Search Results

Search found 12992 results on 520 pages for 'password recovery'.

Page 412/520 | < Previous Page | 408 409 410 411 412 413 414 415 416 417 418 419  | Next Page >

• Important Security Issue: Is it possible to put binary image data into html markup code and then get

  - by Joern Akkermann

  Hi, it's an important security issue and I'm sure this should be possible. A simple example: You run a community portal. Users are registered and upload their pictures. Your application gives security rules wenever a picture is allowed to be displayed. For example users must be friends on each sides by the system, in order that you can view someone elses uploaded pictures. Here comes the problem: it is possible that someone crawls the image directories of your server. But you want to protect your users from such attacks. If it's possible to put the binary data of an image directly into the html markup, you can restrict the user access of your image dirs the user and group your web application runs of and pass the image data to your apache user and group directly in the html. The only possible weakness then is the password of the user that your web app runs as. Is there already a possibility? Yours, Joern.

  Read the article

• XMLHttpRequest - JSON - .NET

  - by user318194

  I am trying to send JSON from my mozilla addon to my asp.net page. var myJSONObject = {"userName": una,"password": pass}; request = new XMLHttpRequest(); request.open("GET",http://www.google.com/jo=" + myJSONObject,true, null, null); on my .net page I have tried several ways of doing it but not able to find the best way to serialize and deserialize the code. All I need is to send the json data back n forth and parse it on C# n javascript. I am new to all this so any guidance and/or change in direction is appreciated.

  Read the article

• Not Seeing Ajax Requests In Firebug If Header Has Been Modified

  - by FluidFoundation

  Hey braintrust, I'm making an ajax call using jQuery's library to an api, which requires a username and password encoded to base64 be added to the header. here's a basic example: $.ajax({ type: "GET", contentType: 'application/json', beforeSend:function(xhr){ xhr.setRequestHeader("Authentication", "Basic " + base64EncodedValue); } url: 'https://api.company.com/uri/', complete: function(result) { alert(result); } }); But when this fires off, I get a black alert box, so it doesn't appear as if something is coming back. There is no log in the Firebug console that a get ajax request was done. However, if I remove the beforeSend option, I do see the ajax request get logged, but the request gets back a 'not authorized', so it definitely hit the right place. Any ideas on why it's not showing up in Firebug so I can verify the headers are being sent out correctly?

  Read the article

• Windows 7 Home hangs at "Welcome" screen

  - by White Phoenix

  I'm asking on behalf of a friend who's currently having problems with his machine. Windows 7 Home 32-bit. He's too far away for me to help by going over to his house - I'm helping him over the Internet. This is his current machine: http://www.newegg.com/Product/Product.aspx?Item=N82E16883227134 The only two changes he made to that machine is to swap out the gfx card for a EVGA GTX 460 and the PSU for a Corsair TX650. Here's what happened: He was playing a computer game (fairly CPU/GPU intensive) and had some music going in the background in foobar while playing. Suddenly, he notices the music stopped playing, so he switches to foobar to try to close it, but it freezes up (window won't respond). So he figures it's just foobar having a bad day and force quits that program. Suddenly, his game won't respond, so he force quits that, then the entire computer just went to crap at that point, so he hits the restart button on his machine. Computer POSTS fine, but now he gets stuck at the Windows "welcome" screen (his account is set to auto-login). HD activity light is solid yellow but he doesn't hear HDD activity. He tried booting into Safe Mode - gets stuck at the "welcome screen". Tried a STartup Repair within Windows 7, it found a few problems, but still gets stuck at welcome. I advised him to boot off the DVD - sfc /scannow found nothing (couldn't use the regular /scannow option; says there's a repair pending, had to use use offbootdir/offwindir command switches). Ran startup repair 3 times - found nothing. My friend runs virus/malware scans on a regular basis, so he's fairly sure it's not that either. Right now I'm having my friend run chkdsk /R on the computer while in this Startup Recovery mode - so far it's caught a few bad sectors. However at this point I'm kinda wondering which way to go if chkdsk doesn't fix it. Quick Google search said someone had success by booting Windows with bootlogging on - some others have success with running the aforemented chkdsk, etc. The fact that Windows cannot even boot into Safe Mode concerns me. While we're waiting for chkdsk /R to finish, are there any other options I can give my friend short of reinstalling Windows 7? He has his data on a separate partition so that's not a major problem (though it'll be an annoyance for him). I suspect his hard drive may be having some issues, but my main concern is getting him back up and running before we start diagnosing the hard drive (I may have him run some sort of SMART test utility later).

  Read the article

• In native C++, how does one use a SqlCe .sdf database?

  - by Omer Sabic

  Is there a simple way, without .NET? I've found some libraries but none for SqlCe 3.5. There is http://sqlcehelper.codeplex.com/ but it's far from done, since a major feature like using a password is not yet implemented. I've looked at the source and it uses OLEdb to handle the database. The offical Microsoft Northwind example (that is shipped with SQL Compact 3.1, but not with 3.5) also doesn't work, I've tried setting it up with no success. Actually I don't have a sample working code. Was anyone able to set it up paired with a passworded .sdf? What are the alternatives? Thanks.

  Read the article

• ASP.NET - Manual authentication system

  - by Gal V

  Hello all, Wer'e developing an ASP.NET C# application, which will contain an authentication system that authenticates users in multiple levels (user, admin, super-admin, etc.). Our idea is NOT to use the built in ASP.NET forms authentication feature. Our plan is to create a whole 'new' system for it- based on the Session object, and SQL database contains users' info such as username & password. Is there any SERIOUS different between our idea to the Forms authentication feature? What security risks do we take? How do we solve them? Is this a good alternative for the forms authentication feature? Thanks in advance !

  Read the article

• avoid viewstate when post using jquery

  - by nisardotnet

  how can i avoid or rather not send viewstate when i post from jquery? i try to put on the .aspx EnableViewState="false" but has no effect... here is how iam posting my page: var json = "{'firstname':'" + escape(firstname.val()) + "','surname':'" + surname.val() + "','day_fi':'" + day_fi.val() + "'}"; var ajaxPage = "wizard_data_process.aspx?returnId=0"; var options = { type: "POST", url: ajaxPage, data: json, contentType: "application/json;charset=utf-8", dataType: "json", async: false, success: function(response) { //alert("success: " + response); }, error: function(msg) { //alert("failed: " + msg); } }; any help? Data sent to the server : _EVENTTARGET=&_EVENTARGUMENT=&_VIEWSTATE=%2FwEPDwUKMTMyNDEzMjAzM2QYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgEFDGNieE5vTWlkTmFtZXiY9c%2FusiuXmmWoJcK9o1udk5EX&_EVENTVALIDATION=%2FwEWKAL9rv3PAgK5h62pDwKnq8goAo%2BUwaAKAp2VxakCAtyNr8EIAr%2Fiza4EAtKQxe0HAtKQ4e0HAoDiza4EAoTfzqgFAumw5MYJAt%2Bw5MYJAofGq70JArr1ub4HAuKw5MYJAqfRtpcOArS3qtYNAtfYgLgBAu7YgLgBAu%2Bnq4AOAr2l1I8JAoz6iM8PAv2zgs4HAuXbmvMCAum1prUBApuktpcOApXyjvkGAuWixvECApSOke8IAt%2F1gtUKAsK1%2BeEBArKpwL0FAvfnuc0BAtb3964NAq%2Bm6rYIAvK94JEPAqCg9ZcMApmw76wEAsSXxu0O%2B%2F2DDTg9otIrNrwvY0ugwxYyULA%3D&txtFirstName=asdf&txtMiddleName=&txtLastName=&ddlSalutation=&ddlSuffix=&txtEmailAddress=&ddlGender=&txtDateOfBirth=&MaskedEditExtender1_ClientState=&ddlCountryOfBirth=&CascadingDropDown1_ClientState=%3A%3A%3A&ddlStateOfBirth=&CascadingDropDown2_ClientState=%3A%3A%3A&txtCityofBirth=&day_fi=DD&month_fi=MM&year_fi=YYYY&lastFour_fi=XXXX&countryPrefix_fi=%2B358&areaCode_fi=&phoneNumber_fi=&email_fi=nisarkhan%40hotmail.com&username=&password=&retypePassword=&hiddenInputToUpdateATBuffer_CommonToolkitScripts=0

  Read the article

• create cookie in web method

  - by quantum62

  i have a web method that check user in data base via a jquery-ajax method i wanna if client exists in db i create a cookie in client side with user name but i know that response is not available in staticmethod .how can i create a cookie in a method that call with jquery ajax and must be static. its my code that does not work cuz response is not accesible if (olduser.Trim() == username.Trim() && password.Trim()==oldpass.Trim()) { retval =olduser; HttpContext context = HttpContext.Current; context.Session[retval.ToString()] = retval.ToString(); HttpCookie cook = new HttpCookie("userath"); cook["submituser"] = "undifiend"; Response.Cookies.Add(cook); }

  Read the article

• Submitting a form on 'Enter' with jQuery?

  - by b. e. hollenbeck

  I have a bog-standard login form - an email text field, a password field and a submit button on an AIR project that's using HTML/jQuery. When I hit Enter on the form, the entire form's contents vanish, but the form isn't submitted. Does anyone know if this is a Webkit issue (Adobe AIR uses Webkit for HTML), or if I've bunged things up? I tried: $('.input').keypress(function(e){ if(e.which == 13){ $('form#login').submit(); } }); But that neither stopped the clearing behavior, or submitted the form. There's no action associated with the form - could that be the issue? Can I put a javascript function in the action?

  Read the article

• WordPress MU: Login from main page but not individual blogs

  - by bradrhine

  I recently upgraded to WPMU 2.8.6 and ever since, my users can't log in on their individual blogs, but they can log in from the main page. My site is at blogs.mtwp.net (we're a school district). So if a user goes to blogs.mtwp.net/BLOGNAME/wp-login.php, their password is rejected. If they go toblogs.mtwp.net/wp-login.php, they can log in and get to the dashboard from there. But it's not all users. Site admins can get in just fine. We're using wpDirAuth 1.4 if that makes a difference. Honestly, I'm stumped. Any help would be very much appreciated. Thanks!

  Read the article

• Teamcity NTLM Authentication change - admin user lost in transition

  - by hawkeye

  I've switched in teamcity from using basic authentication to using NTLM, on an existing installation. This works fine, except that the admin user didn't have a corresponding NT account, and so doesn't work on the NTLM configuration. (It is easy to roll back, so it is not a stress). My question is - what is the command to set a user to admin manually - ie modifying the database? (like this: TeamCity forgotten admin password - where to look?) but changing the role of a user to global system administrator.

  Read the article

• Connection Strings between Web Application and SQL Server

  - by Raven Dreamer

  Greetings. I'm writing a web application that is supposed to connect to a SQL Server database; the connection is formed from the following database string: <add key="DatabaseConnectionString" value="server=DEVPC1\SQLEXPRESS;uid=USERID;pwd=PASSWORD;database=DATABASE"/> However, whenever I try and run the web application, I get a connection error, specifically: An error occurred attempting this login: Login failed for user 'USERID'. Any suggestions on how to go about debugging this? I'm not really familiar with SQL, so any suggestions would be greatly appreciated.

  Read the article

• Rails 3.o MYSQL connection problem

  - by palani

  Hi I have installed RVM in my ubunut linux box and configured the Rails 3 app in that ... i can able to start app server... my problem is when i invoke http://localhost:3000 . i getting the follwing error Mysql::Error (Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)): I checked mysqld service is running well. I checked my database.yml file .... the defined well development: adapter: mysql encoding: utf8 reconnect: false database: test_development username: root password: admin socket: /var/run/mysqld/mysqld.sock my installed mysql gem version is 2.8.1.... I really don't know what is the problem here....

  Read the article

• jQuery .html works but .load causes some weird results.

  - by J Harley

  Hello, I am currently working on some jQuery - it works perfectly when I uses .html but when I changed the method to .load and attempt to load a page in breaks the jquery on the rest of the page. Any ideas? <script type="text/javascript"> $(document).ready(function() { var $dialog = $('<div></div>') .load ('ClientLogin.asp') /* .html('Username : Password : ') */ .dialog({ width: 460, modal: true, autoOpen: false, title: 'Please enter your account details to login:', buttons: { "Login": function() { LoginForm.submit(); }, Cancel: function() { $(this).dialog('close'); } } }); $('#opener').click(function() { $dialog.dialog('open'); }); }); Any help is gratefully received. Many Thanks, Joel

  Read the article

• Invoke an action that is using ASP.NET MVC [Authorize] from outside the application

  - by Nate Bross

  Is this possible? I'd like to expose a URL (action) such as http://mysever/myapp/UpdateHeartbeat/. In my MVC application it looks like [Authorize] [AcceptsVerbs(HttpVerbs.Post)] public ActionResult UpdateHeartbeat() { // update date in DB to DateTime.Now } Now, in my MVC application the user has logged in via FORMS authentication and they can execute that action to their hearts content. What I want to do, is hit that URL progromatically (as part of an API that I wouldl like to build) -- is there a way I can do that without removing the [Authorize] attribute and adding username/password as parameters to the POST?

  Read the article

• Servlet Session - switch from URL Rewriting to Cookie

  - by lajuette

  Situation: I have a "dumb" Javascript frontend that can contact some kind of SSO middleware (MW). The MW can obtain sessions by issuing requests that contain authentication credentials (username, password). I.e. the session will be created for a certain user. My frontend needs to "restart" the session to gain the user's permissions to the target system. For that i need a valid session cookie. The target system is not under my control (could be a more or less public WFS, WMS, etc.), so i cannot add any SSO mechanism to it. Question: Is it possible to "steal" a Session forging a request which URL contains a valid session ID in the jsessionid parameter? Goal : Issue such a request to a Servlet and make it respond with a Set-Cookie header that contains the same id. That way the frontend joins the session and may do whatever the user, which was used to create the session, is able to do.

  Read the article

• Sharepoint Site Administration

  - by Shrewd Demon

  Hey, I've got a SharePoint website running on my machine (which it shows me inside the Application Pool in the Inet Manager). Now this website has a different user credentials specified under the Identity section (properties). Also when I view the w3wp.exe in the task manager it shows that the site is running as a different user. The problem is that if I change the username and password of the existing user with mine, the site stops working. How do I run it under my account credentials. Please help. Thanks

  Read the article

• How do I authenticate a Twitter user and access the API without leaving my iPhone app?

  - by thebossman

  I'd like to allow users to send out Tweets from my iPhone app. That's all the functionality I need at the moment. From what I know of the Twitter API, there's a standard authentication mechanism, which allows the developer to include the user's name and password in the request string that the application sends to Twitter. This method will no longer be supported come June 30, 2010. Given the timeframe, the better other choice is oAuth. One of the caveats of oAuth is that it requires a UIWebView to pop up within the app to allow the user to enter his or her credentials or a PIN number. None of the Twitter apps on my phone do this, however: Tweetie, TweetDeck and Twitterific. I assume they're using the first authentication method, but it seems like Twitter wouldn't deprecate an API that would hurt the user experience across the board. There must be an alternative method--what am I missing?

  Read the article

• Devise email confirmation from localhost

  - by John

  I am able to get the registration confirmation email to send out in deployment on Heroku, but when I try a registration on localhost:3000, I get the following error: undefined local variable or method `confirmed_at' for #<User:0xb67a1ff0> In my config/environments/production.rb file I have: config.action_mailer.default_url_options = { :host => 'xxxx.com' } And I have an initializer file with the following format: ActionMailer::Base.smtp_settings = { :user_name => "[email protected]", :password => "xxxxxx", :domain => "xxxx.com", :address => "smtp.sendgrid.net", :port => "xxx", :authentication => :plain, :enable_starttls_auto => true }; What settings do I need to get the localhost working? Thanks! John

  Read the article

• Spring 3 - Custom Security

  - by Eqbal

  I am in the process of converting a legacy application from proprietary technology to a Spring based web app, leaving the backend system as is. The login service is provided by the backend system through a function call that takes in some parameter (username, password plus some others) and provides an output that includes the authroizations for the user and other properties like firstname, lastname etc. What do I need to do to weave this into Spring 3.0 security module. Looks like I need to provide a custom AuthenticationProvider implementation (is this where I call the backend function?). Do I also need a custom User and UserDetailsService implementation which needs loadUserByName(String userName)? Any pointers on good documentation for this? The reference that came with the download is okay, but doesn't help too much in terms of implementing custom security.

  Read the article

• C#: Check if administrator has write access to a file

  - by Bilal Aslam

  The Problem: I need to check if a user (local user or domain user, either one is possible) has write access to a file (if you're curious, %windir%\system32\inetsrv\applicationHost.config. This file is protected by Windows and you need to be an administrator to write to it.) My Solution: The general construct is: using (Impersonator impersonator = new Impersonator(domain, username, password)) { try { using (FileStream fs = File.OpenWrite(appHostConfigPath)) { return true; } catch { return false; } } As you can imagine, the Impersonator class is an IDisposible which uses native interop to call LogonUser. Nothing too creative, and it works. Where I am stuck: On Windows OSs with UAC enabled, this function always return false even if the user specified by username is an administrator. Even though my program is running elevated as an administrator, I suspect what's happening is that the impersonated code is running as a limited administrator. Hence, the method is returning false. I don't have any creative solutions to this. Can anyone help?

  Read the article

• Drupal on IIS - Cannot connect to the database

  - by Patrick

  hi, I've hard time to make Drupal work on IIS Microsoft server. I've succesfully run Joomla on the same server so I'm pretty sure the following information are correct: host: localhost user: user pass: pass databaseName = servername_databasename I've set the following line in settings.php file: $db_url = 'mysql://user:password@localhost/servername_databasename'; but what I get is this: If you are the maintainer of this site, please check your database settings in the settings.php file and ensure that your hosting provider's database server is running. For more help, see the handbook, or contact your hosting provider. I don't get any other error message such as: database doesn't exist, user/pass wrong.. just this. The database is running, I can access with phpmyadmin. I've tried both "mysql" and "mysqli". The host is a private server (IIS Microsoft), the database is Mysql The database and website files upload have also been succesfull.. so I dunno what to do to fix this issue. thanks

  Read the article

• Flex: Result event given multiple times

  - by Tom

  Hello everybody!! I am trying to learn Flex and now i have the next code: http://pastebin.com/rZwxF7w1 This code is for my login component. I want to get a special string for encrypting my password. This string is given by my authservice. But when i login i get a multiple times a alert with Done(line 69 in the pastebin code or line 4 in the code on the bottom of this question). But i want that it shows one single time. Does someone know what is wrong with this code? Tom protected function tryLogin():void { encryptStringResult.addEventListener('result', function(event:ResultEvent):void { var encryptString:String = event.result.toString(); Alert.show('Done'); }); encryptStringResult.token = auth.getEncryptString(); }

  Read the article

• Object reference error even when object is not null

  - by Shrewd Demon

  hi, i have an application wherein i have incorporate a "Remember Me" feature for the login screen. I do this by creating a cookie when the user logs in for the first time, so next time when the user visits the site i get the cookie and load the user information. i have written the code for loading user information in a common class in the App_Code folder...and all my pages inherit from this class. code for loading the user info is as follows: public static void LoadUserDetails(string emailId) { UsersEnt currentUser = UsersBL.LoadUserInfo(emailId); if (currentUser != null) HttpContext.Current.Session["CurrentUser"] = currentUser; } Now the problem is i get an "Object reference" error when i try to store the currentUser object in the session variable (even though the currentUser object is not null). However the password property in the currentUser object is null. Am i getting the error because of this...or is there some other reason?? thank you

  Read the article

• Nagios core Event Handler not working

  - by sivashanmugam

  Nagios Event Handler is not triggering when the service is taking more time to response or down. My configuration in below nagios.cfg enable_event_handlers=1 localhost.cfg define service { use generic-service host_name Server service_description test-server servicegroups test-service check_command check-service is_volatile 0 check_period 24x7 max_check_attempts 4 normal_check_interval 2 retry_check_interval 2 contact_groups testcontacts notification_period 24x7 notification_options w,u,c,r notifications_enabled 1 event_handler_enabled 1 event_handler recheck-service } command.cfg define command{ command_name recheck-service command_line /usr/local/nagios/libexec/alert.sh $SERVICESTATE$ $SERVICESTATETYPE$ $SERVICEATTEMPT$ } alert.sh file !/bin/sh set -x case "$1" in OK) # The service just came back up, so don't do anything... ;; WARNING) # We don't really care about warning states, since the service is probably still running... ;; UNKNOWN) # We don't know what might be causing an unknown error, so don't do anything... ;; CRITICAL) Aha! The HTTP service appears to have a problem - perhaps we should restart the server... Is this a "soft" or a "hard" state? case "$2" in We're in a "soft" state, meaning that Nagios is in the middle of retrying the check before it turns into a "hard" state and contacts get notified... SOFT) # What check attempt are we on? We don't want to restart the web server on the first check, because it may just be a fluke! case "$3" in Wait until the check has been tried 3 times before restarting the web server. If the check fails on the 4th time (after we restart the web server), the state type will turn to "hard" and contacts will be notified of the problem. Hopefully this will restart the web server successfully, so the 4th check will result in a "soft" recovery. If that happens no one gets notified because we fixed the problem! 3) echo -n "Going To Ping the Virtual Machine (3rd soft critical state)..." # Call the init script to restart the HTTPD server myresult=`/usr/local/nagios/libexec/check_http xyz.com -t 100 | grep 'time'| awk '{print $10}'` echo "Your Service Is taking the following time Delay" "$myresult Seconds" |mail -s "WARNING : Service Taken More Time To Response" [email protected] ;; esac ;; # The HTTP service somehow managed to turn into a hard error without getting fixed. # It should have been restarted by the code above, but for some reason it didn't. # Let's give it one last try, shall we? # Note: Contacts have already been notified of a problem with the service at this

  Read the article

< Previous Page | 408 409 410 411 412 413 414 415 416 417 418 419  | Next Page >