Search Results

Search found 17646 results on 706 pages for 'security warning'.

Page 46/706 | < Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >

  • Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data

    - by joebeazelman
    I created an assembly containing WCF service code and dropped into another web project. When I try to invoke a service method, I get the following inner exception: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Why this is happening? My newly created assembly lives inside the ASP.NET /bin folder along with other assemblies. At this level, should the database not know or care whether it is being called from a web service or from a normal call? How would it know that my assembly is foreign? How do I resolve this issue?

    Read the article

  • Best way for a remote web app to authenticate users in my current web app?

    - by jklp
    So a bit of background, I'm working on an existing web application which has a set of users, who are able to log in via a traditional login screen with a user name and password, etc. Recently we've managed to score a client (who have their own Intranet site), who are wanting to be able to have their users log into their Intranet site, and then have their users click a link on their Intranet which redirects to our application and logs them into it automatically. I've had two suggestions on how to implement this so far: Create a URL which takes 2 parameters (which are "username" and "password") and have the Intranet site pass those parameters to us (our connection is via TLS so it's all encrypted). This would work fine, but it seems a little "hacky", and also means that the logins and passwords have to be the same on both systems (and having to write some kind of web service which can update the passwords for users - which also seems a bit insecure) Provide a token to the Intranet, so when the client clicks on a link on the Intranet, it sends the token to us, along with the user name (and no password) which means they're authenticated. Again, this sounds a bit hacky as isn't that essentially the same as providing everyone with the same password to log in? So to summarise, I'm after the following things: A way for the users who are already authenticated on the Intranet to log into our system without too much messing around, and without using an external system to authenticate, i.e. LDAP / Kerberos Something which isn't too specific to this client, and can easily be implemented by other Intranets to log in

    Read the article

  • How do you override the WCF AuthenticationService IsLoggedIn() method?

    - by Ryan Riley
    I have three current thoughts on how to do this: re-implement AuthenticationService, which uses lots of internal constructors and internal helpers, implement custom IIdentity and IPrincipal types and somehow hook these into FormsAuthentication. give up and roll my own. The problem is that we've got web apps and fat client apps using authentication and storing cookies. However, logging out of a web app does not log out of a fat client app, and we have now way of forcing a refreshed cookie, atm.

    Read the article

  • Compiler warning "not found in protocol(s)" when using [[[UIApplication sharedApplication] delegate]

    - by DK Crame
    I have myClass instantiated by my appDelegate, I have another class, newClass instantiated by myClass. From the newClass instance, I want to access a property in the myClass instance that created it. I have done this by: [[[UIApplication sharedApplication].delegate myClass] property] This works, I can actually get the property but I get this warning from Xcode: warning: "-myClass" not found in protocols warning: no "-myClass" method found (messages without a matching signature will be assumed to return "id" and accept "..." as arguments) The newClass property has been correctly declared in the .h and .m files, it's properties have been set and it has been synthesized. It compiles and runs and I can actually get the property's value. Should I ignore the warning in Xcode? Is there a better way to access the myClass instance's property?

    Read the article

  • How to authenticate WCF calls using forms authentication and secutity

    - by Fixer
    I'm planning a set up for a distributed application that spans serveral machines and will use WCF to send data in between. Machine A Front end website http://www.site.com Password protected site using Forms Authentication Machine B WCF Application Service http://service1.site.com/DoSomething.svc Machine C WCF Application Service http://service2.site.com/DoSomething.svc The WCF services on Machine B and Machine C should check that the request from Machine A has been authenticated. How can i check that the request is authenticated across the different machines? I only care that the request is authenticated and not concerned about securing the message body (because we are not sending any sensitive data across the wire), so SSL is not required. What authentication methods can i use for the above scenario?

    Read the article

  • How can I throttle user login attempts in PHP

    - by jasondavis
    I was just reading this post http://stackoverflow.com/questions/549/the-definitive-guide-to-website-authentication-beta#477585 on Preventing Rapid-Fire Login Attempts. Best practice #1: A short time delay that increases with the number of failed attempts, like: 1 failed attempt = no delay 2 failed attempts = 2 sec delay 3 failed attempts = 4 sec delay 4 failed attempts = 8 sec delay 5 failed attempts = 16 sec delay etc. DoS attacking this scheme would be very impractical, but on the other hand, potentially devastating, since the delay increases exponentially. I am curious how I could implement something like this for my login system in PHP?

    Read the article

  • Using JavaScript eval to parse JSON

    - by Quandary
    Question: I'm using eval to parse a JSON return value from one of my WebMethods. I prefer not to add jquery-json because the transfer volume is already quite large. So I parse the JSON return value with eval. Now rumors go that this is insecure. Why ? Nobody can modify the JSOn return value unless they hack my server, in which case I would have a much larger problem anyway. And if they do it locally, JavaScript only executes in their browser. So I fail to see where the problem is. Can anybody shed some light on this, using this concrete example? function OnWebMethodSucceeded(JSONstrWebMethodReturnValue) { var result=eval('(' + JSONstrWebMethodReturnValue + ')') ... // Adding result.xy to a table }

    Read the article

  • question regarding the warning that comes everywhere

    - by user177893
    Hi, Would you be able to help to delete the warning discussed below ? I have one file example.h In that I declared static const NSString *variable = @"cool"; Now, I have another file multiple.m. In this file I have a function Bool var2 = [object methodname:variable]; It means, I passed variable as parameter for this function, but I got warning like this: variable is defined but not used So,how to remove this warning? please help me

    Read the article

  • What are best practices for securing the admin section of a website?

    - by UpTheCreek
    I'd like to know what people consider best practice for securing the Admin sections of websites, specifically from an authentication/access point of view. Of course there are obvious things, such as using SSL and logging all access, but I'm wondering just where above these basic steps people consider the bar to be set. For example: Are you just relying on the same authentication mechanism that you use for normal users? If not, what? Are you running the Admin section in the same 'application domain'? What steps do you take to make the admin section undiscovered? (or do you reject the while 'obscurity' thing)

    Read the article

  • How secure is a PostgreSQL database if my server is stolen?

    - by orokusaki
    If I have a server with a database if top secret data in PostgreSQL and my password is practically impossible to crack (128 character string of all sorts of weird chars, generated by hand). The server password is also uncrackable in theory (basically, ignore the possibility of a password crack on the DB). Aside from a password crack, how easy is it to get the data out of this database? Assumptions: Only the DB exists on the server. There is no password in a PHP script or anything like that The person who has the server is a computer / DB / hard-drive recovery expert I'm not using any hard-drive encryption or anything out of the norm for protection I'm trying to understand the risks involved with somebody gaining physical access to my server's hard-drives.

    Read the article

  • Web Application Scanner

    - by rajesh
    I want to develop a Web applications to collect or exchange sensitive or personal data, this system would give user a detailed automated report on : • How secure user's website is? • How easily it can be hacked? • Where exactly is the problem and • What are the remedies? Any suggestions????

    Read the article

  • Warning in gdb,while run application in device mode

    - by dragon
    Warning in gdb, while run application in device mode... The warning message is warning: UUID mismatch detected with the loaded library - on disk is: /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.1.2.sdk/System/Library/PrivateFrameworks/MBX2D.framework/MBX2D =uuid-mismatch-with-loaded-file,file="/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.1.2.sdk/System/Library/PrivateFrameworks/MBX2D.framework/MBX2D" warning: UUID mismatch detected with the loaded library - on disk is: /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.1.2.sdk/usr/lib/libxml2.2.dylib =uuid-mismatch-with-loaded-file,file="/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS3.1.2.sdk/usr/lib/libxml2.2.dylib" The application not loaded in ipod ? the blackscreen shown for long time ... How can i fix this ? can any one help me? Thanks in advance.....

    Read the article

  • Where is this backward_warning.h #warning coming from?

    - by Piku
    Without looking through every single source file in my XCode project, is there a way to find out which #include is triggering the following warning? #warning This file includes at least one deprecated or antiquated header. Please consider using one of the 32 headers found in section 17.4.1.2 of the C++ standard. Examples include substituting the <X> header for the <X.h> header for C++ includes, or <iostream> instead of the deprecated header <iostream.h>. To disable this warning use -Wno-deprecated. Clicking on the error in XCode just opens the backward_warning.h file, which is totally useless. I know what the warning means, I know how to fix it (when I see the file in question and can look at its #includes)... but I just don't know how to find the file causing the error!

    Read the article

  • PHP Warning when using include_once()

    - by Ajith
    When i try to include a file using include_once in php which shows warning like Warning: include_once(1) [function.include-once]: failed to open stream: No such file or directory in /var/www/test/content_box.php on line 2.Actually file is there in my directory.I am using ubuntu (OS) How can we prevent this warning.If anybody know please help me

    Read the article

  • Warning: newtype `CInt' is used in an FFI declaration,

    - by vivian
    When building gtk2hs-buildtools with ghc 7.4.2, I get the following warning: c2hs/toplevel/C2HSConfig.hs:110:1: Warning: newtype `CInt' is used in an FFI declaration, but its constructor is not in scope. This will become an error in GHC 7.6.1. When checking declaration: foreign import ccall safe "static bitfield_direction" bitfield_direction :: CInt I get similar warnings with FFI calls, even though I have import Foreign.C.Types(CInt). What is the correct way of getting rid of this warning?

    Read the article

  • HMAC URLs instead of login?

    - by Tres
    In implementing my site (a Rails site if it makes any difference), one of my design priorities is to relieve the user of the need to create yet another username and password while still providing useful per-user functionality. The way I am planning to do this is: User enters information on the site. Information is associated with the user via server-side session. User completes entering information, server sends an access URL via e-mail to the user roughly in the form of: http://siteurl/<user identifier>/<signature: HMAC(secret + salt + user identifier)> User clicks URL, site looks up user ID and salt and computes the HMAC with the server-stored secret and authenticates if the computed HMAC and signature match. My question is: is this a reasonably secure way to accomplish what I'm looking to do? Are there common attacks that would render it useless? Is there a compelling reason to abandon my desire to avoid a username/password? Is there a must-read book or article on the subject? Note that I'm not dealing with credit card numbers or anything exceedingly private, but I would still like to keep the information reasonably secure.

    Read the article

  • Which are the best techniques to protect a 'homemade' framework from unlogged visitors?

    - by Hermet
    First of all, I would like to say that I have used the search box looking for a similar question unsuccessfully, maybe because of my poor english skills. The way I currently do this is checking in every single page that a session has been opened. If not, the user gets redirected to a 404 page, to seem like the file which has been requested doesn't exist. I really don't know if this is sure or there's a better and more safety way and I'm currently working with kind of confidential data that should never become public. Could you give me some tips? Or leave a link where I could find some? Thank you very much, and again excuse me for kicking the dictionary.

    Read the article

  • What's the best technique to protect my framework from visitors who are not logged in?

    - by Hermet
    First of all, I would like to say that I have used the search box looking for a similar question and was unsuccessful, maybe because of my poor english skills. I have a a 'homemade' framework. I have certain PHP files that must only be visible for the admin. The way I currently do this is check within every single page to see if a session has been opened. If not, the user gets redirected to a 404 page, to seem like the file which has been requested doesn't exist. I really don't know if this is guaranteed to work or if there's a better and more safe way because I'm currently working with kind of confidential data that should never become public. Could you give me some tips? Or leave a link where I could find some? Thank you very much, and again excuse me for kicking the dictionary. EDIT What I usually write in the top of each file is something like this <?php include("sesion.php"); $rs=comprueba(); //'check' if ($rs==1) { ?> And then, at the end <?php } ?> Is it such a butched job, isn't it? EDIT Let's say I have a customers list in a file named customers.php That file may be currently on http://www.mydomain.com/admin/customers.php and it must only be visible for the admin user. Once the admin user has been logged in, I create a session variable. That variable is what I check on the top of each page, and if it exists, the customers list is shown. If not, the user gets redirected to the 404 page. Thank you for your patience. I really appreciate.

    Read the article

  • Supressing inlining warning

    - by thetna
    I am getting inling warning such as : warning: inlining failed in call to ‘symbol_Arity’: call is unlikely and code size would grow To get rid of this i changed the makefile adding the -Winline to get rid of this. I don't get any inlining warning. But , i don't know how wise is it to do in respect of performance. Can anybody please suggest me about it?

    Read the article

  • "Implicit declaration" warning

    - by gcc
    For this code: int i=0; char **mainp; for(i=0;i<2;++i) { mainp[i]=malloc(sizeof(char)*200); if(!scanf("%[^#],#",mainp[i])) break; if(i<2) scanf("%[^#],#",mainp[i]); } GCC emits the warnings: warning: implicit declaration of function ‘scanf’ warning: incompatible implicit declaration of built-in function ‘scanf’ warning: ‘mainp’ may be used uninitialized in this function And I get a segmentation fault at runtime

    Read the article

< Previous Page | 42 43 44 45 46 47 48 49 50 51 52 53  | Next Page >