Search Results

Search found 32274 results on 1291 pages for 'access specifier'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 425/1291 | < Previous Page | 421 422 423 424 425 426 427 428 429 430 431 432  | Next Page >

  • MVC 2 AntiForgeryToken - Why symmetric encryption + IPrinciple?

    - by Brad R
    We recently updated our solution to MVC 2, and this has updated the way that the AntiForgeryToken works. Unfortunately this does not fit with our AJAX framework any more. The problem is that MVC 2 now uses symmetric encryption to encode some properties about the user, including the user's Name property (from IPrincipal). We are able to securely register a new user using AJAX, after which subsequent AJAX calls will be invalid as the anti forgery token will change when the user has been granted a new principal. There are also other cases when this may happen, such as a user updating their name etc. My main question is why does MVC 2 even bother using symmetric encryption? Any then why does it care about the user name property on the principal? If my understanding is correct then any random shared secret will do. The basic principle is that the user will be sent a cookie with some specific data (HttpOnly!). This cookie is then required to match a form variable sent back with each request that may have side effects (POST's usually). Since this is only meant to protect from cross site attacks it is easy to craft up a response that would easily pass the test, but only if you had full access to the cookie. Since a cross site attacker is not going to have access to your user cookies you are protected. By using symmetric encryption, what is the advantage in checking the contents of the cookie? That is, if I already have sent an HttpOnly cookie the attacker cannot override it (unless a browser has a major security issue), so why do I then need to check it again? After having a think about it it appears to be one of those 'added layer of security' cases - but if your first line of defence has fallen (HttpOnly) then the attacker is going to get past the second layer anyway as they have full access to the users cookie collection, and could just impersonate them directly, instead of using an indirect XSS/CSRF attack. Of course I could be missing a major issue, but I haven't found it yet. If there are some obvious or subtle issues at play here then I would like to be aware of them.

    Read the article

  • PHP: Symlink in public_html cannot be accessed through browser

    - by Rachel
    I have tester.php file which I want to run on the browser and I have created symlink to it in my public_html folder, but still when I try to run it, its not working and gives me following error message. Access forbidden! You don't have permission to access the requested object. It is either read-protected or not readable by the server. If you think this is a server error, please contact the webmaster. Error 403 web.upc03.dev.com Sun Apr 4 22:41:23 2010 Apache I am not sure as to why am I getting this error message, I have check all file permissions settings and it seems to be fine. My File permissions settings are: lrwxrwxrwx for tester.php Is there something that should be done other way or is this not the proper approach ?

    Read the article

  • How can I block based on URL (from address bar) in a safari extension

    - by PerilousApricot
    I'm trying to write an extension that will block access to (configurable) list of URLs if they are accessed more than N times per hour. From what I understand, I need to have a start script pass a "should I load this" message to a global HTML page (who can access the settings object to get the list of URLs), who will give a thumbs up/thumbs down message back to the start script to deny/allow loading. That works out fine for me, but when I use the usual beforeLoad/canLoad handlers, I get messages for all the sub-items that need to be loaded (images/etc..), which screws up the #accesses/hour limit I'm trying to make. Is there a way to synchronously pass messages back and forth between the two sandboxes so I can tell the global HTML page, "this is the URL in the window bar and the timestamp for when this request came in", so I can limit duplicate requests? Thanks!

    Read the article

  • Spring security accessing principal

    - by wuntee
    When using spring security, specifically with @notation; what is the proper way to access the principal in a Controller? Lets say the following is my controller, but I would like to access the principal in the secure() method somewhere... @Controller public class LoginController { @RequestMapping(value = "/login", method = RequestMethod.GET) public String login(ModelMap map, @RequestParam(value="fail" , required=false) String fail){ map.addAttribute("title", "Login: AD Credentials"); if(fail != null){ map.addAttribute("error", "Invalid credentials"); } return("login"); } @RequestMapping("/secure") @PreAuthorize("isAuthenticated()") public String secure(ModelMap map, String principal){ System.out.println(principal); return("secure"); } }

    Read the article

  • MS SQL 2005/2008: Identify current user

    - by Torben H.
    Hello I have a web application, which is using a MS SQL 2005 database. My problem is, that the application has no rolemanagement. So the application always accesses the database with one default user. But now I have to save and access a value only for the current user. Is there any way to do this? Maybe something like a session on the webserver? The best way would be, if there is any possibility to access the current session id of the webserver from T-SQL. Do anyone understand my problem? :) Torben

    Read the article

  • Recover data from hard disk

    - by Hitesh Solanki
    Hi I have formatted my c: drive and window xp is installed successfully,but I cannot able to access d: drive. when I am trying to double click on the d: drive,following message is displayed: "the disk in drive D: is not formatted, do you want to format it now ? " When I am trying to access from command prompt,the following message is displayed: "The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted." So please help me.... Thanks in advance....

    Read the article

  • How would you audit ASP.NET Membership tables, while recording what user made the changes?

    - by Pete
    Using a trigger-based approach to audit logging, I am recording the history of changes made to tables in the database. The approach I'm using (with a static sql server login) to record which user made the change involves running a stored procedure at the outset of each database connection. The triggers use this username when recording the audit rows. (The triggers are provided by the product OmniAudit.) However, the ASP.NET Membership tables are accessed primarily through the Membership API. I need to pass in the current user's identity when the Membership API opens its database connection. I tried subclassing MembershipProvider but I cannot access the underlying database connection. It seems like this would be a common problem. Does anyone know of any hooks we can access when the ASP.NET Membership makes its database connection?

    Read the article

  • Ninject Given Path's format is not supported

    - by David Osborn
    The Ninject initialization works fine when i run my application directly from VS2010, but if I deploy the application to our custom "plugin" environment I get this error when I run the app and it tries to initialize Ninject. Error during initialization The given path's format is not supported. ERROR : The given path's format is not supported. Type : NotSupportedException Location: System.String CanonicalizePath(System.String, Boolean) Stack Trace: at System.Security.Util.StringExpressionSet.CanonicalizePath(String path, Boolean needFullPath) at System.Security.Util.StringExpressionSet.CreateListFromExpressions(String[] str, Boolean needFullPath) at System.Security.Permissions.FileIOPermission.AddPathList(FileIOPermissionAccess access, AccessControlActions control, String[] pathListOrig, Boolean checkForDuplicates, Boolean needFullPath, Boolean copyPathList) at System.Security.Permissions.FileIOPermission..ctor(FileIOPermissionAccess access, String[] pathList, Boolean checkForDuplicates, Boolean needFullPath) at System.IO.Path.GetFullPath(String path) at Ninject.Modules.ModuleLoader.NormalizePath(String path) at Ninject.Modules.ModuleLoader.GetFilesMatchingPattern(String pattern) at Ninject.Modules.ModuleLoader.b_0(String pattern) at System.Linq.Enumerable.d_142.MoveNext() at System.Linq.Lookup2.Create[TSource](IEnumerable1 source, Func2 keySelector, Func2 elementSelector, IEqualityComparer1 comparer) at System.Linq.GroupedEnumerable3.GetEnumerator() at Ninject.Modules.ModuleLoader.LoadModules(IEnumerable1 patterns) at Ninject.KernelBase.Load(IEnumerable`1 filePatterns) at Ninject.KernelBase..ctor(IComponentContainer components, INinjectSettings settings, INinjectModule[] modules) at Ninject.KernelBase..ctor(INinjectModule[] modules) at MyApp.Ioc.ResolveType.Initialize() at MyApp.Program.Run()

    Read the article

  • Sending message to windows service by web page

    - by Enriquev
    Hello, How could I do this with no access denied problem? I have a windows service: protected override void OnCustomCommand(int command) { if (command == 1) { foreach (Process traceProcess in Process.GetProcessesByName("notepad.exe")) { traceProcess.Kill(); } } } when I do this: ServiceController sc = new ServiceController("ProjectManager"); if (sc != null) sc.ExecuteCommand(1); From a windows forms it works, but not from a web page, I get access denied on sc.ExecuteCommand. What's the best way for a web page to talk to a service?

    Read the article

  • Which layer should create DataContext?

    - by Kevin
    I have a problem to decide which layer in my system should create DataContext. I have read a book, saying that if do not pass the same DataContext object for all the database updates, it will sometimes get an exception thrown from the DataContext. That's why i initially create new instance of DataContext in business layer, and pass it into data access layer. So that the same datacontext is used for all the updates. But this lead to one design problem, if i wanna change my DAL to Non-LinqToSQL in future, i need to re-write the code in business layer as well. Please give me some advice on this. Thanks. Example code 'Business Layer Public Sub SaveData(name As String) Using ts AS New TransactionScope() Using db As New MyDataContext() DAL.Insert(db,name) DAL.Insert(db,name) End Using ts.Complete() End Using End Sub 'Data Access Layer Public Sub Insert(db as MyDataContext,name As string) db.TableAInsert(name) End Sub

    Read the article

  • Group SQL tables in SQL Server Management Studio object explorer

    - by MainMa
    I have a table which has approximately sixty tables, and other tables are added constantly. Each table is a part of a schema. A such quantity of tables makes it difficult to use Microsoft SQL Server Management Studio 2008. For example, I must scroll up in object explorer to access database related functions, or scroll down each time I need to access Views or Security features. Is it possible to group several tables to be able to expand or collapse them in Object Explorer? Maybe a folder may be displayed for each schema, letting collapse the folders I don't need to use?

    Read the article

  • Drupal, mysql server settings

    - by Patrick
    hi, I've a problem to configure database settings in Drupal. I will propose here some sample data: Database Mysql: Database: databaseName User: user Password: password Server: server.com Server Choice: mysqldb2 (in phpmyadmin I have this option and I can choose between mysqldb1 and mysqldb2 to access to the mysql server) The error message I get is: The mysql error was: Access denied for user: 'user@localhost' (Using password: YES). I've tried the following lines in settings.php but I always get the same error message: $db_url = 'mysql://user:password@localhost/databaseName'; $db_url = 'mysql://user:password@localhost/databaseName/mysqldb2'; The user and password work in phpmyadmin so I'm sure they are correct. thanks

    Read the article

  • MySQLdb through proxy

    - by MihaiD
    I'm using the above mentioned Python lib to connect to a MySQL server. So far I've worked locally and all worked fine, until i realized I'll have to use my program in a network where all access goes through a proxy. Does anyone now how I can set the connections managed by that lib to use a proxy? Alternatively: do you know of another Python lib for MySQL that can handle this? I also have no idea if the if the proxy server will allow access to the standard MySQL port or how I can trick it to allow it. Help on this is also welcomed.

    Read the article

  • Retrieving JSON from a web URL

    - by npeterson
    This may be a terribly uninformed question, brace yourself. A company I'm working with has given an 'API' that I can use to access orders, however, there are only two real commands, getorders and getorderdetails. These commands are put in the format of http://www.server.com/path/to/the/orderapi/getorders/UniqueKey/ If I go to that web address, I'm prompted for a username and password, and once authenticating, get presented with a page of JSON formatted order details, contained in the body of the html page. I would like a service to check this information and create orders in our crm based on it, is there an obvious way to access it without the browser/client interaction?

    Read the article

  • ObjectDisposedException from core .NET code

    - by John
    I'm having this issue with a live app. (Unfortunately this is post-mortem debugging - I only have this stack trace. I've never seen this personally, nor am I able to reproduce). I get this Exception: message=Cannot access a disposed object. Object name: 'Button'. exceptionMessage=Cannot access a disposed object. Object name: 'Button'. exceptionDetails=System.ObjectDisposedException: Cannot access a disposed object. Object name: 'Button'. at System.Windows.Forms.Control.CreateHandle() at System.Windows.Forms.Control.get_Handle() at System.Windows.Forms.Control.PointToScreen(Point p) at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent) at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.ButtonBase.WndProc(Message& m) at System.Windows.Forms.Button.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) exceptionSource=System.Windows.Forms exceptionTargetSite=Void CreateHandle() It looks like a mouse event is arriving at a form after the form has been disposed. Note there is none of my code in this stack trace. The only weird (?) thing I'm doing, is that I do tend to Dispose() Forms quite aggressively when I use them with ShowModal() (see "Aside" below). But I only do this after ShowModal() has returned (that should be safe right)? I think I read that events might be queued up in the event queue, but I can't believe this would be the problem. I mean surely the framework must be tolerant to old messages? I can well imagine that under stress messages might back-log and surely the window might go away at any time? Any ideas? If you could even suggest ways of reproducing, that might be useful. John Aside: TBH I've never quite understood whether calling Dispose() after Form.ShowDialog() is strictly necessary - the MSDN docs for ShowDialog() are to my mind a bit ambiguous.

    Read the article

  • oauth process for twitter. the difference between client and web application

    - by Radek
    I managed to make the oauth process work for PIN kind of verification. My twitter application is client type. When enter authorize url into web browser and grant the application access then I have to enter pin in my ruby application. Can I finish the process of getting access token without the pin thing? My current code is like. What changes do I need to do to make it work without pin? gem 'oauth' require 'oauth/consumer' consumer_key = 'w855B2MEJWQr0SoNDrnBKA' consumer_secret ='yLK3Nk1xCWX30p07Id1ahxlXULOkucq5Rve28pNVwE' consumer=OAuth::Consumer.new consumer_key, consumer_secret, {:site=>"http://twitter.com"} request_token = consumer.get_request_token puts request_token.authorize_url puts "Hit enter when you have completed authorization." pin = STDIN.readline.chomp access_token = request_token.get_access_token(:oauth_verifier => pin) puts puts access_token.token puts access_token.secret

    Read the article

  • SQL server 2005 - user rights

    - by Paresh
    I have created one user named "tuser" with create database rights in SQL server 2005. and given the 'db_owner' database role of master and msdb database to "tuser". From this user login when I run the script for create database then it will create new database. But "tuser" don't have access that newly created database generated from script. Any one have any idea?, I want to write the script so "tuser" have access that new created database after creation and can have add user permission of newly created database. I want to give 'db_owner' database roles to "tuser" on that newly created database in the same script which create new database. The script run under 'tuser'.

    Read the article

  • Broadcast-style Bluetooth using Sockets on the iPhone?

    - by Kyle
    Is there any way to open a broadcast bluetooth socket, take a listen and send replies? I want a proper peer to peer system where I broadcast and listen for broadcasts in an area. That way, variable clients can mingle. Is this possible? My theory is this: If GameKit can sit around wasting 25 seconds of the users time whilst having access to a broadcast socket, can't I? Or, must I be in kernel mode for such access? I'm not really sure where the proper bluetooth headers are as well. Thanks for reading!

    Read the article

  • Tables are not visible in SQL Server Management Studio but they are in Visual Studio using same acco

    - by Germ
    I'm experiencing a weird problem with a particular SQL login. When I connect to the server in Microsoft SQL Server Management Studio (2008) using this account, I cannot see any of the tables, stored procedures etc. that this account should have access to. When I connect to the same server within Visual Studio (2008) with the same account everything is there. I've also had a co-worker connect to the server using the same login and he's able to view everything as well. The strange thing is if I switch logins, I'm able to view objects that the other account has access to which indicates that there isn't a problem with MSSMS on my PC. Does anyone have any suggestions on how I can diagnose this problem? I've check to make sure I don't have any Table filters etc.

    Read the article

  • How can I disable multiple links with jQuery?

    - by Samantha J
    I have the following HTML: <a title="Login" data-href="/MyAccount/Access/Login" data-title="Admin" data-entity="n/a" id="loginLink" class="nav-button dialogLink"><b>Login</b></a> <a title="Register" data-href="/MyAccount/Access/Register" data-title="Admin" data-entity="n/a" id="registerLink" class="nav-button dialogLink"><b>Register</b></a> When a user clicks on the #loginLink or #registerLink I would like to disable the link and call a dialog script. I created the following function: $("#loginLink, #registerLink") .click(function () { $('#loginLink').prop('disabled', true); $('#registerLink').prop('disabled', true); dialog(this); }); It calls the dialog correctly but doesn't disable the links and if I click the buttons more than once it calls up more than one dialog box. Is there something I am doing wrong? I can't see why it would not work.

    Read the article

  • SQL Server: Granting db_datawriter on all databases

    - by Michael J Swart
    I want to manage permissions and access to a SQL Server database server on a development machine. I've created a local windows group (called DBReaderGroup) and assigned various people to it. The group was created as a SQL Server login successfully: create login [MYMACHINE\DBReaderGroup] from windows My goal is to grant this group read/write access to all databases (which are constantly being added and dropped). Is it possible to configure the right settings so that SQL Server manages this? My biggest challenge is that each time a db is created, I have to update the "User Mapping" settings for this group on the new database. Am I missing something simple?

    Read the article

  • UrlHelper and ViewContext inside an Authorization Attribute

    - by DM
    I have a scenario that I haven't been able to solve: I'm toying around with creating my own custom authorization attribute for mvc. The main bit of functionality I would like to add is to have the ability to change where the user gets redirected if they are not in a certain role. I don't mind that the system sends them back to the login page if they're not authenticated, but I would like to choose where to send them if they are authenticated but not allowed to access that action method. Here's is what I would like to do: public class CustomAuthorizeAttribute : AuthorizeAttribute { public string Action; public string Controller; protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { // if User is authenticated but not in the correct role string url = Url.Action(this.Action, this.Controller); httpContext.Response.Redirect(url); } } And as an added bonus I would like to have access to ViewContext and TempData before I do the redirect. Any thoughts on how I could get instantiate a UrlHelper and ViewContext in the attribute?

    Read the article

  • Is it feasible to write a Firefox plugin to make use of ActiveX control on Windows?

    - by Gary B2312321321
    I use an ActiveX control called TAPIEx enabling TAPI phone system integration using MS Access 2000 (+Visual Basic). I want to turn this Access database into a web app with the clients running Firefox (all on internal network). Since Firefox doesnt support ActiveX is it feasible for me to write a Firefox plugin that in turn utilizes the ActiveX control? With regard to how plugins work - Would I be able to call 'functions' of the plugin from page script (eg dial call specifying phone number, check if calls in process)? Would adding these functions to the Firefox right click menu 'globally' inside Firefox be easier? Hope you guys can help. Note I'm not a fulltime programmer; I just need to know how steep the learning curve will be or even if my idea is possible! Ive now found a project to allow using activex controls in firefox that seems to be quite up to date at: http://code.google.com/p/ff-activex-host/

    Read the article

  • VS2008: File creation fails randomly in unit testing?

    - by Tim
    I'm working on implementing a reasonably simple XML serializer/deserializer (log file parser) application in C# .NET with VS 2008. I have about 50 unit tests right now for various parts of the code (mostly for the various serialization operations), and some of them seem to be failing mostly at random when they deal with file I/O. The way the tests are structured is that in the test setup method, I create a new empty file at a certain predetermined location, and close the stream I get back. Then I run some basic tests on the file (varying by what exactly is under test). In the cleanup method, I delete the file again. A large portion (usually 30 or more, though the number varies run to run) of my unit tests will fail at the initialize method, claiming they can't access the file I'm trying to create. I can't pin down the exact reason, since a test that will work one run fails the next; they all succeed when run individually. What's the problem here? Why can't I access this file across multiple unit tests? Relevant methods for a unit test that will fail some of the time: [TestInitialize()] public void LogFileTestInitialize() { this.testFolder = System.Environment.GetFolderPath( System.Environment.SpecialFolder.LocalApplicationData ); this.testPath = this.testFolder + "\\empty.lfp"; System.IO.File.Create(this.testPath); } [TestMethod()] public void LogFileConstructorTest() { string filePath = this.testPath; LogFile target = new LogFile(filePath); Assert.AreNotEqual(null, target); Assert.AreEqual(this.testPath, target.filePath); Assert.AreEqual("empty.lfp", target.fileName); Assert.AreEqual(this.testFolder + "\\empty.lfp.lfpdat", target.metaPath); } [TestCleanup()] public void LogFileTestCleanup() { System.IO.File.Delete(this.testPath); } And the LogFile() constructor: public LogFile(String filePath) { this.entries = new List<Entry>(); this.filePath = filePath; this.metaPath = filePath + ".lfpdat"; this.fileName = filePath.Substring(filePath.LastIndexOf("\\") + 1); } The precise error message: Initialization method LogFileParserTester.LogFileTest.LogFileTestInitialize threw exception. System.IO.IOException: System.IO.IOException: The process cannot access the file 'C:\Users\<user>\AppData\Local\empty.lfp' because it is being used by another process..

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 421 422 423 424 425 426 427 428 429 430 431 432  | Next Page >