Search Results

Search found 9419 results on 377 pages for 'context sensitive grammar'.

Page 214/377 | < Previous Page | 210 211 212 213 214 215 216 217 218 219 220 221  | Next Page >

  • Standards Corner: Preventing Pervasive Monitoring

    - by independentid
     Phil Hunt is an active member of multiple industry standards groups and committees and has spearheaded discussions, creation and ratifications of industry standards including the Kantara Identity Governance Framework, among others. Being an active voice in the industry standards development world, we have invited him to share his discussions, thoughts, news & updates, and discuss use cases, implementation success stories (and even failures) around industry standards on this monthly column. Author: Phil Hunt On Wednesday night, I watched NBC’s interview of Edward Snowden. The past year has been tumultuous one in the IT security industry. There has been some amazing revelations about the activities of governments around the world; and, we have had several instances of major security bugs in key security libraries: Apple's ‘gotofail’ bug  the OpenSSL Heartbleed bug, not to mention Java’s zero day bug, and others. Snowden’s information showed the IT industry has been underestimating the need for security, and highlighted a general trend of lax use of TLS and poorly implemented security on the Internet. This did not go unnoticed in the standards community and in particular the IETF. Last November, the IETF (Internet Engineering Task Force) met in Vancouver Canada, where the issue of “Internet Hardening” was discussed in a plenary session. Presentations were given by Bruce Schneier, Brian Carpenter,  and Stephen Farrell describing the problem, the work done so far, and potential IETF activities to address the problem pervasive monitoring. At the end of the presentation, the IETF called for consensus on the issue. If you know engineers, you know that it takes a while for a large group to arrive at a consensus and this group numbered approximately 3000. When asked if the IETF should respond to pervasive surveillance attacks? There was an overwhelming response for ‘Yes'. When it came to 'No', the room echoed in silence. This was just the first of several consensus questions that were each overwhelmingly in favour of response. This is the equivalent of a unanimous opinion for the IETF. Since the meeting, the IETF has followed through with the recent publication of a new “best practices” document on Pervasive Monitoring (RFC 7258). This document is extremely sensitive in its approach and separates the politics of monitoring from the technical ones. Pervasive Monitoring (PM) is widespread (and often covert) surveillance through intrusive gathering of protocol artefacts, including application content, or protocol metadata such as headers. Active or passive wiretaps and traffic analysis, (e.g., correlation, timing or measuring packet sizes), or subverting the cryptographic keys used to secure protocols can also be used as part of pervasive monitoring. PM is distinguished by being indiscriminate and very large scale, rather than by introducing new types of technical compromise. The IETF community's technical assessment is that PM is an attack on the privacy of Internet users and organisations. The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible. Pervasive monitoring was discussed at the technical plenary of the November 2013 IETF meeting [IETF88Plenary] and then through extensive exchanges on IETF mailing lists. This document records the IETF community's consensus and establishes the technical nature of PM. The draft goes on to further qualify what it means by “attack”, clarifying that  The term is used here to refer to behavior that subverts the intent of communicating parties without the agreement of those parties. An attack may change the content of the communication, record the content or external characteristics of the communication, or through correlation with other communication events, reveal information the parties did not intend to be revealed. It may also have other effects that similarly subvert the intent of a communicator.  The past year has shown that Internet specification authors need to put more emphasis into information security and integrity. The year also showed that specifications are not good enough. The implementations of security and protocol specifications have to be of high quality and superior testing. I’m proud to say Oracle has been a strong proponent of this, having already established its own secure coding practices. 

    Read the article

  • WebCenter Innovation Award Winners

    - by Michael Snow
    Of course, here on our WebCenter blog – we’d like to highlight and brag about our great WebCenter winners. The 2012 WebCenter Innovation Award Winners University of Louisville Location: Louisville, KY, USA Industry: Higher Education Fusion Middleware Products: WebCenter Portal, WebCenter Content, JDeveloper, WebLogic, Oracle BI, Oracle IdM University of Louisville is a state supported research university Statewide Informatics Network to improve public health The University of Louisville has implemented WebCenter as part of the LOUI (Louisville Informatics Institute) Initiative, a Statewide Informatics Network, which will improve public healthcare and lower cost through the use of novel technology and next generation analytics, decision support and innovative outcomes-based payment systems. ---------- News Limited Country/Region: Australia Industry: News/Media FMW Products: WebCenter Sites Single platform running websites for 50% of Australia's newspapers News Corp is running half of Australia's newspaper websites on this shared platform powered by Oracle WebCenter Sites and have overtaken their nearest competitors and are now leading in terms of monthly page impressions. At peak they have over 250 editors on the system publishing in real-time.Sites include: www.newsspace.com.au, www.news.com.au, www.theaustralian.com.au and many others ------ Life Technologies Corp. Country/Region: Carlsbad, CA, USAIndustry: Life SciencesFMW Products: WebCenter Portal, SOA Suite Life Technologies Corp. is a global biotechnology tools company dedicated to improving the human condition with innovative life science products. They were awarded an innovation award for their solution utilizing WebCenter Portal for remotely monitoring & repairing biotech instruments. They deployed WebCenter as a portal that accesses Life Technologies cloud based service monitoring system where all customer deployed instruments can be remotely monitored and proactively repaired.  The portal provides alerts from these cloud based monitoring services directly to the customer and to Life Technologies Field Engineers.  The Portal provides insight into the instruments and services customers purchased for the purpose of analyzing and anticipating future customer needs and creating targeted sales and service programs. ----- China Mobile Jiangsu China Mobile Jiangsu is one of the biggest subsidiaries of China Mobile. It has over 25,000 employees and 40 million mobile subscribers. Country/Region: Jiangsu, China Industry: Telecommunications FMW Products: WebCenter Portal, WebCenter Content, JDeveloper, SOA Suite, IdM They were awarded an Innovation Award for their new employee platform powered by WebCenter Portal is designed to serve their 25,000+ employees and help them drive collaboration & productivity. JSMCC (Chian Mobile Jiangsu) Employee Enterprise Portal and Collaboration Platform. It is one of the China Mobile’s most important IT innovation projects. The new platform is designed to serve for JSMCC’s 25000+ employees and to help them improve the working efficiency, changing their traditional working mode to social ways, encouraging employees on business collaboration and innovation. The solution is built on top of Oracle WebCenter Portal Framework and WebCenter Spaces while also leveraging Weblogic Server, UCM, OID, OAM, SES, IRM and Oracle Database 11g. By providing rich collaboration services, knowledge management services, sensitive document protection services, unified user identity management services, unified information search services and personalized information integration capabilities, the working efficiency of JSMCC employees has been greatly improved. Main Functionality : Information portal, office automation integration, personal space, group space, team collaboration with web2.0 services, unified search engine for multiple data sources, document management and protection. SSO for multiple platforms. -------- LADWP – Los Angeles Department for Water and Power Los Angeles Department of Water and Power (LADWP) is the largest public utility company in United States with over 1.6 Million customers. LADWP provides water and power for millions of residential & commercial customers in Southern California. LADWP also bills most of these customers for sanitation services provided by another city department. Country/Region: US – Los Angeles, CA Industry: Public Utility FMW Products: WebCenter Portal, WebCenter Content, JDeveloper, SOA Suite, IdM The new infrastructure consists of: Oracle WebCenter Portal including mobile portal Oracle WebCenter Content for Content Management and Digital Asset Management (DAM) Oracle OAM (IDM, OVD, OAM) integrated with AD for enterprise identity management Oracle Siebel for CRM Oracle DB Oracle SOA Suite for integration of various subsystems and back end systems  The new portal's features include: Complete Graphical redesign based on best practices in UI Design for high usability Customer Self Service implemented through MyAccount (Bill Pay, Payment History, Bill History, Usage Analysis, Service Request Management) Financial Assistance Programs (CRM, WebCenter) Customer Rebate Programs (CRM, WebCenter) Turn On/Off/Transfer of services (Commercial & Residential) Outage Reporting eNotification (SMS, email) Multilingual (English & Spanish) – using WebCenter multi-language support Section 508 (ADA) Compliant Search – Using WebCenter SES (Secured Enterprise Search) Distributed Authorship in WebCenter Content Mobile Access (any Mobile Browser)

    Read the article

  • DISA Cross Domain Enterprise Solutions on the NetBeans Platform

    - by Geertjan
    Bray 2.0 is a tool based on the NetBeans Platform that assists in creating valid Data Flow Configuration (DFC) files. The DFC Specification was developed to provide a standardized way for defining, validating, and approving data flows for use on cross-domain guarding solutions. A DFC document specifies key entities such as security domains, guards that facilitate data between security domains, data flows that describe how data travels between security domains, filters that transform and validate the data and more. Related info: http://www.disa.mil/Services/Information-Assurance/Cross-Domain-Solutions The Bray product is in development at Fulcrum IT (http://www.fulcrumco.com). The DFC Specification and Bray were developed in support of the US Department of Defense. Bray 2.0 marks the first release of Bray on the NetBeans Platform and utilizes a number of features that are core to the NetBeans Platform: Modular plugability. Bray consumers can integrate their own tools, file types, and more into the product with relative ease. Robust UI. The NetBeans Platform intuitive UI makes it easy to access and manipulate multiple aspects of a DFC. Explorer. The Explorer is a key component that makes the DFC XML easy to traverse, edit, and find errors. Context-sensitive help. JavaHelp can be readily integrated for the product as well as all the UI within. Editors. Any external file can be added to a DFC. Users can register their own editors or use the provided NetBeans editors to edit files. Printing. The NetBeans Platform Print API makes it easy to determine what should be printed and how.   A screenshot: Bray 2.0 provides a lot of key features in developing valid, robust DFC files:  XML validation. A DFC can be validated against the DFC schema specification. DFC Check List. An interactive, minimal guide for creating a complete DFC. Summary Window. The Summary Window functions like the Navigator in NetBeans IDE. The current "item of interest" is checked against various business rules and provides the ability to quickly find and fix errors. Change Log. Bray audits every change to a DFC and places them in a change log for users to peruse. Comments. Users can optionally add comments for other users to see. Digital signatures. DFC files can be digitally signed. A signature history and signature validation is provided in Bray. Pluggable security schemes. Bray ships with plain text and IC-ISM security schemes. If needed, users can integrate additional ones.  ...and more to come! New features for Bray are constantly in development including use of the NetBeans Visual Library, language support, and more. More screenshots:

    Read the article

  • Resolve SRs Faster Using RDA - Find the Right Profile

    - by Daniel Mortimer
    Introduction Remote Diagnostic Agent (RDA) is an excellent command-line data collection tool that can aid troubleshooting / problem solving. The tool covers the majority of Oracle's vast product range, and its data collection capability is comprehensive. RDA collects data about the operating system and environment, including environment variable, kernel settings network o/s performance o/s patches and much more the Oracle Products installed, including patches logs and debug metrics configuration and much more In effect, RDA can obtain a snapshot of an Oracle Product and its environment. Oracle Support encourages the use of RDA because it greatly reduces service request resolution time by minimizing the number of requests from Oracle Support for more information. RDA is designed to be as unobtrusive as possible; it does not modify systems in any way. It collects useful data for Oracle Support only and a security filter is provided if required. Find and Use the Right RDA Profile One problem of any tool / utility, which covers a large range of products, is knowing how to target it against only the products you wish to troubleshoot. RDA does not have a GUI. Nor does RDA have an intelligent mechanism for detecting and automatically collecting data only for those Oracle products installed. Instead, you have to tell RDA what to do. There is a mind boggling large number of RDA data collection modules which you can configure RDA to use. It is easier, however, to setup RDA to use a "Profile". A profile consists of a list of data collection modules and predefined settings. As such profiles can be used to diagnose a problem with a particular product or combination of products. How to run RDA with a profile? ( <rda> represents the command you selected to run RDA (for example, rda.pl, rda.cmd, rda.sh, and perl rda.pl).) 1. Use the embedded spreadsheet to find the RDA profile which is appropriate for your problem / chosen Oracle Fusion Middleware products. 2. Use the following command to perform the setup <rda> -S -p <profile_name>  3. Run the data collection <rda> Run the data collection. If you want to perform setup and run in one go, then use a command such as the following: <rda> -vnSCRP -p <profile name> For more information, refer to: Remote Diagnostic Agent (RDA) 4 - Profile Manual Pages [ID 391983.1] Additional Hints / Tips: 1. Be careful! Profile names are case sensitive.2. When profiles are not used, RDA considers all existing modules by default. For example, if you have downloaded RDA for the first time and run the command <rda> -S you will see prompts for every RDA collection module many of which will be of no interest to you. Also, you may, in your haste to work through all the questions, forget to say "Yes" to the collection of data that is pertinent to your particular problem or product. Profiles avoid such tedium and help ensure the right data is collected at the first time of asking.

    Read the article

  • Impressions on jQuery Mobile

    - by Jeff
    For the uninitiated, jQuery Mobile is a sweet little client framework that turns regular HTML into something more touch and mobile friendly. It results in a user interface that has bigger targets, rounded corners and simple skinning capability. When it was announced that ASP.NET MVC 4 would include support for a mobile-sensitive view engine, offering up alternate views for clients that fit the mobile profile, I was all over that. Combined with jQuery Mobile, it brought a chance to do some experimentation. I blitzed through the views in POP Forums and converted them all to mobile views. (For the curious, this first pass can be found here on CodePlex, while a more recent update that uses RC 2 of jQuery Mobile v1.1.0 is running on the demo site.) Initially, it was kind of a mixed bag. The jQuery demo site also acts as documentation, and it’s reasonably complete. I had no problem getting up a lot of basic views quickly, splitting out portions of some pages as subpages that they quickly load in. The default behavior in the older version was to slide the pages in, which looked a little weird when you were using a back button. They’ve since changed it so the default transition is a fade in/out. Because you’re dealing with Web pages, I don’t think anyone is really under the illusion that you’re not using a native app, so I don’t know that this matters. I’ve tested extensively on iPad and Windows Phone, and to be honest, I’ve encountered a lot of issues. On Windows Phone, there is some kind of inconsistency that prevents the proper respect for the viewport settings. The text background on text fields (for labeling) doesn’t work, either. On both platforms, certain in-DOM page navigation links work only half of the time. Is this an issue of user error? Probably, but that’s what’s frustrating about it. Most of what you accomplish with this framework involves decorating various elements with CSS classes. There isn’t any design-time safety to speak of to make sure that you’re doing it right. I think the issues can be overcome, but there are some trade-offs to consider. The first is download size. Yes, the scripts and CSS do get cached, but that first hit will cost nearly 40k for the mobile parts. That’s still a lot when you’re on some crappy AT&T EDGE network, or hotel Wi-Fi. Then you have to ask yourself, do you really want your app to look like it’s native to iOS? I’m not saying that’s a bad thing, because consistent UI is good, but you will end up feeling a whole lot of sameness, and maybe you don’t want that. I did some experimentation to try and Metro-ize the jQuery Mobile theme, and it’s kind of a mixed bag. It mostly works, but you get some weirdness on badges and with buttons that I’m not crazy about. It probably just means you need to keep tweaking. At this point, I’m a little torn about whether or not I’ll use it for POP Forums or one of the sites I’m working on. The benefits are pretty strong, but figuring out where I’m doing it wrong is proving a little time consuming.

    Read the article

  • ODI 12c - Aggregating Data

    - by David Allan
    This posting will look at the aggregation component that was introduced in ODI 12c. For many ETL tool users this shouldn't be a big surprise, its a little different than ODI 11g but for good reason. You can use this component for composing data with relational like operations such as sum, average and so forth. Also, Oracle SQL supports special functions called Analytic SQL functions, you can use a specially configured aggregation component or the expression component for these now in ODI 12c. In database systems an aggregate transformation is a transformation where the values of multiple rows are grouped together as input on certain criteria to form a single value of more significant meaning - that's exactly the purpose of the aggregate component. In the image below you can see the aggregate component in action within a mapping, for how this and a few other examples are built look at the ODI 12c Aggregation Viewlet here - the viewlet illustrates a simple aggregation being built and then some Oracle analytic SQL such as AVG(EMP.SAL) OVER (PARTITION BY EMP.DEPTNO) built using both the aggregate component and the expression component. In 11g you used to just write the aggregate expression directly on the target, this made life easy for some cases, but it wan't a very obvious gesture plus had other drawbacks with ordering of transformations (agg before join/lookup. after set and so forth) and supporting analytic SQL for example - there are a lot of postings from creative folks working around this in 11g - anything from customizing KMs, to bypassing aggregation analysis in the ODI code generator. The aggregate component has a few interesting aspects. 1. Firstly and foremost it defines the attributes projected from it - ODI automatically will perform the grouping all you do is define the aggregation expressions for those columns aggregated. In 12c you can control this automatic grouping behavior so that you get the code you desire, so you can indicate that an attribute should not be included in the group by, that's what I did in the analytic SQL example using the aggregate component. 2. The component has a few other properties of interest; it has a HAVING clause and a manual group by clause. The HAVING clause includes a predicate used to filter rows resulting from the GROUP BY clause. Because it acts on the results of the GROUP BY clause, aggregation functions can be used in the HAVING clause predicate, in 11g the filter was overloaded and used for both having clause and filter clause, this is no longer the case. If a filter is after an aggregate, it is after the aggregate (not sometimes after, sometimes having).  3. The manual group by clause let's you use special database grouping grammar if you need to. For example Oracle has a wealth of highly specialized grouping capabilities for data warehousing such as the CUBE function. If you want to use specialized functions like that you can manually define the code here. The example below shows the use of a manual group from an example in the Oracle database data warehousing guide where the SUM aggregate function is used along with the CUBE function in the group by clause. The SQL I am trying to generate looks like the following from the data warehousing guide; SELECT channel_desc, calendar_month_desc, countries.country_iso_code,       TO_CHAR(SUM(amount_sold), '9,999,999,999') SALES$ FROM sales, customers, times, channels, countries WHERE sales.time_id=times.time_id AND sales.cust_id=customers.cust_id AND   sales.channel_id= channels.channel_id  AND customers.country_id = countries.country_id  AND channels.channel_desc IN   ('Direct Sales', 'Internet') AND times.calendar_month_desc IN   ('2000-09', '2000-10') AND countries.country_iso_code IN ('GB', 'US') GROUP BY CUBE(channel_desc, calendar_month_desc, countries.country_iso_code); I can capture the source datastores, the filters and joins using ODI's dataset (or as a traditional flow) which enables us to incrementally design the mapping and the aggregate component for the sum and group by as follows; In the above mapping you can see the joins and filters declared in ODI's dataset, allowing you to capture the relationships of the datastores required in an entity-relationship style just like ODI 11g. The mix of ODI's declarative design and the common flow design provides for a familiar design experience. The example below illustrates flow design (basic arbitrary ordering) - a table load where only the employees who have maximum commission are loaded into a target. The maximum commission is retrieved from the bonus datastore and there is a look using employees as the driving table and only those with maximum commission projected. Hopefully this has given you a taster for some of the new capabilities provided by the aggregate component in ODI 12c. In summary, the actions should be much more consistent in behavior and more easily discoverable for users, the use of the components in a flow graph also supports arbitrary designs and the tool (rather than the interface designer) takes care of the realization using ODI's knowledge modules. Interested to know if a deep dive into each component is interesting for folks. Any thoughts? 

    Read the article

  • Using Transaction Logging to Recover Post-Archived Essbase data

    - by Keith Rosenthal
    Data recovery is typically performed by restoring data from an archive.  Data added or removed since the last archive took place can also be recovered by enabling transaction logging in Essbase.  Transaction logging works by writing transactions to a log store.  The information in the log store can then be recovered by replaying the log store entries in sequence since the last archive took place.  The following information is recorded within a transaction log entry: Sequence ID Username Start Time End Time Request Type A request type can be one of the following categories: Calculations, including the default calculation as well as both server and client side calculations Data loads, including data imports as well as data loaded using a load rule Data clears as well as outline resets Locking and sending data from SmartView and the Spreadsheet Add-In.  Changes from Planning web forms are also tracked since a lock and send operation occurs during this process. You can use the Display Transactions command in the EAS console or the query database MAXL command to view the transaction log entries. Enabling Transaction Logging Transaction logging can be enabled at the Essbase server, application or database level by adding the TRANSACTIONLOGLOCATION essbase.cfg setting.  The following is the TRANSACTIONLOGLOCATION syntax: TRANSACTIONLOGLOCATION [appname [dbname]] LOGLOCATION NATIVE ENABLE | DISABLE Note that you can have multiple TRANSACTIONLOGLOCATION entries in the essbase.cfg file.  For example: TRANSACTIONLOGLOCATION Hyperion/trlog NATIVE ENABLE TRANSACTIONLOGLOCATION Sample Hyperion/trlog NATIVE DISABLE The first statement will enable transaction logging for all Essbase applications, and the second statement will disable transaction logging for the Sample application.  As a result, transaction logging will be enabled for all applications except the Sample application. A location on a physical disk other than the disk where ARBORPATH or the disk files reside is recommended to optimize overall Essbase performance. Configuring Transaction Log Replay Although transaction log entries are stored based on the LOGLOCATION parameter of the TRANSACTIONLOGLOCATION essbase.cfg setting, copies of data load and rules files are stored in the ARBORPATH/app/appname/dbname/Replay directory to optimize the performance of replaying logged transactions.  The default is to archive client data loads, but this configuration setting can be used to archive server data loads (including SQL server data loads) or both client and server data loads. To change the type of data to be archived, add the TRANSACTIONLOGDATALOADARCHIVE configuration setting to the essbase.cfg file.  Note that you can have multiple TRANSACTIONLOGDATALOADARCHIVE entries in the essbase.cfg file to adjust settings for individual applications and databases. Replaying the Transaction Log and Transaction Log Security Considerations To replay the transactions, use either the Replay Transactions command in the EAS console or the alter database MAXL command using the replay transactions grammar.  Transactions can be replayed either after a specified log time or using a range of transaction sequence IDs. The default when replaying transactions is to use the security settings of the user who originally performed the transaction.  However, if that user no longer exists or that user's username was changed, the replay operation will fail. Instead of using the default security setting, add the REPLAYSECURITYOPTION essbase.cfg setting to use the security settings of the administrator who performs the replay operation.  REPLAYSECURITYOPTION 2 will explicitly use the security settings of the administrator performing the replay operation.  REPLAYSECURITYOPTION 3 will use the administrator security settings if the original user’s security settings cannot be used. Removing Transaction Logs and Archived Replay Data Load and Rules Files Transaction logs and archived replay data load and rules files are not automatically removed and are only removed manually.  Since these files can consume a considerable amount of space, the files should be removed on a periodic basis. The transaction logs should be removed one database at a time instead of all databases simultaneously.  The data load and rules files associated with the replayed transactions should be removed in chronological order from earliest to latest.  In addition, do not remove any data load and rules files with a timestamp later than the timestamp of the most recent archive file. Partitioned Database Considerations For partitioned databases, partition commands such as synchronization commands cannot be replayed.  When recovering data, the partition changes must be replayed manually and logged transactions must be replayed in the correct chronological order. If the partitioned database includes any @XREF commands in the calc script, the logged transactions must be selectively replayed in the correct chronological order between the source and target databases. References For additional information, please see the Oracle EPM System Backup and Recovery Guide.  For EPM 11.1.2.2, the link is http://docs.oracle.com/cd/E17236_01/epm.1112/epm_backup_recovery_1112200.pdf

    Read the article

  • SQL SERVER – Importance of User Without Login

    - by pinaldave
    Some questions are very open ended and it is very hard to come up with exact requirements. Here is one question I was asked in recent User Group Meeting. Question: “In recent version of SQL Server we can create user without login. What is the use of it?” Great question indeed. Let me first attempt to answer this question but after reading my answer I need your help. I want you to help him as well with adding more value to it. Answer: Let us visualize a scenario. An application has lots of different operations and many of them are very sensitive operations. The common practice was to do give application specific role which has more permissions and access level. When a regular user login (not system admin), he/she might have very restrictive permissions. The application itself had a user name and password which means applications can directly login into the database and perform the operation. Developers were well aware of the username and password as it was embedded in the application. When developer leaves the organization or when the password was changed, the part of the application had to be changed where the same username and passwords were used. Additionally, developers were able to use the same username and password and login directly to the same application. In earlier version of SQL Server there were application roles. The same is later on replaced by “User without Login”. Now let us recreate the above scenario using this new “User without Login”. In this case, User will have to login using their own credentials into SQL Server. This means that the user who is logged in will have his/her own username and password. Once the login is done in SQL Server, the user will be able to use the application. Now the database should have another User without Login which has all the necessary permissions and rights to execute various operations. Now, Application will be able to execute the script by impersonating “user without login – with more permissions”. Here there is assumed that user login does not have enough permissions and another user (without login) there are more rights. If a user knows how the application is using the database and their various operations, he can switch the context to user without login making him enable for doing further modification. Make sure to explicitly DENY view definition permission on the database. This will make things further difficult for user as he will have to know exact details to get additional permissions. If a user is System Admin all the details which I just mentioned in above three paragraphs does not apply as admin always have access to everything. Additionally, the method describes above is just one of the architecture and if someone is attempting to damage the system, they will still be able to figure out a workaround. You will have to put further auditing and policy based management to prevent such incidents and accidents. I guess this is my answer. I read it multiple times but I still feel that I am missing something. There should be more to this concept than what I have just described. I have merely described one scenario but there will be many more scenarios where this situation will be useful. Now is your turn to help – please leave a comment with the additional suggestion where exactly “User without Login” will be useful as well did I miss anything when I described above scenario. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • Nokia Lumia 920 Windows Phone 8 Announcement

    - by Tim Murphy
    Today Nokia and Microsoft had an event to officially introduce the Lumia 920.  Below is a rundown of some of the things I found interesting. As a person who likes photography there was a lot to drool over.  The main feature that caught my attention was PureView with its optical stabilization.  This alone should improve the majority of you pictures.  Add to that the SmartShoot Object remover that uses multiple images to remove unwanted people or objects that move through your picture and you never have to accept reality again. For the most part the lenses concept introduced in Windows Phone 8 just makes the usability of leveraging camera better.  Of course that is Microsoft’s selling point.  One lens that caught my attention was the Bing lens.  I have to say it is about time that we can take pictures and use them to search for answers using Bing. There were a couple of features shown that involved augmented reality.  One was similar to the yapf application that is already in the market which overlays restaurants and other destination over live camera views.  The other was using the navigation directions with a live view. Then you get down to some of the physical features of the Lumia 920.  The one that got the most stage time is that it has a great 2000mah battery which can be charged wirelessly.  They also pointed out the improved glare reduction of the 4.5 in. curved glass screen.  This hardware improvement is improved further with software that detects glare conditions and adjusts the display attributes to enhance viewing ease. Adding to the wireless cool factor of the Lumia 920 is the general NFC capabilities.  This was demonstrated with NFC docking stations as well as JBL speakers and headphones. There was one more hardware feature that I applauded.  The super sensitive touch screen did away with one of my pet peeves with capacitive touch screens.  You will never have to remove you gloves to operate your phone again.  The mittens that they did the demo with looked more like boxing gloves. I was disappointed with Joe Belfiore said that they were only going to show a couple of new features of the Windows Phone 8 and would hear more at future events.  One of the things he did show is the ability to customize which buttons you preferred as defaults in IE10.  For example you could have the folders button where the refresh button normally is.  He also showed that at long last you can natively take screenshots on your phone.  Hopefully he will be back quickly to give us the rest of the features. The most disappointing part of the event was that we never found out when they would be released or how much they would cost.  Let’s hope this comes soon.  Even with these couple of items still left on my wish list I can’t wait to get my hands on a Lumia 920.  del.icio.us Tags: Windows Phone,Windows Phone 8,Nokia,Lumia,Lumia 920,Microsoft

    Read the article

  • Stale statistics on a newly created temporary table in a stored procedure can lead to poor performance

    - by sqlworkshops
    When you create a temporary table you expect a new table with no past history (statistics based on past existence), this is not true if you have less than 6 updates to the temporary table. This might lead to poor performance of queries which are sensitive to the content of temporary tables.I was optimizing SQL Server Performance at one of my customers who provides search functionality on their website. They use stored procedure with temporary table for the search. The performance of the search depended on who searched what in the past, option (recompile) by itself had no effect. Sometimes a simple search led to timeout because of non-optimal plan usage due to this behavior. This is not a plan caching issue rather temporary table statistics caching issue, which was part of the temporary object caching feature that was introduced in SQL Server 2005 and is also present in SQL Server 2008 and SQL Server 2012. In this customer case we implemented a workaround to avoid this issue (see below for example for workarounds).When temporary tables are cached, the statistics are not newly created rather cached from the past and updated based on automatic update statistics threshold. Caching temporary tables/objects is good for performance, but caching stale statistics from the past is not optimal.We can work around this issue by disabling temporary table caching by explicitly executing a DDL statement on the temporary table. One possibility is to execute an alter table statement, but this can lead to duplicate constraint name error on concurrent stored procedure execution. The other way to work around this is to create an index.I think there might be many customers in such a situation without knowing that stale statistics are being cached along with temporary table leading to poor performance.Ideal solution is to have more aggressive statistics update when the temporary table has less number of rows when temporary table caching is used. I will open a connect item to report this issue.Meanwhile you can mitigate the issue by creating an index on the temporary table. You can monitor active temporary tables using Windows Server Performance Monitor counter: SQL Server: General Statistics->Active Temp Tables. The script to understand the issue and the workaround is listed below:set nocount onset statistics time offset statistics io offdrop table tab7gocreate table tab7 (c1 int primary key clustered, c2 int, c3 char(200))gocreate index test on tab7(c2, c1, c3)gobegin trandeclare @i intset @i = 1while @i <= 50000begininsert into tab7 values (@i, 1, ‘a’)set @i = @i + 1endcommit trangoinsert into tab7 values (50001, 1, ‘a’)gocheckpointgodrop proc test_slowgocreate proc test_slow @i intasbegindeclare @j intcreate table #temp1 (c1 int primary key)insert into #temp1 (c1) select @iselect @j = t7.c1 from tab7 t7 inner join #temp1 t on (t7.c2 = t.c1)endgodbcc dropcleanbuffersset statistics time onset statistics io ongo–high reads as expected for parameter ’1'exec test_slow 1godbcc dropcleanbuffersgo–high reads that are not expected for parameter ’2'exec test_slow 2godrop proc test_with_recompilegocreate proc test_with_recompile @i intasbegindeclare @j intcreate table #temp1 (c1 int primary key)insert into #temp1 (c1) select @iselect @j = t7.c1 from tab7 t7 inner join #temp1 t on (t7.c2 = t.c1)option (recompile)endgodbcc dropcleanbuffersset statistics time onset statistics io ongo–high reads as expected for parameter ’1'exec test_with_recompile 1godbcc dropcleanbuffersgo–high reads that are not expected for parameter ’2'–low reads on 3rd execution as expected for parameter ’2'exec test_with_recompile 2godrop proc test_with_alter_table_recompilegocreate proc test_with_alter_table_recompile @i intasbegindeclare @j intcreate table #temp1 (c1 int primary key)–to avoid caching of temporary tables one can create a constraint–but this might lead to duplicate constraint name error on concurrent usagealter table #temp1 add constraint test123 unique(c1)insert into #temp1 (c1) select @iselect @j = t7.c1 from tab7 t7 inner join #temp1 t on (t7.c2 = t.c1)option (recompile)endgodbcc dropcleanbuffersset statistics time onset statistics io ongo–high reads as expected for parameter ’1'exec test_with_alter_table_recompile 1godbcc dropcleanbuffersgo–low reads as expected for parameter ’2'exec test_with_alter_table_recompile 2godrop proc test_with_index_recompilegocreate proc test_with_index_recompile @i intasbegindeclare @j intcreate table #temp1 (c1 int primary key)–to avoid caching of temporary tables one can create an indexcreate index test on #temp1(c1)insert into #temp1 (c1) select @iselect @j = t7.c1 from tab7 t7 inner join #temp1 t on (t7.c2 = t.c1)option (recompile)endgoset statistics time onset statistics io ondbcc dropcleanbuffersgo–high reads as expected for parameter ’1'exec test_with_index_recompile 1godbcc dropcleanbuffersgo–low reads as expected for parameter ’2'exec test_with_index_recompile 2go

    Read the article

  • Why won't my Broadcom BCM4312 LP-PHY work with the STA driver?

    - by Jackson Taylor
    I tried the steps here for a 4312: https://help.ubuntu.com/community/WifiDocs/Driver/bcm43xx Both of these: sudo modprobe -r b43 ssb wl sudo modprobe wl return: FATAL: Module wl not found. FATAL: Error running install command for wl (this one is only for the second one actually) I tried the broadcom-sta, didn't work. What's confusing is down below in the next steps for STA with internet access it says to use the bcmwl one. So I install that and it succeeds but with some errors: sudo apt-get install bcmwl-kernel-source Reading package lists... Done Building dependency tree Reading state information... Done The following package was automatically installed and is no longer required: module-assistant Use 'apt-get autoremove' to remove it. The following NEW packages will be installed: bcmwl-kernel-source 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0 B/1,181 kB of archives. After this operation, 3,609 kB of additional disk space will be used. Selecting previously unselected package bcmwl-kernel-source. (Reading database ... 168005 files and directories currently installed.) Unpacking bcmwl-kernel-source (from .../bcmwl-kernel-source_5.100.82.112+bdcom-0ubuntu3_amd64.deb) ... Setting up bcmwl-kernel-source (5.100.82.112+bdcom-0ubuntu3) ... Loading new bcmwl-5.100.82.112+bdcom DKMS files... Building only for 3.5.0-21-generic Building for architecture x86_64 Module build for the currently running kernel was skipped since the kernel source for this kernel does not seem to be installed. ERROR: Module b43 does not exist in /proc/modules ERROR: Module b43legacy does not exist in /proc/modules ERROR: Module ssb does not exist in /proc/modules ERROR: Module bcm43xx does not exist in /proc/modules ERROR: Module brcm80211 does not exist in /proc/modules ERROR: Module brcmfmac does not exist in /proc/modules ERROR: Module brcmsmac does not exist in /proc/modules ERROR: Module bcma does not exist in /proc/modules FATAL: Module wl not found. FATAL: Error running install command for wl update-initramfs: deferring update (trigger activated) Processing triggers for initramfs-tools ... update-initramfs: Generating /boot/initrd.img-3.5.0-21-generic jtaylor991@jtaylor991-whiteHP:~$ sudo modprobe wl FATAL: Module wl not found. FATAL: Error running install command for wl Then I do the modprobe wl commands listed above and it gives the above listed errors. It didn't work with the broadcom-sta driver either. I installed the b43 ones but nothing happened, and I don't know why so those are still installed. firmware-b43legacy-installer, b43-fwcutter and firmware-b43-lpphy-installer (yes it is a LP-PHY) are currently installed. If I go into System Settings Software Sources Additional Drivers it says "Using Broadcom 802.11 Linux STA wireless driver source from bcmwl-kernel-source (proprietary) But bcmwl-kernel-source isn't installed. I could try again but I remember rebooting and it still said this. What's funny is it found wireless networks during the Ubuntu setup/installation, I don't remember if I got it to connect or not though. I think it kept asking for a password when I put it in (yes it was right I showed password and looked at it) so I just ignored it. But right now the Enable Wireless option in the top right is just gone, it's just Enable Networking and I'm on ethernet on this HP Pavilion dv4-1435dx right here. If I run rfkill list it shows: 0: hp-wifi: Wireless LAN Soft blocked: no Hard blocked: no It was hard blocked at the beginning but unblocking it makes no change. Also it's a touch sensitive button, and it appears to be always orange no matter if it's enabled or not because when I touch it the hard blocked changes between yes and no in rfkill list. I think it was blue for a minute at one point. What is going on?!?! Help me! Lol, thanks for any and all of your time guys. Oh yeah this is Ubuntu 12.10 fresh install.

    Read the article

  • At what point does "constructive" criticism of your code become unhelpful?

    - by user15859
    I recently started as a junior developer. As well as being one of the least experienced people on the team, I'm also a woman, which comes with all sorts of its own challenges working in a male-dominated environment. I've been having problems lately because I feel like I am getting too much unwarranted pedantic criticism on my work. Let me give you an example of what happened recently. Team lead was too busy to push in some branches I made, so he didn't get to them until the weekend. I checked my mail, not really meaning to do any work, and found that my two branches had been rejected on the basis of variable names, making error messages more descriptive, and moving some values to the config file. I don't feel that rejecting my branch on this basis is useful. Lots of people were working over the weekend, and I had never said that I would be working. Effectively, some people were probably blocked because I didn't have time to make the changes and resubmit. We are working on a project that is very time-sensitive, and it seems to me that it's not helpful to outright reject code based on things that are transparent to the client. I may be wrong, but it seems like these kinds of things should be handled in patch type commits when I have time. Now, I can see that in some environments, this would be the norm. However, the criticism doesn't seem equally distributed, which is what leads to my next problem. The basis of most of these problems was due to the fact that I was in a codebase that someone else had written and was trying to be minimally invasive. I was mimicking the variable names used elsewhere in the file. When I stated this, I was bluntly told, "Don't mimic others, just do what's right." This is perhaps the least useful thing I could have been told. If the code that is already checked in is unacceptable, how am I supposed to tell what is right and what is wrong? If the basis of the confusion was coming from the underlying code, I don't think it's my responsibility to spend hours refactoring a whole file that someone else wrote (and works perfectly well), potentially introducing new bugs etc. I'm feeling really singled out and frustrated in this situation. I've gotten a lot better about following the standards that are expected, and I feel frustrated that, for example, when I refactor a piece of code to ADD error checking that was previously missing, I'm only told that I didn't make the errors verbose enough (and the branch was rejected on this basis). What if I had never added it to begin with? How did it get into the code to begin with if it was so wrong? This is why I feel so singled out: I constantly run into this existing problematic code, that I either mimic or refactor. When I mimic it, it's "wrong", and if I refactor it, I'm chided for not doing enough (and if I go all the way, introducing bugs, etc). Again, if this is such a problem, I don't understand how any code gets into the codebase, and why it becomes my responsibility when it was written by someone else, who apparently didn't have their code reviewed. Anyway, how do I deal with this? Please remember that I said at the top that I'm a woman, and I'm sure these guys don't usually have to worry about decorum when they're reviewing other guys' code, but honestly that doesn't work for me, and it's causing me to be less productive. I'm worried that if I talk to my manager about it, he'll think I can't handled the environment, etc.

    Read the article

  • Get Ready for Anytime, Anywhere Engagement

    - by Christie Flanagan
    Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Are you ready for 2015?  According to IDC, 2015 is the year when more users are projected to access the internet using mobile devices than with PC’s or other wired devices.  It’s no doubt that mobile devices are a critical means of communication today, and are on track to become increasingly more important in the coming years. However, device formats are so varied that delivering a mobile web experience that will engage site visitors and enhance your brand can be a daunting task. Solutions that empower organizations to easily extend their web presence to the mobile channel, while saving significant time and effort in managing mobile sites, are now essential in our ever connected mobile world. So what are some of the things organizations should look for in such a solution? Mobile device form factors, networks, protocols, and browsers vary widely, and reformatting web content for thousands of different device and software combinations is a prohibitive task. An effective mobile solution can make this process seamless by automatically formatting designated web content for mobile delivery.  By automatically detecting a site visitor’s device configuration, the selected web content can be sized and formatted for optimal display on that particular device. This can save tremendous time involved in building, formatting, and maintaining individual websites or mobile applications for different mobile devices. It’s not enough to simply support the thousands of different mobile device types that are out there. It’s also critical to make it easy for marketers and other business users to manage mobile sites and mobile content. Those responsible for maintaining an organization’s web and mobile experiences need the ability to edit content using rich text editor tools and then preview that content directly in the context of the mobile website and the traditional website, ideally from the same business user interface. Powerful capabilities such as these make managing the web experience for mobile devices easy, even with frequently changing content, across a multitude of different devices. This saves tremendous time involved in building, formatting, and maintaining individual websites or mobile applications for different mobile devices. When content or business needs change, the business user needs only to change site content once, and it is seamlessly deployed to the web and all mobile channels.Geo-location is another critical input to making the online experience engaging and relevant for web visitors who are increasingly mobile. A mobile solution should enable use of device GPS data to deliver location-based content and services to mobile website visitors. Organizations can provide mobile site visitors with location-sensitive search results, location-based offers and recommendations, integration of maps and directions into site content, and much more – all critical for meeting the needs of those on the go.To hear more about how mobile is changing the game, check out our recent webcast with Ted Schadler, Vice President, Principal Analyst, Forrester, where he discussed why mobile is the new face of engagement, or learn more about how to extend your web presence to the mobile channel with Oracle WebCenter Sites and Oracle WebCenter Sites Mobility Server.

    Read the article

  • Oracle Applications Cloud Release 8 Customization: Your User Interface, Your Text

    - by ultan o'broin
    Introducing the User Interface Text Editor In Oracle Applications Cloud Release 8, there’s an addition to the customization tool set, called the User Interface Text Editor  (UITE). When signed in with an application administrator role, users launch this new editing feature from the Navigator's Tools > Customization > User Interface Text menu option. See how the editor is in there with other customization tools? User Interface Text Editor is launched from the Navigator Customization menu Applications customers need a way to make changes to the text that appears in the UI, without having to initiate an IT project. Business users can now easily change labels on fields, for example. Using a composer and activated sandbox, these users can take advantage of the Oracle Metadata Services (MDS), add a key to a text resource bundle, and then type in their preferred label and its description (as a best practice for further work, I’d recommend always completing that description). Changing a simplified UI field label using Oracle Composer In Release 8, the UITE enables business users to easily change UI text on a much wider basis. As with composers, the UITE requires an activated sandbox where users can make their changes safely, before committing them for others to see. The UITE is used for editing UI text that comes from Oracle ADF resource bundles or from the Message Dictionary (or FND_MESSAGE_% tables, if you’re old enough to remember such things). Functionally, the Message Dictionary is used for the text that appears in business rule-type error, warning or information messages, or as a text source when ADF resource bundles cannot be used. In the UITE, these Message Dictionary texts are referred to as Multi-part Validation Messages.   If the text comes from ADF resource bundles, then it’s categorized as User Interface Text in the UITE. This category refers to the text that appears in embedded help in the UI or in simple error, warning, confirmation, or information messages. The embedded help types used in the application are explained in an Oracle Fusion Applications User Experience (UX) design pattern set. The message types have a UX design pattern set too. Using UITE  The UITE enables users to search and replace text in UI strings using case sensitive options, as well as by type. Users select singular and plural options for text changes, should they apply. Searching and replacing text in the UITE The UITE also provides users with a way to preview and manage changes on an exclusion basis, before committing to the final result. There might, for example, be situations where a phrase or word needs to remain different from how it’s generally used in the application, depending on the context. Previewing replacement text changes. Changes can be excluded where required. Multi-Part Messages The Message Dictionary table architecture has been inherited from Oracle E-Business Suite days. However, there are important differences in the Oracle Applications Cloud version, notably the additional message text components, as explained in the UX Design Patterns. Message Dictionary text has a broad range of uses as indicated, and it can also be reserved for internal application use, for use by PL/SQL and C programs, and so on. Message Dictionary text may even concatenate together at run time, where required. The UITE handles the flexibility of such text architecture by enabling users to drill down on each message and see how it’s constructed in total. That way, users can ensure that any text changes being made are consistent throughout the different message parts. Multi-part (Message Dictionary) message components in the UITE Message Dictionary messages may also use supportability-related numbers, the ones that appear appended to the message text in the application’s UI. However, should you have the requirement to remove these numbers from users' view, the UITE is not the tool for the job. Instead, see my blog about using the Manage Messages UI.

    Read the article

  • Setting up your project

    - by ssoolsma
    Before any coding we first make sure that the project is setup correctly. (Please note, that this blog is all about how I do it, and incase i forget, i can return here and read how i used to do it. Maybe you come up with some idea’s for yourself too.) In these series we will create a minigolf scoring cart. Please note that we eventually create a fully functional application which you cannot use unless you pay me alot of money! (And i mean alot!)   1. Download and install the appropriate tools. Download the following: - TestDriven.Net (free version on the bottom of the download page) - nUnit TestDriven is a visual studio plugin for many unittest frameworks, which allows you to run  / test code very easily with a right click –> run test. nUnit is the test framework of choice, it works seamless with TestDriven.   2. Create your project Fire up visual studio and create your DataAccess project:  MidgetWidget.DataAccess is it’s name. (I choose MidgetWidget as name for the solution). Also, make sure that the MidgetWidget.DataAccess project is a c# ClassLibary Hit OK to create the solution. (in the above example the checkbox Create directory for solution is checked, because i’m pointing the location to the root of c:\development where i want MidgetWidget to be created.   3. Setup the database. You should have thought about a database when you reach this point. Let’s assume that you’ve created a database as followed: Table name: LoginKey Fields: Id (PK), KeyName (uniqueidentifier), StartDate (datetime), EndDate (datetime) Table name:  Party Fields: Id (PK), Key (uniqueidentifier, Created (datetime) Table name:  Person Fields: Id(PK),  PartyId (int), Name (varchar) Tablename: Score Fields: Id (PK), Trackid (int), PersonId (int), Strokes (int) Tablename: Track Fields: Id (PK), Name (varchar) A few things to take note about the database setup. I’ve singularized all tablenames (not “Persons“ but “Person”. This is because in a few minutes, when this is in our code, we refer to the database objects as single rows. We retrieve a single Person not a single “Persons” from the database.   4. Create the entity framework In your solution tree create a new folder and call it “DataModel”. Inside this folder: Add new item –> and choose ADO.NET Entity Data Model. Name it “Entities.edmx” and hit  “Add”. Once the edmx is added, open it (double click) and right click the white area and choose “Update model from database…". Now, point it to your database (i include sensitive data in the connectionstring) and select all the tables. After that hit “Finish” and let the entity framework do it’s code generation. Et Voila, after a few seconds you have set up your entity model. Next post we will start building the data-access! I’m off to the beach.

    Read the article

  • Hosted Monitoring

    - by Grant Fritchey
    The concept of using services to take the place of writing a lot of your own code goes way, way back in computing history. The fundamentals of the concept go back to the dawn of computing with places like IBM hosting time-shares for computing power that you could rent for short periods of time. But things really took off with the building of the Web. Now, all the growth with virtual machines, hosted machines, hosted services from vendors like Amazon and Microsoft, the need to keep all of your software locally on physical boxes is just going the way of the dodo. There will likely always be some pieces of software that you keep on machines on your property or on your person, but the concept of keeping fundamental services locally is going away. As someone put it to me once, if you were starting a business right now, would you bother setting up an Exchange server to manage your email or would you just go to one of the external mail services for everything? For most of us (who are not Exchange admins) the answer is pretty easy. With all this momentum to having external services manage more and more of the infrastructure that’s not business unique, why would you burn up a server and license instance setting up monitoring for your SQL Servers? Of course, some of you are dealing with hyper-sensitive data that might require, through law or treaty, that you lock it down and never expose it to the intertubes, but most of us are not. So, what if someone else took on the basic hassle of setting up monitoring on your systems? That’s what we’re working on here at Red Gate. Right now it’s a private test, but we’re growing it and developing it and it’ll be going to a public beta, probably (hopefully) this year. I’m running it on my machines right now. The concept is pretty simple. You put a relay on your server, poke a hole in your firewall for it, and we start monitoring your server using SQL Monitor. It’s actually shocking how easy it is to get going. You still have to adjust your alerting thresholds, but that’s a standard part of alerting. Your pain threshold and my pain threshold for any given alert may be different. But from there, we do all the heavy lifting, keeping your data online and available, providing you with access to the information about how your servers are behaving, everything. Maybe it’s just me, but I’m really excited by this. I think we’re getting to a place where we can really help the small and medium sized businesses get a monitoring solution in place, quickly and easily. All you crazy busy, and possibly accidental, DBAs and system admins finally can set up monitoring without taking all the time to configure systems, run installs, and all the rest. You just have to tweak your alerts and you’re ready to run. If you are interested in checking it out, you can apply for the closed beta through the Monitor web page.

    Read the article

  • Is it OK to set "Cache-Control: public" when sending “304 Not Modified” for images stored in the dat

    - by Emilien
    After asking a question about sending “304 Not Modified” for images stored in the in the Google App Engine datastore, I now have a question about Cache-Control. My app now sends Last-Modified and Etag, but by default GAE alsto sends Cache-Control: no-cache. According to this page: The “no-cache” directive, according to the RFC, tells the browser that it should revalidate with the server before serving the page from the cache. [...] In practice, IE and Firefox have started treating the no-cache directive as if it instructs the browser not to even cache the page. As I DO want browsers to cache the image, I've added the following line to my code: self.response.headers['Cache-Control'] = "public" According to the same page as before: The “cache-control: public” directive [...] tells the browser and proxies [...] that the page may be cached. This is good for non-sensitive pages, as caching improves performance. The question is if this could be harmful to the application in some way? Would it be best to send Cache-Control: must-revalidate to "force" the browser to revalidate (I suppose that is the behavior that was originally the reason behind sending Cache-Control: no-cache) This directive insists that the browser must revalidate the page against the server before serving it from cache. Note that it implicitly lets the browser cache the page.

    Read the article

  • AbstractMethodError on org.apache.xalan.processor.TransformerFactoryImpl

    - by JBristow
    With the following code: private Document transformDoc(Source source) throws TransformerException, IOException { Transformer xslTransformer = TransformerFactory.newInstance().newTransformer(new StreamSource(pdfTransformXslt.getInputStream())); xslTransformer.setParameter("http://apache.org/xml/features/nonvalidating/load-external-dtd", false); xslTransformer.setParameter("http://xml.org/sax/features/validation", false); JDOMResult result = new JDOMResult(); xslTransformer.transform(source, result); return result.getDocument(); } I'm getting the following error: java.lang.AbstractMethodError: org.apache.xalan.processor.TransformerFactoryImpl.setFeature(Ljava/lang/String;Z)V Why is this? Here's my Maven dependency tree: ------------------------------------------------------------------------ Building mc-hub-batch task-segment: [dependency:tree] ------------------------------------------------------------------------ snapshot com.billmelater:mc-test-support:2.0.0.11-SNAPSHOT: checking for updates from repository.jboss.org [dependency:tree {execution: default-cli}] com.billmelater:mc-hub-batch:jar:2.0.0.11-SNAPSHOT +- com.billmelater:mc-hub-core:jar:2.0.0.11-SNAPSHOT:compile | +- commons-lang:commons-lang:jar:2.4:compile | +- commons-collections:commons-collections:jar:3.2.1:compile | +- commons-beanutils:commons-beanutils:jar:1.8.0:compile | +- commons-digester:commons-digester:jar:2.0:compile | | +- (commons-beanutils:commons-beanutils:jar:1.8.0:compile - omitted for duplicate) | | \- (commons-logging:commons-logging:jar:1.1.1:compile - version managed from 1.0.4; omitted for duplicate) | \- (org.springframework.batch:spring-batch-core:jar:2.0.2.RELEASE:compile - omitted for duplicate) +- com.billmelater:mc-test-support:jar:2.0.0.11-SNAPSHOT:test | +- (com.billmelater:mc-hub-core:jar:2.0.0.11-SNAPSHOT:test - omitted for duplicate) | +- (org.springframework:spring:jar:2.5.6:test - omitted for duplicate) | +- org.springframework:spring-jdbc:jar:2.5.6.SEC01:test | | +- (commons-logging:commons-logging:jar:1.1.1:test - omitted for duplicate) | | +- (org.springframework:spring-beans:jar:2.5.6.SEC01:test - omitted for conflict with 2.5.6) | | +- (org.springframework:spring-context:jar:2.5.6.SEC01:test - omitted for conflict with 2.5.6) | | +- (org.springframework:spring-core:jar:2.5.6.SEC01:test - omitted for conflict with 2.5.6) | | \- (org.springframework:spring-tx:jar:2.5.6.SEC01:test - omitted for conflict with 2.5.6) | +- (org.dbunit:dbunit:jar:2.4.5:test - omitted for duplicate) | +- (log4j:log4j:jar:1.2.15:test - omitted for duplicate) | +- (org.slf4j:slf4j-api:jar:1.5.6:compile - version managed from 1.5.8; scope updated from test; omitted for duplicate) | +- (org.slf4j:slf4j-log4j12:jar:1.5.6:test - omitted for duplicate) | +- org.jboss.seam:jboss-seam:jar:2.2.0.GA:test | | +- xstream:xstream:jar:1.1.3:test | | +- (xpp3:xpp3_min:jar:1.1.3.4.O:compile - scope updated from test; omitted for duplicate) | | \- org.jboss.el:jboss-el:jar:1.0_02.CR4:test | +- (org.testng:testng:jar:jdk15:5.8:test - omitted for duplicate) | +- (org.hibernate:hibernate-core:jar:3.3.2.GA:test - version managed from 3.3.0.SP1; omitted for duplicate) | +- org.hibernate:hibernate-entitymanager:jar:3.4.0.GA:test | | +- (org.hibernate:ejb3-persistence:jar:1.0.2.GA:test - omitted for duplicate) | | +- (org.hibernate:hibernate-commons-annotations:jar:3.1.0.GA:test - omitted for duplicate) | | +- (org.hibernate:hibernate-annotations:jar:3.4.0.GA:test - omitted for duplicate) | | +- (org.hibernate:hibernate-core:jar:3.3.2.GA:test - version managed from 3.3.0.SP1; omitted for duplicate) | | +- (org.slf4j:slf4j-api:jar:1.5.6:test - version managed from 1.4.2; omitted for duplicate) | | +- (dom4j:dom4j:jar:1.6.1-jboss:test - version managed from 1.6.1; omitted for duplicate) | | +- (javax.transaction:jta:jar:1.0.1B:test - version managed from 1.1; omitted for duplicate) | | \- javassist:javassist:jar:3.4.GA:test | +- (org.hibernate:hibernate-validator:jar:3.1.0.GA:test - omitted for duplicate) | +- (org.apache.velocity:velocity:jar:1.6.2:test - omitted for duplicate) | \- (ojdbc:ojdbc:jar:14:test - omitted for duplicate) +- org.springframework:spring:jar:2.5.6:compile +- org.springframework.batch:spring-batch-core:jar:2.0.2.RELEASE:compile | +- org.springframework.batch:spring-batch-infrastructure:jar:2.0.2.RELEASE:compile | | +- (commons-logging:commons-logging:jar:1.1.1:compile - omitted for duplicate) | | +- (org.springframework:spring-core:jar:2.5.6:compile - omitted for duplicate) | | \- (stax:stax:jar:1.2.0:compile - omitted for duplicate) | +- org.aspectj:aspectjrt:jar:1.5.4:compile | +- org.aspectj:aspectjweaver:jar:1.5.4:compile | +- com.thoughtworks.xstream:xstream:jar:1.3:compile | | \- xpp3:xpp3_min:jar:1.1.4c:compile | +- org.codehaus.jettison:jettison:jar:1.0:compile | +- org.springframework:spring-aop:jar:2.5.6:compile | | +- aopalliance:aopalliance:jar:1.0:compile | | +- (commons-logging:commons-logging:jar:1.1.1:compile - omitted for duplicate) | | +- (org.springframework:spring-beans:jar:2.5.6:compile - omitted for duplicate) | | \- (org.springframework:spring-core:jar:2.5.6:compile - omitted for duplicate) | +- org.springframework:spring-beans:jar:2.5.6:compile | | +- (commons-logging:commons-logging:jar:1.1.1:compile - omitted for duplicate) | | \- (org.springframework:spring-core:jar:2.5.6:compile - omitted for duplicate) | +- org.springframework:spring-context:jar:2.5.6:compile | | +- (aopalliance:aopalliance:jar:1.0:compile - omitted for duplicate) | | +- (commons-logging:commons-logging:jar:1.1.1:compile - omitted for duplicate) | | +- (org.springframework:spring-beans:jar:2.5.6:compile - omitted for duplicate) | | \- (org.springframework:spring-core:jar:2.5.6:compile - omitted for duplicate) | +- org.springframework:spring-core:jar:2.5.6:compile | | \- (commons-logging:commons-logging:jar:1.1.1:compile - omitted for duplicate) | +- org.springframework:spring-tx:jar:2.5.6:compile | | +- (commons-logging:commons-logging:jar:1.1.1:compile - omitted for duplicate) | | +- (org.springframework:spring-beans:jar:2.5.6:compile - omitted for duplicate) | | +- (org.springframework:spring-context:jar:2.5.6:compile - omitted for duplicate) | | \- (org.springframework:spring-core:jar:2.5.6:compile - omitted for duplicate) | \- stax:stax:jar:1.2.0:compile | \- stax:stax-api:jar:1.0.1:compile +- commons-dbcp:commons-dbcp:jar:1.2.2:compile | \- commons-pool:commons-pool:jar:1.3:compile +- org.hibernate:hibernate-core:jar:3.3.2.GA:compile | +- antlr:antlr:jar:2.7.7:compile (version managed from 2.7.6) | +- dom4j:dom4j:jar:1.6.1-jboss:compile (version managed from 1.6.1) | +- javax.transaction:jta:jar:1.0.1B:compile (version managed from 1.1) | \- (org.slf4j:slf4j-api:jar:1.5.6:compile - version managed from 1.4.2; omitted for duplicate) +- org.hibernate:hibernate-validator:jar:3.1.0.GA:compile | +- (org.hibernate:hibernate-core:jar:3.3.2.GA:compile - version managed from 3.3.0.SP1; omitted for duplicate) | +- org.hibernate:hibernate-commons-annotations:jar:3.1.0.GA:compile | | \- (org.slf4j:slf4j-api:jar:1.5.6:compile - version managed from 1.4.2; omitted for duplicate) | \- (org.slf4j:slf4j-api:jar:1.5.6:compile - version managed from 1.4.2; omitted for duplicate) +- org.hibernate:hibernate-annotations:jar:3.4.0.GA:compile | +- org.hibernate:ejb3-persistence:jar:1.0.2.GA:compile | +- (org.hibernate:hibernate-commons-annotations:jar:3.1.0.GA:compile - omitted for duplicate) | +- (org.hibernate:hibernate-core:jar:3.3.2.GA:compile - version managed from 3.3.0.SP1; omitted for duplicate) | +- (org.slf4j:slf4j-api:jar:1.5.6:compile - version managed from 1.4.2; omitted for duplicate) | \- (dom4j:dom4j:jar:1.6.1-jboss:compile - version managed from 1.6.1; omitted for duplicate) +- ojdbc:ojdbc:jar:14:compile +- org.slf4j:slf4j-api:jar:1.5.6:compile +- org.slf4j:slf4j-log4j12:jar:1.5.6:compile | \- (org.slf4j:slf4j-api:jar:1.5.6:compile - version managed from 1.4.2; omitted for duplicate) +- log4j:log4j:jar:1.2.15:compile +- org.apache.velocity:velocity:jar:1.6.2:compile | +- (commons-collections:commons-collections:jar:3.2.1:compile - omitted for duplicate) | +- (commons-lang:commons-lang:jar:2.4:compile - omitted for duplicate) | \- oro:oro:jar:2.0.8:compile +- org.testng:testng:jar:jdk15:5.8:test +- org.dbunit:dbunit:jar:2.4.5:test | +- junit:junit:jar:4.7:test (version managed from 3.8.2) | +- (org.slf4j:slf4j-api:jar:1.5.6:test - version managed from 1.4.2; omitted for duplicate) | \- (commons-collections:commons-collections:jar:3.2.1:test - omitted for duplicate) +- hsqldb:hsqldb:jar:1.8.0.7:test +- jboss:javassist:jar:3.3.ga:provided +- org.jdom:jdom:jar:1.1:compile +- jaxen:jaxen:jar:1.1.1:provided +- org.apache.xmlgraphics:fop:jar:0.95:compile | +- (org.apache.xmlgraphics:xmlgraphics-commons:jar:1.3.1:compile - omitted for duplicate) | +- org.apache.xmlgraphics:batik-svg-dom:jar:1.7:compile | | +- (org.apache.xmlgraphics:batik-svg-dom:jar:1.7:compile - omitted for cycle) | | +- org.apache.xmlgraphics:batik-anim:jar:1.7:compile | | | +- (org.apache.xmlgraphics:batik-awt-util:jar:1.7:compile - omitted for duplicate) | | | +- (org.apache.xmlgraphics:batik-dom:jar:1.7:compile - omitted for duplicate) | | | +- (org.apache.xmlgraphics:batik-ext:jar:1.7:compile - omitted for duplicate) | | | \- (org.apache.xmlgraphics:batik-parser:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-awt-util:jar:1.7:compile - omitted for duplicate) | | +- org.apache.xmlgraphics:batik-css:jar:1.7:compile | | | +- (org.apache.xmlgraphics:batik-ext:jar:1.7:compile - omitted for duplicate) | | | +- (org.apache.xmlgraphics:batik-util:jar:1.7:compile - omitted for duplicate) | | | \- (xml-apis:xml-apis-ext:jar:1.3.04:compile - omitted for duplicate) | | +- org.apache.xmlgraphics:batik-dom:jar:1.7:compile | | | +- (org.apache.xmlgraphics:batik-css:jar:1.7:compile - omitted for duplicate) | | | +- (org.apache.xmlgraphics:batik-ext:jar:1.7:compile - omitted for duplicate) | | | +- (org.apache.xmlgraphics:batik-util:jar:1.7:compile - omitted for duplicate) | | | +- (org.apache.xmlgraphics:batik-xml:jar:1.7:compile - omitted for duplicate) | | | +- (xalan:xalan:jar:2.6.0:compile - omitted for duplicate) | | | \- (xml-apis:xml-apis-ext:jar:1.3.04:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-ext:jar:1.7:compile - omitted for duplicate) | | +- org.apache.xmlgraphics:batik-parser:jar:1.7:compile | | | +- (org.apache.xmlgraphics:batik-awt-util:jar:1.7:compile - omitted for duplicate) | | | +- (org.apache.xmlgraphics:batik-util:jar:1.7:compile - omitted for duplicate) | | | \- (org.apache.xmlgraphics:batik-xml:jar:1.7:compile - omitted for duplicate) | | +- org.apache.xmlgraphics:batik-util:jar:1.7:compile | | \- xml-apis:xml-apis-ext:jar:1.3.04:compile | +- org.apache.xmlgraphics:batik-bridge:jar:1.7:compile | | +- (org.apache.xmlgraphics:batik-anim:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-awt-util:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-css:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-dom:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-ext:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-bridge:jar:1.7:compile - omitted for cycle) | | +- (org.apache.xmlgraphics:batik-gvt:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-parser:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-bridge:jar:1.7:compile - omitted for cycle) | | +- org.apache.xmlgraphics:batik-script:jar:1.7:compile | | +- (org.apache.xmlgraphics:batik-svg-dom:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-util:jar:1.7:compile - omitted for duplicate) | | +- org.apache.xmlgraphics:batik-xml:jar:1.7:compile | | | \- (org.apache.xmlgraphics:batik-util:jar:1.7:compile - omitted for duplicate) | | +- xalan:xalan:jar:2.6.0:compile | | \- (xml-apis:xml-apis-ext:jar:1.3.04:compile - omitted for duplicate) | +- org.apache.xmlgraphics:batik-awt-util:jar:1.7:compile | | \- (org.apache.xmlgraphics:batik-util:jar:1.7:compile - omitted for duplicate) | +- org.apache.xmlgraphics:batik-gvt:jar:1.7:compile | | +- (org.apache.xmlgraphics:batik-awt-util:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-gvt:jar:1.7:compile - omitted for cycle) | | +- (org.apache.xmlgraphics:batik-bridge:jar:1.7:compile - omitted for duplicate) | | \- (org.apache.xmlgraphics:batik-util:jar:1.7:compile - omitted for duplicate) | +- org.apache.xmlgraphics:batik-transcoder:jar:1.7:compile | | +- (org.apache.xmlgraphics:batik-awt-util:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-bridge:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-dom:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-gvt:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-svg-dom:jar:1.7:compile - omitted for duplicate) | | +- org.apache.xmlgraphics:batik-svggen:jar:1.7:compile | | | +- (org.apache.xmlgraphics:batik-awt-util:jar:1.7:compile - omitted for duplicate) | | | \- (org.apache.xmlgraphics:batik-util:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-util:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-xml:jar:1.7:compile - omitted for duplicate) | | \- (xml-apis:xml-apis-ext:jar:1.3.04:compile - omitted for duplicate) | +- org.apache.xmlgraphics:batik-extension:jar:1.7:compile | | +- (org.apache.xmlgraphics:batik-awt-util:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-bridge:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-css:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-dom:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-ext:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-gvt:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-parser:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-svg-dom:jar:1.7:compile - omitted for duplicate) | | +- (org.apache.xmlgraphics:batik-util:jar:1.7:compile - omitted for duplicate) | | \- (xml-apis:xml-apis-ext:jar:1.3.04:compile - omitted for duplicate) | +- org.apache.xmlgraphics:batik-ext:jar:1.7:compile | +- commons-logging:commons-logging:jar:1.1.1:compile | +- commons-io:commons-io:jar:1.3.1:compile | \- org.apache.avalon.framework:avalon-framework-api:jar:4.3.1:compile +- org.apache.xmlgraphics:xmlgraphics-commons:jar:1.3.1:compile | +- (commons-io:commons-io:jar:1.3.1:compile - omitted for duplicate) | \- (commons-logging:commons-logging:jar:1.1.1:compile - version managed from 1.0.4; omitted for duplicate) +- org.easymock:easymock:jar:2.0:test \- org.easymock:easymockclassextension:jar:2.2:test +- (org.easymock:easymock:jar:2.2:test - omitted for conflict with 2.0) \- cglib:cglib-nodep:jar:2.2:test (version managed from 2.1_3) Can anyone tell me how to clear out intellij's classpath too?

    Read the article

  • Scope of StaticResource within a WPF ResourceDictionary

    - by Nicolas Webb
    I have a WPF ResourceDictionary with the following TextBlock: <TextBlock Visibility="{Binding Converter={StaticResource MyBoolProp ResourceKey=BoolToVis}}"> </TextBlock> The ResourceDictionary is included in App.xaml under MergedDictionaries: <Application.Resources> <ResourceDictionary> <ResourceDictionary.MergedDictionaries> <ResourceDictionary Source="MyResourceDictionary.xaml"/> Within the App.xaml I have defined the BoolToVis converter (again, under Application.Resources) <BooleanToVisibilityConverter x:Key="BoolToVis" /> When I start my app up - I get the following XamlParseException: "Provide value on 'System.Windows.Markup.StaticResourceHolder' threw an exception." The InnerException is: "Cannot find resource named 'BoolToVis'. Resource names are case sensitive." I'm able to refer to this converter directly with App.xaml (in fact, it's another TextBlock) and within other UserControls with no problems. This particular bit of code also worked fine under the .NET 4.0 RC (and Beta2). This error only started happening when I upgraded to the .NET 4.0 RTM. I'm able to work around it by declaring another BooleanToVisibilityConverter within MyResourceDictionary.xaml and referring to it like so: <TextBlock Visibility="{Binding Converter={StaticResource MyBoolProp ResourceKey=BoolToVis2}}"> </TextBlock> Any reason why I should need to do this?

    Read the article

  • Web application development platform recommendation

    - by TK.Maxi
    Hi all I did a year's worth of Pascal, Visual Basic and C++ 15 years ago, so suffice it to say that I'm a complete n00b & lamer when it comes to this. I really do hope that this question doesn't canned, but if it does, please be so kind as to point me in the direction of where it should be posted. I have an idea, like so many others, for a web app. I don't necessarily have the capital to outsource the development of the app right now, and I probably wouldn't want to, since non-disclosure agreements can be expensive to enforce, especially in this day and age of intercontinental outsourcing. I need the app to be usable on any mobile device (eventually), primarily on the major mobile platforms at first, on the web, (pc/mac/*ix) obviously, on mobile web browsers like opera mobile, etc. I envisage the app interacting with the major social networks like fb, orkut, msn im, twitter, et al in a way where friend's are messaged and/or wall posted, a message is posted to the users wall. Geo-location functionality is a plus, considering the service/app can be location sensitive in two ways, 1, the immediate location of the user, 2. the desired location of the user. I'd like to incorporate OpenID sign on, and the flip-side, the service will require that people (service providers) list their specialities/specialisations/interests/areas of expertise, so that matches to user requests can be made by the service, while users' requests are posted into the web universe. I've probably described a glut of apps out there, but I'd appreciate feedback on the sort of platform that I should look at using, be it hosted on something like Google's app engine, or written in android friendly code, or whatever. I'm a firm believer in herd mentality, especially at the start of a project that I have very little experience in. The more opinions, the merrier! I can't get very much more specific, since that would give the idea away. Thanks for your time and I look forward to hearing from wise and experienced and the fresh and innovative alike. Thanks

    Read the article

  • Common vulnerabilities for WinForms applications

    - by David Stratton
    I'm not sure if this is on-topic or not here, but it's so specific to .NET WinForms that I believe it makes more sense here than at the Security stackexchange site. (Also, it's related strictly to secure coding, and I think it's as on-topic as any question asking about common website vulnerabiitles that I see all over the site.) For years, our team has been doing threat modeling on Website projects. Part of our template includes the OWASP Top 10 plus other well-known vulnerabilities, so that when we're doing threat modeling, we always make sure that we have a documented process to addressing each of those common vulnerabilities. Example: SQL Injection (Owasp A-1) Standard Practice Use Stored Parameterized Procedures where feasible for access to data where possible Use Parameterized Queries if Stored Procedures are not feasible. (Using a 3rd party DB that we can't modify) Escape single quotes only when the above options are not feasible Database permissions must be designed with least-privilege principle By default, users/groups have no access While developing, document the access needed to each object (Table/View/Stored Procedure) and the business need for access. [snip] At any rate, we used the OWASP Top 10 as the starting point for commonly known vulnerabilities specific to websites. (Finally to the question) On rare occasions, we develop WinForms or Windows Service applications when a web app doesn't meet the needs. I'm wondering if there is an equivalent list of commonly known security vulnerabilities for WinForms apps. Off the top of my head, I can think of a few.... SQL Injection is still a concern Buffer Overflow is normally prevented by the CLR, but is more possible if using non-managed code mixed in with managed code .NET code can be decompiled, so storing sensitive info in code, as opposed to encrypted in the app.config... Is there such a list, or even several versions of such a list, from which we can borrow to create our own? If so, where can I find it? I haven't been able to find it, but if there is one, it would be a great help to us, and also other WinForms developers.

    Read the article

  • Preserving case in HTTP headers with Ruby's Net:HTTP

    - by emh
    Although the HTTP spec says that headers are case insensitive; Paypal, with their new adaptive payments API require their headers to be case-sensitive. Using the paypal adaptive payments extension for ActiveMerchant (http://github.com/lamp/paypal_adaptive_gateway) it seems that although the headers are set in all caps, they are sent in mixed case. Here is the code that sends the HTTP request: headers = { "X-PAYPAL-REQUEST-DATA-FORMAT" => "XML", "X-PAYPAL-RESPONSE-DATA-FORMAT" => "JSON", "X-PAYPAL-SECURITY-USERID" => @config[:login], "X-PAYPAL-SECURITY-PASSWORD" => @config[:password], "X-PAYPAL-SECURITY-SIGNATURE" => @config[:signature], "X-PAYPAL-APPLICATION-ID" => @config[:appid] } build_url action request = Net::HTTP::Post.new(@url.path) request.body = @xml headers.each_pair { |k,v| request[k] = v } request.content_type = 'text/xml' proxy = Net::HTTP::Proxy("127.0.0.1", "60723") server = proxy.new(@url.host, 443) server.use_ssl = true server.start { |http| http.request(request) }.body (i added the proxy line so i could see what was going on with Charles - http://www.charlesproxy.com/) When I look at the request headers in charles, this is what i see: X-Paypal-Application-Id ... X-Paypal-Security-Password... X-Paypal-Security-Signature ... X-Paypal-Security-Userid ... X-Paypal-Request-Data-Format XML X-Paypal-Response-Data-Format JSON Accept */* Content-Type text/xml Content-Length 522 Host svcs.sandbox.paypal.com I verified that it is not Charles doing the case conversion by running a similar request using curl. In that test the case was preserved.

    Read the article

  • Silverlight and Encryption, how to store/generate they key/iv pair?

    - by cmaduro
    I have a Silverlight app that connects to a php webservice. I want to encrypt the communication between the webservice and the Silverlight client. I'm not relying on SSL. I'm encrypting/decrypting the POST string myself using AES 256bit Key and IV. The big questions then are: How do I generate a random unique key/iv pair in PHP. How do I share this key/iv pair between the web service and silverlight client in a secure way. It seems impossible without having some kind of hard coded key or iv on the client. Which would compromise security. This is a public website, there are no logins. Just the requirement of secure communication. I can hard code the seed for the key/iv (which is hashed with SHA256 with a time stamp salt and then assigned as the key or iv) in PHP source code, that's on the server so that is pretty safe. However on the client the seed for the key/iv pair would be visible, if it is hard coded. Further more using a time stamp as the basis for uniqueness/randomness is definitely not ok, since timestamps are predictable. It does however provide a common factor between the C# code and the PHP code. The only other option that I can think of would be to have a 3rd service involved that provides the key/iv to the Silverlight client, as well as the php webservice. This of course start the cycle anew, with the question of how to store the credentials for accessing the key/iv distribution service on the Silverlight client. Sounds like the solution is then asymmetric encryption, since sensitive data will be viewed only on the administrative back end of the website. Unfortunately Silverlight has no asymmetric encryption classes. The solution? Roll my own Diffie-Hellman key exchange! Plug that key into AES256!

    Read the article

  • Confusion about Kerberos, delegation and SPNs.

    - by Vilx-
    I'm trying to write a proof-of-concept application that performs Kerberos delegation. I've written all the code, and it seems to working (I'm authenticating fine), but the resulting security context doesn't have the ISC_REQ_DELEGATE flag set. So I'm thinking that maybe one of the endpoints (client or server) is forbidden to delegate. However I'm not authenticating against an SPN. Just one domain user against another domain user. As the SPN for InitializeSecurityContext() I'm passing "[email protected]" (which is the user account under which the server application is running). As I understand, domain users have delegation enabled by default. Anyway, I asked the admin to check, and the "account is sensitive and cannot be delegated" checkbox is off. I know that if my server was running as a NETWORK SERVICE and I used an SPN to connect to it, then I'd need the computer account in AD to have the "Trust computer for delegation" checkbox checked (off by default), but... this is not the case, right? Or is it? Also - when the checkbox in the computer account is set, do the changes take place immediately, or must I reboot the server PC or wait for a while?

    Read the article

  • WCF NetTcpBinding Security - how does it work?

    - by RemotecUk
    Hi, encountered the following problems trying to work through the quagmire of settings in WCF... I created a WCF client server service using a NetTcp binding. I didn't make any changes to the security settings and when running on one machine it works very nicely. However, when I ran my client from another machine it complained that the server didnt like the security credentials that were sent. I understand now that NetTCP is "secured" by default and that my client would have been passing the wrong security details - namely the windows user name and password (or some form of domain authentication) to my server which as they are not running on the same domain it would not have liked. However, what I don't understand is as follows: I haven't specified any security in my binding - does the standard settings expect a windows user name or password to be sent? I don't have any certificate installed on my server - I understand that NetTCP bindings need some form of public private key to protect the credentials - yet this seemed to work when both client and server were on the same machine - how was the data getting encrypted? Or wants it as WCF knew it was on the same machine and encryption isn't needed? I have had to set my security mode on my client and server to "none" now and they connect nicely. However is there any way to encrypt my data without a certificate? Finally... what is the difference between Transport and Message security? To check my understanding (excuse the scenario!) message security is like if I sent a letter from person A to person B and I encode my hand writing to ensure that if anyone intercepts it they cannot read it? Transport Security is if I decide to have my letter sent by armed transport so that no one can get at it along the way? Is it possible to have any form of encryption in WCF without a certificate? My project is a private project and I dont want to purchase a certificate and the data isnt that sensitive anyway so its just for my own knowledge. Thanks in advance.

    Read the article

< Previous Page | 210 211 212 213 214 215 216 217 218 219 220 221  | Next Page >