Search Results

Search found 19179 results on 768 pages for 'ms security essentials'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 140/768 | < Previous Page | 136 137 138 139 140 141 142 143 144 145 146 147  | Next Page >

  • What's going on with traceroute?

    - by Kevin
    The following is what happens when I run traceroute from a certain location: # traceroute google.com traceroute to google.com (74.125.227.39), 30 hops max, 60 byte packets 1 gateway.local.enactpc.com (10.0.0.1) 0.138 ms 0.101 ms 0.084 ms 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * Absolutely nothing of interest... Now, originally I thought this was just a fact of the location's network set up. (I assume they block pings or something...) However, watch what happens when I use nmap to run a traceroute... # nmap -sP --traceroute google.com Starting Nmap 5.21 ( http://nmap.org ) at 2012-09-25 22:18 CDT Nmap scan report for google.com (74.125.227.40) Host is up (0.034s latency). Hostname google.com resolves to 11 IPs. Only scanned 74.125.227.40 rDNS record for 74.125.227.40: dfw06s06-in-f8.1e100.net TRACEROUTE (using proto 1/icmp) HOP RTT ADDRESS 1 0.19 ms gateway.local.enactpc.com (10.0.0.1) 2 1.93 ms 99-20-92-1.lightspeed.austtx.sbcglobal.net (99.20.92.1) 3 25.61 ms 99-20-92-2.lightspeed.austtx.sbcglobal.net (99.20.92.2) 4 ... 6 7 23.68 ms 12.83.68.137 8 31.30 ms gar23.dlstx.ip.att.net (12.122.85.73) 9 ... 10 31.82 ms 72.14.233.65 11 32.27 ms 209.85.250.77 12 32.98 ms dfw06s06-in-f8.1e100.net (74.125.227.40) Nmap done: 1 IP address (1 host up) scanned in 3.29 seconds When using nmap I get A LOT more results than with traceroute, why? Note, I checked, and the difference in target IP addresses is not related...

    Read the article

  • How can I test a form that requires the entry of two random characters from a security phrase?

    - by lawm
    I need to test a two-stage login system which first asks for your email address and password and then presents the user with two select lists containing [a-zA-Z0-9]. The labels beside the drop down's are of the form 'Select character X from your security phrase', where X is a random character index from a known security phrase. I'd rather not stub the code for an acceptance test, so is it possible to write a matcher in cucumber which will, given that we know the whole phrase, select the required character in each of the two lists? Here is the scenario I have so far and the steps involved: Scenario: valid login email, password and secret phrase takes me to the dashboard Given I am not logged in When I log in as "[email protected]" Then I should be on the dashboard page And I should see "Your Dashboard" When /^I log in as "([^\"]*)"$/ do |login| visit path_to('Login page') fill_in "Email", :with => login fill_in "Password", :with => "Password123" click_button "Log in" response.should contain("Please verify some characters from your security phrase") select "a", :from => "Select character X of your security phrase" select "b", :from => "Select character Y of your security phrase" click_button "Submit" end For example, if the security phrase is 'Secret123', X = 3 and Y = 8, the above would have to produce the equivalent of: select "c", :from => "Select character 3 of your security phrase" select "2", :from => "Select character 8 of your security phrase" The numbers X and Y in the actual page are inside span#svc_1 and span#svc_2 respectively. Thanks,

    Read the article

  • WCF: Using Streaming and Username/Password authentication at the same time

    - by Kay
    Hi, I have a WCF Service with the following requirements: a) The client requests a file from the server which is transferred as a Stream. Files may be 100MB or larger. I need streaming or chucking or whatever to make sure that IIS is not loading the whole package into memory before starting to send it. b) The client will transfer an ID to identify the file to be downloaded. The user should be authenticated by providing username/password. c) While the username/password part of the communication needs to be encrypted, encryption of the downloaded file is optional for our use case. My other services, where I am returning smaller files, I am using the following binding: <ws2007HttpBinding> <binding name="ws2007HttpExtern" maxReceivedMessageSize="65536000"> <security mode="Message"> <message clientCredentialType="UserName" /> </security> </binding> </ws2007HttpBinding> But, as I said, that is no good for streaming (Message encryption needs the complete message to encrypt and that is not the case when streaming). So, I asked Microsoft support and I got more or less the following proposal: <bindings> <basicHttpBinding> <binding name="basicStreaming" messageEncoding="Mtom" transferMode="StreamedResponse"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </bindings> <services> <service behaviorConfiguration="MyProject.WCFInterface.DownloadBehavior" name="MyProject.WCFInterface.DownloadFile"> <endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicStreaming" contract="MyProject.WCFInterface.IDownloadFile" /> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="MyProject.WCFInterface.DownloadBehavior"> <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" /> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> When I use this, I get the following error message: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. I am using the Web Development Server so far (for production IIS7). I have two questions. a) How would you configure WCF to achieve the goal? b) If the MS proposal is good: What I am doing wrong, the error message does not really help me. Thanks.

    Read the article

  • Sending and receiving a TMemoryStream using IdTCPClient and IdTCPServer

    - by Martin Melka
    I found Remy Lebeau's chat demo of IdTCP components in XE2 and I wanted to play with it a little bit. (It can be found here) I would like to send a picture using these components and the best approach seems to be using TMemoryStream. If I send strings, the connection works fine, the strings are transmitted successfully, however when I change it to Stream instead, it doesn't work. Here is the code: Server procedure TMainForm.IdTCPServerExecute(AContext: TIdContext); var rcvdMsg: string; ms:TMemoryStream; begin // This commented code is working, it receives and sends strings. // rcvdMsg:=AContext.Connection.IOHandler.ReadLn; // LogMessage('<ServerExec> '+rcvdMsg); // // TResponseSync.SendResponse(AContext, rcvdMsg); try ms:=TMemoryStream.Create; AContext.Connection.IOHandler.ReadStream(ms); ms.SaveToFile('c:\networked.bmp'); except LogMessage('Failed to receive',clred); end; end; Client procedure TfrmMain.Button1Click(Sender: TObject); var ms: TMemoryStream; bmp: TBitmap; pic: TPicture; s: string; begin // Again, this code is working for sending strings. // s:=edMsg.Text; // Client.IOHandler.WriteLn(s); ms:=TMemoryStream.Create; pic:=TPicture.Create; pic.LoadFromFile('c:\Back.png'); bmp:=TBitmap.Create; bmp.Width:=pic.Width; bmp.Height:=pic.Height; bmp.Canvas.Draw(0,0,pic.Graphic); bmp.SaveToStream(ms); ms.Position:=0; Client.IOHandler.Write(ms); ms.Free; end; When I try to send the stream from the client, nothing observable happens (breakpoint in the OnExecute doesn't fire). However, when closing the programs(after sending the MemoryStream), two things happen: If the Client is closed first, only then does the except part get processed (the log displays the 'Failed to receive' error. However, even if I place a breakpoint on the first line of the try-except block, it somehow gets skipped and only the error is displayed). If the Server is closed first, the IDE doesn't change back from debug, Client doesn't change its state to disconnected (as it normally does when server disconnects) and after the Client is closed as well, an Access Violation error from the Server app appears. I guess this means that there is a thread of the Server still running and maintaining the connection. But no matter how much time i give it, it never completes the task of receiving the MemoryStream. Note: The server uses IdSchedulerOfThreadDefault and IdAntiFreeze, if that matters. As I can't find any reliable source of help for the revamped Indy 10 (it all appears to apply for the older Indy 10, or even Indy 9), I hope you can tell me what is wrong. Thanks - ANSWER - SERVER procedure TMainForm.IdTCPServerExecute(AContext: TIdContext); var size: integer; ms:TMemoryStream; begin try ms:=TMemoryStream.Create; size:=AContext.Connection.IOHandler.ReadLongInt; AContext.Connection.IOHandler.ReadStream(ms, size); ms.SaveToFile('c:\networked.bmp'); except LogMessage('Failed to receive',clred); end; end; CLIENT procedure TfrmMain.Button1Click(Sender: TObject); var ms: TMemoryStream; bmp: TBitmap; pic: TPicture; begin ms:=TMemoryStream.Create; pic:=TPicture.Create; pic.LoadFromFile('c:\Back.png'); bmp:=TBitmap.Create; bmp.Width:=pic.Width; bmp.Height:=pic.Height; bmp.Canvas.Draw(0,0,pic.Graphic); bmp.SaveToStream(ms); ms.Position:=0; Client.IOHandler.Write(ms, 0, True); ms.Free; end;

    Read the article

  • Winforms role based security limitations

    - by muhan
    I'm implementing role based security using Microsoft's membership and role provider. The theoretical problem I'm having is that you implement a specific role on a method such as: [PrincipalPermissionAttribute(SecurityAction.Demand, Role="Supervisor")] private void someMethod() {} What if at some point down the road, I don't want Supervisors to access someMethod() anymore? Wouldn't I have to change the source code to make that change? Am I missing something? It seems there has to be some way to abstract the relationship between the supervisors role and the method so I can create a way in the application to change this coupling of role permission to method. Any insight or direction would be appreciated. Thank you.

    Read the article

  • System.Security.VerificationException: Operation could destabilize the runtime

    - by Rigobert Song
    I have a web service which is queried using linq to sql but returns an array of objects. I keep getting the following error: System.Security.VerificationException: Operation could destabilize the runtime When I run a method that uses a linq statement to return an array I get this error, but only on my test server, which is windows server 2008. Everything works fine in my win 7 machine. The project is a .net 3.5. Any ideas what the problem might be? Thanks UPDATE: My linq queries return IQueryable.

    Read the article

  • Quick question on session security.

    - by Scarface
    Hey guys, I was scanning my site for security and I noticed that it was possible for non users to send requests and post information, so I decided to put login checks on all information posts. I was wondering if it was a good way to keep a session id that is created by md5(uniqid()); in a session variable $_SESSION['id']=md5(uniqid()); for each user and then store that in a database under active users for that user. Then when a user tries to insert information, verify that their $_SESSION['id'] variable is equal to the one in the database where the username equals their $_SESSION['username']. What are your ideas on this guys? Thanks in advance!

    Read the article

  • ICalendar not readable by google calendar.

    - by Sagar
    Operating system : WinXP Program and version you use to access Google Calendar (FF3.5): I'm developing a script (based on an existing vCal ASP.NET class I found online) to generate an .ics file. This file works perfectly when importing to Outlook 2003. When I try to import to Google Calendar, I get the following error: Failed to import events: Unable to process your iCal/CSV file.. I don't know too much about the vCal format or syntax, but everything looks fine to me. I'll post the sample test calendar .ics below: BEGIN:VCALENDAR PRODID:-//jpalm.se//iCalendar example with ASP.NET MVC//EN VERSION:2.0 CALSCALE:GREGORIAN METHOD:PUBLISH X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100304T000000Z DTEND:20100304T000000Z TRANSP:OPAQUE SEQUENCE:0 UID:7c9d6dd7-41f2-4171-8ae4-35820974efa4 DESCRIPTION:uba:Project20100321:sagar . SUMMARY:First Milestone END:VEVENT X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100330T230000Z DTEND:20100330T230000Z TRANSP:OPAQUE SEQUENCE:0 UID:8a982519-b99b-429a-8dad-c0f95c50d0e6 DESCRIPTION:uba:Project20100321:imanage2010 pm SUMMARY:upcoming milestones END:VEVENT X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100329T230000Z DTEND:20100329T230000Z TRANSP:OPAQUE SEQUENCE:0 UID:588750a1-6f10-4b5d-8a51-3f3818024726 DESCRIPTION:uba:Project20100321:sagar . SUMMARY:test END:VEVENT X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100407T230000Z DTEND:20100407T230000Z TRANSP:OPAQUE SEQUENCE:0 UID:36eaa726-a0a0-40a1-ba7c-09857f8ed006 DESCRIPTION:uba:Project20100321:imanage2010 pm SUMMARY:Rad apps devs END:VEVENT X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100408T125632Z DTEND:20100408T125632Z TRANSP:OPAQUE SEQUENCE:0 UID:8521ad53-916a-43cc-8eeb-42c1b3d670d3 DESCRIPTION:uba:Project20100321:imanage2010 pm SUMMARY:this is a test ms END:VEVENT X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100415T125643Z DTEND:20100415T125643Z TRANSP:OPAQUE SEQUENCE:0 UID:e4b295d8-2271-4393-9899-3e9c858f4e8c DESCRIPTION:uba:Project20100321:imanage2010 pm SUMMARY:Test msssss END:VEVENT X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100430T055201Z DTEND:20100430T055201Z TRANSP:OPAQUE SEQUENCE:0 UID:1e464698-1064-4cb2-8166-2a843b63ca5a DESCRIPTION:uba:Project20100321:imanage2010 pm SUMMARY:this is a new milestones for testing on 30th april END:VEVENT X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100731T093917Z DTEND:20100731T093917Z TRANSP:OPAQUE SEQUENCE:0 UID:5262ef58-73bc-4d66-a207-4e884e249629 DESCRIPTION:uba:Project20100321:imanage2010 pm SUMMARY:555555555555555555 END:VEVENT X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100328T230000Z DTEND:20100328T230000Z TRANSP:OPAQUE SEQUENCE:0 UID:f654262d-714e-41d9-9690-005bb467f8aa DESCRIPTION:uba:Untitled project:imanage2010 pm SUMMARY:first milestone END:VEVENT X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100401T095537Z DTEND:20100401T095537Z TRANSP:OPAQUE SEQUENCE:0 UID:3f4a6c16-f460-457d-a281-b4c010958796 DESCRIPTION:uba:ProjectIcal:imanage2010 pm SUMMARY:new ms ical END:VEVENT X-MS-OLK-FORCEINSPECTOROPEN:TRUE BEGIN:VEVENT DTSTART:20100331T230000Z DTEND:20100331T230000Z TRANSP:OPAQUE SEQUENCE:0 UID:e5bf28d1-3559-48e9-90f8-2b5233489a13 DESCRIPTION:uba:ProjectIcal:imanage2010 pm SUMMARY:new ms 2 ical END:VEVENT END:VCALENDAR And the source for generating the above code is which is nothing but the mvc view:: <%@ Import Namespace ="iManageProjectPM.Controllers" % <%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage"% BEGIN:VCALENDAR VERSION:2.0<%if (Model.Events.Count 1) {% CALSCALE:GREGORIAN METHOD:PUBLISH<%}% X-MS-OLK-FORCEINSPECTOROPEN:TRUE <%foreach(var evnt in Model.Events){% BEGIN:VEVENT DTSTART<%=Model.GetTimeString(evnt.StartTime)% DTEND<%=Model.GetTimeString(evnt.EndTime)% TRANSP:OPAQUE SEQUENCE:0 UID:<%=evnt.UID% DESCRIPTION:<%=evnt.Desc% SUMMARY:<%=evnt.Title% END:VEVENT<%}% END:VCALENDAR

    Read the article

  • Implementing Security on custom BCS/.net class?

    - by Michael Stum
    I'm implementing a custom BCS Model to get data from a backend system. As the backend uses it's own user management, I'm accessing it through a service account. All of this works well and allows me to pull data into SharePoint. However because it's channeled through the service account, everyone can access it, which is bad. Can anyone give me some tips which method to implement? The backend does not give me NT ACLs, but I wonder if I could just "fake" them somehow? (Essentially saying "This NT Group has Read Access" is good enough). I am aware of ISecurityTrimmer2 for Search Results, but ideally I want to cover security inside the BCS Model so that it applies to external lists as well. I want to avoid using Secure storage and mapping each individual user to the backend.

    Read the article

  • Hacking your own application

    - by instigator
    I am a web developer that is very conscious of security and try and make my web applications as secure as possible. How ever I have started writing my own windows applications in C# and when it comes testing the security of my C# application, I am really only a novice. Just wondering if anyone has any good tutorials/readme's on how to hack your own windows application and writing secure code.

    Read the article

  • Flash security popup is unclickable on a layered window

    - by sjlewis
    I have a layered (TransparencyKey is set) winform w/ a WebBrowser control on it that navigates to a page that contains flash (swf). Everything works okay except that when flash shows a security popup, none of the buttons on the popup respond to mouse click, so I can't click Allow/Deny. Right-click works but only shows the context menu that is normal to flash. I tried overriding WndProc on the WebBrowser control, as suggested here, but it still does not respond to mouse click. If I comment out the TransparencyKey setting, even w/o the WndProc override, the buttons respond. I thought this'd be a container issue so I decided to host the swf file on the form, using the example here, but this, too, had the same problem w/ layered window. So, is there another way that can get around this problem? What is it w/ layered window that renders the buttons on the flash popup unclickable? What is it w/ flash...?

    Read the article

  • Objective-C Plugin Architecture Security (Mac, not iphone)

    - by Tom Dalling
    I'm possibly writing a plugin system for a Cocoa application (Mac, not iphone). A common approach is the make each plugin a bundle, then inject the bundle into the main application. I'm concerned with the security implications of doing this, as the bundle will have complete access to the Objective-C runtime. I am especially concerned with a plugin having access to the code that handles registration and serial keys. Another plugin system we are considering is based on distributed notifications. Basically, each plugin will be a separate process, and they will communicate via distributed notifications only. Is there a way to load bundles securely (e.g. sandboxing)? If not, do you see any problems with using distributed notifications? Are there any other plugin architectures that would be better?

    Read the article

  • outputting html in runtime in asp.net

    - by madness800
    Hi all, I'm building a website at the moment, I've some html fragment that is being stored into the database, I've been reading around that inserting HTML at runtime poses security risks by using the InnerHTML property of any html tag with runat server on it. So, my question is there any alternative way to safely display the html code and won't pose security risks and is it best to assume any textboxes on any given page is dangerous and process the text in the textboxes with Server.HtmlEncode before I store it to database? Cheers

    Read the article

  • Need a Security Scenario for asp.net webservice

    - by Karamafrooz
    I have developed a .Net 3.5 windows forms application. I also want to design a website that has a webservice with multiple Webmethods to query the database on the host machine. I want the webservice to be called ONLY through my winapp and my website! And I don't want any other people to be able to call and use my webservice but only some people who have access to the windows application that I have developed. I need a good security scenario for this! I truly appreciate anyone who can help me because this is my first experience of developing a webservice and I really need it to be as secure as I mentioned!

    Read the article

  • Making sure a web page is not cached, across all browsers.

    - by Edward Wilde
    Our investigations have shown us that not all browsers respect the http cache directives in a uniform manner. For security reasons we do not want certain pages in our application to cached, ever, by the web browser. This must work for at least the following browsers: Internet Explorer versions 6-8 FireFox versions 1.5 - 3.0 Safari version 3 Opera 9 Our requirement came from a security test. After logging out from our website you could press the back button and view cached pages.

    Read the article

  • ie6 p3p 'file download security warning'

    - by cometta
    i have a page inside iframe, so i set the header to "P3P","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"" after that my page inside iframe able to load properly and i able to authenticate user with 'form' post . but on ie6, when i post 'form' inside iframe, i get ie6 message 'file download security warning on javascript file' . those javascript files are put on 'head' of pages inside iframe. how comes ie6 suddenly pop up dialog asking to download those files? anyone know which p3p parameter cause this problem?

    Read the article

  • serving files using django - is this a security vulnerability

    - by Tom Tom
    I'm using the following code to serve uploaded files from a login secured view in a django app. Do you think that there is a security vulnerability in this code? I'm a bit concerned about that the user could place arbitrary strings in the url after the upload/ and this is directly mapped to the local filesystem. Actually I don't think that it is a vulnerability issue, since the access to the filesystem is restricted to the files in the folder defined with the UPLOAD_LOCATION setting. UPLOAD_LOCATION = is set to a not publicly available folder on the webserver url(r'^upload/(?P<file_url>[/,.,\s,_,\-,\w]+)', 'aeon_infrastructure.views.serve_upload_files', name='project_detail'), @login_required def serve_upload_files(request, file_url): import os.path import mimetypes mimetypes.init() try: file_path = settings.UPLOAD_LOCATION + '/' + file_url fsock = open(file_path,"r") file_name = os.path.basename(file_path) file_size = os.path.getsize(file_path) print "file size is: " + str(file_size) mime_type_guess = mimetypes.guess_type(file_name) if mime_type_guess is not None: response = HttpResponse(fsock, mimetype=mime_type_guess[0]) response['Content-Disposition'] = 'attachment; filename=' + file_name #response.write(file) except IOError: response = HttpResponseNotFound() return response

    Read the article

  • How would a php or java client authenticate if I'm using WCF w/ forms auth?

    - by Toran Billups
    I have a generic proof of concept WCF service that is using forms authentication to secure access. All works great when my client is .NET (vb code below) Dim client As SupplierServiceClient = New SupplierServiceClient() client.ClientCredentials.UserName.UserName = "[email protected]" client.ClientCredentials.UserName.Password = "password" Dim SupplierList As List(Of Supplier) = client.GetSuppliers() but as I want this to interop w/ anyone who can do SOAP 1.1/1.2 - how would a PHP or Java client connect? My WCF web.config is listed below (fyi) <system.serviceModel> <services> <service name="SampleApplicationWCF.Library.SupplierService" behaviorConfiguration="NorthwindBehavior"> <endpoint address="" name="wsHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="wsHttpBinding" bindingConfiguration="wsHttp"/> <endpoint address="https://server/SampleApplicationWCF/SupplierService.svc/Basic" name="basicHttpSupplierService" contract="SampleApplicationWCF.Library.ISupplierService" binding="basicHttpBinding" bindingConfiguration="basicHttp"/> <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex"/> </service> </services> <bindings> <wsHttpBinding> <binding name="wsHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="true"/> </security> </binding> </wsHttpBinding> <basicHttpBinding> <binding name="basicHttp"> <security mode="TransportWithMessageCredential"> <transport/> <message clientCredentialType="UserName"/> </security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="NorthwindBehavior"> <serviceMetadata httpGetEnabled="true"/> <serviceAuthorization principalPermissionMode="UseAspNetRoles"/> <serviceCredentials> <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel>

    Read the article

  • Security sandbox violation when connecting to Socket from flex

    - by KensoDev
    Hi, I am using a Socket (not xmlSocket) connection between flex applications and the server pushing messages. Now, when I connect from the local machine to the server everything is working file and running, connection is succesful and I get data back and forth. When I upload the application (flex) to the server and run it from there, I get a security sandBox violation message. Note: 1. I do have a crossdomain file with * wildcard both on port and on domain. 2. I created a Securiy.allowDomain("*") as well. Another thing. I also created another listener on that same server, listening to connections for port 843 (default) and this service just waited for a connection send policy file to the client and that's it. That did not solve the problem as well... That's next? What should I do to fix the problem? Appreciate your help. Avi

    Read the article

  • Security Token/Cross Domain Cookie in Classic ASP?

    - by jlrolin
    I have an interesting conundrum. We have a site that is a completely separate domain, we'll say http://www.x.com and our own site that is http://www.y.com. The y.com site is actually a classic ASP site, and we aren't converting it to .NET at this time. The problem is that there is a link on x.com that redirects to y.com from a members area. We want to "authenticate" the user to make sure they are a member from the other site. If they are, they are directed to a members area on y.com. If not, they have to provide login information on y.com. Cookies obviously don't work due to the cross domain security, but is there a way around this? I've also looked at a service for tokens, but I'm not sure exactly how that works in Classic ASP. Any ideas or suggestions?

    Read the article

  • Using a password to generate two distinct hashes without reducing password security

    - by Nevins
    Hi there, I'm in the process of designing a web application that will require the storage of GPG keys in an encrypted format in a database. I'm planning on storing the user's password in a bCrypt hash in the database. What I would like to be able to do is to use that bCrypt to authenticate the user then use the combination of the stored bCrypt hash and another hash of the password to encrypt and decrypt the GPG keys. My question is whether I can do this without reducing the security of the password? I was thinking I may be able to use something like an HMAC-SHA256 of a static string using the password and a salt as the secret key. Is there a better way to do this that I haven't thought of? Thanks

    Read the article

  • About SQL Server security

    - by Felipe Fiali
    I have an ASP.NET application which runs under the Classic .NET AppPool in IIS. I have a report to render from my website. The problem is SQL Server keeps telling me that it failed to create a connection to the datasource, because login failed for user IUSR. After adding that user directly to the databse I could get the report to work, but I'm concerned about security. By doing that, am I opening my specified databases to all websites hosted on IIS? Or is that account identity-specific?

    Read the article

  • Is web.config more secure than a class?

    - by o-logn
    I was reading a tutorial on ASP.NET and third party API's and it mentioned that the API KEY and SECRET KEY should be stored in the web.config file, for security on production servers, instead of in the classes that use them. However, I'm not quite sure what's more secure about a web.config file than a class? I understand the convenience of storing it in a config file, but I don't see the security benefit?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 136 137 138 139 140 141 142 143 144 145 146 147  | Next Page >