Search Results

Search found 15914 results on 637 pages for 'physical security'.

Page 491/637 | < Previous Page | 487 488 489 490 491 492 493 494 495 496 497 498  | Next Page >

• Problem authenticating with shiro in grails app

  - by xain

  I have a grails 1.2 app and I want to use declarative security in order to restrict accesses based on roles. I decided to try shiro, installed the plugin, but when I try to authenticate, the message "Invalid username and/or password" shows up in the header. I check the db entry and the user is there with the sha'ed password. No messages are shown neither in the console nor in the stacktrace file. I added "warn 'org.jsecurity'" to Config.groovy with no results. Any hints/tricks to troubleshoot this ?

  Read the article

• How to create virtual Environment for users on server

  - by Bhushan Nagaonkar

  I have a web application where users can register them self and then save Java and C++ programs in their account. Programs are saved in a tmp directory like, /tmp -user1 --program1 --program2 -user2 --program1 --program2 So all the users folders are in same "tmp" directory. I want to know how can I proved security by not allowing a user to access files of other users. A user will be executing a java or c++ program in his folder which can be used to read files on the server. How to prevent this? I am new to this thing I don't know how to go about this. The server is Linux server and project is in python using Django. Thank in advance

  Read the article

• Graceful handling of server timeout in BlazeDS

  - by Rydell

  I have a flex client that makes service calls to a tomcat server running BlazeDS. I would like to gracefully handle server session timeouts in this environment. I do have security constraints on the service, so the client authenticates against a remote object by initializing a ChannelSet based on the destination, and then logging in using that ChannelSet. After the user is authenticated, if they go get a (long) cup of coffee, their session will inevitably time out. I would like the client to detect the timeout, and return the user back to the login page, with the appropriate informational messages. But I am having difficulty finding the best way to detect this timeout from the client. Is it possible, or must I have the server throw an error when the timeout occurs? Thanks!

  Read the article

• Do I need to auto-login after account activation?

  - by Art

  This is the standard scenario: User registers on the site User receives an account activation email, clicks link to activate Web site notifies the user that account is activated Now there are at least two pathways: User is taken to the login screen and asked to enter login details User is automatically logged in and taken to a welcome/profile/etc page While there are obvious benefits in (1) as far as the user's experience is concerned, there could be drawbacks as well. Option (2) offers improved security at cost of UX. Which of the scenarios is preferable and why? Any serious flaws in any of them?

  Read the article

• Is it possible to use JSONP on the server?

  - by Denis Hoctor

  Hi all, I'm stuck on a clients host that has medium trust setup which blocks cross domain requests and need data from a 3rd party domain. I now have the option to use JSONP. I've used JSONP from the client with jQuery to get around the browsers cross domain security and I've used HttpWebRequest in ASP.Net 3.5. Is it possible to use JSON on the server and if so how? I don't think it is, but worth asking seeing as I already have this app written server side.... Thanks, Denis

  Read the article

• How to add a Web Reference to a SSL web service?

  - by Matt W

  Hi, I have a web service in a C#/3.5 project which has been running fine. This is until I set the "SSL port" in IIS to 443 and set the "IIS - Directory Security - Secure Communications - Require secure channel (SSL)" option to true. Now, the web reference cannot be updated and I cannot add a new web reference to the web service in that site. When I try to view the service in a browse using just HTTP I get the "This page must be viewed over a secure channel" and when viewed with HTTPS on the front I get "This web page not available." Could someone tell me how to get a Web Reference added using Visual Studio to this secure web service, please? Thanks, Matt.

  Read the article

• Running custom Javascript on every page in Mozilla Firefox

  - by saturn

  I have a custom piece of Javascript which I would like to run on every web page from specific domains, or perhaps simply on every web page. (If you are wondering: it is not malicious. It allows to display formulas by using MathJax.) Is that possible? I tried including it in userContent.css, that of course did not work. A simple Greasemonkey script I tried did not insert it. Is it because of the security precautions? (Which would be very logical). Still, there should be a way to do it on the machine I physically control, by changing something in Mozilla chrome directory, shouldn't it? Anyway, how can I do this for myself?

  Read the article

• Spring - MVC - Sanitize URL before redisplaying to the user

  - by Raghav

  In my application , a HTTP GET request URL to the application with script tag is getting redisplayed as it is although it fails the authorization. Example: http://www.example.com/welcome<script>alert("hi")</script> The issue is sanitizing external input entered directly into address bar by modifying existing GET URL. Spring redisplays the submitted URL as it is. Though the script does not get executed in the browser(FF), is there anyway to strip the URL of these values before displaying it back to the user Reference: Spring MVC application filtering HTML in URL - Is this a security issue?

  Read the article

• Browser Helper Object doesnot get loaded in IE8

  - by velusbits

  I have a BHO, which i can see it as enabled in Add On's list. But it does not get loaded when i start my IE on the Win2k8 R2 machines(64 bit). I have disabled IE Enhanced security as well but no help. The same BHO gets loaded in other machines. The registry details under (HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects & HKEY_CLASSES_ROOT\Wow6432Node\CLSID) seem to be fine. Is there any setting that disables BHO from actually getting loaded?

  Read the article

• Why don't web fonts in Firefox don't work on a different domain?

  - by mikez302

  I was experimenting with the fancy new OpenType font capability in Firefox 3.5 and I ran into a problem. I was trying to embed a font on a different domain than the page it would be used on, and it didn't work. I thought it may have been a bug, but from what I read on the MDC reference page, I noticed this note: In Gecko, web fonts are subject to the same domain restriction (font files must be on the same domain as the page using them), unless HTTP access controls are used to relax this restriction. It looks like they designed the browser that way on purpose. Out of curiosity, why would they do that? Is there any security risk with embedding a font? Or is it for legal trademark or copyright issues? Or something else?

  Read the article

• System.Web.AspNetHostingPermission Exception on New Deployment

  - by Jason N. Gaylord

  I have a friend that is moving a web application from one server over to another. The new server has the same settings as the first server, however, he's running into a Security issue. Here's the error details: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. The Event Viewer does not point to anything specific in the web.config file or anything. The web applicaiton is on the C: drive. This is a Windows Server 2008 R2 x64 server with a brand new IIS 7 installation. IIS is set in classic mode for this app pool.

  Read the article

• Why exactly is eval evil?

  - by Jay

  I know that Lisp and Scheme programmers usually say that eval should be avoided unless strictly necessary. I´ve seen the same recommendation for several programming languages, but I´ve not yet seen a list of clear arguments against the use of eval. Where can I find an account of the potential problems of using eval? For example, I know the problems of GOTO in procedural programming (makes programs unreadable and hard to maintain, makes security problems hard to find, etc), but I´ve never seen the arguments against eval. Interestingly, the same arguments against GOTO should be valid against continuations, but I see that Shemers, for example, won´t say that continuations are "evil" -- you should just be careful when using them. They´re much more likely to frown upon code using eval than upon code using continuations (as far as I can see -- I could be wrong).

  Read the article

• problem in loading class from 'me.prettyprint.hector.api.Serializer'

  - by dhananjay patil

  I have created executable jar but having some problem with Class not found Exception. When I type command: java -jar JarFileName.jar arguments.. I get error message, Exception in thread "main" java.lang.NoClassDefFoundError: me/prettyprint/hector/api/Serializer at com.ensarm.niidle.web.scraper.NiidleScrapeManager.main(NiidleScrapeManager.java:21) Caused by: java.lang.ClassNotFoundException: me.prettyprint.hector.api.Serializer at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) ... 1 more please tell me solution for this,class is not getting loaded from the external jar

  Read the article

• Getting "Object is read only" error when setting ClientCredentials in WCF

  - by Paul Mrozowski

  I have a proxy object generated by Visual Studio (client side) named ServerClient. I am attempting to set ClientCredentials.UserName.UserName/Password before opening up a new connection using this code: InstanceContext context = new InstanceContext(this); m_client = new ServerClient(context); m_client.ClientCredentials.UserName.UserName = "Sample"; As soon as the code hits the UserName line it fails with an "Object is read-only" error. I know this can happen if the connection is already open or faulted, but at this point I haven't called context.Open() yet. I have configured the Bindings (which uses netTcpBinding) to use Message as it's security mode, and MessageClientCredentialType is set to UserName. Any ideas?

  Read the article

• Decompressing file with gzip produces file with no read-permissions on Windows 7

  - by Abiel

  I am attempting to decompress a .gz file using the GnuWin32 gzip program in Windows 7. I have full permissions on the compressed file, and my user account is an administrator. However, I end up not having read permissions on the decompressed file. To get read permissions I would have to manually change the permissions on it through right-clicking and selecting Properties Security. I am able to do this exact same thing with no permission problems in Windows XP, which leads me to believe that Windows 7's user account control system is causing problems. Does anyone know what I can do to make things work as I would expect (read permission on the decompressed file) in Windows 7? Thanks.

  Read the article

• How do you detect a website visitor's country (Specifically, US or not)?

  - by BigDave

  I need to show different links for US and non-US visitors to my site. This is for convenience only, so I am not looking for a super-high degree of accuracy, and security or spoofing are not a concern. I know there are geotargeting services and lists, but this seems like overkill since I only need to determine (roughly) if the person is in the US or not. I was thinking about using JavaScript to get the user's timezone, but this appears to only give the offset, so users in Canada, Mexico, and South America would have the same value as people in the US. Are there any other bits of information available either in JavaScript, or PHP, short of grabbing the IP address and doing a lookup, to determine this?

  Read the article

• Is writing eSQL database independant or not?

  - by Robert Koritnik

  Using EF we can use LINQ to read data which is rather simple (especialy using fluent calls), but we have less control unless we write eSQL on our own. Is writing eSQL database actually data store independant code? So if we decide to change data store, can the same statements still be used? Is writing eSQL strings in your code pose any serious security threats similar to writing TSQL statements in plain strings? So we moved to SPs. Could we still mode eSQL scripts outside of code as well and use some other technique to make them a bit more secure?

  Read the article

• Javascript/iframe/embed/object question

  - by thinkfuture

  OK, so here is my issue. I'm building a system which will allow people to embed lists of links on their pages. When the link is clicked, i'd like to use something like Lightview or Lightwindow to open it up over the whole window, not just in the iframe. I don't have access to the page that the user will be embedding this object into. Everything I've tried so far tells me that I can't open anything over the parent window, since I don't have access to it from the iframe or object, javacript security issue. However, I've seen sites that do that kind of overlay. so it must be possible. If anyone can point me to any resources that could help, that would be great. if it matters, i'm using Ruby on Rails... Thanks...chris

  Read the article

• How should I use random.jumpahead in Python

  - by Peter Smit

  I have a application that does a certain experiment 1000 times (multi-threaded, so that multiple experiments are done at the same time). Every experiment needs appr. 50.000 random.random() calls. What is the best approach to get this really random. I could copy a random object to every experiment and do than a jumpahead of 50.000 * expid. The documentation suggests that jumpahead(1) already scrambles the state, but is that really true? Or is there another way to do this in 'the best way'? (No, the random numbers are not used for security, but for a metropolis hasting algorithm. The only requirement is that the experiments are independent, not whether the random sequence is somehow predictable or so)

  Read the article

• Generate SQL Server Express database from Entity Framework 4 model

  - by Cranialsurge

  I am able to auto-generate a SQL Server CE 4.0 *.sdf file using code-first generation as explained by Scott Guthrie here. The connection string for the same is as follows: <add name="NerdDinners" providerName="System.Data.SqlServerCe.4.0" connectionString="data source=|DataDirectory|NerdDinner.sdf"/> However if I try to generate an mdf instead using the following connection string, it fails to do so with the following error - "The provider did not return a ProviderManifestToken string.". <add name="NerdDinners" providerName="System.Data.SqlClient" connectionString="data source=|DataDirectory|NerdDinner.mdf"/> Even directly hooking into a SQLEXPRESS instance using the following connection string fails <add name="NerdDinners" providerName="System.Data.SqlClient" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=NerdDinner;Integrated Security=True"/> Does EF 4 only support SQL CE 4.0 for database creation from a model for now or am I doing something wrong here?

  Read the article

• How to find a programmer for my project?

  - by Al

  I'm building a web application to generate monthly subscription fees, but I've quickly realised I'm going to need some help with the project to finish it this century. I don't have any money upfront for a freelancer and every website I've found takes bids for project work. The tasks that need doing are flexible too because I can do whatever the other coder doesn't want to. I'm also happy to guide the developer and offer tips for performance/security/etc etc. My question is; how do I go about finding someone to work with on a profit-share basis? I'm sure there are a billion people like me with the "next killer app" but I genuinely believe in it. Can anyone offer some advice? Thanks in advance! EDIT: I guess the trick is to find someone passionate enough about the subject as I am. Where would I find someone? Are there websites that broker profit-share deals on programming work?

  Read the article

• WCF Windows service permissions problem

  - by Elad

  I have created a WCF service and hosted it using Windows Services host. To install the project I created an installation project (as described here). In the tutorial, it says to define in the ProjectInstaller.cs the serviceProcessInstaller1 Account property to be Network Service. When using this setting the service did not started on the server. When I tried to start the process manually, it immediately return to stopped state. After when I changed the Account to LocalSystem the service works properly. My questions are: Any ideas why it won't work with Network Service account? What are the security implications of using a server with LocalSystem account? This server is used locally in the intranet as a reporting server for other servers.

  Read the article

• Getting COM object to run in Vista

  - by rainslg

  We expose an interface to our simulation software using a COM/ActiveX object. This worked just fine in XP, but in Vista, we get "Error 429: ActiveX can't create object" when a VB client executes CreateObject(). The COM object has been registered by hand so that the Vista Registry is identical to XP's Registry. I run the VB interface from a DOS window that I started using "Run As Administrator". The client is correctly accessing and reading the Registry as I walk through using the debugger in VB, so it's apparently not a security setting, as near as I can tell. I have also loaded the files into VS2005 (the object was originally created in VS6) and rebuilt them to get a later ATL version, but that hasn't helped - we still get the 429 error. Is this a symptom of UAC problems, or should I be looking for something deeper?

  Read the article

• Error in PushNotification from iPhone Device

  - by Shibin Moideen

  Hi All, I am trying to do a sample project on the Apple the push notification. I created an AppID, done some terminal commands, and finally got a Provisional Certificate for do the same. I got the certificate installed on my device and SDK. Till now every thing goes fine. But when i try to run the app on the device.... it doesnt. It throws an error stating "Error from debugger:Error launching remote program:security policy error." Can any one help me to overcome this. Please Help needed. thanks in advance Shibin

  Read the article

• Verify windows log-in via smart card

  - by Ronen Rabinovitz

  Hi I need to verify in my WPF application if the user log in to his computer via password or via smart-card. Both login options are available in my company clients but my application need to open only in the smart-card login. All the clients are windows 7 OS. I look at some sites: http://technet.microsoft.com/en-us/library/ff404285(v=ws.10).aspx http://www.codeproject.com/Articles/240655/Using-a-Smart-Card-Certificate-with-NET-Security-i and I'm thinking I need to get the enhanced key usage (EKU) attribute field. If the EKU is empty = then the user was loged via password and not via smartcard. I only need this simple check, I do not care for creating/validations on certificates atc.

  Read the article

< Previous Page | 487 488 489 490 491 492 493 494 495 496 497 498  | Next Page >