Search Results

Search found 57859 results on 2315 pages for 'daniel schrijver@oracle com'.

Page 91/2315 | < Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >

  • Using wget to download pdf files from a site that requires cookies to be set

    - by matt74tm
    I want to access a newspaper site and then download their epaper copies (in PDF). The site requires me to login using my email address and password and then it permits me to access those PDF URLs. I'm having trouble 'setting my session' in wget. When I login into the site from my browser, it sets two cookie values: UserID=abc@gmail.com Password=12345 I tried: wget --post-data "[email protected]&Password=12345" http://epaper.abc.com/login.aspx However, that just downloaded the login page and saved it locally The FORM on the login page has two fields: txtUserID txtPassword and radiobuttons like this: <input id="rbtnManchester" type="radio" checked="checked" name="txtpub" value="44"> Another button: <input id="rbtnLondon" type="radio" name="txtpub" value="64"> If I post this to the login.aspx page, I get the same output wget --post-data "[email protected]&txtPassword=12345&txtpub=44" http://epaper.abc.com/login.aspx If I do: --save-cookies abc_cookies.txt it doesnt seem to have anything other than the default content. For the last if I do --debug as well it says: ... Set-Cookie: ASP.NET_SessionId=05kphcn4hjmblq45qgnjoe41; path=/; HttpOnly ... Stored cookie epaper.abc.com -1 (ANY) / <session> <insecure> [expiry none] ASP.NET_SessionId 05kphcn4hjmblq45qgnjoe41 Length: 107253 (105K) [text/html] Saving to: `login.aspx' ... Saving cookies to abc_cookies.txt. However, abc_cookies.txt shows ONLY the following: # HTTP cookie file. # Generated by Wget on 2011-08-16 08:03:05. # Edit at your own risk. (Not sure why I'm not getting any responses on SO - perhaps SU is a better forum - http://stackoverflow.com/questions/7064171/using-wget-to-download-pdf-files-from-a-site-that-requires-cookies-to-be-set) EDIT 1 C:\Temp>wget --cookies=on --keep-session-cookies --save-cookies abc_cookies.txt --post-data "txtUserID=abc%40gmail.com&txtPassword=password&txtpub=44&chkbox=checkbox&submit.x=48&submit.y=7" http://epaper.abc.com/login.aspx --debug SYSTEM_WGETRC = c:/progra~1/wget/etc/wgetrc syswgetrc = C:\Program Files (x86)\GnuWin32/etc/wgetrc DEBUG output created by Wget 1.11.4 on Windows-MinGW. --2011-08-18 08:15:59-- http://epaper.abc.com/login.aspx Resolving epaper.abc.com... seconds 0.00, 999.999.99.99 Caching epaper.abc.com => 999.999.99.99 Connecting to epaper.abc.com|999.999.99.99|:80... seconds 0.00, connected. Created socket 300. Releasing 0x00a2ae80 (new refcount 1). ---request begin--- POST /login.aspx HTTP/1.0 User-Agent: Wget/1.11.4 Accept: */* Host: epaper.abc.com Connection: Keep-Alive Content-Type: application/x-www-form-urlencoded Content-Length: 100 ---request end--- [POST data: txtUserID=abc%40gmail.com&txtPassword=password&txtpub=44&chkbox=checkbox&submit.x=48&submit.y=7] HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 200 OK Connection: keep-alive Date: Thu, 18 Aug 2011 02:46:17 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=owcrje55yl45kgmhn43gq145; path=/; HttpOnly Cache-Control: private Content-Type: text/html; charset=utf-8 Content-Length: 107253 ---response end--- 200 OK Registered socket 300 for persistent reuse. Stored cookie epaper.abc.com -1 (ANY) / <session> <insecure> [expiry none] ASP.NET_SessionId owcrje55yl45kgmhn43gq145 Length: 107253 (105K) [text/html] Saving to: `login.aspx.1' 100%[======================================================================================================================>] 107,253 24.9K/s in 4.2s 2011-08-18 08:16:05 (24.9 KB/s) - `login.aspx.1' saved [107253/107253] Saving cookies to abc_cookies.txt. Done saving cookies. C:\Temp>wget --referer=http://epaper.abc.com/login.aspx --cookies=on --load-cookies abc_cookies.txt --keep-session-cookies --save-cookies abc_cookies.txt http://epaper.abc.com/PagePrint/16_08_2011_001.pdf --debug SYSTEM_WGETRC = c:/progra~1/wget/etc/wgetrc syswgetrc = C:\Program Files (x86)\GnuWin32/etc/wgetrc DEBUG output created by Wget 1.11.4 on Windows-MinGW. Stored cookie epaper.abc.com -1 (ANY) / <session> <insecure> [expiry none] ASP.NET_SessionId owcrje55yl45kgmhn43gq145 --2011-08-18 08:16:12-- http://epaper.abc.com/PagePrint/16_08_2011_001.pdf Resolving epaper.abc.com... seconds 0.00, 999.999.99.99 Caching epaper.abc.com => 999.999.99.99 Connecting to epaper.abc.com|999.999.99.99|:80... seconds 0.00, connected. Created socket 300. Releasing 0x00598290 (new refcount 1). ---request begin--- GET /PagePrint/16_08_2011_001.pdf HTTP/1.0 Referer: http://epaper.abc.com/login.aspx User-Agent: Wget/1.11.4 Accept: */* Host: epaper.abc.com Connection: Keep-Alive Cookie: ASP.NET_SessionId=owcrje55yl45kgmhn43gq145 ---request end--- HTTP request sent, awaiting response... ---response begin--- HTTP/1.1 200 OK Connection: keep-alive Date: Thu, 18 Aug 2011 02:46:30 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 content-disposition: attachement; filename=Default_logo.gif Cache-Control: private Content-Type: image/GIF Content-Length: 4568 ---response end--- 200 OK Registered socket 300 for persistent reuse. Length: 4568 (4.5K) [image/GIF] Saving to: `16_08_2011_001.pdf' 100%[======================================================================================================================>] 4,568 7.74K/s in 0.6s 2011-08-18 08:16:14 (7.74 KB/s) - `16_08_2011_001.pdf' saved [4568/4568] Saving cookies to abc_cookies.txt. Done saving cookies. Contents of abc_cookies.txt epaper.abc.com FALSE / FALSE 0 ASP.NET_SessionId owcrje55yl45kgmhn43gq145

    Read the article

  • Creating CNAME to delegated domain

    - by Starsky
    We are trying to configure F5 to do load balancing on 4 sub domains similar to this article... http://support.f5.com/kb/en-us/solutions/public/0000/200/sol277.html For Example prod.wip.example.com. NS F5NS1.example.com. prod.wip.example.com. NS F5NS2.example.com. test.wip.example.com. NS F5NS1.example.com. test.wip.example.com. NS F5NS2.example.com. Then we want to make cnames instead of delegating individual sub-domains, e.g. myapp.example.com CNAME prod.wip.example.com Microsoft DNS gives an error when I attempt to make the CNAME... dnscmd ns1 /recordadd example.com myapp CNAME myapp.prod.wip.example.com. Command failed: DNS_ERROR_NOT_ALLOWED_UNDER_DELEGATION 9563 (0000255b) The error makes perfect sense, but does anyone know of a way around it? Or are my NS records incorrect for this setup? Thank you, -Steve

    Read the article

  • Want to add a new domain to my postfix, but mails not delivered (mail look back to myself)

    - by user74850
    Hi everybody, My host relay is working but I was aksed to add a new domain (like external.example.com). I have added in main.cf the new fqdn in relay_domains relay_domains = $mydestination, example.com,example2.com, externe.example.com and in transport example.com smtp:[192.168.1.22] example2.com smtp:[192.168.1.22] external.example.com smtp:[192.168.1.22] Mails sent to users with example.com and example2.com domain are well delivered. But for mails to external.example.com i got this message Mar 17 16:47:52 relayhost postfix/smtp[11948]: 754E1876A01: to=<[email protected]>, relay=relayhost2.example.com[80.81.82.83]:25, delay=19555, delays=19525/0.01/30/0, dsn=4.4.6, status=deferred (mail for external.example.com loops back to myself) I read another Q/A about the same issue right here, but it's not helping me. Can you ?

    Read the article

  • How can I tell my dd-wrt router to use someone's Amazon Affiliates link when I point my browser to amazon.com?

    - by Michael Paul
    Here's what I'd like to do. Instead of a one-time donation to one of my favorite free tools (junecloud.com) I'd like to do what they suggest here and use their Amazon Affiliates link to do all my Amazon shopping. I shop at amazon once or twice a week, so this is a great way to let them earn lots of long-term cash without me dropping a dime. My thought was to go into my dd-wrt enabled router and tell it, "any time I go to amazon.com on any computer in the house, please go to http://www.amazon.com/gp/redirect.html?link_code=ur2&tag=junecloud-20&camp=1789&creative=9325&location=%2F instead. (That URL simply redirects me to amazon.com but every purchase I make during that session is credited to JuneCloud.) Once logged into dd-wrt, I went to Services Services DNSMasq but I'm not really sure how to get it to work from there, or if it's even possible. I know I can redirect IP addresses, but I'm looking to redirect someone on my network from amazon.com to the special amazon affiliate code link. Hope that's clear. Thanks for any replies!

    Read the article

  • Does Exchange support plussed users (e.g. [email protected]) or a similar mechanism?

    - by Jens Bannmann
    Sendmail supports a feature called 'plussed users'. Once enabled, emails sent to myname+spam@example.com, myname+sometopic@example.com and myname+anything@example.com are automatically delivered just like mails to myname@example.com. There is no need to register or set up these 'plus suffixes'. The user can just use them and set up client-side filtering rules on his own. Does Exchange support a similar mechanism? If so, how to enable it? Note that I don't want answers about other means of filtering, e.g. spam/junk filtering, server-side or client-side rules, email aliases/addresses that are configured explicitly and so on.

    Read the article

  • Lighttpd domain redirection

    - by HTF
    I would like to redirect domains on HTTP/HTTPS: http://old.com -> https://new.com https://old.com -> https://new.com I have to specify the SSL key/certificate for the old domain but I'm not sure where I have to place these directives: $SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/pki/tls/private/new.com.pem" ssl.ca-file = "/etc/pki/tls/certs/new.com.crt" } $SERVER["socket"] == ":80" { $HTTP["host"] =~ "old.com|new.com" { url.redirect = ( "^/(.*)" => "https://new.com:443/$1" ) } } I was trying to add the code below but Lighttpd reports configuration errors: $SERVER["socket"] == ":443" { $HTTP["host"] =~ "old.com" { url.redirect = ( "^/(.*)" => "https://new.com:443/$1" ) } ssl.engine = "enable" ssl.pemfile = "/etc/pki/tls/private/old.com.pem" ssl.ca-file = "/etc/pki/tls/certs/old.com.crt" }

    Read the article

  • mod_proxy Fowarding Based on Request Host Header

    - by zigzagip
    Lets say I have 3 URLs and they all point to the same reverse proxy. I would like to have the requests being forwarded to the web servers behind the proxy based on the host header: webfront1.example.com > reverseproxy.example.com > backend1.example.com webfront2.example.com > reverseproxy.example.com > backend2.example.com webfront3.example.com > reverseproxy.example.com > backend3.example.com Based on what I have read, I can configure reverseproxy.example.com/webfront1 > backend1.example.com, reverseproxy.example.com/webfront2 > backend2.example.com, etc. I am wondering if proxy based on host header is even possible or if I used the wrong approach entirely.

    Read the article

  • Correct configuration of multiple Analytics trackers per page, spanning domains and subdomains

    - by Eliot Shepard
    My company publishes sites on a somewhat convoluted domain structure, and we're having trouble getting accurate numbers in Analytics when we have multiple trackers on the page. We publish under two brands (A, B). Each brand has a "national" site at A.com, B.com, as well as per-city "local" sites at eg. ny.A.com, la.A.com, sf.A.com, etc. Right now we're trying to track in these dimensions: Full network (A.com, ny.A.com, B.com, la.B.com, etc.) All sites in brand (A.com, ny.A.com, la.A.com, etc.) Inidividual site (ny.A.com) Here are the commands we're using on an individual site: _gaq.push( ['t0._setAccount', 'UA-XXXXXX-1'], // full network ['t0._setDomainName', 'none'], ['t0._setAllowLinker', true], ['t0._trackPageview'], ['t1._trackPageLoadTime'], ['t1._setAccount', 'UA-XXXXXX-2'], // brand ['t1._setDomainName', 'none'], ['t1._setAllowLinker', true], ['t1._trackPageview'], ['t1._trackPageLoadTime'], ['t2._setAccount', 'UA-XXXXXX-3'], // individual ['t2._setDomainName', 'none'], ['t2._setAllowLinker', true], ['t2._trackPageview'], ['t2._trackPageLoadTime'] ); We send the same commands to each account because we've had strange results when trackers were configured differently in the past. However, right now we're seeing inflated numbers for uniques on all three trackers. What is the correct way to configure this setup? Thanks for your time.

    Read the article

  • Completely unable to install python2.7-dev

    - by gath
    Am totally stuck! Am unable completely to install python2.7-dev on my Ubuntu13.04. I have tried all the tricks mentioned on this site (askubuntu.com) and many other sites on the web but still nothing! Am running Ubuntu 13.04 64bit on a virtualbox, but every time I run sudo apt-get install python2.7-dev, I get the following error; python2.7-dev : Depends: python2.7 (= 2.7.3-0ubuntu3.5) but 2.7.4-2ubuntu3 is to be installed Depends: libpython2.7 (= 2.7.3-0ubuntu3.5) but 2.7.4-2ubuntu3 is to be installed Depends: libexpat1-dev but it is not going to be installed Depends: libssl-dev but it is not going to be installed E: Unable to correct problems, you have held broken packages. I've tried to do apt-get update, but still nothing! I've even tried installing Python2.7 from sources, but still nothing doing! Is there a single package with all the dependencies I can download, that can just install everything (Python2.7-dev) or is there another trick I can use to get the Python-dev headers installed on my machine. Hint: I've noticed when I run sudo apt-get update , somewhere along the updates I've seen some errors; ... Get:1 http://us.archive.ubuntu.com precise-updates Release.gpg [198 B] Ign http://us.archive.ubuntu.com raring Release Ign http://us.archive.ubuntu.com raring-updates Release Ign http://us.archive.ubuntu.com raring-backports Release Ign http://us.archive.ubuntu.com raring-security Release Get:2 http://us.archive.ubuntu.com precise-updates Release [98.7 kB] Err http://extras.ubuntu.com raring/main Sources 404 Not Found Err http://extras.ubuntu.com raring/main amd64 Packages 404 Not Found Err http://extras.ubuntu.com raring/main i386 Packages 404 Not Found Ign http://extras.ubuntu.com raring/main Translation-en_US Ign http://extras.ubuntu.com raring/main Translation-en ... On my precise-updates.list file is a single entry; deb http://us.archive.ubuntu.com/ubuntu/ precise-updates main restricted I don't know if that might help Help! Paul

    Read the article

  • Lubuntu 13.04, kernel still 3.8.0-32-generic

    - by Blue Ice
    My question is very similar to Ubuntu 13.10, kernel still 3.8.0-31-generic. Recently was updating to Saucy and the ethernet cable got unplugged. So I decided to run Software Update again, to reinstall files. It returned that "everything is up to date". But according to these command-line searches, that is incorrect. How can I install Saucy now safely from the command line? sudo apt-get install lubuntu-desktop Reading package lists... Done Building dependency tree Reading state information... Done lubuntu-desktop is already the newest version. The following package was automatically installed and is no longer required: linux-image-extra-3.8.0-19-generic Use 'apt-get autoremove' to remove it. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. sudo apt-get dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. sudo apt-get update Get:1 http://extras.ubuntu.com raring Release.gpg [72 B] Hit http://extras.ubuntu.com raring Release Get:2 http://az-1.hpcloud.mirror.websitedevops.com raring Release.gpg Hit http://extras.ubuntu.com raring/main Sources Hit http://extras.ubuntu.com raring/main i386 Packages Get:3 http://az-1.hpcloud.mirror.websitedevops.com raring-updates Release.gpg Get:4 http://az-1.hpcloud.mirror.websitedevops.com raring-backports Release.gpg Get:5 http://az-1.hpcloud.mirror.websitedevops.com raring-security Release.gpg Get:6 http://az-1.hpcloud.mirror.websitedevops.com raring Release Ign http://extras.ubuntu.com raring/main Translation-en_US Ign http://extras.ubuntu.com raring/main Translation-en Hit http://ppa.launchpad.net raring Release.gpg Ign http://az-1.hpcloud.mirror.websitedevops.com raring Release E: GPG error: http://az-1.hpcloud.mirror.websitedevops.com raring Release: The following signatures were invalid: NODATA 1 NODATA 2 lsb_release -rd Description: Ubuntu 13.04 Release: 13.04 uname -r 3.8.0-32-generic

    Read the article

  • Create Hello World with RESTful web service and Jersey

    - by Harry Pham
    I follow tutorial here on how to create web service using RESTful web service and Jersey and I get kind of stuck. The code is from HelloWorld3 in the tutorial I linked above. Here is the code. I use Netbean6.8 + glassfish v3 RESTGreeting.java create using JAXB. This class represents the HTML message in Java package com.sun.rest; import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlElement; @XmlRootElement(name = "restgreeting") public class RESTGreeting { private String message; private String name; /** * Creates new instance of Greeting */ public RESTGreeting() { } /* Create new instance of Greeting * with parameters message and name */ public RESTGreeting( String message, String name) { this.message = message; this.name = name; } /** Getter for message * return value for message * */ @XmlElement public String getMessage() { return message; } public void setMessage(String message) { this.message = message; } /* Getter for name * return name */ @XmlElement public String getName() { return name; } public void setName(String name) { this.name = name; } } HelloGreetingService.java creates a RESTful web service that returns an HTML message package com.sun.rest; import javax.ws.rs.core.Context; import javax.ws.rs.core.UriInfo; import javax.ws.rs.Consumes; import javax.ws.rs.PUT; import javax.ws.rs.Path; import javax.ws.rs.GET; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; @Path("helloGreeting") public class HelloGreetingService { @Context private UriInfo context; /** Creates a new instance of HelloGreetingService */ public HelloGreetingService() { } /** * Retrieves representation of an instance of com.sun.rest.HelloGreetingService * @return an instance of java.lang.String */ @GET @Produces("text/html") public RESTGreeting getHtml(@QueryParam("name") String name) { return new RESTGreeting( getGreeting(), name); } private String getGreeting() { return "Hello "; } /** * PUT method for updating or creating an instance of HelloGreetingService * @param content representation for the resource * @return an HTTP response with content of the updated or created resource. */ @PUT @Consumes("text/html") public void putHtml(String content) { } } However when i deploy it on Glassfish, and run it. It generate an exception. I try to debug using netbean 6.8, and figure out that this line return new RESTGreeting(getGreeting(), name); in HelloGreetingService.java cause the exception. But not sure why. Here is the stacktrace javax.ws.rs.WebApplicationException at com.sun.jersey.spi.container.ContainerResponse.write(ContainerResponse.java:268) at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1029) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:941) at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:932) at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:384) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:451) at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:632) at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) at org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:279) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641) at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97) at com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185) at org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:332) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:233) at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165) at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791) at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693) at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954) at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170) at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102) at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88) at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76) at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53) at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57) at com.sun.grizzly.ContextTask.run(ContextTask.java:69) at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330) at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309) at java.lang.Thread.run(Thread.java:637)

    Read the article

  • JMS ConnectionFactory creation error WSVR0073W

    - by scottyab
    I must confess I’m not a JMS aficionado, one of our guys has written a Java webservice client [postcode lookup web service] and from a Remote Java client are calling a Message Driven Bean running in Websphere 6.1, using JMS. Getting the following error when attempted to create the Connection Factory. To which configured within Websphere jms/WSProxyQueueConnectionFactory. WARNING: WSVR0073W. Googling WSVR0073W yields little, the error code is an unknown error. Can anyone shed any light on potential issues creating the connection factory. Code Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, contextFactoryName); env.put(Context.PROVIDER_URL, providerURL); env.put("com.ibm.CORBA.ORBInit","com.ibm.ws.sib.client.ORB"); namingContext = new InitialContext(env); System.out.println("callRemoteService: get connectionFactoriy, request/response queues, session. Naming contex env =" + env); // Find everything we need to communicate... connectionFactory = (QueueConnectionFactory) namingContext.lookup(getQueueConnectionFactoryName()); requestQueue = (Queue) namingContext.lookup(getRequestQueueName()); Console output: calling RemoteService with hostname[MyServer:2813] and postcode[M4E 3W1]callRemoteService hostname[MyServer:2813] messess text[M4E 3W1] callRemoteService: get connectionFactoriy, request/response queues, session. Naming contex env ={com.ibm.CORBA.ORBInit=com.ibm.ws.sib.client.ORB, java.naming.provider.url=iiop:// MyServer:2813/, java.naming.factory.initial=com.ibm.websphere.naming.WsnInitialContextFactory} 05-Jan-2011 13:51:04 null null WARNING: WSVR0073W 05-Jan-2011 13:51:05 null null WARNING: jndiGetObjInstErr 05-Jan-2011 13:51:05 null null WARNING: jndiNamingException callRemoteService: closing connections and resources com.ibm.websphere.naming.CannotInstantiateObjectException: Exception occurred while the JNDI NamingManager was processing a javax.naming.Reference object. [Root exception is java.lang.NoClassDefFoundError: Invalid Implementation Key, com.ibm.ws.transaction.NonRecovWSTxManager] at com.ibm.ws.naming.util.Helpers.processSerializedObjectForLookupExt(Helpers.java:1000) at com.ibm.ws.naming.util.Helpers.processSerializedObjectForLookup(Helpers.java:705) at com.ibm.ws.naming.jndicos.CNContextImpl.processResolveResults(CNContextImpl.java:2097) at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1951) at com.ibm.ws.naming.jndicos.CNContextImpl.doLookup(CNContextImpl.java:1866) at com.ibm.ws.naming.jndicos.CNContextImpl.lookupExt(CNContextImpl.java:1556) at com.ibm.ws.naming.jndicos.CNContextImpl.lookup(CNContextImpl.java:1358) at com.ibm.ws.naming.util.WsnInitCtx.lookup(WsnInitCtx.java:172) at javax.naming.InitialContext.lookup(InitialContext.java:450) at com.das.jms.clients.BaseWSProxyClient.callRemoteService(BaseWSProxyClient.java:180) at com.das.jms.clients.RemotePostCodeLookup.findAddress(RemotePostCodeLookup.java:38) at com.das.jms.RemoteServiceAccess.findAddress(RemoteServiceAccess.java:80) at com.das.jms.TestRemoteAccess.testSuccessLookup(TestRemoteAccess.java:20) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37) at java.lang.reflect.Method.invoke(Method.java:599) at junit.framework.TestCase.runTest(TestCase.java:168) at junit.framework.TestCase.runBare(TestCase.java:134) at junit.framework.TestResult$1.protect(TestResult.java:110) at junit.framework.TestResult.runProtected(TestResult.java:128) at junit.framework.TestResult.run(TestResult.java:113) at junit.framework.TestCase.run(TestCase.java:124) at junit.framework.TestSuite.runTest(TestSuite.java:232) at junit.framework.TestSuite.run(TestSuite.java:227) at org.junit.internal.runners.OldTestClassRunner.run(OldTestClassRunner.java:76) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:45) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)com.ibm.websphere.naming.CannotInstantiateObjectException: Exception occurred while the JNDI NamingManager was processing a javax.naming.Reference object. [Root exception is java.lang.NoClassDefFoundError: Invalid Implementation Key, com.ibm.ws.transaction.NonRecovWSTxManager] [[B@4d794d79 at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196) Caused by: java.lang.NoClassDefFoundError: Invalid Implementation Key, com.ibm.ws.transaction.NonRecovWSTxManager at com.ibm.ws.Transaction.TransactionManagerFactory.getUOWCurrent(TransactionManagerFactory.java:125) at com.ibm.ws.rsadapter.AdapterUtil.<clinit>(AdapterUtil.java:271) at java.lang.J9VMInternals.initializeImpl(Native Method) at java.lang.J9VMInternals.initialize(J9VMInternals.java:200) at com.ibm.ejs.j2c.ConnectionFactoryBuilderImpl.getObjectInstance(ConnectionFactoryBuilderImpl.java:281) at javax.naming.spi.NamingManager.getObjectInstanceByFactoryInReference(NamingManager.java:480) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:345) at com.ibm.ws.naming.util.Helpers.processSerializedObjectForLookupExt(Helpers.java:896) ... 31 more

    Read the article

  • Reusing OAuth request token when user refresh page - Twitter4j on GAE

    - by Tahir Akram
    Hi I am using Twitter4J API on GAE/J. I want to use the request token when user came to my page. (called back URL). And press refresh button. I write following code for that. But When user press refresh button. I got Authentication credentials error. Please see the stacktrance. It works fine when user first time used that token. HomeServlet.java code: HttpSession session = request.getSession(); twitter.setOAuthConsumer(FFConstants.CONSUMER_KEY, FFConstants.CONSUMER_SECRET); String token = (String) session.getAttribute("token"); String authorizedToken = (String)session.getAttribute("authorizedToken"); User user = null; if (!token.equals(authorizedToken)){ AccessToken accessToken = twitter.getOAuthAccessToken( token, (String) session .getAttribute("tokenSecret")); twitter.setOAuthAccessToken(accessToken); user = twitter.verifyCredentials(); session.setAttribute("authorizedToken", token); session.setAttribute("user", user); }else{ user = (User)session.getAttribute("user"); } TwitterUser twitterUser = new TwitterUser(); twitterUser.setFollowersCount(user.getFollowersCount()); twitterUser.setFriendsCount(user.getFriendsCount()); twitterUser.setFullName(user.getName()); twitterUser.setScreenName(user.getScreenName()); twitterUser.setLocation(user.getLocation()); Please suggest how I can do that. I have seen on many website. They retain the user with the same token. Even if user press browser refresh buttion again and again. Please help. Exception stacktrace: Reason: twitter4j.TwitterException: 401:Authentication credentials were missing or incorrect. /friends/ids.xml This method requires authentication. at twitter4j.http.HttpClient.httpRequest(HttpClient.java:469) at twitter4j.http.HttpClient.get(HttpClient.java:412) at twitter4j.Twitter.get(Twitter.java:276) at twitter4j.Twitter.get(Twitter.java:228) at twitter4j.Twitter.getFriendsIDs(Twitter.java:1819) at com.tff.servlet.HomeServlet.doGet(HomeServlet.java:86) at javax.servlet.http.HttpServlet.service(HttpServlet.java:693) at javax.servlet.http.HttpServlet.service(HttpServlet.java:806) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:487) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1093) at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:97) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:35) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1084) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:360) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:181) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:712) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:405) at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:238) at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:139) at org.mortbay.jetty.Server.handle(Server.java:313) at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:506) at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:830) at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:76) at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:381) at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:135) at com.google.apphosting.runtime.JavaRuntime.handleRequest(JavaRuntime.java:235) at com.google.apphosting.base.RuntimePb$EvaluationRuntime$6.handleBlockingRequest(RuntimePb.java:5235) at com.google.apphosting.base.RuntimePb$EvaluationRuntime$6.handleBlockingRequest(RuntimePb.java:5233) at com.google.net.rpc.impl.BlockingApplicationHandler.handleRequest(BlockingApplicationHandler.java:24) at com.google.net.rpc.impl.RpcUtil.runRpcInApplication(RpcUtil.java:363) at com.google.net.rpc.impl.Server$2.run(Server.java:838) at com.google.tracing.LocalTraceSpanRunnable.run(LocalTraceSpanRunnable.java:56) at com.google.tracing.LocalTraceSpanBuilder.internalContinueSpan(LocalTraceSpanBuilder.java:536) at com.google.net.rpc.impl.Server.startRpc(Server.java:793) at com.google.net.rpc.impl.Server.processRequest(Server.java:368) at com.google.net.rpc.impl.ServerConnection.messageReceived(ServerConnection.java:448) at com.google.net.rpc.impl.RpcConnection.parseMessages(RpcConnection.java:319) at com.google.net.rpc.impl.RpcConnection.dataReceived(RpcConnection.java:290) at com.google.net.async.Connection.handleReadEvent(Connection.java:466) at com.google.net.async.EventDispatcher.processNetworkEvents(EventDispatcher.java:759) at com.google.net.async.EventDispatcher.internalLoop(EventDispatcher.java:205) at com.google.net.async.EventDispatcher.loop(EventDispatcher.java:101) at com.google.net.rpc.RpcService.runUntilServerShutdown(RpcService.java:251) at com.google.apphosting.runtime.JavaRuntime$RpcRunnable.run(JavaRuntime.java:394) at java.lang.Thread.run(Unknown Source)

    Read the article

  • The Difference Between .com, .net, .org and Why We’re About To See Many More Top-Level Domains

    - by Chris Hoffman
    .com, .net, .org and other website suffixes are known as “top-level domains” (TLDs). While we normally see only a few of these, there are hundreds of them – and there may be thousands more soon. Top-level domains are managed by the Internet Assigned Numbers Authority (IANA), which is run by the Internet Corporation for Assigned Names and Numbers (ICANN). HTG Explains: What is the Windows Page File and Should You Disable It? How To Get a Better Wireless Signal and Reduce Wireless Network Interference How To Troubleshoot Internet Connection Problems

    Read the article

  • Security Issues with Single Page Apps

    - by Stephen.Walther
    Last week, I was asked to do a code review of a Single Page App built using the ASP.NET Web API, Durandal, and Knockout (good stuff!). In particular, I was asked to investigate whether there any special security issues associated with building a Single Page App which are not present in the case of a traditional server-side ASP.NET application. In this blog entry, I discuss two areas in which you need to exercise extra caution when building a Single Page App. I discuss how Single Page Apps are extra vulnerable to both Cross-Site Scripting (XSS) attacks and Cross-Site Request Forgery (CSRF) attacks. This goal of this blog post is NOT to persuade you to avoid writing Single Page Apps. I’m a big fan of Single Page Apps. Instead, the goal is to ensure that you are fully aware of some of the security issues related to Single Page Apps and ensure that you know how to guard against them. Cross-Site Scripting (XSS) Attacks According to WhiteHat Security, over 65% of public websites are open to XSS attacks. That’s bad. By taking advantage of XSS holes in a website, a hacker can steal your credit cards, passwords, or bank account information. Any website that redisplays untrusted information is open to XSS attacks. Let me give you a simple example. Imagine that you want to display the name of the current user on a page. To do this, you create the following server-side ASP.NET page located at http://MajorBank.com/SomePage.aspx: <%@Page Language="C#" %> <html> <head> <title>Some Page</title> </head> <body> Welcome <%= Request["username"] %> </body> </html> Nothing fancy here. Notice that the page displays the current username by using Request[“username”]. Using Request[“username”] displays the username regardless of whether the username is present in a cookie, a form field, or a query string variable. Unfortunately, by using Request[“username”] to redisplay untrusted information, you have now opened your website to XSS attacks. Here’s how. Imagine that an evil hacker creates the following link on another website (hackers.com): <a href="/SomePage.aspx?username=<script src=Evil.js></script>">Visit MajorBank</a> Notice that the link includes a query string variable named username and the value of the username variable is an HTML <SCRIPT> tag which points to a JavaScript file named Evil.js. When anyone clicks on the link, the <SCRIPT> tag will be injected into SomePage.aspx and the Evil.js script will be loaded and executed. What can a hacker do in the Evil.js script? Anything the hacker wants. For example, the hacker could display a popup dialog on the MajorBank.com site which asks the user to enter their password. The script could then post the password back to hackers.com and now the evil hacker has your secret password. ASP.NET Web Forms and ASP.NET MVC have two automatic safeguards against this type of attack: Request Validation and Automatic HTML Encoding. Protecting Coming In (Request Validation) In a server-side ASP.NET app, you are protected against the XSS attack described above by a feature named Request Validation. If you attempt to submit “potentially dangerous” content — such as a JavaScript <SCRIPT> tag — in a form field or query string variable then you get an exception. Unfortunately, Request Validation only applies to server-side apps. Request Validation does not help in the case of a Single Page App. In particular, the ASP.NET Web API does not pay attention to Request Validation. You can post any content you want – including <SCRIPT> tags – to an ASP.NET Web API action. For example, the following HTML page contains a form. When you submit the form, the form data is submitted to an ASP.NET Web API controller on the server using an Ajax request: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> <form data-bind="submit:submit"> <div> <label> User Name: <input data-bind="value:user.userName" /> </label> </div> <div> <label> Email: <input data-bind="value:user.email" /> </label> </div> <div> <input type="submit" value="Submit" /> </div> </form> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { user: { userName: ko.observable(), email: ko.observable() }, submit: function () { $.post("/api/users", ko.toJS(this.user)); } }; ko.applyBindings(viewModel); </script> </body> </html> The form above is using Knockout to bind the form fields to a view model. When you submit the form, the view model is submitted to an ASP.NET Web API action on the server. Here’s the server-side ASP.NET Web API controller and model class: public class UsersController : ApiController { public HttpResponseMessage Post(UserViewModel user) { var userName = user.UserName; return Request.CreateResponse(HttpStatusCode.OK); } } public class UserViewModel { public string UserName { get; set; } public string Email { get; set; } } If you submit the HTML form, you don’t get an error. The “potentially dangerous” content is passed to the server without any exception being thrown. In the screenshot below, you can see that I was able to post a username form field with the value “<script>alert(‘boo’)</script”. So what this means is that you do not get automatic Request Validation in the case of a Single Page App. You need to be extra careful in a Single Page App about ensuring that you do not display untrusted content because you don’t have the Request Validation safety net which you have in a traditional server-side ASP.NET app. Protecting Going Out (Automatic HTML Encoding) Server-side ASP.NET also protects you from XSS attacks when you render content. By default, all content rendered by the razor view engine is HTML encoded. For example, the following razor view displays the text “<b>Hello!</b>” instead of the text “Hello!” in bold: @{ var message = "<b>Hello!</b>"; } @message   If you don’t want to render content as HTML encoded in razor then you need to take the extra step of using the @Html.Raw() helper. In a Web Form page, if you use <%: %> instead of <%= %> then you get automatic HTML Encoding: <%@ Page Language="C#" %> <% var message = "<b>Hello!</b>"; %> <%: message %> This automatic HTML Encoding will prevent many types of XSS attacks. It prevents <script> tags from being rendered and only allows &lt;script&gt; tags to be rendered which are useless for executing JavaScript. (This automatic HTML encoding does not protect you from all forms of XSS attacks. For example, you can assign the value “javascript:alert(‘evil’)” to the Hyperlink control’s NavigateUrl property and execute the JavaScript). The situation with Knockout is more complicated. If you use the Knockout TEXT binding then you get HTML encoded content. On the other hand, if you use the HTML binding then you do not: <!-- This JavaScript DOES NOT execute --> <div data-bind="text:someProp"></div> <!-- This Javacript DOES execute --> <div data-bind="html:someProp"></div> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { someProp : "<script>alert('Evil!')<" + "/script>" }; ko.applyBindings(viewModel); </script>   So, in the page above, the DIV element which uses the TEXT binding is safe from XSS attacks. According to the Knockout documentation: “Since this binding sets your text value using a text node, it’s safe to set any string value without risking HTML or script injection.” Just like server-side HTML encoding, Knockout does not protect you from all types of XSS attacks. For example, there is nothing in Knockout which prevents you from binding JavaScript to a hyperlink like this: <a data-bind="attr:{href:homePageUrl}">Go</a> <script src="Scripts/jquery-1.7.1.min.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { homePageUrl: "javascript:alert('evil!')" }; ko.applyBindings(viewModel); </script> In the page above, the value “javascript:alert(‘evil’)” is bound to the HREF attribute using Knockout. When you click the link, the JavaScript executes. Cross-Site Request Forgery (CSRF) Attacks Cross-Site Request Forgery (CSRF) attacks rely on the fact that a session cookie does not expire until you close your browser. In particular, if you visit and login to MajorBank.com and then you navigate to Hackers.com then you will still be authenticated against MajorBank.com even after you navigate to Hackers.com. Because MajorBank.com cannot tell whether a request is coming from MajorBank.com or Hackers.com, Hackers.com can submit requests to MajorBank.com pretending to be you. For example, Hackers.com can post an HTML form from Hackers.com to MajorBank.com and change your email address at MajorBank.com. Hackers.com can post a form to MajorBank.com using your authentication cookie. After your email address has been changed, by using a password reset page at MajorBank.com, a hacker can access your bank account. To prevent CSRF attacks, you need some mechanism for detecting whether a request is coming from a page loaded from your website or whether the request is coming from some other website. The recommended way of preventing Cross-Site Request Forgery attacks is to use the “Synchronizer Token Pattern” as described here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet When using the Synchronizer Token Pattern, you include a hidden input field which contains a random token whenever you display an HTML form. When the user opens the form, you add a cookie to the user’s browser with the same random token. When the user posts the form, you verify that the hidden form token and the cookie token match. Preventing Cross-Site Request Forgery Attacks with ASP.NET MVC ASP.NET gives you a helper and an action filter which you can use to thwart Cross-Site Request Forgery attacks. For example, the following razor form for creating a product shows how you use the @Html.AntiForgeryToken() helper: @model MvcApplication2.Models.Product <h2>Create Product</h2> @using (Html.BeginForm()) { @Html.AntiForgeryToken(); <div> @Html.LabelFor( p => p.Name, "Product Name:") @Html.TextBoxFor( p => p.Name) </div> <div> @Html.LabelFor( p => p.Price, "Product Price:") @Html.TextBoxFor( p => p.Price) </div> <input type="submit" /> } The @Html.AntiForgeryToken() helper generates a random token and assigns a serialized version of the same random token to both a cookie and a hidden form field. (Actually, if you dive into the source code, the AntiForgeryToken() does something a little more complex because it takes advantage of a user’s identity when generating the token). Here’s what the hidden form field looks like: <input name=”__RequestVerificationToken” type=”hidden” value=”NqqZGAmlDHh6fPTNR_mti3nYGUDgpIkCiJHnEEL59S7FNToyyeSo7v4AfzF2i67Cv0qTB1TgmZcqiVtgdkW2NnXgEcBc-iBts0x6WAIShtM1″ /> And here’s what the cookie looks like using the Google Chrome developer toolbar: You use the [ValidateAntiForgeryToken] action filter on the controller action which is the recipient of the form post to validate that the token in the hidden form field matches the token in the cookie. If the tokens don’t match then validation fails and you can’t post the form: public ActionResult Create() { return View(); } [ValidateAntiForgeryToken] [HttpPost] public ActionResult Create(Product productToCreate) { if (ModelState.IsValid) { // save product to db return RedirectToAction("Index"); } return View(); } How does this all work? Let’s imagine that a hacker has copied the Create Product page from MajorBank.com to Hackers.com – the hacker grabs the HTML source and places it at Hackers.com. Now, imagine that the hacker trick you into submitting the Create Product form from Hackers.com to MajorBank.com. You’ll get the following exception: The Cross-Site Request Forgery attack is blocked because the anti-forgery token included in the Create Product form at Hackers.com won’t match the anti-forgery token stored in the cookie in your browser. The tokens were generated at different times for different users so the attack fails. Preventing Cross-Site Request Forgery Attacks with a Single Page App In a Single Page App, you can’t prevent Cross-Site Request Forgery attacks using the same method as a server-side ASP.NET MVC app. In a Single Page App, HTML forms are not generated on the server. Instead, in a Single Page App, forms are loaded dynamically in the browser. Phil Haack has a blog post on this topic where he discusses passing the anti-forgery token in an Ajax header instead of a hidden form field. He also describes how you can create a custom anti-forgery token attribute to compare the token in the Ajax header and the token in the cookie. See: http://haacked.com/archive/2011/10/10/preventing-csrf-with-ajax.aspx Also, take a look at Johan’s update to Phil Haack’s original post: http://johan.driessen.se/posts/Updated-Anti-XSRF-Validation-for-ASP.NET-MVC-4-RC (Other server frameworks such as Rails and Django do something similar. For example, Rails uses an X-CSRF-Token to prevent CSRF attacks which you generate on the server – see http://excid3.com/blog/rails-tip-2-include-csrf-token-with-every-ajax-request/#.UTFtgDDkvL8 ). For example, if you are creating a Durandal app, then you can use the following razor view for your one and only server-side page: @{ Layout = null; } <!DOCTYPE html> <html> <head> <title>Index</title> </head> <body> @Html.AntiForgeryToken() <div id="applicationHost"> Loading app.... </div> @Scripts.Render("~/scripts/vendor") <script type="text/javascript" src="~/App/durandal/amd/require.js" data-main="/App/main"></script> </body> </html> Notice that this page includes a call to @Html.AntiForgeryToken() to generate the anti-forgery token. Then, whenever you make an Ajax request in the Durandal app, you can retrieve the anti-forgery token from the razor view and pass the token as a header: var csrfToken = $("input[name='__RequestVerificationToken']").val(); $.ajax({ headers: { __RequestVerificationToken: csrfToken }, type: "POST", dataType: "json", contentType: 'application/json; charset=utf-8', url: "/api/products", data: JSON.stringify({ name: "Milk", price: 2.33 }), statusCode: { 200: function () { alert("Success!"); } } }); Use the following code to create an action filter which you can use to match the header and cookie tokens: using System.Linq; using System.Net.Http; using System.Web.Helpers; using System.Web.Http.Controllers; namespace MvcApplication2.Infrastructure { public class ValidateAjaxAntiForgeryToken : System.Web.Http.AuthorizeAttribute { protected override bool IsAuthorized(HttpActionContext actionContext) { var headerToken = actionContext .Request .Headers .GetValues("__RequestVerificationToken") .FirstOrDefault(); ; var cookieToken = actionContext .Request .Headers .GetCookies() .Select(c => c[AntiForgeryConfig.CookieName]) .FirstOrDefault(); // check for missing cookie or header if (cookieToken == null || headerToken == null) { return false; } // ensure that the cookie matches the header try { AntiForgery.Validate(cookieToken.Value, headerToken); } catch { return false; } return base.IsAuthorized(actionContext); } } } Notice that the action filter derives from the base AuthorizeAttribute. The ValidateAjaxAntiForgeryToken only works when the user is authenticated and it will not work for anonymous requests. Add the action filter to your ASP.NET Web API controller actions like this: [ValidateAjaxAntiForgeryToken] public HttpResponseMessage PostProduct(Product productToCreate) { // add product to db return Request.CreateResponse(HttpStatusCode.OK); } After you complete these steps, it won’t be possible for a hacker to pretend to be you at Hackers.com and submit a form to MajorBank.com. The header token used in the Ajax request won’t travel to Hackers.com. This approach works, but I am not entirely happy with it. The one thing that I don’t like about this approach is that it creates a hard dependency on using razor. Your single page in your Single Page App must be generated from a server-side razor view. A better solution would be to generate the anti-forgery token in JavaScript. Unfortunately, until all browsers support a way to generate cryptographically strong random numbers – for example, by supporting the window.crypto.getRandomValues() method — there is no good way to generate anti-forgery tokens in JavaScript. So, at least right now, the best solution for generating the tokens is the server-side solution with the (regrettable) dependency on razor. Conclusion The goal of this blog entry was to explore some ways in which you need to handle security differently in the case of a Single Page App than in the case of a traditional server app. In particular, I focused on how to prevent Cross-Site Scripting and Cross-Site Request Forgery attacks in the case of a Single Page App. I want to emphasize that I am not suggesting that Single Page Apps are inherently less secure than server-side apps. Whatever type of web application you build – regardless of whether it is a Single Page App, an ASP.NET MVC app, an ASP.NET Web Forms app, or a Rails app – you must constantly guard against security vulnerabilities.

    Read the article

  • What Are The Benefits of a .com Domain Name?

    Dot com, internet and the web are often used to mean the same thing by many people, although they are all different. Dot come has come become synonymous with the World Wide Web, although it is just o... [Author: Tanya Smith - Computers and Internet - April 01, 2010]

    Read the article

  • How can I create an SPF record on my 1and1.com hosted domain?

    - by tnorthcutt
    Emails from my domain (hosted at 1and1, and using Google Apps Premier edition) have sporadically been going to recipients' spam folders lately. I did some research, tested, and found out that I do not have an SPF record for my domain. According to this Google Support page, I need to create one. Following the steps on that page is easy, until I get to #3: Create a TXT record containing this text: v=spf1 include:_spf.google.com ~all I see no way to create a "TXT record". Here is a screenshot of the admin panel:

    Read the article

  • How did my email end up in spam? Spam only filters this specific email, other email contents work

    - by mugetsu
    My website has users buy our products and when the purchase completes, it sends the user an email. However, this email always ends up in spam! When the user first registers, the site also sends an email, this email however is not filtered and goes into the normal inbox. I'm not quite sure why this is so, gmail vaguely tells me that " It's similar to messages that were detected by our spam filters." So I'm thinking that I need to reword the following email better. Can I get some tips? Or could something else be causing this? thanks! here's the unformatted email: Delivered-To: mugenex69@gmail.com Received: by 10.112.32.98 with SMTP id h2csp61953lbi; Tue, 20 Mar 2012 21:09:13 -0700 (PDT) Received: by 10.180.79.72 with SMTP id h8mr22836827wix.1.1332302953175; Tue, 20 Mar 2012 21:09:13 -0700 (PDT) Return-Path: <[email protected]> Received: from mail26.elasticemail.org (mail26.elasticemail.org. [178.32.180.26]) by mx.google.com with SMTP id 6si518487wiz.41.2012.03.20.21.09.12; Tue, 20 Mar 2012 21:09:12 -0700 (PDT) Received-SPF: pass (google.com: domain of contact@website.com designates 178.32.180.26 as permitted sender) client-ip=178.32.180.26; Authentication-Results: mx.google.com; spf=pass (google.com: domain of contact@website.com designates 178.32.180.26 as permitted sender) [email protected]; dkim=pass header.i=@website.com DKIM-Signature: v=1; a=rsa-sha1; bh=qjc8jxQuGy9pLN1YV9TR2PHQYKg=; c=relaxed/relaxed; d=website.com; s=api; h=DomainKey-Signature:MIME-Version:From:To:List-Unsubscribe:Subject:Date:Reply-To:Message-ID:Content-Type; b=Odt+nYhjntXPl7JPVHeJWjkStemt6so+FPVYY6oMKziMFzmW8YiLhN8WwSLY0faMcn/rirKsO2dOm/kvcHlqUJC7ldhaydE6bPekkBDa9kBovlGwPNm6xy9QWPP9I1fXDLDCwqqeAXv8kN0daXbh3pVyqWNUOk5cgQ35OgpQpKI= DomainKey-Signature: q=dns; a=rsa-sha1; c=simple; d=website.com; s=api; h=MIME-Version:X-Mailer:From:To:X-Priority:List-Unsubscribe:Subject:Date:Reply-To:Message-ID:Content-Type; b=F7NNZIEyEV+64uYD8pVpe91WLP19Tw2Whk4OKpkLeAfkmrNIA7AjP0XYU1JWTlEyibHQJjjbhR62I3MvVJBSGp75eWfOuwb2AqYWZ/jAlMWznnfQLVv7OlYJsErGxYP6GUNNcuJaqlTPFDanJwtaEvR+tqXZRB7xrUisMd8lq2I= MIME-Version: 1.0 X-Mailer: email.website.com From: "Website Contact" <[email protected]> To: mugenex69@gmail.com X-Priority: 3 (Normal) List-Unsubscribe: <http://email.website.com/tracking/unsubscribe?msgid=su6g-8kfd0s0g>, <mailto:[email protected]?subject=unsubscribe> Subject: Website Tickets: event Date: Wed, 21 Mar 2012 04:09:17 +0000 Reply-To: "Website Contact" <[email protected]> Message-ID: <[email protected]> Content-Type: multipart/alternative; boundary="----=_NextPart_000_3F77_7A0DF805.A8C886C0" ------=_NextPart_000_3F77_7A0DF805.A8C886C0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 SGVsbG8hIAoKIEhlcmUgYXJlIHlvdXIgdGlja2V0KHMpIGZvciBDVEFTIGVDc1RBU3kgMjAxMjog CgpodHRwczovL2NhbXB1c2FtcC5jb20vP3RpY2tldHMvNy95aGloZ3Znd3Z3cWR3cXhtdnQKClNp bXBseSBicmluZyBpdCB3aXRoIHlvdSBvbiB5b3VyIHNtYXJ0cGhvbmUsIG9yIHByaW50IHRoZSB0 aWNrZXQgb3V0IHRvIGJlIHNjYW5uZWQgYXQgdGhlIGV2ZW50LiBFbmpveSwgYW5kIHdlIGFwcHJl Y2lhdGUgeW91ciBwdXJjaGFzZS4KClNpbmNlcmVseSwKVGhlIENhbXB1c0FtcCBUZWFt ------=_NextPart_000_3F77_7A0DF805.A8C886C0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: base64 SGVsbG8hIDxici8+PGJyLz4gSGVyZSBhcmUgeW91ciB0aWNrZXQocykgZm9yIENUQVMgZUNzVEFT eSAyMDEyOjxici8+PGEgaHJlZj0iaHR0cDovL2VtYWlsLmNhbXB1c2FtcC5jb20vdHJhY2tpbmcv Y2xpY2s/bXNnaWQ9c3U2Zy04a2ZkMHMwZyZ0YXJnZXQ9aHR0cHMlM2ElMmYlMmZjYW1wdXNhbXAu Y29tJTJmJTNmdGlja2V0cyUyZjclMmZ5aGloZ3Znd3Z3cWR3cXhtdnQiPiBodHRwczovL2NhbXB1 c2FtcC5jb20vP3RpY2tldHMvNy95aGloZ3Znd3Z3cWR3cXhtdnQgIDwvYT4gPGJyLz48YnIvPlNp bXBseSBicmluZyBpdCB3aXRoIHlvdSBvbiB5b3VyIHNtYXJ0cGhvbmUsIG9yIHByaW50IHRoZSB0 aWNrZXQgb3V0IHRvIGJlIHNjYW5uZWQgYXQgdGhlIGV2ZW50LiBFbmpveSwgYW5kIHdlIGFwcHJl Y2lhdGUgeW91ciBwdXJjaGFzZS48YnIvPjxici8+U2luY2VyZWx5LDxici8+VGhlIENhbXB1c0Ft cCBUZWFtPGltZyBzcmM9Imh0dHA6Ly9lbWFpbC5jYW1wdXNhbXAuY29tL3RyYWNraW5nL29wZW4/ bXNnaWQ9c3U2Zy04a2ZkMHMwZyIgc3R5bGU9IndpZHRoOjFweDtoZWlnaHQ6MXB4IiBhbHQ9IiIg Lz4= ------=_NextPart_000_3F77_7A0DF805.A8C886C0--

    Read the article

  • Keep Your Eye on the Ball

    - by [email protected]
    With the FIFA World Cup 2010 in South Africa almost a week underway, the soccer fans all around the World are talking about at least 2 things. That typical vuvuzela sound and the new Jabulani ball, saying it moves unpredictably, is difficult to handle and somehow the altitude of the World Cup stadiums also seem to be a contributing factor.(Picture taken from http://www.flickr.com/photos/warrenski/4143923059/ under a Creative Commons license)Although the FIFA states that it hasn't received any official complaints, the end users don't seem to be very happy with this new ball. This brings me to a comparison with IT management and testing. When you're in a situation where you're introducing a new product, in IT terms, introducing a new application, you would like to test all possible scenarios that your end users could be using and experiencing. However, that's a very time and resource intensive process to do for every application change or update.  It's like getting ready for the big game but you have no game plan.That's why a new approach has been developed. One that's based on the 80/20 rule. Testing 80% of the application will cost about 20% of the efforts. The remaining 20% of your application will not be tested before deployment, but monitored with a real user monitoring solution immediately after deployment. These tools track all user experiences, including error messages and the performance and availability metrics from an end user perspective. Should any anomaly occur, you would be able to repair it quickly so you and your end users can get back into the game.These real user sessions can be easily converted into testing scripts, so the 80% of the application testing can be complimented with the remaining 20%.Oracle Enterprise Manager 11g group of products offers both the real user monitoring solution with Oracle Real User Experience Insight, as well as the required testing solution with Oracle Application Testing Suite. Visit our Oracle Enterprise Manager 11g resource center and find out how it's Business-Driven IT Management approach will help you keep your eye on your business ball.Happy World Cup.

    Read the article

  • Index out of bounds error

    - by sprasad12
    Hello, I am working on a program where i am recreating the saved widgets back on to the boundary panel. When i am creating them i am also trying to put the values into the ArrayList so that if i want to update and save the opened project i should be able to do so by getting the values from the ArrayList. Here is how the code looks like: for(int i = 0; i < result.length; i++){ if(ename.contains(result[i].getParticipateEntityName())){ ername.add(ename.indexOf(result[i].getParticipateEntityName()), result[i].getParticipateRelatioshipName()); etotalpartial.add(ename.indexOf(result[i].getParticipateEntityName()), result[i].getTotalPartial()); }else if(wename.contains(result[i].getParticipateEntityName())){ wrname.add(wename.indexOf(result[i].getParticipateEntityName()), result[i].getParticipateRelatioshipName()); } } Here ename, ername, etotalpartial, wename and wrname are all ArrayList. This piece of code is included in an asynchronous class method. When i run the code i get error at "ername.add(ename......". Here is the error stack: java.lang.IndexOutOfBoundsException: Index: 1, Size: 0 at java.util.ArrayList.add(ArrayList.java:367) at com.e.r.d.client.ERD1$16.onSuccess(ERD1.java:898) at com.e.r.d.client.ERD1$16.onSuccess(ERD1.java:1) at com.google.gwt.user.client.rpc.impl.RequestCallbackAdapter.onResponseReceived(RequestCallbackAdapter.java:216) at com.google.gwt.http.client.Request.fireOnResponseReceived(Request.java:287) at com.google.gwt.http.client.RequestBuilder$1.onReadyStateChange(RequestBuilder.java:393) at sun.reflect.GeneratedMethodAccessor16.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.google.gwt.dev.shell.MethodAdaptor.invoke(MethodAdaptor.java:103) at com.google.gwt.dev.shell.MethodDispatch.invoke(MethodDispatch.java:71) at com.google.gwt.dev.shell.OophmSessionHandler.invoke(OophmSessionHandler.java:157) at com.google.gwt.dev.shell.BrowserChannel.reactToMessagesWhileWaitingForReturn(BrowserChannel.java:1713) at com.google.gwt.dev.shell.BrowserChannelServer.invokeJavascript(BrowserChannelServer.java:165) at com.google.gwt.dev.shell.ModuleSpaceOOPHM.doInvoke(ModuleSpaceOOPHM.java:120) at com.google.gwt.dev.shell.ModuleSpace.invokeNative(ModuleSpace.java:507) at com.google.gwt.dev.shell.ModuleSpace.invokeNativeObject(ModuleSpace.java:264) at com.google.gwt.dev.shell.JavaScriptHost.invokeNativeObject(JavaScriptHost.java:91) at com.google.gwt.core.client.impl.Impl.apply(Impl.java) at com.google.gwt.core.client.impl.Impl.entry0(Impl.java:188) at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at com.google.gwt.dev.shell.MethodAdaptor.invoke(MethodAdaptor.java:103) at com.google.gwt.dev.shell.MethodDispatch.invoke(MethodDispatch.java:71) at com.google.gwt.dev.shell.OophmSessionHandler.invoke(OophmSessionHandler.java:157) at com.google.gwt.dev.shell.BrowserChannel.reactToMessages(BrowserChannel.java:1668) at com.google.gwt.dev.shell.BrowserChannelServer.processConnection(BrowserChannelServer.java:401) at com.google.gwt.dev.shell.BrowserChannelServer.run(BrowserChannelServer.java:222) at java.lang.Thread.run(Thread.java:619) I am not sure what i am doing wrong. Any input will be of great help. Thank you.

    Read the article

  • unix How to compare two files and get results to third file?

    - by Martin Mocik
    I have two files 1st file is like this: www.example.com www.domain.com www.otherexample.com www.other-domain.com www.other-example.com www.exa-ample.com 2nd file is like this (numbers after ;;; are between 0-10): www.example.com;;;2 www.domain.com;;;5 www.other-domain;;;0 www.exa-ample.com;;;4 and i want compare these two files and output to third file like this: www.otherexample.com www.other-example.com Both files have large size (over 500mb)

    Read the article

  • Single-Sign-On ASP.NET MVC

    - by Mike
    Hi Guys, We are trying to build a cross-domain single-sign on solution using ASP.NET MVC. Something which works like this: User hits www.test.com [or www.test2.com or www.test3.com or www.testN.com] User clicks widget, login appears User signs into www.example.com from 2) i.e. from widget [x-domain signin] User is now logged in on www.test.com [authenticated from www.example.com] User visits [www.test2.com or www.test3.com or www.testN.com] and is signed in to www.example.com Any existing solutions or tutorials available ?

    Read the article

< Previous Page | 87 88 89 90 91 92 93 94 95 96 97 98  | Next Page >