Microsoft to Offer Web Analytics for Silverlight Apps
The new open-source framework will allow rich media apps to use third-party analytics services.
Search Results
Search found 16455 results on 659 pages for 'hosts allow'.
Page 96/659 | < Previous Page | 92 93 94 95 96 97 98 99 100 101 102 103 | Next Page >
-
-
How To Create a Shortcut That Lets a Standard User Run An Application as Administrator
- by Chris Hoffman
Want to allow a standard user account to run an application as administrator without a UAC or password prompt? You can easily create a shortcut that uses the runas command with the /savecred switch, which saves the password. Note that using /savecred could be considered a security hole – a standard user will be able to use the runas /savecred command to run any command as administrator without entering a password. However, it’s still useful for situations where this doesn’t matter much – perhaps you want to allow a child’s standard user account to run a game as Administrator without asking you. We’ve also covered allowing a user to run an application as Administrator with no UAC prompts by creating a scheduled task. HTG Explains: Is ReadyBoost Worth Using? HTG Explains: What The Windows Event Viewer Is and How You Can Use It HTG Explains: How Windows Uses The Task Scheduler for System TasksRead the article
-
Why UFW has to be (re)started at boot time if it's only iptables rule manager?
- by Tomasz Zielinski
README from source package says: When installing ufw from source, you will also need to integrate it into your boot process for the firewall to start when you restart your system. Depending on your needs, this can be as simple as adding the following to a startup script (eg rc.local for systems that use it): # /lib/ufw/ufw-init start For systems that use SysV initscripts, an example script is provided in doc/initscript.example. See doc/upstart.example for an Upstart example. Consult your distribution's documentation for the proper way to modify your boot process. On my system I have this: # /etc/ufw/ufw.conf # # Set to yes to start on boot. If setting this remotely, be sure to add a rule # to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp' ENABLED=yes So, why does simple iptables rule manager need to be started at boot time? Is there any secret to that, or it merely checks if all rules are in place ?Read the article
-
Mail Scanning System
- by Mr D
In the same way gmail can generate ads based on email content, I am looking for a way to develop a system which can: Allow users to connect their email address to our site It then would continously monitor all incomming emails From the incomming emails there would be a critera(e.g. a certain address or subject) if any of the emails matched the critea it would would be saved to a database Then once a new email had been found the users would receive an email notification will tells them to log back into the site to see it. My questions are: Would this be possible? What would be a good language to use(generally I like php, python and java) Are there any frameworks which would help do this? How would I connect the users email account to allow access to their emails(do I need a mail server?) Any advice? Thank you! If you need more information please let me know.Read the article
-
Best Language for the job? Database | C++, .NET, Java
- by Randy E
Ok, quick overview. I'm pretty brand new to software design. I have experience reading and editing/customizing PHP things for online scripts/software; Such as CMS, Wordpress, some forum solutions. I'm about to begin my degree in Software Design, the school I'm going to will allow us to kind of focus on an area, C++, Java, or .NET. I've played around a little with VB over the past week, mostly just trying to get a slight feel for it, however nothing extensive. I've been through Herbert Schildt's "C++, A Beginner's Guide." but I was mainly reading it, not doing anything with it beyond a couple basic Console Apps (and getting frustrated with auto-close :/ ). Now, where I decide to focus more in with my degree will depend on what the best language for the job is for my first piece of software I want to develop on my own. Assume I haven't looked at any of the languages at all, please help with the following: My first piece of software will be a database program. Everything has to do with users inputting and retrieving data, and calling that data to help with another function of the software, automatically calculating billing information based on information inputted in the other portion of the program. I won't go into too many details as I'm targeting a niche that doesn't have too much competition, but the competition that is there is established. I want to offer more features, scalable solutions, and the ability to port it to an online version. Ok, basically, it is a complete case management with integrated billing for Private Investigators. I would like the case management to be able to check the Database to see if certain information has been inputted before (such as Names/SSN's), and then the billing will pull hours inputted in the case portion for investigative work, multiplying by an already inputted amount for the fee, and then calculate sales tax. I also want to provide potential clients with an easily scalable solution, that is, a basic option for start ups that costs the least amount, with no additional users, ran on one machine. A middle option with the ability to create users and place them in two groups (User or Admin), as well as adding a few additional features, ran on one machine, but this will allow it to be accessed after being mapped on a network drive. And a third option to allow the placement into 4 different groups (Investigators, Billing, Managers, Admins) and more features. And then, a couple of years after launch, a 4th option that is browser based allowing the same 4 groups to login, as well as clients (view things concerning their case, with some admin customizable objects that can be added for clients view), over the internet. The only licensing security I would like to employ right off the bat will be serial key generated after ordering online (received in an email after the successful purchase). The program will access a database stored on a server periodically to verify license. I would like it to be able to check to make sure it's the most updated version and automatically update if not.Read the article
-
Designing an API on top with Java RMI and Rest APIs
- by user1303881
I'm working on the backend of a java web application. We have a document repository (Fedora Commons specifically) where we house xml files. I want to abstract the API of the repository internally so that we aren't tightly coupled to one product. I'd also like to give the flexibility of connecting to to a repository via Java RMI or REST APIs. I was hoping to get advice or resources on how to implement something like this. My thought it that I'd have some abstract repository class that had methods like getRecord, updateRecord, and deleteRecord. In the constructor I would pass the URI for the repository and the API method and port. This would allow some flexibility in the future so that if the REST api became more practical, but allow the flexibility or using RMI which could (should?) have better performance. Am I over thinking this or am I on the right path?Read the article
-
ejabberd starts slow and fails
- by Michael Tanner
I installed ejabberd and tried to set it up. On my server there are strict rules which allow only several services and denies everything else. I experienced starting problems with my iptables rules and found out that ejabberd works when I allow everything in the iptables and restore my rules afterwards. Then it also works for connecting, registering and else. What could be the problem in my rules? Attached here: http://fixee.org/paste/s5s744j/ Would be nice to get a correction straight on fixee if I made a mistake. Thanks in advance. Edit 1: In the log files there are no specific error messages during startup.Read the article
-
How to secure robots.txt file?
- by CompilingCyborg
I would like for User-agents to index my relative pages only without accessing any directory on my server. As initial thought, i had this version in mind: User-agent: * Disallow: */* Sitemap: http://www.mydomain.com/sitemap.xml My Questions: Is it correct to block all directories like that - Disallow: */*? Would still search engines be able to see and index my sitemap if i disallowed all directories? What are the best practices for securing the robots.txt file? For Reference: Here is a good tutorial for robots.txt #Add this if you want to stop Alexa from indexing your site. User-agent: ia_archiver Disallow: / #Add this to stop duggmirror User-agent: duggmirror Disallow: / #Add this to allow specific agents User-agent: Googlebot Disallow: #Add this to allow all agents while blocking specific directories User-agent: * Disallow: /cgi-bin/ Disallow: /*?*Read the article
-
SharePoint 2010 Diagnostic Studio Remote Diag
- by juanlarios
I have had some time this week to try out some tools that I have been meaning to try out. This week I am trying out the SP 2010 Diagnostic Studio. I installed it successfully and tried it on my development evironment. I was able to build a report and a snapshot of the environment. I decided to turn my attention to my Employer's intranet environment. This would allow me to analyze it and measure it against benchmarks. I didn't want to install the Diagnostic studio on the Production Envorinment, lucky for me, the Diagnostic studio can be run remotely, well...kind of. Issue My development environment is a stand alone, full installation of SharePoint 2010 Server. It has Office 2010, SQL 2008 Enterprise, a DC...well you get the point, it's jammed packed! But more importantly it's a stand alone, self contained VM environment. Well Microsoft has instructions as to how to connect remotely with Diagnostic Studio here. The deciving part of this is that the SP2010DS prompts you for credentails. So I thought I was getting the right account to run the reports. I tried all the Power Shell commands in the link above but I still ended up getting the following errors: 06/28/2011 12:50:18 Connecting to remote server failed with the following error message : The WinRM client cannot process the request...If the SPN exists, but CredSSP cannot use Kerberos to validate the identity of the target computer and you still want to allow the delegation of the user credentials to the target computer, use gpedit.msc and look at the following policy: Computer Configuration -> Administrative Templates -> System -> Credentials Delegation -> Allow Fresh Credentials with NTLM-only Server Authentication. Verify that it is enabled and configured with an SPN appropriate for the target computer. For example, for a target computer name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserver.domain.com or WSMAN/*.domain.com. Try the request again after these changes. For more information, see the about_Remote_Troubleshooting Help topic. 06/28/2011 12:54:47 Access to the path '\\<targetserver>\C$\Users\<account logging in>\AppData\Local\Temp' is denied. You might also get an error message like this: The WinRM client cannot process the request. A computer policy does not allow the delegation of the user credentials to the target computer. Explanation After looking at the event logs on the target environment, I noticed that there were a several Security Exceptions. After looking at the specifics around who was denied access, I was able to see the account that was being denied access, it was the client machine administrator account. Well of course that was never going to work!!! After some quick Googling, the last error message above will lead you to edit the Local Group Policy on the client server. And although there are instructions from microsoft around doing this, it really will not work in this scenario. Notice the Description and how it only applices to authentication mentioned? Resolution I can tell you what I did, but I wish there was a better way but I simply don't know if it's duable any other way. Because my development environment had it's own DC, I didn't really want to mess with Kerberos authentication. I would also not be smart to connect that server to the domain, considering it has it's own DC. I ended up installing SharePoint 2010 Diagnostic Studio on another Windows 7 Dev environment I have, and connected the machien to the domain. I ran all the necesary remote credentials commands mentioned here. Those commands add the group policy for you! Once I did this I was able to authenticate properly and I was able to get the reports. Conclusion You can run SharePoint 2010 Diagnostic Studio Remotely but it will require some specific scenarions. A couple of things I should mention is that as far as I understand, SP2010 DS, will install agents on your target environment to run tests and retrieve the data. I was a Farm Administrator, and also a Server Admin on SharePoint Server. I am not 100% sure if you need all those permissions but I that's just what I have to my internal intranet. I deally I would like to have a machine that I can have SharePoint 2010 DIagnostic Studio installed and I can run that against client environments. It appears that I will not be able to do that, unless I enable Kerberos on my Windows 7 Machine now. If you have it installed in the same way I would like to have it, please let me know, I'll keep trying to get what I'm after. Hope this helps someone out there doing the same.Read the article
-
OOP private method parameters coding style
- by Jake
After coding for many years as a solo programmer, I have come to feel that most of the time there are many benefits to write private member functions with all of the used member variables included in the parameter list, especially development stage. This allow me to check at one look what member variables are used and also allow me to supply other values for tests and debugging. Also, a change in code by removing a particular member variable can break many functions. In this case however, the private function remains isolated am I can still call it using other values without fixing the function. Is this a bad idea afterall, especially in a team environment? Is it like redundant or confusing, or are there better ways?Read the article
-
Making A Photo-Sharing App For Android In Eclipse [on hold]
- by user3694394
I've only just started developing mobile apps, which is something that I've been wanting to learn for a while now. I'm from an indie games studio, making PC games for around the last 3 years, and I finally decided to move into android app development. The only problem I'm having is that I don't know where to start. The project which I'm aiming to create will be something similar to Instagram, basically a photo-sharing app which allows users to take new photos, or pull them from their device, and add filters to them, before posting them. I have a rough idea of how I could go about doing this, but I need pointing towards any tutorials available for each specific step. So, here's my idea: Create a UI in eclipse (this wont be a problem for me, I should be able to do this fine through xml files) Setup a server-side database to store all user info and uploaded images (the images will need to be converted into byte arrays, and I have no idea how to do this through a database). My best idea would be to use a MySQL database to do this. Add user interactions (likes, favourites, reposts, etc.). This would, again, have to be stored in the database (or, at least, i think it would). Add the ability to take new photos using the phone's camera (I can probably do this anyway, using the Camera API). Add the ability to pull existing photos from the device (again, pretty simple to do). Add the ability to add filters to any photos (I had a look around, and there are some repos and resources which allow you to do this, but they're mainly for iOS development). Add facebook/twitter integration (possibly) to allow phots to be shared to other social networks. Create a news feed which shows users all of the latest photos from their friends, and allows them to post their own images to it. Give all registered users their own wall/page which has their latest posts/images displayed on it. Add the ability to allow users to follow other users, and display their followed users posts on their news feed. Yep. It's not going to be easy, and I don't even know if it's possible for me to do alone in Eclipse. However, this is the plan, and I'm going to do my best to learn everything I need to know to do this successfully. My actual question would be how should I start doing this- where do I begin learning how to do all of this? I've had a look at snapify, which can be edited via Parse, but I won't be spending hundreds of dollars (since I'm 15 and just don't have the available funds) on software. I have extensive knowledge of Java (again, I've been making games for around 3 years, mainly in Java), and various scripting languages. So, hopefully, this will be of some use here. Thanks in advance, Josh.Read the article
-
A program/command to help translate multiple file names
- by cipricus
I have hundreds of files with different names that I want to translate into a different language. Is there an application/CLI action that would allow me to copy all this names as in a list/table and then, after having translated them, to paste them back into the list/table, or that would allow a procedure somewhat similar to "Rename" in Thunar but with a more complex action closer to what I have described? (I am in Lubuntu and I prefer not to use Nautilus due to unwanted interference with LXDE/pcmanfm desktop and LXPanel. If there is a solution in Nautilus please provide it but try to give an alternative if possible.)Read the article
-
A program/CLI command to help translate multiple file names
- by cipricus
I have hundreds of files with different names that I want to translate into a different language. Is there an application/CLI action that would allow me to copy all this names as in a list/table and then, after having translated them, to paste them back into the list/table, or that would allow a procedure somewhat similar to "Rename" in Thunar but with a more complex action closer to what I have described? (I am in Lubuntu and I prefer not to use Nautilus due to unwanted interference with LXDE/pcmanfm desktop and LXPanel. If there is a solution in Nautilus please provide it but try to give an alternative if possible.)Read the article
-
Techniques for separating game model from presentation
- by liortal
I am creating a simple 2D game using XNA. The elements that make up the game world are what i refer to as the "model". For instance, in a board game, i would have a GameBoard class that stores information about the board. This information could be things such as: Location Size Details about cells on the board (occupied/not occupied) etc This object should either know how to draw itself, or describe how to draw itself to some other entity (renderer) in order to be displayed. I believe that since the board only contains the data+logic for things regarding it or cells on it, it should not provide the logic of how to draw things (separation of concerns). How can i achieve a good partitioning and easily allow some other entity to draw it properly? My motivations for doing so are: Allow multiple "implementations" of presentation for a single game entity Easier porting to other environments where the presentation code is not available (for example - porting my code to Unity or other game technology that does not rely on XNA).Read the article
-
What does "GPL with classpath exception" mean in practice?
- by Thilo
Oracle seems to license all their Java-related open source code under the GPL with a classpath exception. From what I understand, this seems to allow to combine these libraries with your own code into products that do not have to be covered by the GPL. How does this work? What are examples of how I can and cannot use these classes? Why was this new license used as opposed to the LGPL, which seems to allow for pretty much the same things, but is better established and understood? What are the differences to the LGPL?Read the article
-
Basic Ubuntu FTP Server
- by JPrescottSanders
I would like to setup a basic FTP server on my Ubuntu Server install. I have been playing with VSFTPD, but am having issues getting the server to allow me to create directories and copy files. I have set the system to allow local users, but it appears that doesn't mean I get access to create directories. This may be an instance where I need to be better grounded in Unbuntu server setup in order to configure this FTP server adequately. The end goal is to be able to move files from my local dev folder into my www folder for deployment. Directories need to be able to move as well. Any help would be greatly appreciated.Read the article
-
Can see samba shares but not access them
- by nitefrog
For the life of me I cannot figure this one out. I have samba installed and set up on the ubuntu box and on the Win7 box I CAN SEE all the shares I created. I created two users on ubuntu that map to the users in windows. On ubuntu they are both admins, user A & B on Windows User A is admin and user B is poweruser. User A can see both shares and access them, but user B can see everythin, but only access the homes directory, the other directory throws an error. I have two drives in Ubuntu and this is the smb.config file (I am new to samba): [global] workgroup = WORKGROUP server string = %h server (Samba, Ubuntu) wins support = no dns proxy = yes name resolve order = lmhosts host wins bcast log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user ; usershare max shares = 100 usershare allow guests = yes And here is the share section: Both user A & B can access this from windows. No problems. [homes] comment = Home Directories browseable = no writable = yes Both User A & B can see this share, but only user A can access it. User B get an error thrown. [stuff] comment = Unixmen File Server path = /media/data/appinstall/ browseable = yes ;writable = no read only = yes hosts allow = The permission for the media/data/appinstall/ is as follows: appInstall properties: share name: stuff Allow others to create and delete files in this folder is cheeked Guest access (for people without a user account) is checked permissions: Owner: user A Folder Access: Create and delete files File Access: --- Group: user A Folder Access: Create and delete files File Access: --- Others Folder Access: Create and delete files File Access: --- I am at a loss and need to get this work. Any ideas? The goal is to have a setup like this. 3 users on window machines. Each user on the data drive will have their own personal folder where they are the ones that can only access, then another folder where 2 of the users will have read only and one user full access. I had this setup before on windows, but after what happened I am NEVER going back to windows, so Unix here I am to stay! I am really stuck. I am running Ubuntu 11. I could reformat again and put on version 10 if that would make life easier. I have been dealing with this since Wed. 3pm. Thanks.Read the article
-
determine if udp socket can be accessed via external client
- by JohnMerlino
I don't have access to company firewall server. but supposedly the port 1720 is open on my one ubuntu server. So I want to test it with netcat: sudo nc -ul 1720 The port is listening on the machine ITSELF: sudo netstat -tulpn | grep nc udp 0 0 0.0.0.0:1720 0.0.0.0:* 29477/nc The port is open and in use on the machine ITSELF: lsof -i -n -P | grep 1720 gateway 980 myuser 8u IPv4 187284576 0t0 UDP *:1720 Checked the firewall on current server: sudo ufw allow 1720/udp Skipping adding existing rule Skipping adding existing rule (v6) sudo ufw status verbose | grep 1720 1720/udp ALLOW IN Anywhere 1720/udp ALLOW IN Anywhere (v6) But I try echoing data to it from another computer (I replaced the x's with the real integers): echo "Some data to send" | nc xx.xxx.xx.xxx 1720 But it didn't write anything. So then I try with telnet from the other computer as well: telnet xx.xxx.xx.xxx 1720 Trying xx.xxx.xx.xxx... telnet: connect to address xx.xxx.xx.xxx: Operation timed out telnet: Unable to connect to remote host Although I don't think telnet works with udp sockets. I ran nmap from another computer within the same local network and this is what I got: sudo nmap -v -A -sU -p 1720 xx.xxx.xx.xx Starting Nmap 5.21 ( http://nmap.org ) at 2013-10-31 15:41 EDT NSE: Loaded 36 scripts for scanning. Initiating Ping Scan at 15:41 Scanning xx.xxx.xx.xx [4 ports] Completed Ping Scan at 15:41, 0.10s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 15:41 Completed Parallel DNS resolution of 1 host. at 15:41, 0.00s elapsed Initiating UDP Scan at 15:41 Scanning xtremek.com (xx.xxx.xx.xx) [1 port] Completed UDP Scan at 15:41, 0.07s elapsed (1 total ports) Initiating Service scan at 15:41 Initiating OS detection (try #1) against xtremek.com (xx.xxx.xx.xx) Retrying OS detection (try #2) against xtremek.com (xx.xxx.xx.xx) Initiating Traceroute at 15:41 Completed Traceroute at 15:41, 0.01s elapsed NSE: Script scanning xx.xxx.xx.xx. NSE: Script Scanning completed. Nmap scan report for xtremek.com (xx.xxx.xx.xx) Host is up (0.00013s latency). PORT STATE SERVICE VERSION 1720/udp closed unknown Too many fingerprints match this host to give specific OS details Network Distance: 1 hop TRACEROUTE (using port 1720/udp) HOP RTT ADDRESS 1 0.13 ms xtremek.com (xx.xxx.xx.xx) Read data files from: /usr/share/nmap OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds Raw packets sent: 27 (2128B) | Rcvd: 24 (2248B). The only thing I can think of is a firewall or vpn issue. Is there anything else I can check for before requesting that they look at the firewall server again?Read the article
-
Shader inputs in a general purpouse engine
- by dreta
I'm not familiar with SDKs like Unity or UDK that much, so i can't check this off hand. Do general purpouse engines allow users to create custom uniform variables? The way i see it, and the way i have implemented it in an engine i'm writing to learn 3D, is that there is a "set" of uniforms provided by the engine and if you want to write a custom shader then you utilize uniforms you need to create a wanted effect. Now, the thing is, first of all i'm not an artist, second of all, i didn't have a chance to create complex scenes yet. So my question is, is it common practice to define variables that the engine provides and only allow the user to work with what they're given? Allowing users to add custom programs and use them where they want is not hard, but i have issues imagining how you'd go about doing the same for uniforms.Read the article
-
Importing Data from Google Analytics
- by Adam Tannon
I am planning on building a web app with many different public-facing HTTP servers; each of which will have Google Analytics (GA) installed on them. I'd like to create a "dashboard" app that consolidates the GA data into one screen. I've been perusing the documentation for this so-called GA API, but I can't tell what the end result of the GA API is: Does the GA API allow me to do exactly what I am looking for it to do? Or... Does the GA API do something entirely different (like allow me to share my data with Google+ or something else weird) Since an API can be used to CRUD any kind of data, I guess I'm asking which way the GA API goes: is it for querying (reading) data from 1+ server instances, or is it for modifying data on those servers or somewhere else? Thanks in advance!Read the article
-
OpenJDK In The News: Oracle Outlines Roadmap for Java SE and JavaFX at JavaOne 2012
- by $utils.escapeXML($entry.author)
The OpenJDK Community continues to host the development of the reference implementation of Java SE 8. Weekly developer preview builds of JDK 8 continue to be available from jdk8.java.net.OpenJDK continues to thrive with contributions from Oracle, as well as other companies, researchers and individuals.The OpenJDK Web Site Terms of Use was recently updated to allow work on Java Specification Requests (JSRs) for Java SE to take place in the OpenJDK Community, alongside their corresponding reference implementations, so that specification leads can satisfy the new transparency requirements of the Java Community Process (JCP 2.8).“The recent decision by the Java SE 8 Expert Group to defer modularity to Java SE 9 will allow us to focus on the highly-anticipated Project Lambda, the Nashorn JavaScript engine, the new Date/Time API, and Type Annotations, along with numerous other performance, simplification, and usability enhancements,” said Georges Saab, vice president, Software Development, Java Platform Group at Oracle. “We are continuing to increase our communication and transparency by developing the reference implementation and the Oracle-led JSRs in the OpenJDK community.”Quotes taken from the 14th press release from Oracle mentioning OpenJDK, titled "Oracle Outlines Roadmap for Java SE and JavaFX at JavaOne 2012".Read the article
-
Enable Configurator for Return Orders
- by ChristineS-Oracle
With release 12.2.4 for non-referenced RMAs, Order Management will allow you to configure the model from Sales Order / Quick Sales Order windows. This is only allowable when profile OM: Enable Configuration UI for RMA is set to Yes. All selected options must be returnable, as well as all included items. Order Management explodes included items and creates options and option classes in a way similar to outbound orders. The application creates all selected components with same line number but different option/component number. Additionally, the application does not allow re-configuration and/or deletion of any line if any line in the same configuration is received, fulfilled, closed, cancelled, or split. For additional information refer to the Oracle Order Management Release Notes for Release 12.2.4 (Doc ID 1906521.1).Read the article
-
Tracking users behaviour - with or without Google Analytics
- by Ilian Iliev
If I understand correctly the following (point & from GA TOS): PRIVACY . You will not (and will not allow any third party to) use the Service to track or collect personally identifiable information of Internet users, nor will You (or will You allow any third party to) associate any data gathered from Your website(s) (or such third parties' website(s)) with any personally identifying information from any source as part of Your use (or such third parties' use) of the Service. You will have and abide by an appropriate privacy policy and will comply with all applicable laws relating to the collection of information from visitors to Your websites. You must post a privacy policy and that policy must provide notice of your use of a cookie that collects anonymous traffic data. You are not allowed to use custom variables that will identify the visitor(for example website username, e-mail, id etc.) So the question is how can I track a specific user behaviour(for example the actions that every single logged in user do).Read the article
-
TransportWithMessageCredential & Service Bus – Introduction
- by Michael Stephenson
Recently we have been working on a project using the Windows Azure Service Bus to expose line of business applications. One of the topics we discussed a lot was around the security aspects of the solution. Most of the samples you see for Windows Azure Service Bus often use the shared secret with the Access Control Service to protect the service bus endpoint but one of the problems we found was that with this scenario any claims resulting from credentials supplied by the client are not passed through to the service listening to the service bus endpoint. As an example of this we originally were hoping that we could give two different clients their own shared secret key and the issuer for each would indicate which client it was. If the claims had flown to the listening service then we could check that the message sent by client one was a type they are allowed to send. Unfortunately this claim isn't flown to the listening service so we were unable to implement this scenario. We had also seen samples that talk about changing the relayClientAuthenticationType attribute would allow you to authenticate the client within the service itself rather than with ACS. While this was interesting it wasn't exactly what we wanted. By removing the step where access to the Relay endpoint is protected by authentication against ACS it means that anyone could send messages via the service bus to the on-premise listening service which would then authenticate clients. In our scenario we certainly didn't want to allow clients to skip the ACS authentication step because this could open up two attack opportunities for an attacker. The first of these would allow an attacker to send messages through to our on-premise servers and potentially cause a denial of service situation. The second case would be with the same kind of attack by running lots of messages through service bus which were then rejected the attacker would be causing us to incur charges per message on our Windows Azure account. The correct way to implement our desired scenario is to combine one of the common options for authenticating against ACS so the service bus endpoint cannot be accessed by an unauthenticated caller with the normal WCF security features using the TransportWithMessageCredential security option. Looking around I could not find any guidance on how to implement this correctly so on the back of setting this up I decided to write a couple of articles to walk through a couple of the common scenarios you may be interested in. These are available on the following links: Walkthrough - Combining shared secret and username token Walkthrough – Combining shared secret and certificatesRead the article
-
Why do some open-source projects NOT have a public issue tracker?
- by linquize
Why do some open source projects not allow to report issues in a public issue tracker? Those projects require the issues to be reported via email, and the issues may be forwarded to people in a mailing list. Users may repeatedly report the same issue if there is no public issue tracker, as they have no easy way to know what has been reported before. The project team members need to spend extra time answering those repeated issues. Some projects do have a public issue tracker but the issues are still reported through email and they are posted by the project team only after filtering. It does not allow anyone to report directly in issue tracker (example: SVN). Such arrangement is not transparent nor open, which I think violates the philosophy of open source. And it is outdated.Read the article
