Search Results

Search found 2011 results on 81 pages for 'token bucket'.

Page 33/81 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40 | Next Page >

oAuth provider with Django-piston

- by Martin Eve

Hi, I'm working with django-piston to attempt to create an API that supports oAuth. I started out using the tutorial at: http://blog.carduner.net/2010/01/26/django-piston-and-oauth/ I added a consumer to piston's admin interface with key and secret both set to "abcd" for test purposes. The urls are successfully wired-up and the oAuth provider is called. However, running my get request token tests with tripit (python get_request_token.py "http://127.0.0.1:8000/api" abcd abcd), I receive the following error: Invalid signature. Expected signature base string: GET&http%3A%2F%2F127.0.0.1%3A8000%2Fapi%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dabcd%26oauth_nonce%3D0c0bdded5b1afb8eddf94f7ccc672658%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275135410%26oauth_version%3D1.0 The problem seems to lie inside the _check_signature method of Piston's oauth.py, where valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature) is returning false. I can't, however, work out how to get the signature validated. Any ideas?

Read the article
Is Rails default CSRF protection insecure

- by schickb

By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

Read the article
Python.expat can't parse XML file with bad symbols. How to go around?

- by culebrón

I'm trying to parse an XML file with expat, and here's the line where I get bad token exception: <tag k="name" v="???????????????????????????????????????????????????????????????????" /> xml.parsers.expat.ExpatError: not well-formed (invalid token): line 610127, column 37 The symbols in hex look like: \xd1? Seems like someone wrote this string (Russian alfabet) hitting backspace a few times. I set parser.returns_unicode = True, but this didn't help. The 1st line is <?xml version="1.0" encoding="UTF-8"?>. I work with a bz2 file. (bz2.BZ2File) How can I parse the file?

Read the article
Displaying map stl

- by BSchlinker

Declared a map early on: map<char*,char*> rtable; // used to store routing information Now I'm attempting to display the contents of the map: void Routes::viewroutes(){ typedef map<char*, char*>::const_iterator iter; for (iter=rtable.begin(); iter != rtable.end(); ++iter) { cout << iter->second << " " << iter->first << endl; } } Receiving the error "expected primary-expression before '!=' token and for '-' token. Can't seem to understand the error I'm making here. Any ideas?

Read the article
The remote server returned an error: NotFound.

- by xscape

Hi, I'm trying to retrieve a string in my old webservice but it give me an error of The remote server returned an error: NotFound. and its InnerException is {System.Net.WebException: The remote server returned an error: NotFound. --- System.Net.WebException: The remote server returned an error: NotFound. at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult) at System.Net.Browser.BrowserHttpWebRequest.<c_DisplayClass5.b_4(Object sendState) at System.Net.Browser.AsyncHelper.<c_DisplayClass2.b_0(Object sendState) --- End of inner exception stack trace --- at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state) at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)} this is the method which error prompted, this method returns a string format void client_ValidateUserEncryptedCompleted(object sender, DummyWS.ValidateUserEncryptedCompletedEventArgs e) { object token = e.Result; client = new DummyWS.MachineHistoryWSSoapClient(); if (token != null) { client.GetSummaryXMLAsync(token, "", ""); } } I am currently using Silverlight 4.0 and my ServiceReferences.ClientConfig is <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="MachineHistoryWSSoap" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"> <security mode="None" /> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="http://localhost/MHVwsModified/MachineHistoryWS.asmx" binding="basicHttpBinding" bindingConfiguration="MachineHistoryWSSoap" contract="DummyWS.MachineHistoryWSSoap" name="MachineHistoryWSSoap" /> </client> </system.serviceModel> My Web.Config in my web service is <configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <system.web> <compilation debug="true"> <assemblies> <add assembly="System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" /></assemblies></compilation> <authentication mode="Windows" /> </system.web> <system.webServer> <directoryBrowse enabled="true" /> </system.webServer> Any help will be aprreciated thank you.

Read the article
Parsing Indentation-based syntaxes in Haskell's Parsec

- by pavpanchekha

I'm trying to parse an indentation-based language (think Python, Haskell itself, Boo, YAML) in Haskell using Parsec. I've seen the IndentParser library, and it looks like it's the perfect match, but what I can't figure out is how to make my TokenParser into an indentation parser. Here's the code I have so far: import qualified Text.ParserCombinators.Parsec.Token as T import qualified Text.ParserCombinators.Parsec.IndentParser.Token as IT lexer = T.makeTokenParser mylangDef ident = IT.identifier lexer This throws the error: parser2.hs:29:28: Couldn't match expected type `IT.TokenParser st' against inferred type `T.GenTokenParser s u m' In the first argument of `IT.identifier', namely `lexer' In the expression: IT.identifier lexer In the definition of `ident': ident = IT.identifier lexer What am I doing wrong? How should I create an IT.TokenParser? Or is IndentParser broken and to be avoided?

Read the article
Making GWT application crawlable by a search engine.

- by Philippe Beaudoin

I want to use the #! token to make my GWT application crawlable, as described here: http://code.google.com/web/ajaxcrawling/ There is a GWT sample app available online that uses this, for example: http://gwt.google.com/samples/Showcase/Showcase.html#!CwRadioButton Will serve the following static webpage to the googlebot: http://gwt.google.com/samples/Showcase/Showcase.html?_escaped_fragment_=CwRadioButton I want my GWT app to do something similar. In short, I'd like to serve a different flavor of the page whenever the _escaped_fragment_ parameter is found in the URL. What should I modify in order for the server to serve something else (a static page, or a page dynamically generated through a headless browser like HTML Unit)? I'm guessing it could be the web.xml file, but I'm not sure. (Note: I thought of checking the Showcase app provided with the GWT SDK, but unfortunately it doesn't seem to support serving static files on _escaped_fragment_ and it doesn't use the #! token..)

Read the article
Authenticated Referrals & Server-Side Auth Flow - What is the redirect_uri?

- by Brian P. Hamachek

From an authenticated referral (such as from a timeline story) to my website, I am trying to use the server-side authentication flow to obtain an access token for the referred user. I need to pass my app secret, the auth code, and the original redirect URI to the Facebook access token endpoint. Since I did not initiate the authentication request, how do I determine the original redirect_uri? The link from the Facebook timeline looks like: http://www.facebook.com/connect/uiserver.php?app_id=153644678059870&method=permissions.request&redirect_uri=http%3A%2F%2Fwww.wnmlive.com%2Fpost%2F141833948%3Ffb_action_ids%3D10100708033267487%26fb_action_types%3Dwnm-live%253Acomment%26fb_source%3Drecent_activity&response_type=code&display=page&auth_referral=1 So I figure that the redirect URI I need to pass is: http%3A%2F%2Fwww.wnmlive.com%2Fpost%2F141833948%3Ffb_action_ids%3D10100708033267487%26fb_action_types%3Dwnm-live%253Acomment%26fb_source%3Drecent_activity The URI that the user is ultimately redirected to is: http://www.wnmlive.com/post/141833948?fb_action_ids=10100708032119787&fb_action_types=wnm-live%3Apost&fb_source=recent_activity&code=AQALK-Mwb_Nwi4z7FWnFaL6tEXvNtVJiRKrgarG9X73sp22TJyk8v2GWKtuXuevJk4hPSRNnuNpEgZXLFdOS_k-pY-mE15DYytIa8Y7VdSw3VL-XYi-CR9BCqRQGq4uBJvSSdZayCp6MWzDMaNqWd5r8OhKVnOhg_yDlvfoLl21N2SMwkJaOfD5mlPnPb5A-Q4A#_=_ Is it safe to assume that I can just chop off everything starting with the "&code=" and use that as the redirect URI?

Read the article
where should we place HIDDEN variable in JSP

- by micheal

I need to use Hidden variables in my JSP for session tracking. this is the code: <input type="hidden" name="REQ_TOKEN" value="<%=session.getAttribute("SESN_TOKEN").toString()%>" /> i am using this to compare the request token with session token, so only when both are equal i will evaluate that request otherwise i will throw an error. Now the problem is, when i place this code inside <form></form> tags, it is working fine. Unfortunately there are some JSPs in my application where we dont have tag(I know that sounds weird!). where can i place my code so that it will work? Cant i use Hidden variables without FORM tag???

Read the article
Flickr API automated login using Python library flickrapi

- by Dave Aaron Smith

I have a web application that I want to sync with Flickr. I don't want the users to have to log into Flickr so I plan to use a single login. I believe I'll need to do something like this: import flickrapi flickr = flickrapi.FlickrAPI(myKey, mySecret) (token, frob) = flickr.get_token_part_one(perms='write', my_auth_callback) flickr.get_token_part_two((token, frob,)) flickr.what_have_you(... I don't know what my_auth_callback should look like though. I suspect it will have to post my login information to flickr. Could I do the get_token_part_one step just once manually perhaps and then re-use it in get_token_part_two?

Read the article
Twitter oauth_callback parameter being ignored!

- by Astrofaes

Hi guys, I'm trying to get Twitter authentication working on my ASP.NET site. When you create the app on the Twitter website, you have to specify a callback URL, which for sake of argument, I have set to http://mydomain.com I've read the oAuth 1.0a spec, and to override this callback URL with your own custom one you have to send the oauth_callback parameter in the request_token phase (url-encoded of course). So my request URL looks like this: http://twitter.com/oauth/request_token?oauth_callback_url=http%3A%2F%2Fmydomain.com%2Ftwittercallback Supposedly, if all goes to plan, in your response data, you are supposed to receive a new parameter of oauth_callback_confirmed=true in addition to your token and token secret parameters. However, my response comes through as: oauth_token=MYTOKEN&oauth_token_secret=MYTOKENSECRET I know I haven't given you guys the greatest amount to go on, but I'm at my wits end as to why I am not receiving the oauth_callback_confirmed parameter. Without this, my application keeps defaulting back to the callback URL hard-coded on the Twitter website. Please if anyone could help me out, I will be eternally grateful! Thanks, A.

Read the article
Problem with Validate Anti Forgery

- by Mikael Egnér

Hi! I have a problem regarding MVC Anti forgery token. When I do my authentication I have pseudo code like this: var user = userRepository.GetByEmail(email); System.Threading.Thread.CurrentPrincipal = HttpContext.Current.User = user; by doing so I'm able to get the current user in my code like this: var user = HttpContext.Current.User as EntityUser; This works fine until I add the [ValidateAntiForgeryToken] attribute to an action. When I add the attribute I get A required anti-forgery token was not supplied or was invalid. If I comment out this line: System.Threading.Thread.CurrentPrincipal = HttpContext.Current.User = user; The antiforgery validation works fine, but the I don't have my convenient way of getting my "EntityUser" from the HttpContext. Any ideas of how to work around this? Best regards Mikael

Read the article
Doesn't get into Debug Mode

- by Grace Jones

When I Press F5 on my VS2005 to debug the application, it launches the web app window but it is coming out of debug mode. When I tried to trace the Error in the EventViewer, this was the error: Failed in Token.vb(GetToken). The token was not in memory and the identity of the authenticated IIS caller was not permitted. The session may have unexpectedly terminated. The specific error message included: Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive. Please also make sure that System.Web.SessionStateModule or a custom session state module is included in the \\ section in the application configuration. I don't have any httpModules section in my config file and the sessionState mode="InProc"...

Read the article
How to query a date in HQL (Hibernate) with Joda Time?

- by fabien7474

I am sure that someone familiar with HQL (I am myself a newbie) can easily answer this question. In my Grails application, I have the following domain class. class Book { org.joda.time.DateTime releaseDate //I use the PersistentDateTime for persisting via Hibernate (that use a DATETIME type for MySQL DB) } In my HQL query, I want to retrieve books whose release date is included in range date1..date2 For instance I tried: DateTime date1, date2 ... def queryStr = "select * from Book as b where b.releaseDate > $date1 and b.releaseDate < $date2" def res = Book.executeQuery(queryStr) But I got the exception ...caused by: org.springframework.orm.hibernate3.HibernateQueryException: unexpected token: The error token points to date format (for instance 2009-11-27T21:57:18.010+01:00 or Fri Nov 27 22:01:20 CET 2009) I have also tried to convert date1 into a Date class without success So what is the correct HQL code ? Should I convert to a specific format (which one?) using the patternForStyle method or is there another -cleaner- way to do it? Thanks, Fabien.

Read the article
How to do call function after client finishes download from tornado web server?

- by Shabbyrobe

I would like to be able to run some cleanup functions if and only if the client successfully completes the download of a file I'm serving using Tornado. I installed the firefox throttle tool and had it slow the connection down to dialup speed and installed this handler to generate a bunch of rubbish random text: class CrapHandler(BaseHandler): def get(self, token): crap = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(100000)) self.write(crap) print "done" I get the following output from tornado immediately after making the request: done I 100524 19:45:45 web:772] 200 GET /123 (192.168.45.108) 195.10ms The client then plods along downloading for about 20 seconds. I expected that it would print "done" after the client was done. Also, if I do the following I get pretty much the same result: class CrapHandler(BaseHandler): @tornado.web.asynchronous def get(self, token): crap = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(100000)) self.write(crap) self.finish() print "done" Am I missing something fundamental here? Can tornado even support what I'm trying to do? If not, is there an alternative that does?

Read the article
"Invalid signature": oAuth provider with Django-piston

- by Martin Eve

Hi, I'm working with django-piston to attempt to create an API that supports oAuth. I started out using the tutorial at: http://blog.carduner.net/2010/01/26/django-piston-and-oauth/ I added a consumer to piston's admin interface with key and secret both set to "abcd" for test purposes. The urls are successfully wired-up and the oAuth provider is called. However, running my get request token tests with tripit (python get_request_token.py "http://127.0.0.1:8000/api" abcd abcd), I receive the following error: Invalid signature. Expected signature base string: GET&http%3A%2F%2F127.0.0.1%3A8000%2Fapi%2Foauth%2Frequest_token%2F&oauth_consumer_key%3Dabcd%26oauth_nonce%3D0c0bdded5b1afb8eddf94f7ccc672658%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1275135410%26oauth_version%3D1.0 The problem seems to lie inside the _check_signature method of Piston's oauth.py, where valid_sig = signature_method.check_signature(oauth_request, consumer, token, signature) is returning false. I can't, however, work out how to get the signature validated. Any ideas? -----Update----- If I remove the test consumer from piston's backend, the response returned is correctly set to "Invalid consumer", so this lookup appears to be working.

Read the article
Is using GET with a tokenID for security a good idea?

- by acidzombie24

I was thinking about this and it appears POST only a little less vulnerable and somewhat harder (do to requiring the user to click something). I read about token ids and double submitted cookies and i am not sure what the difference is http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Disclosure_of_Token_in_URL http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies Right now i have the user id (PK in my table) and a session id so you cant simply change your cookie ID and act like someone else. Now it seems like i put the session id as a token in each of my forms and check them bc attackers cant guess these tokens. However i dislike the idea of putting the session id into the page for ppl to see. But really, is there a problem with that? short of having the user copy/pasting the html is there any attacks that can happen due to the session id being in plain view in html?

Read the article
Paypal - DoExpressCheckoutPayment null pointer

- by user969894

String nvpstr = "&TOKEN=" + token + "&PAYERID=" + payerID + "&PAYMENTREQUEST_0_PAYMENTACTION=" + paymentType + "&PAYMENTREQUEST_0_AMT=" + finalPaymentAmount + "&PAYMENTREQUEST_0_CURRENCYCODE=" + currencyCodeType + "&IPADDRESS=" + serverName; Having done an earlier call to SetExpressCheckout, I had to change a few parameter names because Paypal had changed it in the documentation but not in the code from the integration wizard. Now for DoExpressCheckoutPayment I've modified a few but I get a null pointer at strAck: HashMap nvp = httpcall("DoExpressCheckoutPayment", nvpstr); String strAck = nvp.get("ACK").toString(); if (strAck.equalsIgnoreCase("Success")) { return nvp; } Not sure what is wrong, any suggestions for debugging this or possible solutions?

Read the article
Basic Profanity Filter in Objective C for iPhone

- by David van Dugteren

How have you like minded individuals tackled the basic challenge of filtering profanity, obviously one can't possibly tackle every scenario but it would be nice to have one at the most basic level as a first line of defense. In Obj-c I've got NSString *tokens = [text componentsSeparatedByString:@" "]; And then I loop through each token to see if any of the keywords (I've got about 400 in a list) are found within each token. Realising False positives are also a problem, if the word is a perfect match, its flagged as profanity otherwise if more than 3 words with profanity are found without being perfect matches it is also flagged as profanity. Later on I will use a webservice that tackles the problem more precisely, but I really just need something basic. So if you wrote the word penis it would go yup naughty naughty, bad word written.

Read the article
Rails: Generated tokens missing occasionally

- by Vincent Chan

We generate an unique token for each user and store it on database. Everything is working fine in the local environment. However, after we upload the codes to the production server on Engine Yard, things become weird. We tried to register an account right after the deploy. It is working fine and we can see the token in the db. But after that, when we register new accounts, we cannot see any tokens. We only have NULL in the db. Not sure what caused this problem because we can't re-produce this in the local machine. Thanks for your help.

Read the article
steps for facebook connect graph api

- by dskanth

Hi, iam using facebook connect in my site, and i want to know how do i use the graph api for authenticating the user. I followed these steps: 1) Initially i sent a request for "code", by clicking on the facebook icon in my site: https://graph.facebook.com/oauth/authorize? client_id=xxx&redirect_uri=http://xxxxxxxx 2) And then after getting a code, i sent a request for "access token", by clicking on another link in my site: https://graph.facebook.com/oauth/access_token? client_id=xxx&redirect_uri=http://xxxxxxx&client_secret=xxxx&code=xxxxx 3) And after i got the token, i sent another request for getting user data, by clicking on yet another link: https://graph.facebook.com/me?access_token=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Then finally i got the user data in array format, which i need to parse for my required data like user's firstname, email, etc. Now my question is that how i can automate this process with just one click ? Right now, iam using 3 different links for sending those requests. Can anyone suggest a solution ?

Read the article
Storing n-grams in database in < n number of tables.

- by kurige

If I was writing a piece of software that attempted to predict what word a user was going to type next using the two previous words the user had typed, I would create two tables. Like so: == 1-gram table == Token | NextWord | Frequency ------+----------+----------- "I" | "like" | 15 "I" | "hate" | 20 == 2-gram table == Token | NextWord | Frequency ---------+------------+----------- "I like" | "apples" | 8 "I like" | "tomatoes" | 12 "I hate" | "tomatoes" | 20 "I hate" | "apples" | 2 Following this example implimentation the user types "I" and the software, using the above database, predicts that the next word the user is going to type is "hate". If the user does type "hate" then the software will then predict that the next word the user is going to type is "tomatoes". However, this implimentation would require a table for each additional n-gram that I choose to take into account. If I decided that I wanted to take the 5 or 6 preceding words into account when predicting the next word, then I would need 5-6 tables, and an exponentially increase in space per n-gram. What would be the best way to represent this in only one or two tables, that has no upper-limit on the number of n-grams I can support?

Read the article
Authlogic: Create records on other users' behalf

- by Friðrik

Hi Using Authlogic, what is the best way to create a record in rails on other users' behalf? Description: I have a c++ server which handles Tcp connections from many c++ clients, and I want the c++ server to create a new record in the rails database using its REST api. However, the c++ server needs to be authenticated before creating that record. What I want is to attach the original user ID (from the c++ client) to the record (but not the servers) so I know from which user the record came from. One way is for the c++ client to send its persistence token over to the c++ server which sends that token as a parameter to the create action, does that make sense? or are there maybe some better ways to do this? I have a rails app which uses authlogic for authentication. I also have another c++ client which is logs in and provides I have a c++ server which uses

Read the article
Testing with Unittest Python

- by chrissygormley

Hello, I am runninig test's with Python Unittest. I am running tests but I want to do negative testing and I would like to test if a function throw's an exception, it passes but if no exception is thrown the test fail's. The script I have is: try: result = self.client.service.GetStreamUri(self.stream, self.token) self.assertFalse except suds.WebFault, e: self.assertTrue else: self.assertTrue This alway's passes as True even when the function work's perfectly. I have also tried various other way's including: try: result = self.client.service.GetStreamUri(self.stream, self.token) self.assertFalse except suds.WebFault, e: self.assertTrue except Exception, e: self.assertTrue Does anyone have any suggestions? Thanks

Read the article
Using perl's Regexp::Grammars, how do I make a capture dependent on $MATCH?

- by Evan Carroll

I've got a token like such: <delim2=((?{ $MATCH{delim} }))> and what I want to happen is for delim2 to capture and be set to the value of delim. When I run this, delim2 is set, but the capture is never done. I think this is an error in my reasoning: I'm trying to chain this form: <ALIAS= ( PATTERN )> Match pattern, save match in $MATCH{ALIAS} and this form: (?{ MATCH{delim} }) into something like this <ALIAS= ( (?{MATCH{delim}) )> Matches the value of $MATCH{delim} save to $MATCH{delim2} but this simply doesn't seem valid. I can verify my original token works <delim2=((?{ die $MATCH{delim} }))> will die with the value, and, if I hard code it, I get the right capture and everything works <delim2=(')>? So how do I go about achieving sane results, while having a dynamic pattern?

Read the article

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40 | Next Page >