Can a Windows 7 computer contain foreign characters for a login password
- by Luke101
Trying to harden our servers and would like to know if its possible for a windows 7 box to contain foreign characters?
Search Results
Search found 27912 results on 1117 pages for 'computer security'.
Page 25/1117 | < Previous Page | 21 22 23 24 25 26 27 28 29 30 31 32 | Next Page >
-
-
What tangible security are gained by blocking all but a few outgoing ports in a firewall
- by Frankie Dintino
Our current hardware firewall allows for blocking incoming and outgoing ports. We have two possibilities: Block certain troublesome ports (unsecured smtp, bittorrent, etc.) Block all but a few approved ports (http, https, ssh, imap-ssl, etc.) I see several downsides with option 2. Occasionally web servers are hosted on non-standard ports and we would have to deal with the resulting issues. Also, there is nothing preventing a malicious or unwanted service from being hosted on port 80, for instance. What are are the upsides?Read the article
-
Does disabling root login enhance security?
- by PJ
I have recently found an argument against disabling a root user login in Linux at http://archives.neohapsis.com/archives/openbsd/2005-03/2878.html I assume that, if everybody uses a public key authentication, there's no risk at losing the root password. Is it always better to disable the root login via ssh?Read the article
-
Exploratory Question for Security Admins (/etc/passwd + PHP)
- by JPerkSter
Hi everyone, I've been seeing a few issues lately on a few of my servers where an account gets hacked via outdated scripts, and the hacker uploads a cPanel / FTP Brute forcing PHP script inside the account. The PHP File reads /etc/passwd to get the usernames, and than uses a passwd.txt file to try and brute force it's way in to 127.0.0.1:2082. I'm trying to think of a way to block this. It doesn't POST anything except "GET /path/phpfile.php", so I can't use mod_security to block this. I've been thinking of maybe changing permissions on /etc/passwd to 600, however I'm unsure how this will result in regards to my users. I was also thinking of rate-limiting localhost connections to :2082, however I'm worried about mod_proxy being affected. Any suggestions?Read the article
-
Security issue on Linux with Netbeans
- by WebDevHobo
In order to edit some files in Netbeans, I had to do a chmod 777 on the parent-folder. Reason being that anything else would result in Netbeans not wanting to accept the folder, as it could not be written. Is there an other way to do this besides doing a chmod 777? I'm on Ubuntu 9.10, using Netbeans 6.7.1 And after that, I manually have to give each file the needed rights. There should be an easier way, I just don't know it. EDIT: I am running XAMPP and the files I'm trying to edit are in the htdocs folder. I'm running Netbeans as my local user account, which is how it starts if I have it run from the applications-menu.Read the article
-
Webserver security, intrusion detection, and file intregrity
- by enfield
I would like to add some type of tracking / alerting on some linux webservers running PHP and Apache. In doing searches I have come across a lot of info from 2006-2009. Would like to revisit things and see what others are doing now. The main purpose here is to track when any files are changed and if so alert me somehow. The same goes for IDS and hopefully something that can reside on same server? Since some of these are small scale projects I would prefer opensource/free solutions that are really effective. Although I would still like to hear of other alternatives if someone has the experience and the cost can be justified.Read the article
-
windows 2008 R2 TS printer security - can't take owership
- by Ian
I have a Windows 2008 R2 server with Terminal server role installed. I'm seeing a problem with an ordinary user who is member of local printer operators group on the server. If the user opens a cmd window using ‘run as administrator’ they can run printmanager.msc without needing to enter their password again. In printmanager they can change the ownership of redirected (easy print) printers without problems. If, from the same cmd window, they use subinacl to try and change the onwership of the queue to themselves they get access denied: >subinacl.exe /printer "_#MyPrinter (2 redirected)" /setowner="MyDom\MyUsr" Elapsed Time: 00 00:00:00 Done: 1, Modified 0, Failed 1, Syntax errors 0 Last Done : _#MyPrinter (2 redirected) Last Failed: _#MyPrinter (2 redirected) - OpenPrinter Error : 5 Access denied so, same context, same action but one works and one doesn't. Any ideas for this odd behaviour? I'm using subinacl x86 on an x64 server as I can't find anything more up to date. I've tried with icacls and others but couldn't get them to do anything with printers. EDIT: added after Gregs comments regarding setacl below If I log into the TS server as Testusr and open Admin Tools Printer Admin (as administrator) and then type mydomain\testusr and the testusr's password, then I can change the ownership of the printer queue and set testusr as the owner. However if I open cmd as administrator and, again, type mydomain\testusr and the users password when I try to change the ownership of my redirected printer I get the following: C:\>setacl -on "Bullzip PDF Printer (12 redireccionado)" -ot prn -actn setowner -ownr n:mydom\testusr WARNING: Privilege 'Back up files and directories' could not be enabled. SetACL's powers are restricted. WARNING: Privilege 'Restore files and directories' could not be enabled. SetACL's powers are restricted. INFORMATION: Processing ACL of: <Bullzip PDF Printer (12 redireccionado)> ERROR: Enabling the privilege SeTakeOwnershipPrivilege failed with: No todos los privilegios o grupos a los que se hace referencia son asignados al llamador. [meaning not all referenced privs or groups are assigned to the caller] SetACL finished with error(s): SetACL error message: A privilege could not be enabled maybe I'm getting something wrong but if the built in windows tool can do it with just membership of the 'print operators' group then setacl should be able to as well, no? However setacl seems to depend on other privileges, which in reality are not required to do this.Read the article
-
Security when, ssh Private keys are lost
- by Shree Mandadi
Cant explain my problem enough with words, Let me take an example.. and please multiple the complexity by a 100 for the Solution. User-A has two ssh private keys, and over time has used this public key on a number of servers He lost one of them, and has created a new pair. How does User-A, inform me (Sys Admin), that he has lost his key, and How do I manage all the servers to which he had access to (I do not have a list, of all Servers that User-A has access to). In other words, How do I recall, the public key associated with this Private key. REF: In the LDAP based Authentication, All Servers would communicate with a single Server repository for Authentication, and If I remove acess or modify the password on the Server, all Systems that use this LDAP for Authentication are secured, when User-A loses his password..Read the article
-
How to get started setting up IP security cameras
- by dave
I have just finished renovating my house. As part of the job, I have cat6 cable run through the house, including two external plugs. All cables terminate in the same location. My rough plan is to plug two IP cameras to monitor the front and rear, run POE from a central router to the two external cameras, plug my PC into the same router and run magic software X. Any machine plugged into the router or wirelessly connection should then be able to get a live feed and alerts based on motion detection. That's the plan, but I'm not sure how possible it is. What hardware to get and what monitoring software to get. Has anyone does something similar? What were your experiences?Read the article
-
Top ten security tips for non-technical users
- by Justin
I'm giving a presentation later this week to the staff at the company where I work. The goal of the presentation is to serve as a refresher/remidner of good practices that can help keep our network secure. The audience is made up of both programmers and non-technical staff, so the presentation is geared for non-technical users. I want part of this presentation to be a top list of "tips". The list needs to be short (to encourage memory) and be specific and relevant to the user. I have the following five items so far: Never open an attachment you didn't expect Only download software from a trusted source, like download.com Do not distribute passwords when requested via phone or email Be wary of social engineering Do not store sensitive data on an FTP server I have two questions: Do you suggest any additional items? Do you suggest any changes to existing items?Read the article
-
Security and encryption with OpenVPN
- by Chris Tenet
The UK government is trying to implement man-in-the-middle attack systems in order to capture header data in all packets. They are also equipping the "black boxes" they will use with technology to see encrypted data (see the Communications Data Bill). I use a VPN to increase my privacy. It uses OpenVPN, which in turn uses the OpenSSL libraries for encrypting data. Will the government be able to see all the data going through the VPN connection? Note: the VPN server is located in Sweden, if that makes a difference.Read the article
-
Security: Unable to display current owner
- by Jim McKeeth
I have a user with local administrative rights on their Windows 7 64-bit box. They extracted a file from a zip file they downloaded with the Zip shell extension to their desktop on a non-encrypted or compressed NTFS volume. Unfortunately they cannot open it. I tried to take ownership of it and it just reports "Access is Denied" and for the current owner it reports "Unable to display current owner." At this point the file cannot be deleted, executed or modified. I have actually seen this exact same happen in Vista before, but I can't for the life of me remember how to fix it. Any ideas how it happened or how to fix it? I'd be happy just to delete it without a format at this point.Read the article
-
windows 2008 R2 TS printer security - can't take owership
- by Ian
I have a Windows 2008 R2 server with Terminal server role installed. I'm seeing a problem with an ordinary user who is member of local printer operators group on the server. If the user opens a cmd window using ‘run as administrator’ they can run printmanager.msc without needing to enter their password again. In printmanager they can change the ownership of redirected (easy print) printers without problems. If, from the same cmd window, they use subinacl to try and change the onwership of the queue to themselves they get access denied: >subinacl.exe /printer "_#MyPrinter (2 redirected)" /setowner="MyDom\MyUsr" Elapsed Time: 00 00:00:00 Done: 1, Modified 0, Failed 1, Syntax errors 0 Last Done : _#MyPrinter (2 redirected) Last Failed: _#MyPrinter (2 redirected) - OpenPrinter Error : 5 Access denied so, same context, same action but one works and one doesn't. Any ideas for this odd behaviour? I'm using subinacl x86 on an x64 server as I can't find anything more up to date. I've tried with icacls and others but couldn't get them to do anything with printers.Read the article
-
Apache Request IP Based Security
- by connec
I run an Apache server on my home system that I've made available over the internet as I'm not always at my home system. Naturally I don't want all my home server files public, so until now I've simply had: Order allow, deny Deny from all Allow from 127.0.0.1 in my core configuration and just Allow from all in the htaccess of any directories I wanted publicly viewable. However I've decided a better system would be to centralise all the access control and just require authentication (HTTP basic) for requests not to 127.0.0.1/localhost. Is this achievable with Apache/modules? If so how would I go about it? Cheers.Read the article
-
Computer Invisible On Domain
- by Giawa
Good afternoon, I'm sorry that this isn't a programming question specifically, but stackoverflow has been great at answering questions in the past, so I thought I'd give it a shot. One of our Linux users attempted to install Cygwin on our Windows Server 2008 Domain Controller. Now it is no longer possible to browse the domain and see all of the computers. For example, \\my_domain_name will just bring up a username/password dialog box (that will not accept any username or password, even the domain administrator) and no computers will ever be listed. However, I can still connect to computers based on their name or IP address. So \\eridanus or \\192.168.1.85 still work to connect to the shared directories of computers on our network. Does anyone know where I can find these settings? and how I can fix this problem? Thanks, GiawaRead the article
-
Installing a personal security certificate for Windows Server 2008 Terminal Services user
- by Rick
We use StoneEdge Order Manager, which runs under Microsoft Access, on several Windows computers as well as through Terminal Services on Windows Server 2008. Terminal Services users are unable to process credit cards using the First Data Global Gateway on the server. We have followed the necessary setup instructions provided under the user account, which involves adding a certificate in the Internet Options control panel. The Windows XP desktops require this to be done, or a generic 'unable to connect' message is shown when attempting to charge a card. On the server, this message is shown regardless of whether the certificate has been installed. Is there anything else that needs to be done that is specific to Windows Server that is not mentioned in the workstation instructions? Setup InstructionsRead the article
-
How should I track approval workflow when users at every security level can create a request?
- by Eric Belair
I am writing a new application that allows users to enter requests. Once a request is entered, it must follow an approval workflow to be finally approved by a user the highest security level. So, let's say a user at Security Level 1 enters a request. This request must be approved by his superior - a user at Security Level 2. Once the Security Level 2 user approves it, it must be approved by a user at Security Level 3. Once the Security Level 3 user approves it, it is considered fully approved. However, users at any of the three Security Levels can enter requests. So, if a Security Level 3 user enters a request, it is automatically considered "fully approved". And, if a Security Level 2 user enters a request, it must only be approved by a Security Level 3 user. I'm currently storing each approval status in a Database Log Table, like so: STATUS_ID (PK) REQUEST_ID STATUS STATUS_DATE -------------- ------------- ---------------- ----------------------- 1 1 USER_SUBMIT 2012-09-01 00:00:00.000 2 1 APPROVED_LEVEL2 2012-09-01 01:00:00.000 3 1 APPROVED_LEVEL3 2012-09-01 02:00:00.000 4 2 USER_SUBMIT 2012-09-01 02:30:00.000 5 2 APPROVED_LEVEL2 2012-09-01 02:45:00.000 My question is, which is a better design: Record all three statuses for every request ...or... Record only the statuses needed according to the Security Level of the user submitting the request In Case 2, the data might look like this for two requests - one submitted by Security Level 2 User and another submitted by Security Level 3 user: STATUS_ID (PK) REQUEST_ID STATUS STATUS_DATE -------------- ------------- ---------------- ----------------------- 1 3 APPROVED_LEVEL2 2012-09-01 01:00:00.000 2 3 APPROVED_LEVEL3 2012-09-01 02:00:00.000 3 4 APPROVED_LEVEL3 2012-09-01 02:00:00.000Read the article
-
MS in Computer Science after BE in electronics
- by Abhinav
I am doing my 3rd year Bachelors in Electronics and Electrical Communication but from the first year I have been interested in Computer Science. But at that time it was just my hobby. But in second year when I joined robotics my love for computer science rose. I with my team came in top three in 2 National Competition (Technical fests of different IITs) where we used Image Processing, Hardware interfacing etc. But then I realised that Computer Science is not just about coding. I took many lectures from online free schools like Udacity, Coursera in subjects related to Artificial Intelligence, Building a Search Engine, Design and Analysis of Algorithm, Programming a Robotic Car, Programming Languages, Machine Learning, Software Engineering as a Service, WebApps Engineering, Compilers, Applied Crypotography etc. I also did some courses in Core and Advanced Java in my second year from training institute. I will also be taking course in Statistics, Databases, Discrete Mathematics from 25th June. Now I realized how vast is the field of Computer Science and how efficient you become on deciding algorithms and classifying problems into different subfields which have been thoroughly researched so you don't always do brute force thing or naive programming. Now this field has become kind of passion for me. Adding to the fact I am also doing my 6 months internship in software field in Texas Instruments where I am working on Automation and Algorithms. I also have some 5-6 good college level projects in Softwares and Robotics. I also like Electronics but only some fields like Operating System(this subject was there in Electronics also), Micro Processor, Digital, Computer Architecture, DSPs etc. I really want to pursue MS in some field of Computer Science. I am giving GRE in October/November. Till now I have good CG of around 9.4/10 and my 1 year in college is still left. Do I have any chance that some good University in US will consider me for MS in field related to computer science or Robotics. Also Can you suggest somethings that I can do during this 1 year to increase my chances for MS or should I apply for EECS(Electrical Engineering and Computer Science) and then I can shift more towards Computer Science as my major option. My main aim is to do Phd after Ms in CS if I am able to do that somehow. I know that I have to put much extra effort to understand things in MS than CS undergraduates but I will do that with my full dedication, also when I communicate with my college CS students or during my internship period I didn't feel that I am missing very much stuff that they know and was very comfortable during my internship with software employees.Read the article
-
Developing a computer system based on Nand2Tetris [on hold]
- by Ryan
I recently finished a book called Nand2Tetris (nand2tetris.org) where I built my own computer system from scratch with its own machine language, assembly code, and a high level language called Jack that's translated to Hack binary. However, I feel like the "computer" I built throughout the course of this book (called the Hack computer) is a bit too simple for various reasons: 1) There are only two registers (D and A), whereas most computers have much more 2) Peripheral devices like mouse and keyboard have to be directly implemented 3) Peripheral devices use a pre-planned shared memory map to communicate with the CPU instead of using interrupts (which aren't covered at all) 4) Jack (the high level language) code doesn't compile to Assembly code directly, instead it compiles to an intermediate language, which in turn gets translated to Assembly. 5) There is no ROM or permanent storage device, everything is stored in RAM 6) No support for colored monitor, networking or sound I would like to build a more complicated computer system now based on what I've learned from Nand2Tetris. Does anyone know of any good resources or books to get started on this? (BTW by computer system I mean software that can emulate the hardware of a virtual computer with its own unique instruction set)Read the article
-
Entry level security engineering positions
- by Jake
This is a question that has been bothering me for some time now. I have asked people and have always got mixed replies. It also has to do with how I will start my career. So here goes: Can an entry level software engineer directly get a job in a security engineering position? I am a graduate student in software engineering with a lot of course work in security as well, including web application, network and mobile security. I want to know if in the current industry, can an entry level engineer take the risk to prepare towards finding a security related position, or is it always necessary for a year or 2 development experience before one should think about finding a security position. Thank you.Read the article
-
Suggestions for cleaning up the mess after removing the "system tool" virus?
- by Ross
Hi! Last night I got infected with the "System Tool" virus. For those who don't know it disallows the user from executing any software, changes the desktop, stops all security software from running, and continually requests that you buy a Trojan security software. It took me a few hours but I finally managed to remove the software. To do this I went into my Ubuntu partition and searched out files that had been created around the time that I got infected and deleted the executable. Then I went back into my W7 partition and ran an MBAM full scan, an MSE full scan, an AVG bootable USB scan, and ran a ClamAV scan from my Ubuntu partition (Together these found 3 more infected executables). I also ran a Ccleaner full sweep and the registry cleaner just in case. I think I have found all of the problems but am still concerned that there might be a payload leftover from the virus that I didn't find. Do you have any suggestions of what else I can do to be sure. Just FYI I use W7 64 bit and MSE as my primary antivirus. I was using chrome when I got infected and it seems that it was due to a slightly out of date Java installation (MSE gave me a warning that the website had used a Java exploit and then my desktop changed to the classic "System Tools" desktop) Thank you very much for your help.Read the article
-
Nexus S 4g not detected by computer
- by Newbie in over his head
A little bit of a disclaimer, I have very little knowledge of the correct terminology for some of the things I'm going to ask about, and I apologize in advance I have a Nexus S 4g phone that is, at the moment of writing, connected to my 11.10 computer through its USB charger cable. In the past, connecting the phone like this has allowed me to transfer files between my computer and my phone; I'm able to get my music onto my phone, and my photos onto my computer, for example. For some reason, this has stopped working. My phone still charges its battery when connected to the computer, but neither the computer nor the phone recognized that they are connected. Is there something I can do to get the phone and the computer to detect each other? I don't know how to fix this, and it's more than a little frustrating. Any help would be greatly appreciated.Read the article
-
C++ vs Matlab vs Python as a main language for Computer Vision Postgraduate
- by Hough
Hi all, Firstly, sorry for a somewhat long question but I think that many people are in the same situation as me and hopefully they can also gain some benefit from this. I'll be starting my PhD very soon which involve the fields of computer vision, pattern recognition and machine learning. Currently, I'm using opencv (2.1) C++ interface and I especially like its powerful Mat class and the overloaded operations available for matrix and image seamless operations and transformations. I've also tried (and implemented many small vision projects) using opencv python interface (new bindings; opencv 2.1) and I really enjoy python's ability to integrate opencv, numpy, scipy and matplotlib. But recently, I went back to opencv C++ interface because I felt that the official python new bindings were not stable enough and no overloaded operations are available for matrices and images, not to mention the lack of machine learning modules and slow speeds in certain operations. I've also used Matlab extensively in the past and although I've used mex files and other means to speed up the program, I just felt that Matlab's performance was inadequate for real-time vision tasks, be it for fast prototyping or not. When the project becomes larger and larger, many tasks have to be re-written in C and compiled into Mex files increasingly and Matlab becomes nothing more than a glue language. Here comes the sub-questions: For postgrad studies in these fields (machine learning, vision, pattern recognition), what is your main or ideal programming language for rapid prototyping of ideas and testing algorithms contained in papers? For postgrad studies, can you list down the pros and cons of using the following languages? C++ (with opencv + gsl + svmlib + other libraries) vs Matlab (with all its toolboxes) vs python (with the imcomplete opencv bindings + numpy + scipy + matplotlib). Are there computer vision PhD/postgrad students here who are using only C++ (with all its availabe libraries including opencv) without even needing to resort to Matlab or python? In other words, given the current existing computer vision or machine learning libraries, is C++ alone sufficient for fast prototyping of ideas? If you're currently using Java or C# for your postgrad work, can you list down the reasons why they should be used and how they compare to other languages in terms of available libraries? What is the de facto vision/machine learning programming language and its associated libraries used in your university research group? Thanks in advance.Read the article
-
tapestry 4 session expired
- by cometta
is below caused by user session expired? if yes, how to exend session on tapestry 4 ? or any other way to solve this problem? Unable to process client request: Unable to forward to local resource '/app?service=page&page=Home&id=692': java.lang.NullPointerException: Property 'webRequest' of <OuterProxy for tapestry.globals.RequestGlobals(org.apache.tapestry.services.RequestGlobals)> is null. Apr 22, 2010 5:14:43 PM org.apache.catalina.core.ApplicationContext log SEVERE: app: ServletException javax.servlet.ServletException: java.lang.NullPointerException: Property 'webRequest' of <OuterProxy for tapestry.globals.RequestGlobals(org.apache.tapestry.services.RequestGlobals)> is null. at org.apache.tapestry.services.impl.WebRequestServicerPipelineBridge.service(WebRequestServicerPipelineBridge.java:65) at $ServletRequestServicer_128043b52ea.service($ServletRequestServicer_128043b52ea.java) at org.apache.tapestry.request.DecodedRequestInjector.service(DecodedRequestInjector.java:55) at $ServletRequestServicerFilter_128043b52e6.service($ServletRequestServicerFilter_128043b52e6.java) at $ServletRequestServicer_128043b52ec.service($ServletRequestServicer_128043b52ec.java) at org.apache.tapestry.multipart.MultipartDecoderFilter.service(MultipartDecoderFilter.java:52) at $ServletRequestServicerFilter_128043b52e4.service($ServletRequestServicerFilter_128043b52e4.java) at $ServletRequestServicer_128043b52ec.service($ServletRequestServicer_128043b52ec.java) at org.apache.tapestry.services.impl.SetupRequestEncoding.service(SetupRequestEncoding.java:53) at $ServletRequestServicerFilter_128043b52e8.service($ServletRequestServicerFilter_128043b52e8.java) at $ServletRequestServicer_128043b52ec.service($ServletRequestServicer_128043b52ec.java) at $ServletRequestServicer_128043b52de.service($ServletRequestServicer_128043b52de.java) at org.apache.tapestry.ApplicationServlet.doService(ApplicationServlet.java:126) at org.apache.tapestry.ApplicationServlet.doPost(ApplicationServlet.java:171) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:378) at org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109) at org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.ui.SessionFixationProtectionFilter.doFilterHttp(SessionFixationProtectionFilter.java:67) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.ui.ntlm.NtlmProcessingFilter.doFilterHttp(NtlmProcessingFilter.java:358) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.ui.ExceptionTranslationFilter.doFilterHttp(ExceptionTranslationFilter.java:101) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.context.HttpSessionContextIntegrationFilter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.concurrent.ConcurrentSessionFilter.doFilterHttp(ConcurrentSessionFilter.java:99) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:390) at org.springframework.security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619)Read the article
-
WebClient security error when accessing the world of warcraft armoury
- by user348446
Hello World, I am trying to piece together a solution to a problem. Basically I am using Silverlight 4 with C# 4.0 to access the world of warcraft armoury. If anyone has done this - please oh please provide the working .net 4.0 code. The code I am attempting to run is (e.Error contains a securtiy error): private void button10_Click(object sender, RoutedEventArgs e) { string url = @"http://eu.wowarmory.com/guild-info.xml?r=Eonar&n=Gifted and Talented"; WebClient wc = new WebClient(); // HOW DO I ADD A USER AGENT STRING (RESPONSE MAY VARY (I.E. HTML VS XML) IF PAGE THINKS CALL IS NOT CAPABABLE OF SUPPORTING XML TRANSFORMATIONS) //wc.ResponseHeaders["User-Agent"] = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)"; wc.DownloadStringCompleted += new DownloadStringCompletedEventHandler(wc_DownloadStringCompleted); wc.DownloadStringAsync(new Uri(url)); } void wc_DownloadStringCompleted(object sender, DownloadStringCompletedEventArgs e) { if (e.Error == null) { string result = e.Result; XDocument ArmouryXML = XDocument.Parse(result); ShowGuildies(ArmouryXML); } else { MessageBox.Show("Something is complaining about security but not sure what!"); } } Notes: C# 4.0 The armoury is an XML file - but i believe it reverts to html should the request not be from a browser that supports XML transformation. But i don't think I am getting this far. The armoury has a cross domain policy file on it - this may be the cause of the error (not sure! I have uploaded to a production server I am testing it locally using IIS website I am going insane! Websites have made the suggestion that this problem can be overcome by creating a WebProxy - but I haven't the first clue how to do this. It would be great if someone could take on this challenge and show us all that it is possible. I'd prefer a non-proxy solution first, then try a proxy. The error details: e.Error = {System.Security.SecurityException --- System.Security.SecurityException: Security error. at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult) at System.Net.Browser.BrowserHttpWebRequest.<c__DisplayClass5. Any intelligent master coders out there who can solve this in their sleep? Thanks if you can! Pass this on to someone who can if you can't. If you know someone who can't, don't pass it to them, but if you know someone can't then presumedly you know how to solve it and would encourage you to give it a go! Cheers! Dan.Read the article
