Search Results

Search found 12562 results on 503 pages for 'secure delete'.

Page 94/503 | < Previous Page | 90 91 92 93 94 95 96 97 98 99 100 101  | Next Page >

• why when I delete a parent on a one to many relationship on grails the beforeInsert event is called

  - by nico

  hello, I have a one to many relationship and when I try to delete a parent that haves more than one child the berforeInsert event gets called on the frst child. I have some code in this event that I mean to call before inserting a child, not when i'm deleting the parent! any ideas on what might be wrong? the entities: class MenuItem { static constraints = { name(blank:false,maxSize:200) category() subCategory(nullable:true, validator:{ val, obj -> if(val == null){ return true }else{ return obj.category.subCategories.contains(val)? true : ['invalid.category.no.subcategory'] } }) price(nullable:true) servedAtSantaMonica() servedAtWestHollywood() highLight() servedAllDay() dateCreated(display:false) lastUpdated(display:false) } static mapping = { extras lazy:false } static belongsTo = [category:MenuCategory,subCategory:MenuSubCategory] static hasMany = [extras:MenuItemExtra] static searchable = { extras component: true } String name BigDecimal price Boolean highLight = false Boolean servedAtSantaMonica = false Boolean servedAtWestHollywood = false Boolean servedAllDay = false Date dateCreated Date lastUpdated int displayPosition void moveUpDisplayPos(){ def oldDisplayPos = MenuItem.get(id).displayPosition if(oldDisplayPos == 0){ return }else{ def previousItem = MenuItem.findByCategoryAndDisplayPosition(category,oldDisplayPos - 1) previousItem.displayPosition += 1 this.displayPosition = oldDisplayPos - 1 this.save(flush:true) previousItem.save(flush:true) } } void moveDownDisplayPos(){ def oldDisplayPos = MenuItem.get(id).displayPosition if(oldDisplayPos == MenuItem.countByCategory(category) - 1){ return }else{ def nextItem = MenuItem.findByCategoryAndDisplayPosition(category,oldDisplayPos + 1) nextItem.displayPosition -= 1 this.displayPosition = oldDisplayPos + 1 this.save(flush:true) nextItem.save(flush:true) } } String toString(){ name } def beforeInsert = { displayPosition = MenuItem.countByCategory(category) } def afterDelete = { def otherItems = MenuItem.findAllByCategoryAndDisplayPositionGreaterThan(category,displayPosition) otherItems.each{ it.displayPosition -= 1 it.save() } } } class MenuItemExtra { static constraints = { extraOption(blank:false, maxSize:200) extraOptionPrice(nullable:true) } static searchable = true static belongsTo = [menuItem:MenuItem] BigDecimal extraOptionPrice String extraOption int displayPosition void moveUpDisplayPos(){ def oldDisplayPos = MenuItemExtra.get(id).displayPosition if(oldDisplayPos == 0){ return }else{ def previousExtra = MenuItemExtra.findByMenuItemAndDisplayPosition(menuItem,oldDisplayPos - 1) previousExtra.displayPosition += 1 this.displayPosition = oldDisplayPos - 1 this.save(flush:true) previousExtra.save(flush:true) } } void moveDownDisplayPos(){ def oldDisplayPos = MenuItemExtra.get(id).displayPosition if(oldDisplayPos == MenuItemExtra.countByMenuItem(menuItem) - 1){ return }else{ def nextExtra = MenuItemExtra.findByMenuItemAndDisplayPosition(menuItem,oldDisplayPos + 1) nextExtra.displayPosition -= 1 this.displayPosition = oldDisplayPos + 1 this.save(flush:true) nextExtra.save(flush:true) } } String toString(){ extraOption } def beforeInsert = { if(menuItem){ displayPosition = MenuItemExtra.countByMenuItem(menuItem) } } def afterDelete = { def otherExtras = MenuItemExtra.findAllByMenuItemAndDisplayPositionGreaterThan(menuItem,displayPosition) otherExtras.each{ it.displayPosition -= 1 it.save() } } }

  Read the article

• hibernate insert to a collection causes a delete then all the items in the collection to be inserted

  - by Mark

  I have a many to may relationship CohortGroup and Employee. Any time I insert an Employee into the CohortGroup hibernate deletes the group from the resolution table and inserts all the members again, plus the new one. Why not just add the new one? The annotation in the Group: @ManyToMany(cascade = { PERSIST, MERGE, REFRESH }) @JoinTable(name="MYSITE_RES_COHORT_GROUP_STAFF", joinColumns={@JoinColumn(name="COHORT_GROUPID")}, inverseJoinColumns={@JoinColumn(name="USERID")}) public List<Employee> getMembers(){ return members; } The other side in the Employee @ManyToMany(mappedBy="members",cascade = { PERSIST, MERGE, REFRESH } ) public List<CohortGroup> getMemberGroups(){ return memberGroups; } Code snipit Employee emp = edao.findByID(cohortId); CohortGroup group = cgdao.findByID(Long.decode(groupId)); group.getMembers().add(emp); cgdao.persist(group); below is the sql reported in the log delete from swas.MYSITE_RES_COHORT_GROUP_STAFF where COHORT_GROUPID=? insert into swas.MYSITE_RES_COHORT_GROUP_STAFF (COHORT_GROUPID, USERID) values (?, ?) insert into swas.MYSITE_RES_COHORT_GROUP_STAFF (COHORT_GROUPID, USERID) values (?, ?) insert into swas.MYSITE_RES_COHORT_GROUP_STAFF (COHORT_GROUPID, USERID) values (?, ?) insert into swas.MYSITE_RES_COHORT_GROUP_STAFF (COHORT_GROUPID, USERID) values (?, ?) insert into swas.MYSITE_RES_COHORT_GROUP_STAFF (COHORT_GROUPID, USERID) values (?, ?) insert into swas.MYSITE_RES_COHORT_GROUP_STAFF (COHORT_GROUPID, USERID) values (?, ?) This seams really inefficient and is causing some issues. If sevral requests are made to add an employee to the group then some get over written.

  Read the article

• Do I have to implement Add/Delete methods in my NHibernate entities ?

  - by Lisa

  This is a sample from the Fluent NHibernate website: Compared to the Entitiy Framework I have ADD methods in my POCO in this code sample using NHibernate. With the EF I did context.Add or context.AddObject etc... the context had the methods to put one entity into the others entity collection! Do I really have to implement Add/Delete/Update methods (I do not mean the real database CRUD operations!) in a NHibernate entity ? public class Store { public virtual int Id { get; private set; } public virtual string Name { get; set; } public virtual IList<Product> Products { get; set; } public virtual IList<Employee> Staff { get; set; } public Store() { Products = new List<Product>(); Staff = new List<Employee>(); } public virtual void AddProduct(Product product) { product.StoresStockedIn.Add(this); Products.Add(product); } public virtual void AddEmployee(Employee employee) { employee.Store = this; Staff.Add(employee); } }

  Read the article

• Is it safe to delete rotated MySQL binary logs?

  - by Milan Babuškov

  I have a MySQL server with binary logging active. Once a days logs file is "rotated", i.e. MySQL seems to stop writing to it and creates and new log file. For example, I currently have these files in /var/lib/mysql -rw-rw---- 1 mysql mysql 10485760 Jun 7 09:26 ibdata1 -rw-rw---- 1 mysql mysql 5242880 Jun 7 09:26 ib_logfile0 -rw-rw---- 1 mysql mysql 5242880 Jun 2 15:20 ib_logfile1 -rw-rw---- 1 mysql mysql 1916844 Jun 6 09:20 mybinlog.000004 -rw-rw---- 1 mysql mysql 61112500 Jun 7 09:26 mybinlog.000005 -rw-rw---- 1 mysql mysql 15609789 Jun 7 13:57 mybinlog.000006 -rw-rw---- 1 mysql mysql 54 Jun 7 09:26 mybinlog.index and mybinlog.000006 is growing. Can I simply take mybinlog.000004 and mybinlog.000005, zip them up and transfer to another server, or I need to do something else before? What info is stored in mybinlog.index? Only the info about the latest binary log? UPDATE: I understand I can delete the logs with PURGE BINARY LOGS which updates mybinlog.index file. However, I need to transfer logs to another computer before deleting them (I test if backup is valid on another machine). To reduce the transfer size, I wish to bzip2 the files. What will PURGE BINARY LOGS do if log files are not "there" anymore?

  Read the article

• Should I delete the string members of a C++ class?

  - by Bobby

  If I have the following declaration: #include <iostream> #include <string> class DEMData { private: int bitFldPos; int bytFldPos; std::string byteOrder; std::string desS; std::string engUnit; std::string oTag; std::string valType; int idx; public: DEMData(); DEMData(const DEMData &d); void SetIndex(int idx); int GetIndex() const; void SetValType(const char* valType); const char* GetValType() const; void SetOTag(const char* oTag); const char* GetOTag() const; void SetEngUnit(const char* engUnit); const char* GetEngUnit() const; void SetDesS(const char* desS); const char* GetDesS() const; void SetByteOrder(const char* byteOrder); const char* GetByteOrder() const; void SetBytFldPos(int bytFldPos); int GetBytFldPos() const; void SetBitFldPos(int bitFldPos); int GetBitFldPos() const; friend std::ostream &operator<<(std::ostream &stream, DEMData d); bool operator==(const DEMData &d) const; ~DEMData(); }; what code should be in the destructor? Should I "delete" the std::string fields?

  Read the article

• WordPress update_post_meta values. Delete when empty or just test for ""?

  - by Scott B

  My function below, will take the values from my custom meta fields (after a post has been edited, and save or publish has been clicked) and update or insert the posted meta values. However, if the user leaves this field blank, I believe I want to delete the meta altogether (so I can test for its presence and display accordingly vs just checking for ""). For example, one of my meta options gives the user the ability to add a Custom title to their post, which when present, will populate the page's tag. However, if the field is left empty, I want to default the tag to the_title(), which is simply the Post title used to identify the page/post. Since I'm not deleting the meta on save, its always present after the first time a user enters something in there, get_post_meta($post-ID,'MyCustomTitle', true) is always true. Further, they cannot blank it out by clearing the title field and hitting publish. What am I missing in the save in order to clear the value to "" when the user clears the field? if ($_POST['MyCustomTitle']) { update_custom_meta($postID, $_POST['MyCustomTitle'], 'MyCustomTitle'); } function update_custom_meta($postID, $newvalue, $field_name) { // To create new meta if(!get_post_meta($postID, $field_name)){ add_post_meta($postID, $field_name, $newvalue); }else{ // or to update existing meta update_post_meta($postID, $field_name, $newvalue); } }

  Read the article

• How to delete the first child of an element but referenced by $(this) in Jquery?

  - by Raja

  The scenario is I have two Divs one is where I select items (divResults) and it goes to the next div (divSelectedContacts). When I select it I place a tick mark next to it. What I want to do is when I select it again I want to remove the tick mark and also remove the element from divSelectedContacts. Here is the code. $("#divResults li").click(function() { if ($(this).find('span').size() == 1) { var copyElement = $(this).children().clone(); $(this).children().prepend("<span class='ui-icon ui-icon-check checked' style='float:left'></span>"); $("#divSelectedContacts").append(copyElement); } else { var deleteElement = $(this).find('span'); //here is the problem how to find the first span and delete it $(deleteElement).remove(); var copyElement = $(this).children().clone();//get the child element $("#divSelectedContacts").find(copyElement).remove(); //remove that element by finding it } }); I don't know how to select the first span in a li using $(this). Any help is much appreciated.

  Read the article

• How to secure Add child record functionality in MVC on Parent's view?

  - by RSolberg

  I'm trying to avoid some potential security issues as I expose some a new set of functionality into the real world. This is basically functionality that will allow for a new comment to be added via a partialview on the "Parent" page. My comment needs to know a couple of things, first what record is the comment for and secondly who is making the comment. I really don't like using a hidden field to store the ID for the Parent record in the add comment form as that can be easily changed with some DOM mods. How should I handle this? PARENT <% Html.RenderPartial("AddComment", Model.Comments); %> CHILD <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<CommentsViewModel>" %> <% using (Html.BeginForm("AddComment", "Requests")) {%> <fieldset> <legend>New Comment</legend> <%= Html.HiddenFor(p => p.RequestID) %> <%= Html.TextBoxFor(p => p.Text) %> &nbsp; <input type="submit" value="Add" /> </fieldset> <% } %> CONTROLLER [AcceptVerbs(HttpVerbs.Post)] public void AddComment(CommentsViewModel commentsModel) { var user = GetCurrentUser(); commentsModel.CreatedByID = user.UserID; RequestsService.AddComment(commentsModel); }

  Read the article

• LogMeIn Hamachi

  Easily create and manage your own virtual private network (VPN) for secure communication between PCs

  Read the article

• Account verification Yelp style, how is it more "secure" than traditional verification?

  - by Chad

  For business owners to "take control" of their business page on Yelp, they register for it. The Yelp system performs a telephone call-back. From watching to the video here, it sounds like a telephone version of what we all typically do - e-mail check. For e-mail check, it basically goes like this: User registers verify e-mail sent they click link inside verify e-mail site verifies Here's Yelp's: User registers verify screen shown with code Yelp calls user user enters code site verifies It's essentially the same thing, via phone. Is there any reason you can see why this method is better than the e-mail method?

  Read the article

• How do I read a secure rss feed into a SyndicationFeed without providing credentials?

  - by John Kaster

  For whatever reason, IBM uses https (without requiring credentials) for their RSS feeds. I'm trying to consume https://www.ibm.com/developerworks/mydeveloperworks/blogs/roller-ui/rendering/feed/gradybooch/entries/rss?lang=en with a .NET 4 SyndicationFeed. I can open this feed in a browser and it loads just fine. Here's the code: using (XmlReader xml = XmlReader.Create("https://www.ibm.com/developerworks/mydeveloperworks/blogs/roller-ui/rendering/feed/gradybooch/entries/rss?lang=en")) { var items = from item in SyndicationFeed.Load(xml).Items select item; } Here's the exception: System.Net.WebException was unhandled by user code Message=The remote server returned an error: (500) Internal Server Error. Source=System StackTrace: at System.Net.HttpWebRequest.GetResponse() at System.Xml.XmlDownloadManager.GetNonFileStream(Uri uri, ICredentials credentials, IWebProxy proxy, RequestCachePolicy cachePolicy) at System.Xml.XmlDownloadManager.GetStream(Uri uri, ICredentials credentials, IWebProxy proxy, RequestCachePolicy cachePolicy) at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn) at System.Xml.XmlReaderSettings.CreateReader(String inputUri, XmlParserContext inputContext) at System.Xml.XmlReader.Create(String inputUri, XmlReaderSettings settings, XmlParserContext inputContext) at System.Xml.XmlReader.Create(String inputUri) at EDN.Util.Test.FeedAggTest.LoadFeedInfoTest() in D:\cdn\trunk\CDN\Dev\Shared\net\EDN.Util\EDN.Util.Test\FeedAggTest.cs:line 126 How do I configure the reader to work with an https feed?

  Read the article

• Pyramid.security: Is getting user info from a database with unauthenticated_userid(request) really secure?

  - by yourfriendzak

  I'm trying to make an accesible cache of user data using Pyramid doc's "Making A “User Object” Available as a Request Attribute" example. They're using this code to return a user object to set_request_property: from pyramid.security import unauthenticated_userid def get_user(request): # the below line is just an example, use your own method of # accessing a database connection here (this could even be another # request property such as request.db, implemented using this same # pattern). dbconn = request.registry.settings['dbconn'] userid = unauthenticated_userid(request) if userid is not None: # this should return None if the user doesn't exist # in the database return dbconn['users'].query({'id':userid}) I don't understand why they're using unauthenticated_userid(request) to lookup user info from the database...isn't that insecure? That means that user might not be logged in, so why are you using that ID to get there private info from the database? Shouldn't userid = authenticated_userid(request) be used instead to make sure the user is logged in? What's the advantage of using unauthenticated_userid(request)? Please help me understand what's going on here.

  Read the article

• Good way to keep PHPBB3 boards secure from hackers ?

  - by Chris

  Keep hearing of other forums getting hacked. I realise that if a hacker is that determined, they will find a way, but what are the actions that you can take to try to ensure, wherever possible, that it doesn't happen please ?

  Read the article

• how to secure a iphone application from getting illegaly copied or hacked to install on another ipho

  - by thndrkiss

  Hi, I am new to iphone programming. I heard from few people that even if the iphone application is sold for money from itunes, it is possible to hack the application and install on another phone. How much of this is true ? If true is there a way to programmatically control my application from getting illegally copied to jailbreaked or another iphone ?

  Read the article

• jQuery hide ul header when all entries are deleted...

  - by Scott

  I'm a noob with jQuery...and I hope I've explained this well enough; I have a <ul> header that appears when I've added an entry to a dynamically created list using $.post. Each entry added has a delete/edit button associated with it. Header is this: <ul class="header"> <li>Month</li> <li>Year</li> <li>Cottage</li> </ul> My dynamic list that is created: <ul class="addedItems"> <li>Month</li> <li>Year</li> <li>Cottage</li> <li><span class="edit">edit</span></li> <li><span class="del">delete</span></li> </ul> This all looks like this: Month Year Cottage <--this appears after I've added an entry -------------------------------- and I want it to stick around unless all items are deleted. Dec 1990 Fir edit/delete <--entries Jan 2000 Willow edit/delete My question is: Is there some kind of conditional that I can use with jQuery to hide the class="header" if all the items are deleted? I've read up on conditional statements like is and not with jq but I'm not really understanding how they work. All of the items in class="addedItems" is stored in data produced by JSON. This is the delete function: $(".del").live("click", function(){ var del = this; var thisVal = $(del).val(); $.post("delete.php", { dirID : thisVal }, function(data){ if(confirm("Are you sure you want to DELETE this entry?") == true) { if(data.success) { //hide the class="header" here somwhere?? $(del).parents(".addedItems").hide(); } else if(data.error) { // throw error if item does not delete } } }, "json"); return false; }); //end of .del function Here is the delete.php <?php if($_POST) { $data['delID'] = $_POST['dirID']; $query = "DELETE from //tablename WHERE dirID = '{$data['delID']}' LIMIT 1"; $result = $db->query($query); if($result) { $data['success'] = true; $data['message'] = "Entry was successfully removed."; } else { $data['error'] = true; $data['message'] = "Item could not be deleted."; } echo json_encode($data); } ?>

  Read the article

• How to secure an AJAX call from a facebook canvas application.

  - by user259349

  Reading this Ajax example, http://wiki.developers.facebook.com/index.php/FBJS/Examples/Ajax#Working_Example I found the following line. I'm not sure what to understand out of it, how do you "check the sig values per Platform spec"? "Note: For brevity's sake we are trusting $_POST['fb_sig_user'] without checking the full signature. This is unsafe as anyone could easily forge a user's action. Always be sure to either use the Facebook object which is supplied with the client libraries, or check the sig values per Platform spec"

  Read the article

• IP address detection for geo-location or MAC address much secure?

  - by SuperRomia

  Recent study many websites are using geo-location technology on their Websites. I'm planning to implement one website which can be detect the web visitor more accurate. An found that Mozilla is using some kind of detect MAC address technology in their Geo-Location web service. Is it violate some privacy issue? I believe most of Geo-location service providers only offer country to city level. But the Mac address detection enable to locate the web visitors' location more correctly than using IP address detection. If detect the MAC address is not practical, which geo-location service provider is offering more accurate data to detect my Website visitor around the world?

  Read the article

• Does anyone know how to implement a secure CNG key store in C#?

  - by Matt W

  Or is there a standard, default one provided in 2008? Thanks, Matt.

  Read the article

• Keybindings for individual letter keys (not modifier-combinations) on a GtkTextView widget (Gtk3 and PyGI)

  - by monotasker

  I've been able to set several keybord shortcuts for a GtkTextView and a GtkTextEntry using the new css provider system. I'm finding, though, that I only seem to be able to establish keybindings for combinations including a modifier key. The widget doesn't respond to any bindings I set up that use: the delete key the escape key individual letter or punctuation keys alone Here's the code where I set up the css provider for the keybindings: #set up style context keys = Gtk.CssProvider() keys.load_from_path(os.path.join(data_path, 'keybindings.css')) #set up style contexts and css providers widgets = {'window': self.window, 'vbox': self.vbox, 'toolbar': self.toolbar, 'search_entry': self.search_entry, 'paned': self.paned, 'notelist_treeview': self.notelist_treeview, 'notelist_window': self.notelist_window, 'notetext_window': self.notetext_window, 'editor': self.editor, 'statusbar': self.statusbar } for l, w in widgets.iteritems(): w.get_style_context().add_provider(keys, Gtk.STYLE_PROVIDER_PRIORITY_USER) Then in keybindings.css this is an example of what works: @binding-set gtk-vi-text-view { bind "<ctrl>b" { "move-cursor" (display-lines, -5, 0) }; /* 5 lines up */ bind "<ctrl>k" { "move-cursor" (display-lines, -1, 0) }; /* down */ bind "<ctrl>j" { "move-cursor" (display-lines, 1, 0) }; /* up */ } Part of what I'm trying to do is just add proper delete-key function to the text widgets (right now the delete key does nothing at all). So if I add a binding like one of these, nothing happens: bind "Delete" { "delete-selection" () }; bind "Delete" { "delete-from-cursor" (chars, 1) }; The other part of what I want to do is more elaborate. I want to set up something like Vim's command and visual modes. So at the moment I'm just playing around with (a) setting the widget to editable=false by hitting the esc key; and (b) using homerow letters to move the cursor (as a proof-of-concept exercise). So far there's no response from the escape key or from the letter keys, even though the bindings work when I apply them to modifier-key combinations. For example, I do this in the css for the text-widget: bind "j" { "move-cursor" (display-lines, 1, 0) }; /* down */ bind "k" { "move-cursor" (display-lines, -1, 0) }; /* up */ bind "l" { "move-cursor" (logical-positions, 1, 0) }; /* right */ bind "h" { "move-cursor" (logical-positions, -1, 0) }; /* left */ but none of these bindings does anything, even if other bindings in the same set are respected. What's especially odd is that the vim-like movement bindings above are respected when I attach them to a GtkTreeView widget for navigating the tree-view options: @binding-set gtk-vi-tree-view { bind "j" { "move-cursor" (display-lines, 1) }; /* selection down */ bind "k" { "move-cursor" (display-lines, -1) }; /* selection up */ } So it seems like there are limitations or overrides of some kind on keybindings for the TextView widget (and for the del key?), but I can't find documentation of anything like that. Are these just things that can't be done with the css providers? If so, what are my alternatives for non-modified keybindings? Thanks.

  Read the article

• How to configure custom binding to consume this WS secure Webservice using WCF?

  - by Soeteman

  Hello all, I'm trying to configure a WCF client to be able to consume a webservice that returns the following response message: Response message <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://myservice.wsdl"> <env:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" env:mustUnderstand="1" /> </env:Header> <env:Body> <ns0:StatusResponse> <result> ... </result> </ns0:StatusResponse> </env:Body> </env:Envelope> To do this, I've constructed a custom binding (which doesn't work). I keep getting a "Security header is empty" message. My binding: <customBinding> <binding name="myCustomBindingForVestaServices"> <security authenticationMode="UserNameOverTransport" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11" securityHeaderLayout="Strict" includeTimestamp="false" requireDerivedKeys="true"> </security> <textMessageEncoding messageVersion="Soap11" /> <httpsTransport authenticationScheme="Negotiate" requireClientCertificate ="false" realm =""/> </binding> </customBinding> My request seems to be using the same SOAP and WS Security versions as the response, but use different namespace prefixes ("o" instead of "wsse"). Could this be the reason why I keep getting the "Security header is empty" message? Request message <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:UsernameToken u:Id="uuid-d3b70d1f-0ebb-4a79-85e6-34f0d6aa3d0f-1"> <o:Username>user</o:Username> <o:Password>pass</o:Password> </o:UsernameToken> </o:Security> </s:Header> <s:Body> <getPrdStatus xmlns="http://myservice.wsdl"> <request xmlns="" xmlns:a="http://myservice.wsdl" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"> ... </request> </getPrdStatus> </s:Body> </s:Envelope> How do I need to configure my WCF client binding to be able to consume this webservice? Any help greatly appreciated! Sander

  Read the article

• PHP secure logon script - md5 hash is not matching the hash i wrote to the database in a previous sc

  - by Chris Sobolewski

  I am trying to cobble together a login script in PHP as a learning project. This is the code for my database write when the user registers. Both of these values are written to the database. $this->salt = md5(uniqid()); $this->password = md5($password.$salt); Upon logging in, the following function is fired. For some function challengeLogin($submittedPassword, $publicSalt, $storedPassword){ if(md5($submittedPassword.$publicSalt) == $actualPassword){ return 0; }else{ return 1; }; } Unfortunately, on stepping through my code, the two values have never equaled. Can someone help me understand why?

  Read the article

• Windows 8 - Ubuntu dual boot

  - by Serkan Özkan

  I bought a new Toshiba s855 notebook with windows 8 preinstalled. Secure boot feature was enabled by default. I installed latest version of ubuntu after disabling secure boot feature(it was not possible to install ubuntu without disabling secure boot). But now when I enable secure boot, the system automatically boots into windows 8, and it boots into ubuntu when I disable secure boot. EasyBCD lists the following boot entries but I can only see Windows 8 in boot menu: Default: Windows 8 Timeout: 7 seconds EasyBCD Boot Device: C:\ Entry #1 Name: Ubuntu BCD ID: {971641cd-304a-11e2-be82-806e6f6e6963} Device: \Device\HarddiskVolume2 Bootloader Path: \EFI\ubuntu\grubx64.efi ... Entry #5 Name: Windows 8 BCD ID: {current} Drive: C:\ Bootloader Path: \windows\system32\winload.efi Any recommendations will be appreciated.

  Read the article

• Is using os.path.abspath to validate an untrusted filename's location secure?

  - by mcmt

  I don't think I'm missing anything. Then again I'm kind of a newbie. def GET(self, filename): name = urllib.unquote(filename) full = path.abspath(path.join(STATIC_PATH, filename)) #Make sure request is not tricksy and tries to get out of #the directory, e.g. filename = "../.ssh/id_rsa". GET OUTTA HERE assert full[:len(STATIC_PATH)] == STATIC_PATH, "bad path" return open(full).read() Edit: I realize this will return the wrong HTTP error code if the file doesn't exist (at least under web.py). I will fix this.

  Read the article

• How do I secure ASP.NET web service to only allow relative path calling?

  - by TruMan1

  I have ASMX services for my web application that I would only like available to the same application. Is there a way for the web service to only be accessible by the same application, such as relative/absolute path restrictions?

  Read the article

• PHP check http referer for form submitted by AJAX, secure?

  - by Michael Mao

  Hi all: This is the first time I am working for a front-end project that requires server-side authentication for AJAX requests. I've encountered problems like I cannot make a call of session_start as the beginning line of the "destination page", cuz that would get me a PHP Warning : Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\comic\app\ajaxInsert Book.php:1) in C:\xampp\htdocs\comic\app\common.php on line 10 I reckon this means I have to figure out a way other than checking PHP session variables to authenticate the "caller" of this PHP script, and this is my approach : I have a "protected" PHP page, which must be used as the "container" of my javascript that posts the form through jQuery $.ajax(); method In my "receiver" PHP script, what I've got is: <?php define(BOOKS_TABLE, "books"); define(APPROOT, "/comic/"); define(CORRECT_REFERER, "/protected/staff/addBook.php"); function isRefererCorrect() { // the following line evaluates the relative path for the referer uri, // Say, $_SERVER['HTTP_REFERER'] returns "http://localhost/comic/protected/staff/addBook.php" // Then the part we concern is just this "/protected/staff/addBook.php" $referer = substr($_SERVER['HTTP_REFERER'], 6 + strrpos($_SERVER['HTTP_REFERER'], APPROOT)); return (strnatcmp(CORRECT_REFERER, $referer) == 0) ? true : false; } //http://stackoverflow.com/questions/267546/correct-http-header-for-json-file header('Content-type: application/json charset=UTF-8'); header('Cache-Control: no-cache, must-revalidate'); echo json_encode(array ( "feedback"=>"ok", "info"=>isRefererCorrect() )); ?> My code works, but I wonder is there any security risks in this approach? Can someone manipulate the post request so that he can pretend that the caller javascript is from the "protected" page? Many thanks to any hints or suggestions.

  Read the article

< Previous Page | 90 91 92 93 94 95 96 97 98 99 100 101  | Next Page >