Search Results

Search found 23890 results on 956 pages for 'issue'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 353/956 | < Previous Page | 349 350 351 352 353 354 355 356 357 358 359 360  | Next Page >

  • MVC 2 AntiForgeryToken - Why symmetric encryption + IPrinciple?

    - by Brad R
    We recently updated our solution to MVC 2, and this has updated the way that the AntiForgeryToken works. Unfortunately this does not fit with our AJAX framework any more. The problem is that MVC 2 now uses symmetric encryption to encode some properties about the user, including the user's Name property (from IPrincipal). We are able to securely register a new user using AJAX, after which subsequent AJAX calls will be invalid as the anti forgery token will change when the user has been granted a new principal. There are also other cases when this may happen, such as a user updating their name etc. My main question is why does MVC 2 even bother using symmetric encryption? Any then why does it care about the user name property on the principal? If my understanding is correct then any random shared secret will do. The basic principle is that the user will be sent a cookie with some specific data (HttpOnly!). This cookie is then required to match a form variable sent back with each request that may have side effects (POST's usually). Since this is only meant to protect from cross site attacks it is easy to craft up a response that would easily pass the test, but only if you had full access to the cookie. Since a cross site attacker is not going to have access to your user cookies you are protected. By using symmetric encryption, what is the advantage in checking the contents of the cookie? That is, if I already have sent an HttpOnly cookie the attacker cannot override it (unless a browser has a major security issue), so why do I then need to check it again? After having a think about it it appears to be one of those 'added layer of security' cases - but if your first line of defence has fallen (HttpOnly) then the attacker is going to get past the second layer anyway as they have full access to the users cookie collection, and could just impersonate them directly, instead of using an indirect XSS/CSRF attack. Of course I could be missing a major issue, but I haven't found it yet. If there are some obvious or subtle issues at play here then I would like to be aware of them.

    Read the article

  • integrating two systems through email

    - by Martin
    I want to integrate our bug tracker system and our Support system through emails. The bug tracker can kick out an email on every change to bugs/features. I want to download those emails, parse them and create a formatted email that the Support system can understand (ie the subject could be "Issue #4128 fixed"). What is the simplest way to accomplish this using C++ or C#?

    Read the article

  • VC++ libcurl .lib size

    - by silverbandit91
    I'm having an issue with the size of the .lib when I compile libcurl. It's 1.6 MB and the sample program they have is alround 300 KB. I downloaded the latest version (curl-7.20.0) and opened the project file from the lib directory in visual studio 2008. In the project properties I set /MT and compiled a release build. I even tried adding HTTP_ONLY to the processor which didn't seem to affect anything. What's going on?

    Read the article

  • Cassandra API equivalent of "SELECT ... FROM ... WHERE id IN ('...', '...', '...');"

    - by knorv
    Assume the following data set: id age city phone == === ==== ===== alfred 30 london 3281283 jeff 43 sydney 2342734 joe 29 tokyo 1283881 kelly 54 new york 2394929 molly 20 london 1823881 rob 39 sydney 4928381 To get the following result set .. id age phone == === ===== alfred 30 3281283 joe 29 1283881 molly 20 1823881 .. using SQL one would issue .. SELECT id, age, phone FROM dataset WHERE id IN ('alfred', 'joe', 'molly'); What is the corresponding Cassandra API call that would yield the same result set in one command?

    Read the article

  • How to backup database to disk using JPA?

    - by Nitesh Panchal
    Hello, Which query to write in JPQL for backing up database on disk? If in JPQL it's not available even native sql query will do. Also, i would like to bring one issue in front of stackoverflow developers :- This site doesn't properly work in Opera (Opera 9.63). Whenever i write question and click "Post Your question" The button click event doesn't fire at all, may be, the server side event doesn't fire or something. However, no such problem comes in IE and firefox.

    Read the article

  • Powerbuilder run

    - by bpaulette
    Hi, I'm using Powerbuilder to call an external function from a DLL created in C# If I generate an executable it works fine, it call the web service perfectly well, but when I'm trying to run it in "development" mode it don't use the "application_name.exe.config" file. I tried to set "app.config" file hard coded in the DLL, but I was unsuccessful Clues to resolve this issue?

    Read the article

  • SSIS DTS Package flat file error - "The file name specified in the connection was not valid"

    - by MisterZimbu
    I have a pretty basic SSIS package that is attempting to read a file hosted on a share, and import its contents to a database table. The package runs fine when I run it manually within SSIS. However, when I set up a SQL Agent job and attempt to execute it, I get the following error: Executed as user: DOMAIN\UserName. Microsoft (R) SQL Server Execute Package Utility Version 9.00.3042.00 for 64-bit Copyright (C) Microsoft Corp 1984-2005. All rights reserved. Started: 10:14:17 AM Error: 2010-05-03 10:14:17.75 Code: 0xC001401E Source: DataImport Connection manager "Data File Local" Description: The file name "\10.1.1.159\llpf\datafile.dat" specified in the connection was not valid. End Error Error: 2010-05-03 10:14:17.75 Code: 0xC001401D Source: DataAnimalImport Description: Connection "Data File Local" failed validation. End Error DTExec: The package execution returned DTSER_FAILURE (1). Started: 10:14:17 AM Finished: 10:14:17 AM Elapsed: 0.594 seconds. The package execution failed. The step failed. This leads me to believe it's a permissions issue, but every attempt I've made to fix it has failed. What I've tried so far: Run as the SQL Agent account (DOMAIN\SqlAgent) - yields same error. DOMAIN\SqlAgent has "Full Control" permissions on both the share and the uploaded file. Set up a proxy account with a different account's credentials (DOMAIN\Account) - yields same error. Like above, "Full Control" permissions were given over the share to that account. Gave "Everyone" full control permissions over the share (temporarily!). Yielded same error. Manually copied the file to a local path and tested with the SQL Agent account. Worked properly. Added an ActiveX script task that would first copy the remotely hosted file to a local path, and then have the DTS package reference the local file. Gave a completely nondescriptive (even by SSIS standards) error when trying to run the script. Set up a proxy account, using my own personal account's credentials - worked correctly. However, this is not an acceptable solution as there are password policies in place on my account, as well as being a bad practice to set things up this way in general. Any ideas? I'm still convinced it's a permissions issue. However, what I've read from various searches more or less says giving the executing account permissions on the share should work. However, this is not the case here (unless I'm missing something obscure when I'm setting up permissions on the share).

    Read the article

  • .Net Memory limit

    - by Prashant
    I have a .Net application running on a 32 bit box. The application is a windows service. It consistently hovers around 600-800 MB range. Is this a problem. If an application crosses 1 GB, is it a memory issue ?

    Read the article

  • Sending Bulk Emails using PHP

    - by Rose
    Hi All I have to send mails to all users in the site when a new user joins. My problem is the script stops execution after sending around 400 mails. I have set the set_time_limit to 0. And also I am giving sleep(2) after sending 10 mails. What may be the reason behind this issue.Any solution for this problem . Is there any better method to send bulk emails? Thanks in Advance Rose

    Read the article

  • common problem with Hibernate/NHibernate and child IDs

    - by tyndall
    I'm asking both Hibernate and NHibernate groups because I'm thinking this may be a common issue seen on both. What does it usually mean when you call a saveOrUpdate on a child object and... 1) If it is an insert everything works fine. 2) If it is an update its wiping out the parent ID in the database.

    Read the article

  • Cannot resolve IHttpHandler

    - by baron
    For some reason when I am trying to create a class which implements IHttpHandler I cannot resolve IHttpHandler. Statements like: using System.Web; are not helping either. This is a class library project, I am following example here: http://www.15seconds.com/issue/020417.htm What am I doing wrong?

    Read the article

  • User Profile objects are empty, even user logged-in properly?

    - by Ahmed
    I use asp:Login control, user can login properly, but while checking user Profile information within LoggedIn event of Login control, all of the fields in the Profile objects are empty. Also, User.Identity.IsAuthenticated always returns false. But, all of these issue solved while navigating to another page. Why User.Identity.IsAuthenticated returns false, even user logged-in properly? And, is there any way to get user's profile information within LoggedIn event of Login control?

    Read the article

  • Postgre varchar field between

    - by Anton
    I have an addresses table with ZIP code field which has type VARCHAR. I need to select all addresses form this table using ZIP codes range. If I used next code: select * from address where cast(zip as bigint) between 90210 and 90220 I get an error on fields where ZIP code cann't be cast as bigint. How I can resolve this issue?

    Read the article

  • ItemAdded Event for document library in sharepoint 2007

    - by Azra
    hi I am having a document library in share point 2007, I want to validate certain custom properties before a document is uploaded Or Properties are entered when Edit properties event is cliked. I am trying to validate the fields at ItemAdding event whne a documetn is uploaded , however when EditForm.aspx opens up for editing properties, no events firs. How can I troubleshoot the issue? thanks azra

    Read the article

  • GTK TextView automatically resizing

    - by endeavormac
    I'm messing around with GTK and glade for the first time, and I've run across a really annoying issue. When I enter text into a TextView, the TextView automatically resizes larger, pushing other widgets away. This is a really annoying behavior. I do not want my TextView changing size depending on the amount of text within it. Does anyone know what I can do to prevent the TextView from resizing based on its content?

    Read the article

  • Potential issues using member's "from" address and the "sender" header

    - by Paul Burney
    Hi all, A major component of our application sends email to members on behalf of other members. Currently we set the "From" address to our system address and use a "Reply-to" header with the member's address. The issue is that replies from some email clients (and auto-replies/bounces) don't respect the "Reply-to" header so get sent to our system address, effectively sending them to a black hole. We're considering setting the "From" address to our member's address, and the "Sender" address to our system address. It appears this way would pass SPF and Sender-ID checks. Are there any reasons not to switch to this method? Are there any other potential issues? Thanks in advance, -Paul Here are way more details than you probably need: When the application was first developed, we just changed the "from" address to be that of the sending member as that was the common practice at the time (this was many years ago). We later changed that to have the "from" address be the member's name and our address, i.e., From: "Mary Smith" <[email protected]> With a "reply-to" header set to the member's address: Reply-To: "Mary Smith" <[email protected]> This helped with messages being mis-categorized as spam. As SPF became more popular, we added an additional header that would work in conjunction with our SPF records: Sender: <[email protected]> Things work OK, but it turns out that, in practice, some email clients and most MTA's don't respect the "Reply-To" header. Because of this, many members send messages to [email protected] instead of the desired member. So, I started envisioning various schemes to add data about the sender to the email headers or encode it in the "from" email address so that we could process the response and redirect appropriately. For example, From: "Mary Smith" <[email protected]> where the string after "messages" is a hash representing Mary Smith's member in our system. Of course, that path could lead to a lot of pain as we need to develop MTA functionality for our system address. I was looking again at the SPF documentation and found this page interesting: http://www.openspf.org/Best_Practices/Webgenerated They show two examples, that of evite.com and that of egreetings.com. Basically, evite.com is doing it the way we're doing it. The egreetings.com example uses the member's from address with an added "Sender" header. So the question is, are there any potential issues with using the egreetings method of the member's from address with a sender header? That would eliminate the replies that bad clients send to the system address. I don't believe that it solves the bounce/vacation/whitelist issue since those often send to the MAIL FROM even if Return Path is specified.

    Read the article

  • Replacement for vsscanf on msvc

    - by ext
    Hi, I've run into an issue porting a codebase from linux (gcc) to windows (msvc). It seems like the C99 function vsscanf isn't available and has no obvious replacement. I've read about a solution using the internal function _input_l and linking statically to the crt runtime, but unfortunately I cannot link statically since it would mess with all the plugins (as dlls) being loaded by the application. So is there any replacement or a way to write a wrapper for vsscanf?

    Read the article

  • How to fix unresolved external symbol due to MySql Connector C++?

    - by Chan
    Hi everyone, I followed this tutorial http://blog.ulf-wendel.de/?p=215#hello. I tried both on Visual C++ 2008 and Visual C++ 2010. Either static or dynamic, the compiler gave me the same exact error messages: error LNK2001: unresolved external symbol _get_driver_instance Has anyone experience this issue before? Update: + Additional Dependencies: mysqlcppconn.lib + Additional Include Directories: C:\Program Files\MySQL\MySQL Connector C++ 1.0.5\include + Additional Libraries Directories: C:\Program Files\MySQL\MySQL Connector C++ 1.0.5\lib\opt Thanks, Chan Nguyen

    Read the article

  • flex - SWFLoader - authentication

    - by Hamish
    I have an issue where I am trying to load an external SWF using a SWFLoader, but the HTTP server requires authentication. <mx:SWFLoader source="assets/externalswf.swf"></mx:SWFLoader> Is there any way to pass the credentials to the SWFLoader?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 349 350 351 352 353 354 355 356 357 358 359 360  | Next Page >