Search Results

Search found 19074 results on 763 pages for 'secure government government cloud security'.

Page 620/763 | < Previous Page | 616 617 618 619 620 621 622 623 624 625 626 627 | Next Page >

What is a read only collection in C#?

- by acidzombie24

I ran a security code analyst i found myself having a CA2105 warning. I looked at the grade tampering example. I didnt realize you can assign int[] to a readonly int. I thought readonly was like the C++ const and makes it illegal. The How to Fix Violations suggest i clone the object (which i dont want to do) or 'Replace the array with a strongly typed collection that cannot be changed'. I clicked the link and see 'ArrayList' and adding each element one by one and it doesnt look like you can prevent something adding more. So when i have this piece of code what is the easiest or best way to make it a read only collection? public static readonly string[] example = { "a", "b", "sfsdg", "sdgfhf", "erfdgf", "last one"};

Read the article
What are the main benefits of implementing a virtual machine as part of an application?

- by Marplesoft

Several databases I've been looking at recently implement a virtual machine internally to perform the respective data reads and writes. For an example, check out this article on SQLite's virtual machine they call the 'VDBE'. I'm curious as to what the benefits of such an architecture are. I would assume performance is one but why would a virtual machine like this run faster? In fact, it seems to be that this extra layer could cause it to run slower. So perhaps it's for security? Or portability? Anyway, just curious about this.

Read the article
protect flash files

- by user172697

Hello Ive a website that create avatars for users and provide them with link for avatar to use it in their website or singuters etc , my problems is the website based on flash . the main page has 1 swf file that load other swfs used to create avatars , if someone knows the link for the these swf files he can download them which means he can have all the website lets say: www.test.com as main page which load main swf and other swfs files which located at www.test.com/resources/flash/swffiles/file1.swf anyone can grap these files and have all the website which is a big security breach ive trying so many way protect these files from not download but protecting them means the main swf cant talk to them and cant load the main page correctaly , any suggestion for these .. thanks in advance

Read the article
Salting example in Zend Framework

- by Geoffrey

Hello all, I am pretty new to the Zend framework and looking to build an application with pretty tight password security. I have been trying to follow the user guides in relation to password salting but haven't had any luck so far. I have setup my database and table adapter (As described in the documentation on the Zend Framework site but it didn't seem to finish the example (or I am not following well enough!) I have started with: $authAdapter = new Zend_Auth_Adapter_DbTable($dbAdapter, 'users', 'username', 'password', "MD5(CONCAT('".Zend_Registry::get('staticSalt')."', ?, password_salt))" ); But from here, what is done with the password salt? I just need an example and I'll be away! Does anyone have an example or point me in the right direction?? Many thanks!

Read the article
How can I launch a system command via Javascript in Google Chrome?

- by kvsn

I want to execute a local program on my computer via Javascript in Chrome. In Firefox, it can be done as follows (after setting 'signed.applets.codebase_principal_support' to true in about:config): function run_cmd(cmd, args) { netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); var file = Components.classes["@mozilla.org/file/local;1"] .createInstance(Components.interfaces.nsILocalFile); file.initWithPath(cmd); var process = Components.classes["@mozilla.org/process/util;1"] .createInstance(Components.interfaces.nsIProcess); process.init(file); process.run(false, args, args.length); } What's the equivalent code for Chrome?

Read the article
Class Not found exception in JApplet.

- by Nitesh Panchal

Hello, I created a simple Applet using JApplet and everything seems to work fine but as soon i create an object of my userdefined class named ChatUser in my applet, i get this error :- SEVERE: java.lang.ClassNotFoundException: applet.ChatUser at com.sun.enterprise.loader.ASURLClassLoader.findClassData(ASURLClassLoader.java:713) at com.sun.enterprise.loader.ASURLClassLoader.findClass(ASURLClassLoader.java:626) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:247) at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:604) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1575) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1496) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1732) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351) at misc.ChatClient.run(ChatClient.java:43) Any idea what can be wrong? It only happens when i create an object of any user defined class. Do i need to set some security settings or something? Please help :(

Read the article
c# xml string special characters

- by sam

Please help explain why the dataset cannot read the encoded xml? string xml = "<?xml version=\"1.0\" standalone=\"yes\" ?> <DataSet><node>it's my \"node\" & i like it</node></DataSet>"; string encodedXml = System.Security.SecurityElement.Escape(xml); DataSet ds = new DataSet(); ds.ReadXml(New XmlTextReader(new StringReader(encodedXml))); I have checked the link http://weblogs.sqlteam.com/mladenp/archive/2008/10/21/Different-ways-how-to-escape-an-XML-string-in-C.aspx What i want to do is to read a string with special characters into a dataset. But the code cannot locate the special characters in the string, c# added all the \ so the linenumber is not accurate generated by XmlException object. Anyone could provide the code to read a string with special characters into a dataset. thanks very much

Read the article
NoClassDefFoundError points to the wrong class.

- by Sora

I'm validating the installation of a program that consists of a few separate modules. They are not co-dependent. I have apple.jar and orange.jar, they are placed in the same folder and were developed in the same project, but run independent of each other. Running apple.jar goes fine, but orange.jar gives me a NoClassDefFoundError pointing to apple.jar. /usr/java/jre1.6.0_14/bin/java -jar validator.jar Exception in thread "main" java.lang.NoClassDefFoundError: orange/client/Apple Caused by: java.lang.ClassNotFoundException: orange.client.Apple at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) Could not find the main class: validator/client/StormDataXMLGenerator. Program will exit. The manifest file lists Orange as the correct main class. Main-Class: orange/client/Orange Anybody know why it's giving me the NoClassDefFoundError? Thanks in advance!

Read the article
Prepend 'www' to an HTTPS url using .htaccess & mod_rewrite

- by webfac

I have a dilemma with this one. With the following code I am able to force SSL on any non SSL url, however when the user (and results from Google) take the user to http://mysite.co.za then we hit an issue as the url is then rewritten to https://mysite.co.za Due to the fact that my certificate is bound to www.mysite.co.za it immediately throws a security error because of the missing 'www' in the url. Can someone point out a way to add the www to the domain when the domain starts with HTTPS and not HTTP? Much appreciated. And the current code to add the https:// is as follows: RewriteCond %{HTTP_HOST} !^www\. RewriteCond %{HTTPS}s ^on(s)| RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Read the article
Possible to use Javascript to get data from other sites?

- by Xavier

Is it possible for a web page using Javascript to get data from another website? In my case I want to get it for calculations and graphing a chart. But I'm not sure if this is possible or not due to security concerns. If it is considered a no no but there is a work around I would appreciate being told the work around. I don't want to have to gather this information on the server side if possible. Any and all help is appreciated.

Read the article
Check for Existence of a Result in Linq-to-xml

- by NateD

I'm using Linq-to-XML to do a simple "is this user registered" check (no security here, just making a list of registered users for a desktop app). How do I handle the result from a query like this: var people = from person in currentDoc.Descendants("Users") where (string)person.Element("User") == searchBox.Text select person; I understand the most common way to use the result would be something like foreach (var line in people){ //do something here } but what do you do if person comes back empty, which is what would happen if the person isn't registered? I've looked around on this site and on MSDN and haven't found a really clear answer yet. Extra credit: Give a good explanation of what people contains.

Read the article
What are the app pool identity and account for anonymous access for?

- by apollodude217

I understand what the two are used for, except I don't know what each does--i.e. what one is for vs. what the other is for. (I usually set them to the same account anyway.) If you're not sure what accounts I'm talking about, in the IIS manager thingy: Right-click on the app pool in question, go to Properties, and click the Identity tab to see the App Pool Identity. Right-click a Web site, go to Properties - Directory Security, and click Edit under Anonymous Access and authentication control to view the Account for anonymous access.

Read the article
NHibernate and SetSessionAuth audit columns

- by user86431

We have audit columns set by triggers. For obscure security reasons predating my tenure and out of my control, we log in with a generic user, and do a 'set session authorization' to change the user to the db user of the user who is logged in. When we converted to NHibernate, it creates a whole new session and jacks everything up when we try to do a set session auth, so we turned the set session auth off... Now we are trying to find out a way to get NHibernate to let us do 'set session authorization' without recycling the session on us, so we can use our existing trigger based audit column stuff with both legacy apps, and our new NHibernate apps. It's not a ideal soloution, or the best way to do it even, but is it possible? I was hoping there was a alternate interface that allowed this kind of access. Does anyone know how to do it, or can you point me towards and good hints? Thanks, Eric-

Read the article
SQL Server Agent 2005 job runs but no output

- by alimack

Essentially I have a job which runs in BIDS and as as a stand lone package and while it runs under the SQL Server Agent it doesn't complete properly (no error messages though). The job steps are: 1) Delete all rows from table; 2) Use For each loop to fill up table from Excel spreasheets; 3) Clean up table. I've tried this [MS page][1] (steps 1 & 2), didn't see any need to start changing from Server side security. Also SQLServerCentral.com for [this page][2], no resolution. How can I get error logging or a fix? Note I've reposted this from Server Fault as it's one of those questions that's not pure admin or programming. I have logged in as the proxy account I'm running this under, and the job runs stand alone but complains that the Excel tables are empty?

Read the article
Multitenant shared user account?

- by jpartogi

Dear all, Based on your experience, which is the route to go for a multi-tenant user login? One user login per account. Which means if there is one user that has access to multiple account, there will be redundancy of record in the database One user login for all account that she has privileges to. Which means one user record has access to multiple account if she has privileges to that account. From your experience, which one is better and why? I was thinking to choose the latter, but I don't know whether it will cause security issue or less flexibility. Thank you for sharing your experience.

Read the article
How safe is JSONP implementation for login functionality

- by MKS

Hi Guys, I am using JSONP for login authentication, below is sample JQuery Code: $.ajax({ type:"GET", url: "https://staging/login/Login.aspx", // Send the login info to this page data: str, dataType: "jsonp", timeout: 200000, jsonp:"skywardDetails", success: function(result) { //Do something after the success } }); In above code, I am having HTTPS page for authentication, from my login dailog box, I am sending username and password to my login.aspx page, which calls "WEB SERVICE" taking input send by the login dialog page and return the users details as JSONP object. My question is that, how safe is above implementation and do also suggest how can I improve my security implementation. Thanks!

Read the article
About local Final varibles in java

- by Sathish

In java Program, parameters which is defined as String in method declaration.But in method definition it is accessed as final String variable. Whether it'll lead to some issues (like security, memory problem)? For Example: Method Declaration join(String a,String b); Method definition public void join(final String a,final String b) { Authenticator au = new Authenticator(){ public PasswordAuthentication getPasswordAuthentication(){ return new PasswordAuthentication(a,b)} }; } Please help for me and clarify my doubts. Thanks in advance P.S. I;m accessing a and b as final variable because i've to use it in the inner class.

Read the article
anonymous access disabled but...

- by Melody Friedenthal

My web app (asp VB 2005) uses Windows authentication. If the user isn't part of a specific AD security group they don't get to edit the data; instead I redirect the user to a read-only page. The program works fine in the IDE. I published the web app to my laptop and Disabled anonymous access. When I ran the program I got redirected to the read-only page. I added a write event to the application event log to see what was going on, and found that the WindowsPrincipal.Identity.Name contained my laptop's ID, not my user name. I reassert: anonymous access is disabled in IIS and the web.config file has Windows Authentication. Can anyone suggest what else to check? Or can you explain what's going on?

Read the article
Authenticating to multiple OUs in Active Directory

- by Jaxidian

I'm using the Active Directory Membership Provider with the following configuration: <connectionStrings> <add name="MyConnString" connectionString="LDAP://domaincontroller/OU=Product Users,DC=my,DC=domain,DC=com" /> </connectionStrings> <membership defaultProvider="MyProvider"> <providers> <clear /> <add name="MyProvider" connectionStringName="MyConnString" connectionUsername="my.domain.com\service_account" connectionPassword="biguglypassword" type="System.Web.Security.ActiveDirectoryMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" /> </providers> </membership> This works perfectly except it requires ALL of my users to be in the "Product Users" OU when I would actually like to have all of my users organized into various child OUs under our "Product Users" OU. Is this possible? (Note that this is a partial repost of this question but the question I'm asking here was never answered there.)

Read the article
How to access File over the Network

- by Polo

Hi! I am having a hard time on this one, I have a folder over the network with public access (no credential restriction). I am trying to do a File.Exist or Directory.Exist and I keep on having a exception. Can someone tell me the good way to do IO over the network. EDIT 1 FOR DETAILS: if i do execture = \agoodip\Public\test.txt I get the file etc etc In my code it look like a basic Directory.Exist(@"\\agoodip\Public") or File.exist(@"\\agoodip\Public\test.txt") The exception I get is Path not found. EDIT 2 : I am using Silverlight 3, Is there any security pattern to be aware of to lookup file on the network? Thanks!

Read the article
F# Interactive bug?

- by John Reynolds

I've tried the following code in VS2010: open System.Security.Cryptography let rsaTest1 = let ecKey = [|0uy..143uy|] // junk data for testing let ecKeyMod = ecKey.[8..8+128-1] let ecKeyExp = ecKey.[136..136+8-1] let rsa = RSAParameters(Modulus = ecKeyMod, Exponent = ecKeyExp) rsa let rsaTest2 = let ecKey = [|0uy..143uy|] // junk data for testing let rsa = RSAParameters(Modulus = ecKey.[8..8+128-1], Exponent = ecKey.[136..136+8-1]) rsa If I highlight all code and send it to F# Interactive (Alt+Enter), then rsaTest1 works, but rsaTest2 gives an error message, System.NullReferenceException: Object reference not set to an instance of an object. at <StartupCode$FSI_0004>.$FSI_0004.main@() in P:\proj\Tachograph\Project\CompuTachTest\CompuTachTest\rsaTest.fsx:line 16 However, if I change rsaTest2 from a value into a function and call it, let rsaTest2 () = let ecKey = [|0uy..143uy|] // junk data for testing let rsa = RSAParameters(Modulus = ecKey.[8..8+128-1], Exponent = ecKey.[136..136+8-1]) rsa let x = rsaTest2 () then there is no error. F# bug or my mistake?

Read the article
How to communicate/share a session between pages over HTTP and HTTPS

- by spirytus

What is common practice for coding web applications where part of the site has to be secured (e.g. checkout section) and part not necessarily, let's say homepage? As far as I know sharing sessions in between HTTP and HTTPS parts of the site is not easily possible (or is it?). What would be common approach if I wanted to display on HTTP page like homepage, shopping cart data (items) that users ordered on HTTPS pages? How those two parts of the site would communicate if necessary? Also isn't it security flaw in popular shopping carts as it seems that many of these have only checkout pages secured (SSL) and the rest not? I'm using PHP if it makes any difference.

Read the article
App logicstics & changes due to scope creep

- by Kevin Brown

I started an app that was initially a testing platform--user management, and managers that can view their employees tests. Recently, functionality has been extended (not built yet) to allow users to complete a test in place of an employee--basically adding a record, but no user. I have three tables in use for this: users(contains user info for login/security), profiles (all personal info: address, height, etc.), and survey (contains survey answers for user). How do I extend my application to encompass this functionality with minimal change to the structure? I assume that the best way to do this would be to insert records to the tables profiles and survey, and have no username/password/email? There MUST be a user_id associated b/c the tables are linked through the user_ids...

Read the article
ASP.NET MVC - How to save some data between requests ?

- by Tony

Hi, I'm trying to solve the problem: when a user is being logged into a WebSite (via user control .ascx stored on the Master Page), it's name is being stored in a Page.User.Identity.Name property. OK, but how to retrieve that user name in the controller ? Is it possible without registering System.Security.Principal namespace in the controller ? In the other words - the controller must know whose user wants to do some action (e.g. change account data). I could store it's name in the Html.Hidden control on each View but I don't want to have a mess in my Views

Read the article
Do not use IE browser settings when using a proxy with Indy

- by JD

Hi At one of our customer sites, we have a Delphi 2007 application that makes a number of HTTPS requests using indy components. All requests are made using the proxy settings the client provides. For this to work, in IE we have to put the URL's in the trusted zones section. After a month due to security settings the trusted zones are cleared. This means we have to re-add the URLs again to make our application work. Is there a way of bypassing IE settings or using a client side HTTP stack so we do not go through the browser to make https requests? JD

Read the article

< Previous Page | 616 617 618 619 620 621 622 623 624 625 626 627 | Next Page >