Search Results

Search found 57750 results on 2310 pages for 'telerik open access'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 70/2310 | < Previous Page | 66 67 68 69 70 71 72 73 74 75 76 77  | Next Page >

  • SQL SERVER – New Look for CodePlexProject – Hosting for Open Source Software

    - by pinaldave
    Codeplex is my favorite site. CodePlex is Microsoft’s free open source project hosting site. You can create projects to share with the world, collaborate with others on their projects, and download open source software. It is great place to find so many open source project available to explore. All the softwares are free and open source. I often go there at intervals to check what is new in SQL Server field as well on other technologies. Yesterday when I visited it, I had nice surprise as it has total makeover and looks very decent as well elegant at the same time. I have noticed that when I talk about Codeplex is user community, not everybody knows about it. The quickest way I explain what is codeplex is that I start naming few of the projects which are available there and suddenly I start noticing a few hands going up knowing the projects. This is indirect way to prove that many of us know CodePlex usability but do not pay special attention to what it is actually. Let me name a few popular projects of the CodePlex here. SQL Server Sample Database [link] Image Resizer for Windows [link] Ajax Control Toolkit [link] Skype Voice Changer [link] Silverlight Toolkit [link] Windows 7 USB/DBD Download Tool [link] Orchard Project [link] There are very interesting SQL Server projects available on Codeplex as well. I am listing few of them here for reference in listed in no particular order. SQL Server Sample Database [link] SQL Server Compact ToolBox [link] Microsoft Drivers for PHP for SQL Server [link] Internals Viewer for SQL Server [link] SQL Server Spatial Tooks [link] SQL Monitor – managing sql server performance [link] SQL Server 2008 Extended Events SSMS Addin [link] How many of above mentioned project have you come across earlier? Leave a comment it will be interesting to know what our community is familiar with. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • unity, seeing all instances of same open application windows on all virtual desktop

    - by Nasser M. Abbasi
    I noticed this strange issue with unity. I am using 12.04. The desktop has 4 virtual desktops, which I can switch between using the 'workspace switcher' which is very nice. But I noticed the following: When I have 2 instances of the same app (say 2 different firefox windows, or 2 different terminal windows), in 2 different virtual desktops, then I click on the icon for that application located on the launcher panel (the left long strip with icons on it), then I see the application comes into focus. Then when I click again right away (on the same icon on the launcher), then now all instances of this application that are open come into ONE view (may be on was on desktop 1, and the other was on desktop 3 for example) and then I can now click on the one instance window that I want to select to use. This is all very nice actually. But this does NOT work for all applications! I just tried it, and it worked for firefox, and for gedit and for the gnome terminal. I have one firefox window open in virtual desktop 1, and another window open in virtual desktop 2. I clicked once on the firefox icon, then again, and both windows came into the main desktop and I was able to select which one to use. When I tried the same thing on dolphin file manager, which I also had 2 windows (instances) of it open in 2 different virtual desktops, this behavior did not happen. I clicked again, and nothing happened. Only one remained in focus. So I had to fo look for the second dolphin window the hard way. It looks like some apps are supported by this feature and some are not. How does one make it so that all applications are supported like this? This is a very handy feature. Is it a configuration item somewhere? thanks

    Read the article

  • Access Officejet Pro L7590 memory card reader

    - by luri
    I can't manage to access my printer's memory card reader in Nautilus. I can just access it with hp-unload. Here's a sample output from this command: lubuntu@L-X6:~$ hp-unload hp:/net/Officejet_Pro_L7500?zc=HP065193 HP Linux Imaging and Printing System (ver. 3.10.6) Photo Card Access Utility ver. 3.3 Copyright (c) 2001-9 Hewlett-Packard Development Company, LP This software comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to distribute it under certain conditions. See COPYING file for more details. Using device: hp:/net/Officejet_Pro_L7500?zc=HP065193 |error: Photo card write failed (Card may be write protected) / Photocard on device hp:/net/Officejet_Pro_L7500?zc=HP065193 mounted DO NOT REMOVE PHOTO CARD UNTIL YOU EXIT THIS PROGRAM warning: Photo card is write protected. Type 'help' for a list of commands. Type 'exit' to quit. pcard: / > ls \ Name Size Type dcim/ directory eos_digi.tal 0 B unknown/unknown 1 files, 0 B pcard: / > cd dcim |pcard: /dcim > ls | Name Size Type . directory .. directory 100eos5d/ directory 267canon/ directory 270canon/ directory 271canon/ directory 272canon/ directory 0 files, 0 B pcard: /dcim > cd 272canon -pcard: /dcim/272canon > ls \ Name Size Type . directory .. directory _mg_7201.jpg 3.1 MB image/jpeg ...........(some more files)................. _mg_7281.jpg 2.5 MB image/jpeg _mg_7282.jpg 2.5 MB image/jpeg 82 files, 241.6 MB (253377883) How can I acess it from nautilus or mount it as a filesystem? Note that this is similar to this other question: Can't get HP Officejet 6500 card reader to work. but actually there seemed to be no supported device here, while in my case I manage to access the memory card from hp-unload.

    Read the article

  • Use Network-Manager to Connect to a wifi Access Point on the command-line

    - by Stefano Palazzo
    I'd like to connect to a wireless access point from the command-line. ideally, I'd only need the name of the AP. But the hardware-address would work as well. I know I can use nmcli to connect to a managed network connection, but in my case, the access point may not be configured for Network-Manager yet (See the difference between the output of nm-tool and nmcli con). Example output of nmcli: Auto pwln 3a3d62b1-bbdf-4f76-b4d2-c211fd5cfb03 802-11-wireless [...] Wired Network aa586921-accf-4932-98c4-c873c310f08e 802-3-ethernet [...] Cisco-UDP Uni 7f94847b-04dc-40b7-9955-5246fb77cc65 vpn [...] T-mobile (D1) 867f345a-cbbf-4bd4-b883-a5e5ae0932f0 gsm [...] Example output of nm-tool: State: connected - Device: eth1 [Auto pwln] ---------------------------------------------------- [...] Wireless Access Points (* = current AP) *pwln: Infra, [...], Freq 2472 MHz, Rate 54 Mb/s, Strength 80 WPA WPA2 WLAN: Infra, [...], Freq 2422 MHz, Rate 54 Mb/s, Strength 20 WPA WPA2 [...] How do I connect to an access point that may or may not be known to NM? Extra: Finding out if the connection needs a pass-phrase, and submitting it on the command-line as well would be great too (that is to say It'd be nice if network-manager wouldn't pop open any keyring dialogues or errors on the gui)

    Read the article

  • OSB and Ubuntu 10.04 - Too Many Open Files

    - by jeff.x.davies
    When installing the latest Oracle Service Bus (11gR1PS3) onto my Ubuntu 10.04 system, the Eclipse IDE was complaining about there being too many open files. The Oracle Service Bus and the Oracle Enterprise Pack for Eclipse (aka OEPE) do make use of ALOT of files. By default, Ubuntu will restrict each user to 1024 open files. A much more realistic number for OSB development is 4096. Changing the file limit in Ubuntu is fairly simple (if arcane). You will need to modify two different files and then restart your server. First, you need to modify the limits.conf file as the root user. Open a terminal window and enter the following command: sudo gedit /etc/security/limits.conf Add the following 2 lines to the file. The asterisk simply means that the rule will apply to all users. * soft nofile 4096 * hard nofile 4096 Save your changes and close gedit. The second file to change is the common-session file. Use the following command: sudo gedit /etc/pam.d/common-session Add the following line: session required pam_limits.so Save the file and exit gedit. Restart your machine. You shouldn't have any more problems with too many open files anymore.

    Read the article

  • Allow access to WordPress site only by links in email newsletters

    - by Shane
    I send out a personal email newsletter, and have been looking into sending it via some service like MailChimp, or sendy.co. Many of these email services suggest, or require, the email newsletter content to be available online, in case the recipient's email app doesn't render it properly, or at all. The thing is I don't want my newsletter contents visible to the whole world. Nor do I want to require existing recipients to make accounts/be assigned accounts, with passwords. So, the question is: How can my WordPress site content be viewable only by clicking on the link to it in the email newsletter. It can't be found in a Google search; but once at the site the visitor can view previous newsletter contents. It seems an .htaccess file would do the trick, but I have been unable to figure out the syntax for this. Thanks for your help. I have copied below two other questions, and answers, which have helped me word my question clearly. Similar to this request about allowing access to a certain group while still restricting access to the world: Is there a way to password protect directory only in cpanel. But the user should not be prompted the password, when they try to access it via web? This persons question is the closest I could find to my situation: Restrict direct folder access via .htaccess except via specific links

    Read the article

  • Glimpse: Open Source Web Development

    - by Elizabeth Ayer
    We’re delighted to announce that Red Gate will be backing Glimpse! For those of you who aren’t familiar with the project, Glimpse is an open source tool which does for the server what Firebug does for the client. It’s been in beta for the last year, and we’re very excited to give Glimpse the support and dedicated effort needed to take it to a v1 and beyond. Glimpse’s founders (Nik Molnar and Anthony van der Hoorn) have joined Red Gate, and they’re just as excited as we are about the opportunities that active development of Glimpse will bring. They will continue to write code, support the community and drive the project forward (as they’ve done since its inception). With full-time attention on growing Glimpse and its community, users and developers can expect the project to accelerate, with frequent releases of new functionality. Red Gate is excited about its first major involvement with open source. You may well be wondering, though, why Red Gate is doing this. Glimpse dovetails beautifully with Red Gate’s .NET tools, which makes Glimpse an ideal framework for plugging in advanced, paid-for functionality (like performance analysis) the way web developers want to see it. As a means to this end, we will contribute to the Glimpse open source project in order to broaden its adoption and delight web developers. Since bringing in .NET Reflector in 2008, we’ve learnt sharp lessons from the community about the right and wrong ways to engage with developers, not to mention the enduring value of free. Glimpse further shows what the .NET community can achieve through open source collaboration, and we’re looking forward to working with the Glimpse community to make something enduring and awesome. Nik and Anthony, themselves passionate advocates of community-driven software, will continue to control the Glimpse project, steering it to best meet the needs of its users and contributors. If you have any questions or queries about Glimpse, or Red Gate’s involvement in the project, please tweet with the #glimpse hashtag, contact us at Red Gate on [email protected], or post to the Glimpse Development Forum on Google Groups.

    Read the article

  • JCP Open EC Meeting on 30 September 2012

    - by heathervc
    The JCP program office and Executive Committee invites all Java Community members to attend the OPEN EC Meeting on Sunday, 30 September at the Clift Hotel in San Francisco.  The meeting is adjacent to The Zone at JavaOne, but no JavaOne (or any other kind) of pass is required to attend.  It is OPEN to all!  Agenda topics include: JCP.Next status/overview of JSRs 355 and 358, improving communications between the EC and the community; Open Q&A and reminders of JCP events at JavaOne & Annual awards.  Any other suggestions?  This meeting is for you.  Let us know your questions pmo at jcp.org. Or bring them with you.  Details below. JCP Public Executive Committee Face-to-Face Meeting Open to Executive Committee Members and the Java Developer Community Location: Clift Hotel, 495 Geary Street, San Francisco - Rita Room (downstairs from Lobby) Date and Time: 9/30/12, 2:00 PM - 3:30 PM See you there.  Check out all of the JCP @ JavaOne events.

    Read the article

  • Oracle Open World 2012?????

    - by Liu Maclean(???)
    Oracle Open World 2012?????: ???.. Oracle OpenWorld 2012 sessions????:Search Content Catalog for Oracle OpenWorld 2012 sessions ?????????session??? Open World 2012??: Larry ??Exadata X3 OOW 2012???Exadata X3,?? X3-2 ?Expansion Rack X3-2?X3-8 Exadata X3????:http://www.oracle.com/us/products/database/exadata/overview/index.html  ORACLE EXADATA Database MACHINE X3-8 sheetORACLE EXADATA Database MACHINE X3-2 sheet Exadata X3-2???????: X3-2?compute db node?????????8?Intel Xeon E5-2690??? ??????????12????16?,???33%????? ???96GB???128GB,????256GB ??????????50% X3-2 cell node??????????????Intel Xeon ??????flash card flash card??????4?,??flash card?????????40%? ???X3-2???22.4TB?flash ,??????flash????????????????????,???10????? CPU???6?,????????Intel Xeon model ????????X2-2??,???600GB???????3TB?????? ??Exadata X3-2?????????,??????????1/4?????,1/8????????????????? Exadata X3-8???????: X3-8???X2-8?????,???X3-8??????????X3-2??,??X3-8?????22.4TB?????? ???CEO??  Engineered to Work Together OOW????? Oracle Open World 2012 ????? Open World 2012 ??:http://www.oracle.com/openworld/index.htmlOpen World 2012 ????:http://www.oracle.com/openworld/register/packages/index.html ??: Sept. 30 – Oct. 4, 2012 9?30?? 10?4? ??:Moscone Center, San Francisco (747 Howard Street, San Francisco, California 94103). ?????Mark Hurd??OOW 2012: How big is oow OOW 2012?????????: Focus On Database Technologies Focus On Real Application Clusters Focus On Exadata Focus On Oracle Database Appliance Focus On Oracle Database Application Development Focus On Oracle Database Security Focus On Big Data Focus On Data Warehousing Focus On High Availability Focus On Oracle Enterprise Manager Cloud Control 12c (and Private Cloud) Focus On Oracle Spatial and Graph Focus On Oracle Database Utilities Focus On Oracle Database Upgrade Focus On Oracle Database Private Cloud Focus On .Net Focus On Oracle Database on Windows Focus On Engineered Systems Focus On Sunday Users Forum

    Read the article

  • Error creating System.Type from string "System.Int32"

    - by ProfK
    On a web site I published (pre-compiled) last night, I get the following error. Before pre-compiling it, I was getting a compiler error that a User Control was not found. After compiling on another machine, and running, I get the following Parser error: "Cannot create an object of type 'System.Type' from its srting representation 'System.Int32' for the 'DataType' property" was the, now runtime, parser error I got. The offending tag is telerik:RadNumericTextBox .... DataType="System.Int32"... I emphasise again that this error only occurs on XP SP2, not on Vista and Win7. I'm off to do some Googling and issue logging at Telerik.

    Read the article

  • How to do role-based access control for a franchise business?

    - by FreshCode
    I'm building the 2nd iteration of a web-based CRM+CMS for a franchise service business in ASP.NET MVC 2. I need to control access to each franchise's services based on the roles a user is assigned for that franchise. 4 examples: Receptionist should be able to book service jobs in for her "Atlantic Seaboard" franchise, but not do any reporting. Technician should be able to alter service jobs, but not modify invoices. Managers should be able to apply discount to invoices for jobs within their stores. Owner should be able to pull reports for any franchises he owns. Where should franchise-level access control fit in between the Data - Services - Web layer? If it belongs in my Controllers, how should I best implement it? Partial Schema Roles class int ID { get; set; } // primary key for Role string Name { get; set; } Partial Franchises class short ID { get; set; } // primary key for Franchise string Slug { get; set; } // unique key for URL access, eg /{franchise}/{job} string Name { get; set; } UserRoles mapping short FranchiseID; // related to franchises table Guid UserID; // related to Users table int RoleID; // related to Roles table DateTime ValidFrom; DateTime ValidUntil; Background I built the previous CRM in classic ASP and it runs the business well, but it's time for an upgrade to speed up workflow and leave less room for error. For the sake of proper testing and better separation between data and presentation, I decided to implement the repository pattern as seen in Rob Conery's MVC Storefront series. Controller Implementation Access Control with [Authorize] attribute If there was just one franchise involved, I could simply limit access to a controller action like so: [Authorize(Roles="Receptionist, Technician, Manager, Owner")] public ActionResult CreateJob(Job job) { ... } And since franchises don't just pop up over night, perhaps this is a strong case to use the new Areas feature in ASP.NET MVC 2? Or would this lead to duplicate Views? Controllers, URL Routing & Areas Assuming Areas aren't used, what would be the best way to determine which franchise's data is being accessed? I thought of this: {franchise}/{controller}/{action}/{id} or is it better to determine a job's franchise in a Details(...) action and limit a user's action with [Authorize]: {job}/{id}/{action}/{subaction} {invoice}/{id}/{action}/{subaction} which makes more sense if any user could potentially have access to more than one franchise without cluttering the URL with a {franchise} parameter. Any input is appreciated.

    Read the article

  • How to access Java servlet running on my PC from outside ?

    - by Frank
    I used Netbeans6.7 to write a servlet, when it runs, it opens a browser window with this address : http://localhost:8080/My_App/Test_Servlet, I replaced the "localhost" with my IP address, now it looks like this : http://192.???.1.??:8080/My_App/Test_Servlet, but I tried to access it from another computer outside my home, it can't read anything, I wonder if I need to change Windows Fire Wall setting to allow outside traffic, it's a Paypal IPN app, so I call Paypal, they said they can't access : http://192.???.1.??:8080/My_App/Test_Servlet What on my side should I do to allow traffic from "paypal.com" to access "My_App/Test_Servlet" ? Frank

    Read the article

  • dynamically generated pageview issue

    - by user203127
    hi, I have created dynamic tab function. When i create dynamic tab it will create pageview for that tab. But when i deleted that tab that pageview is not deleting. Can any one help me to fix this. using System; using System.Data; using System.Configuration; using System.Collections; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using Telerik.WebControls; using Telerik; public partial class Radstrip2 : System.Web.UI.Page { protected System.Web.UI.WebControls.Label PageContent; protected System.Web.UI.WebControls.Repeater BuildingSummary; protected Telerik.WebControls.PageView PageView1; protected void Page_Load(object sender, EventArgs e) { if (!Page.IsPostBack) { Tab tab = new Tab(); tab.Text = string.Format("New Page {0}", 1); RadTabStrip1.Tabs.Add(tab); PageView pageView = new PageView(); RadMultiPage1.PageViews.Add(pageView); BuildPageViewContents(pageView, RadTabStrip1.Tabs.Count); RadTabStrip1.SelectedIndex = 0; } } private void BuildPageViewContents(PageView pageView, int index) { pageView.ID = "Page " + index.ToString(); pageView.Controls.Add(new LiteralControl(" <B>New page</B>" + (index).ToString())); } protected void Button1_Click(object sender, EventArgs e) { Tab tab = new Tab(); tab.Text = string.Format("New Page {0}", RadTabStrip1.Tabs.Count + 1); RadTabStrip1.Tabs.Add(tab); PageView pageView = new PageView(); pageView.ID = "Page " + pageView.Index.ToString(); RadMultiPage1.PageViews.Add(pageView); BuildPageViewContents(pageView, RadTabStrip1.Tabs.Count); RadTabStrip1.SelectedIndex = RadTabStrip1.SelectedIndex + 1; RadMultiPage1.SelectedIndex = RadTabStrip1.SelectedIndex; } protected void Button2_Click(object sender, EventArgs e) { Tab currentTab = RadTabStrip1.InnerMostSelectedTab; if (currentTab != null) { ITabContainer owner = currentTab.Owner; owner.Tabs.Remove(currentTab); //RadMultiPage1.PageViews.Remove(currentTab.PageView); if (owner.Tabs.Count > 0) { owner.SelectedIndex = 0; } } } protected void RadMultiPage1_PageViewItemCreated1(PageView view, int viewIndex) { BuildPageViewContents(view, viewIndex + 1); } }

    Read the article

  • Data Access Layer in ASP.Net: Where do I create the Connection?

    - by atticae
    If I want to create a 3-Layer ASP.Net application (Presentation Layer, Business Layer, Data Access Layer), where is the best place to create the Connection objects? So far I used a helper class in my Presentation Layer to create an IDbCommand from the ConnectionString in the web.config on each page and passed it on to the DAL classes/methods. Now I am not so sure, if this part shouldn't also be included in the DAL somehow, because it obviously is part of the Data Access. The DAL is in a separately compilated project, so I dont have access to the web.config and cannot access the connection string (right?). What is the best practice here?

    Read the article

  • How to configure SVN access list for directory/repository ?

    - by abatishchev
    I have next SVN repositories structure running Apache 2.2 under Windows Server 2008: http://example.com/svn/ is targeted to e:\svn (root) http://example.com/svn/dir/ is targeted to e:\svn\dir (some directory with a number of repositories) http://example.com/svn/dir/repo/ is targeted to e:\svn\dir\repo (a repository itself) How to access list so group @foo had rw access to repo? I have next access list: [groups] @foo = user1, user2 [/] * = r [dir/repo:/] @foo = rw The last string doesn't work in any combination I tried

    Read the article

  • MS Access - Keeping track (transacation) of all activity while form is open...

    - by Ron Mac
    Hi and thanks for reading. I am not a database/vba guy and my experience is strictly in the JAVA world. However, I need to have an ACCESS form open. While it is open and new data is entered into it (via the underlying query OR any other data changes in other tables based on sql updates attached to buttons on this form), is there a way that I can initiate a transaction so that at the bottom of the form I could have a button that says "Exit and committ changes" or "Cancel and Rollback changes". I guess I thought of a situation where I could do something like: On Form OPEN, START TRANSACTION On "CLICK OK", COMMIT TRANSACTION or ON "CLICK CANCEL" ROLLBACK. I'm aware how to do the Workspace.BeginTransaction but I'm not sure if that will apply if I do it on FORM OPEN and then on FORM CLOSE do the COMMIT/ROLLBACK locgin? Any insight would be great.

    Read the article

  • How to pass record id into hyperlink in radgrid?

    - by mongoose_za
    I've a radgrid and rendering a hyperlink column. I want to pass the id of the record into the url for the hyperlink. How can I do this? I have this <Columns> <telerik:GridTemplateColumn AllowFiltering="false" HeaderText="Edit" UniqueName="Edit"> <ItemTemplate> <asp:HyperLink ID="HyperLink1" runat="server" Target="_blank" NavigateUrl="~/Edit.aspx?Id=need_to_bind_id_here">Edit Details</asp:HyperLink> </ItemTemplate> </telerik:GridTemplateColumn> </Columns> There is an ID column which is generated too.

    Read the article

  • Access as a front-end to SQL Server - ADO vs DAO?

    - by webworm
    I have a project that will be using Access 2003 as the font-end and the data being stored in SQL Server. Access will connect to SQL Server via linked tables with all the database logic (stored procedures, views) within SQL Server. Given this setup, would it be better to use ADO or DAO within Access? Is it just a matter of preference or is one more suited to Access as a font-end and SQL Server as the data store? Especially when using linked tables. Thanks.

    Read the article

  • Why my combobox count is 0?

    - by just_name
    Why the count of items in my ComboBox is always 0 although the datasource of this combobox has data !! <div align="right" dir="rtl"> <asp:Label ID="lbl_contactListName" runat="server" Text="Menu Name :" CssClass="span"></asp:Label> <telerik:RadComboBox ID="ddl_contactList" runat="server" AutoPostBack="True" CausesValidation="False" CollapseDelay="0" Culture="ar-EG" ExpandDelay="0" Filter="StartsWith" ItemsPerRequest="10" MarkFirstMatch="true" Skin="Outlook" EnableAutomaticLoadOnDemand="True" EmptyMessage="-New Menu-" ShowMoreResultsBox="True" OnSelectedIndexChanged="ddl_contactList_SelectedIndexChanged" EnableVirtualScrolling="True" DataTextField="list_desc" DataValueField="list_code" DataSourceID="ObjectDataSource1" EnableViewState="true" Width="300px"> </telerik:RadComboBox> </div> <asp:ObjectDataSource ID="ObjectDataSource1" runat="server" SelectMethod="GetContactListsByDep" TypeName="SendSMS_EmailModule.ContactList"> <SelectParameters> <asp:SessionParameter Name="year" SessionField="year" Type="Int32" /> <asp:SessionParameter Name="main_code" SessionField="main_code" Type="Int32" /> </SelectParameters> </asp:ObjectDataSource>

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • Database advantages? Access, MySQL, msSQL, or any others?

    - by JimZ
    Dear all Stackoverflowers, I just started to learn programming and now I'm putting this question online based on a quote: no question is silly My work needs to develop a order system based on web, which wants a database system. Since using Excel for years as a general office user, I naturally turn this to Access. However, most people say Access is very limited comparing to MySQL or MSSQL, or any other more professional database system. But after developing some functions for my company's order system, I really find Access can fulfill my request. And I also tried MSSQL to develop, which I found it not quite convenient to use. I have searched in stackoverflow and find no general answer about my doubt. Now I am sincerely hoping some experienced and professional developers could clear my doubts. Now I'm listing some Access advantages, which I don't think other database system have. I hope you could help me also find these advantages in others. 1. Access is portable, I can just copy a xxx.accdb file to my company and continue with development. 2. Access is easy to generate helpful table, for example, it will automatically generate a field that can automatically count, could be used as primary key value. 3. it is more compatable with Excel, to display and filter data. 4. importantly, it nerely needs no environment to setup, just needs MS Office to be installed. ............others However, I also find some points that MSSQL is advantaged: 1. security reasons 2. easy to backup, ( just use BACKUP..... sql statement to do it) 3. can edit stored procedure to save some functions to database ...............others specifically, I wish some friends could tell me how to make other database portable? since I usually work both at home and in office. It's a headache to move MSSQL work to my office, since the version of MSSQL is not the same. Thank you all and best regards, :)

    Read the article

  • Is there a way to sync (two way) tables betwen a mysql server and a local MS Access?

    - by Kailen
    Help me figure out a solution to a (not so unique) problem. My research group has gps devices attached to migratory animals. Every once in a while, a research tech will be within range of an animal and will get the chance to download all the logged points. Each individual spits out a single dbf and new locations are just appended to the end (so the file is just cumulative). These data need to be shared among a research group. Everyone else (besides me) wants to use access, so they can make small edits and prefer that interface. They do not like using MySQL. The solution I came up with is: a) The person who downloads the file goes to a web page, enters animal ID into a form, chooses .dbf file and uploads to a mysql database on the server (I still have to write php code to read the dbf and write sql insert statements from it). b) Everyone syncs from their local access database to the server. (This is natively possible from access but very clunky). Is there a tool (preferably open source), that can compare a access table to mysql table and sync the two (both ways)? Alternatively, does anyone have a more elegant solution? The ultimate goal is to allow everyone to have access to the most current data on their computers using their preferred database app.

    Read the article

  • What makes you trust that a piece of open source software is not malicious?

    - by Daniel DiPaolo
    We developers are in a unique position when it comes to the ability to not only be skeptical about the capabilities provided by open source software, but to actively analyze the code since it is freely available. In fact, one may even argue that open source software developers have a social responsibility to do so to contribute to the community. But at what point do you as a developer say, "I better take a look at what this is doing before I trust using it" for any given thing? Is it a matter of trusting code with your personal information? Does it depend on the source you're getting it from? What spurred this question on was a post on Hacker News to a javascript bookmarklet that supposedly tells you how "exposed" your information on Facebook is as well as recommending some fixes. I thought for a second "I'd rather not start blindly running this code over all my (fairly locked down) Facebook information so let me check it out". The bookmarklet is simple enough, but it calls another javascript function which at the time (but not anymore) was highly compressed and undecipherable. That's when I said "nope, not gonna do it". So even though I could have verified the original uncompressed javascript from the Github site and even saved a local copy to verify and then run without hitting their server, I wasn't going to. It's several thousand lines and I'm not a total javascript guru to begin with. Yet, folks are using it anyway. Even (supposedly) bright developers. What makes them trust the script? Did they all scrutinize it line by line? Do they know the guy personally and trust him not to do anything bad? Do they just take his word? What makes you trust that a piece of open source software is not malicious?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 66 67 68 69 70 71 72 73 74 75 76 77  | Next Page >