Search Results

Search found 64909 results on 2597 pages for 'service application'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 594/2597 | < Previous Page | 590 591 592 593 594 595 596 597 598 599 600 601  | Next Page >

  • Soap 1.2 Endpoint Performance

    - by mflair2000
    I have a Client WCF Host Service SOAP 1.2 Service setup and i'm having performance issues on the SOAP Java proxy. I have no control over how the Java service is setup, aside from the endpoint config. I have the Client running Asynchronously, and the host WCF service running in Async pattern, but i see the SOAP 1.2 proxy bottlenecking and handling the requests in a Synchronous way. Can someone take a look at the auto-generated SOAP 1.2 configuration below, from the SOAP 1.2 Service wsdl? Is there a way to configure this for Async way and improve performance? Could be configured for SOAP 1.1? <?xml version="1.0"?> <configuration> <system.web> <compilation debug="true"/> </system.web> <system.serviceModel> <bindings> <customBinding> <binding name="WebserviceListenerSoap12Binding" closeTimeout="00:30:00" openTimeout="00:30:00" receiveTimeout="00:30:00" sendTimeout="00:30:00"> <textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Soap12" writeEncoding="utf-8"> <readerQuotas maxDepth="32" maxStringContentLength="20000000" maxArrayLength="20000000" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> </textMessageEncoding> <httpTransport manualAddressing="false" maxBufferPoolSize="20000000" maxReceivedMessageSize="20000000" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="20000000" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true" /> </binding> </customBinding> </bindings> <client> <endpoint address="http://10.18.2.117:8080/java/webservice/WebserviceListener.WebserviceListenerHttpSoap12Endpoint/" binding="customBinding" bindingConfiguration="WebserviceListenerSoap12Binding" contract="ResolveServiceReference.WebserviceListenerPortType" name="WebserviceListenerHttpSoap12Endpoint" /> </client> </system.serviceModel> </configuration>

    Read the article

  • PDF reader to capture regions

    - by Amitesh
    I need to build an application which can render a pdf document. The application should allow the user to draw rectangles on the pdf to define regions such as Address region, Invoice Number region and so on. The application will need to capture these regions and save them. I already have an application in which I can pass these region information with the pdf and it will get me the text back. My only problem at the moment is that I cannot get the region information from the user. So can anybody please point me to any application which can do the above (allow the user to draw rectangles to capture the regions).

    Read the article

  • How to host a RESTful C# webservice and test it.

    - by Debby
    Hi, I need to create a RESTful webservice in C#. This is what I have right now: namespace WebService { [ServiceContract] public interface IService { [OperationContract(Name="Add")] [WebGet(UriTemplate = "/")] int Add(); } public class Service:IService { public int Add() { // do some calculations and return result return res; } } } Now, my question is How do i host this service at a location say (http://localhost/TestService) and how can i test the service in console application client?

    Read the article

  • Windows 7 Program Compatibility Assistant appeared for my app. Why?

    - by torreq
    I have created a native application. It works without questions under Win XP and Win Vista. Under Win 7 my application installed fine. I ran it. It worked normally until i selected 'Exit' from menu. On exit "Program Compatibility Assistant" window appeared telling me my application is incompatible with Windows 7 and some compatibility settings was applied. My questions are: How can i know what my application did to trigger Program Compatibility Assistant? Is there any list of do's and dont's? Where can i look for compatibility settings applied to my application?

    Read the article

  • Twisted: how-to bind a server to a specified IP address? (solved)

    - by daccle
    I want to have a twisted service (started via twistd) which listens to TCP/POST request on a specified port on a specified IP address. By now I have a twisted application which listens to port 8040 on localhost. It is running fine, but I want it to only listen to a certain IP address, say 10.0.0.78. How-to manage that? This is a snippet of my code: application = service.Application('SMS_Inbound') smsInbound = resource.Resource() smsInbound.putChild('75sms_inbound',ReceiveSMS(application)) smsInboundServer = internet.TCPServer(8001, webserver.Site(smsInbound)) smsInboundServer.setName("SMS Handling") smsInboundServer.setServiceParent(application)

    Read the article

  • overriding callbacks avoiding attribute pollution

    - by pygabriel
    I've a class that has some callbacks and its own interface, something like: class Service: def __init__(self): connect("service_resolved", self.service_resolved) def service_resolved(self, a,b c): ''' This function is called when it's triggered service resolved signal and has a lot of parameters''' the connect function is for example the gtkwidget.connect, but I want that this connection is something more general, so I've decided to use a "twisted like" approach: class MyService(Service): def my_on_service_resolved(self, little_param): ''' it's a decorated version of srvice_resolved ''' def service_resolved(self,a,b,c): super(MyService,self).service_resolved(a,b,c) little_param = "something that's obtained from a,b,c" self.my_on_service_resolved(little_param) So I can use MyService by overriding my_on_service_resolved. The problem is the "attributes" pollution. In the real implementation, Service has some attributes that can accidentally be overriden in MyService and those who subclass MyService. How can I avoid attribute pollution? What I've thought is a "wrapper" like approach but I don't know if it's a good solution: class WrapperService(): def __init__(self): self._service = service_resolved # how to override self._service.service_resolved callback? def my_on_service_resolved(self,param): ''' '''

    Read the article

  • Setting a property from one collection to another collection

    - by ooo
    I have two colluections List<Application> myApps; List<Application> yourApps; These lists have overlapping overlapping data but they are coming from different sources and each source has some missing field data. Application object has a property called Description Both collections have a unique field called Key i want to see if there is a LINQ solution to: Loop through all applications in myApps and look at the key and see if that existing in yourApps. If it does, i want to take the description property from that application in yourApps and set the description property on the application on myApps to that same value i wanted to see if there was any slick way using lambda expressions (instead of having to have loops and a number of if statements.)

    Read the article

  • Fake location for the device (custom)

    - by AtomRiot
    I know there are a few apps out there to fake a devices location but specifically what i want to do is use a location grabbed from a url. What direction should I look for setting the location on the device. The scenario i have is a jailbroken Wi-Fi iPad tethered to a nexus one. The nexus one would host a background service that when a request is recieved, it would respond with gps data of its current location. The jailbroken ipad would have a background service that either updated the location on a time interval, or on a per request basis (depending on how i have to implement it) by submitting a request to the tethered nexus one service. That data would then be set on the ipad and an application requesting location would get the service data. The goal is to recreate the location faker app's functionality with the exception of the spoofed location comes from the nexus ones gps via the service but i have not yet found out how to set the location data for the device. I can ofcourse implement this in a per app basis but it would be awesome to have any app be able to use it.

    Read the article

  • Is there any mechanism provided by Apple Store to make the user sign-up to my website before he/she

    - by Lucky
    I am creating an iphone application that requires the users to have an account at my website. But if i have to distribute it through apple store, how should I make the users of this Iphone Application first create an account with my website. There could be a few options like : 1) Ask the user to create an account when he/she tries to run the application on iphone. 2) Provide a 'Sign-Up' page in the Iphone application itself. My question is "Is there any mechanism provided by Apple Store to make the user sign-up to my website before he/she can download the application". Kindly give in your suggestions for the same. Which would be the best approach for solving my problem. Thanks, LG

    Read the article

  • Generate form based on selection

    - by Jay
    I'm looking to build a web application that allows a person to select a plan and fill out an application for that plan. There are multiple plans and each plan generates a different application. Some of the questions are identical such as fields related to personal information. I'm thinking of using ASP.NET MVC to build this web application. When generating the multi page application would it be best to Create partial views (sections of applications) and combine them when generating the form. OR Build some type of dynamic form generator

    Read the article

  • Using the HttpWebRequest class.

    - by Nick
    I instantiate the HttpWebRequest object: HttpWebRequest httpWebRequest = WebRequest.Create("http://game.stop.com/webservice/services/gameup") as HttpWebRequest; When I "post" the data to this service, how does the service know which web method to submit the data to? I do not have the code to this web service, all I know is that it was written in Java.

    Read the article

  • Shared memory of same DLL in different 32 bit processes is sometimes different in a terminal session

    - by KBrusing
    We have an 32 bit application consisting of some processes. They communicate with shared memory of a DLL used by every process. Shared memory is build with global variables in C++ by "#pragma data_seg ("Shared")". When running this application sometime during starting a new process in addition to an existing (first) process we observe that the shared memory of both processes is not the same. All new started processes cannot communicate with the first process. After stopping all of our processes and restarting the application (with some processes) everything works fine. But sometime or other after successfully starting and finishing new processes the problem occurs again. Running on all other Windows versions or terminal sessions on Windows server 2003 our application never got this problem. Is there any new "feature" on Windows server 2008 that might disturb the hamony of our application?

    Read the article

  • Printing a list using reflection

    - by TFool
    public class Service{ String serviceName; //setter and getter } public class Version{ String VersionID; //setter and getter } public void test(Object list){ //it shd print the obtained list } List< Service list1; //Service is a Bean List< Version list2; //Version is a Bean test(list1); test(list2); Now the test method shd print the obtained list - (i.e) If the list is of type Service ,then serviceName should be printed using its getter. If the list type is Version versionID should be printed. Is it possible to achieve this without using Interface or abstract class?

    Read the article

  • Distributing SQL Server Express

    - by cmaduro
    I have a windows service that hosts a WCF service which uses a sql server express database. I also have a setup project to intall the windows service. What are the steps I need to take to make sure SQL Server Express installs silently and that the database is setup correctly?

    Read the article

  • WebService remote invoking fails.

    - by user569913
    I have a web service hosted on a web server, I invoke the web service using jquery ajax. The service returns results successfully when invoked locally from the server, but it fails when invoked from a remote client machine (not in the same domain). I see the request fail in the firebug returning error (401 UnAuthorized) and the response has the following error (Request format is unrecognized for URL unexpectedly ending in '/List').

    Read the article

  • using an encrypted web.config file

    - by regy
    My aim is to make the web.config not readable by external users, but my application should be able to access it. Is there any way to do this??? I have tried the following way, but how to set the application to use string instead of web.config??? I want to encrypt my web.config file so that others do not open the file using any editor like notepad. But my application should be able to use the same web.config file. I could encrypt the web.config file and decrypt it inside the application and I saved the entire web.config to a string file. Now I want to use this string variable instead of web.config(now in encrypted form, which cannot be accessed by the application).

    Read the article

  • MVC 4 Controller Compilation Error trying to return a Model

    - by Joe
    This is a newbie configuration problem I suspect. See return statement comment in code snippet. [HttpGet] public ActionResult TestService() { ViewBag.Message = "DataLayer Service"; Service dataLayerService = new Service {CookieContainer = new CookieContainer()}; dataLayerService.SetSessionAppName("SAND"); WebServiceModel webServiceModel = new WebServiceModel(); webServiceModel.Result = dataLayerService.GetSessionAppName(); return this.View(webServiceModel); // <== Cannot resolve View "TestService" }

    Read the article

  • how do i consume net.tcp binding within web project?

    - by user1871124
    I'm working on a web application using mvc, we have already a service that does http binding, the client wants tcp binding for certain actions (not really sure why) but it's their requirement so i'm attempting to set up net.tcp binding, all references i am seeing to doing this involve a windows application and not a web application. I guess my question has 2 parts, first can you run httpbinding and net.tcp binding at the same time through the same service/project. secondly how would I consume the service through a webproject?

    Read the article

  • Unit testing of static library that involves NSDocumentDirectory and other iOS App specific calls.

    - by Shiun
    Hi, I'm attempting to run unit tests for a static library that attempts to create/write/read a file in the document directory. Since this is a static library and not an application for the iOS, attempts to reference the NSDocumentDirectory is returning me directory for the form "/Users//Library/Application Support/iPhone Simulator/Documents" This directory does not exist. When attempting to access a directory from an actual application, the NSDocumentDirectory returns something of the form: "/Users//Library/Application Support/iPhone Simulator/4.2/FEDBEF5F-1326-4383-A087-CDA1B865E61A/Documents" (Please note the simulator version as well as application ID as part of the path) How can I overcome this shortcoming in the unit test framework for static libraries that implement tests that require iOS app specific calls? Thanks in advance.

    Read the article

  • java.util.EmptyStackException on JIT/Warmup

    - by infectedrhythms
    I'm using a 3rd party lib in my application that throws a java.util.EmptyStackException This only happens during the VM JIT/Warmup Start application Start stress test no rampup. java.util.EmptyStackException thrown Keep application and redo stress test. No exception thrown Shutdown application Start application Start stress test with rampup. No exception thrown I could keep reproducing this over and over. Anyone have any ideas on how I can trace this so I can give more info to the vendor? Or why it could even be happening? Thanks

    Read the article

  • Bogus InvalidOperationException (in a DataServiceRequestException)

    - by Andrei Rinea
    I am having a hard time with ADO.NET Data Services (formerly code-named Astoria) as it gives me a bogus exception when I try to insert a new entity from the silverlight client and trying in a clean project (the same code) doesn't. In both cases, however, data is correctly inserted into the database. Using Fiddler (an HTTP debugger I could see that there is no problem in the HTTP communication as I will show later in this question. The code : var ctx = new MyProject123Entities(new Uri("http://andreiri/MyProject.Data/Data.svc")); var i = new Zone() { Data = DateTime.Now, IdElement = 1 }; ctx.AddToZone(i); i.StareZone = new StareZone() { IdStareZone = 1 }; ctx.AttachTo("StareZone", i.StareZone); ctx.SetLink(i, "StareZone", i.StareZone); i.TipZone = new TipZone() { IdTipZone = 1 }; ctx.AttachTo("TipZone", i.TipZone); ctx.SetLink(i, "TipZone", i.TipZone); i.User = new User() { IdUser = 2 }; ctx.AttachTo("User", i.User); ctx.SetLink(i, "User", i.User); ctx.BeginSaveChanges(r =] ctx.EndSaveChanges(r), null); when run the last line (ctx.EndSaveChanges(r)) will throw the following exception : System.Data.Services.Client.DataServiceRequestException was unhandled by user code Message="An error occurred while processing this request." StackTrace: at System.Data.Services.Client.DataServiceContext.SaveAsyncResult.HandleBatchResponse() at System.Data.Services.Client.DataServiceContext.SaveAsyncResult.EndRequest() at System.Data.Services.Client.DataServiceContext.EndSaveChanges(IAsyncResult asyncResult) at MyProject.MainPage.[]c__DisplayClassd6.[]c__DisplayClassd8.[dashboard_PostZoneCurent]b__d5(IAsyncResult r) at System.Data.Services.Client.BaseAsyncResult.HandleCompleted() at System.Data.Services.Client.DataServiceContext.SaveAsyncResult.HandleCompleted(PerRequest pereq) at System.Data.Services.Client.DataServiceContext.SaveAsyncResult.AsyncEndRead(IAsyncResult asyncResult) at System.IO.Stream.BeginRead(Byte[] buffer, Int32 offset, Int32 count, AsyncCallback callback, Object state) at System.Data.Services.Client.DataServiceContext.SaveAsyncResult.AsyncEndGetResponse(IAsyncResult asyncResult) InnerException: System.InvalidOperationException Message="The context is already tracking a different entity with the same resource Uri." StackTrace: at System.Data.Services.Client.DataServiceContext.AttachTo(Uri identity, Uri editLink, String etag, Object entity, Boolean fail) at System.Data.Services.Client.MaterializeAtom.MoveNext() at System.Data.Services.Client.DataServiceContext.HandleResponsePost(ResourceBox entry, MaterializeAtom materializer, Uri editLink, String etag) at System.Data.Services.Client.DataServiceContext.SaveAsyncResult.[HandleBatchResponse]d__1d.MoveNext() InnerException: (there is no further information regarding the exception although the ADo.NET Data Service is configured to return detailed informations) However the row is inserted correctly and completely in the database. Using fiddler I can see that the request : <?xml version="1.0" encoding="utf-8" standalone="yes"?> <entry xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns="http://www.w3.org/2005/Atom"> <category scheme="http://schemas.microsoft.com/ado/2007/08/dataservices/scheme" term="MyProject123Model.Zone" /> <title /> <updated>2009-09-11T13:36:46.917157Z</updated> <author> <name /> </author> <id /> <link href="http://andreiri/MyProject.Data/Data.svc/StareZone(1)" rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/StareZone" type="application/atom+xml;type=entry" /> <link href="http://andreiri/MyProject.Data/Data.svc/TipZone(4)" rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/TipZone" type="application/atom+xml;type=entry" /> <link href="http://andreiri/MyProject.Data/Data.svc/User(4)" rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/User" type="application/atom+xml;type=entry" /> <content type="application/xml"> <m:properties> <d:Data m:type="Edm.DateTime">2009-09-11T16:36:40.588951+03:00</d:Data> <d:Detalii>aslkdfjasldkfj</d:Detalii> <d:IdElement m:type="Edm.Int32">1</d:IdElement> <d:IdZone m:type="Edm.Int32">0</d:IdZone> <d:X_Post m:type="Edm.Decimal">587647.4705</d:X_Post> <d:X_Repost m:type="Edm.Decimal" m:null="true" /> <d:Y_Post m:type="Edm.Decimal">325783.077599999</d:Y_Post> <d:Y_Repost m:type="Edm.Decimal" m:null="true" /> </m:properties> </content> </entry> is well accepted and a successful response is returned : HTTP/1.1 201 Created Date: Fri, 11 Sep 2009 13:36:47 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 DataServiceVersion: 1.0; Location: http://andreiri/MyProject.Data/Data.svc/Zone(75) Cache-Control: no-cache Content-Type: application/atom+xml;charset=utf-8 Content-Length: 2213 <?xml version="1.0" encoding="utf-8" standalone="yes"?> <entry xml:base="http://andreiri/MyProject.Data/Data.svc/" xmlns:d="http://schemas.microsoft.com/ado/2007/08/dataservices" xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata" xmlns="http://www.w3.org/2005/Atom"> <id>http://andreiri/MyProject.Data/Data.svc/Zone(75)</id> <title type="text"></title> <updated>2009-09-11T13:36:47Z</updated> <author> <name /> </author> <link rel="edit" title="Zone" href="Zone(75)" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/CenterZone" type="application/atom+xml;type=feed" title="CenterZone" href="Zone(75)/CenterZone" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/ZoneMobil" type="application/atom+xml;type=feed" title="ZoneMobil" href="Zone(75)/ZoneMobil" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/StareZone" type="application/atom+xml;type=entry" title="StareZone" href="Zone(75)/StareZone" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/TipZone" type="application/atom+xml;type=entry" title="TipZone" href="Zone(75)/TipZone" /> <link rel="http://schemas.microsoft.com/ado/2007/08/dataservices/related/User" type="application/atom+xml;type=entry" title="User" href="Zone(75)/User" /> <category term="MyProject123Model.Zone" scheme="http://schemas.microsoft.com ado/2007/08/dataservices/scheme" /> <content type="application/xml"> <m:properties> <d:IdZone m:type="Edm.Int32">75</d:IdZone> <d:X_Post m:type="Edm.Decimal">587647.4705</d:X_Post> <d:Y_Post m:type="Edm.Decimal">325783.077599999</d:Y_Post> <d:X_Repost m:type="Edm.Decimal" m:null="true" /> <d:Y_Repost m:type="Edm.Decimal" m:null="true" /> <d:Data m:type="Edm.DateTime">2009-09-11T16:36:40.588951+03:00</d:Data> <d:Detalii>aslkdfjasldkfj</d:Detalii> <d:IdElement m:type="Edm.Int32">1</d:IdElement> </m:properties> </content> </entry> Why do I get an exception? And, using this in a clean project does not throw the exception..

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 590 591 592 593 594 595 596 597 598 599 600 601  | Next Page >