Search Results

Search found 12720 results on 509 pages for 'moss2007 security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 449/509 | < Previous Page | 445 446 447 448 449 450 451 452 453 454 455 456  | Next Page >

  • How can I access a parent DOM from an iframe on a different domain?

    - by Dexter
    I have a website and my domain is registered through Network Solutions. I'm using their Web Forwarding feature which allows me to "mask" my domain so that when a user visits http://lucasmccoy.com they are actually seeing http://lucasmccoy.comlu.com/ through an HTML frame. The advantages of this are that the address bar still shows http://lucasmccoy.com/. The disadvantages are that I cannot directly edit the HTML page in which the frame is owned. For example, I cannot change the page title or favicon. I have tried doing it like so: $(function() { parent.document.title = 'Lucas McCoy'; }); But of course this gives me a JavaScript error: Unsafe JavaScript attempt to access frame with URL http://lucasmccoy.com/ from frame with URL http://lucasmccoy.comlu.com/. Domains, protocols and ports must match. I looked at this question attempting to do the same thing except the OP has access to the other pages HTML whereas I do not. Is there anyway in JavaScript/jQuery to make a cross-domain request to the DOM when you don't have access to that domain? Or is this something browsers just will not let happen for security reasons.

    Read the article

  • Examples using Active Directory/LDAP groups for permissions \ roles in Rails App.

    - by Nick Gorbikoff
    Hello. I was wondering how other people implemented this scenario. I have an internal rails app ( inventory management, label printing, shipping,etc). I'm rewriting security on the system, cause the old way got to cumbersome to maintain ( users table, passwords, roles) - I used restful_authentication and roles. It was implemented about 3 years ago. I already implemented AuthLogic with ruby-ldap-net to authenticate users ( actually that was surprisingly easy, compared to how I struggled with other frameworks/languages before). Next step is roles. I already have groups defined in Active Directory - so I don't want to run a separate roles system in my rails app, I just want to reuse Active Directory groups - since that part of the system is already maintained for other purposes ( shared drives, backups, pc access, etc) So I was wondering if others had experience implementing permissions/roles in a rails app based on groups in Active Directory or LDAP. Also the roles requirements are pretty complex. Here is an example: For instance I have users that belong to the supervisors group in AD and to inventory dept, so I was that user to be able to run "advanced" tasks in invetory - adjust qty, run reports, however other "supervisors" from other departmanets, shouldn't be able to do this, also Top Management - should be able to use those reports (regardless weather they belong to the invetory or not), but not Middle Management, unless they are in inventory group. Admins of the system (Domain Admins) should have unrestricted access to the system , except for HR & Finances part unless they are in HR ( like you don't want all system admins (except for one authorized one) to see personal info of other employees). I looked at acl9, cancan, aegis. I was wondering if there are any advantaged/cons to using one versus the other for this particular use of system access based on AD. Suggest other systems if you had good experience. Thank you!!!

    Read the article

  • amount of data returned by wcf 3.0 service contract method causes error

    - by ferrell carr
    CommuncationException was unhandled The maximum message size quota for incoming messages (65536) has been exceeded. To increase the quota, use the MaxReceivedMessageSize property on the appropriate binding element. here is my svc.map file <?xml version="1.0" encoding="utf-8"?> <ServiceReference> <ProxyGenerationParameters ServiceReferenceUri="http://d3w9501/SimpleWCF/SimpleWCF.svc" Name="svc" NotifyPropertyChange="False" UseObservableCollection="False"> </ProxyGenerationParameters> <EndPoints> <EndPoint Address="http://d3w9501.americas.hpqcorp.net/SimpleWCF/SimpleWCF.svc" BindingConfiguration="BasicHttpBinding_ISimpleWCF" Contract="TestSimpleWCF.svc.ISimpleWCF" > </EndPoint> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_ISimpleWCF" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" > <security mode="None" /> </binding> </basicHttpBinding> </bindings> </EndPoints> </ServiceReference>

    Read the article

  • Windows 7 Create Folder in "Program Files" failing in C# code even thought I have admin rights!

    - by Shiva
    Hi, I am unable to create a file under "program files" folder on my Windows 7 64-bit machine in VS 2008 WPF C# code. The error I get on the following code myFile = File.Create(logFile); is the following. (this is the innerException stack trace). at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath) at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy) at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options) at System.IO.File.Create(String path) at MyFirm.MyPricingApp.UI.App.InitializeLogging() in C:\Projects\MyPricingApp\App.xaml.cs:line 150 at MyFirm.MyPricingApp.UI.App.Application_Startup(Object sender, StartupEventArgs e) in C:\Projects\MyPricingApp\App.xaml.cs:line 38 at System.Windows.Application.OnStartup(StartupEventArgs e) at System.Windows.Application.<.ctor>b__0(Object unused) at System.Windows.Threading.ExceptionWrapper.InternalRealCall(Delegate callback, Object args, Boolean isSingleParameter) at System.Windows.Threading.ExceptionWrapper.TryCatchWhen(Object source, Delegate callback, Object args, Boolean isSingleParameter, Delegate catchHandler) this seems like it has something to do with UAC in Windows 7, because why else would I get this since my user is already Admin on the machine ?! Also since the WinIOError has SECURITY_ATTRIBUTES, I am thinking this has something to do with a "new way" security is handled in Windows 7. I tried to browse to the "Program Files" folder, under which the log folder and file were to be created. I can create the folder by hand, but when i try to create the file, I get the similar "Access Denied" exception.

    Read the article

  • Intermittent bug - IE6 showing file as text in browser, rather than as file download

    - by Richard Ev
    In an ASP.NET WebForms 2.0 site we are encountering an intermittent bug in IE6 whereby a file download attempt results in the contents of the being shown directly in the browser as text, rather than the file save dialog being displayed. Our application allows the user to download both PDF and CSV files. The code we're using is: HttpResponse response = HttpContext.Current.Response; response.Clear(); response.AddHeader("Content-Disposition", "attachment;filename=\"theFilename.pdf\""); response.ContentType = "application/pdf"; response.BinaryWrite(MethodThatReturnsFileContents()); response.End(); This is called from the code-behind click event handler of a button server control. Where are we going wrong with this approach? Edit Following James' answer to this posting, the code I'm using now looks like this: HttpResponse response = HttpContext.Current.Response; response.ClearHeaders(); // Setting cache to NoCache was recommended, but doing so results in a security // warning in IE6 //response.Cache.SetCacheability(HttpCacheability.NoCache); response.AppendHeader("Content-Disposition", "attachment; filename=\"theFilename.pdf\""); response.ContentType = "application/pdf"; response.BinaryWrite(MethodThatReturnsFileContents()); response.Flush(); response.End(); However, I don't believe that any of the changes made will fix the issue.

    Read the article

  • XSS attack prevention

    - by Colby77
    Hi, I'm developing a web app where users can response to blog entries. This is a security problem because they can send dangerous data that will be rendered to other users (and executed by javascript). They can't format the text they send. No "bold", no colors, no nothing. Just simple text. I came up with this regex to solve my problem: [^\\w\\s.?!()] So anything that is not a word character (a-Z, A-Z, 0-9), not a whitespace, ".", "?", "!", "(" or ")" will be replaced with an empty string. Than every quatation mark will be replaced with: "&quot". I check the data on the front end and I check it on my server. Is there any way somebody could bypass this "solution"? I'm wondering how StackOverflow does this thing? There are a lot of formatting here so they must do a good work with it.

    Read the article

  • Handling form from different view and passing form validation through session in django

    - by Mo J. Mughrabi
    I have a requirement here to build a comment-like app in my django project, the app has a view to receive a submitted form process it and return the errors to where ever it came from. I finally managed to get it to work, but I have doubt for the way am using it might be wrong since am passing the entire validated form in the session. below is the code comment/templatetags/comment.py @register.inclusion_tag('comment/form.html', takes_context=True) def comment_form(context, model, object_id, next): """ comment_form() is responsible for rendering the comment form """ # clear sessions from variable incase it was found content_type = ContentType.objects.get_for_model(model) try: request = context['request'] if request.session.get('comment_form', False): form = CommentForm(request.session['comment_form']) form.fields['content_type'].initial = 15 form.fields['object_id'].initial = 2 form.fields['next'].initial = next else: form = CommentForm(initial={ 'content_type' : content_type.id, 'object_id' : object_id, 'next' : next }) except Exception as e: logging.error(str(e)) form = None return { 'form' : form } comment/view.py def save_comment(request): """ save_comment: """ if request.method == 'POST': # clear sessions from variable incase it was found if request.session.get('comment_form', False): del request.session['comment_form'] form = CommentForm(request.POST) if form.is_valid(): obj = form.save(commit=False) if request.user.is_authenticated(): obj.created_by = request.user obj.save() messages.info(request, _('Your comment has been posted.')) return redirect(form.data.get('next')) else: request.session['comment_form'] = request.POST return redirect(form.data.get('next')) else: raise Http404 the usage is by loading the template tag and firing {% comment_form article article.id article.get_absolute_url %} my doubt is if am doing the correct approach or not by passing the validated form to the session. Would that be a problem? security risk? performance issues? Please advise Update In response to Pol question. The reason why I went with this approach is because comment form is handled in a separate app. In my scenario, I render objects such as article and all I do is invoke the templatetag to render the form. What would be an alternative approach for my case? You also shared with me the django comment app, which am aware of but the client am working with requires a lot of complex work to be done in the comment app thats why am working on a new one.

    Read the article

  • How to get around DnsRecordListFree error in .NET Framework 4.0?

    - by Greg Finzer
    I am doing an MxRecordLookup. I am getting an error when calling the DnsRecordListFree in the .NET Framework 4.0. I am using Windows 7. How do I get around it? Here is the error: System.MethodAccessException: Attempt by security transparent method to call native code through method. Here is my code: [DllImport("dnsapi", EntryPoint = "DnsQuery_W", CharSet = CharSet.Unicode, SetLastError = true, ExactSpelling = true)] private static extern int DnsQuery([MarshalAs(UnmanagedType.VBByRefStr)]ref string pszName, QueryTypes wType, QueryOptions options, int aipServers, ref IntPtr ppQueryResults, int pReserved); [DllImport("dnsapi", CharSet = CharSet.Auto, SetLastError = true)] private static extern void DnsRecordListFree(IntPtr pRecordList, int FreeType); public List<string> GetMXRecords(string domain) { List<string> records = new List<string>(); IntPtr ptr1 = IntPtr.Zero; IntPtr ptr2 = IntPtr.Zero; MXRecord recMx; try { int result = DnsQuery(ref domain, QueryTypes.DNS_TYPE_MX, QueryOptions.DNS_QUERY_BYPASS_CACHE, 0, ref ptr1, 0); if (result != 0) { if (result == 9003) { //No Record Exists } else { //Some other error } } for (ptr2 = ptr1; !ptr2.Equals(IntPtr.Zero); ptr2 = recMx.pNext) { recMx = (MXRecord)Marshal.PtrToStructure(ptr2, typeof(MXRecord)); if (recMx.wType == 15) { records.Add(Marshal.PtrToStringAuto(recMx.pNameExchange)); } } } finally { DnsRecordListFree(ptr1, 0); } return records; }

    Read the article

  • Accessing MS Access database from C#

    - by Abilash
    I want to use MS Access as database for my C# windows form application.I have used OleDb driver for connecting MS Access. I am able to select the records from the MS Access using OleDbConnection and ExecuteReader.But I am un able to insert,update and delete records. My code is as follows: OleDbConnection con=new OleDbConnection(strCon); try { con.Open(); OleDbCommand com = new OleDbCommand("INSERT INTO DPMaster(DPID,DPName,ClientID,ClientName) VALUES('53','we','41','aw')", con); int a=com.ExecuteNonQuery(); //OleDbCommand com = new OleDbCommand("SELECT * FROM DPMaster", con); //OleDbDataReader dr = com.ExecuteReader(); //while (dr.Read()) //{ // MessageBox.Show(dr[2].ToString()); //} MessageBox.Show(a.ToString()); } catch { MessageBox.Show("cannot"); } If I execute the commented block the application works.But the insert block doesnt works.Why I am unable to insert/update/delete the records into database? My Connection String is as follows: string strCon="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=xyz.mdb;Persist Security Info=True";

    Read the article

  • How do I connect to SQL Server with VB?

    - by Wayne Werner
    Hi, I'm trying to connect to a SQL server from VB. The SQL server is across the network uses my windows login for authentication. I can access the server using the following python code: import odbc conn = odbc.odbc('SignInspection') c = conn.cursor() c.execute("SELECT * FROM list_domain") c.fetchone() This code works fine, returning the first result of the SELECT. However, I've been trying to use the SqlClient.SqlConnection in VB, and it fails to connect. I've tried several different connection strings but this is the current code: Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim conn As New SqlClient.SqlConnection conn.ConnectionString = "data source=signinspection;initial catalog=signinspection;integrated security=SSPI" Try conn.Open() MessageBox.Show("Sweet Success") 'Insert some code here, woo Catch ex As Exception MessageBox.Show("Failed to connect to data source.") MessageBox.Show(ex.ToString()) Finally conn.Close() End Try End Sub It fails miserably, and it gives me an error that says "A network-related or instance-specific error occurred... (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) I'm fairly certain it's my connection string, but nothing I've found has given me any solid examples (server=mySQLServer is not a solid example) of what I need to use. Thanks! -Wayne

    Read the article

  • Cloning input type file and set the value

    - by jribeiro
    I know that it isn't possible to set the value of an input type="file" for security reasons... My problem is: I needed to style an input type="file" so what I did was have a button and hide the file input. like: <a href="#" onclick="$('input[name=&quot;photo1&quot;]').click(); return false;" id="photo1-link"></a> <input type="file" name="photo1" class="fileInput jqtranformdone validate[required]" id="photo1" /> These works great in all browsers except IE which gives me an access denied error on submitting through ajax. I'm using the ajaxSubmit jquery plugin (malsup.com/jquery/form/) So after reading for a while I tried to do: var photo1Val = $('#photo1').val(); var clone1 = $('#photo1').clone().val(photo1Val); $('#photo1').remove(); clone1.appendTo('form'); console.log(photo1Val) //prints the right value C:/fakepath/blablabla.jpg $('form').ajaxSubmit(options); The problem is that after this the value of $('#photo1') is empty... Any ideas how to work around this? Thanks

    Read the article

  • Bookmarklet, js injection and popup issue

    - by Neewok
    I'm currently writing a bookmarklet that loads and executes a remote js file by appending a new <script> tag in the current window, like so : javascript:(function() { if(typeof __bml_main != "undefined") return __bml_main.init(); var s= document.createElement('script'); s.type= 'text/javascript'; s.src= 'http://127.0.0.1:8000/media/bookmarklet.js'; void(document.body.appendChild(s)); })(); My bookmarklet needs to perform some dom manipulations in order to extract data from the page being viewed, and then to open a new popup to list them. The thing is : if I want to bypass pop-up blockers, I can't open my new window from the injected script. I need to open it right from the beginning in the bookmarklet code, and to access it later when needed. I've tried to do somehting like this : javascript:var my_popup = window.open('http://127.0.0.1:8000/resources/manage/new/', 'newResourcePopup',config='height=200,width=400,toolbar=no,menubar=no,scrollbars=no,resizable=no,location=no,directories=no,status=no'); (function() { // script injection (...) })(); but if I then try to access my_popup from my remotely loaded script, most browsers will throw a security warning and won't let me access the Window object. This is understandable since the script is not from the same domain than the displayed page, but I'm kind of stuck... A solution would be to use a div overlay, but I'd really prefer to open a window in this case. Any hints ?

    Read the article

  • connecting to secure database from website host

    - by jim
    Hello all, I've got a requirement to both read and write data via a .net webservice to a sqlserver database that's on a private network. this database is currently accessed via a vpn connection by remote client software (on standard desktop machines) to get latest product prices and to upload product stock sales. I've been tasked with finding a way to centralise this access from a webservice that the clients then access, rather than them using the vpn route to connect directly to the database. My question is related to my .net service's relationship to the sqlserver database. What are the options for connecting to a private network vpn from a domain host in order to achive the functionality of allowing the webservice to both read and write data to the database. For now, I'm not too concerned about the client connectivity and security (tho i appreciate that this will have to be worked out too), I'm really just interested in discovering the options available in order to allow my .net webservice to connect to the private network in as painless and transparent a way as posible. The option of switching the database onto public hosting is not an option, so I have to work with the sdcenario as described above for now, unless there's a compelling rationale presented to do otherwise. thanks all... jim

    Read the article

  • routing mvc on the web

    - by generic_noob
    Hi, I was wondering if anyone could possibly provide me some advice on how i could improve the routing (and/or architecture) to each 'section' of my application. (I'm writing in PHP5, and trying to use strict MVC) Basically, I have a generic index page for the app, and that will spew out boilerplate stuff like jquery and the css etc. and it also generates the main navidation for the entire site, but i'm unsure about the best approach to connect the 'main menu' items(hyperlinks) with their associated controllers. Up until now I have been appending strings into the url and using a 'switch' statement to branch to the correct controller(and view) by extracting the strings back out of '$GET[]' to let it execute the code for the corrosponding action. for instance if i had a basic crud system for customer data, the url to edit a customers details would look like 'www.example.com/index.php?page=customer&action=edit&id=4'. I'm worried that there is a security concern by doing it this way, and i'm not sure of an alternative to branch the main 'index.php' file to the correct controller for each action once the user has clicked the link. Would it be better to use mod_rewrite to disguise the controllers names? or to create a similar system to the ASP MVC framework, where there is a seperate routing system where each url is filtered to get the associated controller? Cheers!

    Read the article

  • Is there any other way of using signed applets

    - by 640KB
    Hi There, If I want to deploy high privileged applets they need to be signed. For that a certificate is created and then a jar file is signed with a jarsigner. After that in the HTML code one has to specify code,codebase AND archive (jar) which we signed before. However I wrote a servlet which acts as two things: it sits at the URL pointed by the codebase and serves class bytecode to the applet. The same servlet also uses serialization to communicate with the applet whereby whenever the applet gets a class it does not know it goes to the codebase which ends up back at the servlet. Almost like a mini RMI setup but simpler. I hope you can see the power in this. Unfortunately for signed applets one needs the archive. Now the servlet is also able to load a Certificate object and can send it to the applet too. So here is the setup: At one point the applet receives class bytecode and it also has the Certificate. It would be nice if the applet could instantiate all received classes using that certificate (otherwise code from jar is signed and outside is not which prompts nasty messages to the user). So my question to you fine Java aficionados: Would there by any way for me to use the bytecode data and the Certificate to instantiate the class as a signed object so that the plugin pops the Security dialog, accepts teh certificate and elevates the object's privileges. What I could find is that the there is a class CodeSource that accepts codebase URL and certificate and is essential to the signing process. What I am not sure is how one could intercept the class loading inside applets to install additional certificates not obtained through a JAR file via archive. What do you say? Thanks a bunch.

    Read the article

  • Do all the HTML5 storage systems work together ?

    - by azera
    While there are a lot of good stuff about html5, one thing I don't get is the redondant storage mechanism, first there is localstorage and sessionstorage, which are key value stores, one is for one instance of the app ("one tab"), and the other works for all the instances of that application so they can share data. Both are saved when you close your browser and have a limited size (usually 5MB), that's great and everything would be nice if we stopped there. But then there is the "Web SQL Database", which has the same security system as the localstorage, the same size limit, the same everything except it works like/is sqlite, with tables and sql syntax and all of that. And the bummer is, they don't work on the same data at all ! This is not two way to access your data, this is really two storage for every html 5 app out there (not created by default yes, but still you see my point). What I would like to know is, is there a reason for both of this mechanisms to exist at the same time ? Or did they just look at sql and nosql movement to pick the best then went "screw it let's add both !" ? Why not implement local/session storage as a table inside web sql db ?

    Read the article

  • htmlspecialchars() - How and when to use and avoid multiple use

    - by naescent
    Hi, I'm building a PHP intranet for my boss. A simple customer, order, quote system. It will be denied access from the Internet and only used by 3 people. I'm not so concerned with security as I am with validation. Javascript is disables on all machines. The problem I have is this: Employee enters valid data into a form containing any of the following :;[]"' etc. Form $_POSTS this data to a validationAndProcessing.php page, and determines whether the employee entered data or not in to the fields. If they didn't they are redirected back to the data input page and the field they missed out is highlighted in red. htmlspecialchars() is applied to all data being re-populated to the form from what they entered earlier. Form is then resubmitted to validationAndProcessing.php page, if successful data is entered into the database and employee is taken to display data page. My question is this: If an employee repeatedly enters no data in step 1, they will keep moving between step 1 and 4 each time having htmlspecialchars() applied to the data. So that:- & becomes:- &amp; becomes:- &amp;amp; becomes:- &amp;amp;amp; etc.. How can I stop htmlspecialchars() being applied multiple times to data that is already cleaned? Thanks, Adam

    Read the article

  • How to decrypt a string encrypted with HMACSHA1?

    - by Bob
    I'm an encryption novice trying to pass some values back and forth between systems. I can encrypt the value, but can't seem to figure out how to decrypt on the other end. I've created a simple Windows Forms application using VB.NET. Trying to input a value and a key, encrypt and then decrypt to get the original value. Here's my code so far. Any help greatly appreciated. Thanks. Imports System Imports System.IO Imports System.Security.Cryptography Imports System.Text Public Class Form1 Private Sub btnEncode_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnEncode.Click Dim hmacsha1 As New HMACSHA1(Encoding.ASCII.GetBytes(txtKey.Text)) Dim hashValue As Byte() = hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(txtValue.Text)) txtResult.Text = BytesToHexString(hashValue) hmacsha1.Clear() End Sub Private Sub btnDecode_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnDecode.Click '??? End Sub Private Function BytesToHexString(ByVal bytes As Byte()) As String Dim output As String = String.Empty Dim i As Integer = 0 Do While i < bytes.Length output += bytes(i).ToString("X2") i += 1 Loop Return output End Function End Class

    Read the article

  • Problem adding a behaviors element to my WCF client config

    - by SteveChadbourne
    I'm trying to add a behaviors element to my client config file so I can specify maxItemsInObjectGraph. The error I get is: The element 'system.serviceModel' has invalid child element 'behaviors'. List of possible elements expected: 'bindings, client, extensions'. Here is my config: <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_KernService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"> <security mode="None" /> </binding> </basicHttpBinding> </bindings> <behaviors> <endpointBehaviors> <behavior name="ServiceViewEventBehavior"> <dataContractSerializer maxItemsInObjectGraph="2147483647"/> </behavior> </endpointBehaviors> </behaviors> <client> <endpoint address="http://localhost/KernMobile.WCF/KernService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_KernService" contract="KernWcfService.KernService" name="BasicHttpBinding_KernService" behaviorConfiguration="ServiceViewEventBehavior" /> </client> </system.serviceModel> </configuration> It's also complaining about the behaviorConfiguration attribute in the endpoint element. Any ideas? .Net 4.0 BTW.

    Read the article

  • How to implement a 'safe' periodical executer without using the Rails helpers?

    - by Robbie
    I am very new to Ruby on Rails and was never really big on writing JavaScript, so the built in helpers were like a tiny silce of heaven. However I have recently learned that using the helper methods creates "obtrusive javascript" so I am doing a tiny bit of refactoring to get all this messy code out of my view. I'm also using the Prototype API to figure out what all these functions do. Right now, I have: <%= periodically_call_remote(:url => {:action => "tablerefresh", :id => 1 }, :frequency => '5', :complete => "load('26', 'table1', request.responseText)")%> Which produces: <script type="text/javascript"> //<![CDATA[ new PeriodicalExecuter(function() {new Ajax.Request('/qrpsdrail/grids/tablerefresh/1', {asynchronous:true, evalScripts:true, onComplete:function(request){load('26', 'table1', request.responseText)}, parameters:'authenticity_token=' + encodeURIComponent('dfG7wWyVYEpelfdZvBWk7MlhzZoK7VvtT/HDi3w7gPM=')})}, 5) //]]> </script> My concern is that the "encodeURIComponent" and the presence of "authenticity_token" are generated by Rails. I'm assuming these are used to assure the validity of a request. (Ensuring a request comes from a currently active session?) If that is the case, how can I implement this in application.js 'safely'? It seems that the built in method, although obtrusive, does add some beneficial security. Thanks, in advance, to all who answer.

    Read the article

  • VirtualBox limits size of .js file, that can be included from guest additions folder?

    - by c69
    This question might belong to SuperUser, but i'll try to ask it here anyway, because i believe, some web developers might encountered this weird behavior. When testing a site for IE8/winXP compatibility on VirtualBox i run into weird issue of $ is undefined, which is caused by jQuery (and jQuery UI) being not included, when referenced by relative path, which resolves to file:/// url. Seemingly because their size was too big (above 200KB). Simply replacing links to those 2 big files to http:// ones solved the issue for me. But here is the question: why did this happen ? is it a misconfiguration ? a bug ? a known design decision ? Details: VirtualBox 4.1.8 host os: win7 64bit, guest os: xp sp3 32 bit guest additions installed, page was launched from VB shared folder the bug was manifesting itself in all browsers (even in opera, which ignores ie security settings, afaik) ie configuration is default script was included like this: <script type="text/javascript" src="js/libs/jquery/jquery-1.7.2.js"> exact size limit was not deducted.

    Read the article

  • Flex/Actionscript image display problem.

    - by IanH
    I'm trying to extend the Image class but hit a problem that I can't get past. I have a private image (img) that loads an image and a function that takes that image and copies it onto the parent. The debug function "copyit2" displays the image fine (so I know it's loaded OK). But the function "copyit" doesn't work - it just displays a white rectangle. I can't see how to make copyit work so that the original image is copied to the BitmapData and then subsequenty copied onto the parent? (The idea is to do some processing on the Bitmap data before it is displayed, although this isn't shown here to keep the example simple.) I suspect it is something to do with the security of loading images, but I'm loading it from the same server as the application is run from - so this shouldn't be a problem? Thanks for any help anyone can provide. Ian package zoomapackage { import flash.display.Bitmap; import flash.display.BitmapData; import flash.display.Sprite; import flash.events.MouseEvent; import flash.geom.Matrix; import flash.geom.Point; import flash.geom.Rectangle; import flash.net.*; import mx.controls.Image; import mx.events.FlexEvent; public dynamic class Zooma extends Image { private var img:Image; public function copyit():void { var imgObj:BitmapData = new BitmapData(img.content.width, img.content.height, false); imgObj.draw(img); var matrix:Matrix = new Matrix(); this.graphics.beginBitmapFill(imgObj, matrix, false,true); this.graphics.drawRect(0, 0, this.width , this.height); this.graphics.endFill(); } public function copyit2():void { this.source = img.source; } public function Zooma() { super(); img = new Image(); img.load("http://localhost/Koala.jpg"); } } }

    Read the article

  • Can't decrypt after encrypting with blowfish Java

    - by user2030599
    Hello i'm new to Java and i have the following problem: i'm trying to encrypt the password of a user using the blowfish algorithm, but when i try to decrypt it back to check the authentication it fails to decrypt it for some reason. public static String encryptBlowFish(String to_encrypt, String salt){ String dbpassword = null; try{ SecretKeySpec skeySpec = new SecretKeySpec( salt.getBytes(), "Blowfish" ); // Instantiate the cipher. Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); //byte[] encrypted = cipher.doFinal( URLEncoder.encode(data).getBytes() ); byte[] encrypted = cipher.doFinal( to_encrypt.getBytes() ); dbpassword = new String(encrypted); } catch (Exception e) { System.out.println("Exception while encrypting"); e.printStackTrace(); dbpassword = null; } finally { return dbpassword; } } public static String decryptBlowFish(String to_decrypt, String salt){ String dbpassword = null; try{ SecretKeySpec skeySpec = new SecretKeySpec( salt.getBytes(), "Blowfish" ); // Instantiate the cipher. Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, skeySpec); //byte[] encrypted = cipher.doFinal( URLEncoder.encode(data).getBytes() ); byte[] encrypted = cipher.doFinal( to_decrypt.getBytes() ); dbpassword = new String(encrypted); } catch (Exception e) { System.out.println("Exception while decrypting"); e.printStackTrace(); dbpassword = null; } finally { return dbpassword; } } When i call the decrypt function it gives me the following error: java.security.InvalidKeyException: Parameters missing Any ideas? Thank you

    Read the article

  • webclient download problem!!!

    - by user472018
    Hello all, if this problem was discussed before,sorry for asking again.. I want to download an image from an url with using System.Net.WebClient class. When i try to download an image (ie. google logo).it does not occur any errors,but some images are occurring errors.I dont understand why this errors. how can i fix this problem? my Code is: WebClient client = new WebClient(); try { //Downloads the file from the given url to the given destination client.DownloadFile(urltxt.Text, filetxt.Text); return true; } catch (WebException w) { MessageBox.Show(w.ToString()); return false; } catch (System.Security.SecurityException) { MessageBox.Show("securityexeption"); return false; } catch (Exception) { MessageBox.Show("exception"); return false; } Errors are: System.Net.WebException:The underlying connection was closed:An unexpected error occurred on a recieve.--System.IO.IOException:Unable to read data from the transport connection:An existing connection was forcibly closed by the remote host.--System.Net.Sockets.SocketException:An existing connection was forcibly closed by the remote host...bla bla Thanks for your help.

    Read the article

  • P/Invoke declarations should not be safe-critical

    - by Bobrovsky
    My code imports following native methods: DeleteObject, GetFontData and SelectObject from gdi32.dll GetDC and ReleaseDC from user32.dll I want to run the code in full trust and medium trust environments (I am fine with exceptions being thrown when these imported methods are indirectly used in medium trust environments). When I run Code Analysis on the code I get warnings like: CA5122 P/Invoke declarations should not be safe-critical. P/Invoke method 'GdiFont.DeleteObject(IntPtr)' is marked safe-critical. Since P/Invokes may only be called by critical code, this declaration should either be marked as security critical, or have its annotation removed entirely to avoid being misleading. Could someone explain me (in layman terms) what does this warning really mean? I tried putting these imports in static SafeNativeMethods class as internal static methods but this doesn't make the warnings go away. I didn't try to put them in NativeMethods because after reading this article I am unsure that it's the right way to go because I don't want my code to be completely unusable in medium trust environments (I think this will be the consequence of moving imports to NativeMethods). Honestly, I am pretty much confused about the real meaning of the warning and consequences of different options to suppressing it. Could someone shed some light on all this? EDIT: My code target .NET 2.0 framework. Assembly is marked with [assembly: AllowPartiallyTrustedCallers] Methods are declared like this: [DllImport("gdi32")] internal static extern int DeleteObject(HANDLE hObject);

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 445 446 447 448 449 450 451 452 453 454 455 456  | Next Page >