Search Results

Search found 52277 results on 2092 pages for 'web security'.

Page 62/2092 | < Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >

• Error: java.security.AccessControlException: Access denied

  - by RMD

  Hi, I have to connect to a https url with username and password to read a file. I am not able to connect to the server (see the error log below). I do not have much java experience so I need help with this code. I would really appreciate some help to solve this! Thank you. Raquel CODE: import lotus.domino.; import java.net.; import java.io.*; import javax.net.ssl.HttpsURLConnection; public class JavaAgent extends AgentBase { public void NotesMain() { try { String username = "123"; String password = "456"; String input = username + ":" + password; String encoding = new sun.misc.BASE64Encoder().encode (input.getBytes()); //Open the URL and read the text into a Buffer String urlName = "https://server.org/Export.mvc/GetMeetings?modifiedSince=4/9/2010"; URL url = new URL(urlName); HttpsURLConnection connection = (HttpsURLConnection)url.openConnection(); connection.setRequestMethod("POST"); connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); connection.setRequestProperty("Content-Length", String.valueOf (encoding.length())); connection.setUseCaches(false); connection.setDoInput(true); connection.setDoOutput(true); connection.setAllowUserInteraction(true); connection.setRequestProperty("Authorization", "Basic " + encoding); connection.setRequestProperty("Cookie", "LocationCode=Geneva"); connection.connect(); BufferedReader rd = null; try{ rd = new BufferedReader(new InputStreamReader(connection.getInputStream())); } catch (IOException e) { System.out.println("Read failed"); System.exit(-1); } String line; while((line = rd.readLine()) != null) { System.out.println(line.toString()); } rd.close(); connection.disconnect(); } catch(Exception e) { e.printStackTrace(); } } } LOG: java.security.AccessControlException: Access denied (java.lang.RuntimePermission exitVM.-1) at java.security.AccessController.checkPermission(AccessController.java:108) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at COM.ibm.JEmpower.applet.AppletSecurity.superDotCheckPermission(AppletSecurity.java:1449) at COM.ibm.JEmpower.applet.AppletSecurity.checkRuntimePermission(AppletSecurity.java:1311) at COM.ibm.JEmpower.applet.AppletSecurity.checkPermission(AppletSecurity.java:1611) at COM.ibm.JEmpower.applet.AppletSecurity.checkPermission(AppletSecurity.java:1464) at java.lang.SecurityManager.checkExit(SecurityManager.java:744) at java.lang.Runtime.exit(Runtime.java:99) at java.lang.System.exit(System.java:275) at JavaAgent.NotesMain(Unknown Source) at lotus.domino.AgentBase.runNotes(Unknown Source) at lotus.domino.NotesThread.run(Unknown Source)

  Read the article

• Configuring security in ASP.NET MVC at runtime

  - by Andrew

  Is it possible to have security in ASP.NET MVC configurable at runtime? For example, if I have a controller that has been marked as [Authorize(Roles="Admin")] Is there a way to add/remove roles at runtime? Or, do you have to change it in code and re-compile?

  Read the article

• Which Secure Software Development Practices do you Employ?

  - by Michael Howard-MSFT

  I work on a project known as the Security Development Lifecycle (SDL) project at Microsoft (http://microsoft.com/sdl) - in short it's a set of practices that must be used by product groups before they ship products to help improve security. Over the last couple of years, we have published a great deal of SDL documentation, as customers ask for more information about what we're doing. But what I'd like to know is: 1) What are you doing within your organization to help improve the security of your product? 2) What works? What doesn't work? 3) How did you get management to agree to this work? Thanks.

  Read the article

• Handling form security

  - by Harun Baris Bulut

  So how do you maintain the form security about posting data to different page problem? For instance you have a member and he/she tries to change the personal settings and you redirected member to www.domain.com/member/change/member_id member changed the values and post the data to another page by changing the action with firebug or something else. For instance www.domain.com/member/change/member_id_2 How do you handle this problem without using sessions?

  Read the article

• How To Save Spring Security Logged In User In Session

  - by Brad Rhoads

  This code get's the currently logged in user, using the Spring Security Plugin (acegi): def principalInfo = authenticateService.principal() def person = null if (principalInfo != "anonymousUser" && principalInfo.username) { person = Person.findByUsername(principalInfo.username) } I would like then do: session.user = person This needs to be done after the user logs in. I can't figure out where to put my code to do this. It seem like it should be some place in the Login Controller, but I can't see where.

  Read the article

• Accessing Spring Security User Details from within Mule Services

  - by user299222

  We're securing Mule services using the Spring Security Framework, and some of the services need to access some information in the UserDetails object. Is there a way to access this object from within a Mule service? Thanks, Dennis

  Read the article

• Mobile security solutions

  - by techzen

  What are the mobile security solutions used by you / your organization. What are the pro's and cons of usage of these solution - and how far have you been successful in implementing these - were there any loopholes / issues faced in using them?. In general, can you suggest a set of guidelines to watch for when going for going for selecting a specific solution in this context.

  Read the article

• Grails + Spring Security one field login

  - by Miguel

  Hi all Is it possible, using spring security plugin 0.5.3 with Grails 1.2.1, to authenticate a user using only one field? I mean, for example, making j_username and j_password fields in the authentication form equal previous to the authentication. I read it was possible to define j_username field in Config.groovy with acegi plugin, in older versions of the plugin. Now it uses SecurityConfig.groovy but the possibility of defining the field exists no more. Any ideas?? Thanks a lot, Miguel

  Read the article

• WCF Message Security implementation with custom attributes

  - by parag

  How can i implement message security in WCF with custom attributes, One way of doing this by UserNamePasswordValidator which accepts user name and password but in my case I have to pass 2 more attribute that is company and region to authenticate the user. Please suggest the solution for achieving this.

  Read the article

• Security of executing a command from php

  - by Nicolò Martini

  I'm writing a web application in which i use several thirdy party commands calling them with the exec function in PHP (for example, I render Latex formulas through a command-line program). My question is: what are the security issues of executing external command-line programs in php? What I have to be aware of? Can you give me a list of points to check? Thanks in advance.

  Read the article

• Security Suggestions

  - by Kumar

  I am currently working on an ASP.NET 3.5 and C# web application which deals with users secure information like credit card numbers. What are some of the security measures which I need to take from an application development stand point so that I can sleep peacefully at night :)

  Read the article

• Security concerns when bridging programming languages.

  - by The Rook

  What security concerns are there when you create a hybrid of languages? For instance using python and java code together with jython, or creating a python module from a C++ library. There are other ways of mixing 2 or more languages. Do you know of an example where this creates a vulnerability?

  Read the article

• Spring Security User

  - by DD

  What is best practise in Spring when creating a new user with custom attributes...to extend org.springframework.security.core.userdetails.User or to create the User in the UserDetailsService (this is the approach taken in the IceFaces tutorial). public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { AppUser user = userDAO.findUser(username); if (user == null) throw new UsernameNotFoundException("User not found: " + username); else { return makeUser(user); } } private User makeUser(AppUser user) { return new User(user.getLogin(), user .getPassword(), true, true, true, true, makeGrantedAuthorities(user)); }

  Read the article

• google account security ?

  - by Chez

  I want to write a web-app which would ask the user to pass their google account (user and pwd) so that it can access their google data. I understand google supports alternative ways to do this, such as AuthSub and OathAuthSub. Also google discourages apparently clientLogin (which would be my approach) for web apps. My question is: if I were asking the user to register to my app by passing me a 'read only' google account ? so effectively I don't ask them to pass me their account but to create another account which is readonly. does anybody see anything wrong with this ? am I missing something ? Since their google account continues to be the admin they don't risk (in terms of security) anything. Any help would be welcome ? Thanks

  Read the article

• Javascript reference external script file - security implications

  - by rkrauter

  Hi, If I have a reference to an external third party JavaScript file on my website, what are the security implications? Can the JavaScript file be used to steal cookies? One example of this is the Google Analytics JavaScript reference file. Could the third party technically steal cookies or any other sensitive information from my logged on users (XSS)? The whole cross domain scripting has me confused sometimes. Thanks!

  Read the article

• Spring Security 3 database authentication with Hibernate

  - by newbie

  I need to authenticate users from database, Spring Security documents don't tell how to authenticate with hibernate. Is that possible and how can I do that?

  Read the article

• How to Get File security attribute in windows

  - by sxingfeng

  I am using c++ MFC How can I get the security attribute in windows, is there any handy api? Many thanks!

  Read the article

• Is there a security risk with internal HTTP call

  - by Tony

  Hi Is there a security risk if an application called page.ashx called internal only page.ashx, can a hacker conclude that another page is called. I don't want anyone to access this page. it looks stupid I know, but it is a part of more complex problem. thanks

  Read the article

• Spring security - how to mention both form based and basic authentication

  - by novice

  Is it possible to mention both form-based and basic authentication in Spring security using namespace configuration without overriding other ? So that the appliciation could serve both browser based request and remoting client.

  Read the article

• Spring Security database authentication with Hibernate

  - by newbie

  I need to authenticate users from database, Spring Security documents don't tell how to authenticate with hibernate. Is that possible and how can I do that?

  Read the article

• Security-Active Application in background-Does it store image of current screen

  - by user1509593

  Is this a probable security flaw. A user in public (lets say Starbucks) tries to log in to iOS application. He enters user id and password [Password is hidden using xxxxxxxx (not exposed)] and a call comes in or he presses home and the application goes to background. a) Does iOS store an image of current screen b) A malicious hacker with intent takes control of the device. Can he read the password ? Do we have to clear out sensitive information while going to background

  Read the article

• Setting custom Post-Login Destinations based on user ROLES using spring security

  - by student

  I want to set custom Post-Login Destinations based on user ROLES in my application. for example : If a form login isn't prompted by an attempt to access a protected resource, I want to show different pages, based on different roles. by using target-url I can't do this. how can I do this by using Spring security ?

  Read the article

• Spring Security LDAP user data caching on local database

  - by Eduardo

  After asking: http://stackoverflow.com/questions/3009740/ldap-user-data-caching-on-local-database I want to cache LDAP user data in the application local database to allow fast queries. How may I cache LDAP user data in the local database using Spring Security.

  Read the article

• Detecting suspicious behaviour in a web application - what to look for?

  - by Sosh

  I would like to ask the proactive (or paranoid;) among us: What are you looking for, and how? I'm thinking mainly about things that can be watched for programaticaly, rather than manually inspecting logs. For example: - Manual/automated hack attempts - Data skimming - Bot registrations (that have evaded captcha etc.) - Other unwanted behaviour Just wondering what most people would consider practical and effective..

  Read the article

• File System and security (PHP)

  - by Felicita

  Consider a simple file upload system written in php. Customer has access only in admin panel. (Not FTP). He may change folder option from 707 to 755 for security issue. How can do this? Can we do this from upload script ? If yes is this a secure application?

  Read the article

< Previous Page | 58 59 60 61 62 63 64 65 66 67 68 69  | Next Page >