Search Results

Search found 140 results on 6 pages for 'sniffing'.

Page 5/6 | < Previous Page | 1 2 3 4 5 6  | Next Page >

• WebAPI and MVC4 and OData

  - by Aligned

  I was looking closer into WebAPI, specificially how to use OData to avoid writing GetCustomerByCustomerId(int id) methods all over the place. I had problems just returning IQueryable<T> as some sites suggested in the WebpAPI (Assembly System.Web.Http.dll, v4.0.0.0).  I think things changed in the release version and the blog posts are still out of date. There is no [Queraable] as the answer to this question suggests. Once I get WebAPI.Odata Nuget package, and added the [Queryable] to the method http://localhost:57146/api/values/?$filter=Id%20eq%201 worked (don’t forget the ‘$’). Now the main question is whether I should do this and how to stop logged in users from sniffing the url and getting data for other users. I John V. Peterson has a post on securing WebAPI with headers and intercepting the call at that point. He had an update to use HttpMessageHandlers instead. I think I’ll use this to force the call to contain some kind of unique code for the user, but I’m still thinking about this. I will not expose this to the public, just to my calls with-in my Forms Authentication areas. Other links: http://robbincremers.me/2012/02/16/building-and-consuming-rest-services-with-asp-net-web-api-and-odata-support/ ~lots of good information John V Peterson example: https://github.com/johnvpetersen/ASPWebAPIExample ~ all data access goes through the WebApi and the web client doesn’t have a connection string ~ There is code library for calling the WebApi from MVC using the HttpClient. It’s a great starting point http://blogs.msdn.com/b/alexj/archive/2012/08/15/odata-support-in-asp-net-web-api.aspx ~ Beta (9/18/2012) Nuget package to help with what I want to do? ~ has a sample code project with examples http://blogs.msdn.com/b/alexj/archive/2012/08/15/odata-support-in-asp-net-web-api.aspx http://blogs.msdn.com/b/alexj/archive/2012/08/21/web-api-queryable-current-support-and-tentative-roadmap.aspx http://stackoverflow.com/questions/10885868/asp-net-mvc4-rc-web-api-odata-filter-not-working-with-iqueryable JSON, pass the correct format in the header (Accept: application/json). $format=JSON doesn’t appear to be working. Async methods built into WebApi! Look for the GetAsync methods.

  Read the article

• PASS Summit for SQL Starters

  - by Davide Mauri

  I’ve received a buch of emails from PASS Summit “First Timers” that are also somehow new to SQL Server (for “somehow” I mean people with less than 6 month experience but with some basic knowledge of SQL Server engine) or are catching up from SQL Server 2000. The common question regards the session one should not miss to have a broad view of the entire SQL Server platform have some insight into some specific areas of SQL Server Given that I’m on (semi-)vacantion and that I have more free time (not true, I have to prepare slides & demos for several conferences, PASS Summit  - Building the Agile Data Warehouse with SQL Server 2012 - and PASS 24H - Agile Data Warehousing with SQL Server 2012 - among them…but let’s pretend it to be true), I’ve decided to make a post to answer to this common questions. Of course this is my personal point of view and given the fact that the number and quality of session that will be delivered at PASS Summit is so high that is very difficoult to make a choice, fell free to jump into the discussion and leave your feedback or – even better – answer with another post. I’m sure it will be very helpful to all the SQL Server beginners out there. I’ve imposed to myself to choose 6 session at maximum for each Track. Why 6? Because it’s the maximum number of session you can follow in one day, and given that all the session will be on the Summit DVD, they are the answer to the following question: “If I have one day to spend in training, which session I should watch?”. Of course a Summit is not like a Course so a lot of very basics concept of well-established technologies won’t be found here. Analysis Services, Integration Services, MDX are not part of the Summit this time (at least for the basic part of them). Enough with that, let’s start with the session list ideal to have a good Overview of all the SQL Server Platform: Geospatial Data Types in SQL Server 2012 Inside Unstructured Data: SQL Server 2012 FileTable and Semantic Search XQuery and XML in SQL Server: Common Problems and Best Practice Solutions Microsoft's Big Play for Big Data Dashboards: When to Choose Which MSBI Tool Microsoft BI End-User Tools 360° for what concern Database Development, I recommend the following sessions Understanding Transaction Isolation Levels What to Look for in Execution Plans Improve Query Performance by Fixing Bad Parameter Sniffing A Window into Your Data: Using SQL Window Functions Practical Uses and Optimization of New T-SQL Features in SQL Server 2012 Taking MERGE Beyond the Basics For Business Intelligence Information Delivery Analyzing SSAS Data with Excel Building Compelling Power View Reports Managed Self-Service BI PowerPivot 101  SharePoint for Business Intelligence The Best Microsoft BI Tools You've Never Heard Of and for Business Intelligence Architecture & Development BI Power Hour Building a Tabular Model Database Enterprise Information Management: Bringing Together SSIS, DQS, and MDS SSIS Design Patterns Storing Columnstore Indexes Hadoop and Its Ecosystem Components in Action Beside the listed sessions, First Timers should also take a look the the page PASS set up for them: http://www.sqlpass.org/summit/2012/Connect/FirstTimers.aspx See you at PASS Summit!

  Read the article

• Weird permission issue with POSIX ACLs, NFS v3 on Linux

  - by jon

  I have two Linux systems, both running Debian Squeeze. Versions of (I think) the stuff involved are: kernel: 2.6.32-5-xen-amd64 ii nfs-kernel-server 1:1.2.2-4squeeze2 support for NFS kernel server ii libnfsidmap2 0.23-2 An nfs idmapping library ii nfs-common 1:1.2.2-4squeeze2 NFS support files common to client and server ii portmap 6.0.0-2 RPC port mapper (The client doesn't have nfs-kernel-server involved.) I have a directory with ACLs: # file: dirname # owner: jon # group: foogroup # flags: -s- user::rwx user:www-data:rwx group::r-x group:foogroup:rwx mask::rwx other::r-x default:... There are two users, neither one of which owns the directory: uid=3001(jake) gid=3001(jake) groups=3001(jake),104(wheel),3999(foogroup) uid=3005(nic) gid=3005(nic) groups=3005(nic),3999(foogroup) The jake user can create files in the directory without issues. The nic user can't. All UIDs/GIDs are the same on the client and server. I've verified (packet sniffing) that the right uids/gids get sent via AUTH_UNIX are correct-- uid=gid=3005, auxiliary gids=3005,3999-- and that the server replies with NFS3ERR_ACCESS, which the kernel on the client maps to EACCES (Permission denied). Can anyone help me here?

  Read the article

• HTTP Upload Problems

  - by jfoster

  We are running a marketplace on ColdFusion8 and IIS with a widely geographically distributed user base and have been receiving complaints of issues with some HTTP uploads. Most of the complaints are coming from geographically distant locations from our main datacenter on the US east coast. I've attempted to upload the same 70MB file from a US West coast test server to both our main site and a backup running the same code on a different network route and I saw the same issues fairly consistently in both places, so I've ruled out the code, route, and internal network errors. I've also tested uploads using both the native cf upload tag and a third party tool called SaFileUp. I saw the same issues with both upload tools, so I also don't think this is necessarily a ColdFusion problem. I don't have any problems uploading the test file from the East coast to other east coast servers, so I'm beginning to think that the distance between our users and our equipment is a factor. I've also found that smaller files are more likely to succeed than large ones (< 10MB) I tried the test upload with both IE and FF and did notice a difference in the way that the browsers seemed to handle packet errors. IE seemed to have a tough time continuing an upload after dropped / bad packets, whereas FF seemed to have the ability to gracefully resume an upload after experiencing packet problems. Has anyone experienced similar issues? Is there anything we can do on our side to make uploads more forgiving to packet loss or resumable after an error? A different upload tool etc… Do we need upload servers in more than one location to shorten the network routes between clients and servers? Does anyone think that switching uploads to SSL will help (no layer7 packet sniffing may lead to a smoother upload). Thanks.

  Read the article

• NTOP gives warnings on startup

  - by FR6

  I just installed ntop 1.4.4 and when I start it, it give me infinite warnings "packet truncated": ... RRD_DEBUG: umask 0066 RRD_DEBUG: DirPerms 0700 THREADMGMT: RRD: Started thread (t2992630672) for data collection THREADMGMT[t2992630672]: RRD: Data collection thread starting [p30923] INIT: Created pid file (/var/run/ntop.pid) THREADMGMT[t3086329552]: ntop RUNSTATE: INITNONROOT(3) Now running as requested user 'nobody' (99:99) Note: Reporting device initally set to 0 [eth0] (merged) THREADMGMT[t3086329552]: ntop RUNSTATE: RUN(4) THREADMGMT[t2982140816]: NPS(1): Started thread for network packet sniffing [eth0] THREADMGMT[t2982140816]: NPS(eth0): pcapDispatch thread starting [p30923] THREADMGMT[t2982140816]: NPS(eth0): pcapDispatch thread running [p30923] THREADMGMT[t3047009168]: SIH: Idle host scan thread running [p30923] THREADMGMT[t3057499024]: SFP: Fingerprint scan thread running [p30923] **WARNING** packet truncated (8814->8232) **WARNING** packet truncated (10274->8232) **WARNING** packet truncated (8814->8232) **WARNING** packet truncated (8814->8232) ... Do I need to configure something? I tried to access the web interface (http://localhost:3000) but it does not work. Note: I'm on CentOS. EDIT: Not sure if it helps but there is my "ifconfig": eth0 Link encap:Ethernet HWaddr 00:16:76:BC:7E:77 inet addr:192.168.0.221 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::216:76ff:febc:7e77/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15496640 errors:0 dropped:0 overruns:0 frame:0 TX packets:19256813 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:836230629 (797.4 MiB) TX bytes:608496148 (580.3 MiB) Memory:dffe0000-e0000000

  Read the article

• IIS doesn't serve certain file extensions

  - by Alekc

  Hi, i have this weird issue on Win 2k3 server and IIS: Iis has several sites, in one of them i need to create a subdir and set up it as web application. I've noticed that if i create new directory and put some .js/.txt file into it, they will not be served by iis (IE gives an error Internet Explorer cannot display the webpage). If i put the same files in another old site's subdirectory it will show correctly. By sniffing traffic i've seen that iis reply connection state 200 and then drop completely any connection http://domain.com/test2/prova.txt GET /test2/prova.txt HTTP/1.1 Host: domain.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive HTTP/1.x 200 OK If i rename file prova.txt in prova.asp for example it showing without problems so it shouldn't be permissions issue. After making some researches I've found out that it can be caused by missing mime types, I've checked out .txt and .js are present and served by aspnet_isapi.dll. And here comes another weird thing: if i remove mime mapping from directory's properties it's served correctly, but the same thing doesn't work with js. I'm really beginning to be out of ideas, is there someone who have some hint? Thanks in advance.

  Read the article

• 550 Requested action not taken: mailbox unavailable

  - by Porch

  I setup a small box with Server 2003 64bit to be used as a webserver and email server for a small school. Real simple stuff for a few users. A simple website and a handful of emails. rDNS and spf records setup and pass every test I found including test at dnsstuff.com. Email sending to almost every email address (google, hotmail, aol, whatever) works. However, with one domain, I get an bounce back with the error. 550 Requested action not taken: mailbox unavailable It's another school running Exchange judging from some packet sniffing with WireShark. Every email on this domain I have tried sending to gives this error. The email address is valid as I can send to it from my personal, and gmail account without a problem. Does anyone know of some anti-spam software that gives an 550 error like the above? What else could this be? Thanks for any suggestions. Packet capture of the two servers communicating look like this. 220 <server snip> Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Sat, 2 Oct 2010 12:48:17 -0700 EHLO <email snip> 250-<server snip> Hello [<ip snip>] 250-TURN 250-SIZE 250-ETRN 250-XXXXXXXXXX 250-DSN 250-ENHANCEDSTATUSCODES 250-8bitmime 250-BINARYMIME 250-XXXXXXXX 250-VRFY 250-X-EXPS GSSAPI NTLM LOGIN 250-X-EXPS=LOGIN 250-AUTH GSSAPI NTLM LOGIN 250-AUTH=LOGIN 250-X-LINK2STATE 250-XXXXXXX 250 OK MAIL FROM: <email snip> 250 2.1.0 <email snip>....Sender OK RCPT TO:<email snip> 250 2.1.5 <email snip> DATA 354 Start mail input; end with <CRLF>.<CRLF> <email body here> . 550 Requested action not taken: mailbox unavailable QUIT 221 Goodbye

  Read the article

• NTOP gives warnings on startup

  - by FR6

  I just installed ntop 1.4.4 and when I start it, it give me infinite warnings "packet truncated": ... RRD_DEBUG: umask 0066 RRD_DEBUG: DirPerms 0700 THREADMGMT: RRD: Started thread (t2992630672) for data collection THREADMGMT[t2992630672]: RRD: Data collection thread starting [p30923] INIT: Created pid file (/var/run/ntop.pid) THREADMGMT[t3086329552]: ntop RUNSTATE: INITNONROOT(3) Now running as requested user 'nobody' (99:99) Note: Reporting device initally set to 0 [eth0] (merged) THREADMGMT[t3086329552]: ntop RUNSTATE: RUN(4) THREADMGMT[t2982140816]: NPS(1): Started thread for network packet sniffing [eth0] THREADMGMT[t2982140816]: NPS(eth0): pcapDispatch thread starting [p30923] THREADMGMT[t2982140816]: NPS(eth0): pcapDispatch thread running [p30923] THREADMGMT[t3047009168]: SIH: Idle host scan thread running [p30923] THREADMGMT[t3057499024]: SFP: Fingerprint scan thread running [p30923] **WARNING** packet truncated (8814->8232) **WARNING** packet truncated (10274->8232) **WARNING** packet truncated (8814->8232) **WARNING** packet truncated (8814->8232) ... Do I need to configure something? I tried to access the web interface (http://localhost:3000) but it does not work. Note: I'm on CentOS. EDIT: Not sure if it helps but there is my "ifconfig": eth0 Link encap:Ethernet HWaddr 00:16:76:BC:7E:77 inet addr:192.168.0.221 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::216:76ff:febc:7e77/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:15496640 errors:0 dropped:0 overruns:0 frame:0 TX packets:19256813 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:836230629 (797.4 MiB) TX bytes:608496148 (580.3 MiB) Memory:dffe0000-e0000000

  Read the article

• Mounting any Windows share from OS X 10.7.5 suddenly stopped working

  - by user2169619

  I have problem with mounting Windows network shares from my OS X 10.7.5 - it worked but it stopped and nothing helps and nothing in logs. Here what I get when trying to mount it manually: mount -t smbfs //10.0.0.7/d /tmp/test When doing sniffing with tshark - no packet it sent through and I get immediately return from the command: mount_smbfs: server connection failed: Unknown error: -1 Nothing in /var/log/syslog.log and /var/log/kern.log. The Finder does not work either - it throws an error that something is wrong (in czech thus I'm not sending the message here). I just cannot connect to any network shares. In virtual Windows 7 in Parallels Desktop I can connect successfully, but not within the network share (so the Win7 is behind OS X NAT) but only with its own IP address. The Windows server share is on the same network segment connected through switch. Any advice how to debug and what can be wrong? I spent hours to find solution on Google and here but no-one with this kind of problem and I do not know how to further debug it since there is no meaningful log / trace etc. I can ping 10.0.0.7 and I can connect to FTP server on 10.0.0.7 - the Windows machine (XP) has firewall completely turned off. The problem is that with tshark, I'm not seeing any packet sending to 10.0.0.7 so it's not even trying to reach the server.

  Read the article

• Logging WebSocket Frames using Chrome Developer Tools, Net-internals and Wireshark (TOTD #184)

  - by arungupta

  TOTD #183 explained how to build a WebSocket-driven application using GlassFish 4. This Tip Of The Day (TOTD) will explain how do view/debug on-the-wire messages, or frames as they are called in WebSocket parlance, over this upgraded connection. This blog will use the application built in TOTD #183. First of all, make sure you are using a browser that supports WebSocket. If you recall from TOTD #183 then WebSocket is combination of Protocol and JavaScript API. A browser supporting WebSocket, or not, means they understand your web pages with the WebSocket JavaScript. caniuse.com/websockets provide a current status of WebSocket support in different browsers. Most of the major browsers such as Chrome, Firefox, Safari already support WebSocket for the past few versions. As of this writing, IE still does not support WebSocket however its planned for a future release. Viewing WebSocket farmes require special settings because all the communication happens over an upgraded HTTP connection over a single TCP connection. If you are building your application using Java, then there are two common ways to debug WebSocket messages today. Other language libraries provide different mechanisms to log the messages. Lets get started! Chrome Developer Tools provide information about the initial handshake only. This can be viewed in the Network tab and selecting the endpoint hosting the WebSocket endpoint. You can also click on "WebSockets" on the bottom-right to show only the WebSocket endpoints. Click on "Frames" in the right panel to view the actual frames being exchanged between the client and server. The frames are not refreshed when new messages are sent or received. You need to refresh the panel by clicking on the endpoint again. To see more detailed information about the WebSocket frames, you need to type "chrome://net-internals" in a new tab. Click on "Sockets" in the left navigation bar and then on "View live sockets" to see the page. Select the box with the address to your WebSocket endpoint and see some basic information about connection and bytes exchanged between the client and the endpoint. Clicking on the blue text "source dependency ..." shows more details about the handshake. If you are interested in viewing the exact payload of WebSocket messages then you need a network sniffer. These tools are used to snoop network traffic and provide a lot more details about the raw messages exchanged over the network. However because they provide lot more information so they need to be configured in order to view the relevant information. Wireshark (nee Ethereal) is a pretty standard tool for sniffing network traffic and will be used here. For this blog purpose, we'll assume that the WebSocket endpoint is hosted on the local machine. These tools do allow to sniff traffic across the network though. Wireshark is quite a comprehensive tool and we'll capture traffic on the loopback address. Start wireshark, select "loopback" and click on "Start". By default, all traffic information on the loopback address is displayed. That includes tons of TCP protocol messages, applications running on your local machines (like GlassFish or Dropbox on mine), and many others. Specify "http" as the filter in the top-left. Invoke the application built in TOTD #183 and click on "Say Hello" button once. The output in wireshark looks like Here is a description of the messages exchanged: Message #4: Initial HTTP request of the JSP page Message #6: Response returning the JSP page Message #16: HTTP Upgrade request Message #18: Upgrade request accepted Message #20: Request favicon Message #22: Responding with favicon not found Message #24: Browser making a WebSocket request to the endpoint Message #26: WebSocket endpoint responding back You can also use Fiddler to debug your WebSocket messages. How are you viewing your WebSocket messages ? Here are some references for you: JSR 356: Java API for WebSocket - Specification (Early Draft) and Implementation (already integrated in GlassFish 4 promoted builds) TOTD #183 - Getting Started with WebSocket in GlassFish Subsequent blogs will discuss the following topics (not necessary in that order) ... Binary data as payload Custom payloads using encoder/decoder Error handling Interface-driven WebSocket endpoint Java client API Client and Server configuration Security Subprotocols Extensions Other topics from the API

  Read the article

• KeepAlive packets over a Soap request

  - by Nycto

  I've been debugging some Soap requests we are making between two servers on the same VLAN. The app on one server is written in PHP, the app on the other is written in Java. I can control and make changes to the PHP code, but I can't affect the Java server. The PHP app forms the XML using the DOMDocument objects, then sends the request using the cURL extension. When the soap request took longer than 5 minutes to complete, it would always wait until the max timeout limit and exit with a message like this: Operation timed out after 900000 milliseconds with 0 bytes received After sniffing the packets that were being sent, it turns out that the problem was caused by a 5 minute timeout in the network that was closing what it thought was a stale connection. There were two ways to fix it: bump up the timeout in iptables, or start sending KeepAlive packets over the request. To be thorough, I would like to implement both solutions. Bumping up the timeout was easy for ops to do, but sending KeepAlive packets is turning out to be difficult. The cURL library itself supports this (see the --keepalive-time flag for the CLI app), but it doesn't appear that this has been implemented in the PHP cURL library. I even checked the source to make sure it wasn't an undocumented feature. So my question is this: How the heck can I get these packets sent? I see a few clear options, but I don't like any of them: Write a wrapper that will kick off the request by shell_execing the CLI app. This is a hack that I just don't like Update the cURL extension to support this. This is a non-option according to Ops. Open the socket myself. I know just enough to be dangerous. I also haven't seen a way to do this with fsockopen, but I could be missing something. Switch to another library. What exists that supports this? Thanks for any help you can offer.

  Read the article

• Can't send client certificate via SslStream

  - by Jonathan

  I am doing an SSL3 handshake using an SslStream, but, in spite of my best efforts, the SslStream never sends a client certificate on my behalf. Here is the code: SSLConnection = new System.Net.Security.SslStream(SSLInOutStream, false, new System.Net.Security.RemoteCertificateValidationCallback(AlwaysValidRemoteCertificate), new System.Net.Security.LocalCertificateSelectionCallback(ChooseLocalCertificate)); X509CertificateCollection CC = new X509CertificateCollection(); CC.Add(Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(MyLocalCertificate)); SSLConnection.AuthenticateAsClient("test", CC, System.Security.Authentication.SslProtocols.Ssl3, false); and then I have AlwaysValidRemoteCertificate just returning true, and ChooseLocalCertificate returning the zeroth element of the array. The code probably looks a little weird because the project is a little weird, but I think that is beside the point here. The SSL handshake completes. The issue is that instead of sending a certificate message on my behalf (in the handshake process), with the ASN.1 encoded certificate (MyLocalCertificate), the SslStream sends an SSL alert number 41 (no certificate) and then carries on. I know this from packet sniffing. After the handshake is completed, the SslStream marks IsAuthenticated as true, IsMutuallyAuthenticated as false, and its LocalCertificate member is null. I feel like I'm probably missing something pretty obvious here, so any ideas would be appreciated. I am a novice with SSL, and this project is off the beaten path, so I am kind of at a loss. P.S. 1: My ChooseLocalCertificate routine is called twice during the handshake, and returns a valid (as far as I can tell), non-null certificate both times. P.S. 2: SSLInOutStream is my own class, not a NetworkStream. Like I said, though, the handshake proceeds mostly normally, so I doubt this is the culprit... but who knows?

  Read the article

• HttpModule.Init - safely add HttpApplication.BeginRequest handler in IIS7 integrated mode

  - by Paul Smith

  My question is similar but not identical to: http://stackoverflow.com/questions/1123741/why-cant-my-host-softsyshosting-com-support-beginrequest-and-endrequest-event (I've also read the mvolo blog referenced therein) The goal is to successfully hook HttpApplication.BeginRequest in the IHttpModule.Init event (or anywhere internal to the module), using a normal HttpModule integrated via the system.webServer config, i.e. one that doesn't: invade Global.asax or override the HttpApplication (the module is intended to be self-contained & reusable, so e.g. I have a config like this): <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules> <remove name="TheHttpModule" /> <add name="TheHttpModule" type="Company.HttpModules.TheHttpModule" preCondition="managedHandler" /> So far, any strategy I've tried to attach a listener to HttpApplication.BeginRequest results in one of two things, symptom 1 is that BeginRequest never fires, or symptom 2 is that the following exception gets thrown on all managed requests, and I cannot catch & handle it from user code: Stack Trace: [NullReferenceException: Object reference not set to an instance of an object.] System.Web.PipelineModuleStepContainer.GetEventCount(RequestNotification notification, Boolean isPostEvent) +30 System.Web.PipelineStepManager.ResumeSteps(Exception error) +1112 System.Web.HttpApplication.BeginProcessRequestNotification(HttpContext context, AsyncCallback cb) +113 System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +616 Commenting out app.BeginRequest += new EventHandler(this.OnBeginRequest) in Init stops the exception of course. Init does not reference the Context or Request objects at all. I have tried: Removed all references to HttpContext.Current anywhere in the project (still symptom 1) Tested removing all code from the body of my OnBeginRequest method, to ensure the problem wasn't internal to the method (= exception) Sniffing the stack trace and only calling app.BeginRequest+=... when if the stack isn't started by InitializeApplication (= BeginRequest not firing) Only calling app.BeginRequest+= on the second pass through Init (= BeginRequest not firing) Anyone know of a good approach? Is there some indirect strategy for hooking Application_Start within the module (seems unlikely)? Another event which a) one can hook from a module's constructor or Init method, and b) which is subsequently a safe place to attach BeginRequest event handlers? Thanks much

  Read the article

• chrome extension login security with iframe

  - by Weaver

  I should note, I'm not a chrome extension expert. However, I'm looking for some advice or high level solution to a security concern I have with my chrome extension. I've searched quite a bit but can't seem to find a concrete answer. The situation I have a chrome extension that needs to have the user login to our backend server. However, it was decided for design reasons that the default chrome popup balloon was undesirable. Thus I've used a modal dialog and jquery to make a styled popup that is injected with content scripts. Hence, the popup is injected into the DOM o the page you are visiting. The Problem Everything works, however now that I need to implement login functionality I've noticed a vulnerability: If the site we've injected our popup into knows the password fields ID they could run a script to continuously monitor the password and username field and store that data. Call me paranoid, but I see it as a risk. In fact,I wrote a mockup attack site that can correctly pull the user and password when entered into the given fields. My devised solution I took a look at some other chrome extensions, like Buffer, and noticed what they do is load their popup from their website and, instead, embed an iFrame which contains the popup in it. The popup would interact with the server inside the iframe. My understanding is iframes are subject to same-origin scripting policies as other websites, but I may be mistaken. As such, would doing the same thing be secure? TLDR To simplify, if I embedded an https login form from our server into a given DOM, via a chrome extension, are there security concerns to password sniffing? If this is not the best way to deal with chrome extension logins, do you have suggestions with what is? Perhaps there is a way to declare text fields that javascript can simply not interact with? Not too sure! Thank you so much for your time! I will happily clarify anything required.

  Read the article

• Setting up ehcache replication - what multicast settings do I need?

  - by Darren Greaves

  I am trying to set up ehcache replication as documented here: http://ehcache.sourceforge.net/EhcacheUserGuide.html#id.s22.2 This is on a Windows machine but will ultimately run on Solaris in production. The instructions say to set up a provider as follows: <cacheManagerPeerProviderFactory class="net.sf.ehcache.distribution.RMICacheManagerPeerProviderFactory" properties="peerDiscovery=automatic, multicastGroupAddress=230.0.0.1, multicastGroupPort=4446, timeToLive=32"/> And a listener like this: <cacheManagerPeerListenerFactory class="net.sf.ehcache.distribution.RMICacheManagerPeerListenerFactory" properties="hostName=localhost, port=40001, socketTimeoutMillis=2000"/> My questions are: Are the multicast IP address and port arbitrary (I know the address has to live within a specific range but do they have to be specific numbers)? Do they need to be set up in some way by our system administrator (I am on an office network)? I want to test it locally so am running two separate tomcat instances with the above config. What do I need to change in each one? I know both the listeners can't listen on the same port - but what about the provider? Also, are the listener ports arbitrary too? I've tried setting it up as above but in my testing the caches don't appear to be replicated - the value added in one tomcat's cache is not present in the other cache. Is there anything I can do to debug this situation (other than packet sniffing)? Thanks in advance for any help, been tearing my hair out over this one!

  Read the article

• How to feature-detect/test for specific jQuery (and Javascript) methods/functions used

  - by Zildjoms

  good day everyone, hope yer all doin awesome am very new to javascript and jquery, and i (think) i have come up with a simple fade-in/out implementation on a site am workin on (check out http://www.s5ent.com/expandjs.html - if you have the time to check it for inefficiency or what that'd be real sweet). i use the following functions/methods/collections and i would like to do a feature test before using them. uhm.. how? or is there a better way to go about this? jQuery $ .fadeIn([duration]) .fadeOut([duration]) .attr(attributeName,value) .append(content) .each(function(index,Element)) .css(propertyName,value) .hover(handlerIn(eventObject),handlerOut(eventObject)) .stop([clearQueue],[jumpToEnd]) .parent() .eq(index) JavaScript setInterval(expression,timeout) clearInterval(timeoutId) setTimeout(expression,timeout) clearTimeout(timeoutId) i tried looking into jquery.support for the jquery ones, but i find myself running into conceptual problems with it, i.e. for fadein/fadeout, i (think i) should test for $.support.opacity, but that would be false in ie whereas ie6+ could still fairly render the fades. also am using jquery 1.2.6 coz that's enough for what i need. the support object is in 1.3. so i'm hoping to avoid dragging-in more unnecessary code if i can. i also worked with browser sniffing, no matter how frowned-upon. but that's also a bigger problem for me because of non-standard ua strings and spoofing and everything else am not aware of. so how do you guys think i should go about this? or should i even? is there a better way to go about making sure that i don't run code that'll eventually break the page? i've set it up to degrade into a css hover when javascript ain't there.. expertise needed. much appreciated, thanks guyz!

  Read the article

• Cold Fusion blank page in IE7 on refresh?

  - by richardtallent

  I'm new to Cold Fusion, have a very basic problem that's really slowing me down. I'm making edits in a text editor and refreshing the page in web browsers for testing. Standard web dev stuff, no browser-sniffing, redirection, or other weirdness, and no proxies involved. When I refresh the page in Chrome or Firefox, everything works fine, but when I refresh in IE7, I get a blank page. View Source shows me: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=utf-8"></HEAD> <BODY></BODY></HTML> That's it. While I am rendering to the transitional DTD, the real head contains a title, etc. My development server is CF 9, production is 8. This problem has been happening in both. Seems it may only be happening on pages that are the the result of a POST action. I've never experienced this in ASP.NET (my usual development environment) using the same browsers.

  Read the article

• ColdFusion blank page in IE7 on refresh?

  - by richardtallent

  I'm new to ColdFusion, have a very basic problem that's really slowing me down. I'm making edits in a text editor and refreshing the page in web browsers for testing. Standard web dev stuff, no browser-sniffing, redirection, or other weirdness, and no proxies involved. When I refresh the page in Chrome or Firefox, everything works fine, but when I refresh in IE7, I get a blank page. View Source shows me: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=utf-8"></HEAD> <BODY></BODY></HTML> That's it. While I am rendering to the transitional DTD, the real head contains a title, etc. My development server is CF 9, production is 8. This problem has been happening in both. Seems it may only be happening on pages that are the the result of a POST action. I've never experienced this in ASP.NET (my usual development environment) using the same browsers.

  Read the article

• Detect IE version in Javascript

  - by Chad Decker

  I want to bounce users of our web site to an error page if they're using a version of Internet Explorer prior to v9. It's just not worth our time and money to support IE pre-v9. Users of all other non-IE browsers are fine and shouldn't be bounced. Here's the proposed code: if(navigator.appName.indexOf("Internet Explorer")!=-1){ //yeah, he's using IE var badBrowser=( navigator.appVersion.indexOf("MSIE 9")==-1 && //v9 is ok navigator.appVersion.indexOf("MSIE 1")==-1 //v10, 11, 12, etc. is fine too ); if(badBrowser){ // navigate to error page } } Will this code do the trick? To head off a few comments that will probably be coming my way: [1] Yes, I know that users can forge their useragent string. I'm not concerned. [2] Yes, I know that programming pros prefer sniffing out feature-support instead of browser-type but I don't feel this approach makes sense in this case. I already know that all (relevant) non-IE browsers support the features that I need and that all pre-v9 IE browsers don't. Checking feature by feature throughout the site would be a waste. [3] Yes, I know that someone trying to access the site using IE v1 (or = 20) wouldn't get 'badBrowser' set to true and the warning page wouldn't be displayed properly. That's a risk we're willing to take. [4] Yes, I know that Microsoft has "conditional comments" that can be used for precise browser version detection. IE no longer supports conditional comments as of IE 10, rendering this approach absolutely useless. Any other obvious issues to be aware of? Thanks.

  Read the article

• Accessing functions in a swf-file through javascript [chatroulette.com]

  - by RadiantHeart

  Lately I have been interested in the code behind chatroulette.com. As you probably know it is a peer-to-peer webcam-chat-service written in actionscript, as I understand. What i have been wondering about is weather its possible to extract the ip-address of whomever you are currently communicating with. I have seen services that do that, but they require that you install a program that runs alongside on your computer sniffing UDP-packages. I was wondering if there was a simpler method. What I do know is that the javascript on the page communicates with the application via "ExternalInterface". On this area I am pretty much a novice but according to my limited understanding you cant get information from the flash-application unless you have configured a listener for a call from javascript and then attach a callback to that event. Is this correct or can you access public functions and variables directly through javascript? There is for example a public function like this: public function get outgoingAddress():String{ return (this.__info.outgoingAddress); } Can it be accessed directly through javascript? If it cant be done so easily, is it possible to decompile the .swf-file, change it (add some functions) and recompile it and run it instead? I am hoping someone can satisfy my curiosity here. Here are two links to a decompiled version of the swf-file. The first with line numbering and one without. With line numbering ˜ 3.5 Mbyte Without line numbering ˜ 2.1 Mbyte

  Read the article

• Publishing WCF .NET 3.5 to IIS 5.1

  - by Adam

  I've been developing a WCF web service using .NET 3.5 with IIS7 and it works perfectly on my local computer. I tried publishing it to a server running IIS 5.1 and even though I can view the WSDL in my browser, the client application doesn't seem to be connecting to it correctly. I launched a packet sniffing app (Charles Proxy) and the response for the first message comes back to the client empty (0 bytes). Every message after the first one times out. The WCF service is part of a larger application that uses ASP .NET 3.5. That application has been working fine on IIS 5.1 for awhile now so I think it's something specific to WCF. I also tried throwing an exception in the SVC file to see if it made it that far and the exception never got thrown so I have a feeling it's something more low level that's not working. Any thoughts? Is there anything I need to install on the IIS5 server? If so how am I still able to view the WSDL in my browser?

  Read the article

• Cookie blocked/not saved in IFRAME in Internet Explorer

  - by Piskvor

  I have two websites, let's say they're example.com and anotherexample.net. On anotherexample.net/page.html, I have an IFRAME SRC="http://example.com/someform.asp". That IFRAME displays a form for the user to fill out and submit to http://example.com/process.asp. When I open the form ("someform.asp") in its own browser window, all works well. However, when I load someform.asp as an IFRAME in IE 6 or IE 7, the cookies for example.com are not saved. In Firefox this problem doesn't appear. For testing purposes, I've created a similar setup on http://newmoon.wz.cz/test/page.php . example.com uses cookie-based sessions (and there's nothing I can do about that), so without cookies, process.asp won't execute. How do I force IE to save those cookies? Results of sniffing the HTTP traffic: on GET /someform.asp response, there's a valid per-session Set-Cookie header (e.g. Set-Cookie: ASPKSJIUIUGF=JKHJUHVGFYTTYFY), but on POST /process.asp request, there is no Cookie header at all. Edit3: some AJAX+serverside scripting is apparently capable to sidestep the problem, but that looks very much like a bug, plus it opens a whole new set of security holes. I don't want my applications to use a combination of bug+security hole just because it's easy. Edit: the P3P policy was the root cause, full explanation below.

  Read the article

• RPC command to initiate a software install

  - by ericmayo

  I was recently working with a product from Symantech called Norton EndPoint protection. It consists of a server console application and a deployment application and I would like to incorporate their deployment method into a future version of one of my products. The deployment application allows you to select computer workstations running Win2K, WinXP, or Win7. The selection of workstations is provided from either AD (Active Directory) or NT Domain (WINs/DNS NetBIOS lookup). From the list, one can click and choose which workstations to deploy the end point software which is Symantech's virus & spyware protection suite. Then, after selecting which workstations should receive the package, the software copies the setup.exe program to each workstation (presumable over the administrative share \pcname\c$) and then commands the workstation to execute setup.exe resulting in the workstation installing the software. I really like how their product works but not sure what they are doing to accomplish all the steps. I've not done any deep investigations into this such as sniffing the network, etc... and wanted to check here to see if anyone is familiar with what I'm talking about and if you know how it's accomplished or have ideas how it could be accomplished. My thinking is that they are using the admin share to copy the software to the selected workstations and then issuing an RPC call to command the workstation to do the install. What's interesting is that the workstations do this without any of the logged in users knowing what's going on until the very end where a reboot is necessary. At which point, the user gets a pop-up asking to reboot now or later, etc... My hunch is that the setup.exe program is popping this message. To the point: I'm looking to find out the mechanism by which one Windows based machine can tell another to do some action or run some program. My programming language is C/C++ Any thoughts/suggestions appreciated.

  Read the article

• Ensure that my C# desktop application is making requests to my ASP .NET MVC action?

  - by Mathias Lykkegaard Lorenzen

  I've seen questions that are almost identical to this one, except minor but important differences that I would like to get detailed. Let's say that I have a controller and an action method in MVC which therefore accepts requests on the following URL: http://example.com/api/myapimethod?data=some-data-here. This URL is then being called regularly by 1000 clients or more spread out in the public. The reason for this is crowdsourcing. The clients around the globe help feed a global cache on my server, which makes it faster for the rest of the clients to fetch the data. Now, if I'm sneaky (and I am), I can go into Fiddler, Ethereal, Wireshark or any other packet sniffing tool and figure out which requests the program is making. By figuring that out, I can also replicate them, and fill the service with false corrupted data. What is the best approach to ensuring that the data received in my ASP .NET MVC action method is actually from the desktop client application, and not some falsely generated data that the user invented? Since it is all based on crowdsourcing, would it be a good idea for my users to be able to "vote" if some data is falsified, and then let an automatic cleanup commence if there are enough votes? I do not have access to a tool like SmartAssembly, so unfortunately my .NET program is fully decompilable. I realize this might be impossible to accomplish in an error-proof manner, but I would like to know where my best chances are.

  Read the article

• Apache + Tomcat error 120006 Using mod_proxy_ajp for Load Balance

  - by Wakaru44

  I have an apache 2 frontend with two nodes, and a backend with two instances of tomcat 6 balance with mod_proxy_ajp. The bbdd is in a separate machine. All machines use RHEL, 6.2 on the frontend, 5.5 on the backend. The infraestructure is virtualized using VMware. # This is the apache config in one of the virtualHost. ProxyPreserveHost On ProxyPass / balancer://liferay/ <Proxy balancer://liferay> BalancerMember ajp://lrab:8009 route=liferaya BalancerMember ajp://lrbb:8009 route=liferayb status=+H ProxySet lbmethod=byrequests nofailover=on </Proxy> The conector in tomcat is now configured like this: <!-- Define an AJP 1.3 Connector on port 8009 --> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" URIEncoding="UTF-8" enableLookups="false" allowTrace="true" /> Do you think it could be useful to set a maxThreads parameter, like in this post?? in that case, How can i determine a proper number of threads? From time to time, we get errors like this [Tue Sep 18 17:57:02 2012] [error] ajp_read_header: ajp_ilink_receive failed [Tue Sep 18 17:57:02 2012] [error] (120006)APR does not understand this error code: proxy: read response failed from 192.168.1.104:8009 (lrab) And apache switches to the pasive node (if its active) or fails with 503. Some things i have tried so far: I think that i have some performance issues with one of the applications, Here you can see a threadDump But i'm not quite sure about it. I also started to monitor the network connection. I have noticed that there are some pings lost when i have a "ping -f " so maybe it could be a network issue, but the success rate is 100% (so the lost packets are only a few among the flood, but maybe, i don't know, enough to break the link betwen apache and tomcat). I wrote a python script to check connectivity with timestamps on the pings, so i can know when the network fails. After sniffing the network , i can also see some RST packets, but i don't know if that is a normal behaviour (some applications do that to end a network communication). I have also noticed that the applications have problems communicating with the database, but im not even sure if this could be related or not. If you think so, i can post more info about it. I changed the connector on the tomcats to use the native one, but still the same. I need not even a solution to this, but maybe some guidance on how can i troubleshoot this better ¿Analyze threads, monitor mysql performance, sniff the traffic between apaches and tomcats? Ultimately, all i need is to balance the tomcat instances in Active/pasive mode, so if there is another way to do it, i could give it a try.

  Read the article

< Previous Page | 1 2 3 4 5 6  | Next Page >