Search Results

Search found 16101 results on 645 pages for 'owsm webservices ws security ws trust soa secuirty'.

Page 516/645 | < Previous Page | 512 513 514 515 516 517 518 519 520 521 522 523 | Next Page >

Is Java assert broken?

- by BlairHippo

While poking around the questions, I recently discovered the assert keyword in Java. At first, I was excited. Something useful I didn't already know! A more efficient way for me to check the validity of input parameters! Yay learning! But then I took a closer look, and my enthusiasm was not so much "tempered" as "snuffed-out completely" by one simple fact: you can turn assertions off.* This sounds like a nightmare. If I'm asserting that I don't want the code to keep going if the input listOfStuff is null, why on earth would I want that assertion ignored? It sounds like if I'm debugging a piece of production code and suspect that listOfStuff may have been erroneously passed a null but don't see any logfile evidence of that assertion being triggered, I can't trust that listOfStuff actually got sent a valid value; I also have to account for the possibility that assertions may have been turned off entirely. And this assumes that I'm the one debugging the code. Somebody unfamiliar with assertions might see that and assume (quite reasonably) that if the assertion message doesn't appear in the log, listOfStuff couldn't be the problem. If your first encounter with assert was in the wild, would it even occur to you that it could be turned-off entirely? It's not like there's a command-line option that lets you disable try/catch blocks, after all. All of which brings me to my question (and this is a question, not an excuse for a rant! I promise!): What am I missing? Is there some nuance that renders Java's implementation of assert far more useful than I'm giving it credit for? Is the ability to enable/disable it from the command line actually incredibly valuable in some contexts? Am I misconceptualizing it somehow when I envision using it in production code in lieu of statements like if (listOfStuff == null) barf();? I just feel like there's something important here that I'm not getting. *Okay, technically speaking, they're actually off by default; you have to go out of your way to turn them on. But still, you can knock them out entirely.

Read the article
Graceful handling of server timeout in BlazeDS

- by Rydell

I have a flex client that makes service calls to a tomcat server running BlazeDS. I would like to gracefully handle server session timeouts in this environment. I do have security constraints on the service, so the client authenticates against a remote object by initializing a ChannelSet based on the destination, and then logging in using that ChannelSet. After the user is authenticated, if they go get a (long) cup of coffee, their session will inevitably time out. I would like the client to detect the timeout, and return the user back to the login page, with the appropriate informational messages. But I am having difficulty finding the best way to detect this timeout from the client. Is it possible, or must I have the server throw an error when the timeout occurs? Thanks!

Read the article
How to create virtual Environment for users on server

- by Bhushan Nagaonkar

I have a web application where users can register them self and then save Java and C++ programs in their account. Programs are saved in a tmp directory like, /tmp -user1 --program1 --program2 -user2 --program1 --program2 So all the users folders are in same "tmp" directory. I want to know how can I proved security by not allowing a user to access files of other users. A user will be executing a java or c++ program in his folder which can be used to read files on the server. How to prevent this? I am new to this thing I don't know how to go about this. The server is Linux server and project is in python using Django. Thank in advance

Read the article
How to add a Web Reference to a SSL web service?

- by Matt W

Hi, I have a web service in a C#/3.5 project which has been running fine. This is until I set the "SSL port" in IIS to 443 and set the "IIS - Directory Security - Secure Communications - Require secure channel (SSL)" option to true. Now, the web reference cannot be updated and I cannot add a new web reference to the web service in that site. When I try to view the service in a browse using just HTTP I get the "This page must be viewed over a secure channel" and when viewed with HTTPS on the front I get "This web page not available." Could someone tell me how to get a Web Reference added using Visual Studio to this secure web service, please? Thanks, Matt.

Read the article
Do I need to auto-login after account activation?

- by Art

This is the standard scenario: User registers on the site User receives an account activation email, clicks link to activate Web site notifies the user that account is activated Now there are at least two pathways: User is taken to the login screen and asked to enter login details User is automatically logged in and taken to a welcome/profile/etc page While there are obvious benefits in (1) as far as the user's experience is concerned, there could be drawbacks as well. Option (2) offers improved security at cost of UX. Which of the scenarios is preferable and why? Any serious flaws in any of them?

Read the article
problem in loading class from 'me.prettyprint.hector.api.Serializer'

- by dhananjay patil

I have created executable jar but having some problem with Class not found Exception. When I type command: java -jar JarFileName.jar arguments.. I get error message, Exception in thread "main" java.lang.NoClassDefFoundError: me/prettyprint/hector/api/Serializer at com.ensarm.niidle.web.scraper.NiidleScrapeManager.main(NiidleScrapeManager.java:21) Caused by: java.lang.ClassNotFoundException: me.prettyprint.hector.api.Serializer at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) ... 1 more please tell me solution for this,class is not getting loaded from the external jar

Read the article
System.Web.AspNetHostingPermission Exception on New Deployment

- by Jason N. Gaylord

I have a friend that is moving a web application from one server over to another. The new server has the same settings as the first server, however, he's running into a Security issue. Here's the error details: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. The Event Viewer does not point to anything specific in the web.config file or anything. The web applicaiton is on the C: drive. This is a Windows Server 2008 R2 x64 server with a brand new IIS 7 installation. IIS is set in classic mode for this app pool.

Read the article
Why don't web fonts in Firefox don't work on a different domain?

- by mikez302

I was experimenting with the fancy new OpenType font capability in Firefox 3.5 and I ran into a problem. I was trying to embed a font on a different domain than the page it would be used on, and it didn't work. I thought it may have been a bug, but from what I read on the MDC reference page, I noticed this note: In Gecko, web fonts are subject to the same domain restriction (font files must be on the same domain as the page using them), unless HTTP access controls are used to relax this restriction. It looks like they designed the browser that way on purpose. Out of curiosity, why would they do that? Is there any security risk with embedding a font? Or is it for legal trademark or copyright issues? Or something else?

Read the article
Running custom Javascript on every page in Mozilla Firefox

- by saturn

I have a custom piece of Javascript which I would like to run on every web page from specific domains, or perhaps simply on every web page. (If you are wondering: it is not malicious. It allows to display formulas by using MathJax.) Is that possible? I tried including it in userContent.css, that of course did not work. A simple Greasemonkey script I tried did not insert it. Is it because of the security precautions? (Which would be very logical). Still, there should be a way to do it on the machine I physically control, by changing something in Mozilla chrome directory, shouldn't it? Anyway, how can I do this for myself?

Read the article
Browser Helper Object doesnot get loaded in IE8

- by velusbits

I have a BHO, which i can see it as enabled in Add On's list. But it does not get loaded when i start my IE on the Win2k8 R2 machines(64 bit). I have disabled IE Enhanced security as well but no help. The same BHO gets loaded in other machines. The registry details under (HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects & HKEY_CLASSES_ROOT\Wow6432Node\CLSID) seem to be fine. Is there any setting that disables BHO from actually getting loaded?

Read the article
Why exactly is eval evil?

- by Jay

I know that Lisp and Scheme programmers usually say that eval should be avoided unless strictly necessary. I´ve seen the same recommendation for several programming languages, but I´ve not yet seen a list of clear arguments against the use of eval. Where can I find an account of the potential problems of using eval? For example, I know the problems of GOTO in procedural programming (makes programs unreadable and hard to maintain, makes security problems hard to find, etc), but I´ve never seen the arguments against eval. Interestingly, the same arguments against GOTO should be valid against continuations, but I see that Shemers, for example, won´t say that continuations are "evil" -- you should just be careful when using them. They´re much more likely to frown upon code using eval than upon code using continuations (as far as I can see -- I could be wrong).

Read the article
Spring - MVC - Sanitize URL before redisplaying to the user

- by Raghav

In my application , a HTTP GET request URL to the application with script tag is getting redisplayed as it is although it fails the authorization. Example: http://www.example.com/welcome<script>alert("hi")</script> The issue is sanitizing external input entered directly into address bar by modifying existing GET URL. Spring redisplays the submitted URL as it is. Though the script does not get executed in the browser(FF), is there anyway to strip the URL of these values before displaying it back to the user Reference: Spring MVC application filtering HTML in URL - Is this a security issue?

Read the article
Getting "Object is read only" error when setting ClientCredentials in WCF

- by Paul Mrozowski

I have a proxy object generated by Visual Studio (client side) named ServerClient. I am attempting to set ClientCredentials.UserName.UserName/Password before opening up a new connection using this code: InstanceContext context = new InstanceContext(this); m_client = new ServerClient(context); m_client.ClientCredentials.UserName.UserName = "Sample"; As soon as the code hits the UserName line it fails with an "Object is read-only" error. I know this can happen if the connection is already open or faulted, but at this point I haven't called context.Open() yet. I have configured the Bindings (which uses netTcpBinding) to use Message as it's security mode, and MessageClientCredentialType is set to UserName. Any ideas?

Read the article
Decompressing file with gzip produces file with no read-permissions on Windows 7

- by Abiel

I am attempting to decompress a .gz file using the GnuWin32 gzip program in Windows 7. I have full permissions on the compressed file, and my user account is an administrator. However, I end up not having read permissions on the decompressed file. To get read permissions I would have to manually change the permissions on it through right-clicking and selecting Properties Security. I am able to do this exact same thing with no permission problems in Windows XP, which leads me to believe that Windows 7's user account control system is causing problems. Does anyone know what I can do to make things work as I would expect (read permission on the decompressed file) in Windows 7? Thanks.

Read the article
How do you detect a website visitor's country (Specifically, US or not)?

- by BigDave

I need to show different links for US and non-US visitors to my site. This is for convenience only, so I am not looking for a super-high degree of accuracy, and security or spoofing are not a concern. I know there are geotargeting services and lists, but this seems like overkill since I only need to determine (roughly) if the person is in the US or not. I was thinking about using JavaScript to get the user's timezone, but this appears to only give the offset, so users in Canada, Mexico, and South America would have the same value as people in the US. Are there any other bits of information available either in JavaScript, or PHP, short of grabbing the IP address and doing a lookup, to determine this?

Read the article
Javascript/iframe/embed/object question

- by thinkfuture

OK, so here is my issue. I'm building a system which will allow people to embed lists of links on their pages. When the link is clicked, i'd like to use something like Lightview or Lightwindow to open it up over the whole window, not just in the iframe. I don't have access to the page that the user will be embedding this object into. Everything I've tried so far tells me that I can't open anything over the parent window, since I don't have access to it from the iframe or object, javacript security issue. However, I've seen sites that do that kind of overlay. so it must be possible. If anyone can point me to any resources that could help, that would be great. if it matters, i'm using Ruby on Rails... Thanks...chris

Read the article
Is writing eSQL database independant or not?

- by Robert Koritnik

Using EF we can use LINQ to read data which is rather simple (especialy using fluent calls), but we have less control unless we write eSQL on our own. Is writing eSQL database actually data store independant code? So if we decide to change data store, can the same statements still be used? Is writing eSQL strings in your code pose any serious security threats similar to writing TSQL statements in plain strings? So we moved to SPs. Could we still mode eSQL scripts outside of code as well and use some other technique to make them a bit more secure?

Read the article
Generate SQL Server Express database from Entity Framework 4 model

- by Cranialsurge

I am able to auto-generate a SQL Server CE 4.0 *.sdf file using code-first generation as explained by Scott Guthrie here. The connection string for the same is as follows: <add name="NerdDinners" providerName="System.Data.SqlServerCe.4.0" connectionString="data source=|DataDirectory|NerdDinner.sdf"/> However if I try to generate an mdf instead using the following connection string, it fails to do so with the following error - "The provider did not return a ProviderManifestToken string.". <add name="NerdDinners" providerName="System.Data.SqlClient" connectionString="data source=|DataDirectory|NerdDinner.mdf"/> Even directly hooking into a SQLEXPRESS instance using the following connection string fails <add name="NerdDinners" providerName="System.Data.SqlClient" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=NerdDinner;Integrated Security=True"/> Does EF 4 only support SQL CE 4.0 for database creation from a model for now or am I doing something wrong here?

Read the article
retrieving information from web service calls

- by Monte Chan

Hi all, I am trying to retrieve information from a web service call. The following is what I have so far. In my text view, it is showing Map {item=anyType{key=TestKey; value=2;}; item=anyType{key=TestField; value=adsfasd; };} When I ran that in the debugger, I can see the information above in the variable, tempvar. But the question is, how do I retrieve the information (i.e. the actual values of "key" and "value" in each of the array positions)? Yes, I know there is a lot going on in onCreate and I will fix it later. Thanks in advance, Monte My codes are as follows, import java.util.Vector; import android.app.Activity; import android.os.Bundle; import android.widget.TextView; import org.ksoap2.SoapEnvelope; import org.ksoap2.serialization.SoapObject; import org.ksoap2.serialization.SoapSerializationEnvelope; import org.ksoap2.transport.AndroidHttpTransport; public class ViewHitUpActivity extends Activity { private static final String SOAP_ACTION = "test_function"; private static final String METHOD_NAME = "test_function"; private static final String NAMESPACE = "http://www.monteandjanicechan.com/"; private static final String URL = "http://www.monteandjanicechan.com/ws/test_ws.cfc?wsdl"; // private Object resultRequestSOAP = null; private TextView tv; /** Called when the activity is first created. */ @Override public void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.main); SoapObject request = new SoapObject(NAMESPACE, METHOD_NAME); tv = (TextView)findViewById(R.id.people_view); //SoapObject request.addProperty("test_item", "1"); SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11); envelope.setOutputSoapObject(request); AndroidHttpTransport androidHttpTransport = new AndroidHttpTransport(URL); try { androidHttpTransport.call(SOAP_ACTION, envelope); /* resultRequestSOAP = envelope.getResponse(); Vector tempResult = (Vector) resultRequestSOAP("test_functionReturn"); */ SoapObject resultsRequestSOAP = (SoapObject) envelope.bodyIn; Vector tempResult = (Vector) resultsRequestSOAP.getProperty("test_functionReturn"); int testsize = tempResult.size(); // SoapObject test = (SoapObject) tempResult.get(0); //String[] results = (String[]) resultRequestSOAP; Object tempvar = tempResult.elementAt(1); tv.setText(tempvar.toString()); } catch (Exception aE) { aE.printStackTrace (); tv.setText(aE.getClass().getName() + ": " + aE.getMessage()); } } }

Read the article
WCF Windows service permissions problem

- by Elad

I have created a WCF service and hosted it using Windows Services host. To install the project I created an installation project (as described here). In the tutorial, it says to define in the ProjectInstaller.cs the serviceProcessInstaller1 Account property to be Network Service. When using this setting the service did not started on the server. When I tried to start the process manually, it immediately return to stopped state. After when I changed the Account to LocalSystem the service works properly. My questions are: Any ideas why it won't work with Network Service account? What are the security implications of using a server with LocalSystem account? This server is used locally in the intranet as a reporting server for other servers.

Read the article
How should I use random.jumpahead in Python

- by Peter Smit

I have a application that does a certain experiment 1000 times (multi-threaded, so that multiple experiments are done at the same time). Every experiment needs appr. 50.000 random.random() calls. What is the best approach to get this really random. I could copy a random object to every experiment and do than a jumpahead of 50.000 * expid. The documentation suggests that jumpahead(1) already scrambles the state, but is that really true? Or is there another way to do this in 'the best way'? (No, the random numbers are not used for security, but for a metropolis hasting algorithm. The only requirement is that the experiments are independent, not whether the random sequence is somehow predictable or so)

Read the article
How to find a programmer for my project?

- by Al

I'm building a web application to generate monthly subscription fees, but I've quickly realised I'm going to need some help with the project to finish it this century. I don't have any money upfront for a freelancer and every website I've found takes bids for project work. The tasks that need doing are flexible too because I can do whatever the other coder doesn't want to. I'm also happy to guide the developer and offer tips for performance/security/etc etc. My question is; how do I go about finding someone to work with on a profit-share basis? I'm sure there are a billion people like me with the "next killer app" but I genuinely believe in it. Can anyone offer some advice? Thanks in advance! EDIT: I guess the trick is to find someone passionate enough about the subject as I am. Where would I find someone? Are there websites that broker profit-share deals on programming work?

Read the article
Getting COM object to run in Vista

- by rainslg

We expose an interface to our simulation software using a COM/ActiveX object. This worked just fine in XP, but in Vista, we get "Error 429: ActiveX can't create object" when a VB client executes CreateObject(). The COM object has been registered by hand so that the Vista Registry is identical to XP's Registry. I run the VB interface from a DOS window that I started using "Run As Administrator". The client is correctly accessing and reading the Registry as I walk through using the debugger in VB, so it's apparently not a security setting, as near as I can tell. I have also loaded the files into VS2005 (the object was originally created in VS6) and rebuilt them to get a later ATL version, but that hasn't helped - we still get the 429 error. Is this a symptom of UAC problems, or should I be looking for something deeper?

Read the article
Error in PushNotification from iPhone Device

- by Shibin Moideen

Hi All, I am trying to do a sample project on the Apple the push notification. I created an AppID, done some terminal commands, and finally got a Provisional Certificate for do the same. I got the certificate installed on my device and SDK. Till now every thing goes fine. But when i try to run the app on the device.... it doesnt. It throws an error stating "Error from debugger:Error launching remote program:security policy error." Can any one help me to overcome this. Please Help needed. thanks in advance Shibin

Read the article
Subscribing to MSMQ over the internet

- by Nathan Palmer

I haven't been able to find a clear answer to this problem. Is there a good way to subscribe to a MSMQ through the internet? Ideally I need security both in authentication and encryption for this connection. But I would like the subscriber to act just like any other client that would be subscribed on the local network. I believe I have a couple of options here Expose the MSMQ ports publicly Put the MSMQ behind some type of WCF service (not sure if that works for a subscriber) What other options do I have? We're sitting in a .NET environment and the main problem domain that is trying to be solved is to change the remote connections from a pulling system to an event based system to reduce the load on the main server.

Read the article

< Previous Page | 512 513 514 515 516 517 518 519 520 521 522 523 | Next Page >