Search Results

Search found 32953 results on 1319 pages for 'access secret'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 446/1319 | < Previous Page | 442 443 444 445 446 447 448 449 450 451 452 453  | Next Page >

  • Redirecting a HTTP rqueust and response code/headers

    - by Bill Zimmerman
    Hi, I have a loosely coupled web app (one part uses PHP, the other uses WGSI). The WSGI/python framework shares the authentication with the PHP app, meaning that generally, the user should Log in via the PHP interface Now the user can access any of the WSGI pages [this part works if the user has logged in] What I want to do though, is if a user tries to access a WSGI page while not logged in (maybe from a previous bookmark), I would like to redirect him to the login page, and after logging in redirect him back to the orignal URL. I'm not very experienced with server-side programming, so here are my questions. How should I redirect the user back to the PHP login page? What should the HTTP status code be? Do I need to set any extra header information? What is a good way/best practice method to pass the original URL to the login page, and then after logging have it redirect the user back. Thank you!

    Read the article

  • ServerAlias www.example.com is not recognized

    - by Tianzhou Chen
    Below is my config file: NameVirtualHost 12.34.56.78:80 < VirtualHost 12.34.56.78:80 ServerAdmin [email protected] ServerName domain1.com ServerAlias www.domain1.com DocumentRoot /srv/www/domain1.com/public_html1/ ErrorLog /srv/www/domain1.com/logs/error.log CustomLog /srv/www/domain1.com/logs/access.log combined < /VirtualHost < VirtualHost 12.34.56.78:80 ServerAdmin [email protected] ServerName domain2.com ServerAlias www.domain2.com DocumentRoot /srv/www/domain2.com/public_html1/ ErrorLog /srv/www/domain2.com/logs/error.log CustomLog /srv/www/domain2.com/logs/access.log combined < /VirtualHost The thing is when I put www.domain1.com into browser, apache2 doesn't retrieve the web page resides in /srv/www/domain1.com/public_html1/, instead, it gets the page from the default document root defined in another file. However, if I put www.domain2.com, everything works fine. I don't see any difference between two VirtualHost config block, so I wonder what does make the difference. BTW, I haven't put any .htaccess file under their document root. Thanks for your advice! Tianzhou

    Read the article

  • MVC 2 AntiForgeryToken - Why symmetric encryption + IPrinciple?

    - by Brad R
    We recently updated our solution to MVC 2, and this has updated the way that the AntiForgeryToken works. Unfortunately this does not fit with our AJAX framework any more. The problem is that MVC 2 now uses symmetric encryption to encode some properties about the user, including the user's Name property (from IPrincipal). We are able to securely register a new user using AJAX, after which subsequent AJAX calls will be invalid as the anti forgery token will change when the user has been granted a new principal. There are also other cases when this may happen, such as a user updating their name etc. My main question is why does MVC 2 even bother using symmetric encryption? Any then why does it care about the user name property on the principal? If my understanding is correct then any random shared secret will do. The basic principle is that the user will be sent a cookie with some specific data (HttpOnly!). This cookie is then required to match a form variable sent back with each request that may have side effects (POST's usually). Since this is only meant to protect from cross site attacks it is easy to craft up a response that would easily pass the test, but only if you had full access to the cookie. Since a cross site attacker is not going to have access to your user cookies you are protected. By using symmetric encryption, what is the advantage in checking the contents of the cookie? That is, if I already have sent an HttpOnly cookie the attacker cannot override it (unless a browser has a major security issue), so why do I then need to check it again? After having a think about it it appears to be one of those 'added layer of security' cases - but if your first line of defence has fallen (HttpOnly) then the attacker is going to get past the second layer anyway as they have full access to the users cookie collection, and could just impersonate them directly, instead of using an indirect XSS/CSRF attack. Of course I could be missing a major issue, but I haven't found it yet. If there are some obvious or subtle issues at play here then I would like to be aware of them.

    Read the article

  • Multiple Mod_ReWrites on one site - Possible? (Wordpress blog in root directory, CodeIgniter project

    - by Sootah
    Currently I am creating a project with CodeIgniter that is contained within a subdirectory of my domain. For this example we'll call it domain.com/test. I also have Wordpress installed on this domain, and all of its files are in the root. For instance, if you navigate to my domain.com then it pulls up the Wordpress blog. I currently have the Wordpress mod_rewrite activated so that it uses friendly-URLs. For those of you that aren't familiar with CodeIgniter, all requests are routed through index.php in the project's root folder. So, in this case, it'd be domain.com/text/index.php. A request to the application would be sent like domain.com/test/index.php/somecontroller/method. What I'd like to do, is for any incoming request that is directed towards the /test/ folder, or some subdirectory therein I'd like it to appropriately rewrite the URL so the index.php isn't included. (As per the example above, it'd end up being domain.com/test/somecontroller/method) For any OTHER request, meaning anything that's not within the /test/ directory, I would like it to route the request to Wordpress. I would imagine it's a simple RewriteCond to make it check to see if the request is for the /test/ directory or a subdirectory therein, but I've no idea how to do it. Perhaps you can't have more than one set of Rewrite Rules per site. I will include the recommended mod_rewrite rules for each application. Wordpress: (Currently used) <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> CodeIgniter: (Pulled from their Wiki) <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / #Removes access to the system folder by users. #Additionally this will allow you to create a System.php controller, #previously this would not have been possible. #'system' can be replaced if you have renamed your system folder. RewriteCond %{REQUEST_URI} ^system.* RewriteRule ^(.*)$ /index.php?/$1 [L] #When your application folder isn't in the system folder #This snippet prevents user access to the application folder #Submitted by: Fabdrol #Rename 'application' to your applications folder name. RewriteCond %{REQUEST_URI} ^application.* RewriteRule ^(.*)$ /index.php?/$1 [L] #Checks to see if the user is attempting to access a valid file, #such as an image or css document, if this isn't true it sends the #request to index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L] </IfModule> <IfModule !mod_rewrite.c> # If we don't have mod_rewrite installed, all 404's # can be sent to index.php, and everything works as normal. # Submitted by: ElliotHaughin ErrorDocument 404 /index.php </IfModule> Any and all help is much appreciated!! Thanks, -Sootah

    Read the article

  • Address calling class [Java]

    - by Samuel
    Hello! [I am rather new to Java and Object Oriented programming] I have an abstract class Moveable with the method abstract void move() which is extended by the class Bullet and the abstract class Character, and Character is extended by the class Survivor and the class Zombie. In Survivor and Bullet the move() method doesnt require any parameters while in the class Zombie the move() method depends on the actual position of the survivor. The survivor and multiple zombies are created in the class Gui. I wanted to access the survivor in Zombie - what's the best way of doing this? In Gui i wrote a method getSurvivor() but i don't see how to access this method in Zombie? I am aware that as a workaround i could just pass a [Survivor survivor] as parameter in move() and ignore it in Bullet and Survivor, but that feels so ... bad practice. Thank you for your time! Samuel [I am not sure what tags to set here, please correct me if i'm wrong]

    Read the article

  • EXC_BAD_ACCESS signal received

    - by Hector Ramos
    When deploying the application to the device, the program will quit after a few cycles with the following error: Program received signal: "EXC_BAD_ACCESS". The program runs without any issue on the iPhone simulator, it will also debug and run as long as I step through the instructions one at a time. As soon as I let it run again, I will hit the EXC_BAD_ACCESS signal. In this particular case, it happened to be an error in the accelerometer code. It would not execute within the simulator, which is why it did not throw any errors. However, it would execute once deployed to the device. Most of the answers to this question deal with the general EXC_BAD_ACCESS error, so I will leave this open as a catch-all for the dreaded Bad Access error. EXC_BAD_ACCESS is typically thrown as the result of an illegal memory access. You can find more information in the answers below. Have you encountered the EXC_BAD_ACCESS signal before, and how did you deal with it?

    Read the article

  • System.Net.WebProxy in .NET Client

    - by NealWalters
    I don't yet have a good understanding of how the network is set up at my current client, but here is my issue. The vendor has a normal URL, but it might be a leased line. I have a .NET program that calls an external .asmx service. If I go to IE, Connections, LAN Settings, and uncheck "Automatic detect settings" and uncheck "Use Automatic Configuration Sript", then the .NET program runs and access the web service fine. But then, to access internet again from the browser, I have to re-check the two boxes, and so on throughout the day while we are testing and browsing. I'm hoping to put some code like this in the .NET program to avoid us having to constantly change: if (chkUseProxy.Checked) { myclient.Proxy = new System.Net.WebProxy(""); } I tried null and empty string and so far not able to connect without errors. Is this possible, and if so, what might be the correct parms for the constructor? Or are there other objects or properties that would need to be set? Thanks, Neal Walters

    Read the article

  • Silverlight -> WCF -> Database -> problem

    - by Billy
    Hi there, I have some silverlight code that calls a WCF service which then uses the Entity Framework to access the database and return records. Everything runs fine but ... when I replace the Entity Framework code with classic ADO.NET code I get an error: The remote server returned an error: NotFound When I call the ADO.NET code directly with a unit test it returns records fine so it's not a problem with the ADO.NEt code I used fiddler and it seems to say that the service cannot be found with a "500" error. i don't think it's anything to do with the service as the only thing I change is the technology to access the database. Anyone know what i'm missing here?

    Read the article

  • How do I pass argument from an activity to another in Workflow 4

    - by Jimmy Engtröm
    Hi I have created an Activity (CodeActivity) that retrieves the temperature where I live. I wan't to add that activity to a workflow and connect it to an if statement/activity that can based on my temperature outargument do different things. But I can't seem to find how to access the outargument from my temperature-activity. This is my first Windows Workflow 4 project so perhaps I'm attacking this in the wrong way. I have: public OutArgument Degrees { get; set; } But how do I access it? I have found tutorials how to get the data when running the activity (only one) but not as part of a workflow. Hope my question makes sence. /Jimmy

    Read the article

  • c# Active Directory via WMI

    - by Juri Bogdanov
    Hi! Does anyone has some example about accessing Active Directory, LDAP querying using WMI (System.Management namespace) and not System.DirectoryServices namespace. Here on MSDN page it is described a little using CIM classes http://msdn.microsoft.com/en-us/library/aa392320(v=VS.85).aspx But I cant find some C# example realizing it. For example, to access some Win32 class you have to initialize Scope object to use CIMV2 namespace private ConnectionOptions connection; private ManagementScope scope; ... connection = new ConnectionOptions(); ... scope = new ManagementScope("\\\\" + computer + "\\root\\CIMV2", connection); try { scope.Connect(); } And use ObjectQuery class for querying WMI data ObjectQuery objectQuery = new ObjectQuery("SELECT Name FROM Win32_Processor"); ManagementObjectSearcher searcher = ManagementObjectSearcher(scope, objectQuery); foreach (ManagementObject queryObj in searcher.Get()) { return queryObj["Name"].ToString(); } How is it possible to access AD using the same scope? Thanks :)

    Read the article

  • Hide script extension

    - by Ali
    I have a html form that posts to a python script test.py. If someone tries to access the script directly, it redirects them to the form. I not using a web framework, just straight python cgi programming. My website is hosted on a shared hosting provider that allows me access to a .htaccess file. I wanted to know if there was a way to have the form post to the script and in the address bar show mydomain.com/test/ and not mydomain.com/test.py ? Thanks.

    Read the article

  • How powerful is the <script> tag in ASP.NET ?

    - by MarceloRamires
    I'm new at web development with .NET, and I'm currently studying a page where I have both separated codebehinds (in my case, a .CS file associated to the ASPX file), and codebehind that is inside the ASPX file inside tags like this: <script runat="server"> //code </script> Q1:What is the main difference (besides logical matters like organization, readability and ETC), what could be done in one way that could not be done in another? What is each mode best suited for ? Q2:If I'm going to develop a simple page with database connection, library imports, access to controls (ascx) and image access in other folders.. which method should I choose ?

    Read the article

  • How to propagate spring security login to EJBs?

    - by tangens
    Context I have a J2EE application running on a JBoss 4.2.3 application server. The application is reachabe through a web interface. The authentication is done with basic authentication. Inside of the EJBs I ask the security context of the bean for the principal (the name of the logged in user) and do some authorization checks if this user is allowed to access this method of the EJB. The EJBs life inside a different ear than the servlets handling the web frontend, so I can't access the spring application context directly. Required change I want to switch to Spring Security for handling the user login. Question How can I propagate the spring login information to the JBoss security context so I can still use my EJBs without having to rewrite them? Ideas and links I already found a page talking about "Propagating Identity from Spring Security to the EJB Layer", but unfortunatelly it refers to an older version of Spring Security (Acegi) and I'm not familiar enough with Spring Security to make this work with the actual version (3.0.2).

    Read the article

  • Connecting to SQL Server with Visual Studio Express Editions

    - by tlianza
    I find it odd that in Visual C# 2008 Express edition, when you use the database explorer, your options are: 1) Microsoft Access 2) SQL Server Compact 3.5, and 3) SQL Server Database File. BUT if you use Visual Web Developer 2008 Express, you can connect to a regular SQL Server, Oracle, ODBC, etc. For people developing command-line or other C# apps that need to talk to a SQL Server database, do you really need to build your LINQ/Data Access code with one IDE (Visual Web Developer) and your program in another (Visual C#)? It's not a hard workaround, but it seems weird. If Microsoft wanted to force you to upgrade to Visual Studio to connect to SQL Server, why would they include that feature in one of their free IDEs but not the other? I feel like I might be missing something (like how to do it all in Visual C#). Thanks! Tom

    Read the article

  • CentOS security for lazy admins

    - by Robby75
    I'm running CentOS 5.5 (basic LAMP with Parallels Power Panel and Plesk) and have thus far neglected security (because it's not my full-time job, there is always something more important on my todo-list). My server does not contain any secret data and also no lives depend on it - Basically what I want is to make sure it does not become part of a botnet, that is "good enough" security in my case. Anyway, I don't want to become a full-time paranoid admin (like constantly watching and patching everything because of some obscure problem), I also don't care about most security problems like DOS attacks or problems that only exist when using some arcane settings. I'm in search of a "happy medium", for example a list of known important problems in the default installation of CentOS 5.5 and/or a list of security problems that have actually been exploited - not the typical endless list of buffer overflows that "maybe" a problem in some special case. The problem that I have with the usually recommended approaches (joining mailing lists, etc.) is that the really important problems (something where an exploit exists, that is exploitable in a common setup and where the attacker can do something really useful - i.e. not a DOS) are completely and utterly swamped by millions of tiny security alerts that surely are important for high-security servers, but not for me. Thanks for all suggestions!

    Read the article

  • Create signed urls for CloudFront with Ruby

    - by wiseleyb
    History: I created a key and pem file on Amazon. I created a private bucket I created a public distribution and used origin id to connect to the private bucket: works I created a private distribution and connected it the same as #3 - now I get access denied: expected I'm having a really hard time generating a url that will work. I've been trying to follow the directions described here: http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/index.html?PrivateContent.html This is what I've got so far... doesn't work though - still getting access denied: def url_safe(s) s.gsub('+','-').gsub('=','_').gsub('/','~').gsub(/\n/,'').gsub(' ','') end def policy_for_resource(resource, expires = Time.now + 1.hour) %({"Statement":[{"Resource":"#{resource}","Condition":{"DateLessThan":{"AWS:EpochTime":#{expires.to_i}}}}]}) end def signature_for_resource(resource, key_id, private_key_file_name, expires = Time.now + 1.hour) policy = url_safe(policy_for_resource(resource, expires)) key = OpenSSL::PKey::RSA.new(File.readlines(private_key_file_name).join("")) url_safe(Base64.encode64(key.sign(OpenSSL::Digest::SHA1.new, (policy)))) end def expiring_url_for_private_resource(resource, key_id, private_key_file_name, expires = Time.now + 1.hour) sig = signature_for_resource(resource, key_id, private_key_file_name, expires) "#{resource}?Expires=#{expires.to_i}&Signature=#{sig}&Key-Pair-Id=#{key_id}" end resource = "http://d27ss180g8tp83.cloudfront.net/iwantu.jpeg" key_id = "APKAIS6OBYQ253QOURZA" pk_file = "doc/pk-APKAIS6OBYQ253QOURZA.pem" puts expiring_url_for_private_resource(resource, key_id, pk_file) Can anyone tell me what I'm doing wrong here?

    Read the article

  • Flash ActionScript 3 runtime SecurityError

    - by dd
    I have swf that loads swf, which loads another swf(video player). Is there a trick in publish settings? everything works fine on my local machine, when I upload it on the sever error happen and video doesnt load SecurityError: Error #2148: SWF file http:// (URL where Site is hosted)/video.swf cannot access local resource file:///Macintosh%20HD/Users/..flash.flv. Only local-with-filesystem and trusted local SWF files may access local resources. at flash.net::NetStream/play() at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_play() at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_setUpStream() at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_load() at fl.video::VideoPlayer/load() at fl.video::FLVPlayback/doContentPathConnect()

    Read the article

  • Easy GUI way to auto scale EC2 and RDS: aws console, scalr, ylastic...?

    - by Zillo
    I am managing all my instances with the AWS Management Console (the GUI web console) but now I want to use Auto Scale and it seems that this can not be done with that console. Yes, there is CloudWatch but I can only create alarms (e-mail notifications), it seems that CouldWatch needs you to add the auto scale policy in some other place (by command line console?). I would like to use some easy GUI interface. Ylastic and Scalr seems to be a good option. Which one do you think is better? Regarding Scalr, is there any difference between the open source software Scalr and the service Scalr.net? I mean, is the GUI interface the same? I like the idea of the Scalr because I do not need to give my Secret Access Key to a third party (like in Ylastic or in Scalr.net) One question about the Scalr software, it has to be installed in the instances or it must be installed in another machine? Do I need to setup again all my security permissions, AMIs, snapshots, etc. or I can use AWS Management Console for everything and Scalr just to auto scale.

    Read the article

  • asterisk extensions.conf & sip.conf

    - by Josh
    I'm trying to get my Dialplan to work. When I call, the only thing I get is a dial tone to enter extension "no Background(thanks-calling) is played". When extension 123 is dialed, busy signal is triggered and asterisk CLI get frozen. Any help will be appreciate it. Conf files below. ; PSTN on sip.conf [pstn] type=friend host=dynamic context=pstn username=pstn secret=password nat=yes canreinvite=no dtmfmode=rfc2833 qualify=yes insecure=port,invite disallow=all allow=ulaw ; PSTN on extensions.conf [pstn] exten => s,1,Answer exten => s,2,Wait,2 exten => s,4,DigitTimeout,5 exten => s,5,ResponseTimeout,10 exten => s,6,Background(thanks-calling) exten => 0,1,Goto(incoming,123,1) ; (Member Services) [incoming] exten => 123,1,NoOP(${CALLERID}) ; show the caller ID info in the console exten => 123,n,Ringing() exten => 123,n,Answer() exten => 123,n,Playback(silence/1) exten => 123,n,Playback(connecting1) exten => 123,n,Wait(3) exten => 123,n,Dial(SIP/line1,60) exten => 123,n,Congestion

    Read the article

  • Group SQL tables in SQL Server Management Studio object explorer

    - by MainMa
    I have a table which has approximately sixty tables, and other tables are added constantly. Each table is a part of a schema. A such quantity of tables makes it difficult to use Microsoft SQL Server Management Studio 2008. For example, I must scroll up in object explorer to access database related functions, or scroll down each time I need to access Views or Security features. Is it possible to group several tables to be able to expand or collapse them in Object Explorer? Maybe a folder may be displayed for each schema, letting collapse the folders I don't need to use?

    Read the article

  • Dependency between multiple classes

    - by CliffC
    I am confuse between the best way to organize dependency between multiple classes assume i have the following classes Employee, Salary, DataAccess Should i go for: Option1 Employee emp = new Employee(); Salary sal = new Salary(); DataAccess data = new DataAccess(); sal.Calculate(emp); data.Save(emp); or Option2 Employee emp = new Employee(); Salary sal = new Salary(); sal.Calculate(emp); //once salary has been calculated salary object will initialize data access class to do the actual saving. or Option 3 Employee emp = new Employee(); emp.Calculate(); // employee object will encapsulate both the salary and data access object

    Read the article

  • Accessing HTTP status code while using WCF client for accessing RESTful services

    - by Hemant
    Thanks to this answer, I am now able to successfully call a JSON RESTful service using a WCF client. But that service uses HTTP status codes to notify the result. I am not sure how I can access those status codes since I just receive an exception on client side while calling the service. Even the exception doesn't have HTTP status code property. It is just buried in the exception message itself. So the question is, how to check/access the HTTP status code of response when the service is called.

    Read the article

  • HttpWebRequest socket operation during WPF binding in a property getter

    - by wpfwannabe
    In a property getter of a C# class I am doing a HTTP GET using HttpWebRequest to some https address. WPF's property binding seems to choke on this. If I try to access the property in a simple method e.g. Button_Clicked, it works perfectly. If I use WPF binding to access the same property, the app seems to be blocked on a socket's recv() method indefinitely. Is it a no-no to do this sort of thing during binding? Is app in some special state during binding? Is there an easy way for me to overcome this limitation and still maintain the same basic idea?

    Read the article

  • Grails 1.2.1 with Spring 3.0.0 dependency problem under Jetty

    - by archer
    Just moved to Grails 1.2.1 (used 1.1.1 before). Changed application.properties, ran grails upgrade, fixed BuildConfig and Bootstrap - everything works just fine from grails console. However, getting a problem when deploy packaged war under jetty 6.1.22: 1581 [main] ERROR org.springframework.web.context.ContextLoader - Context initialization failed org.springframework.beans.factory.access.BootstrapException: Error executing bootstraps; nested exception is java.lang.NoSuchMethodError: org.codehaus.groovy.grails.commons.spring.ReloadAwareAutowireCapableBeanFactory.setParameterNameDiscoverer(Lorg/springframework/core/ParameterNameDiscoverer;)V My project is built with maven2. I researched the war dependencies and see that both spring 2.5.6 and 3.0.0.RELEASE are used there. I then tried to suppress use of spring 2.5.6 and got a problem with Acegi plugin (using version 0.5.1): 2010-03-10 21:06:56.440:WARN::Nested in org.springframework.beans.factory.access.BootstrapException: Error executing bootstraps; nested exception is java.lang.NoSuchMethodError: org.springframework.web.context.ConfigurableWebApplicationContext.setId(Ljava/lang/String;)V Any help would be greatly appreciated.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 442 443 444 445 446 447 448 449 450 451 452 453  | Next Page >