Search Results

Search found 20283 results on 812 pages for 'security context'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 89/812 | < Previous Page | 85 86 87 88 89 90 91 92 93 94 95 96  | Next Page >

  • sudoers security

    - by jetboy
    I've setup a script to do Subversion updates across two servers - the localhost and a remote server - called by a post-commit hook run by the www-data user. /srv/svn/mysite/hooks/post-commit contains: sudo -u cli /usr/local/bin/svn_deploy /usr/local/bin/svn_deploy is owned by the cli user, and contains: #!/bin/sh svn update /srv/www/mysite ssh cli@remotehost 'svn update /srv/www/mysite' To get this to work I've had to add the following to the sudoers file: www-data ALL = (cli) NOPASSWD: /usr/local/bin/svn_deploy cli ALL = NOEXEC:NOPASSWD: /usr/local/bin/svn_deploy Entries for both www-data and cli were necessary to avoid the error: post commit hook failed: no tty present and no askpass program specified I'm wary of giving any kind of elevated rights to www-data. Is there anything else I should be doing to reduce or eliminate any security risk?

    Read the article

  • Change right-click context menu options in VS2008

    - by Mark Ursino
    When I right-click in my class library, I get some quick options to create things, like an Item from the popup list (New Item...), a User Control, etc. E.g. Now in my web app project, I'd like to be able to get the User Control listed in the right-click menu just like Component and Class, so I don't have to click New Item... then choose it from there. Is there a way to do this in the configuration? I can't seem to figure it out in VS.

    Read the article

  • Losing context from JQuery post with ASP.Net MVC

    - by Dan
    I have a JQuery dialog box on a page that calls something like this: $.post("/MyController/MyAction", { myKey: key} //... And this successfully gets here: [HttpPost] public ActionResult MyAction(int myKey) { //do some stuff return RedirectToAction("AnotherAction"); } The problem is that the RedirectToAction has no effect on the webbrowser. I am guessing this is because the JQuery post is kinda on a different 'tread' so it doesn't know where to send the response? How do I get the browser to load the new response?

    Read the article

  • .NET - Retrieve attribute from controller context?

    - by ropstah
    I have a controller insert action: <AcceptVerbs(HttpVerbs.Post)> _ Function InsertObject(<Bind(Exclude:="Id")> <ModelBinder(GetType(CustomModelBinder))> ByVal object As SomeObject) As ActionResult End Function And i have a CustomModelBinder class with a BindModel implementation: Public Function BindModel( _ ByVal controllerContext As System.Web.Mvc.ControllerContext, _ ByVal bindingContext As System.Web.Mvc.ModelBindingContext) As Object Implements System.Web.Mvc.IModelBinder.BindModel For Each s In HttpContext.Current.Request.Form.Keys HttpContext.Current.Response.Write(s & ": " & HttpContext.Current.Request.Form(s) & "<br />") Next HttpContext.Current.Response.End() End Function As you can see I have a controllerContext and a ModelBindingContext available. How do I get the: <Bind(Exclude:="Id")> part inside the BindModel implementation?

    Read the article

  • What are the tradeoffs involved in referencing Context in a library?

    - by C. Ross
    Context is one of the core classes of Android, and many functions it contains are useful in Android library projects, particularly accessing configuration. What are the trade offs involved in accessing the Context in a library, either by injection or by subclassing Application in the library, and subclassing that in the application. Does this make the application brittle or introduce inappropriate coupling?

    Read the article

  • Access VBA question: Change the query being referenced by a function, depending on context

    - by Tara Amatista
    I have a custom function in Access2007 that hinges on grabbing data out of a specific query. It opens Outlook, creates a new email and populates the fields with specific addresses and data taken from the query ("DecisionEmail"). Now I want to make a different query ("RequestEmail") and have it populate the email with that data. So all I have to do is change this line: Set MailList = db.OpenRecordset("DecisionEmail") and that's where I get stumped. This is my desired result: If the user is on Form_Decision and clicks the button "Send email", "DecisionEmail" will get plugged into the function and that data will appear in the email. If the user on Form_SendRequest and clicks the button "Send email", "RequestEmail" will instead get plugged in. The reason that these are different queries is because they contain very different information that is smudged about in different ways. However, since it's just one little thing that needs to change in the function code, I don't think a brand new function is a good idea. My last resort would be to make a brand new function and use the Conditions field in the Macro interface to choose between them, but I have a feeling there's a more elegant solution possible. I have a vague notion of setting the query names as variables and using an If statement but I just don't have the mental vocabulary for thinking through this.

    Read the article

  • Minimizing Java Thread Context Switching Overhead

    - by binil
    I have a Java application running on Sun 1.6 32-bit VM/Solaris 10 (x86)/Nahelem 8-core(2 threads per core). A specific usecase in the application is to respond to some external message. In my performance test environment, when I prepare and send the response in the same thread that receives the external input, I get about 50 us advantage than when I hand off the message to a separate thread to send the response. I use a ThreadPoolExecutor with a SynchronousQueue to do the handoff. In your experience what is the acceptable delay between scheduling a task to a thread pool and it getting picked up for execution? What ideas had worked for you in the past to try improve this?

    Read the article

  • Is this iptables NAT exploitable from the external side?

    - by Karma Fusebox
    Could you please have a short look on this simple iptables/NAT-Setup, I believe it has a fairly serious security issue (due to being too simple). On this network there is one internet-connected machine (running Debian Squeeze/2.6.32-5 with iptables 1.4.8) acting as NAT/Gateway for the handful of clients in 192.168/24. The machine has two NICs: eth0: internet-faced eth1: LAN-faced, 192.168.0.1, the default GW for 192.168/24 Routing table is two-NICs-default without manual changes: Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 (externalNet) 0.0.0.0 255.255.252.0 U 0 0 0 eth0 0.0.0.0 (externalGW) 0.0.0.0 UG 0 0 0 eth0 The NAT is then enabled only and merely by these actions, there are no more iptables rules: echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # (all iptables policies are ACCEPT) This does the job, but I miss several things here which I believe could be a security issue: there is no restriction about allowed source interfaces or source networks at all there is no firewalling part such as: (set policies to DROP) /sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT /sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT And thus, the questions of my sleepless nights are: Is this NAT-service available to anyone in the world who sets this machine as his default gateway? I'd say yes it is, because there is nothing indicating that an incoming external connection (via eth0) should be handled any different than an incoming internal connection (via eth1) as long as the output-interface is eth0 - and routing-wise that holds true for both external und internal clients that want to access the internet. So if I am right, anyone could use this machine as open proxy by having his packets NATted here. So please tell me if that's right or why it is not. As a "hotfix" I have added a "-s 192.168.0.0/24" option to the NAT-starting command. I would like to know if not using this option was indeed a security issue or just irrelevant thanks to some mechanism I am not aware of. As the policies are all ACCEPT, there is currently no restriction on forwarding eth1 to eth0 (internal to external). But what are the effective implications of currently NOT having the restriction that only RELATED and ESTABLISHED states are forwarded from eth0 to eth1 (external to internal)? In other words, should I rather change the policies to DROP and apply the two "firewalling" rules I mentioned above or is the lack of them not affecting security? Thanks for clarification!

    Read the article

  • Security review of an authenticated Diffie Hellman variant

    - by mtraut
    EDIT I'm still hoping for some advice on this, i tried to clarify my intentions... When i came upon device pairing in my mobile communication framework i studied a lot of papers on this topic and and also got some input from previous questions here. But, i didn't find a ready to implement protocol solution - so i invented a derivate and as i'm no crypto geek i'm not sure about the security caveats of the final solution: The main questions are Is SHA256 sufficient as a commit function? Is the addition of the shared secret as an authentication info in the commit string safe? What is the overall security of the 1024 bit group DH I assume at most 2^-24 bit probability of succesful MITM attack (because of 24 bit challenge). Is this plausible? What may be the most promising attack (besides ripping the device out off my numb, cold hands) This is the algorithm sketch For first time pairing, a solution proposed in "Key agreement in peer-to-peer wireless networks" (DH-SC) is implemented. I based it on a commitment derived from: A fix "UUID" for the communicating entity/role (128 bit, sent at protocol start, before commitment) The public DH key (192 bit private key, based on the 1024 bit Oakley group) A 24 bit random challenge Commit is computed using SHA256 c = sha256( UUID || DH pub || Chall) Both parties exchange this commitment, open and transfer the plain content of the above values. The 24 bit random is displayed to the user for manual authentication DH session key (128 bytes, see above) is computed When the user opts for persistent pairing, the session key is stored with the remote UUID as a shared secret Next time devices connect, commit is computed by additionally hashing the previous DH session key before the random challenge. For sure it is not transfered when opening. c = sha256( UUID || DH pub || DH sess || Chall) Now the user is not bothered authenticating when the local party can derive the same commitment using his own, stored previous DH session key. After succesful connection the new DH session key becomes the new shared secret. As this does not exactly fit the protocols i found so far (and as such their security proofs), i'd be very interested to get an opinion from some more crypto enabled guys here. BTW. i did read about the "EKE" protocol, but i'm not sure what the extra security level is.

    Read the article

  • How do I update Safari on Windows?

    - by James A. Rosen
    I'd like to update Safari to 4.0.5 for security reasons, but I can't figure out how to run the Apple updater manually. On Mac there's usually a "Check for Updates" menu item, but I don't see one on the Windows version. I tried downloading the latest version from http://www.apple.com/safari/download/, but Windows won't let me open the file, saying it is a security risk.

    Read the article

  • Merge XML files with configurable rules (context: Maven POMs, Java)

    - by Patrick Bergner
    Hi, I'm currently writing some kind of a Maven POM preprocessor that assembles a POM for a project from multiple input files (basically a template and a module specific file). The files are hierarchically ordered (template = most general, module specific = least general). The problem is now to merge these files into a single POM file. Long story short or if you're not familiar with Maven: a POM looks like this (shortened): <project> <modelVersion>4.0.0</modelVersion> <dependencies> <dependency> <groupId>org.apache.maven</groupId> <artifactId>maven-core</artifactId> </dependency> </dependencies> </project> Basically the merger shall replace all values of the more general file with the values of the more specific file (i.e. singletons, e.g. the <modelVersion> above) but there are certain elements where the merger shall add the more certain element to a parent (i.e. collections, e.g. <dependency> elements shall always be added to the <dependencies> element and no <dependency> element shall be replaced by another). A more detailed example with definition of desired output: File A: <project> <modelVersion>A</modelVersion> <dependencies> <dependency> <groupId>groupIdA</groupId> <artifactId>artifactIdA</artifactId> </dependency> </dependencies> </project> File B: <project> <modelVersion>B</modelVersion> <dependencies> <dependency> <groupId>groupIdB</groupId> <artifactId>artifactIdB</artifactId> </dependency> </dependencies> </project> Desired output: <project> <modelVersion>B</modelVersion> <dependencies> <dependency> <groupId>groupIdA</groupId> <artifactId>artifactIdA</artifactId> </dependency> <dependency> <groupId>groupIdB</groupId> <artifactId>artifactIdB</artifactId> </dependency> </dependencies> </project> The set of collection type elements are known and should be configurable (preferably via a set of XPath expressions). A Java based solution is appreciated. What looked most promising so far was the tool mentioned here but the MERGE action produces something like <dependency> <groupId>groupIdAgroupIdB</groupId> <artifactId>artifactIdAartifactIdB</artifactId> </dependency> when merging, which is not what I need. Any ideas? Thanks for your help!

    Read the article

  • jQuery Running a function in a context and adding to a variable

    - by Mark
    For this question I'm going to give a simplified example of what I want to do, and the function I want to learn to write. var collection = ''; <div id='container'> <span>1</span> <span>2</span> <span>3</span> </div> What I want to do this, for every span in the div, take its text, add it to the collection. So ideally it would look like: $('#container').addtoCollection(collection); The method would be something like: $(this).find('span').each(function () { collection = collection + $(this).text(); }). Where the first this would equal #container. So in the end you can do: console.log(collection); and get: 123 How do I write the function that does this? Thanks!

    Read the article

  • Performance & Security Factors of Symbolic Links

    - by Stoosh
    I am thinking about rolling out a very stripped down version of release management for some PHP apps I have running. Essentially the plan is to store each release in /home/release/1.x etc (exported from a tag in SVN) and then do a symlink to /live_folder and change the document root in the apache config. I don't have a problem with setting all this up (I've actually got it working at the moment), however I'm a developer with just basic knowledge of the server admin side of things. Is there anything I need to be aware of from a security or performance perspective when using this method of release management? Thanks

    Read the article

  • [Using $this when not in object context in] php error

    - by JasonS
    I have solved this problem, I just need to know what to do. I get the above error because I just realised that the class is being run as class::function($values) instead of class-function($values). Does anyone know how to convert this function to instantiate the class then run the function with values? private function _load($values=null) { define('LOADED_CONTROLLER', $this->controller); define('LOADED_FUNCTION', $this->function); $function = $this->function; $controller = new $this->controller; ($values == null) ? $controller->$function() : call_user_func_array(array($this->controller, $function), $values); }

    Read the article

  • JAVA: Can't get context parameters in Filter

    - by DaTval
    Hello, I have a filter and parameters in web.xml web.xml is like this: <filter> <description> </description> <display-name>AllClassFilter</display-name> <filter-name>AllClassFilter</filter-name> <filter-class>com.datval.homework.AllClassFilter</filter-class> <init-param> <param-name>DB_URL</param-name> <param-value>jdbc:derby:C:/Users/admin/workspace/homework03/homework/databases/StudentsDB;create=true</param-value> </init-param> <init-param> <param-name>DB_DIALECT</param-name> <param-value>org.hibernate.dialect.DerbyDialect</param-value> </init-param> <init-param> <param-name>DB_DRIVER</param-name> <param-value>org.apache.derby.jdbc.EmbeddedDriver</param-value> </init-param> </filter> mapping is working well. But I can't get this parameters in my filter. public void init(FilterConfig config) throws ServletException { // TODO Auto-generated method stub debugMessage = config.getInitParameter("debugMessage"); ctx = config.getServletContext(); } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { // TODO Auto-generated method stub // place your code here ctx.log("Start - " + debugMessage); String myDbUrl = ctx.getInitParameter("DB_URL"); String DB_DIALECT = ctx.getInitParameter("DB_DIALECT"); String DB_DRIVER = ctx.getInitParameter("DB_DRIVER"); Map<String,String> pr = new HashMap<String,String>(); pr.put("hibernate.connection.url", myDbUrl); pr.put("hibernate.dialect", DB_DIALECT); pr.put("hibernate.connection.driver_class", DB_DRIVER); EntityManagerFactory emf = Persistence.createEntityManagerFactory("students",pr); EntityManager em = emf.createEntityManager(); request.setAttribute("em", em); chain.doFilter(request, response); em.close(); ctx.log("end - " + debugMessage); } I have checked and myDbUrl is null. What I'm doing wrong? Any idea? Sorry about code, I will change it later :)

    Read the article

  • How to bind to foreach context ?

    - by Rebol Tutorial
    Currently I have this snippet of code: save-blocks: func[file /local f out][ foreach [field1 field2 field3 field4 field5 field6 field7 field8 field9] blocks [ out: copy "" repeat n 9 [ part: get bind to-word rejoin ["field" n] 'field1 out: rejoin [out part ";"] ] remove back tail out write/lines/append f out ] It's not generic enough, I'd like to pass this block: [field1 field2 field3 field4 field5 field6 field7 field8 field9] as parameter and write something like this: save-blocks: func[block file /local f out][ foreach block blocks [ out: copy "" repeat n 9 [ part: get bind to-word rejoin ["field" n] 'field1 out: rejoin [out part ";"] ] remove back tail out write/lines/append f out ] But I don't know how to bind in this case too hard for me :(

    Read the article

  • Windows Security popup window pops up each time any connection is made

    - by MC Emperor
    I have a problem with the Windows Security popup below. It pops up every time the system tries to make connection with any internet source. It's very annoying, and I don't know how to resolve the problem. (The popup window below is in Dutch, but says something like Connect to somedomain.com. Then it expects you to give your credentials.) I am running on a Windows 7 x64 OS. Now how do I solve this problem? Is it a Windows Firewall problem?

    Read the article

  • Security considerations when giving access to SQL Server db for a web application

    - by rem
    I need to expose our SQL Server 2008 database for an access from a asp.net web application. This is a new task for me, so I would like to know what basic security requirements are there for configuring software and hardware components of web server and DB Server. Is it OK to have both Web Server (Windows Server 2008) with IIS holding ASP.NET application and SQL Server 2008 on the same machine? Should I have to install additional firewall, like Forefront TMG? Should it be on separate computer? In case a web application is hosted on an external web hosting privider server and SQL Server DB on a our internal server what are "pro's" and "con's" of such configuration?

    Read the article

  • Endless saving of CoreData Context

    - by Robert
    Sometimes I noticed that a 'save:' operation an a ManagedObjectContext never returns and consumes 100% CPU. I'm using an SQL Store in a GarbageCollected environment (Mac OS X 10.6.3). The disk activity shows about 700 KB/s writing. While having a look at the folder that contains the sqlite database file the "-journal" file appears and disappears, appears and disappears, ... This is part of the call graph from the process analysis: 2203 -[NSManagedObjectContext save:] 1899 -[NSPersistentStoreCoordinator(_NSInternalMethods) executeRequest:withContext:] 1836 -[NSSQLCore executeRequest:withContext:] 1836 -[NSSQLCore saveChanges:] 1479 -[NSSQLCore performChanges] ... 335 -[NSSQLCore recordChangesInContext:] ... 20 -[NSSQLCore rollbackChanges] ... 2 -[NSSQLCore prepareForSave:] ... 62 -[NSPersistentStoreCoordinator(_NSInternalMethods) _checkRequestForStore:originalRequest:andOptimisticLocking:] ... 1 -[NSPersistentStore(_NSInternalMethods) _preflightCrossCheck] ... 184 -[NSMergePolicy resolveConflicts:] ... 120 -[NSManagedObjectContext(_NSInternalChangeProcessing) _prepareForPushChanges:] ... Everything a happening in the main GUI thread. Any ideas what I can to do to resolve the problem?

    Read the article

  • How can I change ruby log level in unit tests based on context

    - by Stuart
    I'm new to ruby so forgive me if this is simple or I get some terminology wrong. I've got a bunch of unit tests (actually they're integration tests for another project, but they use ruby test/unit) and they all include from a module that sets up an instance variable for the log object. When I run the individual tests I'd like log.level to be debug, but when I run a suite I'd like log.level to be error. Is it possible to do this with the approach I'm taking, or does the code need to be restructured? Here's a small example of what I have so far. The logging module: #!/usr/bin/env ruby require 'logger' module MyLog def setup @log = Logger.new(STDOUT) @log.level = Logger::DEBUG end end A test: #!/usr/bin/env ruby require 'test/unit' require 'mylog' class Test1 < Test::Unit::TestCase include MyLog def test_something @log.info("About to test something") # Test goes here @log.info("Done testing something") end end A test suite made up of all the tests in its directory: #!/usr/bin/env ruby Dir.foreach(".") do |path| if /it-.*\.rb/.match(File.basename(path)) require path end end

    Read the article

  • How can this Ambient Context become null?

    - by Mark Seemann
    Can anyone help me explain how TimeProvider.Current can become null in the following class? public abstract class TimeProvider { private static TimeProvider current = DefaultTimeProvider.Instance; public static TimeProvider Current { get { return TimeProvider.current; } set { if (value == null) { throw new ArgumentNullException("value"); } TimeProvider.current = value; } } public abstract DateTime UtcNow { get; } public static void ResetToDefault() { TimeProvider.current = DefaultTimeProvider.Instance; } } Observations All unit tests that directly reference TimeProvider also invokes ResetToDefault() in their Fixture Teardown. There is no multithreaded code involved. Once in a while, one of the unit tests fail because TimeProvider.Current is null (NullReferenceException is thrown). This only happens when I run the entire suite, but not when I just run a single unit test, suggesting to me that there is some subtle test interdependence going on. It happens approximately once every five or six test runs. When a failure occurs, it seems to be occuring in the first executed tests that involves TimeProvider.Current. More than one test can fail, but only one fails in a given test run. FWIW, here's the DefaultTimeProvider class as well: public class DefaultTimeProvider : TimeProvider { private readonly static DefaultTimeProvider instance = new DefaultTimeProvider(); private DefaultTimeProvider() { } public override DateTime UtcNow { get { return DateTime.UtcNow; } } public static DefaultTimeProvider Instance { get { return DefaultTimeProvider.instance; } } } I suspect that there's some subtle interplay going on with static initialization where the runtime is actually allowed to access TimeProvider.Current before all static initialization has finished, but I can't quite put my finger on it. Any help is appreciated.

    Read the article

  • VBA: For each cell does not work - Range is change and Out of context

    - by user1744638
    I have problem with for each cell. I have like that : Set cur_sheet = Worksheets("Sheet2") Set Rng = cur_sheet.Range("A1", "C1523") For Each cell In Rng.Cells a=1 next cell if there is row 370 that I have error message " Run time error 94" Invalid use of Null So I do not know what can I change. This row should be ok, filled with text. Why this FOR is not working properly and change range !! ? 370 rows are proceesed correctly, than it is error. Do you have any ideas ?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 85 86 87 88 89 90 91 92 93 94 95 96  | Next Page >