Search Results

Search found 13853 results on 555 pages for 'soa security'.

Page 434/555 | < Previous Page | 430 431 432 433 434 435 436 437 438 439 440 441 | Next Page >

My AES encryption/decryption functions don't work with random ivecs

- by Brendan Long

I was bored and wrote a wrapper around openSSL to do AES encryption with less work. If I do it like this: http://pastebin.com/V1eqz4jp (ivec = 0) Everything works fine, but the default ivec is all 0's, which has some security problems. Since I'm passing the data back as a string anyway, I figured, why not generate a random ivec and stick it to the front, the take it back off when I decrypt the string? For some reason it doesn't work though. With random ivec: http://pastebin.com/MkDBFcn6 Well actually, it almost works. It seems to decrypt the middle of the string, but not the beginning or end: String is: 0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF Encrypting.. ???l%%1u???B! ?????`pN)?????[l????{?Q???2?/?H??y"?=Z?Cu????l%%1u???B! Decrypting.. String is: ?%???G*?5J?0??0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF0123456789ABCDEF!-e????V?5 I honestly have no idea what's going wrong. Maybe some stupid mistake, or maybe I'm missing something about AES?

Read the article
ASP.NET MVC How to call a secured page from a windows app?

- by Malcolm

Hi, I have a MVC app that has forms authentication enabled. The app allows printing of invoices. I have an external app that converts html to pdf. How can I call the secured page from this pdf converter app so that some security remains? The PDF converter app just requires a URL. One thought was to create a HttpHandler for an extenion of say .print and pass a public key in the URL qureystring that can be validated by the MVC app. Any ideas on this? Malcolm

Read the article
saving appengine mail from spam filters

- by Fh

One of my clients uses Trend Micro InterScan Messaging Security to protect their internal mail services. Suddenly InterScan decided to filter out all messages coming from Google App Engine. Unfortunately they haven't been able to whitelist the sender address as each e-mail gets a different one. For example, *3ckihSOVMMHlZHSL.JSMMHlZHSL.JS*@apphosting.bounces.google.com, with everything before the @ being variable. Update I'm including this screenshot of how Interscan sees the incoming e-mail. Notice that all senders are different: If I look into the e-mail headers, the apphosting domain appears inside the Return-Path field: Return-Path: <36kSiSwYIBh0883XL3E7.5EH883XL3E7.5E@apphosting.bounces.google.com> The "From" field looks ok. It says what I set it to say, but the spam filter only looks at the Return-Path. My client sysadmin doesn't want to whitelist the whole apphosting domain, as it wouldn't be only whitelisting my application. How could I bypass this e-mail filters if I can't get an unique sender? Thanks,

Read the article
How do I set permissions on a Server 2003 folder

- by Richard210363

Hi There, In my part time position as entire IT department at my Office ( I'm a MCSD developer normally ) I have been asked to change a shared folder. Only I don't really understand all the Shared / Security options. I have a folder that must be accessed by 2 people in the company (and no one else). They both must have read/write/edit and change access. They must be able to read/write/edit each others files; existing or newly created. Should be easy but I'm a bit overwhelemd by all the choices. What should I set? Thanks for your help richard

Read the article
Mobile Application Upgrade/Update Framework

- by sharjeel

I am developing a few mobile apps for different platforms including Blackberry, Windows Mobile, Android and Symbian S60. I want my mobile apps to have the capability of checking for updates before starting and in case a new version is available, prompt the user to upgrade. Moreover in certain cases (like security patches), the user must be forced to update or the app won't work. Surely I can cook some code to achieve the task but I was wondering if there are already existing framework to serve the purpose so that I don't have to re-invent the wheel and test all over?

Read the article
Sanitize HTML before storing in the DB or before rendering? (AntiXSS library in ASP.NET)

- by user102533

I have an editor that lets users add HTML that is stored in the database and rendered on a web page. Since this is untrusted input, I plan to use Microsoft.Security.Application.AntiXsSS.GetSafeHtmlFragment to sanitize the HTML. Should I santiize before saving to the database or before rendering the untrusted input into the webpage? Is there an advantage in including the AntiXSS source code in my project instead of just the DLL? (Maybe I can customize the white list?) Which class file should I look in for actual implementation of the GetSafeHtmlFragment

Read the article
How do I sign a HTTP request with a X.509 certificate in Java?

- by Rune

How do I perform an HTTP request and sign it with a X.509 certificate using Java? I usually program in C#. Now, what I would like to do is something similar to the following, only in Java: private HttpWebRequest CreateRequest(Uri uri, X509Certificate2 cert) { HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(uri); request.ClientCertificates.Add(cert); /* ... */ return request; } In Java I have created a java.security.cert.X509Certificate instance but I cannot figure out how to associate it to a HTTP request. I can create a HTTP request using a java.net.URL instance, but I don't seem to be able to associate my certificate with that instance (and I'm not sure whether using java.net.URL is even appropriate).

Read the article
Please Find the error :

- by jagdeep

using System; using System.Collections; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Xml.Linq; public partial class Expt : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void Bttnadd_Click(object sender, EventArgs e) { FileUpload1.SaveAs(MapPath("~/img//"+DateTime.Now.ToString()+FileUpload1.FileName)); } } Exception Details: System.Web.HttpException: ~/img//1/1/2011 1:47:52 PMWinter.jpg is not a valid virtual path.

Read the article
C# SQL Parameter Errors in Loops

- by jakesankey

Please help me out with this. I have this small application to load txt files into a sql db and it works fine with sqlite. When I ported to SQL I started getting 'parameter already declared' errors.. If anyone can help me reorganize this code, it would be great! I need to get the parameter definitions outside of the loops or something.. using System; using System.Data; using System.Data.SQLite; using System.IO; using System.Text.RegularExpressions; using System.Threading; using System.Collections.Generic; using System.Linq; using System.Data.SqlClient; namespace JohnDeereCMMDataParser { internal class Program { public static List<string> GetImportedFileList() { List<string> ImportedFiles = new List<string>(); using (SqlConnection connect = new SqlConnection(@"Server=FRXSQLDEV;Database=RX_CMMData;Integrated Security=YES")) { connect.Open(); using (SqlCommand fmd = connect.CreateCommand()) { fmd.CommandText = @"SELECT FileName FROM Import;"; fmd.CommandType = CommandType.Text; SqlDataReader r = fmd.ExecuteReader(); while (r.Read()) { ImportedFiles.Add(Convert.ToString(r["FileName"])); } } } return ImportedFiles; } private static void Main(string[] args) { using (SqlConnection con = new SqlConnection(@"Server=FRXSQLDEV;Database=RX_CMMData;Integrated Security=YES")) { con.Open(); using (SqlCommand insertCommand = con.CreateCommand()) { Console.WriteLine("Connecting to SQL server..."); SqlCommand cmdd = con.CreateCommand(); string[] files = Directory.GetFiles(@"C:\Documents and Settings\js91162\Desktop\", "R.txt*", SearchOption.AllDirectories); insertCommand.Parameters.Add(new SqlParameter("@FeatType", DbType.String)); insertCommand.Parameters.Add(new SqlParameter("@FeatName", DbType.String)); insertCommand.Parameters.Add(new SqlParameter("@Value", DbType.String)); insertCommand.Parameters.Add(new SqlParameter("@Actual", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@Nominal", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@Dev", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@TolMin", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@TolPlus", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@OutOfTol", DbType.Decimal)); List<string> ImportedFiles = GetImportedFileList(); foreach (string file in files.Except(ImportedFiles)) { var FileNameExt1 = Path.GetFileName(file); cmdd.Parameters.Add(new SqlParameter("@FileExt", FileNameExt1)); cmdd.CommandText = @" IF (EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'RX_CMMData' AND TABLE_NAME = 'Import')) BEGIN SELECT COUNT(*) FROM Import WHERE FileName = @FileExt; END"; int count = Convert.ToInt32(cmdd.ExecuteScalar()); con.Close(); con.Open(); if (count == 0) { Console.WriteLine("Parsing CMM data for SQL database... Please wait."); insertCommand.CommandText = @" INSERT INTO Import (FeatType, FeatName, Value, Actual, Nominal, Dev, TolMin, TolPlus, OutOfTol, PartNumber, CMMNumber, Date, FileName) VALUES (@FeatType, @FeatName, @Value, @Actual, @Nominal, @Dev, @TolMin, @TolPlus, @OutOfTol, @PartNumber, @CMMNumber, @Date, @FileName);"; string FileNameExt = Path.GetFullPath(file); string RNumber = Path.GetFileNameWithoutExtension(file); string RNumberE = RNumber.Split('_')[0]; string RNumberD = RNumber.Split('_')[1]; string RNumberDate = RNumber.Split('_')[2]; DateTime dateTime = DateTime.ParseExact(RNumberDate, "yyyyMMdd", Thread.CurrentThread.CurrentCulture); string cmmDate = dateTime.ToString("dd-MMM-yyyy"); string[] lines = File.ReadAllLines(file); bool parse = false; foreach (string tmpLine in lines) { string line = tmpLine.Trim(); if (!parse && line.StartsWith("Feat. Type,")) { parse = true; continue; } if (!parse || string.IsNullOrEmpty(line)) { continue; } Console.WriteLine(tmpLine); foreach (SqlParameter parameter in insertCommand.Parameters) { parameter.Value = null; } string[] values = line.Split(new[] { ',' }); for (int i = 0; i < values.Length - 1; i++) { SqlParameter param = insertCommand.Parameters[i]; if (param.DbType == DbType.Decimal) { decimal value; param.Value = decimal.TryParse(values[i], out value) ? value : 0; } else { param.Value = values[i]; } } } insertCommand.Parameters.Add(new SqlParameter("@PartNumber", RNumberE)); insertCommand.Parameters.Add(new SqlParameter("@CMMNumber", RNumberD)); insertCommand.Parameters.Add(new SqlParameter("@Date", cmmDate)); insertCommand.Parameters.Add(new SqlParameter("@FileName", FileNameExt)); // insertCommand.ExecuteNonQuery(); } } Console.WriteLine("CMM data successfully imported to SQL database..."); } con.Close(); } } } } FYI - the PartNumber, CMMNumber, Date, etc at the bottom are pulled from the file name and I need it in the table next to each respective record.

Read the article
bluetooth emulators/simulators

- by scatman

what are the best bluetooth emulators/simulators? i have a project for the security course, and i chose bluetooth as my topic. so i need to create encryption algorithms using a bluetooth simulator and test them. i have already searched for the best emulaters, and the results were google anroid, and NS2. is there any emulator better? the languages i prefer to program with are c , c++ , and c# java is also not a problem but i prefer any of the above languages.

Read the article
LDAP in medium trust

- by eych

I've have a solution with one website and several projects. The projects all have the AllowPartiallyTrustedCallers attribute and are strongly-named. The site works in full trust. However, after set the trust to medium, I get the System.Security.SecurityException: Request failed. error as soon as I browse to the site. In my projects, I have calls to LogOnUser, as well as many calls to variousSystem.DirectoryServices.AccountManagement methods. Can this site run with medium trust or do I have to have full trust for all the LDAP calls? As I mentioned, I've set the AllowPartiallyTrustedCallers attribute on all projects. Not sure what else to do. Also, I have no idea what/where the error is being generated. The event logs on the server have nothing in regards to this SecurityException. Is there any way to find out what the error location is so maybe I can attempt to rewrite some code? [running .NET 4.0 on Win2k8R2]

Read the article
WCF: connecting to service over internet times out

- by Shaul

Still on the WCF learning curve: I've set up a self-hosted WCF Service (WSDualHttpBinding), which works fine on my own computer, which resides behind a firewall. If I run the client on my own computer, everything works great. Now I installed the client on a computer outside my network, and I'm trying to access the service via a dynamic DNS, like so: http://mydomain.dyndns.org:8000/MyService. My port forwarding issues were taken care of in a previous question; I can now see the service is up in my browser. But now when I try to run the client on the other machine, I get the following error message: "The open operation did not complete within the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout." I have disabled security on the service, so that's not it. What else might be preventing the connection from happening?

Read the article
Cannot read app.config, why???

- by user46503

Hello, I'm trying to get data from app.config and I always get zero. The App.config is here: <?xml version="1.0" encoding="utf-8"?> <configuration> <connectionStrings> <add name="ExplorerContext" connectionString="metadata=res://*/ExplorerData.csdl|res://*/ExplorerData.ssdl|res://*/ExplorerData.msl;provider=System.Data.SqlClient;provider connection string="Data Source=MYT\SQLEXPRESS;Initial Catalog=Explorer;Integrated Security=True;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" /> </connectionStrings> </configuration> Could someone explain what is wrong, why I cannot get the values, System.Configuration.ConfigurationManager.AppSettings.Count is always 0 Thanks

Read the article
File Encrypt/Decrypt under load?

- by chopps

I found an interesting article about encrypting and decrypting files but since it uses a file.dat to store the key this will run into problems when theres alot of users on the site dealing with alot of files. http://www.codeproject.com/KB/security/VernamEncryption.aspx?display=Print Should a new file be created every time a file needs decrypting or would there be a better way to do this? UPDATE: Here is what im using to avoid the locking problems. using (Mutex FileLock = new Mutex(true, System.Guid.NewGuid().ToString())) { try { FileLock.WaitOne(); using (FileStream fs = new FileStream(keyFile, FileMode.Open)) { keyBytes = new byte[fs.Length]; fs.Read(keyBytes, 0, keyBytes.Length); } } catch (Exception ex) { EventLog.LogEvent(ex); } finally { FileLock.ReleaseMutex(); } } I tested it on 1000 TIFFs doing both encryption and decryption without any errors.

Read the article
Are there built-in issue tracking and task management in IDEs that integrate into SourceForge, Googl

- by Kai Sellgren

Hi, This question may not be exactly programming related, but this is about development. I have been trying to find IDEs that support JIRA/Bugzilla so that I could simply integrate the IDE with SourceForge. I do not like to refresh my browser to see issues, bug reports, security problems, etc. I would like to send issues, resolve issues, right from the IDE. I am currently developing with NetBeans, but I see no ways of integrating into any of the services provided by SourceForge. Am I missing something?

Read the article
buffer overflow with boost::program_options

- by f4

Hello, I have a problem using boost:program_options this simple program, copy-pasted from boosts' documentation : #include <boost/program_options.hpp> int main( int argc, char** argv ) { namespace po = boost::program_options; po::options_description desc("Allowed options"); desc.add_options() ("help", "produce help message") ("compression", po::value<int>(), "set compression level") ; return 0; } fails with a buffer overflow. I have activated the "buffer security switch", and when I run it I get an "unknown exception (0xc0000409)" when I step over the line desc.add_options()... I use Visual Studio 2005 and boost 1.43.0. By the way it does run if I deactivate the switch but I don't feel comfortable doing so... unless it's possible to deactivate it locally. So do you have a solution to this problem? EDIT I found the problem I was linking against libboost_program_options-vc80-mt.lib which wasn't the good library.

Read the article
Trouble Avoiding Microsoft Outlook's Email Warning

- by talbright

I have a set of records in Microsoft Access that I am trying to send in an Email. The email feature works great. Except a warning message pops up every time a message is ready to send, and the user has to click "Allow" or "Deny" for every email sent. I looked up a workaround, and have been following the tutorial for it: http://www.everythingaccess.com/tutorials.asp?ID=Outlook-Send-E-mail-Without-Security-Warning. My problem is that when I put my message in the function it always returns false, and the message fails. Any help would be appreciated. Dim sendMail As Boolean Dim strMessage As String strMessage = Some Message sendMail = FnSafeSendEmail(![Email Id], "Subject", strMessage) The entire "FnSafeSendEmail" function can be found in the link provided. These are the parameters though. Public Function FnSendMailSafe(strTo As String, _ strCC As String, _ strBCC As String, _ strSubject As String, _ strMessageBody As String, _ Optional strAttachments As String) As Boolean The error is thrown on this line of the function. Dim blnSuccessful As Boolean blnSuccessful = objOutlook.FnSendMailSafe(strTo, strCC, strBCC, _ strSubject, strMessageBody, _ strAttachmentPaths)

Read the article
Custom URL protocol in Windows to serve HTML content

- by Jen

This question addresses how to register a custom URL protocol to launch an application in response to a link, but I want my handler to serve dynamic content. Essentially, I'm looking to create a web application that runs on the user's machine instead of a web server. I could set up a localhost, but I want to use a "friendly" URL format that the user can reference elsewhere, e.g. a hypothetical cats protocol: cats:fluffy/cheeseburger-consumption-stats How can I accomplish this? Also, do you see any pitfalls with this approach, such as security warnings from browsers? Thanks!

Read the article
Why to store username and password in Keychain in iPhone app

- by Suriya

I have worked with NSUserDefault but this keychain concept is totally new for me. I have tried looking for similar Questions but couldn't find the exact reason to do so. What I have done: I already know how to store data in NSUserDefault. and also the reason why do we need to store it. Regarding Keychain I just know that storing in keychain stores the data with some extra security by encoding the original text while NSUserDefault stores the data as plain text. Is this the only reason for storing the data in keychain?

Read the article
Applet problem with IPlanet and Firefox (class not found)

- by JB Hurteaux

I have an applet which loads nicely when accessed locally (both IE and Firefox). However, when I put my webpage in a webserver (local IPlanet), it refuses to load on Firefox (but still fine on IE). I get the following error in the java console: load: class XXX.localprinting.LocalPrintingApplet.class not found. java.lang.ClassNotFoundException: XXX.localprinting.LocalPrintingApplet.class at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.IOException: open HTTP connection failed:https://XXX/test/XXX/localprinting/LocalPrintingApplet/class.class at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) ... 7 more Exception: java.lang.ClassNotFoundException: XXX.localprinting.LocalPrintingApplet.class Any idea what could explain the different behavior in the webserver? I researched the issue of "class not found" already but without finding something relevant.

Read the article
How can I receive messages using C# over http without MSMQ

- by pduncan

I need a reliable messaging framework that runs over http/https (due to client security requirements) and that doesn't use MSMQ (because some clients will use Windows XP Home). The clients only need to be able to receive messages, not send them. We already have a message queue on the server for each user, and the receivers have been getting messages by connecting to an HttpHandler on the server and getting a Stream from WebResponse.GetResponseStream() We keep this stream open, and pull messages off of it using Stream.Read(). This MOSTLY works, but Stream.Read() is a blocking call, and we can't reliably interrupt it. We need to be able to stop and start the receiver without losing messages, but the old stream often hangs around, even after we call Thread.Abort on its thread. Any suggestions?

Read the article
Can a signed Java Applet/Web Start manipulate content in a cross-site IFRAME?

- by etoleb

Is it possible for a signed Java Applet or Web Start app to write to the DOM of an IFRAME under a different domain? Does the fact that they're a signed applet/javaws allow them to ignore browsers' standard cross-browser security? If this does work, how well is it supported across the major browsers? Thanks! EDIT: My motivation is to add a browser plugin-like tool to third-party websites I don't control. It's not required that I use Java at all---any ideas or suggestions are encouraged.

Read the article
Django or Drupal, which one should I use that suits best my needs ?

- by HJ-INCPP

Hello, I want to learn and use Drupal or Django for the following: dynamic web sites, medium database, multi-level users, paypal integration, content managment, speed (developing), security I like MVC, ORM and object-oriented prg. Which is better to jump into ? Which one is more mature, powerful, understandable, object-oriented and easier to use by the time ? What about Python Spring ... Also, which of these 3 are better documented, are better for a cv and have more extensions? Known languages: php, java, mysql Thank you !

Read the article
How can I change or remove HttpRequest input arguments in a HttpModule

- by Eric Gunn

Is it possible to change or remove http request form inputs in an httpmodule? My goal is to create a security IHttpmodule that will check the request for reasonable values, such as limits on acceptable input and query parameter length, or use the AntiXSS Sanitizer to remove threats, log potential hack attempts, etc. before a request is passed on to a processor. Because this is a cross cutting concern I'd prefer to find a solution that applies to all requests and affects all ways request values could be accessed, Reqest.Form, Action(model), Action(FormCollection), HttpContext.Current.Request.Form, etc. I'm using MVC and have considered creating custom model binders to clean the data before creating the model instance. But that would be application specific, require remembering to register every model binder and only apply to Action(model).

Read the article
Non-string role names in ASP.NET MVC?

- by MikeWyatt

ASP.NET MVC has good support for role-based security, but the usage of strings as role names is maddening, simply because they cannot be strongly-typed as enumerations. For example, I have an "Admin" role in my app. The "Admin" string will now exist in the Authorize attribute of my action, in my master page (for hiding a tab), in my database (for defining the roles available to each user), and any other place in my code or view files where I need to perform special logic for admin or non-admin users. Is there a better solution, short of writing my own authorization attribute and filter, that would perhaps deal with a collection of enumeration values?

Read the article

< Previous Page | 430 431 432 433 434 435 436 437 438 439 440 441 | Next Page >