Search Results

Search found 12562 results on 503 pages for 'secure delete'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 88/503 | < Previous Page | 84 85 86 87 88 89 90 91 92 93 94 95  | Next Page >

  • How to enable and use HTTP PUT and DELETE with Apache2 and PHP?

    - by Andreas Jansson
    Hi, It should be so simple. I've followed every tutorial and forum I could find, yet I can't get it to work. I simply want to build a RESTful API in PHP on Apache2. In my VirtualHost directive I say: <Directory /> AllowOverride All <Limit GET HEAD POST PUT DELETE OPTIONS> Order Allow,Deny Allow from all </Limit> </Directory> Yet every PUT request I make to the server, I get 405 method not supported. Someone advocated using the Script directive, but since I use mod_php, as opposed to CGI, I don't see why that would work. People mention using WebDAV, but to me that seems like overkill. After all, I don't need DAV locking, a DAV filesystem, etc. All I want to do is pass the request on to a PHP script and handle everything myself. I only want to enable PUT and DELETE for the clean semantics. Thanks, Andreas

    Read the article

  • How can I validate/secure/authenticate a JavaScript-based POST request?

    - by Bungle
    A product I'm helping to develop will basically work like this: A Web publisher creates a new page on their site that includes a <script> from our server. When a visitor reaches that new page, that <script> gathers the text content of the page and sends it to our server via a POST request (cross-domain, using a <form> inside of an <iframe>). Our server processes the text content and returns a response (via JSONP) that includes an HTML fragment listing links to related content around the Web. This response is cached and served to subsequent visitors until we receive another POST request with text content from the same URL, at which point we regenerate a "fresh" response. These POSTs only happen when our cached TTL expires, at which point the server signifies that and prompts the <script> on the page to gather and POST the text content again. The problem is that this system seems inherently insecure. In theory, anyone could spoof the HTTP POST request (including the referer header, so we couldn't just check for that) that sends a page's content to our server. This could include any text content, which we would then use to generate the related content links for that page. The primary difficulty in making this secure is that our JavaScript is publicly visible. We can't use any kind of private key or other cryptic identifier or pattern because that won't be secret. Ideally, we need a method that somehow verifies that a POST request corresponding to a particular Web page is authentic. We can't just scrape the Web page and compare the content with what's been POSTed, since the purpose of having JavaScript submit the content is that it may be behind a login system. Any ideas? I hope I've explained the problem well enough. Thanks in advance for any suggestions.

    Read the article

  • How to secure login and member area with SSL certificate?

    - by citronas
    Background: I have a asp.net webapplication project that should contain a public and a member area. Now I want to implement a SSL decription to secure communication between the client and the server. (In the university we have a unsecured wireless network and you can use a wlan sniffer to read username/password. I do not want to have this security problem for my application, so I thought of a ssl decription) The application is running on a IIS 7.5. It it possible to have one webapp that has unsecured pages (like the public area) and a secured area (like the member area, which requires a login)? If yes, how can I relealise the communication between these too areas? Example: My webapp is hosted on http://foo.abc. I have pages like http://foo.abc/default.aspx and http://foo.abc/foo.aspx. In the same project is page like /member/default.aspx which is protected by a login on the page http://foo.abc/login.aspx. So I would need to implement SSL for the page /login.aspx and all pages in /member/ How can I do that? I just found out how to create SSL certificates in IIS 7.5 and how to add such a binding to a webapp. How how can I tell my webapp which page should be called with https and not with http. What is the best practise there?

    Read the article

  • What is the optimum way to secure a company wide wiki?

    - by Mark Robinson
    We have a wiki which is used by over half our company. Generally it has been very positively received. However, there is a concern over security - not letting confidential information fall into the wrong hands (i.e. competitors). The default answer is to create a complicated security matrix defining who can read what document (wiki page) based on who created it. Personally I think this mainly solves the wrong problem because it creates barriers within the company instead of a barrier to the external world. But some are concerned that people at a customer site might share information with a customer which then goes to the competitor. The administration of such a matrix is a nightmare because (1) the matrix is based on department and not projects (this is a matrix organisation), and (2) because in a wiki all pages are by definition dynamic so what is confidential today might not be confidential tomorrow (but the history is always readable!). Apart from the security matrix, we've considered restricting content on the wiki to non super secret stuff, but off course that needs to be monitored. Another solution (the current) is to monitor views and report anything suspicious (e.g. one person at a customer site having 2000 views in two days was reported). Again - this is not ideal because this does not directly imply a wrong motive. Does anyone have a better solution? How can a company wide wiki be made secure and yet keep its low threshold USP? BTW we use MediaWiki with Lockdown to exclude some administrative staff.

    Read the article

  • Global Temporary Table "On commit delete rows" functionality discrepancy.

    - by TomatoSandwich
    I have a global temporary table. I called my GTT, for that was it's initials. My GTT never hurt anyone, and did everything I bade of it. I asked my GTT to delete rows on commit. This is a valid function in the creation script of my GTT in oracle. I wanted to be able to have different users see GTT with their own data, and not the data of other people's sessions. 'Delete rows on commit' worked perfectly in our test environment. GTT and I were happy. But then, I deployed GTT as part of an update to functionality to a client's database. The database doesn't like to play well with GTT. GTT called me up all upset and worried, because it wasn't holding any data any more, and didn't know why. GTT told me that if someone did: insert into my_GTT (description) values ('Happy happy joy joy') he would sing-song back: 1 row inserted. However, if the same person tried select * from my_GTT; GTT didn't know what to do, and he replied 0 rows returned. GTT was upset that he didn't know what his playmate had inserted. Please, Stackoverflow, why would GTT forget what was placed into him? He can remember perfectly well at home, but out in the cold harsh world, he just gets so scared. :(

    Read the article

  • Are there more secure alternatives to the .Net SQLConnection class?

    - by KeyboardMonkey
    Hi SO people, I'm very surprised this issue hasn't been discussed in-depth: This article tells us how to use windbg to dump a running .Net process strings in memory. I spent much time researching the SecureString class, which uses unmanaged pinned memory blocks, and keeps the data encrypted too. Great stuff. The problem comes in when you use it's value, and assign it to the SQLConnection.ConnectionString property, which is of the System.String type. What does this mean? Well... It's stored in plain text Garbage Collection moves it around, leaving copies in memory It can be read with windbg memory dumps That totally negates the SecureString functionality! On top of that, the SQLConnection class is non-inheritable, I can't even roll my own with a SecureString property instead; Yay for closed-source. Yay. A new DAL layer is in progress, but for a new major version and for so many users it will be at least 2 years before every user is upgraded, others might stay on the old version indefinitely, for whatever reason. Because of the frequency the connection is used, marshalling from a SecureString won't help, since the immutable old copies stick in memory until GC comes around. Integrated Windows security isn't an option, since some clients don't work on domains, and other roam and connect over the net. How can I secure the connection string, in memory, so it can't be viewed with windbg?

    Read the article

  • Is it impossible to secure .net code (intellectual property) ?

    - by JL
    I used to work in JavaScript a lot and one thing that really bothered my employers was that the source code was too easy to steal. Even with obfuscation, nothing really helped, because we all knew that any competent developer would be able to read that code if they wanted to. JS Scripts are one thing, but what about SOA projects that have millions invested in IP (Intellectual Property). I love .net, and especially C#, but I recently again had to answer the question "If we give this compiled program over to our clients, can their developers reverse engineer it?" I had gone out of my way to obfuscate the code, but I knew it wouldn't take that much for another determined C# developer to get at the code. So I earnestly pose the question, is it impossible to secure .net code? The considerations I have as as follows: Even regular native executables can be reversed, but not every developer has the skill to be able to do this. Its a lot harder to disassemble a native executable than a .net assembly. Obfuscation will only get you so far, but it does help a little. Why have I never seen any public acknowledgement by Microsoft that anything written in .net is subject to relatively easy IP theft? Why have I never seen a scrap of counter measure training on any Microsoft site? Why does VS come with a community obfuscater as an optional component? Ok maybe I have just had my head in the sand here, but its not exactly high on most developers priority list. Are there any plans to address my concerns in any future version of .net? I'm not knocking .net, but I would like some realistic answers, thank you, question marked as subjective and community!

    Read the article

  • Rails 3 : Can't get form_for to work as a 'delete' following the RESTful achitecture => always giving a ROUTING ERROR

    - by Alex
    I have a very simple render that goes as follow: <%= form_for(:relationships, :url => relationships_path, :html => {:method => 'delete'}) do |f| %> <div><%= f.hidden_field :user_id_to_unfollow, :value => @user.id %></div> <div class="actions"><%= f.submit "Unfollow" %></div> <% end %> When I submit this form it will always give me a Routing Error No route matches "/relationships" on my page. In my relationships controller, I have created all the propers methods: def create ... end def destroy ... end def update ... end def show ... end And in my routes config I have made sure to allow all routes for the relationships controller resources :relationships But I can't seem to get into the destroy method of the controller :( However if I remove the :html => {:method => 'delete'} method parameter in the form_for then I get to the create method of the controller no pb. I don't get it.... Alex

    Read the article

  • Is DB logging more secure than file logging for my PHP web app?

    - by iama
    I would like to log errors/informational and warning messages from within my web application to a log. I was initially thinking of logging all of these onto a text file. However, my PHP web app will need write access to the log files and the folder housing this log file may also need write access if log file rotation is desired which my web app currently does not have. The alternative is for me to log the messages to the MySQL database since my web app is already using the MySQL database for all its data storage needs. However, this got me thinking that going with the MySQL option is much better than the file option since I already have a configuration file with the database access information protected using file system permissions. If I now go with the log file option I need to tinker the file and folder access permissions and this will only make my application less secure and defeats the whole purpose of logging. Is this correct? I am using XAMPP for development and am a newbie to LAMP. Please let me know your recommendations for logging. Thanks.

    Read the article

  • How should I secure my webapp written using Wicket, Spring, and JPA?

    - by Martin
    So, I have an web-based application that is using the Wicket 1.4 framework, and it uses Spring beans, the Java Persistence API (JPA), and the OpenSessionInView pattern. I'm hoping to find a security model that is declarative, but doesn't require gobs of XML configuration -- I'd prefer annotations. Here are the options so far: Spring Security (guide) - looks complete, but every guide I find that combines it with Wicket still calls it Acegi Security, which makes me think it must be old. Wicket-Auth-Roles (guide 1 and guide 2) - Most guides recommend mixing this with Spring Security, and I love the declarative style of @Authorize("ROLE1","ROLE2",etc). I'm concerned about having to extend AuthenticatedWebApplication, since I'm already extending org.apache.wicket.protocol.http.WebApplication, and Spring is already proxying that behind org.apache.wicket.spring.SpringWebApplicationFactory. SWARM / WASP (guide) - This looks the newest (though the main contributor passed away years ago), but I hate all of the JAAS-styled text files that declare permissions for principals. I also don't like the idea of making an Action class for every single thing a user might want to do. Secure models also aren't immediately obvious to me. Plus, there isn't an Authn example. Additionally, it looks like lots of folks recommend mixing the first and second options. I can't tell what the best practice is at all, though.

    Read the article

  • Am I going the right way to make login system secure with this simple password salting?

    - by LoVeSmItH
    I have two fields in login table password salt And I have this little function to generate salt function random_salt($h_algo="sha512"){ $salt1=uniqid(rand(),TRUE); $salt2=date("YmdHis").microtime(true); if(function_exists('dechex')){ $salt2=dechex($salt2); } $salt3=$_SERVER['REMOTE_ADDR']; $salt=$salt1.$salt2.$salt3; if(function_exists('hash')){ $hash=(in_array($h_algo,hash_algos()))?$h_algo:"sha512"; $randomsalt=hash($hash,md5($salt)); //returns 128 character long hash if sha512 algorithm is used. }else{ $randomsalt=sha1(md5($salt)); //returns 40 characters long hash } return $randomsalt; } Now to create user password I have following $userinput=$_POST["password"] //don't bother about escaping, i have done it in my real project. $static_salt="THIS-3434-95456-IS-RANDOM-27883478274-SALT"; //some static hard to predict secret salt. $salt=random_salt(); //generates 128 character long hash. $password =sha1($salt.$userinput.$static_salt); $salt is saved in salt field of database and $password is saved in password field. My problem, In function random_salt(), I m having this FEELING that I'm just making things complicated while this may not generate secure salt as it should. Can someone throw me a light whether I m going in a right direction? P.S. I do have an idea about crypt functions and like such. Just want to know is my code okay? Thanks.

    Read the article

  • How do you lock down & secure files stored on server in ASP.NET?

    - by Jon
    How do I go about securing files that are stored on the server? We have an ASP.NET app which generates PDFs. These are not stored in the wwwroot folder but in another folder i.e. C:\inetpub\data. This provides more security but maybe not enough. The ASP.NET/IIS process will need write access to this folder so it generate the PDFs there. Once the pdf is generated, it can be viewed using an ASP.NET form called viewpdf.aspx with the file to be viewed add to the query string like so viewpdf.aspx?FILE=mynewfile.pdf. This is loaded from a gridview. The full path to C:\inetpub\data is resolved and loaded in the Page_load event of the viewer page. Now I'm wondering how to secure this. Anybody could just view the file. Not by entering in the URL, as it won't been seen by IIS (its not in wwwroot), but could change the querystring in the viewpdf page. How do I stop anybody hacking this?

    Read the article

  • How to delete ProgIDs from other user accounts when uninstalling from Windows?

    - by Mordachai
    I've been investigating "how should a modern windows c++ application register its file types" with Windows (see http://stackoverflow.com/questions/2828637/c-how-do-i-correctly-register-and-unregister-file-type-associations-for-our-ap). And having combed through the various MSDN articles on the subject, the summary appears to be as follows: The installer (elevated) should register the global ProgID HKLM\Software\Classes\my-app.my-doc[.version] (e.g. HKLM\Software\Classes\TextPad.text) The installer also configures default associations for its document types (e.g. .myext) and points this to the aforementioned global ProgID in HKLM. NOTE: a user interface should be provided here to allow the user to either accept all default associations, or to customize which associations should be set. The application, running standard (unelevated), should provide a UI for allowing the current user to set their personal associations as is available in the installer, except that these associations are stored in HKCU\Software\Classes (per user, not per machine). The UN-installer is then responsible for deleting all registered ProgIDs (but should leave the actual file associations alone, as Windows is smart enough to handle associations pointing to missing ProgIDs, and this is the specified desired behavior by MSDN). So that schema sounds reasonable to me, except when I consider #4: How does an uninstaller, running elevated for a given user account, delete any per-user ProgIDs created in step #3 for other users? As I understand things, even in elevated mode, an uninstaller cannot go into another user's registry hive and delete items? Or can it? Does it have to load each given user hive first? What are the rules here? Thanks for any insight you might have to offer! EDIT: See below for the solution (My question was founded in confusion)

    Read the article

  • How to delete an empty column in HTML table using XSLT?

    - by Monomachus
    Hi, How to delete an empty column in HTML table using XSLT, and having something like this: <table id="cas6"> <tr> <td /> <td> <table> <tr> <td>rechin</td> <td /> </tr> <tr> <td>amarillo</td> <td /> </tr> </table> </td> </tr> </table> <table id="cas7"> <tr> <td>rechin</td> <td /> </tr> <tr> <td>amarillo</td> <td /> </tr> <tr> <td>this shouldn't been</td> <td>deleted</td> </tr> </table> To delete the empty column, this being said to remove td's which are empty in all tr's in a Xth position

    Read the article

  • PHP - How do you secure a unique variable name?

    - by 102319141763223461745
    This function cropit, which I shamelessly stole off the internet, crops a 90x60 area from an existing image. In this code, when I use the function for more than one item (image) the one will display on top of the other (they come to occupy the same output space). I think this is because the function has the same (static) name ($dest) for the destination of the image when it's created (imagecopy). I tried, as you can see to include a second argument to the cropit function which would serve as the "name" of the $dest variable, but it didn't work. In the interest of full disclosure I have 22 hours of PHP experience (incidentally the same number of hours since the last I slept) and I am not that smart to begin with. Even if there's something else at work here entirely, seems to me that generally it must be useful to have a way to secure that a variable is always given a unique name. function cropit($srcimg, $dest) { $im = imagecreatefromjpeg($srcimg); $img_width = imagesx($im); $img_height = imagesy($im); $width = 90; $height = 60; $tlx = floor($img_width / 2) - floor ($width / 2); $tly = floor($img_height / 2) - floor ($height / 2); if ($tlx < 0) { $tlx = 0; } if ($tly < 0) { $tly = 0; } if (($img_width - $tlx) < $width) { $width = $img_width - $tlx; } if (($img_height - $tly) < $height) { $height = $img_height - $tly; } $dest = imagecreatetruecolor ($width, $height); imagecopy($dest, $im, 0, 0, $tlx, $tly, $width, $height); imagejpeg($dest); imagedestroy($dest); } $img = "imagefolder\imageone.jpg"; $img2 = "imagefolder\imagetwo.jpg"; cropit($img, $i1); cropit($img2, $i2); ?

    Read the article

  • Remove duplicates from a list of nested dictionaries

    - by user2924306
    I'm writing my first python program to manage users in Atlassian On Demand using their RESTful API. I call the users/search?username= API to retrieve lists of users, which returns JSON. The results is a list of complex dictionary types that look something like this: [ { "self": "http://www.example.com/jira/rest/api/2/user?username=fred", "name": "fred", "avatarUrls": { "24x24": "http://www.example.com/jira/secure/useravatar?size=small&ownerId=fred", "16x16": "http://www.example.com/jira/secure/useravatar?size=xsmall&ownerId=fred", "32x32": "http://www.example.com/jira/secure/useravatar?size=medium&ownerId=fred", "48x48": "http://www.example.com/jira/secure/useravatar?size=large&ownerId=fred" }, "displayName": "Fred F. User", "active": false }, { "self": "http://www.example.com/jira/rest/api/2/user?username=andrew", "name": "andrew", "avatarUrls": { "24x24": "http://www.example.com/jira/secure/useravatar?size=small&ownerId=andrew", "16x16": "http://www.example.com/jira/secure/useravatar?size=xsmall&ownerId=andrew", "32x32": "http://www.example.com/jira/secure/useravatar?size=medium&ownerId=andrew", "48x48": "http://www.example.com/jira/secure/useravatar?size=large&ownerId=andrew" }, "displayName": "Andrew Anderson", "active": false } ] I'm calling this multiple times and thus getting duplicate people in my results. I have been searching and reading but cannot figure out how to deduplicate this list. I figured out how to sort this list using a lambda function. I realize I could sort the list, then iterate and delete duplicates. I'm thinking there must be a more elegant solution. Thank you!

    Read the article

  • Storing an encrypted cookie with Rails

    - by J. Pablo Fernández
    I need to store a small piece of data (less than 10 characters) in a cookie in Rails and I need it to be secure. I don't want anybody being able to read that piece of data or injecting their own piece of data (as that would open up the app to many kinds of attacks). I think encrypting the contents of the cookie is the way to go (should I also sign it?). What is the best way to do it? Right now I'm doing this, which looks secure, but many things looked secure to people that knew much more than I about security and then it was discovered it wasn't really secure. I'm saving the secret in this way: encryptor = ActiveSupport::MessageEncryptor.new(Example::Application.config.secret_token) cookies[:secret] = { :value => encryptor.encrypt(secret), :domain => "example.com", :secure => !(Rails.env.test? || Rails.env.development?) } and then I'm reading it like this: encryptor = ActiveSupport::MessageEncryptor.new(Example::Application.config.secret_token) secret = encryptor.decrypt(cookies[:secret]) Is that secure? Any better ways of doing it? Update: I know about Rails' session and how it is secure, both by signing the cookie and by optionally storing the contents of the session server side and I do use the session for what it is for. But my question here is about storing a cookie, a piece of information I do not want in the session but I still need it to be secure.

    Read the article

  • SSL setup: UCC or wildcard certificates?

    - by quanza
    I've scoured the web for a clear and concise answer to my SSL question, but to no avail. So here goes: I have a web-service requiring SSL support for authentication pages. The root-level domain does not have the "www" - i.e., secure://domain.com - but localized pages use "language-code.domain.com", i.e. secure://ja.domain.com So I need at least a wildcard SSL certificate that supports secure://*.domain.com However, we also have a public sandbox environment at sandbox.domain.com, which we also need to support under localized domains - so secure://ja.sandbox.domain.com needs to also work. The previous admin managed to purchase a wildcard SSL certificate for .domain.com, but with a Subject Alternative Name for "domain.com". So, I'm thinking of trying to get a wildcard certificate with SANs defined as "domain.com" and ".*.domain.com". But now I'm getting confused because there seem to be separate SAN certificates, also called UCC certificates. Can someone clarify whether it's possible to get a wildcard certificate with additional SAN fields, and ultimately what the best way is to support: secure://domain.com secure://.domain.com secure://.*.domain.com with the fewest (and cheapest!) number of SSL certificates? Thanks!

    Read the article

  • Spring 3 simple extentionless url mappings with annotation-based mapping - impossible?

    - by caerphilly
    Hi, I'm using Spring 3, and trying to set up a simple web-app using annotations to define controller mappings. This seems to be incredibly difficult without peppering all the urls with *.form or *.do Because part of the site needs to be password protected, these urls are all under /secure. There is a <security-constraint> in the web.xml protecting everything under that root. I want to map all the Spring controllers to /secure/app/. Example URLs would be: /secure/app/landingpage /secure/app/edit/customer/{id} each of which I would handle with an appropriate jsp/xml/whatever. So, in web.xml I have this: <servlet> <servlet-name>dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>dispatcher</servlet-name> <url-pattern>/secure/app/*</url-pattern> </servlet-mapping> And in despatcher-servlet.xml I have this: <context:component-scan base-package="controller" /> In the Controller package I have a controller class: package controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.servlet.ModelAndView; import javax.servlet.http.HttpServletRequest; @Controller @RequestMapping("/secure/app/main") public class HomePageController { public HomePageController() { } @RequestMapping(method = RequestMethod.GET) public ModelAndView getPage(HttpServletRequest request) { ModelAndView mav = new ModelAndView(); mav.setViewName("main"); return mav; } } Under /WEB-INF/jsp I have a "main.jsp", and a suitable view resolver set up to point to this. I had things working when mapping the despatcher using *.form, but can't get anything working using the above code. When Spring starts up it appears to map everything correctly: 13:22:36,762 INFO main annotation.DefaultAnnotationHandlerMapping:399 - Mapped URL path [/secure/app/main] onto handler [controller.HomePageController@2a8ab08f] I also noticed this line, which looked suspicious: 13:25:49,578 DEBUG main servlet.DispatcherServlet:443 - No HandlerMappings found in servlet 'dispatcher': using default And at run time any attempt to view /secure/app/main just returns a 404 error in Tomcat, with this log output: 13:25:53,382 DEBUG http-8080-1 servlet.DispatcherServlet:842 - DispatcherServlet with name 'dispatcher' determining Last-Modified value for [/secure/app/main] 13:25:53,383 DEBUG http-8080-1 servlet.DispatcherServlet:850 - No handler found in getLastModified 13:25:53,390 DEBUG http-8080-1 servlet.DispatcherServlet:690 - DispatcherServlet with name 'dispatcher' processing GET request for [/secure/app/main] 13:25:53,393 WARN http-8080-1 servlet.PageNotFound:962 - No mapping found for HTTP request with URI [/secure/app/main] in DispatcherServlet with name 'dispatcher' 13:25:53,393 DEBUG http-8080-1 servlet.DispatcherServlet:677 - Successfully completed request So... Spring maps a URL, and then "forgets" about that mapping a second later? What is going on? Thanks.

    Read the article

  • T-SQL Script to Delete All The Relationships Between A Bunch Of Tables in a Schema and Other Bunch i

    - by Galilyou
    Guys, I have a set of tables (say Account, Customer) in a schema (say dbo) and I have some other tables (say Order, OrderItem) in another schema (say inventory). There's a relationship between the Order table and the Customer table. I want to delete all the relationships between the tables in the first schema (dbo) and the tables in the second schema (inventory), without deleting the relationships between tables inside the same schema. Is that possible? Any help appreciated.

    Read the article

  • Nhibernate: One-To-Many mapping problem - Cannot cascade delete without inverse. Set NULL error

    - by KnaveT
    Hi, I have the current scenario whereby an Article has only 1 Outcome each. Each Article may or may not have an Outcome. In theory, this is a one-to-one mapping, but since NHibernate does not really support one-to-one, I used a One-To-Many to substitute. My Primary Key on the child table is actually the ArticleID (FK). So I have the following setup: Classes public class Article { public virtual Int32 ID { get;set;} private ICollection<ArticleOutcome> _Outcomes {get;set;} public virtual ArticleOutcome Outcome { get { if( this._Outcomes !=null && this._Outcomes.Count > 0 ) return this._Outcomes.First(); return null; } set { if( value == null ) { if( this._Outcomes !=null && this._Outcomes.Count > 0 ) this._Outcomes.Clear(); } else { if( this._Outcomes == null ) this._Outcomes = new HashSet<ArticleOutcome>(); else if ( this._Outcomes.Count >= 1 ) this._Outcomes.Clear(); this._Outcomes.Add( value ); } } } } public class ArticleOutcome { public virtual Int32 ID { get;set; } public virtual Article ParentArticle { get;set;} } Mappings public class ArticleMap : ClassMap<Article> { public ArticleMap() { this.Id( x=> x.ID ).GeneratedBy.Identity(); this.HasMany<ArticleOutcome>( Reveal.Property<Article>("_Outcomes") ) .AsSet().KeyColumn("ArticleID") .Cascade.AllDeleteOrphan() //Cascade.All() doesn't work too. .LazyLoad() .Fetch.Select(); } } public class ArticleOutcomeMap : ClassMap<ArticleOutcome> { public ArticleOutcomeMap(){ this.Id( x=> x.ID, "ArticleID").GeneratedBy.Foreign("ParentArticle"); this.HasOne( x=> x.ParentArticle ).Constrained (); //This do not work also. //this.References( x=> x.ParentArticle, "ArticleID" ).Not.Nullable(); } } Now my problem is this: It works when I do an insert/update of the Outcome. e.g. var article = new Article(); article.Outcome = new ArticleOutcome { xxx = "something" }; session.Save( article ); However, I encounter SQL errors when attempting to delete via the Article itself. var article = session.Get( 123 ); session.Delete( article ); //throws SQL error. The error is something to the like of Cannot insert NULL into ArticleID in ArticleOutcome table. The deletion works if I place Inverse() to the Article's HasMany() mapping, but insertion will fail. Does anyone have a solution for this? Or do I really have to add a surrogate key to the ArticleOutcome table?

    Read the article

  • How to delete data from multiple tables in sqlite?

    - by diana
    I am using sqlite database to store data. I have three tables: Invoice, InvRow, Invdetails. Relationsip between the tables are: Invoice.Id = InvRow.InvId InvRow.Id = Invdetails.RowId I need to delete related entries from three tables using a single query. How can I do that? Any help?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 84 85 86 87 88 89 90 91 92 93 94 95  | Next Page >