Search Results

Search found 9490 results on 380 pages for 'session hijacking'.

Page 293/380 | < Previous Page | 289 290 291 292 293 294 295 296 297 298 299 300  | Next Page >

• Replay attacks for HTTPS requests

  - by MatthewMartin

  Let's say a security tester uses a proxy, say Fiddler, and records an HTTPS request using the administrator's credentials-- on replay of the entire request (including session and auth cookies) the security tester is able to succesfully (re)record transactions. The claim is that this is a sign of a CSRF vulnerability. What would a malicious user have to do to intercept the HTTPS request and replay it? It this a task for script kiddies, well funded military hacking teams or time-traveling-alien technology? Is it really so easy to record the SSL sessions of users and replay them before the tickets expire? No code in the application currently does anything interesting on HTTP GET, so AFAIK, tricking the admin into clicking a link or loading a image with a malicious URL isn't an issue.

  Read the article

• IRequiresSessionState - how do I use it?

  - by Praesagus

  I need to be able to change when I can see session state. I found out about the IRequiresSessionState Marker Interface, but have not been able to figure out how to use it. I think I may be missing something obvious. Can one of you C# guru's give me a quick 1-2-3 step through? (e.g. 1 create a new class, 2. put public interface IRequiresSessionState in it. 3. Use IRequiresSessionState('abra_cadabra') to change the value.). Thank you for your help.

  Read the article

• [Ruby on Rails] scribd_fu gsub error

  - by siulamvictor

  I have an application which allow user upload documents to Scribd. I tried to use scribd_fu in Rails. An error occurred when the controller try to save the model. NoMethodError in DocumentsController#processupload private method `gsub' called for nil:NilClass here is the related controller def processupload @document = Document.new(params[:document]) if @document.save session[:scribdid] = @document.ipaper_access_key else xxxxx and this is the related html form <form action="/documents/processupload" enctype="multipart/form-data" method="post"> <input name="authenticity_token" type="hidden" value="FqTCmlGGIvRjiaiaa+YtF50wgI7FfpxfrZsulLCbXcw=" /> <label class="label_h2">Upload a Document</label> <input id="document_document_upload" name="document[document_upload]" size="30" type="file" /></div> <div class="buttons"><button type="submit" class="positive"><img src="/images/icons/tick.png" alt="Save Document"/>Save Document</button> </form> Is there anything wrong?

  Read the article

• customize Help Center Live HLC

  - by Andy

  Hi, I just installed Help Center Live which works fine, but I would like to make just one minor adjustment and after looking almost everywhere I couldn't find the file where the text was listen in. At the end of each chat the user can request a copy of the transcript. I tested it and it got into the spam folder of my email client. Why, I don't know, but the point here is I would lik to add some text. After a user finishes a chat session, he or she gets a page hcl/live/chat/end.php with the following text displayed somewhere: "To e-mail yourself a copy of the transcript, please enter your e-mail address below." After entering the address and pressing submit there is a confirmation message: "A copy of the transcript has been sent to your e-mail address." And I would like to add: "Please check your spam folder if you haven't received your transcript" How can this be done? Thanks.

  Read the article

• Is it possible to create ICriteria/ICriterion from LINQ or HQL?

  - by adrin

  I am creating a method that can create filter understood by NHibernate (by filter i mean a set of ICriteria object for example) from my abstract filter object. public static IEnumerable<ICriterion> ToNhCriteria(this MyCriteria criteria) { // T4 generated function // lots of result.Add(Expression.Or(Expression.Eq(),Expression.Eq)) expression trees - hard to generate // Is there a way to generate HQL/Linq query here istead? } then i want to do something like session.CreateCriteria<Entity>().Add(myCriteria.ToNhCriteria()) to filter entities. The problem is that using Expression. methods (Expression.Or etc) is quite tedious (the method is generated and i have multiple or statements that have to be joined into an expression somehow). Is there a way to avoid using Expression.Or() and create ICrietrion / ICriteria using LINQ or HQL?

  Read the article

• getting a gridview and dropdownlist to remember their states after navigate away and back button scr

  - by nat

  hi i have a page filling a gridview which is all working fine. the grid is basically the result of a search .. the filters for which are a number of dropdowns and a couple of textboxes the data from the grid and dropdowns are saved in the session and the whole page lives inside an updatepanel when i navigate away from the page (as it happens by clicking a link inside the grid) and then back button to it, all the droppers are back to their unselected values and the grid is nowhere to be seen.. i understand that this is because of the scriptmanager doesnt do 'standard' postbacks so the browser doesnt realise what has happened. however i have set the EnableHistory to true in the scriptmanager is there an easy way to get this to remember without dropping the updatepanel/scriptmanager? also to complicate things further the scriptmanger /updatepanel is actually in a master page. so not really sure how i can get the navigate bits to work in the scriptmanager.. clearly i am a bit confuised and any help that someone could provide would be happily received thanks nat

  Read the article

• question on database query using hibernate in java with annotations

  - by molleman

  Hello, simple question regarding HQL(Hibernate query language) so i have user class , that can hold a list of Projects, how do i take this out of the database depending on a username, this is how i take out my user String username = "stephen"; YFUser user = (YFUser) session.createQuery("select u FROM YFUser u where u.username = :username").setParameter("username", name).uniqueResult(); but i want to take out the list of projects here is the projects list within the class YFUser(my user class); how would i query the database to get this list of projects @Entity @Table(name = "yf_user_table") public class YFUser implements Serializable,ILightEntity { ......... @OneToMany(cascade = CascadeType.ALL,fetch = FetchType.LAZY) @JoinTable(name = "YFUSER_JOIN_PROJECT", joinColumns = { @JoinColumn(name = "user_id") }, inverseJoinColumns = { @JoinColumn(name = "project_id") }) private List<Project> projects = new ArrayList<Project>();

  Read the article

• Using jmock how to reuse parameter

  - by BenZen

  I'm building a test, in wich i need to send question, and wait for the answer. Message passing is not the problem. In fact to figure out wich answer correspond to wich question, i use an id. My id is generated using an UUID. an i want to retrieve this id, wich is given as a parameter to a mocked object. It look like this: oneOf(message).setJMSCorrelationID(with(correlationId)); inSequence(sequence); Where correlationId is the string i'd like to keep for an other expecteation like this one: oneOf(session).createBrowser(with(inputChannel), with("JMSType ='pong' AND JMSCorrelationId = '"+correlationId+"'")); have you got an answer?

  Read the article

• Using setSourceType with image picker up hides status bar

  - by Aaron

  I am pretty sure this is a bug but I thought I would check. I used the camera overlay to add a button so that on the iphone a user can switch from the camera view to the photo library. When button is taped the source type switches fine but the status bar is missing from the photo library. Throughout the rest of that session the status bar remains missing from all views evet thougth isStatusBarHidden reports NO. This is how the camera overlay view is created if (cameraOverlayView == nil) { [[NSBundle mainBundle] loadNibNamed:@"CameraOverlayView" owner:self options:nil]; } If camera is available this is when I set source type and add overlay if ([UIImagePickerController isSourceTypeAvailable:UIImagePickerControllerSourceTypeCamera]) { [imagePicker setSourceType:UIImagePickerControllerSourceTypeCamera]; [imagePicker setCameraOverlayView:cameraOverlayView]; } Here is the action statement to change source type. (IBAction)selectImage; { [imagePicker setSourceType:UIImagePickerControllerSourceTypePhotoLibrary]; } If I don't tap the button on the overlay there is no problem with the status bar. PS. I did submit a bug report on this.

  Read the article

• Passing a Java object from one Struts action to another

  - by Bernhard V

  Hello! In one of my Struts action I've got the following code in a method: ... List<Object> retrievedListOfObjects = c.getListOfObjects(); return mapping.findForward("fw_view"); } fw_view leads to a new Struts action with another Struts form. Let's say this form has got among others the following field List<Object> listOfObjects; I now want to pass the retrievedListOfObjects from within the first Struts action to the form of the following Struts action. Is this possible without storing it in the session?

  Read the article

• SQLAlchemy - how to map against a read-only (or calculated) property

  - by Jeff Peck

  I'm trying to figure out how to map against a simple read-only property and have that property fire when I save to the database. A contrived example should make this more clear. First, a simple table: meta = MetaData() foo_table = Table('foo', meta, Column('id', String(3), primary_key=True), Column('description', String(64), nullable=False), Column('calculated_value', Integer, nullable=False), ) What I want to do is set up a class with a read-only property that will insert into the calculated_value column for me when I call session.commit()... import datetime def Foo(object): def __init__(self, id, description): self.id = id self.description = description @property def calculated_value(self): self._calculated_value = datetime.datetime.now().second + 10 return self._calculated_value According to the sqlalchemy docs, I think I am supposed to map this like so: mapper(Foo, foo_table, properties = { 'calculated_value' : synonym('_calculated_value', map_column=True) }) The problem with this is that _calculated_value is None until you access the calculated_value property. It appears that SQLAlchemy is not calling the property on insertion into the database, so I'm getting a None value instead. What is the correct way to map this so that the result of the "calculated_value" property is inserted into the foo table's "calculated_value" column?

  Read the article

• Lamp with mod_fastcgi

  - by Jonathan

  Hi! I am building a cgi application, and now I would like it to be like an application that stands and parses each connection, with this, I can have all session variables saved in memory instead of saving them to file(or anyother place) and loading them again on a new connection I am using lamp within a linux vmware but I can't seem to find how to install the module for it to work and what to change in the httpd.conf. I tried to compile the module, but I couldn't because my apache isn't a regular instalation, its a lamp already built one, and it seems that the mod needs the apache directory to be compiled. I saw some coding examples out there, so I guess is not that hard once its runing ok with Apache Can you help me with this please? Thanks, Joe

  Read the article

• Python script shows different pythonpath

  - by Bird Jaguar IV

  Attempting to run runsnake gives ImportError: No module named wx Opening an ipython or python session seems to work fine: >>> import wx >>> import sys >>> print [p for p in sys.path if 'wx' in p] ['/usr/local/lib/wxPython-2.9.4.0/lib/python2.7/site-packages', '/usr/local/lib/wxPython-2.9.4.0/lib/python2.7/site-packages/wx-2.9.4-osx_cocoa', '/usr/local/lib/wxPython-2.9.4.0/lib/python2.7/site-packages/wx-2.9.1-osx_cocoa/tools'] as does putting that code in a script and calling python script.py. But putting that code at the beginning of runsnake.py prints an empty list (printing the whole sys.path prints a path quite different from my $PYTHONPATH). Why would it be different, and how to I get it to recognize wxPython?

  Read the article

• File Upload in GWT in a Special Case

  - by Maksud

  I am doing a software for a document system. In this system when a user completes a document and want to save it, the document will be uploaded directly to server without the user action. This system uses COM/ActiveX to facilitate user using native editors. Ok, my problem is: suppose I have a file say d:/notepad.txt. Using classical method a user can browse the file and upload it. I can do that with apache commonio and GWT FormPanel and FileUpload. But if I know the filename (d:/notepad.txt), is there any way to upload the file directly to server without the user having to browse the file. I am currently doing this by the ActiveX componenet calling some HttpUpload methods with POST. But that does not maintain session. Thanks

  Read the article

• Debugging ASP.NET on a built-in web server suddenly stops

  - by Anton Gogolev

  I have Windows Server 2008 (64-bit), VS 2008 with its built-in webserver and an ASP.NET MVC 1.0 webapp. All I'm trying to do is to debug said app. I have a bunch of breakpoints, but they behave in a very strange way. When I fist start a debugging session with F5 and hit a breakpoint, the debugger stops just fine. However, after serveral F10s/F11s debugging suddenly "stops" (no exceptions at that time), but neither VS detaches from browsers' process, nor webapp execution stops: Visual Studio stays attached, and web request continues executing as usual. I tried various browsers (Chrome, Firefox, IE), but to no avail. What do I do to solve this? It really drives me insane.

  Read the article

• Weird problem: IE8 user can't authenticate with web service

  - by NovaJoe

  I have an asp.net app. It has a page that requires authentication. The authenticated user can view the page because he/she is authenticated. The page makes a jQuery Ajax call to a WCF service. The WCF service checks that the user is authenticated via HttpContext. I have a user that is using WinXP and IE8. This user can authenticate to the page, but when the Ajax call is made from the page to the wb service, the user recieves my "session not authenticated" message on the page, generated by the service and displayed on the page. When I use the same OS/browser combo, the page and service work just fine, as expected; no errors. What option in this user's IE settings would cause this behavior?

  Read the article

• Criteria hibernate

  - by apb

  my code session.createCriteria(Input.class); DateFormat format = new SimpleDateFormat("yyyy-MM-dd hh:mm:ss"); Date startDate = (Date)format.parse("2005-01-01 00:00:00"); Date endDate = (Date)format.parse("2005-03-03 00:00:00"); crit.add(Expression.between ("inputDate", new Date(startDate.getTime()), new Date(endDate.getTime()))); This code return a list, but there is no element present in it. i think it doesn't match the condition. Anybody help.

  Read the article

• Need help configuring SQL Server CE connections string in Fluent NHibernate

  - by Yoav

  Hi, I'm trying to return a session factory using this code: return Fluently.Configure() .Database(MsSqlCeConfiguration.Standard.ShowSql().ConnectionString(path)) .Mappings(m => m.FluentMappings.AddFromAssemblyOf<Project>()) .BuildSessionFactory(); Path is the full path to an .sdf file. And get this exception: System.ArgumentException: Format of the initialization string does not conform to specification starting at index 0. at System.Data.SqlServerCe.ConStringUtil.GetKeyValuePair(Char[] connectionString, Int32 currentPosition, String& key, Char[] valuebuf, Int32& vallength, Boolean& isempty) What am I doing wrong?

  Read the article

• Saving html page from MATLAB web browser

  - by yuk

  Following this question I get a message on the retrieved page that "Your browser does not support JavaScript so some functionality may be missing!" If I open this page with web(url) in MATLAB web browser and accept certificate (once per session), the page opens properly. How can I save the page source from the browser with a script? Or from system browser? Or may be there is a way to get that page even without browser? url='https://cgwb.nci.nih.gov/cgi-bin/hgTracks?position=chr7:55054218-55242525';

  Read the article

• JSON Search and remove in php?

  - by moogeek

  Hello! I have a session variable $_SESSION["animals"] containing a deep json object with values: $_SESSION["animals"]='{ "0":{"kind":"mammal","name":"Pussy the Cat","weight":"12kg","age":"5"}, "1":{"kind":"mammal","name":"Roxy the Dog","weight":"25kg","age":"8"}, "2":{"kind":"fish","name":"Piranha the Fish","weight":"1kg","age":"1"}, "3":{"kind":"bird","name":"Einstein the Parrot","weight":"0.5kg","age":"4"}, }'; For example, I want to find the line with "Piranha the Fish" and then remove it (and json_encode it again as it was). How to do this? I guess i need to search in json_decode($_SESSION["animals"],true) resulting array and find the parent key to remove but i'm stucked anyways.

  Read the article

• How to get JSON back from HTTP POST Request (to another domain)

  - by roman m

  I'm trying to use the API on a website, here's the part of the manual: Authenticated Sessions (taken from here) To create an authenticated session, you need to request an authToken from the '/auth' API resource. URL: http://stage.amee.com/auth (this is not my domain) Method: POST Request format: application/x-www-form-urlencoded Response format: application/xml, application/json Response code: 200 OK Response body: Details of the authenticated user, including API version. Extra data: "authToken" cookie and header, containing the authentication token that should be used for subsequent calls. Parameters: username / password Example Request POST /auth HTTP/1.1 Accept: application/xml Content-Type: application/x-www-form-urlencoded username=my_username&password=my_password Response HTTP/1.1 200 OK Set-Cookie: authToken=1KVARbypAjxLGViZ0Cg+UskZEHmqVkhx/Pm...; authToken: 1KVARbypAjxLGViZ0Cg+UskZEHmqVkhx/PmEvzkPGp...== Content-Type: application/xml; charset=UTF-8 QUESTION: How do I get that to work? I tried jQuery, but it seems to have problem with XSS. Actual code snippet would be greatly appreciated. p.s. All I was looking for was WebClient class in C#

  Read the article

• accessing pdf via https URL

  - by Paul

  I send out a newsletter email containing URLs to a https website that then redirects to a pdf document. On first invocation of a URL the user is prompted with the typical https browser "security alert" popup, on selecting "Yes" the display of the PDF fails. The HTTP Header on the failed response is: HTTP/1.1 200 OK Server: ECS/HTTP-Server Date: Tue, 16 Mar 2010 15:57:26 GMT Content-type: application/pdf Content-language: en-US Set-cookie: JSESSIONID=0000r111cRz1Vc-PtCJg8Cdu4eR:-1; Path=/ Expires: Thu, 01 Dec 1994 16:00:00 GMT Cache-control: no-cache="set-cookie, set-cookie2" Connection: close Subsequent invocations of the URL successfully opens the PDF (at this point we have the session id cookie set by the initial failed request). The HTTP Header on the successful response is: HTTP/1.1 200 OK Server: ECS/HTTP-Server Date: Tue, 16 Mar 2010 16:53:03 GMT Content-type: application/pdf Content-language: en-US Connection: close The email client is Lotus Notes 6.5 which launches an IE6 browser Any ideas?

  Read the article

• Pageview implementation

  - by The Elite Gentleman

  Hi everyone I want to add a pageview feature on my current web application. This page view is based on the count of user viewing the page. It must be unique, i.e. I must not view a person's page 10000 times and record it as 10000 views, just record 1 view instead. My question is, should I base my pageview count on IP address? If not, what is/are the best approach in doing this? I know that if the person has logged in to my system, I can simply use the user id stored in the session and check on the record if the user has/hasn't viewed the page and update accordingly. But for "anonymous" viewers, what is the best approach? Thanks. PS How does Youtube does it?

  Read the article

• Soundcload API, PHP, and OAuth

  - by fedeisas

  Hi guys. I'm building a site, and I need to query my last two tracks from my soundcloud account and display them on my page. I've read the Soundcloud API documentation but it seems obscure and far from my reach. I've installed the PHP library for using the API and Oauth, and set up my SoundCloud application to get my Consumer Keys, but I can't start the OAuth session. I'm using this library. I was wondering if maybe you could hand me some sample code for doing this. That would be great!!

  Read the article

• Autotest notifications on Ubuntu virtual environment

  - by Luciano

  I am having trouble getting Rails autotest notifications to work on the Engine Yard Vagrant environment. On the Mac, I normally get the notifications via Growl. However, on the virtual environment (which runs Ubuntu) that doesn't work. I tried running Linux notification setups such as libnotify+autotest-notification, but I get the following error: libnotify-Message: Unable to get session bus: /bin/dbus-launch terminated abnormally with the following error: Autolaunch error: X11 initialization failed. ** (notify-send:1004): CRITICAL **: dbus_g_proxy_connect_signal: assertion `DBUS_IS_G_PROXY (proxy)' failed ** (notify-send:1004): CRITICAL **: dbus_g_proxy_connect_signal: assertion `DBUS_IS_G_PROXY (proxy)' failed ** (notify-send:1004): CRITICAL **: dbus_g_proxy_call: assertion `DBUS_IS_G_PROXY (proxy)' failed Another path would be to have Growl receive the notifications remotely, but I don't even know where to begin with that... Any suggestions?

  Read the article

< Previous Page | 289 290 291 292 293 294 295 296 297 298 299 300  | Next Page >