINT DEC, DECIMAL LONGCHAR, LONGVARCHAR DATETIME, SMALLDATETIME Is there some documentation somewhere which lists the min./max. capacities of the various data-types? For example, I guess smallint holds a larger maximum value than tinyint, but a smaller value than integer, but I have no idea of what these capacities are. Any help would be appreciated. Alan Harris-Reid

Read the article
Prevent SQL injection from form-generated SQL - NO PreparedStmts

- by Markos Fragkakis

Hi all, I have a search table where user will be able to filter results with a filter of the type: Field [Name], Value [John], Remove Rule Field [Surname], Value [Blake], Remove Rule Field [Has Children], Value [Yes], Remove Rule Add Rule So the user will be able to set an arbitrary set of filters, which will result essentially in a completely dynamic WHERE clause. In the future I will also have to implement more complicated logical expressions, like Where (name=John OR name=Nick) AND (surname=Blake OR surname=Bourne), Of all 10 fields the user may or may not filter by, I don't know how many and which filters the user will set. So, I cannot use a prepared statement (which assumes that at least we know the fields in the WHERE clause). This is why prepared statements are unfortunately out of the question, I have to do it with plain old, generated SQL. What measures can I take to protect the application from SQL Injection (REGEX-wise or any other way)?

Read the article
Refernce platform specific System.Data.SQLite

- by Dmitriy Nagirnyak

Hi, I am using SQLite for the unit testing and might use it as a database for local development/staging. The System.Data.SQLite has basically 2 versions: x86 and x64. Correct one should be used for the specific platform. I have 64 bit Win7, other guys in the team might use 32-bit OSs. The server's platform is not known at this stage. If I use 32-bit version of the assembly on 64-bit platform I get BadImageFormatException: Could not load file or assembly 'System.Data.SQLite'. I believe similar will happen trying to use 64-bit assembly on 32-bit platform. So my question is what is the best way to reference the SQLite assembly so that it does not depend on the platform and people can just use it? It is ok to use 32-bit version of assembly on a 64-bit platform (Maybe there is a switch for that somewhere?). Thanks, Dmitriy.

Read the article
Does each authenticated WCF client connection need a CAL?

- by Sentax

Just like the title says. Does each authenticated WCF client connection to a WCF server that you have developed need a windows CAL? http://www.microsoft.com/windowsserver2008/en/us/client-licensing.aspx Microsoft's licensing on that page sure makes it sound like it, but I can't find anything out there that confirms, or even denies this. Anyone know?

Read the article

< Previous Page | 394 395 396 397 398 399 400 401 402 403 404 405 | Next Page >