Search Results

Search found 13222 results on 529 pages for 'security gate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 470/529 | < Previous Page | 466 467 468 469 470 471 472 473 474 475 476 477  | Next Page >

  • routing mvc on the web

    - by generic_noob
    Hi, I was wondering if anyone could possibly provide me some advice on how i could improve the routing (and/or architecture) to each 'section' of my application. (I'm writing in PHP5, and trying to use strict MVC) Basically, I have a generic index page for the app, and that will spew out boilerplate stuff like jquery and the css etc. and it also generates the main navidation for the entire site, but i'm unsure about the best approach to connect the 'main menu' items(hyperlinks) with their associated controllers. Up until now I have been appending strings into the url and using a 'switch' statement to branch to the correct controller(and view) by extracting the strings back out of '$GET[]' to let it execute the code for the corrosponding action. for instance if i had a basic crud system for customer data, the url to edit a customers details would look like 'www.example.com/index.php?page=customer&action=edit&id=4'. I'm worried that there is a security concern by doing it this way, and i'm not sure of an alternative to branch the main 'index.php' file to the correct controller for each action once the user has clicked the link. Would it be better to use mod_rewrite to disguise the controllers names? or to create a similar system to the ASP MVC framework, where there is a seperate routing system where each url is filtered to get the associated controller? Cheers!

    Read the article

  • Accessing MS Access database from C#

    - by Abilash
    I want to use MS Access as database for my C# windows form application.I have used OleDb driver for connecting MS Access. I am able to select the records from the MS Access using OleDbConnection and ExecuteReader.But I am un able to insert,update and delete records. My code is as follows: OleDbConnection con=new OleDbConnection(strCon); try { con.Open(); OleDbCommand com = new OleDbCommand("INSERT INTO DPMaster(DPID,DPName,ClientID,ClientName) VALUES('53','we','41','aw')", con); int a=com.ExecuteNonQuery(); //OleDbCommand com = new OleDbCommand("SELECT * FROM DPMaster", con); //OleDbDataReader dr = com.ExecuteReader(); //while (dr.Read()) //{ // MessageBox.Show(dr[2].ToString()); //} MessageBox.Show(a.ToString()); } catch { MessageBox.Show("cannot"); } If I execute the commented block the application works.But the insert block doesnt works.Why I am unable to insert/update/delete the records into database? My Connection String is as follows: string strCon="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=xyz.mdb;Persist Security Info=True";

    Read the article

  • How do I connect to SQL Server with VB?

    - by Wayne Werner
    Hi, I'm trying to connect to a SQL server from VB. The SQL server is across the network uses my windows login for authentication. I can access the server using the following python code: import odbc conn = odbc.odbc('SignInspection') c = conn.cursor() c.execute("SELECT * FROM list_domain") c.fetchone() This code works fine, returning the first result of the SELECT. However, I've been trying to use the SqlClient.SqlConnection in VB, and it fails to connect. I've tried several different connection strings but this is the current code: Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim conn As New SqlClient.SqlConnection conn.ConnectionString = "data source=signinspection;initial catalog=signinspection;integrated security=SSPI" Try conn.Open() MessageBox.Show("Sweet Success") 'Insert some code here, woo Catch ex As Exception MessageBox.Show("Failed to connect to data source.") MessageBox.Show(ex.ToString()) Finally conn.Close() End Try End Sub It fails miserably, and it gives me an error that says "A network-related or instance-specific error occurred... (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) I'm fairly certain it's my connection string, but nothing I've found has given me any solid examples (server=mySQLServer is not a solid example) of what I need to use. Thanks! -Wayne

    Read the article

  • Is there any other way of using signed applets

    - by 640KB
    Hi There, If I want to deploy high privileged applets they need to be signed. For that a certificate is created and then a jar file is signed with a jarsigner. After that in the HTML code one has to specify code,codebase AND archive (jar) which we signed before. However I wrote a servlet which acts as two things: it sits at the URL pointed by the codebase and serves class bytecode to the applet. The same servlet also uses serialization to communicate with the applet whereby whenever the applet gets a class it does not know it goes to the codebase which ends up back at the servlet. Almost like a mini RMI setup but simpler. I hope you can see the power in this. Unfortunately for signed applets one needs the archive. Now the servlet is also able to load a Certificate object and can send it to the applet too. So here is the setup: At one point the applet receives class bytecode and it also has the Certificate. It would be nice if the applet could instantiate all received classes using that certificate (otherwise code from jar is signed and outside is not which prompts nasty messages to the user). So my question to you fine Java aficionados: Would there by any way for me to use the bytecode data and the Certificate to instantiate the class as a signed object so that the plugin pops the Security dialog, accepts teh certificate and elevates the object's privileges. What I could find is that the there is a class CodeSource that accepts codebase URL and certificate and is essential to the signing process. What I am not sure is how one could intercept the class loading inside applets to install additional certificates not obtained through a JAR file via archive. What do you say? Thanks a bunch.

    Read the article

  • Do all the HTML5 storage systems work together ?

    - by azera
    While there are a lot of good stuff about html5, one thing I don't get is the redondant storage mechanism, first there is localstorage and sessionstorage, which are key value stores, one is for one instance of the app ("one tab"), and the other works for all the instances of that application so they can share data. Both are saved when you close your browser and have a limited size (usually 5MB), that's great and everything would be nice if we stopped there. But then there is the "Web SQL Database", which has the same security system as the localstorage, the same size limit, the same everything except it works like/is sqlite, with tables and sql syntax and all of that. And the bummer is, they don't work on the same data at all ! This is not two way to access your data, this is really two storage for every html 5 app out there (not created by default yes, but still you see my point). What I would like to know is, is there a reason for both of this mechanisms to exist at the same time ? Or did they just look at sql and nosql movement to pick the best then went "screw it let's add both !" ? Why not implement local/session storage as a table inside web sql db ?

    Read the article

  • Can't decrypt after encrypting with blowfish Java

    - by user2030599
    Hello i'm new to Java and i have the following problem: i'm trying to encrypt the password of a user using the blowfish algorithm, but when i try to decrypt it back to check the authentication it fails to decrypt it for some reason. public static String encryptBlowFish(String to_encrypt, String salt){ String dbpassword = null; try{ SecretKeySpec skeySpec = new SecretKeySpec( salt.getBytes(), "Blowfish" ); // Instantiate the cipher. Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); //byte[] encrypted = cipher.doFinal( URLEncoder.encode(data).getBytes() ); byte[] encrypted = cipher.doFinal( to_encrypt.getBytes() ); dbpassword = new String(encrypted); } catch (Exception e) { System.out.println("Exception while encrypting"); e.printStackTrace(); dbpassword = null; } finally { return dbpassword; } } public static String decryptBlowFish(String to_decrypt, String salt){ String dbpassword = null; try{ SecretKeySpec skeySpec = new SecretKeySpec( salt.getBytes(), "Blowfish" ); // Instantiate the cipher. Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, skeySpec); //byte[] encrypted = cipher.doFinal( URLEncoder.encode(data).getBytes() ); byte[] encrypted = cipher.doFinal( to_decrypt.getBytes() ); dbpassword = new String(encrypted); } catch (Exception e) { System.out.println("Exception while decrypting"); e.printStackTrace(); dbpassword = null; } finally { return dbpassword; } } When i call the decrypt function it gives me the following error: java.security.InvalidKeyException: Parameters missing Any ideas? Thank you

    Read the article

  • P/Invoke declarations should not be safe-critical

    - by Bobrovsky
    My code imports following native methods: DeleteObject, GetFontData and SelectObject from gdi32.dll GetDC and ReleaseDC from user32.dll I want to run the code in full trust and medium trust environments (I am fine with exceptions being thrown when these imported methods are indirectly used in medium trust environments). When I run Code Analysis on the code I get warnings like: CA5122 P/Invoke declarations should not be safe-critical. P/Invoke method 'GdiFont.DeleteObject(IntPtr)' is marked safe-critical. Since P/Invokes may only be called by critical code, this declaration should either be marked as security critical, or have its annotation removed entirely to avoid being misleading. Could someone explain me (in layman terms) what does this warning really mean? I tried putting these imports in static SafeNativeMethods class as internal static methods but this doesn't make the warnings go away. I didn't try to put them in NativeMethods because after reading this article I am unsure that it's the right way to go because I don't want my code to be completely unusable in medium trust environments (I think this will be the consequence of moving imports to NativeMethods). Honestly, I am pretty much confused about the real meaning of the warning and consequences of different options to suppressing it. Could someone shed some light on all this? EDIT: My code target .NET 2.0 framework. Assembly is marked with [assembly: AllowPartiallyTrustedCallers] Methods are declared like this: [DllImport("gdi32")] internal static extern int DeleteObject(HANDLE hObject);

    Read the article

  • connecting to secure database on private network from website host

    - by jim
    Hello all, I've got a requirement to both read and write data via a .net webservice to a sqlserver database that's on a private network. this database is currently accessed via a vpn connection by remote client software (on standard desktop machines) to get latest product prices and to upload product stock sales. I've been tasked with finding a way to centralise this access from a webservice that the clients then access, rather than them using the vpn route to connect directly to the database. My question is related to my .net service's relationship to the sqlserver database. What are the options for connecting to a private network vpn from a domain host in order to achive the functionality of allowing the webservice to both read and write data to the database. For now, I'm not too concerned about the client connectivity and security (tho i appreciate that this will have to be worked out too), I'm really just interested in discovering the options available in order to allow my .net webservice to connect to the private network in as painless and transparent a way as posible. [edit] the webservice will also be available to the retail website in order for it to lookup product info as well as allocate stock transfers to the same sqlserver db. it will therefore be located on the same domain as the retail site The option of switching the database onto public hosting is not feasible, so I have to work with the scenario as described above for now, unless there's a compelling rationale presented to do otherwise. thanks all... jim

    Read the article

  • Will this class cause memory leaks, and does anything need disposing of? (asp.net vb)

    - by Phil
    Here is the class to export a gridview to an excel sheet: Imports System Imports System.Data Imports System.Configuration Imports System.IO Imports System.Web Imports System.Web.Security Imports System.Web.UI Imports System.Web.UI.WebControls Imports System.Web.UI.WebControls.WebParts Imports System.Web.UI.HtmlControls Namespace ExcelExport Public NotInheritable Class GVExportUtil Private Sub New() End Sub Public Shared Sub Export(ByVal fileName As String, ByVal gv As GridView) HttpContext.Current.Response.Clear() HttpContext.Current.Response.AddHeader("content-disposition", String.Format("attachment; filename={0}", fileName)) HttpContext.Current.Response.ContentType = "application/ms-excel" Dim sw As StringWriter = New StringWriter Dim htw As HtmlTextWriter = New HtmlTextWriter(sw) Dim table As Table = New Table table.GridLines = GridLines.Vertical If (Not (gv.HeaderRow) Is Nothing) Then GVExportUtil.PrepareControlForExport(gv.HeaderRow) table.Rows.Add(gv.HeaderRow) End If For Each row As GridViewRow In gv.Rows GVExportUtil.PrepareControlForExport(row) table.Rows.Add(row) Next If (Not (gv.FooterRow) Is Nothing) Then GVExportUtil.PrepareControlForExport(gv.FooterRow) table.Rows.Add(gv.FooterRow) End If table.RenderControl(htw) HttpContext.Current.Response.Write(sw.ToString) HttpContext.Current.Response.End() End Sub Private Shared Sub PrepareControlForExport(ByVal control As Control) Dim i As Integer = 0 Do While (i < control.Controls.Count) Dim current As Control = control.Controls(i) If (TypeOf current Is LinkButton) Then control.Controls.Remove(current) control.Controls.AddAt(i, New LiteralControl(CType(current, LinkButton).Text)) ElseIf (TypeOf current Is ImageButton) Then control.Controls.Remove(current) control.Controls.AddAt(i, New LiteralControl(CType(current, ImageButton).AlternateText)) ElseIf (TypeOf current Is HyperLink) Then control.Controls.Remove(current) control.Controls.AddAt(i, New LiteralControl(CType(current, HyperLink).Text)) ElseIf (TypeOf current Is DropDownList) Then control.Controls.Remove(current) control.Controls.AddAt(i, New LiteralControl(CType(current, DropDownList).SelectedItem.Text)) ElseIf (TypeOf current Is CheckBox) Then control.Controls.Remove(current) control.Controls.AddAt(i, New LiteralControl(CType(current, CheckBox).Checked)) End If If current.HasControls Then GVExportUtil.PrepareControlForExport(current) End If i = (i + 1) Loop End Sub End Class End Namespace Will this class cause memory leaks? And does anything here need to be disposed of? The code is working but I am getting the app pool falling over frequently when it is in use. Thanks.

    Read the article

  • Problem adding a behaviors element to my WCF client config

    - by SteveChadbourne
    I'm trying to add a behaviors element to my client config file so I can specify maxItemsInObjectGraph. The error I get is: The element 'system.serviceModel' has invalid child element 'behaviors'. List of possible elements expected: 'bindings, client, extensions'. Here is my config: <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_KernService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"> <security mode="None" /> </binding> </basicHttpBinding> </bindings> <behaviors> <endpointBehaviors> <behavior name="ServiceViewEventBehavior"> <dataContractSerializer maxItemsInObjectGraph="2147483647"/> </behavior> </endpointBehaviors> </behaviors> <client> <endpoint address="http://localhost/KernMobile.WCF/KernService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_KernService" contract="KernWcfService.KernService" name="BasicHttpBinding_KernService" behaviorConfiguration="ServiceViewEventBehavior" /> </client> </system.serviceModel> </configuration> It's also complaining about the behaviorConfiguration attribute in the endpoint element. Any ideas? .Net 4.0 BTW.

    Read the article

  • webclient download problem!!!

    - by user472018
    Hello all, if this problem was discussed before,sorry for asking again.. I want to download an image from an url with using System.Net.WebClient class. When i try to download an image (ie. google logo).it does not occur any errors,but some images are occurring errors.I dont understand why this errors. how can i fix this problem? my Code is: WebClient client = new WebClient(); try { //Downloads the file from the given url to the given destination client.DownloadFile(urltxt.Text, filetxt.Text); return true; } catch (WebException w) { MessageBox.Show(w.ToString()); return false; } catch (System.Security.SecurityException) { MessageBox.Show("securityexeption"); return false; } catch (Exception) { MessageBox.Show("exception"); return false; } Errors are: System.Net.WebException:The underlying connection was closed:An unexpected error occurred on a recieve.--System.IO.IOException:Unable to read data from the transport connection:An existing connection was forcibly closed by the remote host.--System.Net.Sockets.SocketException:An existing connection was forcibly closed by the remote host...bla bla Thanks for your help.

    Read the article

  • I want just the insert query for a temp table.

    - by John Stephen
    Hi..I am using C#.Net and Sql Server ( Windows Application ). I had created a temporary table. When a button is clicked, temporary table (#tmp_emp_details) is created. I am having another button called "insert Values" and also 5 textboxes. The values that are entered in the textbox are used and whenever com.ExecuteNonQuery(); line comes, it throws an error message Invalid object name '#tbl_emp_answer'.. Below is the set of code.. Please give me a solution. Code for insert (in insert value button): private void btninsertvalues_Click(object sender, EventArgs e) { username = txtusername.Text; examloginid = txtexamloginid.Text; question = txtquestion.Text; answer = txtanswer.Text; useranswer = txtanswer.Text; SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog=tempdb;Integrated Security=True;"); SqlCommand com = new SqlCommand("Insert into #tbl_emp_answer values('"+username+"','"+examloginid+"','"+question+"','"+answer+"','"+useranswer+"')", con); con.Open(); com.ExecuteNonQuery(); con.Close(); }

    Read the article

  • Tomcat deploy: make included scripts executable

    - by AlexS
    I'm devellopping a WebApplication (for Tomcat) using netbeans on Windows 7. For the Webapplication to run I need to run a insall-script once. This script (*.bat for windows and *.sh for linux is included in my war-file (WEB_INF). Now everytime I deploy the WAR-file and want to run the script on linux I have to call chmod +x install.sh first. Is there a way that this script can be made executable by default? I don't want to have to execute some extra commands after the deploy to make the script executable. For clarification: I'm not new to Linux and I know how to set executable-rights on files. That's not the problem. My problem is: What do I have to do, so that this script is executable right after tomcat deployed my *.war-file (unpacked it). If I would be using Linux for development as well, I would try to set the rights according in my sources (maybe I'll try it when I have a little more spare time). But I am using Windows and netbeans. Are there any attributes I can set to achive my goal, or is it possible to achive this using ant? By the way: Are there security related issues with this approach? The script looks for java executable and calls a javabased GUI-installer...

    Read the article

  • Flex/Actionscript image display problem.

    - by IanH
    I'm trying to extend the Image class but hit a problem that I can't get past. I have a private image (img) that loads an image and a function that takes that image and copies it onto the parent. The debug function "copyit2" displays the image fine (so I know it's loaded OK). But the function "copyit" doesn't work - it just displays a white rectangle. I can't see how to make copyit work so that the original image is copied to the BitmapData and then subsequenty copied onto the parent? (The idea is to do some processing on the Bitmap data before it is displayed, although this isn't shown here to keep the example simple.) I suspect it is something to do with the security of loading images, but I'm loading it from the same server as the application is run from - so this shouldn't be a problem? Thanks for any help anyone can provide. Ian package zoomapackage { import flash.display.Bitmap; import flash.display.BitmapData; import flash.display.Sprite; import flash.events.MouseEvent; import flash.geom.Matrix; import flash.geom.Point; import flash.geom.Rectangle; import flash.net.*; import mx.controls.Image; import mx.events.FlexEvent; public dynamic class Zooma extends Image { private var img:Image; public function copyit():void { var imgObj:BitmapData = new BitmapData(img.content.width, img.content.height, false); imgObj.draw(img); var matrix:Matrix = new Matrix(); this.graphics.beginBitmapFill(imgObj, matrix, false,true); this.graphics.drawRect(0, 0, this.width , this.height); this.graphics.endFill(); } public function copyit2():void { this.source = img.source; } public function Zooma() { super(); img = new Image(); img.load("http://localhost/Koala.jpg"); } } }

    Read the article

  • How can I accelerate the generation of the an MD5 Checksum within vb.net?

    - by Richard
    I'm working with some very large files residing on P2 (Panasonic) cards. Part of the process we employ is to first generate a checksum of the file we are going to copy, then copy the file, then run a checksum on the file to confirm that it copied OK. The problem is, is that files are large (70 GB+) and take a long time to complete. It's an issue since we will eventually be dealing with thousands of these files. I would like to find a faster way to generate the checksum other than using the System.Security.Cryptography.MD5CryptoServiceProvider I don't care if this means using a specialized hardware card, provided it works and is not to ungodly expensive. I would prefer to have a method of encoding that provided some feedback as to how far the process has gone along so I can display it like I do now. The application is written in vb.net. I would prefer to be able to use it as component, library, reference within my application, but I'm willing to call an outside application if there is enough improvement in the speed of generating the checksum. Needless to say, the checksum must be consistent and correct. :-) Thank you in advance for your time and efforts, Richard

    Read the article

  • For business people to manage, keep binary images in MySQL or just the urls?

    - by Michael Mao
    Hello everyone: I am working on a task to enable image uploading and auto-scaling(from full sized to thumbnail) by jQuery & PHP. I can naturally come up with two approaches : First, store both images as binary objects directly into MySQL; Second, store only urls to the images and keep the images somewhere on server. The images are for everyone to view, so there are no security restrictions, as far as I know. Personally I don't have any preference, however, at the end of the day, it is the business people that are going to manage the images as part of the system(CRUD). So I am wondering which seems to be a bit better for them? Of course I am building a easy-to-use, visualize web interface for the staff to control the process, but I am not sure if that is enough. Lessons told me that if I don't think for the future and seek the most flexible approach, the I will probably screw myself sooner or later. PS. The following link is what I've found so far, which is pretty cool, no flash involved :) Andrew Valum's ajax image upload jQuery plugin

    Read the article

  • How might one cope with the ambiguous value produced by GetDllDirectory?

    - by Integer Poet
    GetDllDirectory produces an ambiguous value. When the string this call produces is empty, it means one of the following: nobody has called SetDllDirectory somebody passed NULL to SetDllDirectory somebody passed an empty string to SetDllDirectory The first two cases are equivalent for my purposes, but the third case is a problem. If I want to write save/restore code (call GetDllDirectory to save the "old" value, SetDllDirectory to set a "new" value temporarily, and later SetDllDirectory again to restore the "old" value), I run the risk of reversing some other programmer's intent. If the other programmer intended for the current working directory to be in the DLL search order (in other words, one of the first two bullets is true), and I pass an empty string to SetDllDirectory, I will be taking the current working directory out of the DLL search order, reversing the other programmer's intent. Can anyone suggest an approach to eliminate or work around this ambiguity? P.S. I know having the current working directory in the DLL search order could be interpreted as a security hole. Nevertheless, it is the default behavior, and my code is not in a position to undo that; my code needs to be compatible with the expectations of all potential callers, many of which are large and old and beyond my control.

    Read the article

  • WCF client binding configuration in program code

    - by smarsha
    I have the following class that configures security, encoding, and token parameters but I am having trouble adding a BasicHttpBinding to specify a MaxReceivedMessageSize. Any insight would be appreciated. public class MultiAuthenticationFactorBinding { public static Binding CreateMultiFactorAuthenticationBinding() { HttpsTransportBindingElement httpTransport = new HttpsTransportBindingElement(); CustomBinding binding = new CustomBinding(); binding.Name = "myCustomBinding"; TransportSecurityBindingElement messageSecurity = TransportSecurityBindingElement.CreateUserNameOverTransportBindingElement(); messageSecurity.AllowInsecureTransport = true; messageSecurity.EnableUnsecuredResponse = true; messageSecurity.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12; messageSecurity.SecurityHeaderLayout = SecurityHeaderLayout.Strict; messageSecurity.IncludeTimestamp = true; messageSecurity.SetKeyDerivation(false); TextMessageEncodingBindingElement Quota = new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8); Quota.ReaderQuotas.MaxDepth = 32; Quota.ReaderQuotas.MaxStringContentLength = Int32.MaxValue; Quota.ReaderQuotas.MaxArrayLength = 16384; Quota.ReaderQuotas.MaxBytesPerRead = 4096; Quota.ReaderQuotas.MaxNameTableCharCount = 16384; X509SecurityTokenParameters clientX509SupportingTokenParameters = new X509SecurityTokenParameters(); clientX509SupportingTokenParameters.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient; clientX509SupportingTokenParameters.RequireDerivedKeys = false; messageSecurity.EndpointSupportingTokenParameters.Endorsing.Add(clientX509SupportingTokenParameters); //binding.ReceiveTimeout = new TimeSpan(0,0,300); binding.Elements.Add(Quota); binding.Elements.Add(messageSecurity); binding.Elements.Add(httpTransport); return binding; } }

    Read the article

  • Java website protection solutions (especially XSS)

    - by Mark
    I'm developing a web application, and facing some security problems. In my app users can send messages and see other's (a bulletin board like app). I'm validating all the form fields that users can send to my app. There are some very easy fields, like "nick name", that can be 6-10 alpabetical characters, or message sending time, which is sended to the users as a string, and then (when users ask for messages, that are "younger" or "older" than a date) I parse this with SimpleDateFormat (I'm developing in java, but my question is not related to only java). The big problem is the message field. I can't restrict it to only alphabetical characters (upper or lowercase), because I have to deal with some often use characters like ",',/,{,} etc... (users would not be satisfied if the system didn't allow them to use these stuff) According to this http://ha.ckers.org/xss.html, there are a lot of ways people can "hack" my site. But I'm wondering, is there any way I can do to prevent that? Not all, because there is no 100% protection, but I'd like a solution that can protect my site. I'm using servlets on the server side, and jQuery, on the client side. My app is "full" AJAX, so users open 1 JSP, then all the data is downloaded and rendered by jQuery using JSON. (yeah, I know it's not "users-without-javascript" friendly, but it's 2010, right? :-) ) I know front end validation is not enough. I'd like to use 3 layer validation: - 1. front end, javascript validate the data, then send to the server - 2. server side, the same validation, if there is anything, that shouldn't be there (because of client side javascript), I BAN the user - 3. if there is anything that I wasn't able to catch earlier, the rendering process handle and render appropriately Is there any "out of the box" solution, especially for java? Or other solution that I can use?

    Read the article

  • CreateThread() fails on 64 bit Windows, works on 32 bit Windows. Why?

    - by Stephen Kellett
    Operating System: Windows XP 64 bit, SP2. I have an unusual problem. I am porting some code from 32 bit to 64 bit. The 32 bit code works just fine. But when I call CreateThread() for the 64 bit version the call fails. I have three places where this fails. 2 call CreateThread(). 1 calls beginthreadex() which calls CreateThread(). All three calls fail with error code 0x3E6, "Invalid access to memory location". The problem is all the input parameters are correct. HANDLE h; DWORD threadID; h = CreateThread(0, // default security 0, // default stack size myThreadFunc, // valid function to call myParam, // my param 0, // no flags, start thread immediately &threadID); All three calls to CreateThread() are made from a DLL I've injected into the target program at the start of the program execution (this is before the program has got to the start of main()/WinMain()). If I call CreateThread() from the target program (same params) via say a menu, it works. Same parameters etc. Bizarre. If I pass NULL instead of &threadID, it still fails. If I pass NULL as myParam, it still fails. I'm not calling CreateThread from inside DllMain(), so that isn't the problem. I'm confused and searching on Google etc hasn't shown any relevant answers. If anyone has seen this before or has any ideas, please let me know. Thanks for reading.

    Read the article

  • Java Client interoperating with WSE 3.0 Web Service

    - by Dee
    I have a Interoperable Security Token Service (STS) that authenticates the User and then issues a SAML token. I also have transaction services that expects the SAML token in the incoming SOAP request header. For a client to make a call to transaction service, it first needs to authenticate with the STS, get the SAML token and then make a call to the transaction services. The STS is an interoperable service and can be invoked from a Java client. The Transaction services are build using WSE 3.0 framework, but the WSDL that it generates is not good enough for a Java client to understand it. I want my Java client to explicitly call the STS and then using the received SAML token make a call to Transaction Services. I tried with Netbeans and Metro WSIT toolkit. I was able to call the Transaction Services if it were implemented using WCF. With WCF Transaction Service the WSDL generated has complete information using which the Java client can figure out how to call to STS and then call the WCF Transaction service. How can my Java client explicitly call the STS and then in turn call the WSE 3.0 transaction services?

    Read the article

  • Trusted Folder/Drive Picker in the Browser

    - by kylepfritz
    I'd like to write a Folder/Drive picker the runs in the browser and allows a user to select files to upload to a webservice. The primary usage would be selecting folders or a whole CD and uploading them to the web with their directory structure in tact. I'm imagining something akin to Jumploader but which automatically enumerates external drives and CDs. I remember a version of Facebook's picture uploader that could do this sort of enumeration and was java-based but it has since been replaced by a much slicker plugin-based architecture. Because the application needs to run at very high trust, I think I'm limited to old-school java applets. Is there another alternative? I'm hesitant to start down the plugin route because of the necessity of writing one for both IE and Mozilla at a minimum. Are there good places to get started there? On the applet front, I built a clunky prototype to demonstrate that I can enumerate devices and list files. It runs fine in the applet viewer but I don't think I have the security settings configured correctly for it to run in the browser at full trust. Currently I don't get any drives back when I run it in the browser. Applet Prototype: public class Loader extends javax.swing.JApplet { ... private void EnumerateDrives(java.awt.event.ActionEvent evt) { File[] roots = File.listRoots(); StringBuilder b = new StringBuilder(); for (File root : roots) { b.append(root.getAbsolutePath() + ", "); } jLabel.setText(b.toString()); } } Embed Html: <p>Loader:</p> <script src="http://www.java.com/js/deployJava.js" type="text/javascript" ></script> <script> var attributes = {code:'org.exampl.Loader.Loader.class', archive:'Loader/dist/Loader.jar', width:600, height:400} ; var parameters = {}; deployJava.runApplet(attributes, parameters, '1.6');

    Read the article

  • Run Javascript on the body of a Gmail message

    - by saturn
    I want to display LaTeX math in the gmail messages that I receive, so that for example $\mathbb P^2$ would show as a nice formula. Now, there are several Javascripts available (for example, this one, or MathJax which would do the job, I just need to call them at the right time to manipulate the gmail message. I know that this is possible to do in "basic HTML" and "print" views. Is it possible to do in the standard Gmail view? I tried to insert a call to the javascript right before the "canvas_frame" iframe, but that did not work. My suspicion is that manipulating a Gmail message by any Javascript would be a major security flaw (think of all the malicious links one could insert) and that Google does everything to prevent this. And so the answer to my question is probably 'no'. Am I right in this? Of course, it would be very easy for Google to implement viewing of LaTeX and MathML math simply by using MathJax on their servers. I made the corresponding Gmail Lab request, but no answer, and no interest from Google apparently. So, again: is this possible to do without Google's cooperation, on the client side?

    Read the article

  • Editting CSS in iframe that sets Select tag's text color to black?

    - by Corey Ogburn
    This is a very specific question for a Google Chrome extension. http://www.meebo.com/mobile/ This page is where you're kicked to when you go to Meebo.com on an iPhone or Droid phone. But if you notice, the Status box where you can set yourself away or what you want your status to be has white text on a white background. In order to get a website to appear in a Google Chrome extension's popup window (the one that drops down when you click the icon next to the address bar) that isn't an included html file in the extension, I need to use an iFrame. I know that there's security measures about Cross-Site stuff like javascript and I'm not surprised I'm having trouble accessing the CSS. But there's a class, status, and it's color is white and I need to change that to black. I've tested it with Chrome's Inspect Element window and if I change that, I'll be fine. I've tried changing the manifest.json file to inject a CSS file using Content-Scripts, but nothing... I'm new to Chrome Extensions but I have experience doing web development.

    Read the article

  • I want a insert query for a temp table

    - by John Stephen
    Hi..I am using C#.Net and Sql Server ( Windows Application ). I had created a temporary table. When a button is clicked, temporary table (#tmp_emp_answer) is created. I am having another button called "insert Values" and also 5 textboxes. The values that are entered in the textbox are used and whenever com.ExecuteNonQuery(); line comes, it throws an error message Invalid object name '#tbl_emp_answer'.. Below is the set of code.. Please give me a solution. Code for insert (in insert value button): private void btninsertvalues_Click(object sender, EventArgs e) { username = txtusername.Text; examloginid = txtexamloginid.Text; question = txtquestion.Text; answer = txtanswer.Text; useranswer = txtanswer.Text; SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog=tempdb;Integrated Security=True;"); SqlCommand com = new SqlCommand("Insert into #tbl_emp_answer values('"+username+"','"+examloginid+"','"+question+"','"+answer+"','"+useranswer+"')", con); con.Open(); com.ExecuteNonQuery(); con.Close(); }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 466 467 468 469 470 471 472 473 474 475 476 477  | Next Page >