Search Results

Search found 15914 results on 637 pages for 'physical security'.

Page 504/637 | < Previous Page | 500 501 502 503 504 505 506 507 508 509 510 511 | Next Page >

Storing API keys in Android, is obfustication enough?

- by fredley

I'm using the Dropbox API. In the sample app, it includes these lines: // Replace this with your consumer key and secret assigned by Dropbox. // Note that this is a really insecure way to do this, and you shouldn't // ship code which contains your key & secret in such an obvious way. // Obfuscation is good. final static private String CONSUMER_KEY = "PUT_YOUR_CONSUMER_KEY_HERE"; final static private String CONSUMER_SECRET = "PUT_YOUR_CONSUMER_SECRET_HERE"; I'm well aware of the mantra 'Secrecy is not Security', and obfuscation really only slightly increases the amount of effort required to extract the keys. I disagree with their statement 'Obfustication is good'. What should I do to protect the keys then? Is obfustication good enough, or should I consider something more elaborate?

Read the article
RemoteWebDriver InternetExplorer navigate().to() timeout?

- by the qwerty

i was running a test remotely on internet explorer, and when using navigate().to() selenium returns me this: "12:13:58.770 INFO - WebDriver remote server: Exception: The driver reported that the command timed out. There may be several reasons for this. Check that the destinationsite is in IE's 'Trusted Sites' (accessed from Tools-Internet Options in the 'Security' tab) If it is a trusted site, then the request may have taken more thana minute to finish." i've done what's said. but when looking at the browsers the page is loaded, but still this message continues. i've already tried as simon told me: "(16:32:54) simonstewart: ponto: http://code.google.com/p/selenium/wiki/FrequentlyAskedQuestions#Q:_The_does_not_work_well_on_Vista._How_do_I_get_it_to_work_as_e " but did not solve. could it be google analytics that on the background is getting data or something like that? ps: i ran the test on firefox and it works well. i've tried on Windows 7 and Windows XP, and Internet Explorer 7 and Internet Explorer 8.

Read the article
Can events fired from an iframe be handled by elements in its parent?

- by allyourcode

Suppose I have a page located at www.example.com/foo, and it contains an iframe with src="http://www.example.com/bar". I want to be able to fire an event from /bar and have it be heard by /foo. Using the Prototype library, I've tried doing the following without success: Element.fire(parent, 'ns:frob'); When I do this, in ff 3.5, I get the following error: Node cannot be used in a document other than the one in which it was created" code: "4 Line 0 Not sure if that's related to my problem. Is there some security mechanism that's preventing scripts in /bar from kicking off events in /foo?

Read the article
Is it possible to hide the cursor in a webpage using CSS or Javascript?

- by yeyeyerman

I want to hide the cursor when showing a webpage that is meant to display information in a building hall. It doesn't have to be interactive at all. I tried with the cursor property and a transparent cursor image but I didn't make it work. Does anybody know if this can be done? I suppose this can be thought as a security threat for a user that can't know where he is clicking on, so I'm not very optimistic... Thank you!

Read the article
Stored Procedure Permissions Problem

- by JimR

I have migrated a set of SQL 2000 databases to SQL 2008. Most is working well, however I have some stored procedures that scheduled and run by SQL Server Agent jobs that are giving me troubles. Many of the scheduled stored procedures work, but the stored procs that access a database other than the default databases are failing with the following message: Executed as user: XYZ\YadaYada. The server principal: "XYZ\YadaYada" is not able to access the database "MyOtherDatabaseOnSameServer" under the current security context. [SQL STATE 08004](Error 619) The step failed. Obviously, I changed the names to protect the guilty. The account is a user in all of the relavent databases and is a memeber of db_owner, db_datareader, and db_datawriter. When I run these same procedures from a query window in SMS using the same accounts (I have tried many) they work fine. What am I missing?

Read the article
Request for the permission of type 'System.Data.SqlClient.SqlClientPermission failed

- by Richmond

Hi All! I have asp.net application, using LINQ to connecto to SQL Server 2008 R2 databse. My connection string: Data Source=[SqlServerIp];Initial Catalog=[databaseName]User Id=newLogin;Password=newPassword; When I deploy application on my local IIS (which is not the same machine as database server) it works fine, but when I deploy application on other IIS (the same machine as sqlServer) it throws an exception: System.Security.SecurityException: Request for the permission of type 'System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. Anyone knows how to fix it? Maybe it is due to some bad configuration of IIS? Please help.

Read the article
What to do with twitter oauth token once retreived?

- by mcintyre321

I'm writing a web app that will use twitter as its primary log on method. I've written code which gets the oauth token back from Twitter. My plan is now to Find the entry in my Users table for the twitter username retreived using the token, or create the entry if necessary Update the Users.TwitterOAuthToken column with the new OAuth token Create a permanent cookie with a random guid on the site and insert a record into my UserCookies table matching Cookie to User when a request comes in I will look for the browser cookie id in the UserCookies table, then use that to figure out the user, and make twitter requests on their behalf Write the oauth token into some pages as a js variable so that javascript can make requests on behalf of the user If the user clears his/her cookies the user will have to log in again to twitter Is this the correct process? Have I created any massive security holes? thanks!

Read the article
Which Namespaces Must Be Used to Connect to SQL Server with ADO.NET?

- by every_answer_gets_a_point

i am using this example to connect c# to sql server. can you please tell me what i have to include in order to be able to use sqlconnection? it must be something like: using Sqlconnection; ??? string connectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=""C:\SQL Server 2000 Sample Databases\NORTHWND.MDF"";Integrated Security=True;Connect Timeout=30;User Instance=True"; SqlConnection sqlCon = new SqlConnection(connectionString); sqlCon.Open(); string commandString = "SELECT * FROM Customers"; SqlCommand sqlCmd = new SqlCommand(commandString, sqlCon); SqlDataReader dataReader = sqlCmd.ExecuteReader(); while (dataReader.Read()) { Console.WriteLine(String.Format("{0} {1}", dataReader["CompanyName"], dataReader["ContactName"])); } dataReader.Close(); sqlCon.Close();

Read the article
groovy connect to proxy then download files

- by senzacionale

i want to grab the grapes but i am behind proxy so i can not download anything. How can i connect to proxy before downloading? import groovy.text.SimpleTemplateEngine import java.security.MessageDigest import org.apache.commons.cli.OptionBuilder import org.apache.commons.cli.Options import org.apache.commons.cli.PosixParser import org.apache.commons.io.FileUtils import org.apache.ivy.core.settings.IvySettings import org.apache.ivy.plugins.parser.m2.PomModuleDescriptorParser import org.apache.tools.ant.Project import org.apache.tools.ant.ProjectHelper import org.apache.tools.ant.types.Path import org.apache.commons.cli.HelpFormatter //First grab the grapes we need for the script and create a few beans to hold some values @Grab(group = 'org.apache.ant', module = 'ant', version = '1.7.1') @Grab(group = 'commons-io', module = 'commons-io', version = '1.4') @Grab(group = 'commons-cli', module = 'commons-cli', version = '1.2') @Grab(group = 'org.apache.ivy', module = 'ivy', version = '2.1.0')

Read the article
Windows Service Printing Behaviour

- by Andre

Alright, I was tasked to develop a Windows Service that listens to a directory for files that are dropped in it, read them, delete them and print out a report. I installed the service on my work laptop (Win 7 x86) and a test machine (XP x86) under a User account at first. It would do everything as it should except the print the report. No errors, nothing. Then I made it run under Local System and it produced a "No printers found" exception. Converting the app to a Console Application and running on these machines gave the desired result. OK, so now I was assuming that there are security "stuff" involved. Then I installed the service on a Server 2008 x64 machine (under Local System) and it just worked. Can anybody explain to me why this is happening? Why does the service allow printing from Server OS but not from a Desktop OS or am I missing something very obvious?

Read the article
Runtime Error in asp.net site?

- by Surya sasidhar

hi, I developed a website in asp.net and i place the site in online. I upload my site in online by using CuteFTP. After uploading when i type my url it is giving error like this... Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off". Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL.

Read the article
Is SHA sufficient for checking file duplication? (sha1_file in PHP)

- by wag2639

Suppose you wanted to make a file hosting site for people to upload their files and send a link to their friends to retrieve it later and you want to insure files are duplicated where we store them, is PHP's sha1_file good enough for the task? Is there any reason to not use md5_file instead? For the frontend, it'll be obscured using the original file name store in a database but some additional concerns would be if this would reveal anything about the original poster. Does a file inherit any meta information with it like last modified or who posted it or is this stuff based in the file system? Also, is using a salt frivolous since security in regards of rainbow table attack mean nothing to this and the hash could later be used as a checksum? One last thing, scalability? initially, it's only going to be used for small files a couple of megs big but eventually... Edit 1: The point of the hash is primarily to avoid file duplication, not to create obscurity.

Read the article
how to add connection string for a windows form applicaton in asp.net

- by manoj chalode

i am working on windows form application and i want to add connection string of a database in. Right now, though i can access database i don't know the proper reasoning behind it. I have created a database and added it in a "Database" folder. The code for it is given below. i also want to know how can I make a connection string which can work on different PCs without changing it (I'm talking about relative path given in the "AttachDbFilename" attribute in the connection string). Reply... Conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename="+ Application.StartupPath + "\\Database\\Database.mdf;Integrated Security=True;User Instance=True");

Read the article
How do I download an attachment from an annotation using client-side JScript?

- by VVander

I'm trying to provide a link to the attachment of a note through the client-side JScript. The standard MS-made Notes component does this through the following url: [serverurl]/[appname]/Activities/Attachment/download.aspx?AttachmentType=5&AttachmentId={blahblahblah}&IsNotesTabAttachment=1&CRMWRPCToken=blahblahblah&CRMWRPCTokenTimeStamp=blahblahblah The problem is that I don't know how to get the Token or TokenTimeStamp, so I'm receiving an Access Denied error ("form is no longer available, security precaution, etc"). The only other way I can think of doing this is through the OData endpoint, but that would at best get me a base64 string that I still would have translate into a filestream to give to the browser (all of which seems like it would take forever to implement/figure out). I've found a few other posts that describe the same thing, but no one has answered them: http://social.microsoft.com/Forums/en-US/crmdevelopment/thread/6eb9e0d4-0c0c-4769-ab36-345fbfc9754f/ http://social.microsoft.com/Forums/is/crm/thread/45dabb6e-1c6c-4cb4-85a4-261fa58c04da

Read the article
What is the best way pre filter user access for sqlalchemy queries?

- by steve

I have been looking at the sqlalchemy recipes on their wiki, but don't know which one is best to implement what I am trying to do. Every row on in my tables have an user_id associated with it. Right now, for every query, I queried by the id of the user that's currently logged in, then query by the criteria I am interested in. My concern is that the developers might forget to add this filter to the query (a huge security risk). Therefore, I would like to set a global filter based on the current user's admin rights to filter what the logged in user could see. Appreciate your help. Thanks.

Read the article
Whats wrong with this my SELECt Query >?

- by user559800

Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click Dim SQLData As New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True") Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT COUNT(*) FROM Table1 WHERE Name =" + TextBox1.Text + " And Last = '" + TextBox2.Text + "'", SQLData) SQLData.Open() If cmdSelect.ExecuteScalar > 0 Then Label1.Text = "Record Found ! " & TextBox1.Text & " " & TextBox2.Text Return End If Label1.Text = "Record Not Found ! " SQLData.Close() End Sub I write this code to find whether the record entered in textbox1 and textbox2 exists or not ..if record exist ..then in label1 the text would be RECORD FOUND else NO RECORD FOUND ERROR : **when i enter in textbox1 and textbox2 then on button click event it shows the error : Invalid column name ,,**

Read the article
Best approach to store login credentials for website

- by Zerotoinfinite

I have created a site in ASP.NET 3.5 & I have only 2 or 3 user login IDs who can login to the website. What would be the best way to save these login details? Which of these approaches, or others, would be most suitable? Using Forms Authentication, and saving credentials (username and password) in web.config to create a text file in directory and modify it Which approach is best from a security and maintenance perspective? What other approaches are suitable for a login system for ASP.NET?

Read the article
Looking for a managed image parser library (JPEG, BMP, PNG, GIF)

- by usr

I am writing a discussion board software that will have "avatar" images for the users. I want to resize any picture that gets uploaded to a reasonable size. I could easily do that with System.Drawing but that is relying on GDI+ which has hat security problems before. The problem is that the images are untrusted. So I thought of using a fully managed lib to solve that problem because managed code cannot escape the sandbox (of course it can, but only if the code is user-supplied which it is not in my case). So does anybody know of a managed image parser library for JPEG, BMP, PNG and GIF? If some format is missing than I will have to live with that. Edit: Paint.NET also relies on GDI+. You might be interested in the discussion below, too.

Read the article
How to protect against GHC7 compiled programs taking all memory?

- by Petr Pudlák

When playing with various algorithms in Haskell it often happens to me that I create a program with a memory leak, as it often happens with lazy evaluation. The program taking all the memory isn't really fun, I often have difficulty killing it if I realize it too late. When using GHC6 I simply had export GHCRTS='-M384m' in my .bashrc. But in GHC7 they added a security measure that unless a program is compiled with -rtsopts, it simply fails when it is given any RTS option either on a command line argument or in GHCRTS. Unfortunately, almost no Haskell programs are compiled with this flag, so setting this variable makes everything to fail (as I discovered in After upgrading to GHC7, all programs suddenly fail saying "Most RTS options are disabled. Link with -rtsopts to enable them."). Any ideas how to make any use of GHCRTS with GHC7, or another convenient way how to prevent my programs taking all memory?

Read the article
error during execution of application using GpsPositionRequest class

- by user324922

hi all.. i'm caught in a problem. i'm developing an application based on lbs and referred the code given in (forum.nokia.com/wiki) GpsPositionRequest.zip when i try to install the app on device it gets installed successfully but while executing it shows error "unable to execute for security reasons".. i've signed the sis file using carbide C++. my mmp file include the capabilities: ReadDeviceData, WriteDeviceData, Location, NetworkServices, ReadUserData. my class uses TPositionInfo,RPositionServer,RPositioner does it need any other capability?? (i'm using carbide c++ and s60 3rd edition fp1)

Read the article
How to enable an AdventureWorks database in a web application?

- by salvationishere

I am developing a C#/SQL ASP.NET web application in VS 2008. I want the users to be able to select an Adventureworks table and then an input file. The user is then able to map columns from the file with the selected table. This app works fine now in VS. But when I Browse in IIS, it doesn't show any of the tables. I think this is because currently Adventureworks connection string is integrated security (Windows authentication). If I want users to be able to select a table, do I have to change connection to SQL Server authentication? And if so, is the only way to do this to reinstall SQL Server? Or can I just reinstall Adventureworks? And if I reinstall SQL Server, do I need to reinstall VS also for this to work? This could be painful...

Read the article
How to make sure no scripts except those under my own domain, can include the db connection file?

- by Jack

I would like to ensure that any scripts that are trying to "include" my database connection file are located under my own domain. I don't want a hacker to include the database connection file to their malicious script and gain access to my database that way. My connection file's name is pretty easy to guess, it's called "connect.php". So without renaming it and taking the security through obscurity route, how can I protect it by making sure all connection requests are made by scripts residing under my own domain name? How can this be checked using PHP?

Read the article
Can't select database table even though the code is right

- by Lisa

I am trying to display a list of my vbulliten threads on a non-vbulliten portion of my site. However I can't select the vbulliten database: <?php $host = "localhost"; $user = "my username"; $pass = "my password"; $dbname = "tableprefix_forum"; mysql_connect($host, $user, $pass) or die ("Could not connect to database server."); mysql_select_db($dbname) or die ("Could not select database."); ?> I am substituting some things here in this example but all my credentials are correct including my db server username, password and forum db name. So what is the problem? Is it due to some internal security feature in vbulliten, does this system not allow you to connect to it's db if the page trying to connect to it is a non-vbulliten page?

Read the article
New to Android I want to know more about it

- by Lavan

Well,Hello Everyone.I'am just 14 years old.I want to be a part of Android's Development. But were do I start.What should I learn? What are necessary Qualification to be a Part of Android's Development. Things what I know Basic PHP, HTML, PhotoShop, Video Editing, Basic Security and Fraud related matters, Some Microsoft Office Tools, Maya(Modelling only), Web Development, Dreamweaver, Blogging and Pawno (For Game Scripts..C Based Language) I hope that's all. I do things (for programming)without knowing about the basics it has. I feel difficult to understand the guides in android.com . I want a Step by Step guide. Thank you, Lavan

Read the article
Is it safe to develop for older versions of Zend Framework?

- by RenderIn

Our vendor-supported server's O/S only supports PHP 5.1.6, which limits us to ZF 1.6. The current version of Zend Framework requires a higher version of PHP. We're struggling to decide whether to adopt ZF because of this incompatibility. Is it feasible to develop (indefinitely) in these older versions of ZF or should we hold off? Features, security, bugs, etc. Is this a path we don't want to go down or are these older versions perfectly usable in a production environment?

Read the article

< Previous Page | 500 501 502 503 504 505 506 507 508 509 510 511 | Next Page >