Search Results

Search found 13853 results on 555 pages for 'soa security'.

Page 436/555 | < Previous Page | 432 433 434 435 436 437 438 439 440 441 442 443 | Next Page >

hash password in SQL Server (asp.net)

- by ile

Is this how hashed password stored in SQL Server should look like? This is function I use to hash password (I found it in some tutorial) public string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to: public string EncryptPassword(string password) { return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1"); } // example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8 Result from the image above looks like broken string, but this sha-1 looks normal.... Will this be secure enough?

Read the article
PHP complete sample website source

- by MarceloRamires

I'm new to PHP, and it appears that the way I learn the fastest is to study a new language a well developed complete program (or website, in this case) changing stuff seeing what happens and consulting books. There are lots of recommendations of books all around, and that's pretty much covered. I'd like to find the sourcecode of a website. Either a well known, well developed open-source website, or a sample sourcecode of a complete website (maybe one used in a book or something). Everyone says they should find the way they learn better.. Well, that's mine. PS.: By complete I mean having several common functionalities (such as login), database connection, use of security conventions, maybe a popular framework, and being up-to-date.

Read the article
Accessing an RSS feed in Flex, works when run from Flash Builder 4, but not when the project is onli

- by ben

Hey guys, In my Flex 4 app, I access an RSS feed (I'm using http://news.ycombinator.com/rss as a dummy). It works okay when I run it from Flash Builder 4, but if I export the project and upload it, I get the following error when it tries to load the RSS feed: Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: my_website_url cannot load data from http://news.ycombinator.com/rss. What could be causing this error? Shouldn't RSS be able to be accessed from anywhere? Thanks for reading.

Read the article
Creating a simple wcf service publishing it to my webhotel, and get it to work

- by H4mm3rHead

Hi, This seems to be a recurring problem to me. I want to get started doing wcf services. I create a new Wcf Service Library, compile it, and publish it using FTP to my providers webhotel. But its not working. I somehow cant get access. I dont want some fancy security model - i just want to get a hole through to my simple webservice. Seems that its the part when i publish it to my webhotel (in a subdomain) that breaks the webservice - its working perfectly when starting it locally. How to proceed anyone?

Read the article
What's wrong with this SQL Server query ?

- by ClixNCash

What's wrong this T-SQL query : Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click Dim SQLData As New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True") Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT COUNT(*) FROM Table1 WHERE Name ='" + TextBox1.Text + "'", SQLData) SQLData.Open() If cmdSelect.ExecuteScalar > 0 Then Label1.Text = "You have already voted this service" Return End If Dim con As New SqlConnection Dim cmd As New SqlCommand con.Open() cmd.Connection = con cmd.CommandText = "INSERT INTO Tabel1 (Name) VALUES('" & Trim(Label1.Text) & "')" cmd.ExecuteNonQuery() Label1.Text = "Thank You !" SQLData.Close() End Sub

Read the article
How to use Socket in AC3 or other solution for using embedded flash without cross domain policy?

- by monkey_boys

How to use Socket in AC3 or other solution for using embedded flash without cross domain policy? I would like to create a project that uses HTTP to post to some website's form by using embedded flash in a webpage. When I finished the project, I tried to embed on the local computer and that work fine but when I uploaded to a web server in the some domain and requested to some different domain it stopped working. I know that's the security of ac3 but I would like to use embedded flash. Does anybody have any idea about this?

Read the article
file_get_contents() returns "failed to open stream" when hitting HTTPS

- by TMC

file_get_contents() is returning "failed to open stream" when I call it on an HTTPS URL. Warning: file_get_contents(https://google.com) [function.file-get-contents]: failed to open stream: No error in E:\\htdocs\callback3.php on line 5 Same call will work with a non-SSL URL. At first, I thought it was a security issue with my webhoster, but I have verified with phpinfo() that allow url open is indeed allowed. I have also tried this code and verified it works: Anyone have any ideas why file_get_contents() is failing with an HTTPS URL? update: People correctly pointed out this was an HTTPS issue. My webhoster claims this should work, and has no idea how to resolve this. Anyone have specific directions I can give them for their IIS7 setup?

Read the article
CryptGenRandom to generate asp.net session id

- by DoDo

Hi! does anyone have working example of CryptGenrRandom class to generate session id (need to use in my iis module). HCRYPTPROV hCryptProv; BYTE pbData[16]; if(CryptAcquireContext( &hCryptProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) { if(CryptGenRandom(hCryptProv, 8, pbData)) { std::string s(( const char *) pbData); printf(s.c_str()); } else { MyHandleError("Error during CryptGenRandom."); } } else { MyHandleError("Error during CryptAcquireContext!\n"); } i tried this code but, its not working quite well (i get it from msdn) and this example don't work for me ( http://www.codeproject.com/KB/security/plaintextsessionkey.aspx ) so if anyone know how to generate sessionid using this class plz let me know tnx anyway!

Read the article
Running a Java process in Windows even after the user is logged out

- by Mani

I have a batch file that starts a Java process in a Windows 2003 server. As per the security policy, the users of that machine are logged off forcefully, if the user is inactive for a certain period of time. The problem is that when the user is logged out, the process also dies. I scheduled a new task (Control Panel - Scheduled Tasks) and selected the option of 'When my computer starts' and gave the user account details there. But it doesn't seem to have any effect, the user is still logged out and the process dies. Is a reboot necessary to make this change effective? And after the reboot, will I achieve what I'm expecting (keeping the process alive)? Alternatively, will running this process as a Windows Service solve the problem? If so, can you please let me know how I can make a Java program or a batch file to run as a Windows Service? I would prefer not to use any other third party tools or libraries. Thanks

Read the article
Is it secure to use malloc?

- by Felix Guerrero

Somebody told me that allocating with malloc is not secure anymore, I'm not a C/C++ guru but I've made some stuff with malloc and C/C++. Does anyone know about what risks I'm into? Quoting him: [..] But indeed the weak point of C/C++ it is the security, and the Achilles' heel is indeed malloc and the abuse of pointers. C/C++ it is a well known insecure language. [..] There would be few apps in what I would not recommend to continue programming with C++."

Read the article
Wordpress & Django -- One domain, two servers. Possible?

- by DomoDomo

My question is about hosting Django and Wordpress under one domain, but two physical machines (actually, they are VMs but same diff). Let's say I have a Django webapp at example.com. I'd like to start a Wordpress blog about my webapp, so any blog page rank mojo flows back to my webapp, I'd like the blog address t be example.com/blog. My understanding is blog.example.com would not transfer said page rank mojo. Because I'm worried about Wordpress security flaws compromising my Django webapp, I want to host Django and Wordpress on two physically separate machines. Given all that, is it possible using re-write rules or a reverse proxy server to do this? I know the easy way is to make my Wordpress blog a subdomain, but I really don't want to do that. Has anyone done this in the past, is it stable? If I need a third server to be a dedicated reverse proxy, that's totally fine. Thanks!

Read the article
NHibernate Criteria Transform Result

- by isuruceanu

Hi I have an SecurityGroup entity witch has Memebers and Application properties. Application is a lookup. So securityGroups is in many-to-many relationship with User table and one-to-many with LookupApplciation (FK) Now I want to select all application linked to a specific user. I have follow criteria: public IList<LookupApplication> GetApplicationByUser(User user) { return this.Session.CreateCriteria(typeof(SecurityGroup), "sg") .CreateAlias("Members", "u") .CreateAlias("Application", "al") .Add(Restrictions.Eq("u.Id", user.Id)) .List<LookupApplication>(); } It trows an exception The value "Edi.Advance.Core.Model.Security.SecurityGroup" is not of type "Edi.Advance.Core.Model.Lookups.LookupApplication" and cannot be used in this generic collection. Parameter name: value and it is right. How can I transform the result to IList<LookupApplication>? Thanks

Read the article
Can a Client Link to My JavaScript, Hosted on a Different Domain?

- by DaveDev

Is it possible for me to supply a client with a snippet of HTML which contains a reference to a javascript file that I host? They want to paste this HTML into their CMS, so that when their page loads, it'll load our content. I was under the impression that there was cross domain security preventing this from being possible. What if, instead of linking to the JavaScript, I gave them the snippet of HTML with the JavaScript already included so instead of <div>  </div> I gave them <div> $.get(/*url to my content*/); </div> Would that work?

Read the article
if isset PHP not working?

- by Ellie

Okay, Im trying to set a captcha up, However with this code in, it breaks. if(isset($_POST["captcha"])) if($_SESSION["captcha"]==$_POST["captcha"]) When i do it with out it, the page works, but the captcha is letting incorrect submits through. Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /hermes/waloraweb085/b2027/moo.lutarinet/jointest.php on line 71 <?php $pagetitle = "Home"; $checkrank = 0; include ($_SERVER['DOCUMENT_ROOT'].'/header.inc.php'); ECHO <<<END <br><br> <b><center><i><u>DO NOT</u> USE YOUR NEOPETS PASSWORD OR PIN NUMBER!!!</b></i></center> <p> ?> <?php session_start() ?> <center><P><FORM ACTION="join.pro.php" enctype="multipart/form-data" METHOD=POST> <table width="393" height="188" border="0" cellpadding="0" cellspacing="0"> <td width="150">Username</td> <td width="243"><input type=text name="name" value="" size=32 maxlength=15></td> </tr> <tr> <td>Password</td> <td><input type=password name="pass1" VALUE="" maxlength=15></td> </tr> <tr> <td>Confirm Password</td> <td><input type=password name="pass2" VALUE="" size=32 maxlength=15></td> </tr> <tr> <td>Security Code (4 Diget Number)</td> <td><input type=password name="security" VALUE="" size=32 maxlength=4></td> </tr> <tr> <td>Email Address</td> <td><INPUT TYPE=text NAME="email" VALUE="" SIZE=32 maxlength=100></td> </tr> <tr> <td height="41" colspan="2" valign="middle"><p><p><center> By registering an account here you agree to all of our <A HREF="$baseurl/tos.php">Terms and Conditions</A>. You can also view our <A HREF="$baseurl/privacy.php">Privacy Policy</A>. </center></p></td> </tr> <tr><td align="center">CAPTCHA:<br> (antispam code, 3 black symbols)<br> <table><tr><td><img src="captcha.php" alt="captcha image"></td><td><input type="text" name="captcha" size="3" maxlength="3"></td></tr></table> </td></tr> <td height="27" colspan="2" valign="middle"> <center><input type=submit name=Submit value="Register"></center> </td> </table> </form> <?php if(isset($_POST["captcha"])) if($_SESSION["captcha"]==$_POST["captcha"]) { //CAPTHCA is valid; proceed the message: save to database, send by e-mail ... echo 'CAPTHCA is valid; proceed the message'; } else { echo 'CAPTHCA is not valid; ignore submission'; } ?> <?php END; include ($_SERVER['DOCUMENT_ROOT'].'/footer.inc.php'); ?> captcha.php <?php session_start(); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); function _generateRandom($length=6) { $_rand_src = array( array(48,57) //digits , array(97,122) //lowercase chars // , array(65,90) //uppercase chars ); srand ((double) microtime() * 1000000); $random_string = ""; for($i=0;$i<$length;$i++){ $i1=rand(0,sizeof($_rand_src)-1); $random_string .= chr(rand($_rand_src[$i1][0],$_rand_src[$i1][1])); } return $random_string; } $im = @imagecreatefromjpeg("http://sketchedneo.com/images/sitedesigns/captcha.jpg"); $rand = _generateRandom(3); $_SESSION['captcha'] = $rand; ImageString($im, 5, 2, 2, $rand[0]." ".$rand[1]." ".$rand[2]." ", ImageColorAllocate ($im, 0, 0, 0)); $rand = _generateRandom(3); ImageString($im, 5, 2, 2, " ".$rand[0]." ".$rand[1]." ".$rand[2], ImageColorAllocate ($im, 255, 0, 0)); Header ('Content-type: image/jpeg'); imagejpeg($im,NULL,100); ImageDestroy($im); ?> Help please anyone? Line 71: if(isset($_POST["captcha"])) Line 72: if($_SESSION["captcha"]==$_POST["captcha"])

Read the article
double authentication issue on IIS / Report Server (SQL server 2008)

- by Vinzz

Hi, On a 2003 server box, with SQL server 2008 installed (ReportServer deployed in IIS mode), I've got a virtual directory within IIS with it's security set to 'windows authentication', with the following html code: <body> <h1>test</h1> <iframe src="/reportserver" witdh="50%" height="50%" /> </body> From the outside, I've got a first login/pwd box displayed to access the html code, then a second one to display the content of the iframe. On the same type of server, but with SQL Server 2005, I don't have this issue (i.e. only one login box). My thought is that the first token should give acces to both the page and the iframe, isn't it? Any hints on how to setup the reportserver to fix this? thanks.

Read the article
Data Warehouse: One Database or many?

- by drrollins

At my new company, they keep all data associated with the data warehouse, including import, staging, audit, dimension and fact tables, together in the same physical database. I've been a database developer for a number of years now and this consolidation of function and form seems counter to everything I know. It seems to make security, backup/restore and performance management issues more manually intensive. Is this something that is done in the industry? Are there substantial reasons for doing or not doing it? The platform is Netezza. The size is in terabytes, hundreds of millions of rows. What I'm looking to get from answers to this question is a solid understanding of how right or wrong this path is. From your experience, what are the issues I should be focused on arguing if this is a path that will cause trouble for us down the road. If it is no big deal, then I'd like to know that as well.

Read the article
What's wrong in this SELECT statement

- by user522211

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Dim SQLData As New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True") Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT * FROM Table1 WHERE Seats ='" & TextBox1.Text & "'", SQLData) SQLData.Open() Using adapter As New SqlDataAdapter(cmdSelect) Using table As New Data.DataTable() adapter.Fill(table) TextBox1.Text = [String].Join(", ", table.AsEnumerable().[Select](Function(r) r.Field(Of Integer)("seat_select"))) End Using End Using SQLData.Close() End Sub This line will be highlighted with blue line: TextBox1.Text = [String].Join(", ", table.AsEnumerable().[Select](Function(r) r.Field(Of Integer)("seat_select")))

Read the article
Windows Platform Installer fails during Orchard Installation

- by nullnvoid

I'm attempting to install Orchard 1.0 on a Windows 7 box. It has only just been released. I downloaded and installed the Windows Platform Installer and attempted to install Orchard. The error message is just that the application has stopped working and asks if I want to debug or close the application. The event log contains a single error: "The event logging service encountered an error while processing an incoming event published from Microsoft-Windows-Security-Auditing." I tried installing MVC3 and it worked without issue. Has anyone experienced a similar problem?

Read the article
Eval IronPython Scripts during ASP.NET Web Request; Static Engine or Not

- by Josh Pearce

I would like to create an ASP.NET MVC web application which has extensible logic that does not require a re-build. I was thinking of creating a filter which had an instance of the IronPython engine. What I would like to know is: how much overhead is there in creating a new engine during each web request, and would it be a better idea to keep a static engine around? However, if I were to keep a single static engine around, what are the issues I might run into as far as locking and script scope? Is it possible to have multiple scopes in the same IropPython engine so I don't get variable collision and security issues between web requests?

Read the article
How can I use the Scala program schema2src?

- by pr1001

This perhaps more a Server Fault question... I installed schema2src via sbaz and now I would like to convert a DTD (Apple's plist schema) to Scala source. $ schema2src usage: schema2src [flags] --module mname arg* or schema2src dtd arg* or (experimental) schema2src xsd arg* (this doesn't work at all yet) where supported [flags] may be: --verbose prints some debugging information However, if I try give any argument, it appears it can't find Scala: $ schema2src --verbose Exception in thread "main" java.lang.NoClassDefFoundError: scala/runtime/BoxesUtility at schema2src.Main$.processArgs(Main.scala:56) at schema2src.Main$.main(Main.scala:25) at schema2src.Main.main(Main.scala) Caused by: java.lang.ClassNotFoundException: scala.runtime.BoxesUtility at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:315) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:330) at java.lang.ClassLoader.loadClass(ClassLoader.java:250) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:398) ... 3 more I have scala in my PATH... Any suggestions? Assuming that problem can be fixed, is this the correct syntax? $ schema2src PropertyList-1.0.dtd

Read the article
RUP (Rational Unified Process)

- by tony

I have chosen to use the development method RUP (Rational Unified Process) in my project. This is a method I've never used before. I've also included some elements from Scrum in the development process. The question is what the requirement specifications should contain in a RUP-model? Is it functional and non-functional requirements? And what should be included in a technical analysis and security requirements for RUP? Can’t find any information. Notes about this would be helpful. Hope people with RUP experience can share some useful experiences

Read the article
Scoping in embedded groovy scripts

- by Aaron Digulla

In my app, I use Groovy as a scripting language. To make things easier for my customers, I have a global scope where I define helper classes and constants. Currently, I need to run the script (which builds the global scope) every time a user script is executed: context = setupGroovy(); runScript( context, "global.groovy" ); // Can I avoid doing this step every time? runScript( context, "user.groovy" ); Is there a way to setup this global scope once and just tell the embedded script interpreter: "Look here if you can't find a variable"? That way, I could run the global script once. Note: Security is not an issue here but if you know a way to make sure the user can't modify the global scope, that's an additional plus.

Read the article
Should I make sure arguments aren't null before using them in a function.

- by Nathan W

The title may not really explain what I'm really trying to get at, couldn't really think of a way to describe what I mean. I was wondering if it is good practice to check the arguments that a function accepts for nulls or empty before using them. I have this function which just wraps some hash creation like so. Public Shared Function GenerateHash(ByVal FilePath As IO.FileInfo) As String If (FilePath Is Nothing) Then Throw New ArgumentNullException("FilePath") End If Dim _sha As New Security.Cryptography.MD5CryptoServiceProvider Dim _Hash = Convert.ToBase64String(_sha.ComputeHash(New IO.FileStream(FilePath.FullName, IO.FileMode.Open, IO.FileAccess.Read))) Return _Hash End Function As you can see I just takes a IO.Fileinfo as an argument, at the start of the function I am checking to make sure that it is not nothing. I'm wondering is this good practice or should I just let it get to the actual hasher and then throw the exception because it is null.? Thanks.

Read the article
Issues with taglibs while using jasmine-maven-plugin to test dojo widgets with templates

- by user2880454

I am using jasmine-maven-plugin to run javascript unit tests for my dojo widgets. One of my dojo widgets refers to a html template jsp file with taglibs. When I initialize my dojo widgets, I get the following error: Error: Invalid template: <%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec"% The plugin uses jetty to deploy the scripts to test. I tried including jstl jar into the WEB-INF folder but it doesn't work. I am assuming it's just not DOJO and this taglib issue can occur even with simple js file. I am looking for some clue on why taglibs are not recognized here. If I remove the taglib entries, my tests just work fine.

Read the article
Taking web page screen shot in Windows 8 Metro app

- by Megan

I'm trying to take screen shot of web page in Windows 8 Metro app. So far the only helpful control is the WebView. Unfortunately it does not contain any method like DrawToBitmap (known from Forms WebBrowser control). Am I missing something? Different approach would focus on injecting some JS (e.g. html2canvas) to page rendered in WebView but I don't think it is possible due to security reasons. I would greatly appreciate any help.

Read the article

< Previous Page | 432 433 434 435 436 437 438 439 440 441 442 443 | Next Page >