Search Results

Search found 68155 results on 2727 pages for 'data security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 428/2727 | < Previous Page | 424 425 426 427 428 429 430 431 432 433 434 435  | Next Page >

  • Claims-based Authentication: Are strings the essence of claims?

    - by Rising Star
    I've been programming with claims-based authentication for some time now with Windows Identity Foundation. It appears to me that in Windows Identity Foundation, once a user is logged in, the claims are basically strings of information that describe the user. With the old role-based authentication, I could say that a user is or is not a member of a given group, but with claims-based authentication, I can now have strings of information that describe a user. "This user is female". This user was born on "July 6, 1975". "This user logged in using a USB key". Is it the essence of claims-based authentication,that I have strings of information about the user given to the application by the framework?

    Read the article

  • Streaming data to the browser as a file of unknown size

    - by Sir Psycho
    I have some data which is queried from the database and I'd like to send it to the client as a csv file. The file size varies each time due to the fact that the DB data returned can be of any size. Instead of saving this file to the hard disk, I'd like to send it to the browser at the same time it's being processed into a CSV by my algorithm. Response.Write seems useless. For some reason, the file download dialog is only displayed once my processing is finished. This seems odd as I'm writting all my output to the Response.Output stream. I have downloaded files on the web before where the filesize is not known and the browser just keeps on downloading. Is there any way to achieve this? The following stackoverflow thread did not offer any good advise. http://stackoverflow.com/questions/873995/asp-net-downloading-large-files-of-unknown-size Thanks

    Read the article

  • How to hash and salt passwords

    - by Henrik Skogmo
    I realize that this topic have been brought up sometimes, but I find myself not entirely sure on the topic just yet. What I am wondering about how do you salt a hash and work with the salted hash? If the password is encrypted with a random generated salt, how can the we verify it when the user tries to authenticate? Do we need to store the generated hash in our database as well? Is there any specific way the salt preferably should be generated? Which encryption method is favored to be used? From what I hear sha256 is quite alright. And lastly, would it be an idea to have the hash "re-salted" when the user authenticates? Thank you!

    Read the article

  • json service from data scraping with php

    - by fredz0003
    I am trying to figure out what is the best way to make this work, I am new to php. I was able to make my script work to find specific data on my htm file with the following script tested on my local server. <?php include ('simple_html_dom.php'); //create DOM from URL or local file $html = file_get_html ('Lotto Texas.htm'); //find td class name currLotWinnum and store in variable winNumbers foreach($html ->find('td.currLotWinnum') as $winNumbers) //print winNumbers echo "<b>The winning numbers are</b><br>"; echo $winNumbers -> innertext . '<br>'; ?> Need some light here, ultimately I would like to create a web service to return json format and access that data from my iOS application using NSJSONSerialization class.

    Read the article

  • Processing XML file with Huge data

    - by Manish Dhanotiya
    Hi,be m I am working on an application which has below requiements - 1. Download a ZIP file from a server. 2. Uncompress the ZIP file, get the content (which is in XML format) from this file into a String. 3. Pass this content into another method for parsing and further processing. Now, my concerns here is the XML file may be of Huge size say like '100MB', and my JVM has memory of only 512 MB, so how can I get this content into Chunks and pass for Parsing and then insert the data into PL/SQL tables. Since there can be multiple requests running at the same time and considering 512MB of memory what will be the best possible to process this. How I can get the data into Chunks and pass it as Stream for XML parsing. I googled on this, but didnt find any implementation. :( Thanks,

    Read the article

  • How to get data in the servlet send via dojo.xhrPost

    - by snell
    > var xhrArgs = { > url: '/mum/proxy/http/localhost:8080/DemoProject/MyServlet', > postData:' MyDataToBeSend', > handleAs: 'text', > load: function(data) { }, > error: function(error) {alert(error);}}; var ret = > dojo.xhrGet(xhrArgs); Hi All, I have written the above code in Javascript to send data to a servlet. But I am not understanding how to get the postData in the servlet.

    Read the article

  • An old flaw in X Window System. How does it work?

    - by Legend
    I was going through an article today when it mentioned the following: "We've found many errors over the years. One of the absolute best was the following in the X Window System: if(getuid() != 0 && geteuid == 0) { ErrorF("Only root"); exit(1); } It allowed any local user to get root access. (The tautological check geteuid == 0 was intended to be geteuid() == 0. In its current form, it compress the address of geteuid to 0; given that the function exists, its address is never 0)." The article explained what was wrong with the code but I would like to know what it means to say that "It allowed any local user to get root access". I am not an expert in C but can someone give me an exact context in which this exploit would work? Specifically, what I mean is, lets say I am the local user, how would I get root access if we assume this code to be present somewhere?

    Read the article

  • Searching for the right pattern to handle login data

    - by stevebot
    Hi all, I'm working on a controller that handles logins for a Web app. These logins will come from multiple clients but will all contain the same data. However, depending on the client, this data will be interpreted into common entities for our webapp differently. For instance, we have a user code that gets sent in, and in one case we may use the first four digits of the code, and in another case 12 digits of the code to map to a field on a User entity. Instead of handling this all in the controller and having big nasty if blocks of logic, I would like to use a pattern to handle how this information gets ingested into our application. What are your opinions?

    Read the article

  • Cross-Application User Authentication

    - by Chris Lieb
    We have a webapp written in .NET that uses NTLM for SSO. We are writing a new webapp in Java that will tightly integrate with the original application. Unfortunately, Java has no support for performing the server portion of NTLM authentication and the only library that I can find requires too much setup to be allowed by IT. To work around this, I came up with a remote authentication scheme to work across applications and would like your opinions on it. It does not need to be extremely secure, but at the same time not easily be broken. User is authenticated into .NET application using NTLM User clicks link that leaves .NET application .NET application generates random number and stores it in the user table along with the user's full username (domain\username) Insecure token is formed as random number:username Insecure token is run through secure cipher (likely AES-256) using pre-shared key stored within the application to produce a secure token The secure token is passed as part of the query string to the Java application The Java application decrypts the secure key using the same pre-shared key stored within its own code to get the insecure token The random number and username are split apart The username is used to retrieve the user's information from the user table and the stored random number is checked against the one pulled from the insecure token If the numbers match, the username is put into the session for the user and they are now authenticated If the numbers do not match, the user is redirected to the .NET application's home page The random number is removed from the database

    Read the article

  • Write to a binary file?

    - by rick irby
    Here is data structure w/ variables: struct Part_record { char id_no[3]; int qoh; string desc; double price: }; --- (Using "cin" to input data) --- Part_record null_part = {" ", 0," ",0.0}; --- --- file.seekg( -(long)sizeof(Part_record), ios::cur); file.write( ( char *)&part, sizeof(Part_record) ); The three variables, qoh, Id_no & price, write out correctly, but the "desc" variable is not right. Do I need to initialize Part_record some other way? It should be 20 characters in length. If you have enough info here, pls share your advice,thanks.

    Read the article

  • How do I get the CoreData Debug argument to output to the console?

    - by radesix
    According to Apple documentation on debugging Core Data it says we should be able to pass an argument to the application which will output the SQL core data sends to SQLite. I have gone into the arguments tab of my executable in XCode and specified the argument: -com.apple.CoreData.SQLDebug 1 However, I see no SQL in the console. I then tried to use this parameter in the CoreDataBooks application provided by Apple just in case there was some other issue in MY program. Even in Apple's example I get no SQL output in the console. Am I doing something wrong? Is Apple's documentation wrong? Should I be looking someplace other than the console? Has anyone else had success with this argument?

    Read the article

  • Preventing dictionary attacks on a web application

    - by Kevin Pang
    What's the best way to prevent a dictionary attack? I've thought up several implementations but they all seem to have some flaw in them: Lock out a user after X failed login attempts. Problem: easy to turn into a denial of service attack, locking out many users in a short amount of time. Incrementally increase response time per failed login attempt on a username. Problem: dictionary attacks might use the same password but different usernames. Incrementally increase response time per failed login attempt from an IP address. Problem: easy to get around by spoofing IP address. Incrementally increase response time per failed login attempt within a session. Problem: easy to get around by creating a dictionary attack that fires up a new session on each attempt.

    Read the article

  • Cookieless Django for government site

    - by phoebebright
    As I'm writing a django site from government bodies I'm not going to be able to use cookies. I found this snippet http://djangosnippets.org/snippets/1540/ but it's currently not allowing users to login. Before I start debugging I wondered if anyone else has solved this problem with this snippet or in any other way?

    Read the article

  • Infor PM (Business Intelligence solution)

    - by Andrew
    We are currently implementing the commercial Infor PM (Performance Management) package as a business intelligence tool. Infor PM website It is apparently used by over 1,000 companies around the world, but I have found scant information about it on the net except for what's on their own website. It covers the whole range of data warehousing and BI functions with: an OLAP environment an ETL tool a report writer (called Application Studio) an add-on to Excel to connect to the data in the cubes through a pivot table etc Does anyone have any experience with using this package? How does it compare to the big players in BI (Cognos, Microsoft SSAS, Business Objects, etc). Any pitfalls I should know about? On the other hand, does it do anything better than its competitors?

    Read the article

  • Access denied for user 'root@localhost' (using password:NO)

    - by Nasser Hajloo
    I'm new to mysql, I'm trying to run Wordpress inmy windows desktop and it need Mysql. I install everything with Web Platform Installer which provided by microsoft. I never seta root password for mysql and in final step of installing wordpressit askfor root password of mysql. What is the default password for root (if there is one) and how to change it? I try mysql -u root password '123' but it show me Access denied for user 'root@localhost' (using password:NO) after this I try mysql -u root -p but it ask for a password which I don't have Thank you in advance

    Read the article

  • Data Grid Shows extra column

    - by cre-johnny07
    I have a wpf data Grid where I created twlo columns. But whenever I run the window the datagrid shows a extra column. I can't figure out why.? Below is my code <Custom:DataGrid Background="White" AlternatingRowBackground="#103D7EC5" RowHeaderWidth="20" SelectionMode="Single" SelectionUnit="FullRow" GridLinesVisibility="None" MinRowHeight="30" EnableRowVirtualization="True" EnableColumnVirtualization="True" CanUserAddRows="False" CanUserSortColumns="True" AreRowDetailsFrozen="True" RowDetailsVisibilityMode="Collapsed" ItemsSource="{Binding CurrentEntity.RefDetails, Mode = TwoWay}" AutoGenerateColumns="False" Name="grdDoctor1" ScrollViewer.VerticalScrollBarVisibility="Auto" MaxHeight="200"> <Custom:DataGrid.RowDetailsTemplate> <DataTemplate> </DataTemplate> </Custom:DataGrid.RowDetailsTemplate> <Custom:DataGrid.Columns> <Custom:DataGridTextColumn Binding="{Binding DepId}" Width="100" IsReadOnly="True" Header="Id"/> <Custom:DataGridTextColumn Binding="{Binding DepData}" Width="100" IsReadOnly="False" Header="Data"/> </Custom:DataGrid.Columns> </Custom:DataGrid> Any suggestion why this is happening..?

    Read the article

  • Send custom data when initializing java WebService over soap

    - by Mesni
    Hello. I have a question about sending additional data over soap to the functions. My webService function requests only one integer, for example an getDocumentPrivilage(DocumentID). In another WebService user registered and he got an unique ID, so the other application can see who he is. So on Service one he registers, gets id and it has to send it to the other webservice tor the privilage. Id dont wish to rewrite the function so that it gets the unique ID (like this getDocumentPrivilage(uniqID,DocumentID)) but, the wish is that i would be able to create a client that sends this data at the initialization or somehow as some sort of parameter behind the function. Is this possible?? I tried the ServiceLifecycle but cant see any setting i've given in. Im using WebSphere CE for the server and Jax-ws Creating the webapp in java. Thank you very much in advance. lp, Mesni

    Read the article

  • MVC - Sanitizing data, where?

    - by dierre
    I'm using CakePHP but it's a question about the MVC pattern. I have in my form the input-text for the tags (separated by commas). To add the tags I've created a Tag model method that basically check if the tag exists and then add the new tag or just a new unit in the tag counter (the Tag model has these fields: id, name, slug, count). In the controller I explode the tags field and pass one tag at a time. The question is: where do I sanitize data? In the controller or in the model method? I think it should be in the controller because that's where I explode but in term of reusability I think I should sanitize data in the model. What do you think?

    Read the article

  • Can't store Data URI to database without stripping + characters

    - by citizencane
    I am trying to grab a reference to images with src's in URI scheme. An example would be the images on google.com/news. if I alert(escape(saveObj.image)); I get something like below: data%3Aimage/jpeg%3Bbase64%2C/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCABQAFADASIAAhEBAxEB/8QAHAAAAQUBAQEAAAAAAAAAAAAABgIDBAUHAQAI/8QAPhAAAgECBAMFBgIGCwEAAAAAAQIDBBEABRIhEzFhBkFRcYEUIjKRobFCwRUjJFKC0QcWJSZiY3Jzg7Lw4f/EABoBAAIDAQEAAAAAAAAAAAAAAAMEAAIFBgH/xAAmEQABBAEEAQMFAAAAAAAAAAABAAIDESEEEjFBBRMisVFhcZGh/9oADAMBAAIRAxEAPwAr7L5pD2gyY5JXEtLGAFY/EU2sR1U2+nXF/pZFKuffViGPW5ximQUEz1cNdPNKms6g8TlWBufDcHyxsdLUmqoYqhiWZ1BYtsSe+/ I pass that from the js file and am using django to get that into a mysql table of type utf8_unicode_ci using modelform.save, but when i examine what's in the database, I see: data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0aHBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCABQAFADASIAAhEBAxEB/8QAHAAAAQUBAQEAAAAAAAAAAAAABgIDBAUHAQAI/8QAPhAAAgECBAMFBgIGCwEAAAAAAQIDBBEABRIhEzFhBkFRcYEUIjKRobFCwRUjJFKC0QcWJSZiY3Jzg7Lw4f/EABoBAAIDAQEAAAAAAAAAAAAAAAMEAAIFBgH/xAAmEQABBAEEAQMFAAAAAAAAAAABAAIDESEEEjFBBRMisVFhcZGh/9oADAMBAAIRAxEAPwAr7L5pD2gyY5JXEtLGAFY/EU2sR1U2 nXF/pZFKuffViGPW5ximQUEz1cNdPNKms6g8TlWBufDcHyxsdLUmqoYqhiWZ1BYtsSe The key difference is that in my database all of the '+' characters from the original have been stripped and replaced with spaces. Any ideas? I'm going blind trying to figure this out! :P

    Read the article

  • Securing input of private / protected methods?

    - by ts
    Hello, normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.) My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc...). But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value - which, I think, is creating performace overhead and is also a sign of bad design.

    Read the article

  • arbitrary input from stdin to shell

    - by python_noob
    So I have this existing command that accepts a single argument, but I need something that accepts the argument over stdin instead. A shell script wrapper like the following works, but as I will be allowing untrusted users to pass arbitrary strings on stdin, I'm wondering if there's potential for someone to execute arbitary commands on the shell. #!/bin/sh $CMD "`cat`" Obviously if $CMD has a vulnerability in the way it processes the argument there's nothing I can do, so I'm concerned stuff like this: Somehow allow the user to escape the double quotes and pass input into argument #2 of $CMD Somehow cause another arbitary command to run

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 424 425 426 427 428 429 430 431 432 433 434 435  | Next Page >