Search Results

Search found 11674 results on 467 pages for 'adding'.

Page 180/467 | < Previous Page | 176 177 178 179 180 181 182 183 184 185 186 187  | Next Page >

  • Make SubSonic use existing <connectionstring> instead of new data provider

    - by paolodm
    I am adding SubSonic to a legacy application. This application already defines a ConnectionString. Is there a way I can use this connectionstring instead of creating a new Data Provider entry? I know that one solution is programmatically setting this in the code (i.e. SubSonic.DataService.GetInstance("Name").SetDefaultConnectionString("ConnString") ). However, is there a more elegant solution?

    Read the article

  • How To Configure Fields To Display In Ubercart Product Node

    - by mrtrombone
    Hi I have set up ubercart on a site and everything seems ok when adding products and viewing the catalog page however when I click on the product the product view does not include the product image or the price. I have have enabled all fields in admin/store/settings/products/edit/fields however this does not seem to change anything (SKU etc not displayed either, only description, size options, add to cart button and link to category) Can anyone suggest why these may not be showing, Am I looking at completely the wrong config screen? Thanks

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • How to handle form data in cakephp

    - by Vinay
    i have a form for adding people object ,i want to add as many people without saving people in database,after clicking add people form submit button,the same form should appear without saving the form data to database,instead it should save to the session.please explain in detail if possible with the help of a example to do this, i have not found any tutorial which explains cakephp session in detail.

    Read the article

  • Wordpress htaccess problem

    - by ajithperuva
    I have some problem with my htaccess file .here am adding my problem.Please help me My actual url is as follows http://localhost/buydualit/?searchitem=toaster&pagenum=1 here by using my .htaccess am rewrited my url as http://localhost/buydualit/toaster-1/ My url rewriting rule is like follows RewriteRule ^[A-Za-z-0-9,\"'-\/]+-([0-9]+)\/$ buydualit/index.php?pagenum=$1&searchitem=$2 In this rule how can i retrieve toaster from http://localhost/buydualit/toaster-1/ (searchitem=$2 which is not getting) please help me

    Read the article

  • Xcode / iPhone Enterprise Distribution Certificate Made By Other Person

    - by ort11
    There is an Enterprise Distribution Provision that was created by another person that is no longer here (before me). Getting the development provision / certificate was fine, by adding myself to the team, etc. But what is the best way to clear the "No Valid / Matching Certificate" for the Distribution Provision when building for release / distribution? Will we have to make another Distribution Provision?

    Read the article

  • Most useful free third party Java libraries?

    - by Pyrolistical
    I've never seen a good list of free Java libraries. What are some of your can't-live-without Java libraries? Note: to keep this poll as useful as possible, please remember: Post only one library per answer We don't want duplicate answers, so before posting check if the library has been mentioned already When adding a new library, provide a short summary of what it does / why you think it's useful

    Read the article

  • Creating a Transparent Bitmap with GDI?

    - by user146780
    I want to implement a layering system in my application and was thinking of creating a bunch of transparent bitmaps, adding content to them then blitting them on top of each other, how can this be done without setting each pixel to (0,0,0,0). I'm using Pure win32, not MFC, thanks.

    Read the article

  • Make a table row's text editable immediately

    - by Ricky
    I have an NSTableView in my user interface, where new rows are added when the user presses a button or keyboard shortcut. Each row consists of two text cells (the table is comprised of two columns). Is there a way to immediately select the first text cell of a new row which is added? So, basically, I would like the user to be able to press the button, adding a new row to the table and then having it editable straight away.

    Read the article

  • STL container to pop() by priority?

    - by Pirate for Profit
    I'm writing a thread-pool for Qt as QRunnable doesn't handle event loops in new threads. Not too familiar with STL, what would be the best way to pop() something by priority? Priority should probably be a property of MyRunnable imo, but I can always give that info to an STL container when adding the runnable to the queue.

    Read the article

  • MySQL very slow compared to MS Access when inserting hundred of thousands of rows ! So is there a my

    - by asksuperuser
    I am currently adding hundred of thousands of rows of data to a table first on a MS Access Table then on a MySQL Table. I first tried with MS Access, it tooks less than 40 seconds. Then I tried exactly with the same source and with the same table structure to MySQL and it took 6 min and 40 seconds that is 1000% slower !!! So is there a myth that a database server is more performant ?

    Read the article

  • Optimize SELECT DISTINCT CONCAT query in MySQL

    - by L. Cosio
    Hello! I'm running this query: SELECT DISTINCT CONCAT(ALFA_CLAVE, FECHA_NACI) FROM listado GROUP BY ALFA_CLAVE HAVING count(CONCAT(ALFA_CLAVE, FECHA_NACI)) > 1 Is there any way to optimize it? Queries are taking 2-3 hours on a table with 850,000 rows. Adding an index to ALFA_CLAVE and FECHA_NACI would work? Thanks in advanced

    Read the article

  • SQL Alter Table to Add a Column, does it do anything "scary"?

    - by Pselus
    I need to add a column to an existing table in my live sql database. I know how to use the ALTER command, but what I want to know is the effect this has on the table. For example,, if using SQL Management Studio, it claims that adding a column will "drop and recreate" the table. Will the ALTER table command do that as well? This table is CONSTANTLY accessed and VERY important so I want to make VERY sure of this before going forward.

    Read the article

  • Error in OnClientClick in C#?

    - by Champ
    I want a popup to be populated to user before deleting the record I have tried OnClientClick and class to handle it with JavaScript/jQuery but with no success ERROR Type 'System.Web.UI.WebControls.HyperLinkField' does not have a public property named 'OnClientClick'. Control <asp:HyperLinkField OnClientClick="return confirm('Are you sure you would like to delete the selected landing page?')" datanavigateurlfields="id" datanavigateurlformatstring="ViewLandingPages.aspx?id={0}&delete=yes" HeaderText="Delete" Text="Delete" /> EDIT : also tried adding a class (for handling it with jquery ) but with no success

    Read the article

  • Drupal menu permissions question

    - by Luke
    I'm creating an admin module for my client that gives then access to some administration functionality concerning their content. I'm starting off my adding some permissions in my module by implementing hook_perm: function mymodule_perm() { return array( 'manage projects', ); } I can then create my menu by adding to the admin section that already exists: function mymodule_menu() { $items['admin/projects'] = array( 'title' => 'Projects', 'description' => 'Manage your projects.', 'page callback' => 'manage_projects_overview', 'access callback' => 'user_access', 'access arguments' => array('manage projects'), 'type' => MENU_NORMAL_ITEM, 'weight' => -100, ); $items['admin/projects/add'] = array( 'title' => 'Add project', 'access arguments' => array('manage projects'), 'page callback' => 'mymodule_projects_add', 'type' => MENU_NORMAL_ITEM, 'weight' => 1, ); return $items; } This will add a Projects section to the Administration area with an Add project sub section. All good. The behavior I want is that my client can only see the Projects section when they log in. I've accomplished this by ticking the "manage projects" permission for authenticated users. Now to give my client actual access to the Administration area I also need to tick "access administration pages" under the "system module" in the users permissions section. This works great, when I log in as my client I can only see the Projects section in the Administration area. There is one thing though, I my Navigation menu shown in the left column I can see the following items: - Administer - Projects - Content management - Site building - Site configuration - User management I was expecting only the see Administer and Projects, not the other ones. When I click e.g. Content Management I get a Content Management titled page with no options. Same for Site Building, Site Configuration and User Management. What's really odd is that Reports is not being shown which is also a top level Administration section. Why are these other items, besides my Projects section, being shown and how can I make them stop from appearing if I'm not logged in as administrator?

    Read the article

  • WebClient and Gzip compression is faster?

    - by Yozer
    I writting an application which is using WebClient class. Adding something like that: ExC.Headers.Add("Accept-Encoding: gzip, deflate"); where ExC is: class ExWebClient1 : WebClient { protected override WebRequest GetWebRequest(Uri address) { HttpWebRequest request = (HttpWebRequest)base.GetWebRequest(address); request.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate; return request; } } It will be a diffrence in speed when i will be using encoded response?

    Read the article

< Previous Page | 176 177 178 179 180 181 182 183 184 185 186 187  | Next Page >