Search Results

Search found 14267 results on 571 pages for 'security certificate'.

Page 41/571 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

• OWSM custom security policy for JAX-WS, GenericFault

  - by sachin

  Hi, I tried creating custom security and policy as given here: http://download.oracle.com/docs/cd/E15523_01/relnotes.1111/e10132/owsm.htm#CIADFGGC when I run the service client custom assertion is executed, returning successfully. public IResult execute(IContext context) throws WSMException { try { System.out.println("public execute"); IAssertionBindings bindings = ((SimpleAssertion)(this.assertion)).getBindings(); IConfig config = bindings.getConfigs().get(0); IPropertySet propertyset = config.getPropertySets().get(0); String valid_ips = propertyset.getPropertyByName("valid_ips").getValue(); String ipAddr = ((IMessageContext)context).getRemoteAddr(); IResult result = new Result(); System.out.println("valid_ips "+valid_ips); if (valid_ips != null && valid_ips.trim().length() > 0) { String[] valid_ips_array = valid_ips.split(","); boolean isPresent = false; for (String valid_ip : valid_ips_array) { if (ipAddr.equals(valid_ip.trim())) { isPresent = true; } } System.out.println("isPresent "+isPresent); if (isPresent) { result.setStatus(IResult.SUCCEEDED); } else { result.setStatus(IResult.FAILED); result.setFault(new WSMException(WSMException.FAULT_FAILED_CHECK)); } } else { result.setStatus(IResult.SUCCEEDED); } System.out.println("result "+result); System.out.println("public execute complete"); return result; } catch (Exception e) { System.out.println("Exception e"); e.printStackTrace(); throw new WSMException(WSMException.FAULT_FAILED_CHECK, e); } } Console output is: public execute valid_ips 127.0.0.1,192.168.1.1 isPresent true result Succeeded public execute complete but, webservice throws GenericFault . Arguments: [void] Fault: GenericFault : generic error I have no clue what could be wrong, any ideas? here is the full stack trace: Exception in thread "main" javax.xml.ws.soap.SOAPFaultException: GenericFault : generic error at com.sun.xml.internal.ws.fault.SOAP12Fault.getProtocolException(SOAP12Fault.java:210) at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(SOAPFaultBuilder.java:119) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108) at com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78) at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(SEIStub.java:107) at $Proxy30.sayHello(Unknown Source) at creditproxy.CreditRatingSoap12HttpPortClient.main(CreditRatingSoap12HttpPortClient.java:21) Caused by: javax.xml.ws.soap.SOAPFaultException: GenericFault : generic error at weblogic.wsee.jaxws.framework.jaxrpc.TubeFactory$JAXRPCTube.processRequest(TubeFactory.java:203) at weblogic.wsee.jaxws.tubeline.FlowControlTube.processRequest(FlowControlTube.java:99) at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:604) at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:563) at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:548) at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:445) at com.sun.xml.ws.server.WSEndpointImpl$2.process(WSEndpointImpl.java:275) at com.sun.xml.ws.transport.http.HttpAdapter$HttpToolkit.handle(HttpAdapter.java:454) at com.sun.xml.ws.transport.http.HttpAdapter.handle(HttpAdapter.java:250) at com.sun.xml.ws.transport.http.servlet.ServletAdapter.handle(ServletAdapter.java:140) at weblogic.wsee.jaxws.HttpServletAdapter$AuthorizedInvoke.run(HttpServletAdapter.java:319) at weblogic.wsee.jaxws.HttpServletAdapter.post(HttpServletAdapter.java:232) at weblogic.wsee.jaxws.JAXWSServlet.doPost(JAXWSServlet.java:310) at javax.servlet.http.HttpServlet.service(HttpServlet.java:727) at weblogic.wsee.jaxws.JAXWSServlet.service(JAXWSServlet.java:87) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:326) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3592) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) Process exited with exit code 1.

  Read the article

• smtp.gmail.com from bash gives "Error in certificate: Peer's certificate issuer is not recognized."

  - by ndasusers

  I needed my script to email admin if there is a problem, and the company only uses Gmail. Following a few posts instructions I was able to set up mailx using a .mailrc file. there was first the error of nss-config-dir I solved that by copying some .db files from a firefox directory. to ./certs and aiming to it in mailrc. A mail was sent. However, the error above came up. By some miracle, there was a Google certificate in the .db. It showed up with this command: ~]$ certutil -L -d certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI GeoTrust SSL CA ,, VeriSign Class 3 Secure Server CA - G3 ,, Microsoft Internet Authority ,, VeriSign Class 3 Extended Validation SSL CA ,, Akamai Subordinate CA 3 ,, MSIT Machine Auth CA 2 ,, Google Internet Authority ,, Most likely, it can be ignored, because the mail worked anyway. Finally, after pulling some hair and many googles, I found out how to rid myself of the annoyance. First, export the existing certificate to a ASSCII file: ~]$ certutil -L -n 'Google Internet Authority' -d certs -a > google.cert.asc Now re-import that file, and mark it as a trusted for SSL certificates, ala: ~]$ certutil -A -t "C,," -n 'Google Internet Authority' -d certs -i google.cert.asc After this, listing shows it trusted: ~]$ certutil -L -d certs Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI ... Google Internet Authority C,, And mailx sends out with no hitch. ~]$ /bin/mailx -A gmail -s "Whadda ya no" [email protected] ho ho ho EOT ~]$ I hope it is helpful to someone looking to be done with the error. Also, I am curious about somethings. How could I get this certificate, if it were not in the mozilla database by chance? Is there for instance, something like this? ~]$ certutil -A -t "C,," \ -n 'gmail.com' \ -d certs \ -i 'http://google.com/cert/this...'

  Read the article

• Using SSL on slapd

  - by Warren

  I am setting up slapd to use SSL on Fedora 14. I have the following in my /etc/openldap/slapd.d/cn=config.ldif: olcTLSCACertificateFile: /etc/pki/tls/certs/SSL_CA_Bundle.pem olcTLSCertificateFile: /etc/pki/tls/certs/mydomain.crt olcTLSCertificateKeyFile: /etc/pki/tls/private/mydomain.key olcTLSCipherSuite: HIGH:MEDIUM:-SSLv2 olcTLSVerifyClient: demand and the following in my /etc/sysconfig/ldap: SLAPD_LDAP=no SLAPD_LDAPS=yes In my ldap.conf file, I have BASE dc=mydomain,dc=com URI ldaps://localhost TLS_CACERTDIR /etc/pki/tls/certs TLS_REQCERT allow However, when I connect to the localhost, ldapsearch returns the following: ldap_initialize( <DEFAULT> ) ldap_create Enter LDAP Password: ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP localhost:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.0.1:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 TLS: loaded CA certificate file /etc/pki/tls/certs/978601d0.0 from CA certificate directory /etc/pki/tls/certs. TLS: loaded CA certificate file /etc/pki/tls/certs/b69d4130.0 from CA certificate directory /etc/pki/tls/certs. TLS certificate verification: defer TLS: error: connect - force handshake failure: errno 0 - moznss error -12271 TLS: can't connect: . ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) What do I have incorrect?

  Read the article

• Apache not Forwarding Client x509 Certificate to Tomcat via mod_proxy

  - by hooknc

  Hi Everyone, I am having difficulties getting a client x509 certificate to be forwarded to Tomcat from Apache using mod_proxy. From observations and reading a few logs it does seem as though the client x509 certificate is being accepted by Apache. But, when Apache makes an SSL request to Tomcat (which has clientAuth="want"), it doesn't look like the client x509 certificate is passed during the ssl handshake. Is there a reasonable way to see what Apache is doing with the client x509 certificate during its handshake with Tomcat? Here is the environment I'm working with: Apache/2.2.3 Tomcat/6.0.29 Java/6.0_23 OpenSSL 0.9.8e Here is my Apache VirtualHost SSL config: <VirtualHost xxx.xxx.xxx.xxx:443> ServerName xxx ServerAlias xxx SSLEngine On SSLProxyEngine on ProxyRequests Off ProxyPreserveHost On ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel debug SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /usr/local/certificates/xxx.crt SSLCertificateKeyFile /usr/local/certificates/xxx.key SSLCertificateChainFile /usr/local/certificates/xxx.crt SSLVerifyClient optional_no_ca SSLOptions +ExportCertData CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <Proxy *> AddDefaultCharset Off Order deny,allow Allow from all </Proxy> ProxyPass / https://xxx.xxx.xxx.xxx:8443/ ProxyPassReverse / https://xxx.xxx.xxx.xxx:8443/ </VirtualHost> Then here is my Tomcat SSL Connector: <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" address="xxx.xxx.xxx.xxx" maxThreads="150" scheme="https" secure="true" keystoreFile="/usr/local/certificates/xxx.jks" keypass="xxx_pwd" clientAuth="want" sslProtocol="TLSv1" proxyName="xxx.xxx.xxx.xxx" proxyPort="443" /> Could there possibly be issues with SSL Renegotiation? Could there be problems with the Truststore in our Tomcat instance? (We are using a non-standard Truststore that has partner organization CAs.) Is there better logging for what is happening internally with Apache for SSL? Like what is happening to the client cert or why it isn't forwarding the certificate when tomcats asks for one? Any reasonable assistance would be greatly appreciated. Thank you for your time.

  Read the article

• PHP stream_context_set_option SSL certificate as string

  - by Roger Thomas

  I've got a weird issue. Basically, I need to do this: $handle = stream_context_create(); stream_context_set_option($handle , 'ssl', 'local_cert', '/tmp/cert'); However. The certificate is not held as a file within the server. Rather it's an encrypted string held in a clustered database environment. So instead of the certificate being a file name pointer, its the physical content of the certificate. So instead of using the file name, I need to specify the content of the certificate instead. For example: $cert = '-----BEGIN CERTIFICATE-----.... upWbwmdMd61SjNCdtOpZcNW3YmzuT96Fr7GUPiDQ -----END CERTIFICATE-----'; Does anyone have any idea whatsoever how on earth I can do this? I'm scratching my head over this problem, but my gut instinct says it is doable. Thanks in advance everyone!

  Read the article

• Where do you store the private key for your code signing certificate?

  - by flipdoubt

  I recently acquired a code signing certificate for my employer, but I am not the InstallShield developer who will sign the binaries before distribution. I know I can export the certificate along with its private key, but where do I store it so the InstallShield developer can install it on his machine? Should I remove it from my machine once I give it to the person doing the signing? Where do I store the master copy? Obviously, source control is not the best place, unless I lock down that directory in SVN.

  Read the article

• Install SSL certificate for RDP on Windows 2003?

  - by Crashalot

  I need to configure SSL for RDP, and am following the instructions described here: http://thelazyadmin.com/blogs/thelazyadmin/archive/2007/01/26/Configure-RDP-over-SSL-with-SelfSSL.aspx My client's server already has a SSL certificate (.cer file), and I attempted to import it so that Terminal Services would recognize it. The importing instructions I followed are: http://support.microsoft.com/kb/816794#3. Unfortunately, when I click "Edit" from the "RDP-tcp Properties" dialog (for a Terminal Services certificate), no certificate appears. How can I get the certificate to appear here? Thanks!

  Read the article

• How can I sign my server with an SSL certificate

  - by Saif Bechan

  I have a dedicated server and I want to use one domain name for default entrance to the system. My system is Apache 2 on CentOS 5.4. Lets says the domain name is mydomain.com. I have also bought an SSL certificate and installed it to work with this default domain. Still when I restart Apache I get the following error message: [Sat May 01 02:21:22 2010] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sat May 01 02:21:22 2010] [warn] RSA server certificate CommonName (CN) `mydomain.com' does NOT match server name!? Does anyone have an idea how I can remove this message. I have the server, domain name, and ssl key.

  Read the article

• What are the benefits of using conforming certificates?

  - by zneak

  Recently, my web host started sending my mail client a self-signed root certificate with no field filled (everything says "Unknown") when connecting via SSL. I'm pretty sure this is not a good thing, but since it works, the tech support guy says it's fine. I'm not a certificate guru, so I'm turning to you people. What purpose do certificates serve? Is it really okay that the certificate has every field set to "Unknown"? I don't check certificates often, but I don't recall ever being sent a root one; what's the difference between a root certificate and, err, the other kind of certificate?

  Read the article

• WCF WebService: Client can't connect, as soon as request client cerficate is activated.

  - by Hinek

  I have an .NET 3.5 WCF WebService hostet in IIS 6 and using a SSL certificate. The communication between client and server works. Then I activate "request client certificate" and the client can't connect anymore Exception: System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'polizei-bv.stadt.hamburg.de'. Inner Exception: System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. The certificate, the client uses is in the certificate store (local computer), the root ca is int the trusted root certification authorities store. Where can I check for an explanation on the server side? How can I check if the client really supplies it's certificate (client is not on my side)?

  Read the article

• Adding multiple websites with different SSL certificates in IIS 7

  - by Timka

  I'm having troubles using SSL for 2 different websites on my IIS 7 server. Please see my setup below: website1: my.corporate.portal.com SSL certificate for website1: *.corporate.portal.com https/443 binded to my.corporate.portal.com website2: client.portal.com SSL certificate issued for: client.portal.com When I try to bind https in IIS7 with the client's certificate, I don't have an option to put host name(grayed out) and as soon as I select 'client.portal.com' cert, I'm getting the following error in IIS: At least one other site is using the same HTTPS binding and the binding is configured with a different certificate. Are you sure that you want to reuse this HTTPS binding and reassign the other site or sites to use the new certificate? If I click 'yes' my.corporate.portal.com website stops using the proper SSL cert. Could you suggest something?

  Read the article

• Error moving a certificate to remote server

  - by edh

  Hi- I am trying to obtain a certificate and move it to a remote server. It is a report server which requires its own certificate for SSL but is not running IIS. I have a server running IIS 6 so i created a fake website to create a csr, obtained a certificate from a 3rd party, then processed and installed the cert on the fake website. I want to then move the certificate to a remote server. when it asks for the server name and credentials i supply them, hit next, then get the error, 'class not registered'. any ideas? Thanks -Ed

  Read the article

• What happens if the private key of a Certificate Authority(CA) like Verisign is leaked?

  - by Avinash Karaparambil

  I was just wondering what will happen if the private key of a CA is leaked? Won't it be then possible to make fake certificates for any other website?

  Read the article

• IIS FTP server not working after purchase of SSL certificate

  - by Chris

  I've been connecting to my web server with active mode in FileZilla with no problems. Over the weekend, an SSL certificate was dropped into a folder that I access with FTP, and which contains files for the website. Now I am receiving a 425 error in active mode on the FTP root, so I can't really do anything but log in. In passive mode, I can connect and move around in the directory tree, but the connection seems shaky. Occasionally I'll time out, and I can't get access at all to the folder containing the SSL certificate. My question is how does the SSL certificate affect my FTP connection (if at all)? Does its presence demand the use of FTP over SSL? Note: As far as I know, the only change which occurred was the placement of the SSL certificate. Firewall settings, FTP client and server settings should all be the same as before, when everything was working.

  Read the article

• Internet Explorer 9 - website certificate expired

  - by user155504

  My Internet Explorer 9, for every page, shows this messege to me: There is a problem with this website"s security certificate. The security certificate presented by website has expired or is not yet valid. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website. Click here to close this webpage. Continue to this website (not recommended)" and afterwards it shows this : Internet Explorer blocked this website from displaying content with security certificate errors [show content] Please help me to resolve this problem!

  Read the article

• IIS 6.0 :: SSL certificate install :: issue

  - by BSI Support

  Certificate request process works fine. Once the certificate is received from VeriSign, the installation process also works fine (no errors.) However, once installed, the new certificate is not "assigned." Meaning, when I view the IIS instance security properties, it still shows the previous certificate start & end dates. Thoughts? Windows 2003, Web Edition. I have 3 other Win2003WE machines, configured nearly the same, and do not have this problem.

  Read the article

• Spring Security session-management setting and IllegalStateException

  - by JayL

  I'm trying to add <session-management> in my Spring Security namespace configuration so that I can provide a different message than the login page when the session times out. As soon as I add it to my configuration it starts throwing "IllegalStateException: Cannot create a session after the response has been committed" when I access the app. I'm using Spring Security 3 and Tomcat 6. Here's my configuration: <http> <intercept-url pattern="/go.htm" access="ROLE_RESPONDENT" /> <intercept-url pattern="/complete.htm" access="ROLE_RESPONDENT" /> <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <form-login login-processing-url="/j_spring_security_check" login-page="/login.htm" authentication-failure-url="/login.htm?error=true" default-target-url="/go.htm" /> <anonymous/> <logout logout-success-url="/logout_message.htm"/> <session-management invalid-session-url="/login.htm" /> </http> Everything works great until I add in the <session-management> line. What am I missing?

  Read the article

• security policy error iphone ipod touch issue

  - by Joey

  I'm getting an "Error from Debugger: Error launching remote program: security policy error" when I try to run my app on my ipod touch. The provisions look in order, and the app builds to my iphone 3gs just fine. The app used to build just fine to my ipod touch, so I'm flustered what could have changed and wondering if anyone has any thoughts on what might be causing this issue. The build logs are below. Mon Mar 15 14:25:54 unknown com.apple.debugserver-43[449] : Connecting to com.apple.debugserver service... Mon Mar 15 14:25:55 unknown SpringBoard[24] : Unable to launch com.yourcompany.Unearthed because it has an invalid code signature, inadequate entitlements or its profile has not been explicitly trusted by the user. Mon Mar 15 14:25:55 unknown com.apple.debugserver-43[449] : error: unable to launch the application with CFBundleIdentifier 'com.yourcompany.Unearthed' sbs_error = 9 Mon Mar 15 14:25:55 unknown com.apple.debugserver-43[449] : 1 [01c1/0903]: RNBRunLoopLaunchInferior DNBProcessLaunch() returned error: '' Mon Mar 15 14:25:55 unknown com.apple.debugserver-43[449] : error: failed to launch process (null): security policy error Mon Mar 15 14:26:03 unknown MobileSafari[72] : void SendDelegateMessage(NSInvocation*): delegate (webView:decidePolicyForNavigationAction:request:frame:decisionListener:) failed to return after waiting 10 seconds. main run loop mode: UITrackingRunLoopMode

  Read the article

• How to access/use custom attribute in spring security based CAS client

  - by Bill Li

  I need send certain attributes(say, human readable user name) from server to client after a successful authentication. Server part was done. Now attribute was sent to client. From log, I can see: 2010-03-28 23:48:56,669 DEBUG Cas20ServiceTicketValidator:185 - Server response: [email protected] <cas:proxyGrantingTicket>PGTIOU-1-QZgcN61oAZcunsC9aKxj-cas</cas:proxyGrantingTicket> <cas:attributes> <cas:FullName>Test account 1</cas:FullName> </cas:attributes> </cas:authenticationSuccess> </cas:serviceResponse> Yet, I don't know how to access the attribute in client(I am using Spring security 2.0.5). In authenticationProvider, a userDetailsService is configured to read db for authenticated principal. <bean id="casAuthenticationProvider" class="org.springframework.security.providers.cas.CasAuthenticationProvider"> <sec:custom-authentication-provider /> <property name="userDetailsService" ref="clerkManager"/> <!-- other stuff goes here --> </bean> Now in my controller, I can easily do this: Clerk currentClerk = (Clerk)SecurityContextHolder.getContext().getAuthentication().getPrincipal(); Ideally, I can fill the attribute to this Clerk object as another property in some way. How to do this? Or what is recommended approach to share attributes across all apps under CAS's centralized nature?

  Read the article

• How do I use WS-Security with WCF?

  - by Jonathan Allen

  Below is the style of header I need to create. I am expected to use either a public/private key or a SSL style certificate. I don't know for certain, but I think my counter-party is using some form of Java. <soap-env:Header> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/04/secext"> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#secinfo"> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>xxxxxxxxxxxxx</ds:DigestValue> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> <ds:XPath>//*[@id='secinfo']/child::*/text()</ds:XPath> </ds:Transform> </ds:Transforms> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>xxxxxxxxxxds:SignatureValue> <ds:KeyInfo> <ds:KeyName>xxxxxxx</ds:KeyName> </ds:KeyInfo> </ds:Signature> <t:UsernameToken xmlns:t="http://schemas.xmlsoap.org/ws/2002/04/secext" id="secinfo"> <t:UserInfo>USER=xxxx;CORR=xxxx;TIMESTAMP=201003161916</t:UserInfo> </t:UsernameToken> </wsse:Security> </soap-env:Header>

  Read the article

• Flash Security Error Accessing URL with crossdomain.xml

  - by user163757

  Hello, I recently deployed a Flash application to a server, and am now experiencing errors when making HTTPService requests. I have put what I believe to be the most permissive crossdomain.xml possible in the wwwroot folder, and still get the errors. Interestingly enough, the error only seems to occur when the request is made from a direct user interaction (i.e. button click). The application makes other requests that are initiated by other means(i.e creationComplete) , and they seem to work as expected. Anyone see anything wrong with the crossdomain.xml, or have any other suggestions? ERROR MESSAGE [RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"] at mx.rpc::AbstractInvoker/http://www.adobe.com/2006/flex/mx/internal%3A%3AfaultHandler() at mx.rpc::Responder/fault() at mx.rpc::AsyncRequest/fault() at DirectHTTPMessageResponder/securityErrorHandler() at flash.events::EventDispatcher/dispatchEventFunction() at flash.events::EventDispatcher/dispatchEvent() at flash.net::URLLoader/redirectEvent() <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all" /> <allow-access-from domain="*" secure="false" /> <allow-http-request-headers-from domain="*" headers="*" secure="false" /> </cross-domain-policy>

  Read the article

• IE Security Warning with widgets

  - by superexsl

  Hey I'm creating an ASP.NET application which uses Facebook Connect and fbml tags. It also uses the LinkedIn widget. When I run this app in any browser, there are no warnings and everything works. However, in IE, a message like this comes up: Security Warning: The current webpage is trying to open a site in your Trusted sites list. Do you want to allow this? Current site:http://www.facebook.com Trusted site:http://localhost (same for LinkedIn.com). I know how to fix this from a client perspective and to stop the security warning showing up. However, is it possible to ensure this message doesn't come up as it could be off putting for users who don't know how to suppress this warning? I haven't tried uploading it to my webhost, so not sure if this message will appear for everyone in production. However, I always get it on my local machine. (None of my pages use SSL, so I don't think that's the issue. I tried using FB's HTTPS urls but that didn't make a difference). Thanks

  Read the article

• Game login authentication and security.

  - by Charles

  First off I will say I am completely new to security in coding. I am currently helping a friend develop a small game (in Python) which will have a login server. I don't have much knowledge regarding security, but I know many games do have issues with this. Everything from 3rd party applications (bots) to WPE packet manipulation. Considering how small this game will be and the limited user base, I doubt we will have serious issues, but would like to try our best to limit problems. I am not sure where to start or what methods I should use, or what's worth it. For example, sending data to the server such as login name and password. I was told his information should be encrypted when sending, so in-case someone was viewing it (with whatever means), that they couldn't get into the account. However, if someone is able to capture the encrypted string, wouldn't this string always work since it's decrypted server side? In other words, someone could just capture the packet, reuse it, and still gain access to the account? The main goal I am really looking for is to make sure the players are logging into the game with the client we provide, and to make sure it's 'secure' (broad, I know). I have looked around at different methods such as Public and Private Key encryption, which I am sure any hex editor could eventually find. There are many other methods that seem way over my head at the moment and leave the impression of overkill. I realize nothing is 100% secure. I am just looking for any input or reading material (links) to accomplish the main goal stated above. Would appreciate any help, thanks.

  Read the article

• Restricting dynamically loaded classes and jars based on a security policy

  - by Max

  Hi, I would like to dynamically load a set of jars or classes (i.e. plugins loaded at runtime). At the same time, I would like to restrict what these plugins are able to do in the JVM. For a test case, I would like to restrict them to pretty much everything (right now I'm just allowing one System.getProperty value to be read). I am currently using a security policy file, but I'm having difficulty specifying a policy for one folder or package in my codeBase, but not another. Here is how my policy looks now: grant codeBase "file:/home/max/programming/java/plugin/plugins/" { permission java.util.PropertyPermission "java.version", "read"; }; grant codeBase "file:/home/max/programming/java/plugin/api/" { permission java.security.AllPermission; }; Where (for testing purposes), all files in the plugins package and folder are restricted, but the classes in the api folder are not. Is this possible? Do I have to create a custom class loader? Is there a better way to go about doing this? Thanks.

  Read the article

• OpenPeak Flash app XMLSocket Security Problem

  - by Kira

  We're trying to create an app for OpenPeak. The Flash app will act as a client to a Java server on another computer on another domain. The Flash app client connects via XMLSocket. The Java Server uses ServerSocket to receive a request and send back a message. In order to trust the server, the Flash client needs a socket master policy file to tell it that the server comes from a trustworthy domain. According to an article on Adobe, when a connection has succeeded, the Flash client automatically requests the cross-domain policy or socket master policy file on port 843. Still, even when we implement it according to the tutorials and recommendations we have read, the Flash client continues to throw the following security error: SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048" We've tried logging the policy file request during testing to see if there was any call made to port 843. There was not. Interestingly, even without a policy file, the Flash client still manages to send the first data message to the server successfully. It's just when the server tries to send back a reply that the entire thing hangs for about 10 seconds before the security error above is displayed. Any ideas / suggestions?

  Read the article

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >