Search Results

Search found 10956 results on 439 pages for 'zend session'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 401/439 | < Previous Page | 397 398 399 400 401 402 403 404 405 406 407 408  | Next Page >

  • Using struts 2 with no tags

    - by WannaAsk
    Hi everyone, I wonder if you could guide me on this struts issue - I feel hopeless on this... I am working on migrating our web application to a Struts 2 portlet (I'm using Struts 2.1.8). The thing is, I am forced to avoid struts tags because our application relies on Dijit widgets, which are omitted when using struts tags. So now I should implement the <s:form tag using scriptlets. My question is: how you would suggest I imitate the way struts handles the "action" attribute? Right now it appears I should: Create a regular html form in my jsp. Get/create the ActionConfig object during onsubmit and set on it values which match my desired destination: class+method+result jsp. Execute the action I set in 2. Would you recommend this? If so - is ActionConfig obtained from the session? Can I initiate an action execution from ActionConfig? (Aletrnatively... generating an action url using struts' form.vm file - what do you say?) I would appreciate any help on this - Thanks a lot in advance!!!

    Read the article

  • Battery drains even with app off screen, could it be Location Services doing it?

    - by John Jorsett
    I run my app, which uses GPS and Bluetooth, then hit the back button so it goes off screen. I verified via LogCat that the app's onDestroy was called. OnDestroy removes the location listeners and shuts down my app's Bluetooth service. I look at the phone 8 hours later and half the battery charge has been consumed, and my app was responsible according the phone's Battery Use screen. If I use the phone's Settings menu to Force Stop the app, this doesn't occur. So my question is: do I need to do something more than remove the listeners to stop Location Services from consuming power? That's the only thing I can think of that would be draining the battery to that degree when the app is supposedly dormant. Here's my onStart() where I turn on the location-related stuff and Bluetooth: @Override public void onStart() { super.onStart(); if(D_GEN) Log.d(TAG, "MainActivity onStart, adding location listeners"); // If BT is not on, request that it be enabled. // setupBluetooth() will then be called during onActivityResult if (!mBluetoothAdapter.isEnabled()) { Intent enableIntent = new Intent(BluetoothAdapter.ACTION_REQUEST_ENABLE); startActivityForResult(enableIntent, REQUEST_ENABLE_BT); // Otherwise, setup the Bluetooth session } else { if (mBluetoothService == null) setupBluetooth(); } // Define listeners that respond to location updates mLocationManager = (LocationManager) this.getSystemService(Context.LOCATION_SERVICE); mLocationManager.requestLocationUpdates(LocationManager.GPS_PROVIDER, GPS_UPDATE_INTERVAL, 0, this); mLocationManager.addGpsStatusListener(this); mLocationManager.addNmeaListener(this); } And here's my onDestroy() where I remove them: public void onDestroy() { super.onDestroy(); if(D_GEN) Log.d(TAG, "MainActivity onDestroy, removing update listeners"); // Remove the location updates if(mLocationManager != null) { mLocationManager.removeUpdates(this); mLocationManager.removeGpsStatusListener(this); mLocationManager.removeNmeaListener(this); } if(D_GEN) Log.d(TAG, "MainActivity onDestroy, finished removing update listeners"); if(D_GEN) Log.d(TAG, "MainActivity onDestroy, stopping Bluetooth"); stopBluetooth(); if(D_GEN) Log.d(TAG, "MainActivity onDestroy finished"); }

    Read the article

  • Click behaviour - Difference in IE and FF ?!

    - by OlliD
    Hey folks, i just came to the conclusion that a project i am currently working on might have a "logical" error in functionality. Currently I'am using server technology with PHP/MySQL and JQuery. Within the page there's a normal link reference with tag <a href="contentpage?page=xxx">next step</a> The pain point now seems to be the given jquery click event on the same element. The intension was to save the (current) content of the page (- form elements) via another php script using the php session command. For any reason, IE can handle the click event of Jquery right before executing the standard html command, that reloads the current page again with the new page parameter. By using FF the behaviour is different. I assume, that FF first execute the html command and afterwards execute the javascript code which handles the click event. Therefore the resultset here is wrong respectivly empty. My question now is whether you made the same experience and how you handled / wordarrounded this problem. I'd be thankful fur any of your tips or further feedback. Maybe you also have a solution on how to rethink about the current architecture. Regards, Oliver

    Read the article

  • Why do I get null objects in a many-to-many bag?

    - by Jim Geurts
    I have a bag defined for a many-to-many list: <class name="Author" table="Authors"> <id name="Id" column="AuthorId"> <generator class="identity" /> </id> <property name="Name" /> <bag name="Books" table="Author_Book_Map" where="IsDeleted=0" fetch="join"> <key column="AuthorId" /> <many-to-many class="Book" column="BookId" where="IsDeleted=0" /> </bag> </class> If I return all author objects using something like the following, I will get what initially appeared to be duplicate Author records: Session.Query<Author>().List<Author>() The extra author objects are created when an author is mapped to Book objects that have IsDeleted = 1 and IsDeleted = 0. Rather than creating one Author object with an enumerable that contains only the books with IsDeleted = 0, it will create two author objects. The first author object has a Books enumerable that contains books with IsDeleted = 0. The second author object will contain an enumerable of null book objects. Similarly, if an object only has one book map, and that map points to a book with IsDeleted = 1, then an author object is returned with a Books collection having one null object. I'm thinking part of the problem stems from the map table objects linking to rows that satisfy the where condition on the bag object but do not meet the many-to-many where condition. This is happening with NHibernate version 3.0.0.4980. Is this a configuration issue or something else?

    Read the article

  • Batch insert mode with hibernate and oracle: seems to be dropping back to slow mode silently

    - by Chris
    I'm trying to get a batch insert working with Hibernate into Oracle, according to what i've read here: http://docs.jboss.org/hibernate/core/3.3/reference/en/html/batch.html , but with my benchmarking it doesn't seem any faster than before. Can anyone suggest a way to prove whether hibernate is using batch mode or not? I hear that there are numerous reasons why it may silently drop into normal mode (eg associations and generated ids) so is there some way to find out why it has gone non-batch? My hibernate.cfg.xml contains this line which i believe is all i need to enable batch mode: <property name="jdbc.batch_size">50</property> My insert code looks like this: List<LogEntry> entries = ..a list of 100 LogEntry data classes... Session sess = sessionFactory.getCurrentSession(); for(LogEntry e : entries) { sess.save(e); } sess.flush(); sess.clear(); My 'logentry' class has no associations, the only interesting field is the id: @Entity @Table(name="log_entries") public class LogEntry { @Id @GeneratedValue public Long id; ..other fields - strings and ints... However, since it is oracle, i believe the @GeneratedValue will use the sequence generator. And i believe that only the 'identity' generator will stop bulk inserts. So if anyone can explain why it isn't running in batch mode, or how i can find out for sure if it is or isn't in batch mode, or find out why hibernate is silently dropping back to slow mode, i'd be most grateful. Thanks

    Read the article

  • Avoid slowdowns while using off-site database

    - by Anders Holmström
    The basic layout of my problem is this: Website (ASP.NET/C#) hosted at a dedicated hosting company (location 1) Company database (SQL Server) with records of relevant data (location 2). Location 1 & 2 connected through VPN. Customer visiting the website and wanting to pull data from the company database. No possibility of changing the server locations or layout (i.e. moving the website to an in-office server isn't possible). What I want to do is figure out the best way to handle the data acces in this case, minimizing the need for time-expensive database calls over the VPN. The first idea I'm getting is this: When a user enters the section of the website needing the DB data, you pull all the needed tables from the database into a in-memory dataset. All subsequent views/updates to the data is done on this dataset. When the user leaves (logout, session timeout, browser closed etc) the dataset gets sent to the SQL server. I'm not sure if this is a realistic solution, and it obviously has some problems. If two web visitors are performing updates on the same data, the one finishing up last will have their changes overwriting the first ones. There's also no way of knowing you have the latest data (i.e. if a customer pulls som info on their projects and we update this info while they are viewing them, they won't see these changes PLUS the above overwriting issue will arise). The other solution would be to somehow aggregate database calls and make sure they only happen when you need them, e.g. during data updates but not during data views. But then again the longer a pause between these refreshing DB calls, the bigger a chance that the data view is out of date as per the problem described above. Any input on the above or some fresh ideas would be most welcome.

    Read the article

  • Using block around a static/singleton resource reference

    - by byte
    This is interesting (to me anyway), and I'd like to see if anyone has a good answer and explanation for this behavior. Say you have a singleton database object (or static database object), and you have it stored in a class Foo. public class Foo { public static SqlConnection DBConn = new SqlConnection(ConfigurationManager.ConnectionStrings["BAR"].ConnectionString); } Then, lets say that you are cognizant of the usefulness of calling and disposing your connection (pretend for this example that its a one-time use for purposes of illustration). So you decide to use a 'using' block to take care of the Dispose() call. using (SqlConnection conn = Foo.DBConn) { conn.Open(); using (SqlCommand cmd = new SqlCommand()) { cmd.Connection = conn; cmd.CommandType = System.Data.CommandType.StoredProcedure; cmd.CommandText = "SP_YOUR_PROC"; cmd.ExecuteNonQuery(); } conn.Close(); } This fails, with an error stating that the "ConnectionString property is not initialized". It's not an issue with pulling the connection string from the app.config/web.config. When you investigate in a debug session you see that Foo.DBConn is not null, but contains empty properties. Why is this?

    Read the article

  • HMAC URLs instead of login?

    - by Tres
    In implementing my site (a Rails site if it makes any difference), one of my design priorities is to relieve the user of the need to create yet another username and password while still providing useful per-user functionality. The way I am planning to do this is: User enters information on the site. Information is associated with the user via server-side session. User completes entering information, server sends an access URL via e-mail to the user roughly in the form of: http://siteurl/<user identifier>/<signature: HMAC(secret + salt + user identifier)> User clicks URL, site looks up user ID and salt and computes the HMAC with the server-stored secret and authenticates if the computed HMAC and signature match. My question is: is this a reasonably secure way to accomplish what I'm looking to do? Are there common attacks that would render it useless? Is there a compelling reason to abandon my desire to avoid a username/password? Is there a must-read book or article on the subject? Note that I'm not dealing with credit card numbers or anything exceedingly private, but I would still like to keep the information reasonably secure.

    Read the article

  • I need help solving a rather weird error in a WCF service.

    - by Moulde
    Hi.. I have a solution that contains three projects. A main project with my MVC app, a silverlight application and a (silverlight enabled) WCF service project. In my silverlight project i have made a Service Reference to my WCF service. And i pretty much got that working. In my WCF service i have a method that returns an Book object, which got some random fields like title, date etc. In the book class, i have a ICollection field that contains a list of events. The book class is generated using entity framework 4.0, and Lazy Loading is enabled. If i in my getBook(int id) method return a book with the events field not initialized, it works as a charm. But if i initialize the field, i'm getting this error. The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error. I have a few ideas why that is happening, and while writing this i just got another one. The wcf service somehow threw away the reference to the event class. That would be very weird since i have a reference between my main mvc app (with the models) and my WCF service. Since i have enabled lazy loading in EF 4.0, i suspect that it may be the thing generating the error. But i'm not sure why that would be, because i'm not in any way accessing that field. I could understand that i may not be able to access the events field after i recive the object in my silverlight application since the connection between the book object and the entity framework is like broken. Did i mention that Lazy Loading is enabled on my EF instance? And there is no inner exception in the thrown exception. Thanks in advance. Malte Baden Hansen

    Read the article

  • one-to-many with criteria question

    - by brnzn
    enter code hereI want to apply restrictions on the list of items, so only items from a given dates will be retrieved. Here are my mappings: <class name="MyClass" table="MyTable" mutable="false" > <cache usage="read-only"/> <id name="myId" column="myId" type="integer"/> <property name="myProp" type="string" column="prop"/> <list name="items" inverse="true" cascade="none"> <key column="myId"/> <list-index column="itemVersion"/> <one-to-many class="Item"/> </list> </class> <class name="Item" table="Items" mutable="false" > <cache usage="read-only"/> <id name="myId" column="myId" type="integer"/> <property name="itemVersion" type="string" column="version"/> <property name="startDate" type="date" column="startDate"/> </class> I tried this code: Criteria crit = session.createCriteria(MyClass.class); crit.add( Restrictions.eq("myId", new Integer(1))); crit = crit.createCriteria("items").add( Restrictions.le("startDate", new Date()) ); which result the following quires: select ... from MyTable this_ inner join Items items1_ on this_.myId=items1_.myId where this_.myId=? and items1_.startDate<=? followed by select ... from Items items0_ where items0_.myId=? But what I need is something like: select ... from MyTable this_ where this_.myId=? followed by select ... from Items items0_ where items0_.myId=? and items0_.startDate<=? Any idea how I can apply a criteria on the list of items?

    Read the article

  • What prevents a user from adding controls to an ASP.NET page client side?

    - by Curtis White
    This goes back to my other question which I thought was sufficiently answers but upon reflect am not sure that it was (sorry). Backgrounder: I am generating a form dynamically. I am pulling from the database the controls. I must associate each control with a database ID which is not the user's session id. I do this currently by storing my ID in the ID for the web control with some other stuff to make it unique/clear what I am doing. On the post back, I iterate through all the controls on my web page checking for my special identifier, ie, MyGeneratedTextBox_ID_Unique. This process enables for 2 important steps, identifying the control was one I generated and also getting the ID for this input field. And, all of this works but I'm still concerned about the security of it. I do not see a security issue with showing the actual database ID's in this case, although agree it is not desirable. However, I am concerned of the following possibilities: If a user could add a nefarious control to my collection and use that for a SQL injection attack. More academic, but if a user could somehow store data for fields they do not have access too by changing the id's. I agree this is a "hack" of a way to do it. But my question is, is it a security risk and is there an 'easy' way to do it in a less hack way? I assume that only the controls that are created/instantiated on the page are added to the controls list.. thus all controls must be created server side and thus the security issue is address but just wanted to validate. Thanks again. PS: I could see adding a property for each control and encrypting the viewstate would be a little more secure.

    Read the article

  • SpringFramework3.0: How to create interceptors that only apply to requests that map to certain contr

    - by Fusion2004
    In it's simplest form, I want an interceptor that checks session data to see if a user is logged in, and if not redirects them to the login page. Obviously, I wouldn't want this interceptor to be used on say the welcome page or the login page itself. I've seen a design that uses a listing of every url to one of two interceptors, one doing nothing and the other being the actual interceptor you want implemented, but this design seems very clunky and limits the ease of extensibility of the application. It makes sense to me that there should be an annotation-based way of using interceptors, but this doesn't seem to exist. My friend has the idea of actually modifying the handler class so that during each request it checks the Controller it is mapping the request to for a new annotation we would create (ex @Interceptor("loginInterceptor") ). A major point of my thinking is the extensibility, because I'd like to later implement similar interceptors for role-based authentication and/or administration authentication. Does it sound like my friend's approach would work for this? Or what is a proper way of going about doing this?

    Read the article

  • Django | passing form values

    - by MMRUser
    I want to create a user sign up process that requires two different forms with the same data one (1st form) is for filling out the data and other one (2nd form) is for displaying the filled data as a summery (before actually saving the data) so then user can view what he/she has filled up... my problem is that how do I pass 1st form's data in to the 2nd one .. I have used the basic Django form manipulation mechanism and passed the form field values to the next form using Django template tags.. if request.method == 'POST': form = Users(request.POST) if form.is_valid(): cd = form.cleaned_data try: name = cd['fullName'] email = cd['emailAdd'] password1 = cd['password'] password2 = cd['password2'] phoneNumber = cd['phoneNumber'] return render_to_response('signup2.html', {'name': name, 'email': email, 'password1': password1, 'password2': password2, 'phone': phone, 'pt': phoneType}) except Exception, ex: return HttpResponse("Error %s" % str(ex)) and from the second from I just displayed those field values using tags and also used hidden fields in order to submit the form with values, like this: <label for="">Email:</label> {{ email }} <input type="hidden" id="" name="email" class="width250" value="{{ email }}" readonly /> It works nicely from the out look, but the real problem is that if someone view the source of the html he can simply get the password even hackers can get through this easily. So how do I avoid this issue.. and I don't want to use Django session since this is just a simple sign up process and no other interactions involved. Thanks.

    Read the article

  • Keep the images downloaded in the listview during scrolling

    - by Paveliko
    I'm developing my first app and have been reading a LOT here. I've been trying to find a solution for the following issue for over a week with no luck. I have an Adapter that extends ArrayAdapter to show image and 3 lines of text in each row. Inside the getView I assign relevant information for the TextViews and use ImageLoader class to download image and assign it to the ImageView. Everything works great! I have 4.5 rows visible on my screen (out of total of 20). When I scroll down for the first time the images continue to download and be assigned in right order to the list. BUT when I scroll back the list looses all the images and start redrawing them again (0.5-1 sec per image) in correct order. From what I've been reading it's the standard list performance but I want to change it. I want that, once the image was downloaded, it will be "sticked" to the list for the whole session of the current window. Just like in Contacts list or in the Market. It is only 20 images (6-9kb each). Hope I managed to explain myself.

    Read the article

  • Flash Player: Any remedy for the stale video image data problem (in a reused NetStream object)?

    - by amn
    Has anyone experienced stale stills of a previous playback for a reused NetStream object? If so, what are the workarounds for this, except re-creating the object (which eats performance and time)? It is hard to reuse NetStream objects because of a (in my opinion) fundamental issue with NetStream objects - when you 'close' a playing stream and at a later point issue a 'play' call on it again with a different name, the stream appears to still contain a stale image lingering from previous playback, and this is of course displayed in the Video object for a moment - the moment I assume it takes for new stream data to become available from server. Because of this behavior, to improve my users' visual experience, I simply discard a NetStream object after a playback session, and assign a new NetStream object to the same variable, set it up, and play something else. It appears to work - no stale image - but what bugs me is that it's a work around and costs performance (construction and setting up the object again - event listeners and 'client' delegates and more memory usage - NetStream objects are not garbage collected immediately, it takes some time). It would be really nice to REALLY be able to reuse a stream. I am thinking of something akin to Video.clear method, but for the NetStream class. Am I missing something?

    Read the article

  • Domain validates but won't save

    - by marko
    I have the following setup. Class, say, Car that has a CarPart (belongsTo=[car:Car]). When I'm creating a Car I also want to create som default CarParts, so I do def car = new Car(bla bla bla) def part = new CarPart(car:car) Now, when I do car.validate() or part.validate() it seems fine. But when I do if(car.save && part.save() I get this exception: 2012-03-24 14:02:21,943 [http-8080-4] ERROR util.JDBCExceptionReporter - Batch entry 0 insert into car_part (version, car_id, id) values ('0', '297', '298') was aborted. Call getNextException to see the cause. 2012-03-24 14:02:21,943 [http-8080-4] ERROR util.JDBCExceptionReporter - ERROR: value too long for type character varying(6) 2012-03-24 14:02:21,943 [http-8080-4] ERROR events.PatchedDefaultFlushEventListener - Could not synchronize database state with session org.hibernate.exception.DataException: Could not execute JDBC batch update Stacktrace follows: java.sql.BatchUpdateException: Batch entry 0 insert into car_part (version, deal_id, id) values ('0', '297', '298') was aborted. Call getNextException to see the cause. at org.postgresql.jdbc2.AbstractJdbc2Statement$BatchResultHandler.handleError(AbstractJdbc2Statement.java:2621) at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:1837) at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:407) at org.postgresql.jdbc2.AbstractJdbc2Statement.executeBatch(AbstractJdbc2Statement.java:2754) at $Proxy20.flush(Unknown Source) at ristretto.DealController$_closure5.doCall(DealController.groovy:109) at ristretto.DealController$_closure5.doCall(DealController.groovy) at java.lang.Thread.run(Thread.java:722) Any ideas?

    Read the article

  • How to call stored procedure by hibernate?

    - by user367097
    Hi I have an oracle stored procedure GET_VENDOR_STATUS_COUNT(DOCUMENT_ID IN NUMBER , NOT_INVITED OUT NUMBER,INVITE_WITHDRAWN OUT NUMBER,... rest all parameters are OUT parameters. In hbm file I have written - <sql-query name="getVendorStatus" callable="true"> <return-scalar column="NOT_INVITED" type="string"/> <return-scalar column="INVITE_WITHDRAWN" type="string"/> <return-scalar column="INVITED" type="string"/> <return-scalar column="DISQUALIFIED" type="string"/> <return-scalar column="RESPONSE_AWAITED" type="string"/> <return-scalar column="RESPONSE_IN_PROGRESS" type="string"/> <return-scalar column="RESPONSE_RECEIVED" type="string"/> { call GET_VENDOR_STATUS_COUNT(:DOCUMENT_ID , :NOT_INVITED ,:INVITE_WITHDRAWN ,:INVITED ,:DISQUALIFIED ,:RESPONSE_AWAITED ,:RESPONSE_IN_PROGRESS ,:RESPONSE_RECEIVED ) } </sql-query> In java I have written - session.getNamedQuery("getVendorStatus").setParameter("DOCUMENT_ID", "DOCUMENT_ID").setParameter("NOT_INVITED", "NOT_INVITED") ... continue till all the parametes . I am getting the sql exception 18:29:33,056 WARN [JDBCExceptionReporter] SQL Error: 1006, SQLState: 72000 18:29:33,056 ERROR [JDBCExceptionReporter] ORA-01006: bind variable does not exist Please let me know what is the exact process of calling a stored procedure from hibernate. I do not want to use JDBC callable statement.

    Read the article

  • Rss: Bookmark is not working correctly.

    - by shruti
    I'm working on project RSS generation in MVC.Net. in taht i want to make bookmark. for that i have write the code on controller. first there is one aspx page from which subscription page gets open. public ActionResult ViewBlog() { if (Session[SessionVariables.username] == null) { return RedirectToAction("Login", "Home"); } else { return View(classObj.fetchAllBlogs()); } } and coding for subscription is: public ActionResult Rss() { string bcontent = classObj.showBlog(); DateTime postdate = classObj.showPostDate(); List<SyndicationItem> items = new SyndicationItem[] { new SyndicationItem("RSS Blog",bcontent+postdate,null), }.ToList(); RssResult r = new RssResult(); SyndicationFeed feed = new SyndicationFeed("Admin: Blog Posts", "RSS Feed",Request.Url , items); return new RssResult(feed); Developer", "The latest news on ASP.NET, C# and ASP.NET MVC "); } but problem is that when usr clicks on bookmark then intested of opening ViewBlog.aspx it opens the same page. i want to open ViewBlog.aspx. I think the problem is in: SyndicationFeed feed = new SyndicationFeed("Admin: Blog Posts", "RSS Feed",Request.Url , items); Plz help ...!

    Read the article

  • Asp.Net 2 integrated sites How to Logout second site programatically.

    - by NBrowne
    Hi , I am working with an asp.net 2.0 site (call it site 1) which has an iframe in it which loads up another site (site2) which is also an asp.net site which is developed by our team. When you log onto site 1 then behind the scenes site 2 is also logged in so that when you click the iframe tab then this displays site 2 with the user logged in (to prevent the user from having to log in twice). The problem i have is that when a user logs out of site 1 then we call some cleanup methods to perform FormsAuthentication.SignOut and clean session variables etc but at the moment no cleanup is called when the user on site 2. So the issue is that if the user opens up Site 2 from within a browser then website 2 opens with the user still logged in which is undesired. Can anyone give me some guidance as to the best approach for this?? One possible approach i though of was just that on click of logout button i could do a call to a custom page on Site 2 which would do the logout. Code below HttpWebRequest request; request = ((HttpWebRequest)(WebRequest.Create("www.mywebsite.com/Site2Logout.aspx"))); request.Method = "POST"; HttpCookie cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName]; Cookie authenticationCookie = new Cookie( FormsAuthentication.FormsCookieName, cookie.Value, cookie.Path, HttpContext.Current.Request.Url.Authority); request .CookieContainer = new CookieContainer(); request .CookieContainer.Add(authenticationCookie); response.GetResponse(); Problem i am having with this code is that when i run it and debug on Site 2 and check to see if the user is Authenticated they are not which i dont understand because if i open browser and browse to Site 2 i am Still authenticated. Any ideas , different direction to take etc ??? Please let me know if you need any more info or if i something i have said dosent make sense. Thanks

    Read the article

  • Cross-Application User Authentication

    - by Chris Lieb
    We have a webapp written in .NET that uses NTLM for SSO. We are writing a new webapp in Java that will tightly integrate with the original application. Unfortunately, Java has no support for performing the server portion of NTLM authentication and the only library that I can find requires too much setup to be allowed by IT. To work around this, I came up with a remote authentication scheme to work across applications and would like your opinions on it. It does not need to be extremely secure, but at the same time not easily be broken. User is authenticated into .NET application using NTLM User clicks link that leaves .NET application .NET application generates random number and stores it in the user table along with the user's full username (domain\username) Insecure token is formed as random number:username Insecure token is run through secure cipher (likely AES-256) using pre-shared key stored within the application to produce a secure token The secure token is passed as part of the query string to the Java application The Java application decrypts the secure key using the same pre-shared key stored within its own code to get the insecure token The random number and username are split apart The username is used to retrieve the user's information from the user table and the stored random number is checked against the one pulled from the insecure token If the numbers match, the username is put into the session for the user and they are now authenticated If the numbers do not match, the user is redirected to the .NET application's home page The random number is removed from the database

    Read the article

  • How do I execute queries upon DB connection in Rails?

    - by sycobuny
    I have certain initializing functions that I use to set up audit logging on the DB server side (ie, not rails) in PostgreSQL. At least one has to be issued (setting the current user) before inserting data into or updating any of the audited tables, or else the whole query will fail spectacularly. I can easily call these every time before running any save operation in the code, but DRY makes me think I should have the code repeated in as few places as possible, particularly since this diverges greatly from the ideal of database agnosticism. Currently I'm attempting to override ActiveRecord::Base.establish_connection in an initializer to set it up so that the queries are run as soon as I connect automatically, but it doesn't behave as I expect it to. Here is the code in the initializer: class ActiveRecord::Base # extend the class methods, not the instance methods class << self alias :old_establish_connection :establish_connection # hide the default def establish_connection(*args) ret = old_establish_connection(*args) # call the default # set up necessary session variables for audit logging # call these after calling default, to make sure conn is established 1st db = self.class.connection db.execute("SELECT SV.set('current_user', 'test@localhost')") db.execute("SELECT SV.set('audit_notes', NULL)") # end "empty variable" err ret # return the default's original value end end end puts "Loaded custom establish_connection into ActiveRecord::Base" sycobuny:~/rails$ ruby script/server = Booting WEBrick = Rails 2.3.5 application starting on http://0.0.0.0:3000 Loaded custom establish_connection into ActiveRecord::Base This doesn't give me any errors, and unfortunately I can't check what the method looks like internally (I was using ActiveRecord::Base.method(:establish_connection), but apparently that creates a new Method object each time it's called, which is seemingly worthless cause I can't check object_id for any worthwhile information and I also can't reverse the compilation). However, the code never seems to get called, because any attempt to run a save or an update on a database object fails as I predicted earlier. If this isn't a proper way to execute code immediately on connection to the database, then what is?

    Read the article

  • Log in to subdomain via main domain

    - by Mattias
    I have a website, available through multiple domainnames. like www.domain1.com .... www.domain5.com All my customers have their own subdomain. like: customer1.domain1.com customer2.domain1.com .... customer351.domain4.com Currently i dont use SSL, each customer log in their own account via their sub domain. I want to change this, and make all customers log in on a central log in page, that would use SSL, for example. https://login.domain1.com And somehow redirect each user to the correct sub domain adress. (Sub domain that don't use SSL) How do I do this, and maintain security? One idea i had: Login - add random value somewhere in the database, Redirect to subdomain, with querystring the randomvalue. And after that the session takes care of it, Each value can be used once only.. But how secure is that? I guess someone would ask the question "why?" to me. Because SSL costs money. And unfortunately i dont have a lot of it. :D Thanks for your time!

    Read the article

  • query sql database for specific value in vb.net

    - by user2952298
    I am trying to convert VBA code to vb.net, im having trouble trying to search the database for a specific value around an if statement. any suggestions would be greatly appriciated. thedatabase is called confirmation, type is the column and email is the value im looking for. could datasets work? Function SendEmails() As Boolean Dim objOutlook As Outlook.Application Dim objOutlookMsg As Outlook.MailItem Dim objOutlookRecip As Outlook.Recipient Dim objOutlookAttach As Outlook.Attachment Dim intResponse As Integer Dim confirmation As New ADODB.Recordset Dim details As New ADODB.Recordset On Error GoTo Err_Execute Dim MyConnObj As New ADODB.Connection Dim cn As New ADODB.Connection() MyConnObj.Open( _ "Provider = sqloledb;" & _ "Server=myserver;" & _ "Database=Email_Text;" & _ "User Id=bla;" & _ "Password=bla;") confirmation.Open("Confirmation_list", MyConnObj) details.Open("MessagesToSend", MyConnObj) If details.EOF = False Then confirmation.MoveFirst() Do While Not confirmation.EOF If confirmation![Type] = "Email" Then ' Create the Outlook session. objOutlook = CreateObject("Outlook.Application") ' Create the message. End IF

    Read the article

  • Rails: Obfuscating Image URLs on Amazon S3? (security concern)

    - by neezer
    To make a long explanation short, suffice it to say that my Rails app allows users to upload images to the app that they will want to keep in the app (meaning, no hotlinking). So I'm trying to come up with a way to obfuscate the image URLs so that the address of the image depends on whether or not that user is logged in to the site, so if anyone tried hotlinking to the image, they would get a 401 access denied error. I was thinking that if I could route the request through a controller, I could re-use a lot of the authorization I've already built into my app, but I'm stuck there. What I'd like is for my images to be accessible through a URL to one of my controllers, like: http://railsapp.com/images/obfuscated?member_id=1234&pic_id=7890 If the user where to right-click on the image displayed on the website and select "Copy Address", then past it in, it would be the SAME url (as in, wouldn't betray where the image is actually hosted). The actual image would be living on a URL like this: http://s3.amazonaws.com/s3username/assets/member_id/pic_id.extension Is this possible to accomplish? Perhaps using Rails' render method? Or something else? I know it's possible for PHP to return the correct headers to make the browser think it's an image, but I don't know how to do this in Rails... UPDATE: I want all users of the app to be able to view the images if and ONLY if they are currently logged on to the site. If the user does not have a currently active session on the site, accessing the images directly should yield a generic image, or an error message.

    Read the article

  • Need method to seek next/previous records id without cycling through all records.

    - by dqhendricks
    I am using MySQL and PHP. I have a MySQL blog post result set with id fields, and publish_date fields. I display one blog post per page, and the script knows which blog post to display based on $_GET['id'], which correlates to each blog entry's id field. I would like to reference them by id in the url, because I would like each blog post to have a perminant url. I would like to order the blog posts by publish date (descending). Now, on each page there will be next and previous links, which contain the $_GET['id'] value for the next and previous blog posts. How can I figure out what the id of the next and previous blog posts (determined by it's publish_date order) without cycling through each mysql result row? I can't mysql_data_seek(), because I do not know the row index of the current blog post id. I do not want to store a row index in a GET variable because the urls would no longer be perminant. I obviously cannot store the row index in a SESSION variable because then direct links to specific blog posts would have broken next and previous links. Any suggestions would be greatly appreciated.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 397 398 399 400 401 402 403 404 405 406 407 408  | Next Page >