Search Results

Search found 41147 results on 1646 pages for 'database security'.

Page 349/1646 | < Previous Page | 345 346 347 348 349 350 351 352 353 354 355 356  | Next Page >

• Is Rails default CSRF protection insecure

  - by schickb

  By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

  Read the article

• How dangerous can javascript be? (is noscript worth the trouble)?

  - by CrazyJugglerDrummer

  I have recently started using noscript (in addition to ABP). It took a little while to get used to it and can occasionally require some clicking when visiting a new site to investigate why the site's not working and where I need to allow javascript from. Is the extra security worth it? Some of the controversy is discussed here. I suppose it boils down to a matter of whether javascript is a genuine threat to your computer or not. Any thoughts on this?

  Read the article

• SQL Server 2005 script with join across Database Servers

  - by Robin Day

  I have the following script which I use to give me a simple "diff" between tables on two different databases. (Note: In reality my comparison is on a lot more than just an ID) SELECT MyTableA.MyId, MyTableB.MyId FROM MyDataBaseA..MyTable MyTableA FULL OUTER JOIN MyDataBaseB..MyTable MyTableB ON MyTableA.MyId = MyTableB.MyId WHERE MyTableA.MyId IS NULL OR MyTableB.MyId IS NULL I now need to run this script on two databases that exist on different servers. At the moment my solution is to backup the database from one server, restore it to the other and then run the script. I'm pretty sure this is possible, however, is this likely to be a can of worms? This is a very rare task I need to perform and if it involves a large number of DB setting changes then I will probably stick to my backup method.

  Read the article

• Generating a reasonable ctags database for Boost

  - by Robert S. Barnes

  I'm running Ubuntu 8.04 and I ran the command: $ ctags -R --c++-kinds=+p --fields=+iaS --extra=+q -f ~/.vim/tags/stdlibcpp /usr/include/c++/4.2.4/ to generate a ctags database for the standard C++ library and STL ( libstdc++ ) on my system for use with the OmniCppComplete vim script. This gave me a very reasonable 4MB tags file which seems to work fairly well. However, when I ran the same command against the installed Boost headers: $ ctags -R --c++-kinds=+p --fields=+iaS --extra=+q -f ~/.vim/tags/boost /usr/include/boost/ I ended up with a 1.4 GB tags file! I haven't tried it yet, but that seems likes it's going to be too large to be useful. Is there a way to get a slimmer, more usable tags file for my installed Boost headers? Edit Just as a note, libstdc++ includes TR1, which has allot of Boost libs in it. So there must be something weird going on for libstdc++ to come out with a 4 MB tags file and Boost to end up with a 1.4 GB tags file.

  Read the article

• SQL Server 2008 database engine login failed for administrator user in windows 7

  - by Sadegh

  I installed SQL Server 2008 Enterprise Edition on Windows 7 Ultimate from sadegh user. This account exists in administrators role. after a few days I removed sadegh user from Windows and now I am using administrator user. But I can't login to SQL Server database engine using Windows authentication method and I receive this error message: TITLE: Connect to Server Cannot connect to SADEGH-PC. ADDITIONAL INFORMATION: Login failed for user 'Sadegh-PC\Administrator'. (Microsoft SQL Server, Error: 18456) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476 please help me! thanks

  Read the article

• Verify my form workflow

  - by Shackrock

  I have a form, with some sensitive info (CC numbers). My work flow is: One page to take all form items Upon submission, values are validated. If all is well, all data is stored in a session variable, and the page reloads and displays this info from the session variable. If everything is ok on the review page, the user clicks submit and the session variable is sent to another form for processing (sending payment). Upon success, the session is destroyed. Upon failure (bad CC number, for example) - the user is sent back to the form, with all of the fields filled in just like before, so that they can check for errors and try again (session is NOT destroyed). Does anyone see anything wrong with this, from a security or best practices stand point? UPDATE I'm thinking I can get rid of a step - storing the info in a session EVER. Just have a one page checkout, no review page... makes sense.

  Read the article

• Problem updating a database field from my controller

  - by ben

  I have an update method in my users controller that I call from a HTTPService in Flex 4. The update method is as follows: def updateName @user = User.find_by_email(params[:email]) @user.name = params[:nameNew] render :nothing => true end This is console output: Processing UsersController#updateName (for 127.0.0.1 at 2010-05-24 14:12:49) [POST] Parameters: {"action"="updateName", "nameNew"="ben", "controller"="users", "email"="[email protected]"} User Load (0.6ms) SELECT * FROM "users" WHERE ("users"."email" = '[email protected]') LIMIT 1 Completed in 20ms (View: 1, DB: 1) | 200 OK [http://localhost/users/updateName] But when I check my database, the name field is never updated. What am I doing wrong? Thanks for reading.

  Read the article

• Import xml to database with high end performance and Audit log- A best Practice

  - by karthik

  Hi, I have to import big xml files to Ms SQL 2005 Database by using C# with high end Performance. Even if any record fails in middle, i have to take next record for process and failed record need to log for audit. I don't want to put insert query with in for loop. Could you please suggest a best way to do this. If I can use bulkcopy methods or Data Adapter update methods- Its very nice, But if any record fails, execution of that statement breaks and rolled back totally, right? Any alternatives and Best practices with example please..? Is Multi-threading works for me to improve performance..? Give me example please. Thanks Karthikeyan

  Read the article

• Recommendation for web-based database visualization tool

  - by prometheus

  Tableau is extremely flexible when it comes to visualizing and playing around with datasets, but it is extremely slow when you go into "production mode" and publish a particular view that you've created onto your server. Does anyone know of any tools that can be used to connect to a database, present interactive (or somewhat interactive) dashboards, and perform reasonably well when published to a server? To be clearer, I am looking for something like this -- http://www.corda.com/executive-dashboard-graph-styles.php. I realize that such a product might not exist. If so, is there a particular framework or library that I could use to create killer interactive visualizations of data for the web?

  Read the article

• What's the difference between the 'DES' class and The 'DESCryptoServiceProvider' class?

  - by IbrarMumtaz

  All I can make out is that one of them is the BC for all 'DES' algorithms to be derived from and the later is a wrapper for the Cryptographic service provider implementation of the DES algorithm. The reason why I ask is that I am going over .Net Security and the MS official training book simply refers to the DES class but the another official MS book refers to the DESCrypto' class. What's the difference between these two? When would you use either of them? What do I need to know as far as the 70-536 exam is concerned. I am asking my question from an educational P.O.V as far as the 70-536 exam is concerned. Thanks In Advance. Ibrar

  Read the article

• Convert BLOB to Jpg using C#

  - by TGuimond

  Hello, I am currently developing a web application that receives data from an on-site oracle database. The database developers have developed some web-services that I am able to call and send/receive data to and from the the database. When I want to display an image the method returns the image in BLOB format. My question is: what is the best way to convert BLOB to .jpg or .bmp so I can display the image correctly? If someone could point me in the right direction that would be great! Cheers, Tristan

  Read the article

• Creating a "less"-like console pager interface for pysqlite3 database

  - by Eric

  I would like to add some interactive capability to a python CLI application I've writen that stores data in a SQLite3 database. Currently, my app reads-in a certain type of file, parses and analyzes, puts the analysis data into the db, and spits the formatted records to stdout (which I generally pipe to a file). There are on-the-order-of a million records in this file. Ideally, I would like to eliminate that text file situation altogether and just loop after that "parse and analyze" part, displaying a screen's worth of records, and allowing the user to page through them and enter some commands that will edit the records. The backend part I know how to do. Can anyone suggest a good starting point for creating that pager frontend either directly in the console (like the pager "less"), through ncurses, or some other system?

  Read the article

• How can i use ClearCanvas in remote database?

  - by programmerist

  How can i get data from REMOTE database using OnStart method? protected override int OnStart(StudyLoaderArgs studyLoaderArgs) { ApplicationEntity ae = studyLoaderArgs.Server as ApplicationEntity; _ae = ae; EventResult result = EventResult.Success; AuditedInstances loadedInstances = new AuditedInstances(); try { XmlDocument doc = RetrieveHeaderXml(studyLoaderArgs); StudyXml studyXml = new StudyXml(); studyXml.SetMemento(doc); _instances = GetInstances(studyXml).GetEnumerator(); loadedInstances.AddInstance(studyXml.PatientId, studyXml.PatientsName, studyXml.StudyInstanceUid); return studyXml.NumberOfStudyRelatedInstances; } finally { AuditHelper.LogOpenStudies(new string[] { ae.AETitle }, loadedInstances, EventSource.CurrentUser, result); } } i need to use OnStart in main project. How cn i use or call OnStart method

  Read the article

• How to manually query LDAP through Acegi's beans?

  - by Veggen Skrikk

  I have an application using Acegi (earlier version of Spring Security) and LDAP for logins. Now, a specific scenario requires me to discover user's LDAP groups at arbitrary time (not at login time). Is it possible to use already set up Acegi to handle this situation? I'm thinking of using the configured LdapAuthProvider (or LdapAuthPopulator or whatever's appropriate) to get all the groups associated with a given username. Is this possible? If yes, please, please, give some hints how it should be done...

  Read the article

• LocalUser access for WCF hosted in IIS

  - by Eugarps

  I have tried every combination to allow unauthenticated access to WCF as in "LocalUser" accounts, in IIS without success. Here is what I've most recently tried: wsHttpBinding with Message security and mode set to "None". IIS anonymous access enabled, all others disabled, folder level access at default (but granted read access to "Users" which is all users in our domain). I understand I may not have provided enough information to solve the issue, but perhaps somebody can point me in the right direction - is this likely to be a IIS configuration issue or a WCF configuration issue... if WCF, is it likely to be a client level or server level issue? The error I get when attempting to access here is "User is not authenticated". We have ASMX services in the domain which are behaving properly, I am the first developer using WCF here.

  Read the article

• Storing ASP.Net MVC Views in the Database

  - by Adam Albrecht

  For an ASP.Net MVC application, I'm interested in storing some views and/or partial views in the database so that a few semi-technical users can do some basic view logic. Does anyone have any tips or lessons from experience on doing this? I know Phil Haack wrote a blog post on this about a year ago. He used IronRuby for scripting his views, (which would be fine for me). He created a quick proof-of-concept, but I can't find any other information on the topic. Any ideas, thoughts, tips, etc would be appreciated. Thanks!

  Read the article

• symfony save submitted form to database

  - by Sejanus

  Maybe I am missing something, but in symfony examples, in form submission action there's nothing which indicates form data is saved to database. (link). How can I save everything to db? Example from the link: public function executeSubmit($request) { $this->forward404Unless($request->isMethod('post')); $params = array( 'name' => $request->getParameter('name'), 'email' => $request->getParameter('email'), 'message' => $request->getParameter('message'), ); $this->redirect('contact/thankyou?'.http_build_query($params)); }

  Read the article

• Windows secure pinned website tile

  - by Stijn de Voogd

  I'm currently working on a pinned website tile for my website and instead of using a static XML file i'm linking the tile to a web api that returns user specific XML. My question is: Is it possible to secure this tile so that a user needs to be logged in before the data loads? The pinned website livetile doesn't send any security request headers/ cookies: - Http: Request, GET /v1/livetile/firsttile Command: GET + URI: /v1/livetile/firsttile ProtocolVersion: HTTP/1.1 UserAgent: Microsoft-WNS/6.3 Host: 192.168.14.109:2089 Cache-Control: no-cache HeaderEnd: CRLF Sidenote: Notice how it's not even sending an accept header even though it only wants xml. Info: http://msdn.microsoft.com/en-US/library/ie/dn455106 http://msdn.microsoft.com/en-us/library/ie/hh761491.aspx# Thanks in advance!

  Read the article

• Flash not interacting with Javascripts in browser inside my app

  - by Shivaprasad

  Hi , I have an application which embeds a xulrunner based browser. I have to load some flash content in it which talks to some javascripts to update the browser title. The flash content works fine when launched from Firefox but not inside my app. I tried a sample html file which has some javascripts and they work fine. It even works when I have the flash content on a server. It is only when I try to run js through flash present on my local machine that I see this problem. I guess it must have something to do with some security settings in xulrunner. Could somebody help me figure out what the problem might be? Thanks jbsp72

  Read the article

• Adobe Socket Policy File Server Problems

  - by Matt

  Has anyone been able to successfully implement a service to serve the required socket policy file to FlashPlayer? I am running the Python implementation of the service provided by Adobe at http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html and using the following policy file: <?xml version="1.0" encoding="UTF-8"?> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="*" to-ports="*" secure="false"/> </cross-domain-policy> and receiving this message from Flash: [SecurityErrorEvent type="securityError" bubbles=false cancelable=false eventPhase=2 text="Error #2048: Security sandbox violation: http://www.mapopolis.com/family/Tree.swf cannot load data from www.mapopolis.com:1900."] Thanks.

  Read the article

• Best way to encrypt certain fiels in SQL Server 2008?

  - by Josh

  I'm writing a .net web app that will read and write information to a SQL 2008 backend database. Some of this information will be highly confidential in nature so I want to encrypt certain data elements. I dont want to use TDE or any full-database encryption for performance reasons. My main concern is protecting this sensitive data as a last resort against a SQL injection or even a database server compromise. My question is what is the best way to do this to preserve performance? Is it faster to use the SQL2008 encryption functions such as EncryptByKey, or would it be faster to encrypt and decrypt the data in the .NET web app itself using a symmetric key stored in the secure web.config and store the encrypted values in the DB?

  Read the article

• Saving data to server with user accounts.

  - by AKRamkumar

  Ok, so for an app I am making, I want the user to be able to save data online. On my website, I will provide a web server with tables of UserName/Password/SaveData. How can I do this without crashing the server load? How can I guarantee security ? Is there a Design Pattern for this?Is there a better way of doing this? This is going to be a free application, available to the public and I would like for their settings to be available, no matter the computer they are using. Is there a better way of doing this? I am using MEF for plugins so is there a way I can save plugin data as well?

  Read the article

• Can SqlAnywhere's UltraLiteJ DB tables be viewed in the Database Explorer of the Eclipse IDE

  - by Tobias

  Hi, I am developing a Blackberry app which should be able to access a DB. Here is my development environment and the tools I am using: Eclipse (Galileo) IDE with the Blackberry plugin installed. Blackberry OS 5.0 SQLAnywhere's DB 11 with UltraLiteJ (I am targeting Blackberrys running OS 4.1 and above) I have successfully executed a sample project for building a Blackberry application that uses the UltraLiteJ DB, following the tutorial in the UltraLiteJ documentation*. The tutorial creates, populates and retrieves data from the DB using java code. Now, I want to be able to access the tables and view data in them from the Eclipse IDE. Something similar to the FireFox plugin for SqlLite or say the Enterprise Manager for Sql Server 2005 which is a DB Explorer providing access to the StoredProcedures, Views, DB Diagrams etc. for a Database. Can someone please direct me as to how to tackle this problem? I hope the question is descriptive and clear. Much Obliged. *http://dcx.sybase.com/index.html#1101en/ulj_en11/uj-ch03.html

  Read the article

• Counting multiple entries in a MySQL database?

  - by Aaron

  Hi all, I'm trying to count multiple entries in a MySQL database, I know how to use COUNT(), but the exact syntax I want to get the results I need eludes me. The problem: Table structure: ID, CODE, AUTHOR, COUNTRY, TIMESTAMP. Code, Author and Country overlap many times in the table. I am trying to discover if there is one simple query that can be ran to return (using WHERE clause on COUNTRY) the author field, the code field, and then a final field that counts the number of times the CODE was present in the query result. So, theoretically I could end up with an array like: array('author', 'code', 'codeAppearsNTimes'); Authors also have varying codes associated with them, so I don't want the results merged. I suppose the end result would be: 'This author is associated with this code this many times'. Is this possible with MySQL? Thanks in advance.

  Read the article

• Grails LDAP authentication failed

  - by Leo

  Hi, guys I am developing a web app by using Grails and using Grails LDAP as my Authentication mechanism. However, i always get following error: {Error 500: Cannot pass null or empty values to constructor Servlet: default URI: /ldap-app/j_spring_security_check Exception Message: Cannot pass null or empty values to constructor Caused by: Cannot pass null or empty values to constructor Class: GrailsAuthenticationProcessingFilter } My SecurityConfig.groovy file is : security { // see DefaultSecurityConfig.groovy for all settable/overridable properties active = true loginUserDomainClass = "User" authorityDomainClass = "Role" requestMapClass = "Requestmap" useLdap = true ldapRetrieveDatabaseRoles = false ldapRetrieveGroupRoles = false ldapServer = 'ldap://worf-mi.dapc.kao.au:389' ldapManagerDn = 'CN=sa-ldap-its,OU=Unix Servers for Kerberos,OU=Information Technology Services,OU=Special Accounts,DC=nexus,DC=dpac,DC=cn' ldapManagerPassword = 'Asdf1234' ldapSearchBase = 'OU=People,DC=nexus,DC=dpac,DC=cn' ldapSearchFilter = '(&(cn={0})(objectClass=user))' }

  Read the article

< Previous Page | 345 346 347 348 349 350 351 352 353 354 355 356  | Next Page >