Search Results

Search found 11453 results on 459 pages for 'hibernate session'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 207/459 | < Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >

  • Caching instances in a jee web app

    - by SibzTer
    Hi, Consider the scenario of a typical webapp with JSFs on the front and ejb3, with Hibernate as JPA provider, talking to backend database such as mysql, etc. The main user actions are login and mostly CRUD operations (minus any D(elete) operations). And the App Server is GlassFish of course. Given this scenario, how and where all would one go about providing caching to improve performance? From what I have googled, I have seen that hibernate provides some sort of caching through different cache providers. Is there any sort of caching that can be provided for the jsf pages? How about session beans or entity beans on the ejb side of things? Also, I just read about memcached and was wondering if this was something to consider?

    Read the article

  • MVC4 Model in View has nested data - cannot get data in model

    - by Taersious
    I have a Model defined that gets me a View with a list of RadioButtons, per IEnumerable. Within that Model, I want to display a list of checkboxes that will vary based on the item selected. Finally, there will be a Textarea in the same view once the user has selected from the available checkboxes, with some dynamic text there based on the CheckBoxes that are selected. What we should end up with is a Table-per-hierarchy. The layout is such that the RadioButtonList is in the first table cell, the CheckBoxList is in the middle table cell, and the Textarea is ini the right table cell. If anyone can guide me to what my model-view should be to achieve this result, I'll be most pleased... Here are my codes: // // View Model for implementing radio button list public class RadioButtonViewModel { // objects public List<RadioButtonItem> RadioButtonList { get; set; } public string SelectedRadioButton { get; set; } } // // Object for handling each radio button public class RadioButtonItem { // this object public string Name { get; set; } public bool Selected { get; set; } public int ObjectId { get; set; } // columns public virtual IEnumerable<CheckBoxItem> CheckBoxItems { get; set; } } // // Object for handling each checkbox public class CheckBoxViewModel { public List<CheckBoxItem> CheckBoxList { get; set; } } // // Object for handling each check box public class CheckBoxItem { public string Name { get; set; } public bool Selected { get; set; } public int ObjectId { get; set; } public virtual RadioButtonItem RadioButtonItem { get; set; } } and the view @model IEnumerable<EF_Utility.Models.RadioButtonItem> @{ ViewBag.Title = "Connect"; ViewBag.Selected = Request["name"] != null ? Request["name"].ToString() : ""; } @using (Html.BeginForm("Objects" , "Home", FormMethod.Post) ){ @Html.ValidationSummary(true) <table> <tbody> <tr> <td style="border: 1px solid grey; vertical-align:top;"> <table> <tbody> <tr> <th style="text-align:left; width: 50px;">Select</th> <th style="text-align:left;">View or Table Name</th> </tr> @{ foreach (EF_Utility.Models.RadioButtonItem item in @Model ) { <tr> <td> @Html.RadioButton("RadioButtonViewModel.SelectedRadioButton", item.Name, ViewBag.Selected == item.Name ? true : item.Selected, new { @onclick = "this.form.action='/Home/Connect?name=" + item.Name + "'; this.form.submit(); " }) </td> <td> @Html.DisplayFor(i => item.Name) </td> </tr> } } </tbody> </table> </td> <td style="border: 1px solid grey; width: 220px; vertical-align:top; @(ViewBag.Selected == "" ? "display:none;" : "")"> <table> <tbody> <tr> <th>Column </th> </tr> <tr> <td><!-- checkboxes will go here --> </td> </tr> </tbody> </table> </td> <td style="border: 1px solid grey; vertical-align:top; @(ViewBag.Selected == "" ? "display:none;" : "")"> <textarea name="output" id="output" rows="24" cols="48"></textarea> </td> </tr> </tbody> </table> } and the relevant controller public ActionResult Connect() { /* TEST SESSION FIRST*/ if( Session["connstr"] == null) return RedirectToAction("Index"); else { ViewBag.Message = ""; ViewBag.ConnectionString = Server.UrlDecode( Session["connstr"].ToString() ); ViewBag.Server = ParseConnectionString( ViewBag.ConnectionString, "Data Source" ); ViewBag.Database = ParseConnectionString( ViewBag.ConnectionString, "Initial Catalog" ); using( var db = new SysDbContext(ViewBag.ConnectionString)) { var objects = db.Set<SqlObject>().ToArray(); var model = objects .Select( o => new RadioButtonItem { Name = o.Name, Selected = false, ObjectId = o.Object_Id, CheckBoxItems = Enumerable.Empty<EF_Utility.Models.CheckBoxItem>() } ) .OrderBy( rb => rb.Name ); return View( model ); } } } What I am missing it seems, is the code in my Connect() method that will bring the data context forward; at that point, it should be fairly straight-forward to set up the Html for the View. EDIT ** So I am going to need to bind the RadioButtonItem to the view with something like the following, except my CheckBoxList will NOT be an empty set. // // POST: /Home/Connect/ [HttpPost] public ActionResult Connect( RadioButtonItem rbl ) { /* TEST SESSION FIRST*/ if ( Session["connstr"] == null ) return RedirectToAction( "Index" ); else { ViewBag.Message = ""; ViewBag.ConnectionString = Server.UrlDecode( Session["connstr"].ToString() ); ViewBag.Server = ParseConnectionString( ViewBag.ConnectionString, "Data Source" ); ViewBag.Database = ParseConnectionString( ViewBag.ConnectionString, "Initial Catalog" ); using ( var db = new SysDbContext( ViewBag.ConnectionString ) ) { var objects = db.Set<SqlObject>().ToArray(); var model = objects .Select( o => new RadioButtonItem { Name = o.Name, Selected = false, ObjectId = o.Object_Id, CheckBoxItems = Enumerable.Empty<EF_Utility.Models.CheckBoxItem>() } ) .OrderBy( rb => rb.Name ); return View( model ); } } }

    Read the article

  • How to store search result ?

    - by manndaar
    Hello, I am working on my personal site, where I want to store my customers recent search result limited to that particular session. I am using PHP platform and Javascripts. Here is an example of what I am exactly looking at : It stores your previously searched domain name for that particular session so that user can make decision by comparing those results. How to achieve this using php, javascripts or some sort of div layer ???? Thanks.

    Read the article

  • Flash Builder 4 debug issue

    - by Tempname
    I am trying to debug an application in Flash Builder 4. The application I am working makes use of php session variables to ensure that the user is logged in. When not debugging, after logging in I can simply path to the container html file and everything works fine. However, when I am debugging a new IE window is launched but for some odd reason the previously logged in php session does not exist for this window. Is this an issue with IE?

    Read the article

  • how to make oracle case insensitive

    - by yuri
    Can there be a setting on Oracle 10g to consider data as case insensitive? I saw a solution here. However, that is done on a session. What I am looking for is a setting either on a schema or on a table to consider it's data as case insensitive. If it is on a session then I will have to make the change on all the stored procedures.

    Read the article

  • nhibernate : how to intialise child list objects

    - by frosty
    I have the following method in my repository. This works fine, my orderItems are initialised as intended however orderItems contains another collection called OrderItemAddress. These are not initialised. How would i do this? public Model.Order Get(int id) { using (ISession session = NHibernateHelper.OpenSession()) { Model.Order order = session .CreateCriteria(typeof(Model.Order)) .Add(Restrictions.Eq("Id", id)) .UniqueResult<Model.Order>(); NHibernateUtil.Initialize(order.OrderItems); return order; } }

    Read the article

  • SQL-Server: Impersonation

    - by Falcon
    Hello, is there any way to make a certain session execute all commands as a certain user? I cannot use the execute as clause because it mustn't be hardcoded. I need something along the lines of this pseudocode: ALTER SESSION sessionid SET EXECUTING_USER=someuser

    Read the article

  • get JSON object attribute name

    - by Laurent Luce
    I know that I can retrieve "session" by using item.fields.name but what if I don't know in advance that the attribute is called "name". How can I retrieve the list of the attributes names in fields first. [ { "pk": 2, "model": "auth.group", "fields": { "name": "session" } } ]

    Read the article

  • How to make a fun effective programming meetup that benefits both beginners and advanced coders.

    - by adam
    If you could organise your own programming meetup how would you organise the session so that people had fun learnt lots were able to participate despite their level. what kinds of topics, activities, challenges etc would you include (not all in one session but in general) how would you handle differing levels? what do you think are some important things to learn, to achieve? Any input is greatly appreciated. Im not sure how Id mark the best answer, perhaps leave it to the community to vote for it.

    Read the article

  • Looking for design patterns to isolate framework layers from each other

    - by T Reddy
    Hi, I'm wondering if anyone has any experience in "isolating" framework objects from each other (Spring, Hibernate, Struts). I'm beginning to see design "problems" where an object from one framework gets used in another object from a different framework. My fear is we're creating tightly coupled objects. For instance, I have an application where we have a DynaActionForm with several attributes...one of which is a POJO generated by the Hibernate Tools. This POJO gets used everywhere...the JSP populates data to it, the Struts Action sends it down to a Service Layer, the DAO will persist it...ack! Now, imagine that someone decides to do a little refactoring on that POJO...so that means the JSP, Action, Service, DAO all needs to be updated...which is kind of painful...There has got to be a better way?! There's a book called Core J2EE Patterns: Best Practices and Design Strategies (2nd Edition)...is this worth a look? I don't believe it touches on any specific frameworks, but it looks like it might give some insight on how to properly layer the application... Thanks!

    Read the article

  • DRY-ing very similar specs for ASP.NET MVC controller action with MSpec (BDD guidelines)

    - by spapaseit
    Hi all, I have two very similar specs for two very similar controller actions: VoteUp(int id) and VoteDown(int id). These methods allow a user to vote a post up or down; kinda like the vote up/down functionality for StackOverflow questions. The specs are: VoteDown: [Subject(typeof(SomeController))] public class When_user_clicks_the_vote_down_button_on_a_post : SomeControllerContext { Establish context = () => { post = PostFakes.VanillaPost(); post.Votes = 10; session.Setup(s => s.Single(Moq.It.IsAny<Expression<Func<Post, bool>>>())).Returns(post); session.Setup(s => s.CommitChanges()); }; Because of = () => result = controller.VoteDown(1); It should_decrement_the_votes_of_the_post_by_1 = () => suggestion.Votes.ShouldEqual(9); It should_not_let_the_user_vote_more_than_once; } VoteUp: [Subject(typeof(SomeController))] public class When_user_clicks_the_vote_down_button_on_a_post : SomeControllerContext { Establish context = () => { post = PostFakes.VanillaPost(); post.Votes = 0; session.Setup(s => s.Single(Moq.It.IsAny<Expression<Func<Post, bool>>>())).Returns(post); session.Setup(s => s.CommitChanges()); }; Because of = () => result = controller.VoteUp(1); It should_increment_the_votes_of_the_post_by_1 = () => suggestion.Votes.ShouldEqual(1); It should_not_let_the_user_vote_more_than_once; } So I have two questions: How should I go about DRY-ing these two specs? Is it even advisable or should I actually have one spec per controller action? I know I Normally should, but this feels like repeating myself a lot. Is there any way to implement the second It within the same spec? Note that the It should_not_let_the_user_vote_more_than_once; requires me the spec to call controller.VoteDown(1) twice. I know the easiest would be to create a separate spec for it too, but it'd be copying and pasting the same code yet again... I'm still getting the hang of BDD (and MSpec) and many times it is not clear which way I should go, or what the best practices or guidelines for BDD are. Any help would be appreciated.

    Read the article

  • What web platform is right for me?

    - by egervari
    I've been looking at web frameworks like Rails, Grails, etc. I'm used to doing applications in Spring Framework with Hibernate... and I want something more productive. One of the things I realized is that while some of the things in Grails is sexy, there are some serious problems with it. Grails' controllers: 1) are implemented awfully. They don't seem to be able to extend from super classes at runtime. I tried this to add base actions and helper methods, and this seems to cause grails to blow up. 2) are based on an obsolete request parameters model (rather than form backing objects, which are much nicer). 3) are hard to test. Command objects are treated totally differently... and it's actually MUCH harder to write the test than it is to write the controller code. 4) Command objects operate totally differently. They are pre-validated and bound, which causes a lot of inconsistencies than basic parameter model. 5) Command objects are not reusable, and it's a pain in the rear to reuse most of the stuff from the domain classes, like constraints and fields. This is TRIVIAL to do in basic Spring. Why the hell was it not trivial to do in Grails? 6) The scaffolding that is generated is pure crap. It doesn't generalize inserts and updates... and it actually copy/pastes a pile of code in two views: create.gsp and edit.gsp. The views themselves are gargantuan piles of doggie do-do. This is further compounded by the fact that it uses low-level parameters and not objects. Integration tests are 30x slower than a Spring integration test. It is disgusting. Some mocking tests are so hard to write and aren't guaranteed to work when it's deployed, that I think it discourages fast, tdd test cycles. Most things seem to screw up grails while it's running, like adding a taglib, or anything really. The server restart problem wasn't solved at all. I'm starting to think going with Spring/Hibernate/Java is the only way to go. While there is a pretty big cost at startup, I know it'll eventually smooth out. It sucks I can't use a language like Scala... because idiomatically, it is so incompatible with Hibernate. This app is also not a run-of-the-mill UI over a database. It's got some of that, but it's not going to be a slouch. I am deathly scared of Grails now because of how crap it is in the Controller layer. Suggestions on what I can do?

    Read the article

  • Use SQL query to populate property in nHibernate mapping file

    - by brainimus
    I have an object which contains a property that is the result of an SQL statement. How do I add the SQL statement to my nHibernate mapping file? Example Object: public class Library{ public int BookCount { get; set; } } Example Mapping File: <hibernate-mapping> <class name="Library" table="Libraries"> <property name="BookCount" type="int"> <- This is where I want the SQL query to populate the value. -> </class> </hibernate-mapping> Example SQL Query: SELECT COUNT(*) FROM BOOKS WHERE BOOKS.LIBRARY_ID = LIBRARIES.ID

    Read the article

  • Insert using strored procedure from nhibernate

    - by jcreddy
    Hi I am using the following code snippets to insert values using stored procedure. the code is executing successfully but no record is inserted in DB. Please suggest with simple example. **---- stored procedure--------** Create PROCEDURE [dbo].[SampleInsert] @id int, @name varchar(50) AS BEGIN insert into test (id, name) values (@id, @name); END **------.hbm file-------** <?xml version="1.0" encoding="utf-8" ?> <hibernate-mapping xmlns="urn:nhibernate-mapping-2.2"> <sql-query name="Procedure"> exec SampleInsert :Id,:Name </sql-query> </hibernate-mapping> **--------c# code to insert value using above sp------** ISessionFactory sessionFactory = new Configuration().Configure().BuildSessionFactory(); ISession session = sessionFactory.OpenSession(); IQuery query = session.GetNamedQuery("Procedure"); query.SetParameter("Id", "222"); query.SetParameter("Name", "testsp"); query.SetResultTransformer(new NHibernate.Transform.AliasToBeanConstructorResultTransformer(typeof(Procedure).GetConstructors()[0])); Regards Jcreddy

    Read the article

  • Tomcat does not persist UserPrinciple during restart

    - by mabuzer
    How to force Tomcat to serialize UserPrinciple so that the user is kept logged in when Tomcat has restarted? Right now the user has to login again everytime. Added the following lines into web-app context.xml: <Manager className="org.apache.catalina.session.PersistentManager"> <Store className="org.apache.catalina.session.FileStore"/> </Manager> but still I see login page after Tomcat restart, I use Tomcat 6.0.26

    Read the article

  • Sesion timout vs Form Authentication timeout

    - by Costa
    Hi What is the difference between a abandon Session and a cookie timeout, what if the session is abandon and the cookie is still alive, is that can lead to a problem? <sessionState timeout="1" /> <authentication mode="Forms"> <forms loginUrl="login.aspx" timeout="1" /> </authentication> Thanks

    Read the article

  • Multi domain rails app. How to intelligently use MVC?

    - by denial
    Background: We have app a, b, and plan to add more apps into this same application. The apps are similar enough they could share many views, assets, and actions. Currently a,b live in a single rails app(2.3.10). c will be similar enough that it could also be in this rails app. The problem: As we continue to add more apps to this one app, there's going to be too much case logic that the app will soon become a nightmare to maintain. There will also be potential namespace issues. However, the apps are very similar in function and layout, it also makes sense to keep them in one app so that it's one app to maintain(since roughly 50% of site look/functionality will be shared). What we are trying to do is keep this as clean as possible so it's easy for multiple teams to work on and easy to maintain. Some things we've thought about/are trying: Engines. Make each app an engine. This would let us base routes on the domain. It also allows us to pull out controllers, models and views for the specific app. This solution does not seem ideal as we won't be reusing the apps any time soon. And explicitly stating the host in the routes doesn't seem right. Skinning/themes. The auth logic would be different between the apps. Each user model would be different. So it's not just a skinning problem. In app/view add folder sitea for sitea views, siteb for siteb views and so on. Do the same for controllers and models. This is still pretty messy and since it didn't follow naming conventions, it did not work with rails so nicely and made much of the code messier. Making another rails app. We just didn't want to maintain the same controller or view in 2 apps if they are identical. What we want to do is make the app intelligently use a controller based on the host. So there would be a sessions controller for each app, and perhaps some parent session controller for shared logic(not needed now). In each of these session controllers, it handles authentication for that specific app. So if the domain is a.mysite.com, it would use session controller for app a and know to use app a's views,models,controllers. And if the domain is b.mysite, it would use the session controller for b. And there would be a user model for a and user model for b, which also would be determined by the domain. Does anyone have any suggestions or experience with this situation? And ideally using rails 2.3.x as updating to rails 3 isn't an option right now.

    Read the article

  • Facebook Connect from Localhost, doing some weird stuff

    - by Brett
    So maybe the documentation is out of date, or I am just off here. But I have done a slew of FB iframe apps (connect), but I am starting my first FB Connect site. Running it from localhost, and the Connect URL is http:// my_external_IP_address. When I click on the FB login button on my site, it pops up, says waiting for facebook, and it returns my site in that box, with the URL up top with the http:// mysite/?session={session key, user_id, etc.} The user_id is infact my FB id. And so it thinks I am logged in. If I close the popup, I'm not logged in. I'm not sure why the pop up isn't doing the normal fb connect dialog. I'm following these steps. (I added spaces to the http:// as to not be detected as 'spam') html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml" right after <body> <script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"> At the end, before the body close tag: script type="text/javascript"> FB.init("fbkey", "http://127.0.0.1/xd_receiver.htm"); I have tried using xd_receiver.htm, /xd_receiver.htm (and other combos), and that brings up a blank page. using the http://127.0.0.1 at least does something. In my config file, which is called before all of those, it checks for a PHP session key to see if they are logged in, if that doesn't exist it looks for a cookie, and if that doesn't exist it does this: require_once('includes/facebook.php'); $facebook = new Facebook($fbkey, $fbsec); $user_id = $facebook->get_loggedin_user(); if($user_id > 0){ $user = $ac->getUserFromFB($user_id); $_SESSION['user_id'] = $user['user_id']; } The user_id is always empty when I echo it out to the screen to test. The session event never occurs as well. So I don't know what it is doing in the popup, but I think Facebook thinks it is logging me in. Not sure. Pretty stumped on this one. Any help would be appreciated. Thanks!

    Read the article

  • Modifying object in AfterInsert / AfterUpdate

    - by Jean Barmash
    I have a domain object that holds results of a calculation based on parameters that are properties of the same domain object. I'd like to make sure that any time parameters get changed by the user, it recalculates and gets saved properly into the database. I am trying to do that with afterInsert (to make sure calculation is correct in the first place), and afterUpdate. However, since my calculation is trying to modify the object itself, it's not working - throwing various hibernate exceptions. I tried to put the afterUpdate code into a transaction, but that didn't help. I am afraid I am getting into a circular dependency issues here. The exception I am getting right now is: org.hibernate.StaleObjectStateException: Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect): [esc.scorecard.PropertyScorecard#27] Are the GORM events designed for simpler use cases? I am tempted to conclude that modifying the object you are in the middle of saving is not the way to go.

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • Cannot .Count() on IQueryable (NHibernate)

    - by Bruno Reis
    Hello, I'm with an irritating problem. It might be something stupid, but I couldn't find out. I'm using Linq to NHibernate, and I would like to count how many items are there in a repository. Here is a very simplified definition of my repository, with the code that matters: public class Repository { private ISession session; /* ... */ public virtual IQueryable<Product> GetAll() { return session.Linq<Product>(); } } All the relevant code in the end of the question. Then, to count the items on my repository, I do something like: var total = productRepository.GetAll().Count(); The problem is that total is 0. Always. However there are items in the repository. Furthermore, I can .Get(id) any of them. My NHibernate log shows that the following query was executed: SELECT count(*) as y0_ FROM [Product] this_ WHERE not (1=1) That must be that "WHERE not (1=1)" clause the cause of this problem. What can I do to be able .Count() the items in my repository? Thanks! EDIT: Actually the repository.GetAll() code is a little bit different... and that might change something! It is actually a generic repository for Entities. Some of the entities implement also the ILogicalDeletable interface (it contains a single bool property "IsDeleted"). Just before the "return" inside the GetAll() method I check if if the Entity I'm querying implements ILogicalDeletable. public interface IRepository<TEntity, TId> where TEntity : Entity<TEntity, TId> { IQueryable<TEntity> GetAll(); ... } public abstract class Repository<TEntity, TId> : IRepository<TEntity, TId> where TEntity : Entity<TEntity, TId> { public virtual IQueryable<TEntity> GetAll() { if (typeof (ILogicalDeletable).IsAssignableFrom(typeof (TEntity))) { return session.Linq<TEntity>() .Where(x => (x as ILogicalDeletable).IsDeleted == false); } else { return session.Linq<TEntity>(); } } } public interface ILogicalDeletable { bool IsDeleted {get; set;} } public Product : Entity<Product, int>, ILogicalDeletable { ... } public IProductRepository : IRepository<Product, int> {} public ProductRepository : Repository<Product, int>, IProductRepository {} Edit 2: actually the .GetAll() is always returning an empty result-set for entities that implement the ILogicalDeletable interface (ie, it ALWAYS add a WHERE NOT (1=1) clause. I think Linq to NHibernate does not like the typecast.

    Read the article

  • Merge Function In Entity FrameWork?

    - by Ahmed
    In NHibernate there is a merge function that does the following: if there is a persistent instance with the same identifier currently associated with the session, copy the state of the given object onto the persistent instance if there is no persistent instance currently associated with the session, try to load it from the database, or create a new persistent instance the persistent instance is returned Is this possible in EF? I mean this part : copy the state of the given object onto the persistent instance. And if i used ApplyCurrentValues it seemes to be as update behavior or not?

    Read the article

  • what good orm api will work well with scala or erlang

    - by Emotu Balogun
    I'm considering taking up scala programming but i'm really concerned about what will become of my ORM based applications. I currently use hibernate as my ORM and i find it a really reliable tool. I'd like to know if there's any ORM tool as efficient but written in scala, or will hibernate work seamlessly with it. i don't want to have to start writing endless sql queries again (like the days of JDBC). I also have the same thought about erlang. is there a good orm out there for erlang?? and can i use erlang with other DBMS like oracle and mysql with ORM

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >