Search Results

Search found 25872 results on 1035 pages for 'document security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 187/1035 | < Previous Page | 183 184 185 186 187 188 189 190 191 192 193 194  | Next Page >

  • Is a VPN a good method for protecting data in an untrusted network? [closed]

    - by john
    I will be connecting my laptop in an untrusted network. If I setup OpenVpn on a server and use a vpn client on the laptop to connect through it, is it enough? Can someone perform a MITM attack or otherwise eavesdrop on my traffic? If someone on the local network port-scans my laptop, will the open ports be accessible to him while I use the VPN tunnel? Is there anything else I should keep in mind?

    Read the article

  • What are my options for a secure External File Share in Server 2008 R2?

    - by Nitax
    Hi, I have a Windows Server 2008 R2 machine installed on a home network with a number of files that need to be shared in a few different scenarios. I would like for all three scenarios to have a solution with some sort of encyption to protect the data during transfer. Scenario 1: I need to access files from my laptop (Mac OSX) or another computer outside of the network. This option seems like the easy one to answer in that I could use LogMeIn, the windows VPN, etc. to create such a connection. Scenario 2: I need to provide access to another user with minimal installation / configuration on his or her end. This makes me think of the new FTP 7.5 provided with Server 2008 R2 but i'm not sure of the details: Does it support SSH or some other form of encryption?, can an OSX user connect?, etc. My question here is what are my options? I really just don't know where to get started...

    Read the article

  • What are the steps needed to achieve EAL4

    - by Anonymous
    I read the wikipedia article on EAL (http://en.wikipedia.org/wiki/Evaluation_Assurance_Level) but didn't find it very helpful in laying out the steps needed to achieve EAL4. Can someone please lay out in plain English what's involved and what's required?

    Read the article

  • Why is the word PERSONAL still relevant in the term PC? [closed]

    - by Bill
    I have spent half an hour trying to change an icon on my Win-7-64 machine (Why Can't I Change the Icon). One reasonable suggestion (reasonable in terms of having a solution, not reasonable in terms of having to jump through these hoops for such a basic requirement) was to delete the old icon from the %userprofile% \ Local Settings..., however when I click on this folder in Windows Explorer I am told the folder is not accessible - Access Denied. Well! It's my PERSONAL computer isn't it? Isn't that what PC stands for? It's MY computer - why can't I get access to that folder? It's about time we started calling these machines MCs (Microsoft Computer), or WCs (Windows Computer) - because they sure as hell aint PERSONAL damn computers!!!!

    Read the article

  • Why does Saxon evaluate the result-document URI to be the same?

    - by Jan
    My XSL source document looks like this <Topology> <Environment> <Id>test</Id> <Machines> <Machine> <Id>machine1</Id> <modules> <module>m1</module> <module>m2</module> </modules> </Machine> </Machines> </Environment> <Environment> <Id>production</Id> <Machines> <Machine> <Id>machine1</Id> <modules> <module>m1</module> <module>m2</module> </modules> </Machine> <Machine> <Id>machine2</Id> <modules> <module>m3</module> <module>m4</module> </modules> </Machine> </Machines> </Environment> </Topology> I want to create one result-document per machine, so I use the following stylesheet giving modelDir as path for the result-documents as parameter. <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes" name="myXML" doctype-system="http://java.sun.com/dtd/properties.dtd"/> <xsl:template match="/"> <xsl:for-each-group select="/Topology/Environment/Machines/Machine" group-by="Id"> <xsl:variable name="machine" select="Id"/> <xsl:variable name="filename" select="concat($modelDir,$machine,'.xml')" /> <xsl:message terminate="no">Writing machine description to <xsl:value-of select="$filename"/></xsl:message> <xsl:result-document href="$filename" format="myXML"> <xsl:variable name="currentMachine" select="Id"/> <xsl:for-each select="current-group()/LogicalHosts/LogicalHost"> <xsl:variable name="environment" select="normalize-space(../../../../Id)"/> <xsl:message terminate="no">Module <xsl:value-of select="."/> for <xsl:value-of select="$environment"/></xsl:message> </xsl:for-each> </xsl:result-document> </xsl:for-each-group> </xsl:template> As my messages show me this seems to work fine - if saxon would not evaluate the URI of the result-document to be the same and thus give the following output. Writing machine description to target/build/model/m1.xml Module m1 for test Module m2 for test Module m1 for production Module m2 for production Writing machine description to target/build/model/m2.xml Error at xsl:result-document on line 29 of file:/C:/Projekte/.../machine.xsl: XTDE1490: Cannot write more than one result document to the same URI, or write to a URI that has been read: file:/C:/Projekte/.../$filename file:/C:/Projekte/.../machine.xsl(29,-1) : here Cannot write more than one result document to the same URI, or write to a URI that has been read: file:/C:/Projekte/.../$filename ; SystemID: file:/C:/Projekte/.../machine.xsl; Line#: 29; Column#: -1 net.sf.saxon.trans.DynamicError: Cannot write more than one result document to the same URI, or write to a URI that has been read: file:/C:/Projekte/.../$filename at net.sf.saxon.instruct.ResultDocument.processLeavingTail(ResultDocument.java:300) at net.sf.saxon.instruct.Block.processLeavingTail(Block.java:365) at net.sf.saxon.instruct.Instruction.process(Instruction.java:91) Any ideas on how to solve this?

    Read the article

  • Takeaways From CSO Roundtable New York

    - by Naresh Persaud
    Thanks to everyone who attended the Chief Security Officer Roundtable in New York last week. We were lucky to have Dennis Brixus, CSO of McGraw-Hill  as a guest speaker. In addition, Jeff Henley, provided a board level perspective on security. Amit Jasuja discussed Oracle's security formula.  A few takeaways from Jeff's talk that were interesting: Security is a board level issue. The challenge at the board level is that boards have short attention span. The CSO needs to be vigilant in educating the board on the strategic importance of security. Every CSO needs to think about cost. The CSO has to look at the economics of security and demonstrate fiduciary responsibility. We have to think of security as a business enabler. Security is the enabler that helps us expand into new markets and connect better with our customers and partners. While the CSO can't prevent every threat, we have to expect the CSO to have a plan. Oracle security-formula View more PowerPoint from OracleIDM

    Read the article

  • Securing Web Service communication with SSL using CXF

    - by reef
    Hi all, I am trying to secure communications via SSL/TLS for one of our Web Service using CXF 2.2.5. I am wondering how to update client and server Spring configuration file to activate this feature. I found some information on CXF's website (CXF Wiki) for the client configuration, here is the given example: <http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit"> <http:tlsClientParameters> <sec:keyManagers keyPassword="password"> <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"/> </sec:keyManagers> <sec:trustManagers> <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/> </sec:trustManagers> <sec:cipherSuitesFilter> <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks --> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> </http:tlsClientParameters> <http:authorization> <sec:UserName>Betty</sec:UserName> <sec:Password>password</sec:Password> </http:authorization> <http:client AutoRedirect="true" Connection="Keep-Alive"/> </http:conduit> Concerning this configuration, the Concerning the server side configuration I am unable to launch the server properly, here is the configuration I have: <http:destination name="{urn:ihe:iti:xds-b:2007}DocumentRepository_Port_Soap12.http-destination"> </http:destination> <httpj:engine-factory> <httpj:engine port="9043"> <httpj:tlsServerParameters> <sec:keyManagers keyPassword="changeit"> <sec:keyStore type="JKS" password="changeit" file="security/keystore.jks" /> </sec:keyManagers> <sec:trustManagers> <sec:keyStore type="JKS" password="changeit" file="security/cacerts.jks" /> </sec:trustManagers> <sec:cipherSuitesFilter> <!-- these filters ensure that a ciphersuite with export-suitable or null encryption is used, but exclude anonymous Diffie-Hellman key change as this is vulnerable to man-in-the-middle attacks --> <sec:include>.*_EXPORT_.*</sec:include> <sec:include>.*_EXPORT1024_.*</sec:include> <sec:include>.*_WITH_DES_.*</sec:include> <sec:include>.*_WITH_NULL_.*</sec:include> <sec:exclude>.*_DH_anon_.*</sec:exclude> </sec:cipherSuitesFilter> <sec:clientAuthentication want="true" required="true" /> </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory> But when I run my application server (JOnas) with this configuration I have the following error message: Line 20 in XML document from ServletContext resource [/WEB-INF/beans.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'httpj:engine-factory'. Do you guys know how to solve this issue? Thanks in advance,

    Read the article

  • Securing an ADF Application using OES11g: Part 1

    - by user12587121
    Future releases of the Oracle stack should allow ADF applications to be secured natively with Oracle Entitlements Server (OES). In a sequence of postings here I explore one way to achive this with the current technology, namely OES 11.1.1.5 and ADF 11.1.1.6. ADF Security Basics ADF Bascis The Application Development Framework (ADF) is Oracle’s preferred technology for developing GUI based Java applications.  It can be used to develop a UI for Swing applications or, more typically in the Oracle stack, for Web and J2EE applications.  ADF is based on and extends the Java Server Faces (JSF) technology.  To get an idea, Oracle provides an online demo to showcase ADF components. ADF can be used to develop just the UI part of an application, where, for example, the data access layer is implemented using some custom Java beans or EJBs.  However ADF also has it’s own data access layer, ADF Business Components (ADF BC) that will allow rapid integration of data from data bases and Webservice interfaces to the ADF UI component.   In this way ADF helps implement the MVC  approach to building applications with UI and data components. The canonical tutorial for ADF is to open JDeveloper, define a connection to a database, drag and drop a table from the database view to a UI page, build and deploy.  One has an application up and running very quickly with the ability to quickly integrate changes to, for example, the DB schema. ADF allows web pages to be created graphically and components like tables, forms, text fields, graphs and so on to be easily added to a page.  On top of JSF Oracle have added drag and drop tooling with JDeveloper and declarative binding of the UI to the data layer, be it database, WebService or Java beans.  An important addition is the bounded task flow which is a reusable set of pages and transitions.   ADF adds some steps to the page lifecycle defined in JSF and adds extra widgets including powerful visualizations. It is worth pointing out that the Oracle Web Center product (portal, content management and so on) is based on and extends ADF. ADF Security ADF comes with it’s own security mechanism that is exposed by JDeveloper at development time and in the WLS Console and Enterprise Manager (EM) at run time. The security elements that need to be addressed in an ADF application are: authentication, authorization of access to web pages, task-flows, components within the pages and data being returned from the model layer. One  typically relies on WLS to handle authentication and because of this users and groups will also be handled by WLS.  Typically in a Dev environment, users and groups are stored in the WLS embedded LDAP server. One has a choice when enabling ADF security (Application->Secure->Configure ADF Security) about whether to turn on ADF authorization checking or not: In the case where authorization is enabled for ADF one defines a set of roles in which we place users and then we grant access to these roles to the different ADF elements (pages or task flows or elements in a page). An important notion here is the difference between Enterprise Roles and Application Roles. The idea behind an enterprise role is that is defined in terms of users and LDAP groups from the WLS identity store.  “Enterprise” in the sense that these are things available for use to all applications that use that store.  The other kind of role is an Application Role and the idea is that  a given application will make use of Enterprise roles and users to build up a set of roles for it’s own use.  These application roles will be available only to that application.   The general idea here is that the enterprise roles are relatively static (for example an Employees group in the LDAP directory) while application roles are more dynamic, possibly depending on time, location, accessed resource and so on.  One of the things that OES adds that is that we can define these dynamic membership conditions in Role Mapping Policies. To make this concrete, here is how, at design time in Jdeveloper, one assigns these rights in Jdeveloper, which puts them into a file called jazn-data.xml: When the ADF app is deployed to a WLS this JAZN security data is pushed to the system-jazn-data.xml file of the WLS deployment for the policies and application roles and to the WLS backing LDAP for the users and enterprise roles.  Note the difference here: after deploying the application we will see the users and enterprise roles show up in the WLS LDAP server.  But the policies and application roles are defined in the system-jazn-data.xml file.  Consult the embedded WLS LDAP server to manage users and enterprise roles by going to the domain console and then Security Realms->myrealm->Users and Groups: For production environments (or in future to share this data with OES) one would then perform the operation of “reassociating” this security policy and application role data to a DB schema (or an LDAP).  This is done in the EM console by reassociating the Security Provider.  This blog posting has more explanations and references on this reassociation process. If ADF Authentication and Authorization are enabled then the Security Policies for a deployed application can be managed in EM.  Our goal is to be able to manage security policies for the applicaiton rather via OES and it's console. Security Requirements for an ADF Application With this package tour of ADF security we can see that to secure an ADF application with we would expect to be able to take care of at least the following items: Authentication, including a user and user-group store Authorization for page access Authorization for bounded Task Flow access.  A bounded task flow has only one point of entry and so if we protect that entry point by calling to OES then all the pages in the flow are protected.  Authorization for viewing data coming from the data access layer In the next posting we will describe a sample ADF application and required security policies. References ADF Dev Guide: Fusion Middleware Fusion Developer's Guide for Oracle Application Development Framework: Enabling ADF Security in a Fusion Web Application Oracle tutorial on securing a sample ADF application, appears to require ADF 11.1.2 Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif"; mso-bidi-font-family:"Times New Roman";} Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

    Read the article

  • Where can I find a legal "permission to work on open source" document?

    - by Nathan Long
    One of the things I really like about my current job is that we developers are encouraged to make open source contributions. However, this encouragement has always been verbal. I've read some horror stories about developers having their open-source work legally claimed by their employer. I'd be more comfortable if we had something in writing from my employer saying that contributions are allowed and not owned by the company. Understanding that you are not lawyers, does anyone know where to find a boilerplate document to this effect?

    Read the article

  • Canon MG8150 - unable to scan document to PC via wireless router, but works via USB connection?

    - by Heidi
    Please help. Get error that scanner disconnected or locked "code:5,146,555" when I try to scan a document to PC or attach to an email. Can't remember this function ever working and I've had this MFD for 2-3 years now. Printer function works fine via wireless, but not scanning. Upgraded my laptop a few months ago from Windows 98 to Windows Vista and reinstalled my printer/scanner software and drivers. Any ideas?

    Read the article

  • Le W3C met à jour "Standards pour les Applications Web sur Mobile", un document qui fait l'état de l'art des spécifications

    Le W3C met à jour « Standards pour les Applications Web sur Mobile » Un document qui fait l'état de l'art des spécifications et leurs supports Ces dernières années, nous observons une progression nette des demandes de développements Web mobiles. Cela est dû au fait que de plus en plus d'utilisateurs optent pour des smartphones ou des tablettes pour accéder au Web via une multiplicité de navigateurs à maturités divergentes, véritable casse-tête pour le développeur. [IMG]http://idelways.developpez.com/news/images/web-plateforme.png[/IMG] Le Web : une plateforme de développement d'applications Le W3C (World Wide Web Consort...

    Read the article

  • How to properly document functionality in an agile project?

    - by RoboShop
    So recently, we've just finished the first phase of our project. We used agile with fortnightly sprints. And whilst the application turned out well, we're now turning our eyes on some of the maintenance tasks. One maintenance task is that all of our documentation appears in the form of specs. These specs describe 1 or more stories and generally are a body of work which a few devs could knock over in a week. For development, that works really well - every two weeks, the devs get handed a spec and it's a nice discrete chunk of work that they can just do. From a documentation point of view, this has become a mess. The problem with writing specs that are focused on delivering just-in-time requirements to developers is we haven't placed much emphasis on the big picture. Specs come from all different angles - it could be describing a standard function, it could describing parts of a workflow, it could be describing a particular screen... And now, we have business rules about our application scattered across 120 documents. Looking for any document for a particular business rule or function in particular is quite hard because you don't know which document has this information, and making a change request is equally hard because once again, we are unsure about which spec to make the change. So we have maybe a couple of weeks of lull before it's back to specing out functionality for the next phase but in this time, I'd like to re-visit our processes. I think the way we have worked so far in terms of delivering fortnightly specs works well. But we also need a way to manage our documentation so that our business rules for a given function / workflow are easy to locate / change. I have two ideas. One is we compile all of our specs into a series of master specs broken by a few broad functional areas. The specs describe the sprint, the master spec describe the system. The only problem I can see is 1) Our existing 120 specs are not all neatly defined into broad functional areas. Some will require breaking up, merging etc. which will take a lot of time. 2) We'll be writing specs and updating master specs in each new sprint. Seems like double the work, and then do the devs look at the spec or the master spec? My other suggestion is to concede that our documentation is too big of a mess, and manage that mess going forward. So we go through each spec, assign like keywords to it, and then when we want to search for a function, we search for that keyword. Problems I can see 1) Still the problem of business rules scattered everywhere, keywords just make it easier to find it. anyway, if anyone has any decent ideas or any experience to share about how best to manage documentation, would really appreciate it.

    Read the article

  • Should back end processes be included in use cases in requirements document?

    - by bizso09
    We're writing a requirements document for our client and need to include the use cases of the system. We're following this template: ID Description Actors Precondition Basic Steps Alternate Steps Exceptions Business validations/Rules Postconditions In the Basic Steps section, should we include steps that the system performs in the back end or should we only include steps that the user directly interacts with? Example: Basic Steps for Search 1: User goes to search page User enters term User presses search System matches search term with database entries System displays results vs Basic Steps for Search 2: User goes to search page User enters term User presses search System displays results

    Read the article

  • Send mail via gmail with PowerShell V2's Send-MailMessage

    - by Scott Weinstein
    I'm trying to figure out how to use PowerShell V2's Send-MailMessage with gmail. Here's what I have so far. $ss = new-object Security.SecureString foreach ($ch in "password".ToCharArray()) { $ss.AppendChar($ch) } $cred = new-object Management.Automation.PSCredential "[email protected]", $ss Send-MailMessage -SmtpServer smtp.gmail.com -UseSsl -Credential $cred -Body... I get the following error Send-MailMessage : The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required. Learn more at At foo.ps1:18 char:21 + Send-MailMessage <<<< ` + CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], SmtpException + FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage Am I doing something wrong, or is Send-MailMessage not fully baked yet (I'm on CTP 3)? Edit - two additional restrictions I want this to be non-interactive, so get-credential won't work The user account isn't on the gmail domain, but an google apps registered domain

    Read the article

  • Simple implementation of N-Gram, tf-idf and Cosine similarity in Python

    - by seanieb
    I need to compare documents stored in a DB and come up with a similarity score between 0 and 1. The method I need to use has to be very simple. Implementing a vanilla version of n-grams (where it possible to define how many grams to use), along with a simple implementation of tf-idf and Cosine similarity. Is there any program that can do this? Or should I start writing this from scratch?

    Read the article

  • HttpAddUrl permissions

    - by Ghostrider
    I'm trying to run a custom WinHTTP based web-server on Windows Server 2008 machine. I pass "http://*:22222/" to HttpAddUrl When I start my executable as Administrator or LocalSystem everything works fine. However if I try to run it as NetworkService to minimize security risks (since there are no legitimate reasons for the app to use admin rights) function fails with "Access Denied" error code. I wasn't aware of NetworkService having any restrictions on which ports and interfaces it can listen on. Is there a way to configure permissions in such a way so that I actually can run the app under NetworkService account and connect to it from other internet hosts?

    Read the article

  • Strange problem with UIDocumentInteractionController

    - by Tùng Ð?
    I don't know what wrong with this code but everytime when I run the app, after the Menu is shown, the app crash. NSString * path = [[NSBundle mainBundle] pathForResource:@"tung" ofType:@"doc"]; UIDocumentInteractionController *docController = [UIDocumentInteractionController interactionControllerWithURL:[NSURL fileURLWithPath:path]]; docController.delegate = self; //[docController presentPreviewAnimated:YES]; CGRect rect = CGRectMake(0, 0, 300, 300); [docController presentOptionsMenuFromRect:rect inView:self.view animated:YES]; Error I got: * Terminating app due to uncaught exception 'NSGenericException', reason: '-[UIPopoverController dealloc] reached while popover is still visible.' What should I do now ?

    Read the article

  • Why does Java tell me my applet contains both signed and unsigned code?

    - by JohnCooperNZ
    My signed Java applet has been running fine until Java update 19. Now some but not all of our users on Java Update 19 report a java security message stating that our applet contains both signed and unsigned code. The process for creating our applet is as follows: 1: Clean and Build the applet project in Netbeans IDE. 2: Open the Applet jar file in WinRAR and add the required mysql JDBC driver .class files to the jar file. 3: Sign the applet jar file. Can someone please tell me how to determine what code is signed and what code is not signed in our applet? Is there a better way to include the mysql JDBC driver jar file in our applet other than copying the jar file contents into our applet jar file? Thanks

    Read the article

  • Advice? SSO in N-tiered SOA with mixture of REST and SOAP services

    - by Tyler
    Hi gang, We are moving to SSO in our N-tiered SOA applications. If all the services were SOAP, I'd be ok with just the WS-Security, WS-Trust, WS-Federation set of protocols. My problem is that many of the services are RESTful (ironic) and those protocols do not address REST services. What is your advice for SSO protecting the REST services in an N-tiered SOA architecture with the following requirements: ideally claims-based identity information available to the REST services original user (eg. bootstrap) information must flow through the tiers so that each service can "ActAs" or "OnBehalfOf" the user support sequences like: WebApp -- REST Svc -- SOAP Svc WebApp -- REST Svc1 -- REST Svc2 WebApp -- SOAP Svc -- REST Svc WebApp -- SOAP Svc1 -- SOAP Svc2 support SSO (and SSOff) service/web app platforms: ASP.Net and WCF Java end-user client platforms: .Net (WSE 3.0 and WCF) flash 10 java javascript and AJAX Normally I'm good at climbing / bashing my way through walls, but this one's knocked me flat. Hopefully with your help, we can get over this one. Thanks, Tyler

    Read the article

  • Spring AOP: how to get the annotations of the adviced method

    - by hubertg
    I'd like to implement declarative security with Spring/AOP and annotations. As you see in the next code sample I have the Restricted Annotations with the paramter "allowedRoles" for defining who is allowed to execute an adviced method. @Restricted(allowedRoles="jira-administrators") public void setPassword(...) throws UserMgmtException { // set password code ... } Now, the problem is that in my Advice I have no access to the defined Annotations: public Object checkPermission(ProceedingJoinPoint pjp) throws Throwable { Signature signature = pjp.getSignature(); System.out.println("Allowed:" + rolesAllowedForJoinPoint(pjp)); ... } private Restricted rolesAllowedForJoinPoint(ProceedingJoinPoint thisJoinPoint) { MethodSignature methodSignature = (MethodSignature) thisJoinPoint.getSignature(); Method targetMethod = methodSignature.getMethod(); return targetMethod.getAnnotation(Restricted.class); } The method above always returns null (there are no annotations found at all). Is there a simple solution to this? I read something about using the AspectJ agent but I would prefer not to use this agent.

    Read the article

  • MVVM/ViewModels and handling Authorization

    - by vdh_ant
    Hey guys Just wondering how how people handle Authorization when using MVVM and/or View Models. If I wasn't using VM's I would be passing back the Model and it would have a property which I could check if a user can edit a given object/property but when using MVVM I am disconnecting myself from the business object... and thus doen't know what the security should be any more. Is this a case where the mapper should be aware of the Authorization that is in place and don't copy across the data if the Authorization check fails. If this was the case I am guessing that the mapper would have to see some properties on the VM to let the interface know which fields are missing data because of the Authorization failure. If this does occur within the mapper, how does this fit in with things like AutoMapper, etc. Cheers Anthony

    Read the article

  • Are the ASP.net __EVENTTARGET and __EVENTARGUMENT susceptible to SQL injection?

    - by Schleichermann
    A security review was done against one of our ASP.net applications and returned in the test results was a SQL Injection Exposures considered to be a high risk item. The test that was performed passed a SQL statement as the value of the __EVENTTARGET and the __EVENTARGUMENT. I am wondering since these 2 values are ASP.net auto-generated hidden fields used for the Auto-Postback feature of the framework and hold information specific to the controls initiating the postback, is there really the potential for SQL injection if you are never manually calling and or pulling values out of these parameters in your code behind?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 183 184 185 186 187 188 189 190 191 192 193 194  | Next Page >