Search Results

Search found 51442 results on 2058 pages for 'system calls'.

Page 48/2058 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >

  • Security in Software

    The term security has many meanings based on the context and perspective in which it is used. Security from the perspective of software/system development is the continuous process of maintaining confidentiality, integrity, and availability of a system, sub-system, and system data. This definition at a very high level can be restated as the following: Computer security is a continuous process dealing with confidentiality, integrity, and availability on multiple layers of a system. Key Aspects of Software Security Integrity Confidentiality Availability Integrity within a system is the concept of ensuring only authorized users can only manipulate information through authorized methods and procedures. An example of this can be seen in a simple lead management application.  If the business decided to allow each sales member to only update their own leads in the system and sales managers can update all leads in the system then an integrity violation would occur if a sales member attempted to update someone else’s leads. An integrity violation occurs when a team member attempts to update someone else’s lead because it was not entered by the sales member.  This violates the business rule that leads can only be update by the originating sales member. Confidentiality within a system is the concept of preventing unauthorized access to specific information or tools.  In a perfect world the knowledge of the existence of confidential information/tools would be unknown to all those who do not have access. When this this concept is applied within the context of an application only the authorized information/tools will be available. If we look at the sales lead management system again, leads can only be updated by originating sales members. If we look at this rule then we can say that all sales leads are confidential between the system and the sales person who entered the lead in to the system. The other sales team members would not need to know about the leads let alone need to access it. Availability within a system is the concept of authorized users being able to access the system. A real world example can be seen again from the lead management system. If that system was hosted on a web server then IP restriction can be put in place to limit access to the system based on the requesting IP address. If in this example all of the sales members where accessing the system from the 192.168.1.23 IP address then removing access from all other IPs would be need to ensure that improper access to the system is prevented while approved users can access the system from an authorized location. In essence if the requesting user is not coming from an authorized IP address then the system will appear unavailable to them. This is one way of controlling where a system is accessed. Through the years several design principles have been identified as being beneficial when integrating security aspects into a system. These principles in various combinations allow for a system to achieve the previously defined aspects of security based on generic architectural models. Security Design Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation Privilege Least Common Mechanism Psychological Acceptability Defense in Depth Least Privilege Design PrincipleThe Least Privilege design principle requires a minimalistic approach to granting user access rights to specific information and tools. Additionally, access rights should be time based as to limit resources access bound to the time needed to complete necessary tasks. The implications of granting access beyond this scope will allow for unnecessary access and the potential for data to be updated out of the approved context. The assigning of access rights will limit system damaging attacks from users whether they are intentional or not. This principle attempts to limit data changes and prevents potential damage from occurring by accident or error by reducing the amount of potential interactions with a resource. Fail-Safe Defaults Design PrincipleThe Fail-Safe Defaults design principle pertains to allowing access to resources based on granted access over access exclusion. This principle is a methodology for allowing resources to be accessed only if explicit access is granted to a user. By default users do not have access to any resources until access has been granted. This approach prevents unauthorized users from gaining access to resource until access is given. Economy of Mechanism Design PrincipleThe Economy of mechanism design principle requires that systems should be designed as simple and small as possible. Design and implementation errors result in unauthorized access to resources that would not be noticed during normal use. Complete Mediation Design PrincipleThe Complete Mediation design principle states that every access to every resource must be validated for authorization. Open Design Design PrincipleThe Open Design Design Principle is a concept that the security of a system and its algorithms should not be dependent on secrecy of its design or implementation Separation Privilege Design PrincipleThe separation privilege design principle requires that all resource approved resource access attempts be granted based on more than a single condition. For example a user should be validated for active status and has access to the specific resource. Least Common Mechanism Design PrincipleThe Least Common Mechanism design principle declares that mechanisms used to access resources should not be shared. Psychological Acceptability Design PrincipleThe Psychological Acceptability design principle refers to security mechanisms not make resources more difficult to access than if the security mechanisms were not present Defense in Depth Design PrincipleThe Defense in Depth design principle is a concept of layering resource access authorization verification in a system reduces the chance of a successful attack. This layered approach to resource authorization requires unauthorized users to circumvent each authorization attempt to gain access to a resource. When designing a system that requires meeting a security quality attribute architects need consider the scope of security needs and the minimum required security qualities. Not every system will need to use all of the basic security design principles but will use one or more in combination based on a company’s and architect’s threshold for system security because the existence of security in an application adds an additional layer to the overall system and can affect performance. That is why the definition of minimum security acceptably is need when a system is design because this quality attributes needs to be factored in with the other system quality attributes so that the system in question adheres to all qualities based on the priorities of the qualities. Resources: Barnum, Sean. Gegick, Michael. (2005). Least Privilege. Retrieved on August 28, 2011 from https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/principles/351-BSI.html Saltzer, Jerry. (2011). BASIC PRINCIPLES OF INFORMATION PROTECTION. Retrieved on August 28, 2011 from  http://web.mit.edu/Saltzer/www/publications/protection/Basic.html Barnum, Sean. Gegick, Michael. (2005). Defense in Depth. Retrieved on August 28, 2011 from  https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/principles/347-BSI.html Bertino, Elisa. (2005). Design Principles for Security. Retrieved on August 28, 2011 from  http://homes.cerias.purdue.edu/~bhargav/cs526/security-9.pdf

    Read the article

  • PHP - Alternatives to runkit for intercepting method calls

    - by Radu
    I have some very test-unfriendly code (to say the least) that I need to test. Refactoring unfortunately is not an option. I have to test the code as it is, without the possibility of changing it. To do that, I was thinking of intercepting function calls and dynamically change what they do so I can run my tests, as I need some functions and methods to return known values, and I need others that make requests, connect to the database, etc, to stop doing that and return what I need them to return. Is there any way to do this without runkit_method_redefine(), which is preferably not "EXPERIMENTAL" and still maintained? Maybe an alternative to runkit? Maybe a better way? Edit: will use PHPUnit's test doubles and PHP 5.3.2's features for making private methods accessible, if I need that functionality.

    Read the article

  • Multiple calls with Simple Modal OSX Style Dialog

    - by Brad Langdon
    I am using Simple Modal, the OSX style version. I have two calls to the modal and therefore two versions of content. When either of the buttons is clicked it selects only the first lot of content. There is nowhere to put a hook on the content like most modal windows as there is no javascript on the page to add parameters... only an external .js file which I don't want to touch for obvious reasons. Can anyone help me with this problem? Click here to view the page

    Read the article

  • Silverlight 4.0 question - synchronous calls to asmx web service

    - by Anvar
    Hi, I have Silverlight problem. I have to deal with fairly large legacy application that has some web services exposed (regular asmx, not wcf). What I need to do is to build Silverlight app that consumes those web services. Due to business logic I need to have the same web method to be called from Silverlight app synchronously. I was able to build web services consumption but only asynchronously because that would be default Silverlight behavior. Is there a way to make asynchronous calls synchronous in Silverlight? I looked here and googled around but came across only wcf examples. I would appreciate if somebody would get me a code example for regular asmx web service. I use Silverlight 4.0. Thanks!

    Read the article

  • Linq to SQl over WCF Timesout after several calls

    - by Redeemed1
    I have a L2S Repository class which instantiates the L2S DataContext in its constructor. The repository is instantiated at run time (using Unity) in a service hosted in IIS with WCF. When I run up the client MVC applicaton the calls to the backend WCF service work for a while and then timeout. I suspected perhaps a database issue as I was depending on IIS garbage collection to dispose of unused DataContext instances in the IIS host but when I checked the characteristics of the problem I notice the following: The client makes the call to WCF but the WCF service does not respond. Next, the client times out Some time later (several minutes) the service actually executes the request by instantiating the repository and servicing the call. I have checked both client and server traces logs and only the client shows WCF errors (the timeout error). Where should I look? Is it something in WCF or is L2S possibly blocking with unfreed conenctions, resources etc.? Many thanks Brian

    Read the article

  • Confused with ECMAScript Language Specification Function Calls section

    - by Ding
    Hi, I am reading ECMAScript Language Specification Function Calls section Can someone rephrase or detailed explains the following sentense for me? The production CallExpression : MemberExpression Arguments is evaluated as follows: Evaluate MemberExpression. let's take this code as an example. var john = { name: 'John', greet: function(person) { alert("Hi " + person + ", my name is " + this.name); } }; john.greet("Mark"); Take above code as an example, what does production CallExpression mean? what is MemberExpression in this case, john.greet? Thanks!

    Read the article

  • NSURLConnection still calls delegate AFTER cancel method has been called

    - by Shizam
    Hi All, Having a problem with NSURLConnection, if I create a NSURLConnection and call [connection connectionWithRequest] let it load a little then call [connection cancel] most of the time that works fine. However occasionally even after I call [connection cancel] the connection's delegate still gets called (which crashes the app). Googling around it looks like the problem here is a race condition in the runloop, I cancel the connection and release the delegate but before the runloop cycles it calls the delegate functions - crash. Is there a way for me to, after I call [connection cancel] confirm the connection has actually canceled? Even a crappy while() loop will do :(

    Read the article

  • Undocumented Mac Calls

    - by Brian Postow
    I'm working on a couple of mac products, and in order to do what I need to do, I'm using some calls to undocumented methods on Mac Classes. Like IKImageView's doRotate:(id) and PDFDocument's (NSPrintOperation *)getPrintOperationForPrintInfo:(NSPrintInfo *)printInfo autoRotate:(BOOL)doRotate; How common is it for Objective C programmers to use methods like this? How do you find out about them (other than Google)? How dangerous is it to use them? Is there a danger other than that Apple will make them no-longer available in some future rev, and so your program will break?

    Read the article

  • Audio -- How much performance improvement can I expect from from reducing function calls by using bu

    - by morgancodes
    I'm working on an audio-intensive app for the iPhone. I'm currently calling a number of different functions for each sample I need to calculate. For example, I have an envelope class. When I calculate a sample, I do something like: sampleValue = oscilator->tic() * envelope->tic(); But I could also do something like: for(int i = 0; i < bufferLength; i++){ buffer[i] = oscilatorBuffer[i] * evelopeBuffer[i]; } I know the second will be more efficient, but don't know by how much. Are function calls expensive enough that I'd be crazy not to use buffers if I care event a tiny bit about performance?

    Read the article

  • Facebook PHP API Calls

    - by Daniel Hertz
    Hello, So I simply want to add my current facebook status to my personal website. I have been looking at tutorials and other posts about fb and fb connect, but I am still confused. Is there anyway to do this with simple REST calls? Like twitter or flickr? From what I understand I dont need FB connect because I am just getting my own status and do not need to get any info from other visitors. Any know how to do this?

    Read the article

  • WPF application which calls an API, which needs a message pump

    - by Griffin
    I have a WPF application that calls an API to operate a device (a scanner). This API is COM based, and internally has a hidden window that the scanner sends messsages too. The intent of the API is to turn those windows messages into COM events. The problem is that the WPF application doesn't have a message pump, and therefore none of the messages are being delivered to the hidden window. Therefore none of the events are fired and it looks like the scanner is not responding. How should I create a message loop in the WPF application that will be able to dispatch messages to the invisible window?

    Read the article

  • Garbage collection of Strings returned from C# method calls in ascx pages

    - by Icarus
    Hi, For a web application developed on ASP.NET, we are finding that for user control files (ascx) we are returning long strings as a result of method calls. These are embedded in the ascx pages using the special tags <% %> When performing memory dump analysis for the application, we find that many of those strings are not being garbage collected. Also, the ascx pages are compiled to temporary DLLs and they are held in memory. Is this responsible for causing the long strings to remain in memory and not be garbage collected ? Note : The strings are larger than 85K in size.

    Read the article

  • I am deploying a Silverlight APPlication that calls a WCF Service

    - by Rico
    It Runs It Loads but when it calls the service I get An exception occurred during the operation, making the result invalid. Check InnerException for exception details. at System.ComponentModel.AsyncCompletedEventArgs.RaiseExceptionIfNecessary() at SalesSimplicityPO_SL.POSvc.GetPurchaseOrdersCompletedEventArgs.get_Result() at SalesSimplicityPO_SL.About.mySvc_GetPurchaseOrdersCompleted(Object sender, GetPurchaseOrdersCompletedEventArgs e) at SalesSimplicityPO_SL.POSvc.POSvcClient.OnGetPurchaseOrdersCompleted(Object state) What is the problem does anyone know? I load and call my web service like.. BasicHttpBinding binding = new BasicHttpBinding(); EndpointAddress address = new EndpointAddress(new Uri("http://localhost/POSystem/POSvc.svc")); POSvc.POSvcClient mySvc = new POSvc.POSvcClient(binding, address); mySvc.InsertPOCompleted += new EventHandler<SalesSimplicityPO_SL.POSvc.InsertPOCompletedEventArgs>(mySvc_InsertPOCompleted); mySvc.InsertPOAsync(InitialsTextBox.Text.ToString(), DescTextBox.Text.ToString(), ClientTextBox.Text.ToString()); Works great in debug.... What am i Doing to get this error?

    Read the article

  • Waiting on multiple asynchronous calls to complete before continuing

    - by Chad
    So, I have a page that loads and through jquery.get makes several requests to populate drop downs with their values. $(function() { LoadCategories($('#Category')); LoadPositions($('#Position')); LoadDepartments($('#Department')); LoadContact(); }; It then calls LoadContact(); Which does another call, and when it returns it populates all the fields on the form. The problem is that often, the dropdowns aren't all populated, and thus, it can't set them to the correct value. What I need to be able to do, is somehow have LoadContact only execute once the other methods are complete and callbacks done executing. But, I don't want to have to put a bunch of flags in the end of the drop down population callbacks, that I then check, and have to have a recursive setTimeout call checking, prior to calling LoadContact(); Is there something in jQuery that allows me to say, "Execute this, when all of these are done."?

    Read the article

  • Stub web calls in Scala

    - by Dennis Laumen
    I'm currently writing a wrapper of the Spotify Metadata API to learn Scala. Everything's fine and dandy but I'd like to unit test the code. To properly do this I'll need to stub the Spotify API and get consistent return values (stuff like popularity of tracks changes very frequently). Does anybody know how to stub web calls in Scala, the JVM in general or by using some external tool I could hook up into my Maven setup? PS I'm basically looking for something like Ruby's FakeWeb... Thanks in advance!

    Read the article

  • Windows API calls from assembly while minimizing program size

    - by takteek
    I'm trying to write a program in assembly and make the resulting executable as small as possible. Some of what I'm doing requires windows API calls to functions such as WriteProcessMemory. I've had some success with calling these functions, but after compiling and linking, my program comes out in the range of 14-15 KB. (From a source of less than 1 KB) I was hoping for much, much less than that. I'm very new to doing low level things like this so I don't really know what would need to be done to make the program smaller. I understand that the exe format itself takes up quite a bit of space. Can anything be done to minimize that? I should mention that I'm using NASM and GCC but I can easily change if that would help.

    Read the article

  • Code behind methods vs. Jquery AJAX calls

    - by punkouter
    Theres a war brewing I can feel it! Old school coders are used to having every server control create events in the .cs files.. for example.. Getting the Initial load of data, Saving Data, Deleting data... and then binding datasources to the server control.. New school coders want to do it in Jquery + AJAX calls to .svc files... That gives automatic no post backs so that is a advantage... and I think its a different way of thinking.. All of a sudden the UI related events are all being done in Jquery.. What is the most modern and efficient way to go ? How can I convince the old school coders to let us you this new paradigm ? (assuming it is the better way)

    Read the article

  • A controller method that calls a different method on the same controller

    - by justSteve
    I have a controller method: public ActionResult Details(int id) { Order order = OrderFacade.Instance.Load(id); return View(order); } that is used for 95% of possible invocations. For the other 5% i need to manipulate the value of id before passing to the facade. I'd like to create a separate method within this same controller that executes that manipulation and then calls this (Details) method. What would the signature of that method look like? What is the syntax to call the main Details method? public ??? ManipulatorMethod(int id) { [stuff that manipulates id] [syntax to call Details(manipulatedID)] } mny thx

    Read the article

  • Order of calls to set functions when invoking a flex component

    - by Jason
    I have a component called a TableDataViewer that contains the following pieces of data and their associated set functions: [Bindable] private var _dataSetLoader:DataSetLoader; public function get dataSetLoader():DataSetLoader {return _dataSetLoader;} public function set dataSetLoader(dataSetLoader:DataSetLoader):void { trace("setting dSL"); _dataSetLoader = dataSetLoader; } [Bindable] private var _table:Table = null; public function set table(table:Table):void { trace("setting table"); _table = table; _dataSetLoader.load(_table.definition.id, "viewData", _table.definition.id); } This component is nested in another component as follows: <ve:TableDataViewer width="100%" height="100%" paddingTop="10" dataSetLoader="{_openTable.dataSetLoader}" table="{_openTable.table}"/> Looking at the trace in the logs, the call to set table is coming before the call to set dataSetLoader. Which is a real shame because set table() needs dataSetLoader to already be set in order to call its load() function. So my question is, is there a way to enforce an order on the calls to the set functions when declaring a component?

    Read the article

  • VB.NET 2.0 - StackOverflowException when using Thread Safe calls to Windows Forms Controls

    - by LamdaComplex
    I have a Windows Forms app that, unfortunately, must make calls to controls from a second thread. I've been using the thread-safe pattern described on the http://msdn.microsoft.com/en-us/library/ms171728.aspx. Which has worked great in the past. The specific problem I am having now: I have a WebBrowser control and I'm attempting to invoke the WebBrowser.Navigate() method using this Thread-Safe pattern and as a result I am getting StackOverflow exceptions. Here is the Thread-Safe Navigate method I've written. Private Delegate Sub NavigateControlCallback(ByRef wb As WebBrowser, ByVal url As String) Private Sub AsyncNavigate(ByRef wb As WebBrowser, ByVal URL As String) Try If wb.InvokeRequired Then Dim callback As New NavigateControlCallback(AddressOf AsyncNavigate) callback(wb, url) Else wb.Navigate(url) End If Catch ex As Exception End Try End Sub Is there a Thread-Safe way to interact with WinForms components without the side effect of these StackOverflowExceptions?

    Read the article

  • writing to a file in nasm using system calls

    - by yurib
    As part of an assignment I'm supposed to write to a file using system calls. Everything works fine except when I try to open the file in gedit (linux), it says it can't identify the character encoding. Notepad (on windows) opens the file just fine. Why doesn't it work on linux ? here's the code: section .text global _start _start: mov EAX, 8 mov EBX, filename mov ECX, 0700 int 0x80 mov EBX, EAX mov EAX, 4 mov ECX, text mov EDX, textlen int 0x80 mov EAX, 6 int 0x80 mov eax, 1 int 0x80 section .data filename db "./output.txt", 0 text db "hello world", 0 textlen equ $ - text thanks :)

    Read the article

  • One big call vs. multiple smaller TSQL calls

    - by BrokeMyLegBiking
    I have a ADO.NET/TSQL performance question. We have two options in our application: 1) One big database call with multiple result sets, then in code step through each result set and populate my objects. This results in one round trip to the database. 2) Multiple small database calls. There is much more code reuse with Option 2 which is an advantage of that option. But I would like to get some input on what the performance cost is. Are two small round trips twice as slow as one big round trip to the database, or is it just a small, say 10% performance loss? We are using C# 3.5 and Sql Server 2008 with stored procedures and ADO.NET.

    Read the article

  • problem in multiple asynchronous calls on webservice method in wpf application

    - by black sensei
    Hello Experts! i'm trying to create an application which connects to internet and consume web services for every of it's operation.As far as i'm concerned i'll like to useasync method which i'm using already to get a collection of Contacts.I've realized that when i'm doing the same for groups (meaning getting groups async) i'm having errors in the calls , but when using normal call there ins't.So i did some research online and find that a lot of people has the same problem. Some of them are asked to use WCF (for which i don't know jack).I'll like to know if there is another way to overcome this. if not can somebody point me to reliable resource online and help me get through it? thanks for reading and helping

    Read the article

  • Bookmarkabale ajax calls with MVC routing

    - by devzero
    I have a page with a menu that uses JQuery AJAX calls to populate the page with. To reflect any changes I update the URL with a #... instead of ?... or /... So an URL that originally reads : htpp://localhost/pages/index/id=1 would look like : http://localhost/#pages/index/id=1. If a user bookmarks this, and later comes back to the page, I wonder if it's possible to use the second URL in my route decoding, or if I have to load it blank, then use the same JS/Ajax to populate the page? In my mind it is problematic to use Ajax in these cases if a user copies the link and mails it to a friend with JavaScript disabled. edit#1: Fixed some spelling.

    Read the article

  • How to Check .Net 2.0 assembly for Calls to .Net 3.5

    - by Paul Farry
    I've found an issue I believe where an assembly is making a call to a .Net3.5 method in a .Net2.0 only environment. (None on the .Net service packs nor .Net 3.5 is installed) I'd like to know if there are any programs that I can run like FXCop to check an assembly for adherence to only making method calls that are available in .Net 2.0 without the 3.5 extensions that were added. I've been bitten by this before and I'd like to have a way to check assemblies so that before they are released they can be checked to prevent these kinds of issues. Please don't say require .Net 3.5 because whilst I'd like to go to this, it's just not possible at this point.

    Read the article

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >