Search Results

Search found 22238 results on 890 pages for 'db security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 140/890 | < Previous Page | 136 137 138 139 140 141 142 143 144 145 146 147  | Next Page >

  • How do you pass user credentials from WebClient to a WCF REST service?

    - by Alex
    I am trying to expose a WCT REST service and only users with valid username and password would be able to access it. The username and password are stored in a SQL database. Here is the service contract: public interface IDataService { [OperationContract] [WebGet(ResponseFormat = WebMessageFormat.Json)] byte[] GetData(double startTime, double endTime); } Here is the WCF configuration: <bindings> <webHttpBinding> <binding name="SecureBinding"> <security mode="Transport"> <transport clientCredentialType="Basic"/> </security> </binding> </webHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="DataServiceBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType= "CustomValidator, WCFHost" /> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <services> <service behaviorConfiguration="DataServiceBehavior" name="DataService"> <endpoint address="" binding="webHttpBinding" bindingConfiguration="SecureBinding" contract="IDataService" /> </service> </services> I am accessing the service via the WebClient class within a Silverlight application. However, I have not been able to figure out how to pass the user credentials to the service. I tried various values for client.Credentials but none of them seems to trigger the code in my custom validator. I am getting the following error: The underlying connection was closed: An unexpected error occurred on a send. Here is some sample code I have tried: WebClient client = new WebClient(); client.Credentials = new NetworkCredential("name", "password", "domain"); client.OpenReadCompleted += new OpenReadCompletedEventHandler(GetData); client.OpenReadAsync(new Uri(uriString)); If I set the security mode to None, the whole thing works. I also tried other clientCredentialType values and none of them worked. I also self-hosted the WCF service to eliminate the issues related to IIS trying to authenticate a user before the service gets a chance. Any comment on what the underlying issues may be would be much appreciated. Thanks. Update: Thanks to Mehmet's excellent suggestions. Here is the tracing configuration I had: <system.diagnostics> <sources> <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true"> <listeners> <add name="xml" /> </listeners> </source> <source name="System.IdentityModel" switchValue="Information, ActivityTracing" propagateActivity="true"> <listeners> <add name="xml" /> </listeners> </source> </sources> <sharedListeners> <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="c:\Traces.svclog" /> </sharedListeners> </system.diagnostics> But I did not see any message coming from my Silverlight client. As for https vs http, I used https as follows: string baseAddress = "https://localhost:6600/"; _webServiceHost = new WebServiceHost(typeof(DataServices), new Uri(baseAddress)); _webServiceHost.Open(); However, I did not configure any SSL certificate. Is this the problem?

    Read the article

  • Is this PHP/MySQL login script secure?

    - by NightMICU
    Greetings, A site I designed was compromised today, working on damage control at the moment. Two user accounts, including the primary administrator, were accessed without authorization. Please take a look at the log-in script that was in use, any insight on security holes would be appreciated. I am not sure if this was an SQL injection or possibly breach on a computer that had been used to access this area in the past. Thanks <?php //Start session session_start(); //Include DB config require_once('config.php'); //Error message array $errmsg_arr = array(); $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: http://tapp-essexvfd.org/admin/index.php"); exit(); } //Create query $qry="SELECT * FROM user_control WHERE username='$login' AND password='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); //Collect details about user and assign session details $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['user_id']; $_SESSION['SESS_USERNAME'] = $member['username']; $_SESSION['SESS_FIRST_NAME'] = $member['name_f']; $_SESSION['SESS_LAST_NAME'] = $member['name_l']; $_SESSION['SESS_STATUS'] = $member['status']; $_SESSION['SESS_LEVEL'] = $member['level']; //Get Last Login $_SESSION['SESS_LAST_LOGIN'] = $member['lastLogin']; //Set Last Login info $qry = "UPDATE user_control SET lastLogin = DATE_ADD(NOW(), INTERVAL 1 HOUR) WHERE user_id = $member[user_id]"; $login = mysql_query($qry) or die(mysql_error()); session_write_close(); if ($member['level'] != "3" || $member['status'] == "Suspended") { header("location: http://members.tapp-essexvfd.org"); //CHANGE!!! } else { header("location: http://tapp-essexvfd.org/admin/admin_main.php"); } exit(); }else { //Login failed header("location: http://tapp-essexvfd.org/admin/index.php"); exit(); } }else { die("Query failed"); } ?>

    Read the article

  • WMI Security error TF255437 when installing TFS 2010 RC

    - by Daniel O
    Does anyone know the resolution to the following error. In this scenario, TFS will be using a local report server instance which points uses a separate SQL Server database engine instance. An error occurred while querying the Windows Management Instrumentation (WMI) interface on the following computer databaseServer. The following error message was received: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).

    Read the article

  • Autofac Wcf Integration Security Problem

    - by ecoffey
    I've created a Wcf Service to back a Ajax page (.Net 3.5). It's hosted in IIS 6.1 Integrated Pipeline. (The rest of Autofac is setup correctly for Web Forms integration). Everything works fine and dandy with the normal Wcf pipeline. However when I plug in the Autofac Wcf Integration (as per the Autofac wiki) I get this delightful exception: [SecurityException: That assembly does not allow partially trusted callers.] Autofac.Integration.Wcf.AutofacHostFactory.CreateServiceHost(String constructorString, Uri[] baseAddresses) in c:\Working\Autofac\src\Source\Autofac.Integration.Wcf\AutofacHostFactory.cs:78 System.ServiceModel.HostingManager.CreateService(String normalizedVirtualPath) +604 System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +46 System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +654 My Google-fu has failed me on finding a solution to this problem. Any insights or workarounds would be appreciated.

    Read the article

  • How to connect to SQL Server using activerecord, JDBC, JTDS and Integrated Security

    - by Rob
    As per the above, I've tried: establish_connection(:adapter => "jdbcmssql", :url => "jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain='mynetwork';", :username => 'user', :password=>'pass' ) establish_connection(:adapter => "jdbcmssql", :url => 'jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain="mynetwork";user="mynetwork\user"' ) establish_connection(:adapter => "jdbcmssql", :url => "jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain='mynetwork';", :username=>'user' ) establish_connection(:adapter => "jdbcmssql", :url => "jdbc:jtds:sqlserver://myserver:1433/mydatabase;domain='mynetwork';integratedSecurity='true'", :username=>'user' ) .. and various other combinations. Each time I get: net/sourceforge/jtds/jdbc/SQLDiagnostic.java:368:in `addDiagnostic': java.sql.SQLException: Login failed for user ''. The user is not associated with a trusted SQL Server connection. (NativeException) Any tips? Thanks, activerecord (2.3.5) activerecord-jdbc-adapter (0.9.6) activerecord-jdbcmssql-adapter (0.9.6) jdbc-jtds (1.2.5) jruby 1.4.0 (ruby 1.8.7 patchlevel 174) (2009-11-02 69fbfa3) (Java HotSpot(TM) Client VM 1.6.0_18) [x86-java]

    Read the article

  • Dealing with security on IPC remoting channel

    - by leppie
    Hi I am trying to run a service under a different user account from the application that will access the service via remoting. While under the same account everything is fine, but as soon as I use different accounts, I get an access denied error while trying to open the IPC port. Is there something I am missing, as I can't see from the MSDN docs what is supposed to be done. Thanks

    Read the article

  • security exception in file handling in j2me

    - by learn
    i am trying to generate a logfile. static String fname="file:///c:/logfile.txt;append=true"; fc = (FileConnection) Connector.open(fname, Connector.WRITE); if (fc.exists()) { // file exists, open at EOF. offset = fc.fileSize(); os = fc.openOutputStream(offset); } else { // file does not exist, create and open. fc.create(); os = fc.openOutputStream(); } getting tthe following exception java.lang.SecurityException: Access denied at com.symbian.midp.io.protocol.file.FileConnectionImpl.open(FileConnectionImpl.java:71) at com.symbian.midp.io.protocol.file.Protocol.openConnection(Protocol.java:40) at com.symbian.gcf.ProtocolBase.openConnection(), bci=159 at com.symbian.gcf.GCFConnector.open(), bci=237 at com.symbian.j2me.midp.legacy.LegacyConnectionFactory.open(LegacyConnectionFactory.java:35) at com.symbian.j2me.midp.runtimeV2.ConnectionService.open(), bci=8 at javax.microedition.io.Connector.open(), bci=6 at javax.microedition.io.Connector.open(Connector.java:48) at Symbian.LogFile.FileOpen(LogFile.java:27) at Symbian.Symbian.startApp(Symbian.java:216) at javax.microedition.midlet.MIDletInvoker.invokeStartApp(MIDletInvoker.java:30) at com.symbian.j2me.midp.runtimeV2.Application.startAction(Application.java:458) at com.symbian.j2me.midp.runtimeV2.Application.startRequest(Application.java:413) at com.symbian.j2me.midp.runtimeV2.Application.event(Application.java:264) at com.symbian.j2me.midp.runtimeV2.ApplicationEvent.dispatch(ApplicationEvent.java:90) at com.symbian.j2me.midp.runtimeV2.ApplicationThread.run(ApplicationThread.java:30) Access denied

    Read the article

  • Site Security/Access management for asp.net mvc application

    - by minal
    I am trying to find a good pattern to use for user access validation. Basically on a webforms application I had a framework which used user roles to define access, ie, users were assigned into roles, and "pages" were granted access to a page. I had a table in the database with all the pages listed in it. Pages could have child pages that got their access inherited from the parent. When defining access, I assigned the roles access to the pages. Users in the role then had access to the pages. It is fairly simple to manage as well. The way I implemented this was on a base class that every page inherited. On pageload/init I would check the page url and validate access and act appropriately. However I am now working on a MVC application and need to implement something similar, however I can't find a good way to make my previous solution work. Purely because I don't have static pages as url paths. Also I am not sure how best to approach this as I now have controllers rather then aspx pages. I have looked at the MVCSitemapprovider, but that does not work off a database, it needs a sitemap file. I need control of changing user persmissions on the fly. Any thoughts/suggestions/pointers would be greatly appreciated.

    Read the article

  • .NET Web Service Security

    - by Kyle Rozendo
    Hi All, I am looking for some guidelines that one should stick to with .NET Web Services. What does one need to check for/do when it comes to Web Services? Are there any guidelines specifically for .NET Web Services? Thanks, Kyle

    Read the article

  • asp.net controls vs html element security?

    - by Eyla
    In general, If I have a choice when developing a web site to use html elements or asp.net controls which one is better to use if my website is interactive with server side operations such as accessing database. Is it more secure to use asp.net controls or does not matter. On other words, is it more secure to use asp.net controls instead of html element to deliver data or receive data from/to server side or no differences?

    Read the article

  • C# WMI Eventwatcher code stopped working on Windows 7 with security exception

    - by Flores
    This is code that worked fine on Windows XP for years. User is not local administrator. WqlEventQuery query = new WqlEventQuery("SELECT * FROM Win32_ProcessStopTrace"); ConnectionOptions co = new ConnectionOptions(); co.EnablePrivileges = true; ManagementEventWatcher watcher = new ManagementEventWatcher(new ManagementScope(@"root\cimv2",co), query); watcher.EventArrived += StopEventArrived; watcher.Start(); This throws an SecurityException on Windows 7, Access Denied when running as a non admin. On XP this works fine without being admin. On this link MS states that 'Windows 7: Low-integrity users have read-only permissions for local WMI operations.'. I guess this is the problem. But I can't find any clue on how to change this.

    Read the article

  • System.Security.Cryptography.CryptographicException: Length of the data to decrypt is invalid Error

    - by EdA
    I used the code on http://www.obviex.com/samples/Encryption.aspx for encryption/decryption. I was successful in creating a simple test to functionality encrypt and decrypt data. However, I keep on getting the following error when I test the decrypt function that is used from the Accounts Controller. I am thinking it either has to do with the Machine Code within the Web.config or the the last byte not getting read by the decrypt code. Error: "Length of the data to decrypt is invalid" Note: I tried the padding fix I found on the internet and that did not work. Thanks in advance.

    Read the article

  • php recursive list help

    - by Jason
    Hi all, I am trying to display a recursive list in PHP for a site I am working on. I am really having trouble trying to get the second level to display. I have a function that displays the contents to the page as follows. function get_menu_entries($content,$which=0) { global $tbl_prefix, $sys_explorer_vars, $sys_config_vars; // INIT LIBRARIES $db = new DB_Tpl(); $curr_time = time(); $db->query("SELECT * FROM ".$tbl_prefix."sys_explorer WHERE preid = '".$which."' && config_id = '".$sys_explorer_vars['config_id']."' && blocked = '0' && startdate < '".$curr_time."' && (enddate > '".$curr_time."' || enddate = '') ORDER BY preid,sorting"); while($db->next_record()){ $indent = $db->f("level") * 10 - 10; $sitemap_vars['break'] = ""; $sitemap_vars['bold'] = ""; if($db->f("level") == 2) { $sitemap_vars['ul_start'] = ""; $sitemap_vars['bold'] = "class='bold'"; $sitemap_vars['ul_end'] = ""; } switch($db->f("link_type")) { case '1': // External Url $sitemap_vars['hyperlink'] = $db->f("link_url"); $sitemap_vars['target'] = ""; if($db->f("link_target") != "") { $sitemap_vars['target'] = "target=\"".$db->f("link_target")."\""; } break; case '2': // Shortcut $sitemap_vars['hyperlink'] = create_url($db->f("link_eid"),$db->f("name"),$sys_config_vars['mod_rewrite']); $sitemap_vars['target'] = ""; break; default: $sitemap_vars['hyperlink'] = create_url($db->f("eid"),$db->f("name"),$sys_config_vars['mod_rewrite']); $sitemap_vars['target'] = ""; break; } if($db->f("level") > 1) { $content .= "<div style=\"text-indent: ".$indent."px;\" ".$sitemap_vars['bold']."><a href=\"".$sitemap_vars['hyperlink']."\" ".$sitemap_vars['target'].">".$db->f("name")."</a></div>\n"; } $content = get_menu_entries($content,$db->f("eid")); } return(''.$content.''); } At the moment the content displays properly, however I want to turn this function into a DHTML dropdown menu. At present what happens with the level 2 elements is that using CSS the contents are indented using CSS. What I need to happen is to place the UL tag at the beginning and /UL tag at the end of the level 2 elements. I hope this makes sense. Any help would be greatly appreciated.

    Read the article

  • Authenticated WCF: Getting the Current Security Context

    - by bradhe
    I have the following scenario: I have various user's data stored in my database. This data was entered via a web app. We'd like to expose this data back to the user over a web service so that they can integrate their data with their applications. We would also like to expose some business logic over these services. As such we do not want to use OData. This is a multi-tenant application so I only want to expose their data back to them and not other users. Likewise, the business logic we expose should be relative to the authenticated user. I would like let the user use an OASIS scheme to authenticate with the web service -- WCF already allows for this out of the box as far as I understand -- or perhaps we can issue them certificates to authenticate with. That bit hasn't really been worked out yet. Here is a bit of pseudo-code of how I envision this would work within the service: function GetUsersData(id) var user := Lookup User based on Username from Auth Context var data := Get Data From Repository based on "user" return data end function For the business logic scenario I think it would look something like this: function PerformBusinessLogic(someData) var user := Lookup User based on Username from Auth Context var returnValue := Perform some logic based on supplied data return returnValue end function The hard bit here is getting the current username (or cert info in the cert scenario) that the user authenticated with! Does WCF even enable this scenario? If not would WSE3 enable this? Thanks,

    Read the article

  • Public ASPXAUTH cookie and security

    - by Bara
    Due to a bug in Flash, I have to use the ASPXAuth cookie to log a user in on a page that a flash upload script calls after upload. See this page for more information: http://geekswithblogs.net/apopovsky/archive/2009/05/06/working-around-flash-cookie-bug-in-asp.net-mvc.aspx I have to make the ASPXAUTH string "public" in the sense that it will be in the HTML of the page. My question is, how secure is this? I understand that anyone that can get to the string in the HTML can probably get to it from the cookie just as easily, but let's say someone does have this ASPXAUTH string. Is it possible that they can login as another user using this cookie? Would they be able to decrypt it? Bara

    Read the article

  • JSON serialization of Google App Engine models

    - by user111677
    I've been search for quite a while with no success. My project isn't using Django, is there a simple way to serialize App Engine models (google.appengine.ext.db.Model) into JSON or do I need to write my own serializer? My model class is fairly simple. For instance: class Photo(db.Model): filename = db.StringProperty() title = db.StringProperty() description = db.StringProperty(multiline=True) date_taken = db.DateTimeProperty() date_uploaded = db.DateTimeProperty(auto_now_add=True) album = db.ReferenceProperty(Album, collection_name='photo') Thanks in advance.

    Read the article

  • PHP URL Security Question

    - by TaG
    I want to have users store the url in my database I'm using php mysql and htmlpurifier I was wondering if the following code was good way to filter out bad data? Here is the Partial PHP code. $url = mysqli_real_escape_string($mysqli, $purifier->purify(htmlspecialchars(strip_tags($_POST['url'])));

    Read the article

  • Facebook Flash app security?

    - by mhdouglas
    I'm developing a Facebook app implemented in Flash, and I'd like to authenticate communication between my app and my server. In other words, I'd like to guarantee that all communication with my server is coming from my app, which has been launched from within facebook by a valid facebook user. Does the Facebook actionscript API support this type of operation? Or am I on my own?

    Read the article

  • Paypal IPN security

    - by keithics
    Hello! I am developing a website which will allow users to pay via Paypal. Paypal IPN seems to be easy to integrate and it works on my localhost. Now the problem is that, the amount and the business name are passed to paypal using POST Data. I know it's very dangerous to put it that way, but I am not sure what are the alternatives. How can I make Paypal IPN secure?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 136 137 138 139 140 141 142 143 144 145 146 147  | Next Page >