Search Results

Search found 5864 results on 235 pages for 'secure gateway'.

Page 98/235 | < Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105  | Next Page >

  • WiFi, No ping, other works fine

    - by Linux Mom
    I installed Ubuntu 12.04 LTS for my mom, this runs OK. However recently, I switched back and forth between encryptions on our WiFi Router from WPA-PSK to WEP and back again to WPA-PSK, same password. Now this old laptop won't even ping the gateway on the router, although the nm-applet shows connected. I tried re-adding the network and putting in the BSSID. I did this over again sometimes just to verify. I tried with my 3G Tethering on my phone, it works fine, can go online too. My other Linux laptop can go on the same wifi as well as my phone. And this laptop used to been online on the same network, same password, same encryption (WPA-PSK) What can be wrong ? Does it need a serious kick in the butt or removing some cached authorisation somewhere?

    Read the article

  • Determining if a visitor left your server

    - by Jeepstone
    We have an Apache server running a PHP website. The site is an e-commerce shop. We currently use Barclays as the payment provider but are seeing a lot of customers drop out at the point at which we transfer them to the payment gateway (hosted with Barclays) I can see specific instances in the shop where orders have been created but not paid/failed but I need to ascertain if the user has definitely left our server (or just failed to reach Barclays). Is there anything in any of the server/access logs that states when a user transferred to a different domain?

    Read the article

  • If I am developing a hosted payments page, what should the infrastructure look like?

    - by marcamillion
    If I am not storing credit card info, do I have to be concerned with PCI-compliance? I will be using a payment processor with a bank in my country. Literally just taking the credit card info and passing it to the gateway and processor. I would love to get an idea of the various technologies I might need to consider from an software architectural point of view. What are the best practices in terms of accepting credit cards and reducing fraud risk on my end? I will be creating the app in Rails.

    Read the article

  • Cloud consolidation handling multi databases

    - by llaszews
    I have spoken about virtualization and the different types of virtualization. Which includes OS zones, application server domains, database schemas, VLANS and other approaches. Another approach is to create a virtually federated database in the cloud. DBSpaces is a company that has a technology to created a virtually federated database in the cloud. DBSpaces is a Virtual Database technology that allows an organisation thru a single Virtual Database access multiple data sources (or database spaces) in real-time. Additionally dbSpaces can be configured to access an organisations data internally using a remote gateway so that their dbSpace is seamless across the Public and Private cloud.

    Read the article

  • JavaOne India Technical Sessions

    - by Tori Wieldt
    If you’re working with Java technology, it pays to go straight to the source for your information. At JavaOne and Oracle Develop India, you’ll be able to choose from more than 90 sessions, hands-on labs, keynotes, and demos delivered by today’s most knowledgeable Java experts. You'll also hear the most up-to-date information on current releases and future directions of Java standards and technologies, and see the latest Java developer tools and solutions. Register now! Technical sessions include: Project Lambda: To Multicore and Beyond Introduction to JavaFX 2.0 GlassFish REST Administration Back End: An Insider Look at a Real REST Application Java-Powered Home Gateway: Basis of the Next-Generation Smart Home Mobile Java Evolution Cloud-Enabled Java Persistence Visit the JavaOne India web pages for a complete list of conference sessions. See you there!

    Read the article

  • Wireless will not work in fresh ubuntu 12.04 lts installation

    - by Taake Manning
    I did a fresh Ubuntu 12.04 install on my Sony Vaio laptop, which worked perfectly with 10.04. Now my wireless won't work. I have read just about every Q&A on the subject and I have tried different solutions, including the official troubleshooting guides. My laptop is equipped with a Intel 5100 wireless device. Ubuntu recognizes the device and it's status is given as connected in nm-tool. I can ping the gateway, my own IP number and localhost. Rfkill shows no soft or hard blocks. Any ideas? I am just a few hours shy of reinstalling good old 10.04! Taake

    Read the article

  • Configuring ethernet network

    - by den-javamaniac
    Hi. I've got a wired network connection and if I'm using network manager (hereafter "NM") everything works fine except for the hardware address (it doesn't change). I'm thinking of using /etc/network/interfaces. So, I added some code and it looks like this: auto lo iface lo inet loopback auto eth1 iface eth1 inet static address #corresponding value netmask #corresponding value gateway #corresponding value hwaddress #corresponding value After restarting networking I get the following message: *Reconfiguring network interfaces... #here some help code appears Failed to bring up eth1. The default interface that works with NM is eth0. Please advise on how to handle the problem.

    Read the article

  • Screen gets garbled on some web sites

    - by user10565
    I have a Gateway notebook with graphics card 01:05.0 VGA compatible controller: ATI Technologies Inc RS690M [Radeon X1200 Series] with open source driver Linux version 2.6.32 -28 - generic. No other operating system on the computer. When I am using firefox to browse the web, everything normally works just fine except that when I attempt to access some particular web pages the screen completely messes up going mostly white with various streaks, etc., although I can access other pages of the same site without problems. When I run the cursor over the garbled screen, bits of the image recompose themselves, at least partially, and I can continue to open the applications window, or turn the computer off, or open the terminal, or take screen shots, etc., although all menus are unreadable. Also, when I zoom in on Google Earth the screen completely messes up. At all other times, there are no apparent problems. Any ideas?

    Read the article

  • Tilgin Improves Subscriber Device Management with Embedded MySQL

    - by Bertrand Matthelié
    Tilgin IPRG AB develops and delivers systems and software for the digitally-connected home. Using Tilgin home gateway software, as well as central software for remote control and operation of the network, Tilgin’s customers can offer their subscribers broadband services. The company has over 100 customers,  telecommunications and broadband operators, in more than 30 countries.Tilgin needed a robust and scalable database solution for its auto-configuration server (ACS) product, tGem, used by its customers to manage the devices that provide their subscribers with access to television, internet, telephony, and other services. Tilgin chose MySQL as embedded database. This made it possible for Tilgin’s customers to easily and smoothly implement new generations of services, as well as to easily add new subscribers, ultimately enabling the company to save time and money. Read the case study here.

    Read the article

  • Boot screen appears to be asking a question but garbled

    - by mark kaylor
    I'm running 12.04 Precise Pangolin, Kernel 3.2.0-32 w/ GNOME 3.4.2 I perused the prior questions/answers and did not find exactly the same problem, I am concerned that AUTOFSCK, Grub or some other critical event that needs some attention ? Any idea on how to get my video clean during boot? Once I get past the boot screen the video driver/card, etc is performing beautifully ! Here is a photo of the boot screen; nVidia GeForce CARD INFORMATION (lspci -vvv) 01:00.0 VGA compatible controller: NVIDIA Corporation G72 [GeForce 7300 LE] (rev a1) (prog-if 00 [VGA controller]) Subsystem: Gateway 2000 Device 3a07 Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast TAbort- SERR- [disabled] Capabilities: Kernel driver in use: nvidia Kernel modules: nvidia_173, nouveau, nvidiafb Thanks for your help/advice.

    Read the article

  • Garbled screen after sleep/suspend with nVidia 8800M GTS Ubuntu 11.10

    - by user34062
    Just did a clean install of 11.10, have been using it (and enjoying it!) for about a day now. But it seems that every time I resume from a sleep or blank screen after idling for a while, my desktop, as well as any programs on the screen get "garbled" I had a few windows open and all displayed the same gui glitching except for Chromium (I am guessing because it was minimized to the Unity Launcher, and not currently on the screen when I woke the PC up.) Anyone know what might be causing this, and how I might be able to fix it? I am using a Gateway P-6860FX with a C2D 1.8GHz, and nVidia 8800M GTS 512mb. Screenshot: http://dl.dropbox.com/u/28188839/Screenshot%20at%202011-11-15%2018%3A53%3A25.png NOTE: Yes, I know I misspelled Lothlorien.... .<

    Read the article

  • Getting wifi working on 14.04

    - by user286114
    I have installed Ubuntu 14.04 on my laptop. When I plug in the ethernet cable the internet works fine, but I can't see any wireless network in the networking manager. The wifi switch is definitely on on my laptop! It's a Dell XPS M1330. I'm not sure what the network card is - how can I find out? nm-tool gives me this: NetworkManager Tool State: connected (global) - Device: eth0 [Wired connection 1] ------------------------------------------- Type: Wired Driver: tg3 State: connected Default: yes HW Address: 00:23:AE:28:FE:A2 Capabilities: Carrier Detect: yes Speed: 100 Mb/s Wired Properties Carrier: on IPv4 Settings: Address: 192.168.1.26 Prefix: 24 (255.255.255.0) Gateway: 192.168.1.254 DNS: 192.168.1.254

    Read the article

  • Script to connect to hidden wireless network with static IP?

    - by nLinked
    Would like a script, when run, it should connect to a hidden wireless network with these details: SSID is "Wireless" Network is not broadcasting its SSID above (is hidden) WPA2-PSK, AES, password is "password" Static IP: 192.168.1.1 Def. gateway: 192.168.1.254 DNS: 192.168.1.254 No idea how to do this. But I do know the wireless interface is called wlan0 and I'm on Ubuntu 10.10. I don't want to use the built in Network Manager as it never auto-connects on startup. WICD doesn't work either. Any ideas most welcome.

    Read the article

  • How to Authenticate to Active Directory Services (ADs) using .NET 3.5 / C#

    - by Ranger Pretzel
    After much struggling, I've figured out how to authenticate to my company's Active Directory using just 2 lines of code with the Domain, Username, and Password in .NET 2.0 (in C#): // set domain, username, password, and security parameters DirectoryEntry entry = new DirectoryEntry("LDAP://" + domain, username, password, AuthenticationTypes.Secure | AuthenticationTypes.SecureSocketsLayer); // force Bind to AD server to authenticate object obj = entry.NativeObject; If the 2nd line throws an exception, then the credentials and/or parameters were bad. (Specific reason can be found in the exception.) If no exception, then the credentials are good. Trying to do this in .NET 3.5 looks like it should be easy, but has me at a roadblock instead. Specifically, I've been working with this example: PrincipalContext domainContext = new PrincipalContext(ContextType.Domain, domain); using (domainContext) { return domainContext.ValidateCredentials(UserName, Password); } Unfortunately, this doesn't work for me as I don't have both ContextOptions set to Sealed/Secure and SSL (like I did above in the .NET 2.0 code.) There is an alternate constructor for PrincipalContext that allows setting the ContextOptions, but this also requires supplying a Distinguished Name (DN) of a Container Object and I don't know exactly what mine is or how I would find out. public PrincipalContext(ContextType contextType, string name, string container, ContextOptions options); // container: // The container on the store to use as the root of the context. All queries // are performed under this root, and all inserts are performed into this container. // For System.DirectoryServices.AccountManagement.ContextType.Domain and System.DirectoryServices.AccountManagement.ContextType.ApplicationDirectory // context types, this parameter is the distinguished name of a container object. Any suggestions?

    Read the article

  • Silverlight and Encryption, how to store/generate they key/iv pair?

    - by cmaduro
    I have a Silverlight app that connects to a php webservice. I want to encrypt the communication between the webservice and the Silverlight client. I'm not relying on SSL. I'm encrypting/decrypting the POST string myself using AES 256bit Key and IV. The big questions then are: How do I generate a random unique key/iv pair in PHP. How do I share this key/iv pair between the web service and silverlight client in a secure way. It seems impossible without having some kind of hard coded key or iv on the client. Which would compromise security. This is a public website, there are no logins. Just the requirement of secure communication. I can hard code the seed for the key/iv (which is hashed with SHA256 with a time stamp salt and then assigned as the key or iv) in PHP source code, that's on the server so that is pretty safe. However on the client the seed for the key/iv pair would be visible, if it is hard coded. Further more using a time stamp as the basis for uniqueness/randomness is definitely not ok, since timestamps are predictable. It does however provide a common factor between the C# code and the PHP code. The only other option that I can think of would be to have a 3rd service involved that provides the key/iv to the Silverlight client, as well as the php webservice. This of course start the cycle anew, with the question of how to store the credentials for accessing the key/iv distribution service on the Silverlight client. Sounds like the solution is then asymmetric encryption, since sensitive data will be viewed only on the administrative back end of the website. Unfortunately Silverlight has no asymmetric encryption classes. The solution? Roll my own Diffie-Hellman key exchange! Plug that key into AES256!

    Read the article

  • Implementing a 2 Legged OAuth Provider

    - by Rob Wilkerson
    I'm trying to find my way around the OAuth spec, its requirements and any implementations I can find and, so far, it really seems like more trouble than its worth because I'm having trouble finding a single resource that pulls it all together. Or maybe it's just that I'm looking for something more specialized than most tutorials. I have a set of existing APIs--some in Java, some in PHP--that I now need to secure and, for a number of reasons, OAuth seems like the right way to go. Unfortunately, my inability to track down the right resources to help me get a provider up and running is challenging that theory. Since most of this will be system-to-system API usage, I'll need to implement a 2-legged provider. With that in mind... Does anyone know of any good tutorials for implementing a 2-legged OAuth provider with PHP? Given that I have securable APIs in 2 languages, do I need to implement a provider in both or is there a way to create the provider as a "front controller" that I can funnel all requests through? When securing PHP services, for example, do I have to secure each API individually by including the requisite provider resources on each? Thanks for your help.

    Read the article

  • spring security login pages?

    - by es11
    I have some confusion with how spring security works: In my application, I need to have a login page for users after which they are redirected back the page from where they came. I went through a few spring security tutorials and read some articles, and the examples work by securing a certain page on a site (managed by the <intercept url ..> tag). Then Spring security will generate a login page (or you can specify your own) in order to access the secured page. I am confused because I don't want to necessary secure a given page on my site: I want a login page for users to log into after which they have access to elevated features of the site (through spring security's authorization features). My question is: given what I described, what would be the strategy to create this login page which, after login, would grant the logged in user the appropriate authorities? The hack I thought of would be to create a simple JSP page who's only function is to redirect back to the previous page. Then I would use Spring Security to secure that JSP page. But it seems like there should be a better way of doing this... Thanks

    Read the article

  • SSL certificates: No Client certificate key exhange

    - by user334246
    I am trying to access a WCF web service, that is using two way SSL encryption. When I try to call the service I get a System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority 'XXX.xx'. --- System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel. I have tried activating wire shark, to see what is sent to and from the server: I see a client hello and a server hello. But there is no client response to the server hello. I was expecting a "Certificate. Client key exchange. Change cipher. Encrypted handshake Message" package, but none is sent. I'm thinking it is a problem with the certificate sent by the server, that somehow my client server does not trusy it. Here is what I have already tried: I have created the certificate, through the proper authority, though I could have made a mistake in the certificate request without knowing it. I have added the two root certificates to: trusted root certificates, trusted publishers and trusted people. I have also added the client certificate to trusted people. My colleague has succeded in establishing connection on a win 2008 server (i'm using a 2003, because it is necessary for some odd reason - don't ask). I can't see any differences in our approach, so i'm a bit lost. Any help would be greatly appreciated.

    Read the article

  • Open Source Web Frameworks : Security

    - by trappedIntoCode
    How secure are popular open source web frameworks? I am particularly interested in popular frameworks like Rails and DJango. If I am building a site which is going to do heavy e-commerce, is it Ok to use frameworks like DJango and Satchmo? Is security compromised because their open architecture ? I know being OS does not mean being down right open to hackers, Linux uses superb authentication mechanism, but web is a different game. What can be done in this regard? UPDATE: Thanks for answers guys. I understand that I will have to find a suitable hosting service for a secure e-commerce application and that additional layers of security will be needed. I understand that Django and Rails have been designed keeping security aspects in mind, the most common form attacks like XSS, Injections etc. (Django book has a ch on Security) I was expecting comments from security Gurus. If you are a security Guru, would you recommend an important site, which is likely going to be popular, to be built on DJango or Rails?

    Read the article

  • wcf configuration for this code

    - by user208081
    I have the following code and would like to convert a lot of code into configuration settings for WCF. As you can see, the code is using wshttpbinding. I appreciate any help on this. try { // Provides a unique network address that a client uses to communicate with a service endpoint. EndpointAddress endpointAddress = new EndpointAddress(new Uri(FAXServiceSettings.Default.FAXReceiveServiceURL)); // Specify the protocols, transports, and message encoders used for communication between the client and the service. // WSHttpBinding represents an interoperable binding that supports distributed transactions and secure, reliable sessions. // Spefically, SOAP message security is enabled for secure transmission of the message content. WSHttpBinding clientBinding = new WSHttpBinding(SecurityMode.Message); clientBinding.OpenTimeout = TimeSpan.FromSeconds(FAXServiceSettings.Default.FAXReceiveServiceOpenTimeoutInSeconds); clientBinding.SendTimeout = TimeSpan.FromSeconds(FAXServiceSettings.Default.FAXReceiveServiceOpenTimeoutInSeconds); // Use the ChannelFactory to enable the creation of channels to the binding and endpoint. using (ChannelFactory<IReceiveFAX> channelFactory = new ChannelFactory<IReceiveFAX>(clientBinding, endpointAddress)) { // Creates a channel of a specified type to a specified endpoint address. IReceiveFAX channel = channelFactory.CreateChannel(); if (channel != null) { try { // Submit the FaxSchedule instance for routing. channel.SubmitFAXForRouting(CreateNewFaxScheduleContainerInstance()); // Explicitly close the channel using the IClientChannel interface. CloseChannel((channel as IClientChannel)); } finally { // Explicitly dispose of the channel using IDisposable interface. DisposeOfChannel((channel as IDisposable)); channel = null; } } // This method causes a CommunicationObject to gracefully transition from any state, other than the Closed state, into the Closed state. The Close method allows any // unfinished work to be completed before returning. For example, finish sending any buffered messages. channelFactory.Close(); } } catch { throw; } Pratik

    Read the article

  • latex list environment inside the tabular environment: extra line at top preventing alignment

    - by Usagi
    Hello good people of stackoverflow. I have a LaTeX question that is bugging me. I have been trying to get a list environment to appear correctly inside the tabular environment. So far I have gotten everything to my liking except one thing: the top of the list does not align with other entries in the table, in fact it looks like it adds one line above the list... I would like to have these lists at the top. This is what I have, a custom list environment: \newenvironment{flushemize}{ \begin{list}{$\bullet$} {\setlength{\itemsep}{1pt} \setlength{\parskip}{0pt} \setlength{\parsep}{0pt} \setlength{\partopsep}{0pt} \setlength{\topsep}{0pt} \setlength{\leftmargin}{12pt}}}{\end{list}} Renamed ragged right: \newcommand{\rr}{\raggedright} and here is my table: \begin{table}[H]\caption{Tank comparisons}\label{tab:tanks} \centering \rowcolors{2}{white}{tableShade} \begin{tabular}{p{1in}p{1.5in}p{1.5in}rr} \toprule {\bf Material} & {\bf Pros} & {\bf Cons} & {\bf Size} & {\bf Cost} \\ \midrule \rr Reinforced concrete &\rr \begin{flushemize}\item Strong \item Secure \end{flushemize}&\rr \begin{flushemize}\item Prone to leaks \item Relatively expensive to install \item Heavy \end{flushemize} & 100,000 gal & \$299,400 \\ \rr Steel & \begin{flushemize}\item Strong \item Secure \end{flushemize} & \begin{flushemize}\item Relatively expensive to install \item Heavy \item Require painting to prevent rusting \end{flushemize} & 100,000 gal & \$130,100 \\ \rr Polypropylene & \begin{flushemize}\item Easy to install \item Mobile \item Inexpensive \item Prefabricated \end{flushemize} & \begin{flushemize}\item Relatively insecure \item Max size available 10,000 gal \end{flushemize} & 10,000 gal & \$5,000 \\ \rr Wood & \begin{flushemize}\item Easy to install \item Mobile \item Cheap to install \end{flushemize} & \begin{flushemize}\item Prone to rot \item Must remain full once constructed \end{flushemize} & 100,000 gal & \$86,300\\ \bottomrule \end{tabular} \end{table} Thank you for any advice :)

    Read the article

  • Flash Security Error Accessing URL with crossdomain.xml

    - by user163757
    Hello, I recently deployed a Flash application to a server, and am now experiencing errors when making HTTPService requests. I have put what I believe to be the most permissive crossdomain.xml possible in the wwwroot folder, and still get the errors. Interestingly enough, the error only seems to occur when the request is made from a direct user interaction (i.e. button click). The application makes other requests that are initiated by other means(i.e creationComplete) , and they seem to work as expected. Anyone see anything wrong with the crossdomain.xml, or have any other suggestions? ERROR MESSAGE [RPC Fault faultString="Security error accessing url" faultCode="Channel.Security.Error" faultDetail="Destination: DefaultHTTP"] at mx.rpc::AbstractInvoker/http://www.adobe.com/2006/flex/mx/internal%3A%3AfaultHandler() at mx.rpc::Responder/fault() at mx.rpc::AsyncRequest/fault() at DirectHTTPMessageResponder/securityErrorHandler() at flash.events::EventDispatcher/dispatchEventFunction() at flash.events::EventDispatcher/dispatchEvent() at flash.net::URLLoader/redirectEvent() <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all" /> <allow-access-from domain="*" secure="false" /> <allow-http-request-headers-from domain="*" headers="*" secure="false" /> </cross-domain-policy>

    Read the article

  • Problem with non blocking fifo in bash

    - by timdel
    Hi! I'm running a few Team Fortress 2 servers and I want to write a little management script. Basically the TF2 servers are a fg process which provides a server console, so I can start the server, type status and get an answer from it: ***@purple:~/tf2$ ./start_server_testing Auto detecting CPU Using AMD Optimised binary. Server will auto-restart if there is a crash. Console initialized. [bla bla bla] Connection to Steam servers successful. VAC secure mode is activated. status hostname: Team Fortress version : 1.0.6.1/15 3883 secure udp/ip : ***.***.133.31:27600 map : ctf_2fort at: 0 x, 0 y, 0 z players : 0 (2 max) # userid name uniqueid connected ping loss state adr Great, now I want to create a script which sends the command sm_reloadadmins to all my servers. The best way I found to do this is using a fifo named pipe. Now what I want to do is having this pipe readonly and non blocking to the server process, so I can write into the pipe and the server executes it, but still I want to write via console one the server, so if I switch back to the fg process of the server and I type status I want an answer printed. I tried this (assuming serverfifo is mkfifo serverfifo): ./start_server_testing < serverfifo Not working, the server won't start until something is written to the pipe. ./start_server_testing <> serverfifo Thats actually working pretty good, I can see the console output of the server and I can write to the fifo and the server executes the commands, but I can't write via console to the server anymore. Also, if I write 'exit' to the pipe (which should end the server) and I'm running it in a screen the screen window is getting killed for some reason (wtf why?). I only need the server to read the fifo without blocking AND all my keyboard input on the server itself should be send to the server AND all server ouput should be written to the console. Is that possible? If yes, how?

    Read the article

  • How do I securely authenticate the calling assembly of a WCF service method?

    - by Tim
    The current situation is as follows: We have an production .net 3.5 WCF service, used by several applications throughout the organization, over wsHttpBinding or netTcpBinding. User authentication is being done on the Transport level, using Windows integrated security. This service has a method Foo(string parameter), which can only be called by members of given AD groups. The string parameter is obligatory. A new client application has come into play (.net 3.5, C# console app), which eliminates the necessity of the string parameter. However, only calls from this particular application should be allowed to omit the string parameter. The identity of the caller of the client application should still be known by the server because the AD group limitation still applies (ruling out impersonation on the client side). I found a way to pass on the "evidence" of the calling (strong-named) assembly in the message headers, but this method is clearly not secure because the "evidence" can easily be spoofed. Also, CAS (code access security) seems like a possible solution, but I can't seem to figure out how to make use of CAS in this particular scenario. Does anyone have a suggestion on how to solve this issue? Edit: I found another thread on this subject; apparently the conclusion there is that it is simply impossible to implement in a secure fashion.

    Read the article

  • User roles - why not store in session?

    - by Phil
    I'm porting an ASP.NET application to MVC and need to store two items relating to an authenitcated user: a list of roles and a list of visible item IDs, to determine what the user can or cannot see. We've used WSE with a web service in the past and this made things unbelievably complex and impossible to debug properly. Now we're ditching the web service I was looking foward to drastically simplifying the solution simply to store these things in the session. A colleague suggested using the roles and membership providers but on looking into this I've found a number of problems: a) It suffers from similar but different problems to WSE in that it has to be used in a very constrained way maing it tricky even to write tests; b) The only caching option for the RolesProvider is based on cookies which we've rejected on security grounds; c) It introduces no end of complications and extra unwanted baggage; All we want to do, in a nutshell, is store two string variables in a user's session or something equivalent in a secure way and refer to them when we need to. What seems to be a ten minute job has so far taken several days of investigation and to compound the problem we have now discovered that session IDs can apparently be faked, see http://blogs.sans.org/appsecstreetfighter/2009/06/14/session-attacks-and-aspnet-part-1/ I'm left thinking there is no easy way to do this very simple job, but I find that impossible to believe. Could anyone: a) provide simple information on how to make ASP.NET MVC sessions secure as I always believed they were? b) suggest another simple way to store these two string variables for a logged in user's roles etc. without having to replace one complex nightmare with another as described above? Thank you.

    Read the article

< Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105  | Next Page >