Search Results

Search found 42115 results on 1685 pages for 'access management'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 715/1685 | < Previous Page | 711 712 713 714 715 716 717 718 719 720 721 722  | Next Page >

  • MVC 2 AntiForgeryToken - Why symmetric encryption + IPrinciple?

    - by Brad R
    We recently updated our solution to MVC 2, and this has updated the way that the AntiForgeryToken works. Unfortunately this does not fit with our AJAX framework any more. The problem is that MVC 2 now uses symmetric encryption to encode some properties about the user, including the user's Name property (from IPrincipal). We are able to securely register a new user using AJAX, after which subsequent AJAX calls will be invalid as the anti forgery token will change when the user has been granted a new principal. There are also other cases when this may happen, such as a user updating their name etc. My main question is why does MVC 2 even bother using symmetric encryption? Any then why does it care about the user name property on the principal? If my understanding is correct then any random shared secret will do. The basic principle is that the user will be sent a cookie with some specific data (HttpOnly!). This cookie is then required to match a form variable sent back with each request that may have side effects (POST's usually). Since this is only meant to protect from cross site attacks it is easy to craft up a response that would easily pass the test, but only if you had full access to the cookie. Since a cross site attacker is not going to have access to your user cookies you are protected. By using symmetric encryption, what is the advantage in checking the contents of the cookie? That is, if I already have sent an HttpOnly cookie the attacker cannot override it (unless a browser has a major security issue), so why do I then need to check it again? After having a think about it it appears to be one of those 'added layer of security' cases - but if your first line of defence has fallen (HttpOnly) then the attacker is going to get past the second layer anyway as they have full access to the users cookie collection, and could just impersonate them directly, instead of using an indirect XSS/CSRF attack. Of course I could be missing a major issue, but I haven't found it yet. If there are some obvious or subtle issues at play here then I would like to be aware of them.

    Read the article

  • Recover data from hard disk

    - by Hitesh Solanki
    Hi I have formatted my c: drive and window xp is installed successfully,but I cannot able to access d: drive. when I am trying to double click on the d: drive,following message is displayed: "the disk in drive D: is not formatted, do you want to format it now ? " When I am trying to access from command prompt,the following message is displayed: "The volume does not contain a recognized file system. Please make sure that all required file system drivers are loaded and that the volume is not corrupted." So please help me.... Thanks in advance....

    Read the article

  • Am I using EJBs properly?

    - by kgrad
    I am using a JEE6 stack including JPA 2.0, JSF 2.0, EJB 3.1 etc. The way my architecture is setup is the following: I have JPA annotated DAOs using hibernate as my JPA provider. I have JSF Managed beans which correspond to my facelet/xhtml pages. I have EJBs that handle all of my database requests. My XHTML pages have JSF EL which make calls to my Managed beans. My managed beans contain references to my DAO entities which are managed by EJBs. For example, I have a user entity which is mapped to a db table. I have a user EJB which handles all CRUD operations that return Users. I have a page that edits a user. The highlevel workflow would be: navigate to user edit page - EL calls a method located in the managed bean that loads a user. The method calls userEJB.loadUser(user) from the EJB to get the user from the database. The user is edited and submit - a function is called in the managed bean which calls a function in the EJB to save the user. etc. I am running into issues accessing my data within my JSF pages using EJBs. I am having a lot of problems with lazy initialization errors, which I believe is due to how I have set things up. For example, I have a Client entity that has a List of users which are lazily loaded. In order to get a client I call a method in my EJB which goes to the database, finds a client and returns it. Later on i wish to access this clients list of users, in order to do so i have to go back to the EJB by calling some sort of method in order to load those users (since they are lazily loaded). This means that I have to create a method such as public List<User> getUserListByClient(Client c) { c = em.merge(c); return c.getUserList(); } The only purpose of this method is to load the users (and I'm not even positive this approach is good or works). If i was doing session management myself, I would like just leave the session open for the entire request and access the property directly, this would be fine as the session would be open anyway, there seems to be this one extra layer of indirection in EJBs which is making things difficult for me. I do like EJBs as I like the fact that they are controlled by the container, pooled, offer transaction management for free etc. However, I get the feeling that I am using them incorrectly, or I have set up my JSF app incorrectly. Any feedback would be greatly appreciated. thanks,

    Read the article

  • MS SQL 2005/2008: Identify current user

    - by Torben H.
    Hello I have a web application, which is using a MS SQL 2005 database. My problem is, that the application has no rolemanagement. So the application always accesses the database with one default user. But now I have to save and access a value only for the current user. Is there any way to do this? Maybe something like a session on the webserver? The best way would be, if there is any possibility to access the current session id of the webserver from T-SQL. Do anyone understand my problem? :) Torben

    Read the article

  • Spring security accessing principal

    - by wuntee
    When using spring security, specifically with @notation; what is the proper way to access the principal in a Controller? Lets say the following is my controller, but I would like to access the principal in the secure() method somewhere... @Controller public class LoginController { @RequestMapping(value = "/login", method = RequestMethod.GET) public String login(ModelMap map, @RequestParam(value="fail" , required=false) String fail){ map.addAttribute("title", "Login: AD Credentials"); if(fail != null){ map.addAttribute("error", "Invalid credentials"); } return("login"); } @RequestMapping("/secure") @PreAuthorize("isAuthenticated()") public String secure(ModelMap map, String principal){ System.out.println(principal); return("secure"); } }

    Read the article

  • Ninject Given Path's format is not supported

    - by David Osborn
    The Ninject initialization works fine when i run my application directly from VS2010, but if I deploy the application to our custom "plugin" environment I get this error when I run the app and it tries to initialize Ninject. Error during initialization The given path's format is not supported. ERROR : The given path's format is not supported. Type : NotSupportedException Location: System.String CanonicalizePath(System.String, Boolean) Stack Trace: at System.Security.Util.StringExpressionSet.CanonicalizePath(String path, Boolean needFullPath) at System.Security.Util.StringExpressionSet.CreateListFromExpressions(String[] str, Boolean needFullPath) at System.Security.Permissions.FileIOPermission.AddPathList(FileIOPermissionAccess access, AccessControlActions control, String[] pathListOrig, Boolean checkForDuplicates, Boolean needFullPath, Boolean copyPathList) at System.Security.Permissions.FileIOPermission..ctor(FileIOPermissionAccess access, String[] pathList, Boolean checkForDuplicates, Boolean needFullPath) at System.IO.Path.GetFullPath(String path) at Ninject.Modules.ModuleLoader.NormalizePath(String path) at Ninject.Modules.ModuleLoader.GetFilesMatchingPattern(String pattern) at Ninject.Modules.ModuleLoader.b_0(String pattern) at System.Linq.Enumerable.d_142.MoveNext() at System.Linq.Lookup2.Create[TSource](IEnumerable1 source, Func2 keySelector, Func2 elementSelector, IEqualityComparer1 comparer) at System.Linq.GroupedEnumerable3.GetEnumerator() at Ninject.Modules.ModuleLoader.LoadModules(IEnumerable1 patterns) at Ninject.KernelBase.Load(IEnumerable`1 filePatterns) at Ninject.KernelBase..ctor(IComponentContainer components, INinjectSettings settings, INinjectModule[] modules) at Ninject.KernelBase..ctor(INinjectModule[] modules) at MyApp.Ioc.ResolveType.Initialize() at MyApp.Program.Run()

    Read the article

  • How would you audit ASP.NET Membership tables, while recording what user made the changes?

    - by Pete
    Using a trigger-based approach to audit logging, I am recording the history of changes made to tables in the database. The approach I'm using (with a static sql server login) to record which user made the change involves running a stored procedure at the outset of each database connection. The triggers use this username when recording the audit rows. (The triggers are provided by the product OmniAudit.) However, the ASP.NET Membership tables are accessed primarily through the Membership API. I need to pass in the current user's identity when the Membership API opens its database connection. I tried subclassing MembershipProvider but I cannot access the underlying database connection. It seems like this would be a common problem. Does anyone know of any hooks we can access when the ASP.NET Membership makes its database connection?

    Read the article

  • Sending message to windows service by web page

    - by Enriquev
    Hello, How could I do this with no access denied problem? I have a windows service: protected override void OnCustomCommand(int command) { if (command == 1) { foreach (Process traceProcess in Process.GetProcessesByName("notepad.exe")) { traceProcess.Kill(); } } } when I do this: ServiceController sc = new ServiceController("ProjectManager"); if (sc != null) sc.ExecuteCommand(1); From a windows forms it works, but not from a web page, I get access denied on sc.ExecuteCommand. What's the best way for a web page to talk to a service?

    Read the article

  • Consuming SharePoint Web Services fails when behind Proxy server

    - by Jan Petersen
    Hi All, I've seen a number of post about consuming Web Services from behind a proxy server, but none that seams to address this problem. I'm building a desktop application, using Java, JAX-WS in NetBeans. I have a working prototype, that can query the server for authentication mode, successfully authenticate and retrieve a list of web site. However, if I run the same app from a network that is behind a proxy server (the proxy does not require authentication), then I'm running into trouble. The normal -dhttp.proxyHost ... settings does not seam to help any. But I have found that by creating a ProxySelector class and setting it as default, I can regain access to the authentication web service, but I still can't retrieve the list of web sites from the SharePoint server. Anyone have any experience on how to make this work? I have put the source text java class files of a demo app up, showing the issue at the following urls (it's a bit to long even in the short demo form to post here). link text When running the code from a network behind a proxy server, I successfully retrieve the Authentication mode from the server, but the request for the Web Site list generates an exception originating at: com.sun.xml.internal.ws.transport.http.client .HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:201) The output from the source when no proxy is on the network is listed below: Successfully retrieved the SharePoint WebService response for Authentication SharePoint authentication method is: WINDOWS Calling Web Service to retrieve list of web site. Web Service call response: -------------- XML START -------------- <Webs xmlns="http://schemas.microsoft.com/sharepoint/soap/"> <Web Title="Collaboration Lab" Url="http://host.domain.com/collaboration"/> <Web Title="Global Data Lists" Url="http://host.domain.com/global_data_lists"/> <Web Title="Landing" Url="http://host.domain.com/Landing"/> <Web Title="SharePoint HelpDesk" Url="http://host.domain.com/helpdesk"/> <Web Title="Program Management" Url="http://host.domain.com/programmanagement"/> <Web Title="Project Site" Url="http://host.domain.com/Project Site"/> <Web Title="SharePoint Administration Tools" Url="http://host.domain.com/admin"/> <Web Title="Space Management Project" Url="http://host.domain.com/spacemgmt"/> </Webs> -------------- XML END -------------- Br Jan

    Read the article

  • How can I execute pl/pgsql code without creating a function?

    - by Jeremiah Peschka
    With SQL Server, I can execute code ad hoc T-SQL code with full procedural logic through SQL Server Management Studio, or any other client. I've begun working with PostgreSQL and have run into a bit of a difference in that PGSQL requires any logic to be embedded in a function. Is there a way to execute PL/PGSQL code without creating an executing a function?

    Read the article

  • Which layer should create DataContext?

    - by Kevin
    I have a problem to decide which layer in my system should create DataContext. I have read a book, saying that if do not pass the same DataContext object for all the database updates, it will sometimes get an exception thrown from the DataContext. That's why i initially create new instance of DataContext in business layer, and pass it into data access layer. So that the same datacontext is used for all the updates. But this lead to one design problem, if i wanna change my DAL to Non-LinqToSQL in future, i need to re-write the code in business layer as well. Please give me some advice on this. Thanks. Example code 'Business Layer Public Sub SaveData(name As String) Using ts AS New TransactionScope() Using db As New MyDataContext() DAL.Insert(db,name) DAL.Insert(db,name) End Using ts.Complete() End Using End Sub 'Data Access Layer Public Sub Insert(db as MyDataContext,name As string) db.TableAInsert(name) End Sub

    Read the article

  • php email marketing open source

    - by Bharanikumar
    Hi, Anyone knows about some free open source php library or framework to implement following service independently. Email Marketing , Which include following service in that , send email , choose email template , Choose email template from local drive , text template , Account management like History email list , and more , Payment Integration , Thanks bharanikumar

    Read the article

  • Beginning with SQL

    - by Natasha
    Hey ALL; I am enthusiastic to enter the world of Databases through SQL , but i don't know if there's pre-requisits of any significance , i only know c# and java . Besides what tools do i need? i have visual studio 2008 and sql server management studio what else do i need? is it necessary to download a server OS? Bare with me i'm just a beginner lol Thanks all Natasha

    Read the article

  • MySQLdb through proxy

    - by MihaiD
    I'm using the above mentioned Python lib to connect to a MySQL server. So far I've worked locally and all worked fine, until i realized I'll have to use my program in a network where all access goes through a proxy. Does anyone now how I can set the connections managed by that lib to use a proxy? Alternatively: do you know of another Python lib for MySQL that can handle this? I also have no idea if the if the proxy server will allow access to the standard MySQL port or how I can trick it to allow it. Help on this is also welcomed.

    Read the article

  • Retrieving JSON from a web URL

    - by npeterson
    This may be a terribly uninformed question, brace yourself. A company I'm working with has given an 'API' that I can use to access orders, however, there are only two real commands, getorders and getorderdetails. These commands are put in the format of http://www.server.com/path/to/the/orderapi/getorders/UniqueKey/ If I go to that web address, I'm prompted for a username and password, and once authenticating, get presented with a page of JSON formatted order details, contained in the body of the html page. I would like a service to check this information and create orders in our crm based on it, is there an obvious way to access it without the browser/client interaction?

    Read the article

  • Database schema for multiple category/product relationship

    - by sree01
    I want to design a database for an e-commerce application with category/subcategory management. Please suggest a database schema where we can create categories and subcategories and add products to those categories. Each product can have multiple categories and we can select products belong to multiple categories using a boolean database query Thanks

    Read the article

  • SQL server 2005 - user rights

    - by Paresh
    I have created one user named "tuser" with create database rights in SQL server 2005. and given the 'db_owner' database role of master and msdb database to "tuser". From this user login when I run the script for create database then it will create new database. But "tuser" don't have access that newly created database generated from script. Any one have any idea?, I want to write the script so "tuser" have access that new created database after creation and can have add user permission of newly created database. I want to give 'db_owner' database roles to "tuser" on that newly created database in the same script which create new database. The script run under 'tuser'.

    Read the article

  • ObjectDisposedException from core .NET code

    - by John
    I'm having this issue with a live app. (Unfortunately this is post-mortem debugging - I only have this stack trace. I've never seen this personally, nor am I able to reproduce). I get this Exception: message=Cannot access a disposed object. Object name: 'Button'. exceptionMessage=Cannot access a disposed object. Object name: 'Button'. exceptionDetails=System.ObjectDisposedException: Cannot access a disposed object. Object name: 'Button'. at System.Windows.Forms.Control.CreateHandle() at System.Windows.Forms.Control.get_Handle() at System.Windows.Forms.Control.PointToScreen(Point p) at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent) at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks) at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.ButtonBase.WndProc(Message& m) at System.Windows.Forms.Button.WndProc(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message& m) at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m) at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) exceptionSource=System.Windows.Forms exceptionTargetSite=Void CreateHandle() It looks like a mouse event is arriving at a form after the form has been disposed. Note there is none of my code in this stack trace. The only weird (?) thing I'm doing, is that I do tend to Dispose() Forms quite aggressively when I use them with ShowModal() (see "Aside" below). But I only do this after ShowModal() has returned (that should be safe right)? I think I read that events might be queued up in the event queue, but I can't believe this would be the problem. I mean surely the framework must be tolerant to old messages? I can well imagine that under stress messages might back-log and surely the window might go away at any time? Any ideas? If you could even suggest ways of reproducing, that might be useful. John Aside: TBH I've never quite understood whether calling Dispose() after Form.ShowDialog() is strictly necessary - the MSDN docs for ShowDialog() are to my mind a bit ambiguous.

    Read the article

  • Configure database mail settings

    - by Paresh
    How can I configure database mail settings and send the mail from the database in Sharepoint created default database instance as i can not find where to configure the database mail settings from the management after login sa user.

    Read the article

  • oauth process for twitter. the difference between client and web application

    - by Radek
    I managed to make the oauth process work for PIN kind of verification. My twitter application is client type. When enter authorize url into web browser and grant the application access then I have to enter pin in my ruby application. Can I finish the process of getting access token without the pin thing? My current code is like. What changes do I need to do to make it work without pin? gem 'oauth' require 'oauth/consumer' consumer_key = 'w855B2MEJWQr0SoNDrnBKA' consumer_secret ='yLK3Nk1xCWX30p07Id1ahxlXULOkucq5Rve28pNVwE' consumer=OAuth::Consumer.new consumer_key, consumer_secret, {:site=>"http://twitter.com"} request_token = consumer.get_request_token puts request_token.authorize_url puts "Hit enter when you have completed authorization." pin = STDIN.readline.chomp access_token = request_token.get_access_token(:oauth_verifier => pin) puts puts access_token.token puts access_token.secret

    Read the article

  • Broadcast-style Bluetooth using Sockets on the iPhone?

    - by Kyle
    Is there any way to open a broadcast bluetooth socket, take a listen and send replies? I want a proper peer to peer system where I broadcast and listen for broadcasts in an area. That way, variable clients can mingle. Is this possible? My theory is this: If GameKit can sit around wasting 25 seconds of the users time whilst having access to a broadcast socket, can't I? Or, must I be in kernel mode for such access? I'm not really sure where the proper bluetooth headers are as well. Thanks for reading!

    Read the article

  • How can I disable multiple links with jQuery?

    - by Samantha J
    I have the following HTML: <a title="Login" data-href="/MyAccount/Access/Login" data-title="Admin" data-entity="n/a" id="loginLink" class="nav-button dialogLink"><b>Login</b></a> <a title="Register" data-href="/MyAccount/Access/Register" data-title="Admin" data-entity="n/a" id="registerLink" class="nav-button dialogLink"><b>Register</b></a> When a user clicks on the #loginLink or #registerLink I would like to disable the link and call a dialog script. I created the following function: $("#loginLink, #registerLink") .click(function () { $('#loginLink').prop('disabled', true); $('#registerLink').prop('disabled', true); dialog(this); }); It calls the dialog correctly but doesn't disable the links and if I click the buttons more than once it calls up more than one dialog box. Is there something I am doing wrong? I can't see why it would not work.

    Read the article

  • SQL Server: Granting db_datawriter on all databases

    - by Michael J Swart
    I want to manage permissions and access to a SQL Server database server on a development machine. I've created a local windows group (called DBReaderGroup) and assigned various people to it. The group was created as a SQL Server login successfully: create login [MYMACHINE\DBReaderGroup] from windows My goal is to grant this group read/write access to all databases (which are constantly being added and dropped). Is it possible to configure the right settings so that SQL Server manages this? My biggest challenge is that each time a db is created, I have to update the "User Mapping" settings for this group on the new database. Am I missing something simple?

    Read the article

  • UrlHelper and ViewContext inside an Authorization Attribute

    - by DM
    I have a scenario that I haven't been able to solve: I'm toying around with creating my own custom authorization attribute for mvc. The main bit of functionality I would like to add is to have the ability to change where the user gets redirected if they are not in a certain role. I don't mind that the system sends them back to the login page if they're not authenticated, but I would like to choose where to send them if they are authenticated but not allowed to access that action method. Here's is what I would like to do: public class CustomAuthorizeAttribute : AuthorizeAttribute { public string Action; public string Controller; protected override bool AuthorizeCore(System.Web.HttpContextBase httpContext) { // if User is authenticated but not in the correct role string url = Url.Action(this.Action, this.Controller); httpContext.Response.Redirect(url); } } And as an added bonus I would like to have access to ViewContext and TempData before I do the redirect. Any thoughts on how I could get instantiate a UrlHelper and ViewContext in the attribute?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 711 712 713 714 715 716 717 718 719 720 721 722  | Next Page >