Search Results

Search found 13222 results on 529 pages for 'security gate'.

Page 402/529 | < Previous Page | 398 399 400 401 402 403 404 405 406 407 408 409  | Next Page >

• Can you let users upload Sinatra apps and run them inside Rails as middleware?

  - by Brian Armstrong

  I want to let users write small custom apps (think themes or plugins on Wordpress) and upload/run them on my site. I'm thinking about using Sinatra apps for this since it would give the users a lot of flexibility, and then running them as middleware inside my rails app. But I can't figure out the security implications of this. I tried creating a simple sinatra app as middleware, and it has access to all the rails models and everything - so that is bad. Is there a way for rack to keep these separate so that the sinatra apps are effectively sandboxed and can't do any bad things (outside of an API or some specific way I setup for them to communicate)? There may be an easier way to accomplish this that I haven't thought of too, so ideas welcome. Thanks!

  Read the article

• Using makecert for Development SSL

  - by John

  Here's my situation: I'm trying to create a SSL certificate that will be installed on all developer's machine's, along with two internal servers (everything is non-production). What do I need to do to create a certificate that can be installed in all of these places? Right now I've got something along these lines, using the makecert application in Microsoft Visual Studio 8\SDK\v2.0\Bin: makecert -r -pe -n "CN=MySite.com Dev" -b 01/01/2000 -e 01/01/2033 -eku 1.3.6.1.5.5.7.3.1 -ss Root -sr localMachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 mycert.cer However, I'm not sure as to how to place this .cer file on the other computers, and when I install it on my local machine IIS, everytime I visit a page via https:, I get the security prompt (even after I've installed the certificate). Has anyone done this before?

  Read the article

• Sharepoint Foundation 2010 installation problems

  - by Robert Koritnik

  I'm having problems installing development machine for Sharepoint (Foundation) 2010. This is what I did so far on the same machine: Installed a clean Windows 7 x64 with 4GB of RAM without being part of any domain. Just a simple standalone machine. Enabled IIS related features as described here except IIS6 related ones (two of them) Installed SQL Server 2008 R2 Development Edition (DB Engine and Writer being enabled but not SQL Agent) Installed Visual Studio 2010 Premium Started installing Sharepoint Foundation 2010 with first extracting files, changing config to enable Windows 7 installation and then installed it as Server Farm (then Complete) to avoid installing SQL Express. Created a separate SPF_CONFIG local user with Logon on as a service right. Opened SPF Management Shell and run New-SPConfigurationDatabase so I am able to use a non-domain username (SPF_CONFIG that I created in the previous step) But all I get is this: The outcome after this error is: Database Sharepoint2010Config is created User SPF_CONFIG is added to SQL Server and attached to this newly created database as dbowner and checking SQL server security logins this user has following rights: dbcreator securityadmin public

  Read the article

• How to create virtual Environment for users on server

  - by Bhushan Nagaonkar

  I have a web application where users can register them self and then save Java and C++ programs in their account. Programs are saved in a tmp directory like, /tmp -user1 --program1 --program2 -user2 --program1 --program2 So all the users folders are in same "tmp" directory. I want to know how can I proved security by not allowing a user to access files of other users. A user will be executing a java or c++ program in his folder which can be used to read files on the server. How to prevent this? I am new to this thing I don't know how to go about this. The server is Linux server and project is in python using Django. Thank in advance

  Read the article

• setting UAC settings of a file in C#

  - by Inam Jameel

  Hi guys. i want to give a file(already present on the client computer .exe) permissions to always execute with administrative permissions. please note that the file i wants to give permissions is already on target machine. and i want to change permissions of that file through another program written in c# and it has administrative permissions to do everything. kindly let me know how to do it i am using this code System.Security.AccessControl.FileSecurity fs = File.GetAccessControl(@"c:\inam.exe"); FileSystemAccessRule fsar = new FileSystemAccessRule("Everyone", FileSystemRights.FullControl, AccessControlType.Allow); fs.AddAccessRule(fsar); File.SetAccessControl(@"c:\inam.exe", fs); this code will change the permissions correctly but still when i execute inam.exe after executing this code the UAC not appeared and also the inam.exe cant perform administrative operations. actually i have already deployed an application on more than 10,000 clients so wants to release a patch to resolve the administrative rights issue.

  Read the article

• groovy (java) error grabbing files

  - by senzacionale

  i can not grab files. I get: java.lang.RuntimeException: Error grabbing Grapes -- [unresolved dependency: org.apache.ivy#ivy;2.1.0: not found start of script which grab files import groovy.text.SimpleTemplateEngine import java.security.MessageDigest import org.apache.commons.cli.OptionBuilder import org.apache.commons.cli.Options import org.apache.commons.cli.PosixParser import org.apache.commons.io.FileUtils import org.apache.ivy.core.settings.IvySettings import org.apache.ivy.plugins.parser.m2.PomModuleDescriptorParser import org.apache.tools.ant.Project import org.apache.tools.ant.ProjectHelper import org.apache.tools.ant.types.Path import org.apache.commons.cli.HelpFormatter //First grab the grapes we need for the script and create a few beans to hold some values @Grab(group = 'org.apache.ant', module = 'ant', version = '1.7.1') @Grab(group = 'commons-io', module = 'commons-io', version = '1.4') @Grab(group = 'commons-cli', module = 'commons-cli', version = '1.2') @Grab(group = 'org.apache.ivy', module = 'ivy', version = '2.1.0')

  Read the article

• "Unable to find a version of the runtime to run this application" running .NET app in virtual XP mac

  - by Pete

  I've written a few winform apps in .net 2.0 which won't run in a virtual XP (running from VirtualBox). I get the error "unable to find a version of the runtime to run this application" (.NET Framework Initialization Error). I've tried fixing the installation of .net and also installing v3.5. I think it's probably a security issue rather than a framework problem, but i'm running under an administrator account. Other .net apps (2.0) run ok, so it might be a strong name/signing problem. I've tried compiling them completely unsigned and also delay signing them with a key and turning on verification skipping with the sn tool. help greatly appreciated!

  Read the article

• Preventing Rails from opening production.log, when it is deployed with jruby-rack into tomcat.

  - by gregor

  I have to to deploy a Ruby on Rails application to an tomcat application server using jruby-rack. Due to security reasons my customer has the webapps directory mounted read only and he won't changed this. The problem that arises is, that the rails logger wants to open the WEB-INF/log/production.log in write mode. He writes nothing to this file because log4j and friends are configured and working, but rails complains that the file is not readable. Are there any suggestions from preventing rails from opening this file?

  Read the article

• Adding AllowPartiallyTrustedCallersAttribute To Paypal ASP.NET SDK

  - by snwr

  Currently, I cannot use Paypal Pro on my host (GoDaddy) because it requires Full trust level. After digging in Google, it seems a workaround is possible by adding AllowPartiallyTrustedCallersAttribute to the Paypal assembly. I have seen code samples that use AllowPartiallyTrustedCallersAttribute in their AssemblyInfo.cs file, however, I've yet to run into a code example that also happens to be using PayPal. My question is where should the AllowPartiallyTrustedCallersAttribute be added in my project if my objective is to make the PayPal assembly work? I have tried adding it to my AssemblyInfo.cs for the project that contains the entire website, but I have not been successful. At this point, any insight or shot in the dark would be greatly appreciated. Even if someone could point me in the general direction of some documentation I would be grateful. AllowPartiallyTrustedCallersAttribute Reference: http://msdn.microsoft.com/en-us/library/system.security.allowpartiallytrustedcallersattribute.aspx

  Read the article

• Key stroke time in Openmoko or any smart phones

  - by Adi

  Dear all, I am doing a project in which I am working on security issues related to smart phones. I want to develop an authentication scheme which is based on biometrics, Every human being have a unique key-hold time,digraph time error rate. Key-Hold Time : Time difference between pressing and releasing a key . Digraph Time : Time difference between releasing one and pressing next one. Error Rate : No of times backspace is pressed. I got these metrics from a paper "Keystroke-based User Identification on Smart Phones" by Saira Zahid1, Muhammad Shahzad1, Syed Ali Khayam1,2, Muddassar Farooq1. I was planning to get the datasets to test my algorithm from openmoko phone, but the phone is mis-behaving and I am finding trouble in generating these time data-sets. If anyone can help me or tell me a good source of data sets for the 3 metrics I defined, it will be a great help. Thanks Aditya

  Read the article

• How to add a Web Reference to a SSL web service?

  - by Matt W

  Hi, I have a web service in a C#/3.5 project which has been running fine. This is until I set the "SSL port" in IIS to 443 and set the "IIS - Directory Security - Secure Communications - Require secure channel (SSL)" option to true. Now, the web reference cannot be updated and I cannot add a new web reference to the web service in that site. When I try to view the service in a browse using just HTTP I get the "This page must be viewed over a secure channel" and when viewed with HTTPS on the front I get "This web page not available." Could someone tell me how to get a Web Reference added using Visual Studio to this secure web service, please? Thanks, Matt.

  Read the article

• How to call webservice using same credentials as Sharepoint?

  - by Saab

  Is it possible to do a webservice call from within an Excel sheet that has been downloaded from a sharepoint server, using the same credentials as the ones that are used for accessing the Sharepoint server? We're currently developing an Excel solution, which does webservice request from within the Excel sheet. This works fine, but the user has to log in at least twice : one for downloading/opening the Excel sheet from Sharepoint, and one to be able to execute the webservice using the right credentials. The Sharepoint server and the client machine are not in the same Active Directory domain. So "System.Security.Principal.WindowsIdentity.GetCurrent()" is not an option, since this will return a user that doesn't exist on the server.

  Read the article

• Make SQL Server 2005 accessible via Internet

  - by Gary Joynes

  I have an application that runs on a client's server built on a SQL Server 2005 database. We have now developed an ASP.NET v2 application which connects to this database. This web application will be hosted on an ISP's server but needs to access the SQL Server database on the client's server. The client's server has a firewall and so forth so I assume it should be possible to make the SQL Server accessible via the Internet but of course I am woriied about security. Can someone point me to some best practices to achieve this.

  Read the article

• Would a Socket Connection Outperform an Intarvaled Database Sweep and Requests?

  - by Jascha

  I'm building a small chat application to add to an existing framework. There will only be 20-50 users MAX at any one time. I was wondering if I could get away with updating a cache file containing (semi) live chat data for whichever users happen to be chatting just by performing timed queries and regular AJAX refreshes for new data as opposed to learning how to open and maintain a socket connection. I'm sure there are existing chat plug-ins out there. But I just had a hell of a time installing one and I could see building the whole damn thing taking just as much time as plugging one in. Am I off to a bad start? Thanks in advance -J (p.s. this is a semi closed network behind a php login so security isn't a great concern)

  Read the article

• File Encryption Operation

  - by kiruthika

  Hi All, I have doubt in gpg command operation . Actually we are using gpg command for encrypting the file . File.txt has following things. Testing hello world My security things. Now I am doing the file encryption for File.txt gpg --symmetric File.txt Now I got File.txt.gpg file , which is encrypted. My doubt, if some open that file and did someone changes in that I am not able get file content . It says my following things. $ gpg --decrypt File.txt.gpg gpg: no valid OpenPGP data found. gpg: decrypt_message failed: eof I want my file content , even though some body has done changes in that . what should I do for this problem....?

  Read the article

• Graceful handling of server timeout in BlazeDS

  - by Rydell

  I have a flex client that makes service calls to a tomcat server running BlazeDS. I would like to gracefully handle server session timeouts in this environment. I do have security constraints on the service, so the client authenticates against a remote object by initializing a ChannelSet based on the destination, and then logging in using that ChannelSet. After the user is authenticated, if they go get a (long) cup of coffee, their session will inevitably time out. I would like the client to detect the timeout, and return the user back to the login page, with the appropriate informational messages. But I am having difficulty finding the best way to detect this timeout from the client. Is it possible, or must I have the server throw an error when the timeout occurs? Thanks!

  Read the article

• Running custom Javascript on every page in Mozilla Firefox

  - by saturn

  I have a custom piece of Javascript which I would like to run on every web page from specific domains, or perhaps simply on every web page. (If you are wondering: it is not malicious. It allows to display formulas by using MathJax.) Is that possible? I tried including it in userContent.css, that of course did not work. A simple Greasemonkey script I tried did not insert it. Is it because of the security precautions? (Which would be very logical). Still, there should be a way to do it on the machine I physically control, by changing something in Mozilla chrome directory, shouldn't it? Anyway, how can I do this for myself?

  Read the article

• Facebook Is it possible to grab a user's data and populate a form in an iframe?

  - by super9

  I am trying to create an iframe tab for a Facebook Page. On this page, I am loading in an iframe which consists of a form from another domain/site. Is it possible to use javascript to query the graph api to load the user's data into this iframe loaded form using javascript such that is appears pre-populated to the user? I am aware that there is a cross domain security issue. In that case, suppose that my iframe tab is now hosted on the same domain as the iframe loaded form, will this be doable now?

  Read the article

• Why exactly is eval evil?

  - by Jay

  I know that Lisp and Scheme programmers usually say that eval should be avoided unless strictly necessary. I´ve seen the same recommendation for several programming languages, but I´ve not yet seen a list of clear arguments against the use of eval. Where can I find an account of the potential problems of using eval? For example, I know the problems of GOTO in procedural programming (makes programs unreadable and hard to maintain, makes security problems hard to find, etc), but I´ve never seen the arguments against eval. Interestingly, the same arguments against GOTO should be valid against continuations, but I see that Shemers, for example, won´t say that continuations are "evil" -- you should just be careful when using them. They´re much more likely to frown upon code using eval than upon code using continuations (as far as I can see -- I could be wrong).

  Read the article

• Spring - MVC - Sanitize URL before redisplaying to the user

  - by Raghav

  In my application , a HTTP GET request URL to the application with script tag is getting redisplayed as it is although it fails the authorization. Example: http://www.example.com/welcome<script>alert("hi")</script> The issue is sanitizing external input entered directly into address bar by modifying existing GET URL. Spring redisplays the submitted URL as it is. Though the script does not get executed in the browser(FF), is there anyway to strip the URL of these values before displaying it back to the user Reference: Spring MVC application filtering HTML in URL - Is this a security issue?

  Read the article

• rpcbind authorization problems

  - by Milan

  Hy, I am using rpcbind (SunRPC) on Arch linux and python rpc.py (wich use standard python socket module) interface for comunication with it, but every time I try to send request for registration or unregistration to rpcbind I get message that I am rejected for security reasons. Only situation when everything works is that when I call rpcbind in insecure mode (rpcbind -i) but I realy want to make everything works in secure mode.I found information from rpcbind datasheet that i can make request in secure mode only from loopback address, but I have tried every aproach i had knew to make such socket and everything fall down. Please help me. Thank you

  Read the article

• Getting "Object is read only" error when setting ClientCredentials in WCF

  - by Paul Mrozowski

  I have a proxy object generated by Visual Studio (client side) named ServerClient. I am attempting to set ClientCredentials.UserName.UserName/Password before opening up a new connection using this code: InstanceContext context = new InstanceContext(this); m_client = new ServerClient(context); m_client.ClientCredentials.UserName.UserName = "Sample"; As soon as the code hits the UserName line it fails with an "Object is read-only" error. I know this can happen if the connection is already open or faulted, but at this point I haven't called context.Open() yet. I have configured the Bindings (which uses netTcpBinding) to use Message as it's security mode, and MessageClientCredentialType is set to UserName. Any ideas?

  Read the article

• problem in loading class from 'me.prettyprint.hector.api.Serializer'

  - by dhananjay patil

  I have created executable jar but having some problem with Class not found Exception. When I type command: java -jar JarFileName.jar arguments.. I get error message, Exception in thread "main" java.lang.NoClassDefFoundError: me/prettyprint/hector/api/Serializer at com.ensarm.niidle.web.scraper.NiidleScrapeManager.main(NiidleScrapeManager.java:21) Caused by: java.lang.ClassNotFoundException: me.prettyprint.hector.api.Serializer at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) ... 1 more please tell me solution for this,class is not getting loaded from the external jar

  Read the article

• Attribute class not calling constructor

  - by Coppermill

  I have created an Attribute, call MyAttribute, which is performing some security and for some reason the Constructor is not being fired, any reason why? public class Driver { // Entry point of the program public static void Main(string[] Args) { Console.WriteLine(SayHello1("Hello to Me 1")); Console.WriteLine(SayHello2("Hello to Me 2")); Console.ReadLine(); } [MyAttribute("hello")] public static string SayHello1(string str) { return str; } [MyAttribute("Wrong Key, should fail")] public static string SayHello2(string str) { return str; } } [AttributeUsage(AttributeTargets.Method)] public class MyAttribute : Attribute { public MyAttribute(string VRegKey) { if (VRegKey == "hello") { Console.WriteLine("Aha! You're Registered"); } else { throw new Exception("Oho! You're not Registered"); }; } }

  Read the article

• Problem in SQL Server 2005 using ASP.Net

  - by megala

  I created one ASP.Net project using SQLServer database as back end.I shows the foollwing error .How to solve this? ===============Coding Imports System.Data.SqlClient Partial Class Default2 Inherits System.Web.UI.Page Dim myConnection As SqlConnection Dim myCommand As SqlCommand Dim ra As Integer Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click myConnection = New SqlConnection("Data Source=JANANI-FF079747\SQLEXPRESS;Initial Catalog=new;Persist Security Info=True;User ID=sa;Password=janani") 'server=localhost;uid=sa;pwd=;database=pubs") myConnection.Open() myCommand = New SqlCommand("Insert into table3 values 'janani','jan'") ra = myCommand.ExecuteNonQuery() ========---> error is showing here MsgBox("New Row Inserted" & ra) myConnection.Close() End Sub End Class =========Error Message============ ExecuteNonQuery: Connection property has not been initialized.

  Read the article

< Previous Page | 398 399 400 401 402 403 404 405 406 407 408 409  | Next Page >