Search Results

Search found 28186 results on 1128 pages for 'site master'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 643/1128 | < Previous Page | 639 640 641 642 643 644 645 646 647 648 649 650  | Next Page >

  • MVC 2 AntiForgeryToken - Why symmetric encryption + IPrinciple?

    - by Brad R
    We recently updated our solution to MVC 2, and this has updated the way that the AntiForgeryToken works. Unfortunately this does not fit with our AJAX framework any more. The problem is that MVC 2 now uses symmetric encryption to encode some properties about the user, including the user's Name property (from IPrincipal). We are able to securely register a new user using AJAX, after which subsequent AJAX calls will be invalid as the anti forgery token will change when the user has been granted a new principal. There are also other cases when this may happen, such as a user updating their name etc. My main question is why does MVC 2 even bother using symmetric encryption? Any then why does it care about the user name property on the principal? If my understanding is correct then any random shared secret will do. The basic principle is that the user will be sent a cookie with some specific data (HttpOnly!). This cookie is then required to match a form variable sent back with each request that may have side effects (POST's usually). Since this is only meant to protect from cross site attacks it is easy to craft up a response that would easily pass the test, but only if you had full access to the cookie. Since a cross site attacker is not going to have access to your user cookies you are protected. By using symmetric encryption, what is the advantage in checking the contents of the cookie? That is, if I already have sent an HttpOnly cookie the attacker cannot override it (unless a browser has a major security issue), so why do I then need to check it again? After having a think about it it appears to be one of those 'added layer of security' cases - but if your first line of defence has fallen (HttpOnly) then the attacker is going to get past the second layer anyway as they have full access to the users cookie collection, and could just impersonate them directly, instead of using an indirect XSS/CSRF attack. Of course I could be missing a major issue, but I haven't found it yet. If there are some obvious or subtle issues at play here then I would like to be aware of them.

    Read the article

  • Django CMS error when running project

    - by 47
    I'd set up a site a while back using Django-CMS and it was working fine. However, after upgrading to the latest version of both Django and Django-CMS, it doesn't work anymore...when I try to run the development server, I get this message: "Signal recerivers must accept keyword arguments (**kwargs)." AssertionError: Signal receivers must accept keyword arguments (**kwargs). What could be the problem here? I've tried running the sample app that comes with the CMS and it works just fine.

    Read the article

  • Setup Wordpress MU within an existing Wordpress MU

    - by steamboy
    Hello, I have a current Wordpress MU site and I want to build a staging Wordpress MU within it. I have the staging setup on www.domain.com/staging. The problem is when I access the url above, It wont go to it. I have already played around with the .htaccess but don't still no success. Any suggestions would be a great help. Thanks!

    Read the article

  • Error Galleria IE7

    - by John the horn
    I am using galleria for my site [Minavet.ro][1] [1]: http://minavet.ro and this error comes up is IE7 Line:219079877 Char:2 Error:Expected identifier, string number code:0 url:http://minavet.ro Thx for your time I have given the images width and height and now the error is Line:222704333 Char:2 Error:Expected identifier, string number code:0 url:http://minavet.ro

    Read the article

  • RegEx - How To Insert String Before File Extension

    - by st4ck0v3rfl0w
    Hi All, How would I insert "_thumb" into files that are being dyanmically generated. For example, I have a site that allows users to upload an image. The script takes the image, optimizes it and saves to file. How would I make it insert the string "_thumb" for the optimized image? I'm currently saving 1 version of the otpimized file. ch-1268312613-photo.jpg I want to save the original as the above string, but want to append, "_thumb" like the following string ch-1268312613-photo_thumb.jpg

    Read the article

  • how do I get rid of the secure nonsecure warning on page with iframe under SSL with phishing filter?

    - by Manu
    I have a page under SSL with an iframe that refreshes itself every 20 seconds through an HTTP refresh prgama. If I browse the site with IE7 and phishing filter enabled I receive secure-nonsecure content warnings in irregular intervals which cease if phishing filter is disabled. Does anybody have an idea what I can do in order to get rid of the warnings even if phishing filter is enabled?

    Read the article

  • How do I construct a Django reverse/url using query args?

    - by Andrew Dalke
    I have URLs like http://example.com/depict?smiles=CO&width=200&height=200 (and with several other optional arguments) My urls.py contains: urlpatterns = patterns('', (r'^$', 'cansmi.index'), (r'^cansmi$', 'cansmi.cansmi'), url(r'^depict$', cyclops.django.depict, name="cyclops-depict"), I can go to that URL and get the 200x200 PNG that was constructed, so I know that part works. In my template from the "cansmi.cansmi" response I want to construct a URL for the named template "cyclops-depict" given some query parameters. I thought I could do {% url cyclops-depict smiles=input_smiles width=200 height=200 %} where "input_smiles" is an input to the template via a form submission. In this case it's the string "CO" and I thought it would create a URL like the one at top. This template fails with a TemplateSyntaxError: Caught an exception while rendering: Reverse for 'cyclops-depict' with arguments '()' and keyword arguments '{'smiles': u'CO', 'height': 200, 'width': 200}' not found. This is a rather common error message both here on StackOverflow and elsewhere. In every case I found, people were using them with parameters in the URL path regexp, which is not the case I have where the parameters go into the query. That means I'm doing it wrong. How do I do it right? That is, I want to construct the full URL, including path and query parameters, using something in the template. For reference, % python manage.py shell Python 2.6.1 (r261:67515, Feb 11 2010, 00:51:29) [GCC 4.2.1 (Apple Inc. build 5646)] on darwin Type "help", "copyright", "credits" or "license" for more information. (InteractiveConsole) >>> from django.core.urlresolvers import reverse >>> reverse("cyclops-depict", kwargs=dict()) '/depict' >>> reverse("cyclops-depict", kwargs=dict(smiles="CO")) Traceback (most recent call last): File "<console>", line 1, in <module> File "/Library/Python/2.6/site-packages/django/core/urlresolvers.py", line 356, in reverse *args, **kwargs))) File "/Library/Python/2.6/site-packages/django/core/urlresolvers.py", line 302, in reverse "arguments '%s' not found." % (lookup_view_s, args, kwargs)) NoReverseMatch: Reverse for 'cyclops-depict' with arguments '()' and keyword arguments '{'smiles': 'CO'}' not found.

    Read the article

  • ASP.NET MVC Login ReturnUrl always NULL?

    - by aherrick
    Using Forms Authentication in ASP.NET MVC when trying to log back into a site, it puts a ReturnUrl parameter in the query string. My Logon action method accepts a "returnUrl" string. However it seems that returnUrl string is always null, even when it is clearly in the query string. Any thoughts on why this might be the case or a possible fix?

    Read the article

  • nested iFrame facebook app with facebooker on IE

    - by Ariel Akilie
    Hi all, I've tried to create simple facebook app with iFrame,, but I always get nested iFrame on every I click link on my application, I already tried a solution from site http://railsrant.com/2009/10/14/creating-a-facebook-iframe-app-using-ruby-on-rails-facebooker/ it's work on Firefox and Chrome, but doesn't work at IE Any idea or suggestion for this? Thanks

    Read the article

  • What is a good dumbed-down, safe template system for PHP?

    - by Wilhelm
    (Summary: My users need to be able to edit the structure of their dynamically generated web pages without being able to do any damage.) Greetings, ladies and gentlemen. I am currently working on a service where customers from a specific demographic can create a specific type of web site and fill it with their own content. The system is written in PHP. Many of the users of this system wish to edit how their particular web site looks, or, more commonly, have a designer do it for them. Editing the CSS is fine and dandy, but sometimes that's not enough. Sometimes they want to shuffle the entire page structure around by editing the raw HTML of the dynamically created web pages. The templating system used by WordPress is, as far as I can see, perfect for my use. Except for one thing which is critically important. In addition to being able to edit how comments are displayed or where the menu goes, someone editing a template can have that template execute arbitrary PHP code. As the same codebase runs all these different sites, with all content in the same databse, allowing my users to run arbitrary code is clearly out of the question. So what I need, is a dumbed-down, idiot-proof templating system where my users can edit most of the page structure on their own, pulling in the dynamic sections wherever, without being able to even echo 1+1;. Observe the following psuedocode: <!DOCTYPE html> <title><!-- $title --></title> <!-- header() --> <!-- menu() --> <div>Some random custom crap added by the user.</div> <!-- page_content() --> That's the degree of power I'd like to grant my users. They don't need to do their own loops or calculations or anything. Just include my variables and functions and leave the rest to me. I'm sure I'm not the only person on the planet that needs something like this. Do you know of any ready-made templating systems I could use? Thanks in advance for your reply.

    Read the article

  • Beginners php developer does using LiveDocx white Zend Framework is cpu resource eater ?

    - by user63898
    Hello all im beginner in the php world i need to build option in web application that can convert well defined structures into rtf/pdf from txt/html i found using this site search about LiveDocx php component that is dependent on Zend Framework now im not familiar white the php engine ( the parser ) so im asking you experts is it good solution to use this components ? or its just over head ?

    Read the article

  • Google Checkout. Show shipping rates before logging in possible?

    - by Roeland
    I am trying to integrate google checkout with my current site. I am calculating the shipping on my end, before passing it to google checkout. The problem is, when a person click the "google checkout" button, it takes them to google checkout but it does not show the shipping. It actually states it will be calculated on next step. In the next step it actually shows a drop down with the ONE option for shipping that I passed, which is a flat rate.. The problem is, to get to the next step you have to enter a credit card. Also, my shop has the shipping shown in the cart, so it would seem confusing to go to checkout and have a price without shipping. Here is the test code I am using right now to see if I can get it to show shipping before logging in (sample it here: http://sensenich.bythepixel.com/test.html) <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <title>Site Title</title> </head> <body> <form method="POST" action="https://sandbox.google.com/checkout/api/checkout/v2/checkoutForm/Merchant/468503062558352" accept-charset="utf-8"> <input type="hidden" name="item_name_1" value="Peanut Butter"/> <input type="hidden" name="item_description_1" value="Chunky peanut butter."/> <input type="hidden" name="item_quantity_1" value="1"/> <input type="hidden" name="item_price_1" value="3.99"/> <input type="hidden" name="item_currency_1" value="USD"/> <input type="hidden" name="checkout-flow-support.merchant-checkout-flow-support.shipping-methods.flat-rate-shipping-1.name" value="UPS Next Day Air"/> <input type="hidden" name="checkout-flow-support.merchant-checkout-flow-support.shipping-methods.flat-rate-shipping-1.price" value="20.00"/> <input type="hidden" name="checkout-flow-support.merchant-checkout-flow-support.shipping-methods.flat-rate-shipping-1.price.currency" value="USD"/> <input type="hidden" name="_charset_" /> <!-- Button code --> <input type="image" name="Google Checkout" alt="Fast checkout through Google" src="http://sandbox.google.com/checkout/buttons/checkout.gif?merchant_id=468503062558352&w=180&h=46&style=white&variant=text&loc=en_US" height="46" width="180" /> </form> </body> </html>

    Read the article

  • Custom MembershipProvider attempts to pass empty creds after IIS restart

    - by Joseph DeCarlo
    I have a C# custom ASP.Net MembershipProvider. When the user attempts to navigate to another part of the site after IIS is restarted, it doesn't navigate to the login page to collect credentials, but instead attempts to authenticate with empty credentials. Can anyone tell me what I have to do to identify that the new authentication needs to take place and that new creds need to be gathered? I have a complementary custom IHttpModule implementation that allows me to intercept events like BeginRequest and AuthenticateRequest, if that helps.

    Read the article

  • How to call bash process from within django / wsgi?

    - by chang
    I'm using mod_wsgi apache2 adapter for a django site and I like to call some bash process within a view, using the usual ... p = subprocess.Popen("/home/example.com/restart-tomcat.sh", shell=True) sts = os.waitpid(p.pid, 0)[1] ... This code works perfectly from within a usual python shell but does nothing (I can trace right now) when called within django. Am I missing some wsgi constraints? The script has 755 perms, so it should be executable. Thanks.

    Read the article

  • Is there a Markdown editor for Dojo

    - by Emilien
    Is there a good Markdown editor for Dojo? I have seen Control.TextArea (based on Prototype) and Stack Overflow's reverse-engineered version of WMD (seems to rely on jQuery) but I'd rather use a Dojo-based tool, as my site already uses this framework. Does such a tool exist? Googling for dojo markdown editor doesn't seem to return any useful results, apart from a Google Summer of Code 2008 student blogging that he's working on it...

    Read the article

  • What does this code do?

    - by Senthil
    I found this in Ryan Bates' railscast site, but not sure how it works. #models/comment.rb def req=(request) self.user_ip = request.remote_ip self.user_agent = request.env['HTTP_USER_AGENT'] self.referrer = request.env['HTTP_REFERER'] end #blogs_controller.rb def create @blog = Blog.new(params[:blog]) @blog.req = request if @blog.save ... I can sort of understand what he is doing. But am confused with the req=(request) line. Any help is appreciated. Thanks

    Read the article

  • Is it possible to compile a query in linq-to-objects

    - by Luke101
    I have a linq to objects query in a recursive loop and afraid when the objects approach more then 1000 and a have more then 100 users on the site -- my website will break. so is it possible to compile a linq to objects query. The linq query does nothing more then find the direct children of a node.

    Read the article

  • What is the code behind this javascript?

    - by Kat
    Hi, I'm trying to find out how they were able to create this site. http://www.cpeople.ru, i am trying to build my portfolio to look something like it. Particularly, I want the slider effect of the menu. Please help me out. Thanks. :)

    Read the article

  • Access external xml using xslt document function return 401

    - by Ciprian Grosu
    On MOSS2007, I have a webpart that display the content of a xml feed. I use a xslt with parameters for transforamtions. There is a situation when I receive a 401 Authorisation exception. I realize that this happen when a document() function from my xslt try to open an external xml. If I try to open this xml in browser all work ok. I provided my admin credentials to the web part and to the XmlSecureResolver. Same problem. The webpart is on server1 and the xml feed and external xml required by xslt is on server2. What can be ? protected override void RenderContents(HtmlTextWriter writer) { base.RenderContents(writer); if (string.IsNullOrEmpty(this.xmlUrl) || this.xmlResponseStream == null) return; try { XslCompiledTransform transform = new XslCompiledTransform(); if (UseXslt) { XmlTextReader stylesheet = null; try { SPSite site = new SPSite(xsltlUrl); SPWeb web = site.OpenWeb(); SPFile file = web.GetFile(xsltlUrl); if (file != null) { stylesheet = new XmlTextReader(file.OpenBinaryStream()); } } catch(Exception ex) { stylesheet = new XmlTextReader(xsltlUrl); } if (stylesheet != null) { transform.Load(stylesheet, new XsltSettings(true, true), GetAResolver()); } using (XmlReader reader = new XmlTextReader(this.xmlResponseStream)) { string theParams = xsltProperties; XsltArgumentList xslAgrs = GetXsltArgumentList(xsltProperties); XmlTextWriter results = new XmlTextWriter(writer.InnerWriter); if (UseProperties) { transform.Transform(reader, xslAgrs, results, GetASecureResolver()); } else { transform.Transform(reader, results); } reader.Close(); } } else { string feedAsString = null; using (StreamReader rssReader = new StreamReader(this.xmlResponseStream)) { feedAsString = rssReader.ReadToEnd(); writer.InnerWriter.Write(SPHttpUtility.HtmlEncode(feedAsString)); } } } catch (Exception ex) { writer.Write(ex.Message); if (this.xmlResponseStream != null) { this.xmlResponseStream.Close(); this.xmlResponseStream.Dispose(); } } } private static XmlSecureResolver GetASecureResolver() { // Create a secure resolver XmlSecureResolver resolver = new XmlSecureResolver(new XmlUrlResolver(), "http://externalservername.com/thesite/"); string proxyUserName = RssFeedUtility.GetConfigFileReader().ProxyUserName; string proxyUserPwd = RssFeedUtility.GetConfigFileReader().ProxyUserPassword; string proxyUserDomain = RssFeedUtility.GetConfigFileReader().ProxyUserDomain; resolver.Credentials = new NetworkCredential(proxyUserName, proxyUserPwd, proxyUserDomain); return resolver; }

    Read the article

  • URL Generation Technique with PHP

    - by harigm
    I have a build a web portal based on the Cricket concept, I have build a Custom based CMS where I can upload the News for the site Once I upload the news, the URL Will be like this http://cricandcric.com/news/news.php?id=841&An-emotional-moment:-Dhoni.html But I am trying to have the above Url as follows (some thing like this) http://cricandcric.com/news/An-emotional-moment:-Dhoni.html Or similar to Stackoverflow.com, Can any one please help me how can i build that? Do I need to rewrite the URL ?

    Read the article

  • jQuery Script works in all browsers but Chrome

    - by Moak
    This site has a script that works in all browsers i tested but Chrome, which i think is strange because it is usually IE that acts up. The error console says Uncaught TypeError: Cannot call method 'toLowerCase' of undefined Uncaught TypeError: Object #<an Object> has no method 'set' however i don't know what to do with this information. Any ideas?

    Read the article

  • OpenID with Kohana , how to?

    - by grokker
    Hi, I've used CakePHP and now I'm trying to build a project using Kohana 3. It's also my first time to use OpenID as a means for user registration/authentication for my site. That's why I'm wondering, how do I use OpenId with Kohana 3?

    Read the article

  • using moogaloop to embed a custom video player from Vimeo

    - by scullytr
    Anyone have any luck using Vimeo's moogaloop player? I'm wanting to use Vimeo's supposed API functions to create custom buttons to control the Vimeo player on my site. Here's the reference page for moogaloop: http://vimeo.com/api/docs/moogaloop I've been able to get the player to embed using SWFObject, but I can't seem to get the API functions to work (e.g. api_play()). Any help is greatly appreciated. Thanks! -Tim.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 639 640 641 642 643 644 645 646 647 648 649 650  | Next Page >