Search Results

Search found 14878 results on 596 pages for 'mod security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 460/596 | < Previous Page | 456 457 458 459 460 461 462 463 464 465 466 467  | Next Page >

  • Check ReturnUrl is valid before redirecting

    - by Josh
    I'm using ASP.NET Membership and Form Authentication and before redirecting to the returnURL I wanted to validate it. For those unfamiliar with the workflow, basically if you request a page that requires that you are authenticated, you are redirected to a login page. In the URL string you'll see a parameter called returnURL, e.g. http://example.com/login.aspx?ReturnUrl=%2fprotected%2fdefault.aspx Whether you use this in a redirect such as Response.Redirect(returnURL) or indirectly through the FormsAuthentication.RedirectFromLoginPage method, it passes without validating returnURL. FormsAuthentication.RedirectFromLoginPage does have a security check that it is isn't leaving the domain, but that still doesn't stop someone from putting enough random characters to cause an error. I tried using System.IO.File.Exists(Server.MapPath(returnURL)) but given enough illegal characters it cause Server.MapPath to error. Note: URLEncoding doesn't work because we are not cleaning a parameter, but the primary URL. Any other suggestions for validating or cleaning the returnURL value?

    Read the article

  • How to get Xvfb to work on 32 bit color

    - by Robus
    Can anybody tell me how to get Xvfb to work on 32bit color? Vnc4server works fine for example, but didn't fit my purpose. > /etc/X11# Xvfb :1 -screen 0 1600x1200x24 error opening security policy file /etc/X11/xserver/SecurityPolicy (EE) XKB: Couldn't open rules file /usr/share/X11/xkb/rules/base Could not init font path element /usr/share/fonts/X11/cyrillic, removing from list! [config/hal] couldn't initialise context: (null) ((null)) FreeFontPath: FPE "/usr/share/fonts/X11/misc" refcount is 2, should be 1; fixing. Aka - it works, while: > /etc/X11# Xvfb :1 -screen 0 1600x1200x32 Fatal server error: Couldn't add screen 0

    Read the article

  • Asp.net membership logout automatically

    - by alejandrobog
    Hi, I recently deploy an application that uses asp.net membership (SqlMembershipProvider) and I dont know why but it automatically log out after 1 minute of inactivity. This doesn´t happen on my development environment. I even set the userIsOnlineTimeWindow to 60 which is supposed to be in minutes. Any ideas why this is happening? Im deploying to a virtual directory on a shared hosting environment. Here is how I set up the membership provider <membership defaultProvider="FaceMoviesMembership" userIsOnlineTimeWindow="60"> <providers> <clear/> <add name="FaceMoviesMembership" type="System.Web.Security.SqlMembershipProvider" connectionStringName="FaceMoviesAuthConnectionString" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" maxInvalidPasswordAttempts="10" passwordAttemptWindow="60" requiresUniqueEmail="false" passwordFormat="Clear" applicationName="FaceMoviesWeb" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0"/> </providers>

    Read the article

  • Membership.GetUser() within TransactionScope throws TransactionAbortedException

    - by Bob Kaufman
    The following code throws a TransactionAbortedException with message "The transaction has aborted": using ( MyDataContext context = new MyDataContext() ) { using ( TransactionScope transactionScope = new TransactionScope() ) { Guid accountID = new Guid( Request.QueryString[ "aid" ] ); Account account = ( from a in context.Accounts where a.UniqueID.Equals( accountID ) select a ).SingleOrDefault(); IQueryable < My_Data_Access_Layer.Login > loginList = from l in context.Logins where l.AccountID == account.AccountID select l; foreach ( My_Data_Access_Layer.Login login in loginList ) { MembershipUser membershipUser = Membership.GetUser( login.UniqueID ); } } } The error occurs at the call to Membership.GetUser(). My Connection String is: <add name="MyConnectionString" connectionString="Data Source=localhost\SQLEXPRESS;Initial Catalog=MyDatabase;Integrated Security=True" providerName="System.Data.SqlClient" /> Everything I've read tells me that TransactionScope should just get magically applied to the Membership calls. The user exists (I'd expect a null return otherwise.)

    Read the article

  • XMPP TLS connection with SslStream

    - by Marcom
    I am trying to create a simple xmpp client that connects to Gtalk. The first part of the handshake seems to work. Ror the TLS handshake I created a client SslStream, connected to the intended server (talk.google.com) and successfully got authenticated . The first SSlStream.Read is to receive the greeting reply, it went fine . I do a SslStream.write to send my first command, but when i do my Sslstream.Read() to get the reply , i get this error."System.IO.IOException: Unable to read data from the transport connection: An established connection was aborted by the software in your host machine." Can anyone point me to the right direction? I am using code very similar to the example on msdn http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.aspx except that I switch from a Network stream to a Sslstream when TLS is negotiated. netStream.Flush(); sslStream = new SslStream(netStream, true, new RemoteCertificateValidationCallback(ValidateServerCertificate), null ); sslStream.AuthenticateAsClient("talk.google.com");

    Read the article

  • Recommendations for keeping a build server updated

    - by gareth_bowles
    As a guy who frequently switches between QA, build and operations, I keep running into the issue of what to do about operating system updates on the build server. The dichotomy is the same on Windows, Linux, MacOS or any other o/s that can update itself via the internet: The QA team wants to keep the build server exactly as it is from the beginning of the product release cycle to the end, since installing updates could destabilize the server and means that successive builds aren't made against the same baseline. The ops team wants the software to be deployed on a system with all the latest security patches; this can mean that the software isn't deployed on exactly the same version of the o/s that it was built on. I usually mitigate this by taking release candidate builds and installing them on a test server that has a completely up-to-date o/s, repeating the automated tests that are run on the build server and doing some additional system level testing to make sure everything looks good before deployment. However, this seems inefficient to me; does anyone have a better way ?

    Read the article

  • iPhone Shell - is there any?

    - by alee
    While working on iphone security architecture, i came to know that i can run applications from other applications in iphone. referring to the following url http://iphonedevelopertips.com/cocoa/launching-other-apps-within-an-iphone-application.html for example, i can put a link in a website with following hyperlink skype:// will result skype to run and call at particular number. Now i have few concerns here. is there a shell running in background in iphone, so that it allows other application to run basic app commands. if the above statement is true then how can i enable or run commands directly into iphone shell? if above statements are false, then could you please explain how these commands are being executed? is this part of iPhone SDK? or this funcationality is iPhone OS

    Read the article

  • iPhone Shell - is there any?

    - by alee
    While working on iphone security architecture, i came to know that i can run applications from other applications in iphone. referring to the following url http://iphonedevelopertips.com/cocoa/launching-other-apps-within-an-iphone-application.html for example, i can put a link in a website with following hyperlink skype:// will result skype to run and call at particular number. Now i have few concerns here. is there a shell running in background in iphone, so that it allows other application to run basic app commands. if the above statement is true then how can i enable or run commands directly into iphone shell? if above statements are false, then could you please explain how these commands are being executed? is this part of iPhone SDK? or this funcationality is iPhone OS

    Read the article

  • Best XPath tools

    - by Sayed Ibrahim Hashimi
    What tools are you guys using for XPath and why? Right now I'm using SketchPath because its totally awesome, but its a windows app that needs to be installed WhiteBeam online XPath test bedbecause you can test expressions from the website SketchPath seems to stand out the most to me because it actually helps you create the xpath and it is very advanced. If you haven't tried it you should. Cons to SketchPath: you have to install it on the machine, otherwise it is fantastic. Cons to WhiteBeam: you have to upload your file which I don't always want to do for security reasons and the file size you can upload has some limit on it, and uploading a file is annoying anyways. Also I think there might be some subtle differences between the xpath used for that tool and when running a .NET app. But don't remember any right now. Just keep it in mind.

    Read the article

  • Implementation of ECC in Java

    - by Rookie_22
    While trying to encrypt a given input using Elliptic Curve Cryptography in Java I'm using the following algorithms for generating the cipher and the key: KeyPairGenerator g = KeyPairGenerator.getInstance("ECDSA"); Cipher cipher = Cipher.getInstance("ECIES"); Now as expected, the cipher isn't accepting the keys generated by the ECDSA algorithm. I get the error as - must be passed IE key. I searched for the ciphers being supported by these 2 methods here: http://java.sun.com/javase/6/docs/technotes/guides/security/StandardNames.html#Cipher Unfortunately no else algo is supported for ECC. Has anyone used ECC generated keys to encrypt/decrypt an input? Which algo should I use for both so that they don't clash with each other?

    Read the article

  • ExceptionPolicy.HandleException does not install Event Source for Logging in Registry if XBAP run ou

    - by Neo
    I am using the Logging Application Block (of Microsoft Enterprise Library) to log exceptions in the Event Viewer that occur in my WPF XBAP application. If I run the XBAP in the debugger from Visual Studio, an Event Source entry for my application is automatically created in the Registry at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MyApp This occurs at the point ExceptionPolicy.HandleException() is called. However, if I run the XBAP outside of the IDE directly from the file system or from its published location, the Registry entry isn't added. Therefore, no logging takes place. I can only assume this is a security issue with running XBAP applications and they do not have access to write to the Registry. Is this a setting within my project? Any idea on why this might be happening? Any help much appreciated.

    Read the article

  • Get timestamp from Authenticode Signed files in .NET

    - by SlavaGu
    We need to verify that binary files are signed properly with digital signature (Authenticode). This can be achieved with signtool.exe pretty easily. However, we need an automatic way that also verifies signer name and timestamp. This is doable in native C++ with CryptQueryObject() API as shown in this wonderful sample: How To Get Information from Authenticode Signed Executables However we live in a managed world :) hence looking for C# solution to the same problem. Straight approach would be to pInvoke Crypt32.dll and all is done. But there is similar managed API in System.Security.Cryptography.X509Certificates Namespace. X509Certificate2 Class seems to provide some information but no timestamp. Now we came to the original question how can we get that timestamp of a digital signature in C Sharp?

    Read the article

  • Hide header and footer when printing from Internet Explorer using Javascript or CSS

    - by molasses
    When I print a webpage from Internet Explorer it will automatically add a header and footer including the website title, URL, date, and page number. Is it possible to hide the header and footer programatically using Javascript or CSS? Requirements: works in IE 6 (no other browser support necessary as its for an Intranet) may use ActiveX, Java Applet, Javascript, CSS preferably not something that the user needs to install (eg. http://www.meadroid.com/scriptx). feel free to list other third party available plug-ins though as I think this may be the only option don't require the user to manually update their browser settings don't render the pages as PDF or Word document or any other format don't write to the registry (security prevents this) Thanks

    Read the article

  • Cross-domain policy issues after redirect in Flash

    - by ggambett
    I'm having trouble with a cross-domain policy. I'm using the AS3 Loader to fetch an image; I'm making it load the policy file, like this : var pLoader : Loader = new Loader(); var pContext : LoaderContext = new LoaderContext(); pContext.checkPolicyFile = true; pLoader.load(new URLRequest(sURL), pContext); This works fine as long as the image is directly accessible; however, when the server sends a redirect, the loader follows it but loses the checkPolicyFile flag, resulting in a SecurityException - that is, it doesn't check the cross-domain policy of the redirected URL. I've found a solution here ( http://www.stevensacks.net/2008/12/23/solution-as3-security-error-2122-with-300-redirects ) but looks fragile (that is, looks like it will fail if there's more than one redirect). What would be the correct way of doing this?

    Read the article

  • Installing Java3D on Eclipse

    - by Matt
    I'm trying to use Java3D in my project. This is the error I receive: 29-Dec-2010 1:01:29 AM javax.media.j3d.NativePipeline getSupportedOglVendor SEVERE: java.lang.UnsatisfiedLinkError: no j3dcore-ogl-chk in java.library.path Exception in thread "main" java.lang.UnsatisfiedLinkError: no j3dcore-d3d in java.library.path at java.lang.ClassLoader.loadLibrary(Unknown Source) at java.lang.Runtime.loadLibrary0(Unknown Source) at java.lang.System.loadLibrary(Unknown Source) at javax.media.j3d.NativePipeline$1.run(NativePipeline.java:189) at java.security.AccessController.doPrivileged(Native Method) at javax.media.j3d.NativePipeline.loadLibrary(NativePipeline.java:180) at javax.media.j3d.NativePipeline.loadLibraries(NativePipeline.java:137) at javax.media.j3d.MasterControl.loadLibraries(MasterControl.java:948) at javax.media.j3d.VirtualUniverse.<clinit>(VirtualUniverse.java:280) at World.<init>(World.java:10) at Start.main(Start.java:12) I have copied the .jar files into my project's lib folder and linked them in Project - Properties - Add Jar File. There was also a .dll file in the Java3D download that I haven't touched or included in any way. What am I missing?

    Read the article

  • GetAllUsers - MVC

    - by Jemes
    I’m using the Membership Provider and would like to display a list of all the users and their First Name, Last Name etc using the GetAllUsers function. I'm having trouble understanding how to implement this function in MVC. Has anyone implemented this in MVC or is there an easier way to list all the users in my application? Any help or advise would be really helpful. Controller public ActionResult GetUsers() { var users = Membership.GetAllUsers(); return View(users); } View Model public class GetUsers { [Required] [DisplayName("User name")] public string UserName { get; set; } [Required] [DisplayName("User name")] public string FirstName { get; set; } } View <%= Html.Encode(item.UserName) %> Error The model item passed into the dictionary is of type 'System.Web.Security.MembershipUserCollection', but this dictionary requires a model item of type 'System.Collections.Generic.IEnumerable`1[Account.Models.GetUsers]'.

    Read the article

  • Middleware for MongoDB or CouchDB with jQuery Ajax/JSON frontend

    - by Tauren
    I've been using the following web development stack for a few years: java/spring/hibernate/mysql/jetty/wicket/jquery For certain requirements, I'm considering switching to a NoSQL datastore with an AJAX frontend. I would probably build the frontend with jQuery and communicate with the web application middleware using JSON. I'm leaning toward MongoDB because of more dynamic query capabilities, but am still considering CouchDB. I'm not sure what to use in the middle. Probably something RESTful? My preference is to stick with Java (or maybe Scala or Groovy) since I'm using tools like Drools for rules and Shiro for security. But then again, I want to pick something that is quick an easy to work with, so I'm open to other solutions. If you are building ajax/json/nosql solutions, I'd like to hear details about what tools you are using and any pros/cons you've found to using them. Thanks!

    Read the article

  • ASPNETDB and ASPSTATE database. How to change the connectionstrings?

    - by George
    I have two ASP-specific SQL Server databases 1) ASPState - To store session state 2) ASPNETDB - To store Security/Role stuff. In my web.config, I am specifying the connection string used to identify the location of the APState database: <sessionState mode="SQLServer" sqlConnectionString="server=(local)\sql2008b;uid=sa;pwd=iainttelling;" timeout="120"/> Where is the conenction string specified for the ASPNETDB database? I am trying to point it to a db on a remote server. I have a feeling it is somewhere in IIS orthe Machine Config. I'd like to add it to my WEB.CONFIG Could someone help me to do this?

    Read the article

  • generate only objectLayer of Entity Framework Model by edmgen tool

    - by loviji
    How to generate only objectLayer by edmgen tool, without generating csdl, ssdl and views ? *"%windir%\Microsoft.NET\Framework\v4.0.30319\edmgen.exe" /mode:fullgeneration /c:"Data Source=.\sqlexpress; Initial Catalog=uqs; Integrated Security=SSPI" /project:generateEntityModel /entitycontainer:uqsEntities /namespace:uqsModel /language:CSharp /outobjectlayer:"D:/uqsObjectLayer.cs" * in this script I don't write location to write csdl, ssdl and views , but they are generated in C:\Users\adminUser in windows Vista and objectLayer generated to D:/uqsObjectLayer.cs. If I use /mode:EntityClassGeneration, this option requires the /incsdl argument and either the /project argument or the /outobjectlayer argument. The /language argument is optional. But I don't want use csdl file. As I understand, edmgen.tool can not create objectlayer without csdl file. Now is there alternate way or tool for generating objectlayer from db?

    Read the article

  • Extending Code Igniter Model functions to external PHP Scripts

    - by Fábio Antunes
    Hello everybody. I'm doing a small web app, which uses CKeditor for user input, and CKfinder for file management (images/flash). Those who know CKFinder, also know that the config file for CKFinder as a function named CheckAuthentication() that returns false or true, giving or not permissions to use CKFinder. This is were a Custom PHP Code checks if the user as authorization to access CKFinder or not. Well for my app I'm using Code Igniter, and of course I've created a model were i handle everything about User Permissions, Loggin, Session Cookies, etc. And i also have a function witch its propose is just to check if the user is Logged in. So I would like to know if someone knows a way that i can call the function isLoggedIn() inside the model security from inside the function CheckAuthentication() in CKFinder config file. Thanks in advance.

    Read the article

  • Benefit for implementing OAuth

    - by zfranciscus
    Hi, I am just wondering from a webservice provider point of view what is the benefit of asking users to create an account or login using 3rd party web service provider e.g: Twitter or facebook. Wouldn't it be easier to ask the user to provide their twitter or facebook login and use that to pull the user's twitter or facebook data. I can understand the benefit of using From user point of view using OAuth provide security. It is safer to use OAuth than giving some one the internet our twitter or facebook login credential. But some how I can't figure out the benefit from the web service point of view. Thank you. Cheers

    Read the article

  • Expose url to webservice

    - by Patrick Peters
    In our project we want to query a document management system for a specific document or movie. The dms returns a URL with the document location (for example: http://mydomain.myserver1.share/mypdf.pdf or http://mydomain.myserver2.share/mymovie.avi). We want to expose the document to internet users and intranet users. The requested file can be large (large video files). Our architecture is like: request goes like: webapp1 - webapp2 - webapp3 - dms response goes like: dms - webapp3 - webapp2 - webapp1 webapp1 could be on the internet. I have have been thinking how we can obfusicate the real url from the dms, due to security issues. I have seen implementations from other webapps where the pdf URL was obfusicated by creating a temp file for the requested document that is specific for the session and user. So other users cannot easily guess the documentname of other users. My question: is there a pattern that deals with exposing company/user vulernable data to the public ? Our development is in C# 3.5.

    Read the article

  • Microsoft.Web.Administration.ServerManager can't read config sections containing encrypted passwords in applicationHost.config

    - by Dylan Beattie
    I have some sites in IIS7 that are configured to run as domain users (MYDOMAIN\someuser). I'm using the Microsoft.Web.Administration namespace to scan my server configuration, but it's throwing an exception when I hit one of these "impersonator" sites: using (ServerManager sm = new ServerManager()) { foreach (Site site in sm.Sites) { foreach (Application app in site.Applications.Reverse()) { foreach (VirtualDirectory vdir in app.VirtualDirectories.Reverse()) { var config = app.GetWebConfiguration(); foreach (var locationPath in config.GetLocationPaths()) { // error occurs in GetLocationPaths() } } } } } The actual error message is: COMException was unhandled Filename: \\?\C:\Windows\system32\inetsrv\config\applicationHost.config Line number: 279 Error: Failed to decrypt attribute 'password' because the keyset does not exist It appears that IIS is storing the MYDOMAIN\someuser password encrypted in applicationHost.config, which is great in terms of security - but I have no idea how to get the ServerManager to decrypt this. Any tips on how I can either allow ServerManager to decrypt this, or just tell IIS to store the passwords in plain text? This is on IIS7 under Windows 7 RC, by the way.

    Read the article

  • ClassNotFoundException error in implementing Bayesian algorithm in Apache Mahout on Hadoop

    - by Shweta
    Hi, I have a problem in executing the Bayesian algorithm in Mahout. I built it with Maven and the job file is in target directory. When run from terminal using hadoop, I'm getting the ClassNotFoundException error. What should be done? $HADOOP_HOME/bin/hadoop jar mahout-core-0.3-SNAPSHOT.job org.apache.mahout.classifier.bayes.mapreduce.bayes.bayesdriver -i test -o output Exception in thread "main" java.lang.ClassNotFoundException: org.apache.mahout.classifier.bayes.mapreduce.bayes.bayesdriver at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:247) at org.apache.hadoop.util.RunJar.main(RunJar.java:149)

    Read the article

  • rpm installation error

    - by JiminyCricket
    im trying to install an RPM compat-db-4.1.25-9 on oracle linux enterprise, since its required to install WebCenter...however the rpm installation is throwing a warning and then not working [root@devsebl downloads]# rpm -i compat-db-4.1.25-9.rpm warning: compat-db-4.1.25-9.rpm: Header V3 DSA signature: NOKEY, key ID 9b3c94f4 [root@devsebl downloads]# rpm -q compat-db-4.1.25-9.rpm package compat-db-4.1.25-9.rpm is not installed any idea what that warning means and why its crashing there? i tried to use Yum, but its not available i guess: [root@devsebl downloads]# yum search compat-db Loaded plugins: security Warning: No matches found for: compat-db No Matches found

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 456 457 458 459 460 461 462 463 464 465 466 467  | Next Page >