Search Results

Search found 42331 results on 1694 pages for 'event log security'.

Page 53/1694 | < Previous Page | 49 50 51 52 53 54 55 56 57 58 59 60 | Next Page >

Spring security accessing principal

- by wuntee

When using spring security, specifically with @notation; what is the proper way to access the principal in a Controller? Lets say the following is my controller, but I would like to access the principal in the secure() method somewhere... @Controller public class LoginController { @RequestMapping(value = "/login", method = RequestMethod.GET) public String login(ModelMap map, @RequestParam(value="fail" , required=false) String fail){ map.addAttribute("title", "Login: AD Credentials"); if(fail != null){ map.addAttribute("error", "Invalid credentials"); } return("login"); } @RequestMapping("/secure") @PreAuthorize("isAuthenticated()") public String secure(ModelMap map, String principal){ System.out.println(principal); return("secure"); } }

Read the article
Image Uploading - security issues

- by TenaciousImpy

Hi, I'm developing an ASP.NET Web app and would like the user to be able to either upload an image from their local system, or pass in a URL to an image. The image can either be a JPG or PNG. What security issues should I be concerned about doing this? I've seen various ways of embedding code within JPG files. Are there any methods in C# (or external libraries) which can confirm that a file is a JPG/PNG, otherwise throw an error? At the very least, I'm making the directory which holds uploaded images non-browsable and putting a max size limit of 1mb, but I'd like to implement further checks. Thanks for any advice.

Read the article
HTTP MODULE Event Does Not Fire When Click Browser's Back Button

- by Ali

I Wrote an Http Module that checks if logged user is restricted disables images on the page. void application_AuthorizeRequest(object sender, EventArgs e) { . . . if (context.User.IsInRole("Restricted")) { context.Response.StatusCode = 401; context.Response.End(); } The code works fine. When the page loads, every image on the screen disapears. but when I go to another page and click back button on the browser and goto previous page images appear. What should I? (I dont want to clear Cache every time) context.Response.Cache.SetNoStore(); context.Response.Cache.SetCacheability(HttpCacheability.NoCache);

Read the article
Grails domain class event listner in service level

- by BlackPanther

Hi , I want to interrupt some specific grails domain class events(read,write,delete,update).Is there any hibernate eventlistner available for grails domain classes.So that all the calls will go through that eventslistner.I tried following def beforeLoad={}, def beforeInsert={} ,etc ..Other than that is there any other way something can be done in service level? Thanks

Read the article
Security problem

- by Mehmet Kaleli

Hi All. I have a security problem in my website. A script code was added into my all pages like "<script src="Ip address/viewpic.asp"></script>" . It is between </head> and <body> tag. Now Google says "this site may be hartful for your pc!" about my site. How can i secure my website? I use C# and Visual Studio 2008.

Read the article
Methods for ensuring security between users in multi-user applications

- by Emilio

I'm writing a multiuser application (.NET - C#) in which each user's data is separated from the others and there is no data that's common between users. It's critical to ensure that no user has access to another user's data. What are some approaches for implementing security at the database level and/or in the application architecture to to accomplish this? For example (and this is totally made up - I'm not suggesting it's a good or bad approach) including a userID column in all data tables might be an approach. I'm developing the app in C# (asp.net) and SQL Server 2008. I'm looking for options that are are either native in the tools I'm using or general patterns.

Read the article
How do I backup the transaction log for a mirrored database in SQL Server?

- by Middletone

I have a mirrored database and am trying to perform a backup of the transaction log, but after it gets to 90% it just hangs and won't go any further. What is the correct method for backing up a DB that is in the mirroring state?

Read the article
Customising event delegates in the jQuery validation plug-in

- by Russell

I am currently setting up the jQuery validation plug-in for use in our project. By default, there are some events automatically set up for handling. I.e. focus in/out, key up events on all inputs fire validation. I want it to only fire when the submit button is clicked. This functionality seems to be in-built into the plug-in, which is making it difficult to do this (without modifying the plug-in code, Not What I Want To Do). I have found the eventDelegate function calls in the plugin code prototype method: $(this.currentForm) .validateDelegate(":text, :password, :file, select, textarea", "focusin focusout keyup", delegate) .validateDelegate(":radio, :checkbox, select, option", "click", delegate); When I remove these lines from the plug-in I get my result, however I would much rather do something Outside the plug-in to achieve this. Can anybody please help me? If you need any more details, please let me know. I have searched google with little success. Thanks

Read the article
Help with Role Based Security.

- by Bill K

Hello, I'm trying to understand role based security and I have the following method: [PrincipalPermission(SecurityAction.Demand, Role = "Administrators")] static void Test() { //administratos only can call this code } What I wanna do is that only users that are members of the Windows Administrators group can call this code, however, if I do the following, it works: GenericIdentity genericIdentity = new GenericIdentity("test", "test"); GenericPrincipal genericPrincipal = new GenericPrincipal(genericIdentity, new string[] { "Administrators" }); AppDomain.CurrentDomain.SetThreadPrincipal(genericPrincipal); Test(); So, how can I make it work only if the user is in the Administrators windows group? thanks!

Read the article
Quick MySQLi security question

- by Benjamin Falk

I have a quick MySQLi security related question... For example, take a look at this code (gets in put from the user, checks it against the database to see if the username/password combination exist): $input['user'] = htmlentities($_POST['username'], ENT_QUOTES); $input['pass'] = htmlentities($_POST['password'], ENT_QUOTES); // query db if ($stmt = $mysqli->prepare("SELECT * FROM members WHERE username=? AND password = ?")) { $stmt->bind_param("ss", $input['user'], md5($input['pass'] . $config['salt'])); $stmt->execute(); $stmt->store_result(); // check if there is a match in the database for the user/password combination if ($stmt->num_rows > 0) {} } In this case, I am using htmlentities() on the form data, and using a MySQLi prepared statement. Do I still need to be using mysql_real_escape_string()?

Read the article
Reading data from a socket, considerations for robustness and security

- by w.brian

I am writing a socket server that will implement small portions of the HTTP and the WebSocket protocol, and I'm wondering what I need to take into consideration in order to make it robust/secure. This is my first time writing a socket-based application so please excuse me if any of my questions are particularly naive. Here goes: Is it wrong to assume that you've received an entire HTTP request (WebSocket request, etc) if you've read all data available from the socket? Likewise, is it wrong to assume you've only received one request? Is TCP responsible for making sure I'm getting the "message" all at once as sent by the client? Or do I have to manually detect the beginning and end of each "message" for whatever protocol I'm implementing? Regarding security: What, in general, should I be aware of? Are there any common pitfalls when implementing something like this? As always, any feedback is greatly appreciated.

Read the article
Security issues with rights to Network Service account

- by Shrewd Demon

hi, i have a page where the user can upload files on the server. Due to some problem related to account rights it was not working. Then i gave full rights to the Network Service account. I just wanted to know if there are any security breaching related issues with this solution, because i will be publishing the same to the client. If there are problems with this then kindly help with proper solution. any help will be appreciated... thank you.

Read the article
Testing ASP.NET security in Firefox

- by blahblah

I'm not sure whether this question belongs on StackOverflow or SuperUser, but here goes nothing... I'm trying to test out some basic security problems on my personal ASP.NET website to see exactly how the custom validators, etc. work when tampering with the data. I've been looking at the Firefox extension TamperData which seems to do the trick, but it doesn't feel very professional at all. The issues I'm having with TamperData is that the textbox for the POST data is way too small to hold the ASP.NET view-state, so I have to copy that data into Emacs and then back again to be productive at all. I also don't like that there doesn't seem to be an option to only tamper with data which is from/to localhost. Any ideas on better extensions for the task or better methods to test it?

Read the article
Javascript Mouseover bubbling from children

- by Nicky De Maeyer

Ive got the following html setup: <div id="div1"> <div id="content1">blaat</div> <div id="content1">blaat2</div> </div> it is styled so you can NOT hover div1 without hovering one of the other 2 divs. Now i've got a mouseout on div1. The problem is that my div1.mouseout gets triggered when i move from content1 to content2, because their mouseouts are bubbling. and the event's target, currentTarget or relatedTarget properties are never div1, since it is never hovered directly... I've been searching mad for this, but I can only find articles and solutions for problems who are the reverse of what I need. It seems trivial but I can't get it to work... The mouseout of div1 should ONLY get triggered when the mouse leaves div1. One of the possibilities would be to set some data on mouse enter and mouseleave, but I'm convinced this should work out of the box, since it is just a mouseout... EDIT: bar.mouseleave(function(e) { if ($(e.currentTarget).attr('id') == bar.attr('id')) { bar.css('top', '-'+contentOuterHeight+'px'); $('#floatable-bar #floatable-bar-tabs span').removeClass('active'); } }); changed the mouseout to mouseleave and the code worked...

Read the article
What would you like to see in an beginner's ASP.NET security book

- by blowdart

This is a shameless information gathering exercise for my own book. One of the talks I give in the community is an introduction to web site vulnerabilities. Usually during the talk I can see at least two members of the audience go very pale; and this is basic stuff, Cross Site Scripting, SQL Injection, Information Leakage, Cross Site Form Requests and so on. So, if you can think back to being one, as a beginning web developer (be it ASP.NET or not) what do you feel would be useful information about web security and how to develop securely? I will already be covering the OWASP Top Ten (And yes this means stackoverflow will be in the acknowledgements list if someone comes up with something I haven't thought of yet!) It's all done now, and published, thank you all for your responses

Read the article
Amazon S3 security credentials per bucket

- by slythic

Hi all, I was wondering if it was possible to generate security credentials per individual Amazon S3 bucket. I am working with a developer and would like to grant him access only to the bucket we are working with. It's not a trust issue, it's more a concern that he'll delete the wrong bucket or its contents. For example: If we were working on an application that used a bucket called test-application I could generate the credentials for just that one bucket. These credentials would not allow access to other buckets in my account. Is this possible? Thanks, Tony

Read the article
Security in API authentication

- by Carlos

We are in the process of revamping our server side API, and we need to manage security. Our current model requires that a credentials object (containing user, password, and pin) be included in each method invocation. Our development team, however, has decided that we should have session objects instead (which is fine by me), but the new credentials are just a GUID. This is very different from what I've seen in other APIs in our industry, so I'm a bit concerned about how secure the new model will be. I asked them if they had analyzed both alternatives, and they said they haven't. Does anyone know if there're any clear advantages, disadvantages, risks, etc. of using a set of credentials versus just one element (complex as it may be)? PS: the communication channel would be secure in either case, and it's separate from this particular topic

Read the article
.NET WebService Security who can see and use.

- by user295734

Trying to firgure out how to test the security of a WebService. Is there some way to search a site for webservices? I have 2 applications one has a webservice and the other a reference to that service. I let visual studio build the reference in the App_WebReferences folder. The webservice works, but i started wondering, can anyone access this service from any website? If so, how can i test this? How do you search a site for webservices? Could I use jQuery/JSON code from a simple site to access a webservice? I guess if it is not secure, how do you secure a webservice?

Read the article
Javascript event execution order

- by lovespring

What is the execution order of inline events, attachEvent handlers, and an <a> tag's href navigation?

Read the article
google account security ?

- by Chez

I want to write a web-app which would ask the user to pass their google account (user and pwd) so that it can access their google data. I understand google supports alternative ways to do this, such as AuthSub and OathAuthSub. Also google discourages apparently clientLogin (which would be my approach) for web apps. My question is: if I were asking the user to register to my app by passing me a 'read only' google account ? so effectively I don't ask them to pass me their account but to create another account which is readonly. does anybody see anything wrong with this ? am I missing something ? Since their google account continues to be the admin they don't risk (in terms of security) anything. Any help would be welcome ? Thanks

Read the article
ASP.Net Roles: Page-Level Security Question

- by jlrolin

We're currently in the process of re-creating a brand new security model that dwarfs our existing process. Right now, we plan on grabbing a user's roles during the login process and then using a Base Page class to check if the user has the role of the corresponding page the user is navigating to. We can limit the menu's options by the user's roles as well, but we have had problems with users navigating to pages in our system by typing them in or having old bookmarks. Obviously, we need some sort of page level access. A simple function in our Base Page class that checks the role in the Arraylist against the page's assigned role would work, but I was wondering if there was any built-in functionality to support this or a cleaner solution possibly.

Read the article
Apache security for multi-user development web server.

- by mrmartinblue

I've been searching and reading through documents all morning and understand that I need to use some combination of chown and probably 'jailing' to securely give programmers access to directories on my centos webserver. Here's the situation: I have an apache web server that has any number of virtual sites located in /var/www/site1 /var/www/site2 etc.. I have different developers that need full access both ssh and vsFTP to only the site they are working on. What is the best way to create and maintain security in this scenario. My thought would be to create a new user for each coder, jail that user to the website directory they are allowed to work in, add their user to a group and set the webroot's owner to that group. Any thoughts? Good, bad, ugly? Thanks!

Read the article
Spring security and Struts 2

- by Thanksforfish

I have a struts2 action with an @Secured({"ROLE_ADMIN"}) to secure the execute method. In the execute method i assign a message to a member variable of the action, then return SUCCESS and end up on the jsp page. On the page I retrieve the actions member variable with <sroperty. private String greeting; public String execute() throws Exception { this.greeting="Hello"; return SUCCESS; } // getters and setters for greeting ... <s:property value="greeting" /> The problem is when the secured annotation is present the jsp shows nothing for the member variable but when @Secured is removed the whole thing behaves properly and shows the message that was set into the member variable. It appears that the actual security is working ok but when enabled via the annotation the member variable (or maybe the instance of the action) is not making its way onto the value stack. I cant see any error messages.

Read the article
Handling user security scope with nHibernate or other ORM

- by Schotime

How should one handle the situation where you may need to filter by a group of users. Here is the scenario. I have an administrator role in my company. I should be able to see all the data belonging to me plus all the other users who I have control over. A plain old user however should only be able to access their own data. If you are writing regular sql statements then you can have a security table with every user and who they have access too but i'm not sure how to handle this situation in the OO and ORM world. Any one dealt with this scenario in a web application using an ORM? Would love to hear your thoughts!

Read the article
Prototype function to set onclick event observer in checkboxes

- by xain

Hi, I want to set an observer for each of the following checkboxes: <div id="listr"> <ul id="lr" style="list-style-type: none"> <p class="tir">Text 1</p> <li class="ro"><input type="checkbox" name="r1" id="r1"/>A1</li> <li class="ro"><input type="checkbox" name="r2" />A2</li> <p class="tir">Text 2</p> <li class="rubro"><input type="checkbox" name="r3" />B1</li> <p class="tir">Text 3</p> <li class="ro"><input type="checkbox" name="r4" />B2</li> </ul> </div> It works if I write one observer per checkbox, but I want to do it in a short fashion, so I need something like $$('listr.lr.li.input').invoke('observe',click,function(field) { alert(this.name + ' clicked ' + this.checked); // other stuff ... }); Which is not working Thanks in advance

Read the article

< Previous Page | 49 50 51 52 53 54 55 56 57 58 59 60 | Next Page >