Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 307/1233 | < Previous Page | 303 304 305 306 307 308 309 310 311 312 313 314  | Next Page >

  • Disable browser 'Save Password' functionality

    - by mattsmith321
    One of the joys of working for a government healthcare agency is having to deal with all of the paranoia around dealing with PHI (Protected Health Information). Don't get me wrong, I'm all for doing everything possible to protect people's personal information (health, financial, surfing habits, etc.), but sometimes people get a little too jumpy. Case in point: One of our state customers recently found out that the browser provides the handy feature to save your password. We all know that it has been there for a while and is completely optional and is up to the end user to decide whether or not it is a smart decision to use or not. However, there is a bit of an uproar at the moment and we are being demanded to find a way to disable that functionality for our site. Question: Is there a way for a site to tell the browser not to offer to remember passwords? I've been around web development a long time but don't know that I have come across that before. Any help is appreciated. Thanks, Matt

    Read the article

  • asp.net mvc, IIS 6 vs IIS7.5, and integrated windows authentication causing javascript errors?

    - by chris
    This is a very strange one. I have an asp.net MVC 1 app. Under IIS6, with no anon access - only integrated windows auth - every thing works fine. I have the following on most of my Foo pages: <% using (Html.BeginForm()) { %> Show All: <%= Html.CheckBox("showAll", new { onClick = "$(this).parent('form:first').submit();" })%> <% } %> Clicking on the checkbox causes a post, the page is reloaded, everything is good. When I look at the access logs, that's what I see, with one oddity - the js library is requested during the page first request, but not for any subsequent page requests. Log looks like: GET / 401 GET / 200 GET /Content/Site.css 304 GET /Scripts/jquery-1.3.2.min.js 401 GET /Scripts/jquery-ui-1.7.2.custom.min.js 401 GET /Scripts/jquery.tablesorter.min.js 401 GET /Scripts/jquery-1.3.2.min.js 304 GET /Scripts/jquery-ui-1.7.2.custom.min.js 304 GET /Scripts/jquery.tablesorter.min.js 304 GET /Content/Images/logo.jpg 401 GET /Content/Images/logo.jpg 304 GET /Foo 401 GET /Foo 200 POST /Foo/Delete 302 GET /Foo/List 200 POST /Foo/List 200 This corresponds to home page, click on "Foo", delete a record, click a checkbox (which causes the 2nd POST). Under IIS7.5, it sometimes fails - the click on the check box doesn't cause a postback, but there are no obvious reasons why. I've noticed under IIS7.5 that every single page request re-issues the requests for the js libraries - the first one a 401, followed by either a 200 (OK) or 304 (not modified), as opposed to the above log extract where that only happened during the 1st request. Is there any way to eliminate the 401 requests? Could a timing issue have something to do with the click being ignored? Would increasing the number of concurrent connections help? Any other ideas? I'm at a bit of a loss to explain this.

    Read the article

  • Request a user's roles in AD when caller is not in domain

    - by grootjans
    I would like to get a user's group memberships in an ActiveDirectory, without being in the domain. When I run this inside the domain, all is well. var context = new PrincipalContext(ContextType.Domain); var principal = UserPrincipal.FindByIdentity(context, IdentityType.Name, "administrator"); foreach (var authorizationGroup in principal.GetAuthorizationGroups()) { Console.WriteLine(authorizationGroup.Name); } However, when I run outside the domain, I have to specify the PrincipalContext lie this: var context = new PrincipalContext(ContextType.Domain, "10.0.1.255", "DC=test,DC=ad,DC=be", "administrator", "password"); When I run this code, I get an exception when I execute principal.GetAuthorizationGroups(). The exception I get is: System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355). at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags) at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo() at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName() at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups()

    Read the article

  • Can I encrypt web.config with a custom protection provider who's assembly is not in the GAC?

    - by James
    I have written a custom protected configuration provider for my web.config. When I try to encrypt my web.config with it I get the following error from aspnet_iisreg aspnet_regiis.exe -pef appSettings . -prov CustomProvider (This is running in my MSBuild) Could not load file or assembly 'MyCustomProviderNamespace' or one of its dependencies. The system cannot find the file specified. After checking with the Fusion log, I confirm it is checking both the GAC, and 'C:/WINNT/Microsoft.NET/Framework/v2.0.50727/' (the location of aspnet_iisreg). But it cannot find the provider. I do not want to move my component into the GAC, I want to leave the custom assembly in my ApplicationBase to copy around to various servers without having to pull/push from the GAC. Here is my provider configuration in the web.config. <configProtectedData> <providers> <add name="CustomProvider" type="MyCustomProviderNamespace.MyCustomProviderClass, MyCustomProviderNamespace" /> </providers> </configProtectedData> I want aspnet_iisreg to check my ApplicationBase Bin folder for this assembly. Has anyone got any ideas?

    Read the article

  • Where does Internet Explorer store saved passwords?

    - by Ian Boyd
    Where does Internet Explorer store saved passwords? And since this is a programming site, i'm not literally asking for the location where IE stores passwords, but which API ie uses to save passwords. At first i assumed that Microsoft was using the standard api: CredRead CredWrite which is used to save domain and generic program/web-site credentials. CredRead/CredWrite turn around and use CryptProtectData CryptUnprotectData to encrypt data with the current user's account. CredRead/CredWrite then store the data in some magical location, which contents you can see from the control panel: But i don't see IE passwords in there. So ie doesn't store passwords using CredRead/CredWrite. What api does IE use to store passwords, and if it uses CryptProtectData, where does it then store the protected data?

    Read the article

  • User.IsInRole returning false

    - by Curtis
    My ASP.NET app is using windows authentication. If I run the following code: WindowsIdentity wi = (WindowsIdentity)User.Identity; foreach (IdentityReference r in wi.Groups) { ListBox1.Items.Add(r.Translate (typeof (NTAccount)).Value); } if (User.IsInRole ("Everyone")) Label1.Text = "Is in role"; The listbox will contain the name of every group the user belongs to. If I then call User.IsInRole, and pass in the name of any of those groups, I always get a false. Can anyone tell me what I am doing wrong? Thanks

    Read the article

  • How to enable HTTP response caching in Spring Boot

    - by Samuli Kärkkäinen
    I have implemented a REST server using Spring Boot 1.0.2. I'm having trouble preventing Spring from setting HTTP headers that disable HTTP caching. My controller is as following: @Controller public class MyRestController { @RequestMapping(value = "/someUrl", method = RequestMethod.GET) public @ResponseBody ResponseEntity<String> myMethod( HttpServletResponse httpResponse) throws SQLException { return new ResponseEntity<String>("{}", HttpStatus.OK); } } All HTTP responses contain the following headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Expires: 0 Pragma: no-cache I've tried the following to remove or change those headers: Call setCacheSeconds(-1) in the controller. Call httpResponse.setHeader("Cache-Control", "max-age=123") in the controller. Define @Bean that returns WebContentInterceptor for which I've called setCacheSeconds(-1). Set property spring.resources.cache-period to -1 or a positive value in application.properties. None of the above have had any effect. How do I disable or change these headers for all or individual requests in Spring Boot?

    Read the article

  • Does anyone use Fortify 360 with Classic ASP? a Header Manipulation vulnerability story

    - by j_green71
    Good morning, everyone. I'm on a short-term contracting gig, trying to patch some vulnerabilities in their legacy code. The application I'm working on is a combination of Classic ASP(VBScript) and .Net 2.0 (C#). One of the tools they have purchased is Fortify 360. Let's say that this is a current classic ASP page in the application: <%@ Language=VBScript %> <% Dim var var = Request.QueryString("var") ' do stuff Response.Redirect "nextpage.asp?var=" & var %> I know, I know, short and very dangerous. So we wrote some (en/de)coders and validation/verification routines: <%@ Language=VBScript %> <% Dim var var = Decode(Request.QueryString("var")) ' do stuff if isValid(var) then Response.Redirect "nextpage.asp?var=" & Encode(var) else 'throw error page end if %> And still Fortify flags this as vulnerable to Header Manipulation. How or what exactly is Fortify looking for? The reason I suspect that Fortify is looking for specific key words is that on the .Net side of things, I can include the Microsoft AntiXss assembly and call functions such as GetSafeHtmlFragment and UrlEncode and Fortify is happy. Any advice?

    Read the article

  • faking a filesystem / virtual filesystem

    - by attwad
    I have a web service to which users upload python scripts that are run on a server. Those scripts process files that are on the server and I want them to be able to see only a certain hierarchy of the server's filesystem (best: a temporary folder on which I copy the files I want processed and the scripts). The server will ultimately be a linux based one but if a solution is also possible on Windows it would be nice to know how. What I though of is creating a user with restricted access to folders of the FS - ultimately only the folder containing the scripts and files - and launch the python interpreter using this user. Can someone give me a better alternative? as relying only on this makes me feel insecure, I would like a real sandboxing or virtual FS feature where I could run safely untrusted code.

    Read the article

  • Cookieless Django - Django with no cookies

    - by phoebebright
    As I'm writing a django site from government bodies I'm not going to be able to use cookies. I found this snippet http://djangosnippets.org/snippets/1540/ but it's currently not allowing users to login. Before I start debugging I wondered if anyone else has solved this problem with this snippet or in any other way?

    Read the article

  • Design for a machine learning artificial intelligence framework (community wiki)

    - by Lirik
    This is a community wiki which aims to provide a good design for a machine learning/artificial intelligence framework (ML/AI framework). Please contribute to the design of a language-agnostic framework which would allow multiple ML/AI algorithms to be plugged into a single framework which: runs the algorithms with a user-specified data set. facilitates learning, qualification, and classification. allows users to easily plug in new algorithms. can aggregate or create an ensemble of the existing algorithms. can save/load the progress of the algorithm (i.e. save the network and weights of a neural network, save the tree of a decision tree, etc.). What is a good design for this sort of ML/AI framework?

    Read the article

  • Sha or Md5 algorithm i need to encrypt and decrypt in flex

    - by praveen
    Hi I am developing my application in flex and JSP, so when I am passing values through HTTP Service Post method with request object but these values are tracing and modifying by testing team so I am planning to encrypt values in flex and decrypt it in jsp.so is there any algorithms like SHA or MD5 more secure algorithms, so please send any code or related links it is very useful to me. I am using like httpService = new HTTPService; httpService.request = new Object; httpService.request.task = "doInvite"; httpService.request.email = emailInput.text; httpService.request.firstName = firstNameInput.text; httpService.request.lastName = lastNameInput.text; httpService.send(); So is there any other way to give more secure ,please help me in this,Thanks in Advance.

    Read the article

  • Easiest way to decrypt PGP-encrypted files from VBA (MS Access)

    - by stucampbell
    I need to write code that picks up PGP-encrypted files from an FTP location and processes them. The files will be encrypted with my public key (not that I have one yet). Obviously, I need a PGP library that I can use from within Microsoft Access. Can you recommend one that is easy to use? I'm looking for something that doesn't require a huge amount of PKI knowledge. Ideally, something that will easily generate the one-off private/public key pair, and then have a simple routine for decryption.

    Read the article

  • How to organize modules for PyPI to support 2.x and 3.x

    - by Craig McQueen
    I have a Python module that I would like to upload to PyPI. So far, it is working for Python 2.x. It shouldn't be too hard to write a version for 3.x now. But, after following guidelines for making modules in these places: Distributing Python Modules The Hitchhiker’s Guide to Packaging it's not clear to me how to support multiple source distributions for different versions of Python, and it's not clear if/how PyPI could support it. I envisage I would have separate code for: 2.x 2.6 (maybe, as a special case to use the new buffer API) 3.x How is it possible to set up a Python module in PyPI so that someone can do: easy_install modulename and it will install the right thing whether the user is using 2.x or 3.x?

    Read the article

  • How to create Python module distribution to gracefully fall-back to pure Python code

    - by Craig McQueen
    I have written a Python module, and I have two versions: a pure Python implementation and a C extension. I've written the __init__.py file so that it tries to import the C extension, and if that fails, it imports the pure Python code (is that reasonable?). Now, I'd like to know what is the best way to distribute this module (e.g. write setup.py) so it can be easily used by people with or without the facility to build, or use, the C extension. My experience is limited but I see two possible cases: User does not have MS Visual Studio, or the GCC compiler suite, installed on their machine, to build the C extension User is running IronPython, Jython, or anything other than CPython. I only have used CPython. So I'm not sure how I could distribute this module so that it would work smoothly and be easy to install on those platforms, if they're unable to use the C extension.

    Read the article

  • How to create Python module distribution to gracefully fall-back to pure Python code

    - by Craig McQueen
    I have written a Python module, and I have two versions: a pure Python implementation and a C extension. I've written the __init__.py file so that it tries to import the C extension, and if that fails, it imports the pure Python code (is that reasonable?). Now, I'd like to know what is the best way to distribute this module (e.g. write setup.py) so it can be easily used by people with or without the facility to build, or use, the C extension, just by running: python setup.py install My experience is limited, but I see two possible cases: User does not have MS Visual Studio, or the GCC compiler suite, installed on their machine, to build the C extension User is running IronPython, Jython, or anything other than CPython. I only have used CPython. So I'm not sure how I could distribute this module so that it would work smoothly and be easy to install on those platforms, if they're unable to use the C extension.

    Read the article

  • DBMS debugger causes TOAD to hang

    - by James Collins
    I can start the dbms debugger in Toad and use it normally but if I hit the 'halt execution' button or just hit the 'Run' button to reach the end of the function it causes TOAD to hang. Windows reports it as not responding and I have to kill it through the task manager. I have had this problem in Toad 9.7.2.5 and Toad 10 on two different laptops. Has anyone else experienced this problem? If you have did you find a solution to this?

    Read the article

  • WCF how to pass token for authentication?

    - by Kevin
    I have a WCF service which would like to support basicHttpBinding and webHttpBinding. When the client successfully login, server will generate a token for client to pass to server on all the request make later. Question is how the client can pass the token to server? I don't want to add an extra parameter on every web method to hold the token.

    Read the article

  • Getting Attributes of Keychain Items

    - by rgov
    I'm trying to get the attributes of a keychain item. This code should look up all the available attributes, then print off their tags and contents. According to the docs I should be seeing tags like 'cdat', but instead they just look like an index (i.e., the first tag is 0, next is 1). This makes it pretty useless since I can't tell which attribute is the one I'm looking for. SecItemClass itemClass; SecKeychainItemCopyAttributesAndData(itemRef, NULL, &itemClass, NULL, NULL, NULL); SecKeychainRef keychainRef; SecKeychainItemCopyKeychain(itemRef, &keychainRef); SecKeychainAttributeInfo *attrInfo; SecKeychainAttributeInfoForItemID(keychainRef, itemClass, &attrInfo); SecKeychainAttributeList *attributes; SecKeychainItemCopyAttributesAndData(itemRef, attrInfo, NULL, &attributes, 0, NULL); for (int i = 0; i < attributes->count; i ++) { SecKeychainAttribute attr = attributes->attr[i]; NSLog(@"%08x %@", attr.tag, [NSData dataWithBytes:attr.data length:attr.length]); } SecKeychainFreeAttributeInfo(attrInfo); SecKeychainItemFreeAttributesAndData(attributes, NULL); CFRelease(itemRef); CFRelease(keychainRef);

    Read the article

  • FPSE, folder permissions and SharePoint Designer

    - by David Lively
    All, A few of our internal users are editing one of our classic ASP sites (Not a SharePoint site) via Sharepoint Designer which I believe uses FrontPage Server Extensions. I would like to give a particular user author rights to a single folder - ie, /products and any items and folders it contains. Any suggestions?

    Read the article

  • How can I reliably check client identity whilst making DCOM calls to a C# .Net 3.5 Server?

    - by pionium
    Hi, I have an old Win32 C++ DCOM Server that I am rewriting to use C# .Net 3.5. The client applications sit on remote XP machines and are also written in C++. These clients must remain unchanged, hence I must implement the interfaces on new .Net objects. This has been done, and is working successfully regarding the implementation of the interfaces, and all of the calls are correctly being made from the old clients to the new .Net objects. However, I'm having problems obtaining the identity of the calling user from the DCOM Client. In order to try to identify the user who instigated the DCOM call, I have the following code on the server... [DllImport("ole32.dll")] static extern int CoImpersonateClient(); [DllImport("ole32.dll")] static extern int CoRevertToSelf(); private string CallingUser { get { string sCallingUser = null; if (CoImpersonateClient() == 0) { WindowsPrincipal wp = System.Threading.Thread.CurrentPrincipal as WindowsPrincipal; if (wp != null) { WindowsIdentity wi = wp.Identity as WindowsIdentity; if (wi != null && !string.IsNullOrEmpty(wi.Name)) sCallingUser = wi.Name; } if (CoRevertToSelf() != 0) ReportWin32Error("CoRevertToSelf"); } else ReportWin32Error("CoImpersonateClient"); return sCallingUser; } } private static void ReportWin32Error(string sFailingCall) { Win32Exception ex = new Win32Exception(); Logger.Write("Call to " + sFailingCall + " FAILED: " + ex.Message); } When I get the CallingUser property, the value returned the first few times is correct and the correct user name is identified, however, after 3 or 4 different users have successfully made calls (and it varies, so I can't be more specific), further users seem to be identified as users who had made earlier calls. What I have noticed is that the first few users have their DCOM calls handled on their own thread (ie all calls from a particular client are handled by a single unique thread), and then subsequent users are being handled by the same threads as the earlier users, and after the call to CoImpersonateClient(), the CurrentPrincipal matches that of the initial user of that thread. To Illustrate: User Tom makes DCOM calls which are handled by thread 1 (CurrentPrincipal correctly identifies Tom) User Dick makes DCOM calls which are handled by thread 2 (CurrentPrincipal correctly identifies Dick) User Harry makes DCOM calls which are handled by thread 3 (CurrentPrincipal correctly identifies Harry) User Bob makes DCOM calls which are handled by thread 3 (CurrentPrincipal incorrectly identifies him as Harry) As you can see in this illustration, calls from clients Harry and Bob are being handled on thread 3, and the server is identifying the calling client as Harry. Is there something that I am doing wrong? Are there any caveats or restrictions on using Impersonations in this way? Is there a better or different way that I can RELIABLY achieve what I am trying to do? All help would be greatly appreciated. Regards Andrew

    Read the article

  • Best Diff Tool?

    - by ila
    For all my present Diff / Merge needs I'm using Beyond Compare; when I decided to buy a license for it I tried other similar tools, both payware and freeware. Now BC is at version 3, and I think it's a great tool... but what are your experience in this field? Do you think there is something better? And what are the feature you like best on your favorite Diff tool? EDIT I'm recollecting here a list of the tools mentioned in the answers below, in order of preferences (more or less), separating pay- from free- ware and indicating supported operating system. Hope this helps. PAYWARE Beyond Compare (win + linux) - http://www.scootersoftware.com/ Araxis Merge (win + osX) - http://www.araxis.com/merge/index.html ExamDiff Pro (win) - http://www.prestosoft.com/edp_examdiffpro.asp ECMerge (win, osX, linux) - http://www.elliecomputing.com/Home/default.asp MergePlant (win) - http://www.mikado-ltd.com/ Changes (OSX) http://www.changesapp.com Deltopia DeltaWalker (win, osx, linux) http://www.deltopia.com/ FREEWARE FileMerge (OSX) - http://en.wikipedia.org/wiki/Apple_Developer_Tools#FileMerge Tortoise SVN (win) - http://tortoisesvn.net/ WinMerge (win) - http://winmerge.org/ ExamDiff (win) - http://www.prestosoft.com/ps.asp?page=edp_examdiff Diff Merge from SourceGear - http://www.sourcegear.com/diffmerge/index.html Perforce Merge (win + linux + OSX) - http://www.perforce.com/perforce/products/merge.html meld (linux) - sudo apt-get install meld http://meld.sourceforge.net/ Vimdiff - vim distribution KDiff3 - http://kdiff3.sf.net/ ediff - EMacs distribution Tiny Hexer Kompare (KDE, linux) - http://www.caffeinated.me.uk/kompare/ tkdiff (win, linux, osX) - http://tkdiff.sourceforge.net

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 303 304 305 306 307 308 309 310 311 312 313 314  | Next Page >