Search Results

Search found 120608 results on 4825 pages for 'code access security'.

Page 353/4825 | < Previous Page | 349 350 351 352 353 354 355 356 357 358 359 360 | Next Page >

why jsessionid is appended to each url?

- by sword101

greetings all i am deploying an app using spring framework on the apache tomcat when running the application from the tomcat directly,there's no jsessionid appended to any url at all but after mapping the application to the domain,and trying to run it i got a jsessionid appended to each url in the application,i tried the spring security attribute disable-url-rewriting but it doesn't work,it removes the jsessionid from the url but the application doesn't work no more,the user cannot login. so i guess it's another problem,any ideas why this happens,how to solve it? thanks.

Read the article
Max Value for MSAccess Date/Time

- by Steven

What is the latest date that can be represented in Microsoft Access?

Read the article
Important Question, Please give response if u have any idea....

- by Sumit Kr Singh

Hi i an developing an iphone application, it is basically a security application based on "Thief Buster"(available on Appstore URL: http://itunes.apple.com/app/thief-buster-antitheft-alarm/id327463179?mt=8# ) my problem is: * Volume Control Blocking * Automatic application restart Please provide the application logic to resolve the problem. Thanks in advance..

Read the article
access denied trying extracting an archive on the windows user temp folder

- by Hanan

I'm trying to run a command-line process (which is extraction of a .7z archive) on a file that lies in a temporary folder on the windows user temp directory (C:\Documents and Settings\User\Local Settings\Temp), using Process in my c# app. I think the process return error that happens because of "access denied" because I can see a win32Exception with error code 5 when I dig in the prcoess object of .NET. doing the same on some other location worked fine before, so I guess maybe it's something I'm not supposed to do ? (running a process to use a file on the the %TEMP%) perhaps I need to pass security somehow?

Read the article
Storing secret keys on iPhone source and project resources

- by hgpc

Is storing secret keys (internal use passwords and such) on iPhone source code and project resources (such as plist files) secure? Obviously nothing is 100% secure, but can this information be extracted easily from an installed app? How do you recommend storing these keys to use them in the source code? Just in case, this question is not about storing user passwords.

Read the article
URLScan and percent signs

- by Hobbes

So I just ran into a stupid problem in which users could not download files that had a percent sign in it. It wound up being URLScan. I had to un-set two things in urlscan.ini: 1) Set VerifyNormalization to 0 (disabled) 2) Remove the percent sign from the "DenyUrlSequences" section Do an iisreset, and it problem solved. But the big question is: How much of a security risk is this?

Read the article
Extracting the source code of a facebook page with JavaScript

- by Hafizi Vilie

If I write code in the JavaScript console of Chrome, I can retrieve the whole HTML source code by entering: var a = document.body.InnerHTML; alert(a); For fb_dtsg on Facebook, I can easily extract it by writing: var fb_dtsg = document.getElementsByName('fb_dtsg')[0].value; Now, I am trying to extract the code "h=AfJSxEzzdTSrz-pS" from the Facebook Page. The h value is especially useful for Facebook reporting. How can I get the h value for reporting? I don't know what the h value is; the h value is totally different when you communicate with different users. Without that h correct value, you can not report. Actually, the h value is AfXXXXXXXXXXX (11 character values after 'Af'), that is what I know. Do you have any ideas for getting the value or any function to generate on Facebook page. The Facebook Source snippet is below, you can view source on facebook profile, and search h=Af, you will get the value: <code class="hidden_elem" id="ukftg4w44">  </code> Please guide me. How can extract the value exactly? I tried with following code, but the comment block prevent me to extract the code. How can extract the value which is inside comment block? var a = document.getElementsByClassName('hidden_elem')[3].innerHTML;alert(a);

Read the article
Securing a .NET Application [closed]

- by beakersoft

Duplicate: Protecting .NET Code from Reverse Engineering We've recently released a small application and this weekend I found a cracked version of it on Piratebay that had the registration checking removed, so the app ran as if it was a registered version. Apart from using a code obfuscation tool (which doesn't seem to be that hard to get around), are there any standard things we should be doing to make our .NET applications more difficult to crack?

Read the article
How can I provide an ASP.NET Forms Authentication UX while using Active Directory Role and Authentic

- by Nate Bross

Is it possible to use this Role Provider AspNetWindowsTokenRoleProvider with ASP.NET FORMS Authentication (via this MembershipProvider System.Web.Security.ActiveDirectoryMembershipProvider)? It seems to only work with <authentication mode="Windows">, is it possible to use it with FORMS? background -- The objective here is to provide an ASP.NET Forms UX while using Active Directory as the back-end authentication system. If there is another, easy way to do this using built-in technologies, that's great and I'd like to hear about that as well.

Read the article
MD5 hash with salt for keeping password in DB in C#

- by abatishchev

Could you please advise me some easy algorithm for hashing user password by MD5, but with salt for increasing reliability. Now I have this one: private static string GenerateHash(string value) { var data = System.Text.Encoding.ASCII.GetBytes(value); data = System.Security.Cryptography.MD5.Create().ComputeHash(data); return Convert.ToBase64String(data); }

Read the article
Change Browser settings by script

- by jAndy

Hi Folks, Afaik, you can change/manipulate browser settings in Mozilla/Netscape browsers. For Instance "netscape.security.PrivilegeManager.enablePrivilege('someprivilege');" Of course the user gets informed about that and needs to verify the action. My question is, do other browser have similar functionality? IE, Safari/Chrome ? Kind Regards --Andy

Read the article
prevent generating new jsessionid?

- by mr.lost

greetings all my application uses spring framework,spring security 3.0.2 we use apache tomcat as app server the problem is that with each new request to the application a new jsessionid is generated and a new session is created so the user is logged out and that's weird,why generating new jsessionid,how to stop that? i reviewed the code,nothing is creating a new session? is it a framework problem or app server problem or what? your help is very appreciated. thank you.

Read the article
best way to escape and create a slug

- by Mac Taylor

hey guys im somehow confused in using proper functions to escape and create a slug i used this : $slug_title = mysql_real_escape_string()($mtitle); but someone told me not to use it and use urlencode() which one is better for slugs and security as i can see in SO , it inserts - between words : http://stackoverflow.com/questions/941270/validating-a-slug-in-django thanx in advanced

Read the article
Problem making local copy of a webpage

- by Claudiu

I want to run this chrome experiment locally. I copied the .html and .js files, along with the two .jpgs that the demo uses. However, when I run it off my local drive, Chrome gives this error: light.js:89 - Uncaught Error: SECURITY_ERR: DOM Exception 18 Line 89 returns the image data from the canvas after drawing the image to it. What's causing this security exception? It seems to not be Chrome-specific, as Firefox gives the same error.

Read the article
Access the GWT generated javascript source in Eclipse

- by DrDro

In eclipse IDE, how can I see the javascript source code GWT has generated ?

Read the article
Is using js.erb files in conjunction with rails and jquery safe?

- by Yak

Hi, I have seen many resources on using jQuery with rails where people recommend having callback functions in .js.erb files, however I have also heard that passing data this way leaves me vulnerable to man in the middle attacks. Is this true? What are the security concerns and is there a way to do it safely? Thanks

Read the article
Process limit for user in Linux

- by BrainCore

This is the standard question, "How do I set a process limit for a user account in Linux to prevent fork-bombing," with an additional twist. The running program originates as a root-owned Python process, which then setuids/setgids itself as a regular user. As far as I know, at this point, any limits set in /etc/security/limits.conf do not apply; the setuid-ed process may now fork bomb. Any ideas how to prevent this?

Read the article
Office documents prompt for login in anonymous SharePoint site

- by xmt15

I have a MOSS 07 site that is configured for anonymous access. There is a document library within this site that also has anonymous access enabled. When an anonymous user clicks on a PDF file in this library, he or she can read or download it with no problem. When a user clicks on an Office document, he or she is prompted with a login box. The user can cancel out of this box without entering a log in, and will be taken to the document. This happens in IE but not FireFox. I see some references to this question on the web but no clear solutions: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.sharepoint.windowsservices.development&tid=5452e093-a0d7-45c5-8ed0-96551e854cec&cat=en_US_CC8402B4-DC5E-652D-7DB2-0119AFB7C906&lang=en&cr=US&sloc=&p=1 http://www.sharepointu.com/forums/t/5779.aspx http://www.eggheadcafe.com/software/aspnet/30817418/anonymous-users-getting-p.aspx

Read the article
Cassandra use PHP SimpleCassie get all keys

- by chnet

Is it possible to get all keys in a column family using SimpleCassie? I looked at SimpleCassie's google code, but do not figure out. Another issue is that I used following code to access column value. $price = $cassie-keyspace('ToyStore')-cf('Toys')-key('Transformer')-column('Price')-get(); echo $price; It always complains "object of cassandra columnorsupercolumn cannot be converted to string". Is it possible to print out the column value?

Read the article
Experiences with "language converters"?

- by Friedrich

I have read a few articles mentioning converters from one language to another. I'm a bit more than skeptical about the use of such kind of tools. Does anyone know or have experiences let's say about Visual Basic to Java or vs converters? Just one example to pick http://www.tvobjects.com/products/products.html, claims to be the "world leader" or so in that aspect, However if read this: http://dev.mysql.com/tech-resources/articles/active-grid.html There the author states: "The consensus of MySQL users is that automated conversion tools for MS Access do not work. For example, tools that translate existing Access applications to Java often result in 80% complete solutions where finishing the last 20% of the work takes longer than starting from scratch." Well we know we need 80% of the time to implement the first 80% functionality and another 80% of the time for the other 20 %.... So has anyone tried such tools and found them to be worthwhile?

Read the article
ASP.NET ascx.cs via GET

- by Heavy Bytes

Say I have this url: http://site.example/dir/ In this folder I have these files: test.ascx.cs and test.ascx Just to be clear, I am not a .NET developer. From a security point of view - why can't I access http://site.example/dir/test.ascx.cs and how secure is it to keep those files there? I assume IIS filters out request that query these kind of files, but can someone explain me this? Thank you.

Read the article
advice on working on remote asp.net applications

- by Jonesy

Hi folks, I'm a (relatively new) developer using asp.net with VB.NET. Currently all my applications are developed on my PC and then are built and moved onto the web server. I'm going to be working remotely for 3 months in which time I'll be connecting to the company network via VPN. What is the best way to access my projects? I need to have the projects stored on the company network so that others can access them too. So simply copying the projects to my laptop, working on them, then copying them back won't suffice. I tried to just open the projects off of the network share but am getting application trust problems. I'm just wondering what other developers do in this situation? Jonesy

Read the article
To HTMLENCODE or not to HTMLENCODE user input on web form (asp.net vb)

- by Phil

I have many params making up an insert form for example: x.Parameters.AddWithValue("@city", City.Text) I had a failed xss attack on the site this morning, so I am trying to beef up security measures anyway.... Should I be adding my input params like this? x.Parameters.AddWithValue("@city", HttpUtility.HtmlEncode(City.Text)) Is there anything else I should consider to avoid attacks? Thanks

Read the article
Structuring Win32 GUI code

- by kraf

I wish to improve my code and file structure in larger Win32 projects with plenty of windows and controls. Currently, I tend to have one header and one source file for the entire implementation of a window or dialog. This works fine for small projects, but now it has come to the point where these implementations are starting to reach 1000-2000 lines, which is tedious to browse. A typical source file of mine looks like this: static LRESULT CALLBACK on_create(const HWND hwnd, WPARAM wp, LPARAM lp) { setup_menu(hwnd); setup_list(hwnd); setup_context_menu(hwnd); /* clip */ return 0; } static LRESULT CALLBACK on_notify(HWND hwnd, UINT msg, WPARAM wp, LPARAM lp) { const NMHDR* header = (const NMHDR*)lp; /* At this point I feel that the control's event handlers doesn't * necessarily belong in the same source file. Perhaps I could move * each control's creation code and event handlers into a separate * source file? Good practice or cause of confusion? */ switch (header->idFrom) { case IDC_WINDOW_LIST: switch (header->code) { case NM_RCLICK: return on_window_list_right_click(hwnd, wp, lp); /* clip */ } } } static LRESULT CALLBACK wndmain_proc(HWND hwnd, UINT msg, WPARAM wp, LPARAM lp) { switch (msg) { case WM_CREATE: return on_create(hwnd, wp, lp); case WM_CLOSE: return on_close(hwnd, wp, lp); case WM_NOTIFY: return on_notify(hwnd, wp, lp); /* It doesn't matter much how the window proc looks as it just forwards * events to the appropriate handler. */ /* clip */ default: return DefWindowProc(hwnd, msg, wp, lp); } } But now as the window has a lot more controls, and these controls in turn have their own message handlers, and then there's the menu click handlers, and so on... I'm getting lost, and I really need advice on how to structure this mess up in a good and sensible way. I have tried to find good open source examples of structuring Win32 code, but I just get more confused since there are hundreds of files, and within each of these files that seem GUI related, the Win32 GUI code seems so far encapsulated away. And when I finally find a CreateWindowEx statement, the window proc is nowhere to be found. Any advice on how to structure all the code while remaining sane would be greatly appreciated. Thanks! I don't wish to use any libraries or frameworks as I find the Win32 API interesting and valuable for learning. Any insight into how you structure your own GUI code could perhaps serve as inspiration.

Read the article
Solr Multicore Admin Problem

- by Daniel M

Im trying to add a url based security constraint to solr deployed in websphere 6.1. If I specify the core name in the url of the constraint then the admin url for that core gives a 404. Has anyone had any success with this or any suggestions? Cheers

Read the article

< Previous Page | 349 350 351 352 353 354 355 356 357 358 359 360 | Next Page >