Search Results

Search found 30819 results on 1233 pages for 'software security'.

Page 440/1233 | < Previous Page | 436 437 438 439 440 441 442 443 444 445 446 447  | Next Page >

• Java: Cannot listen to port, BindException

  - by bguiz

  Hi, I am developing an application in Netbeans, and it is using JavaDB. I can connect to it and execute queries without issues, but for some reason, the "Output - JavaDB Database Process" pane within Netbeans keeps displaying Security manager installed using the Basic server security policy. Could not listen on port 1527 on host localhost: java.net.BindException: Address already in use How do I find out what process is already using, or bound to, that port number?

  Read the article

• Should i write my own forum? If my site has banning/PM/etc?

  - by acidzombie24

  I built a site from scratch (already done). It has banning, PM, comments, etc. The PMs and comments are done using markdown (like SO system). Should i write my own forum code or should i find one already made? What are reasons for or against writing my own? There are pros and cons for writing my own or using another software. But some cons keeping me from using another forum software is Multiple Logins: One for the site, one for separate forums. Need to Customization code: I'll need to change the toolbar in the forum software so i can access pages on the regular site. Look consistency: It may look drastically different from my site even after applying lots of css changes. Banning and User consistency. Users may be ban on site or on forums but not the other. users may select a different or multiple usernames on the forum instead of being forced to use the same username on both site and forum. What are reasons for or against writing my own and using forum software?

  Read the article

• How to RESTful delete record Asp.Net Mvc 2

  - by Picflight

  I have delete links in my Asp.Net Mvc2 application. /{controller}/Delete/{id} It seems using link to delete has a security risk. Don’t use Delete Links because they create Security Holes I found this Implementing RESTful Routes & Controllers in ASP.NET MVC 2.0 but I am not sure how to implement a simple delete functionality using the new HttpDeleteAttribute class. Are there any examples on deleting, the RESTful approach?

  Read the article

• What should I use for password fields in a table; MD5 or SHA1?

  - by Sergio Tapia

  I am by no means a security expert or even a novice. I'm a newbie at security at best. Someone suggested I use SHA1 instead of MD5 - why would I choose one over the other? Is one more secure?

  Read the article

• ASP.NET - What is the best way to block the application usage?

  - by Tufo

  Our clients must pay a monthly Fee... if they don't, what is the best way to block the asp.net software usage? Note: The application runs on the client own server, its not a SaaS app... My ideas are: Idea: Host a Web Service on the internet that the application will use to know if the client can use the software. Issue 1 - What happen if the client internet fails? Or the data center fails? Possible Answer: Make each web service access to send a key that is valid for 7 or 15 days, so each web service consult will enable the software to run more 7 or 15 days, this way the application will only be locked after 7 or 15 days without consulting our web servicee. Issue 2 - And if the client don't have or don't want to enable internet access to the application? Idea 2: Send a key monthly to the client. Issue - How to make a offline key? Possible Answer: Generate a Hash using the "limit" date, so each login try on software will compare the today hash with the key? Issue 2 - Where to store the key? Possible Answer: Database (not good, too easy to change), text file, registry, code file, assembly... Any opinion will be very appreciated!

  Read the article

• Instance Failure in asp.net

  - by user85511

  I have a web application that is working perfectly in my system. However, when I copied it to another system, I couldn't login to the application. There is an error: Server Error in '/' Application. -------------------------------------------------------------------------------- Instance failure. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.InvalidOperationException: Instance failure. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. Stack Trace: [InvalidOperationException: Instance failure.] System.Data.SqlClient.TdsParser.Connect(ServerInfo serverInfo, SqlInternalConnectionTds connHandler, Boolean ignoreSniOpenTimeout, Int64 timerExpire, Boolean encrypt, Boolean trustServerCert, Boolean integratedSecurity, SqlConnection owningObject) +4858423 System.Data.SqlClient.SqlInternalConnectionTds.AttemptOneLogin(ServerInfo serverInfo, String newPassword, Boolean ignoreSniOpenTimeout, Int64 timerExpire, SqlConnection owningObject) +90 System.Data.SqlClient.SqlInternalConnectionTds.LoginNoFailover(String host, String newPassword, Boolean redirectedUserInstance, SqlConnection owningObject, SqlConnectionString connectionOptions, Int64 timerStart) +257 System.Data.SqlClient.SqlInternalConnectionTds.OpenLoginEnlist(SqlConnection owningObject, SqlConnectionString connectionOptions, String newPassword, Boolean redirectedUserInstance) +221 System.Data.SqlClient.SqlInternalConnectionTds..ctor(DbConnectionPoolIdentity identity, SqlConnectionString connectionOptions, Object providerInfo, String newPassword, SqlConnection owningObject, Boolean redirectedUserInstance) +189 System.Data.SqlClient.SqlConnectionFactory.CreateConnection(DbConnectionOptions options, Object poolGroupProviderInfo, DbConnectionPool pool, DbConnection owningConnection) +4859187 System.Data.ProviderBase.DbConnectionFactory.CreatePooledConnection(DbConnection owningConnection, DbConnectionPool pool, DbConnectionOptions options) +31 System.Data.ProviderBase.DbConnectionPool.CreateObject(DbConnection owningObject) +433 System.Data.ProviderBase.DbConnectionPool.UserCreateRequest(DbConnection owningObject) +66 System.Data.ProviderBase.DbConnectionPool.GetConnection(DbConnection owningObject) +499 System.Data.ProviderBase.DbConnectionFactory.GetConnection(DbConnection owningConnection) +65 System.Data.ProviderBase.DbConnectionClosed.OpenConnection(DbConnection outerConnection, DbConnectionFactory connectionFactory) +117 System.Data.SqlClient.SqlConnection.Open() +122 System.Web.DataAccess.SqlConnectionHolder.Open(HttpContext context, Boolean revertImpersonate) +87 System.Web.DataAccess.SqlConnectionHelper.GetConnection(String connectionString, Boolean revertImpersonation) +221 System.Web.Security.SqlMembershipProvider.GetPasswordWithFormat(String username, Boolean updateLastLoginActivityDate, Int32& status, String& password, Int32& passwordFormat, String& passwordSalt, Int32& failedPasswordAttemptCount, Int32& failedPasswordAnswerAttemptCount, Boolean& isApproved, DateTime& lastLoginDate, DateTime& lastActivityDate) +815 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved, String& salt, Int32& passwordFormat) +105 System.Web.Security.SqlMembershipProvider.CheckPassword(String username, String password, Boolean updateLastLoginActivityDate, Boolean failIfNotApproved) +42 System.Web.Security.SqlMembershipProvider.ValidateUser(String username, String password) +78 System.Web.UI.WebControls.Login.AuthenticateUsingMembershipProvider(AuthenticateEventArgs e) +60 System.Web.UI.WebControls.Login.OnAuthenticate(AuthenticateEventArgs e) +119 System.Web.UI.WebControls.Login.AttemptLogin() +115 System.Web.UI.WebControls.Login.OnBubbleEvent(Object source, EventArgs e) +101 System.Web.UI.Control.RaiseBubbleEvent(Object source, EventArgs args) +37 System.Web.UI.WebControls.Button.OnCommand(CommandEventArgs e) +118 System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +166 System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10 System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13 System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +1565 -------------------------------------------------------------------------------- Version Information: Microsoft .NET Framework Version:2.0.50727.3053; ASP.NET Version:2.0.50727.3053 What could be the reason for such an error? How could I solve this?

  Read the article

• jquery / javascript for upload the file from browser to server

  - by Lalit

  Hi, I am developing the application in asp.net mvc with c#. I want the functionality that , a div will popup, so that i can facilate to use to upload the image file from his browser to server , in application domains file system. as usual. This question may be repeat , but i expect something more like how to build this scenario, and what are the security issues may come? and what care have to take while coding in the security perspective ?

  Read the article

• How do you manage the namespaces of your extension methods?

  - by Robert Harvey

  Do you use a global, catchall namespace for all of your extension methods, or do you put the extension methods in the same namespace as the class(es) they extend? Or do you use some other method, like an application or library-specific namespace? EDIT: I ask because I have a need to extend System.Security.Principal.IIdentity, and putting the extension method in the System.Security.Principal namespace seems to make sense, but I've never seen it done this way.

  Read the article

• Maven + SSDM Build and Runtime Environment Automation

  - by Randy

  Preface: My Company, like most, has several run-time environments and several release versions which themselves are composed of different versions of various jars. For example, let us consider release versions 1.1, 1.2, and 1.3 of Software X, which may be deployed to a developer computer, testing, or production. Software-x-1.1 is itself composed of jarA-0.9.1 and jarB-0.7.5, but software-x-1.3 is composed of jarA-1.7.31 and jarB-0.8.1. Currently we use Spring's PropertyPlaceholderConfigurer to configure run-time variables (such as database credentials), however, properties also change with release versions. We also use Maven 2 POM version 4 to specify which versions of our code need to be used. We place the version numbers of our jars as properties within profiles (dev,test,prod) inside of the parent pom and then reference those version numbers in all project poms. As of right now, we have no way to specify which project versions pertain to a given release other than the most current one. Moreover, we deploy our run-time configurations to the SSDM pickup which then configures and creates the services defined by the built versions of our software. -- Questions: Is there any procedure/tool we can use to build our product by merely providing the run-time environment and version number? IE "build 1.1 dev"? Is there anyway we can store the required jar versions for each release build? We are currently versioning all files, including the parent pom, but merely versioning the parent pom does not record which release version is pertinent to that parent pom. What else can we do to further automate the process of builds? For example, if we could manage run-time configurations within the parent pom that would be a step in the right direction, but that seems like a violation of scope. Any tool outside of our framework is inconceivable at this point, but not in the far future. Summary: How can we automate our build process to the fullest extent without being error prone?

  Read the article

• Binding Jar Library

  - by Juliano

  I'm trying to bind a jar library (jCIFS) on MFA, but i'm stuck on some errors, like this one: 'Jcifs.Util.MD4' does not implement inherited abstract member 'Java.Security.MessageDigestSpi.EngineDigest() After some research, i found some topics about this, telling to edit the metadata to change the permissions of the classes, like this: <attr path="/api/package[@name='java.security']/class[@name='MessageDigestSpi']/method[@name='engineDigest']" name="visibility">public</attr> But the error didn't change, and a still won't get what this error means. Anyone ? Thanks.

  Read the article

• Java: Check what processes are bound to a port?

  - by bguiz

  Hi, I am developing an application in Netbeans, and it is using JavaDB. I can connect to it and execute queries without issues, but for some reason, the "Output - JavaDB Database Process" pane within Netbeans keeps displaying Security manager installed using the Basic server security policy. Could not listen on port 1527 on host localhost: java.net.BindException: Address already in use How do I find out what process is already using, or bound to that port? On Ubuntu Karmic, Netbeans 6.7.1

  Read the article

• Integration transport choice (Oracle + SQL Server)

  - by lak-b

  We have several systems with Oracle (A) and SQL Server (B) databases on backend. I have to consolidate data from those systems into the new SQL Server database. Something like that: (A) =>|---------------| | some software | => SQL Server (B) =>|---------------| where some software is: transport (A and B systems located in the network) processing business logic (custom .NET code) Due to first point, I need some queue software or something similar (like MSMQ, Service Broker or something). In another hand, I can implement a web-service instead of queue. (A) =>|---------------|-------------| | queue/service | custom code | => SQL Server (B) =>|---------------|-------------| The question is: which queue/transport framework should I use with Oracle and SQL Server databases? It would be nice, if I can post messages to MSMQ in both Oracle and SQL Server stored procedures (can I?) It would be nice, if I can call a web-service in both Oracle and SQL Server stored procedures (can I?) It would be nice, if I can use something similar in both Oracle and SQL Server stored procedures (what exactly?) What software should I prefer to my requirements?

  Read the article

• what are the differences between correctly executing .net thread and Win32 thread

  - by Ybbest

  I am reading the Asp.net security documentation on msdn.I come across these tow terms and get really confused. # WindowsIdentity = WindowsIdentity.GetCurrent(), which returns the identity of the security context of the currently executing Win32 thread. # Thread = Thread.CurrentPrincipal which returns the principal of the currently executing .NET thread which rides on top of the Win32 thread.

  Read the article

• Adding user role constraint redirects Browser to jsf.js script?

  - by simgineer

  My JSF form login was working with Constraint 1 however when I added Constraint 2 to my web.xml doing a submit on the form now takes me to a jsf javascript page. Can someone tell me what I am doing wrong? I would like only administrators to be able to access the /admin/* pages and only registered users to access the entire site included admin files. BTW after I see the java script page I can still navigate to the intended page in the browser, I just don't want the user to see the intermediate js page or need to know the target page URL. Constraint 1 <security-constraint> <display-name>Admin</display-name> <web-resource-collection> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>ADMIN</role-name> </auth-constraint> </security-constraint> Constraint 2 <security-constraint> <display-name>Users</display-name> <web-resource-collection> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>USER</role-name> </auth-constraint> </security-constraint> Here is the undesired url I am being redirected to: javax.faces.resource/jsf.js.xhtml?ln=javax.faces&stage=Development Here is the start of the jsf.js.xhtml... /** @project JSF JavaScript Library @version 2.0 @description This is the standard implementation of the JSF JavaScript Library. */ /** * Register with OpenAjax */ if (typeof OpenAjax !== "undefined" && typeof OpenAjax.hub.registerLibrary !== "undefined") { OpenAjax.hub.registerLibrary("jsf", "www.sun.com", "2.0", null); } // Detect if this is already loaded, and if loaded, if it's a higher version if (!((jsf && jsf.specversion && jsf.specversion >= 20000 ) && (jsf.implversion && jsf.implversion >= 3))) { ... Notes I'm using Firefox 10.0.4, Glassfish 3.1 w JSF2.0 lib, j_security_check, and my login realm setup is similar to this

  Read the article

• Which is the best license for my Open Source project?

  - by coderex

  I am a web developer, and I don't have enough knowledge about software licenses. I wish to publish some of my works, and I need to select licenses for them. My software product is free of cost. But I have some restrictions on the distribution/modification of the code. It's free of cost (but donations are acceptable ;-)). The source code is freely available. You can use, customize or edit/remove code (as long as the basic nature of the software is not changed). You don't have any permission to change the product name. There are some libraries and classes which are in a folder caller "myname". You don't have the permission to rename "myname". You can contribute any additions or modifications to my project, to the original source repository (the contributors name/email/site link will be listed on the credit file). You can't remove the original author's name from the license. You can put the license file or license code anywhere in the project file or folder. You can redistribute this code as free or commercial software. :) Do you think all these restrictions are valid? Given these restrictions, which license should I use? Edit 1:- My main intention is to make the product more popular with free source code while ensuring the original author is not ignored. The product is open. Edit 2:- Thank you all, the above points are because of my lack of knowledge of license terms. You can help me to correct or remove some of the above points. What I'm basically looking for is in my Edit 1.

  Read the article

• how can i get the file permission of a directory with java

  - by user571652

  i try to check the permission granted to a directory in linux, i mean i have a directory with permission 755 berty@berty-laptop:~$ ls -l / |grep directory drwxr-xr-x 3 root root 4096 2011-01-10 12:33 directory how can i read that permission with java? I've tried using FilePermission but though i have a directory with all the permissions (777) the FilePermission class always returns an exception java.security.AccessControlException: Access denied (java.io.FilePermission /home/directory read) at java.security.AccessController.checkPermission(AccessController.java:103) at com.snippets.Check4DirectoryPermission.checker(Check4DirectoryPermission.java:50) at com.snippets.Check4DirectoryPermission.main(Check4DirectoryPermission.java:70) is there another way to do this?

  Read the article

• Why is it safe to use copy & paste in Flash but not in Javascript?

  - by Lenni

  I'm trying to use copy'n paste in one of my web apps and have read a few articles/SO questions about it. Most people say that using Flash is the only option since most browsers don't allow access to the system clipboard because of security concerns. I can understand this but I wonder why it is okay for Flash do this, but not for the browser. Or has it got nothing to do with security and it is simply to complicated to implement this for cross-platform browser vendors?

  Read the article

• How do I send/receive windows messages between VB6 and c#?

  - by cabgef

  I know I can receive messages with the code below in c#, how do I send to vb6, and receive in vb6, and send from vb6? [System.Security.Permissions.PermissionSet(System.Security.Permissions.SecurityAction.Demand, Name = "FullTrust")] protected override void WndProc(ref Message m) { int _iWParam = (int)m.WParam; int _iLParam = (int)m.LParam; switch ((ECGCardioCard.APIMessage)m.WParam) { // handling code goes here } base.WndProc(ref m); }

  Read the article

• PHP/CGI: Portable and safe way to get PATH_INFO

  - by LiraNuna

  I'm seeking a portable way to receive the (handy) $_SERVER['PATH_INFO'] variable. After reading a while, it turns out PATH_INFO is originated from CGI/1.1, and my not always be present in all configuration. What is the best (mostly security-wise) way to get that variable - apart from extracting it manually (security concern).

  Read the article

• Struts2 Hibernate Login with User table and group table

  - by J2ME NewBiew

  My problem is, i have a table User and Table Group (this table use to authorization for user - it mean when user belong to a group like admin, they can login into admincp and other user belong to group member, they just only read and write and can not login into admincp) each user maybe belong to many groups and each group has been contain many users and they have relationship are many to many I use hibernate for persistence storage. and struts 2 to handle business logic. When i want to implement login action from Struts2 how can i get value of group member belong to ? to compare with value i want to know? Example I get user from username and password then get group from user class but i dont know how to get value of group user belong to it mean if user belong to Groupid is 1 and in group table , at column adminpermission is 1, that user can login into admincp, otherwise he can't my code: User.java /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package org.dejavu.software.model; import java.io.Serializable; import java.util.Date; import java.util.HashSet; import java.util.Set; import javax.persistence.CascadeType; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.FetchType; import javax.persistence.GeneratedValue; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.JoinTable; import javax.persistence.ManyToMany; import javax.persistence.Table; import javax.persistence.Temporal; /** * * @author Administrator */ @Entity @Table(name="User") public class User implements Serializable{ private static final long serialVersionUID = 2575677114183358003L; private Long userId; private String username; private String password; private String email; private Date DOB; private String address; private String city; private String country; private String avatar; private Set<Group> groups = new HashSet<Group>(0); @Column(name="dob") @Temporal(javax.persistence.TemporalType.DATE) public Date getDOB() { return DOB; } public void setDOB(Date DOB) { this.DOB = DOB; } @Column(name="address") public String getAddress() { return address; } public void setAddress(String address) { this.address = address; } @Column(name="city") public String getCity() { return city; } public void setCity(String city) { this.city = city; } @Column(name="country") public String getCountry() { return country; } public void setCountry(String country) { this.country = country; } @Column(name="email") public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } @ManyToMany(fetch = FetchType.LAZY, cascade = CascadeType.ALL) @JoinTable(name="usergroup",joinColumns={@JoinColumn(name="userid")},inverseJoinColumns={@JoinColumn( name="groupid")}) public Set<Group> getGroups() { return groups; } public void setGroups(Set<Group> groups) { this.groups = groups; } @Column(name="password") public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } @Id @GeneratedValue @Column(name="iduser") public Long getUserId() { return userId; } public void setUserId(Long userId) { this.userId = userId; } @Column(name="username") public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } @Column(name="avatar") public String getAvatar() { return avatar; } public void setAvatar(String avatar) { this.avatar = avatar; } } Group.java /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package org.dejavu.software.model; import java.io.Serializable; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.GeneratedValue; import javax.persistence.Id; import javax.persistence.Table; /** * * @author Administrator */ @Entity @Table(name="Group") public class Group implements Serializable{ private static final long serialVersionUID = -2722005617166945195L; private Long idgroup; private String groupname; private String adminpermission; private String editpermission; private String modpermission; @Column(name="adminpermission") public String getAdminpermission() { return adminpermission; } public void setAdminpermission(String adminpermission) { this.adminpermission = adminpermission; } @Column(name="editpermission") public String getEditpermission() { return editpermission; } public void setEditpermission(String editpermission) { this.editpermission = editpermission; } @Column(name="groupname") public String getGroupname() { return groupname; } public void setGroupname(String groupname) { this.groupname = groupname; } @Id @GeneratedValue @Column (name="idgroup") public Long getIdgroup() { return idgroup; } public void setIdgroup(Long idgroup) { this.idgroup = idgroup; } @Column(name="modpermission") public String getModpermission() { return modpermission; } public void setModpermission(String modpermission) { this.modpermission = modpermission; } } UserDAO /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package org.dejavu.software.dao; import java.util.List; import org.dejavu.software.model.User; import org.dejavu.software.util.HibernateUtil; import org.hibernate.Query; import org.hibernate.Session; /** * * @author Administrator */ public class UserDAO extends HibernateUtil{ public User addUser(User user){ Session session = HibernateUtil.getSessionFactory().getCurrentSession(); session.beginTransaction(); session.save(user); session.getTransaction().commit(); return user; } public List<User> getAllUser(){ Session session = HibernateUtil.getSessionFactory().getCurrentSession(); session.beginTransaction(); List<User> user = null; try { user = session.createQuery("from User").list(); } catch (Exception e) { e.printStackTrace(); session.getTransaction().rollback(); } session.getTransaction().commit(); return user; } public User checkUsernamePassword(String username, String password){ Session session = HibernateUtil.getSessionFactory().getCurrentSession(); session.beginTransaction(); User user = null; try { Query query = session.createQuery("from User where username = :name and password = :password"); query.setString("username", username); query.setString("password", password); user = (User) query.uniqueResult(); } catch (Exception e) { e.printStackTrace(); session.getTransaction().rollback(); } session.getTransaction().commit(); return user; } } AdminLoginAction /* * To change this template, choose Tools | Templates * and open the template in the editor. */ package org.dejavu.software.view; import com.opensymphony.xwork2.ActionSupport; import org.dejavu.software.dao.UserDAO; import org.dejavu.software.model.User; /** * * @author Administrator */ public class AdminLoginAction extends ActionSupport{ private User user; private String username,password; private String role; private UserDAO userDAO; public AdminLoginAction(){ userDAO = new UserDAO(); } @Override public String execute(){ return SUCCESS; } @Override public void validate(){ if(getUsername().length() == 0){ addFieldError("username", "Username is required"); }if(getPassword().length()==0){ addFieldError("password", getText("Password is required")); } } public String getPassword() { return password; } public void setPassword(String password) { this.password = password; } public String getRole() { return role; } public void setRole(String role) { this.role = role; } public User getUser() { return user; } public void setUser(User user) { this.user = user; } public String getUsername() { return username; } public void setUsername(String username) { this.username = username; } } other question. i saw some example about Login, i saw some developers use interceptor, im cant understand why they use it, and what benefit "Interceptor" will be taken for us? Thank You Very Much!

  Read the article

• Shared Hudson installation - how to enable access to git over ssh?

  - by tputkonen

  We are trying to set up a Hudson server and share it between different projects. Hudson authenticates users against our Windows domain AD, and the project based security matrix makes it easy to manage who can access which projects. Remaining issue is, that most of the projects use git over ssh. Is there a way to make shared Hudson access git so that each project could create their and manage their own jobs without compromising security?

  Read the article

• Authenticating users in iPhone app

  - by Myron

  I'm developing an HTTP api for our web application. Initially, the primary consumer of the API will be an iPhone app we're developing, but I'm designing this with future uses in mind (such as mobile apps for other platforms). I'm trying to decide on the best way to authenticate users so they can access their accounts from the iPhone. I've got a design that I think works well, but I'm no security expert, so I figured it would be good to ask for feedback here. The design of the user authentication has 3 primary goals: Good user experience: We want to allow users to enter their credentials once, and remain logged in indefinitely, until they explicitly log out. I would have considered OAuth if not for the fact that the experience from an iPhone app is pretty awful, from what I've heard (i.e. it launches the login form in Safari, then tells the user to return to the app when authentication succeeds). No need to store the user creds with the app: I always hate the idea of having the user's password stored in either plain text or symmetrically encrypted anywhere, so I don't want the app to have to store the password to pass it to the API for future API requests. Security: We definitely don't need the intense security of a banking app, but I'd obviously like this to be secure. Overall, the API is REST-inspired (i.e. treating URLs as resources, and using the HTTP methods and status codes semantically). Each request to the API must include two custom HTTP headers: an API Key (unique to each client app) and a unique device ID. The API requires all requests to be made using HTTPS, so that the headers and body are encrypted. My plan is to have an api_sessions table in my database. It has a unique constraint on the API key and unique device ID (so that a device may only be logged into a single user account through a given app) as well as a foreign key to the users table. The API will have a login endpoint, which receives the username/password and, if they match an account, logs the user in, creating an api_sessions record for the given API key and device id. Future API requests will look up the api_session using the API key and device id, and, if a record is found, treat the request as being logged in under the user account referenced by the api_session record. There will also be a logout API endpoint, which deletes the record from the api_sessions table. Does anyone see any obvious security holes in this?

  Read the article

• Getting path of file copied after deployment in a unit test C#

  - by amitchd

  Hi, The connection string in my app.config for my C# project looks like Data Source=.\SQLEXPRESS;AttachDbFilename='|DataDirectory|\EIC.mdf';Integrated Security=True;User Instance=True" I am writing unit tests for the project and have the set the test run configuration to copy the EIC.mdf, but I do am not able to reference the Deployed copy of EIC.mdf to be referenced by the app.config I created for the test project. If I set it to Data Source=.\SQLEXPRESS;AttachDbFilename='EIC.mdf';Integrated Security=True;User Instance=True" It still does not find the mdf file.

  Read the article

• Passing windows credentials through web application, to WCF

  - by IP

  I've checked other questions, but I can't find a working answer I have a .Net web application which successfully takes on the callers windows credentials (Thread.CurrentPrincipal is my windows user). Within that app, I call to a WCF service, but my windows identity isn't passed up. Regardless of what I put in the binding: NetTcpBinding binding = new NetTcpBinding(); binding.Security.Mode = SecurityMode.Transport; binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Windows;

  Read the article

• Organizing development teams

  - by Patrick

  A long time ago, when my company was much smaller, dividing the development work over teams was quite easy: the 'application' team developed the applications-specific logic, often requiring a deep insight of specific industry problems) the 'generic' team developed the parts that were common/generic for all applications (user interface related stuff, database access, low-level Windows stuff, ...) Over the years the boundaries between the teams have become fuzzy: the 'application' teams often write application-specific functionality with a 'generic' part, so instead of asking the 'generic' team to write that part for them, they write it themselves to speed up the developments; then donate it to the 'generic' team the 'generic' team's focus seems to be more 'maintenance oriented'. All of the 'very generic' code has already been written, so no new developments are needed in it, but instead they continuously have to support all the functionality donated by the application teams. All this seems to indicate that it's not a good idea anymore to have this split in teams. Maybe the 'generic' team should evolve into a 'software quality' team (defining and guarding the rules for writing good quality software), or into a 'software deployment' team (defining how software should be deployed, installed, ...). How do you split up the work in different teams if you have different applications? everybody can write generic code and donates it to a central 'generic' team? everybody can write generic code, but nobody 'manages' this generic code (everybody is the owner) generic code is written by a 'generic' team only and the applications have to wait until the 'generic' team delivers the generic part (via a library, via a DLL) there is no overlap in code between the different applications some other way? Notice that thee advantage of having the mix (allowing everybody to write everywhere in the code) is that: code is written in a more flexible way it's easier to debug the code since you can easily step into the 'generic' code in the debugger But the big (and maybe only) disadvantage is that this generic code may become nobody's responsibility if there is no clear team that manages it anymore. What is your vision?

  Read the article

< Previous Page | 436 437 438 439 440 441 442 443 444 445 446 447  | Next Page >