Search Results

Search found 68155 results on 2727 pages for 'data security'.

Page 423/2727 | < Previous Page | 419 420 421 422 423 424 425 426 427 428 429 430 | Next Page >

Can I use encrypt web.config with a custom protection provider who's assembly is not in the GAC?

- by James

I have written a custom protected configuration provider for my web.config. When I try to encrypt my web.config with it I get the following error from aspnet_iisreg aspnet_regiis.exe -pef appSettings . -prov CustomProvider (This is running in my MSBuild) Could not load file or assembly 'MyCustomProviderNamespace' or one of its dependencies. The system cannot find the file specified. After checking with the Fusion log, I confirm it is checking both the GAC, and 'C:/WINNT/Microsoft.NET/Framework/v2.0.50727/' (the location of aspnet_iisreg). But it cannot find the provider. I do not want to move my component into the GAC, I want to leave the custom assembly in my ApplicationBase to copy around to various servers without having to pull/push from the GAC. Here is my provider configuration in the web.config. <configProtectedData> <providers> <add name="CustomProvider" type="MyCustomProviderNamespace.MyCustomProviderClass, MyCustomProviderNamespace" /> </providers> </configProtectedData> Has anyone got any ideas?

Read the article
How to page multiple data sets in ASP.NET MVC

- by REA_ANDREW

On a single view I will have three sets of paged data. Which means for each model I will have The Objects The Page Index The Page Size My initial thought was for example: public class PagedModel<T> where T:class { public IList<T> Objects { get; set; } public int ModelPageIndex { get; set; } public int ModelPageSize { get; set; } } Then having a model which is to be supplied to the action as for example: public class TypesViewModel { public PagedModel<ObjectA> Types1 { get; set; } public PagedModel<ObjectB> Typed2 { get; set; } public PagedModel<ObjectC> Types3 { get; set; } } So if I then for example have the Index view inherit from the type: System.Web.Mvc.ViewPage<uk.co.andrewrea.forum.Web.Models.TypesViewModel> Now my initial aciton method for the index is simply: public ActionResult Index() { var forDisplayPurposes = new TypesViewModel(); return View(forDisplayPurposes); } If I then want to page, it is here where I am struggling to decide which action to take. Lets say that I select the next page of the Types2 PageModel. What should the action look like for this in order to return the new view showing the second page of the Types2 PageModel I was thinking possibly to duplicate the action but use it with POST [AcceptVerbs(HttpVerbs.Post)] public ActionResult Index(TypesViewModel model) { return View(model); } Is this a good way to approach it. I understand there is always Session, but I was just wondering how such a thing is achieved currently out there. If any best methods have been mutually accepted and things. So simply, one page with multiple paged models. How to persist the data for each using a wrapper model. Which way should you pass in the model and which way should you page the data, i.e. Form Post Lastly, I have seen the routes take this into account i.e. {controller}/{action}/{id}/{pageindex}/{pagesize} but this only accounts for one model and I do not really wwant to repeat the pagesize and pageindex values for the number of models I have inside the wrapper model. Thanks for your time!! Andrew

Read the article
Problem parsing XML data to Multi dimensional array

- by Cam

Hi there, i'm still transitioning from as2 to as3, i'm having trouble with parsing XML data to Multi dimensional array, below is the onComplete handler which is succesfully tracing 'event.target.data' but outputs 'A term is undefined and has no properties' when tracing _vein_data[0][0].xPos . I'm guessing there is a easier way to approach it than this attempt private function on_xml_completed(event:Event):void { var XMLPoints:XML = new XML(event.target.data); for ( var i:int = 0; i < XMLPoints.shape.length(); i++ ) { var shapeArray:Array = new Array(); _vein_data.push(shapeArray); for ( var j:int = 0; j < 4; i++ ) { _vein_data[i].push({'xPos':XMLPoints.shape[i].point[j].@xPos, 'yPos':XMLPoints.shape[i].point[j].@yPos}); } } trace(_vein_data[0][0].xPos) loadAsset(); } here's a portion of my XML; <items> <shape> <point xPos="60" yPos="23" /> <point xPos="65" yPos="23" /> <point xPos="93" yPos="85" /> <point xPos="88" yPos="87" /> </shape> <shape> <point xPos="88" yPos="87" /> <point xPos="92" yPos="83" /> <point xPos="145" yPos="174" /> <point xPos="138" yPos="175" /> </shape> <shape> <point xPos="138" yPos="175" /> <point xPos="143" yPos="171" /> <point xPos="147" yPos="211" /> <point xPos="141" yPos="212" /> </shape> </items> thank you in advance for any guidance on this Cam

Read the article
How to remove dangerous characters(ie script tags)?

- by chobo2

I am wondering is there any sort of C# class or 3rd party library that removes dangerous characters such as script tags? I know you can use regex but I also know people can write their script tags so many ways that you can fool the regex into thinking it is OK. I also heard that HTML Agility Pack is good so I am wondering is there any script removal class made for it?

Read the article
How to flush coverage data when my test cause app crash - For ios app

- by Ypy

I want to get the code coverage of my tests. So I set the settings, build an app with .gcno files and run it on simulator. It can get the coverage data successfully if there is no crash issue. But if the app crashed, I will get nothing. So how can I get the code coverage data when the app crash? In my thought, this is because it will not call __gcov_flush() method when app crash. I only add app does not run in background to my plist file, so __gcov_flush() is called only at the time I press Home button. Is there any way to call __gcov_flush() before the app crash?

Read the article
PHP REMOTE_ADDR and secure sessions

- by Christopher McCann

One of the ways I have used to make securer sessions in the past is to also record the clients IP address and user agent at the handshake. Each time the client moves a page and calls session_start() I also check that the IP address and user agent stored is still the same to prevent hiijacking. But if someone is connecting from say a company network then all the users will probably have the same external static IP address and they could also really easily be using the same user agent. Is there other metrics I can use which are local only to the physical machine? Thanks

Read the article
How to determine if a directory path was SUBST'd

- by petejamd

Trying to figure out if a file is in a folder that has been subst'd or is located in a user folder using C#

Read the article
Computer Invisible On Domain

- by Giawa

Good afternoon, I'm sorry that this isn't a programming question specifically, but stackoverflow has been great at answering questions in the past, so I thought I'd give it a shot. One of our Linux users attempted to install Cygwin on our Windows Server 2008 Domain Controller. Now it is no longer possible to browse the domain and see all of the computers. For example, \\my_domain_name will just bring up a username/password dialog box (that will not accept any username or password, even the domain administrator) and no computers will ever be listed. However, I can still connect to computers based on their name or IP address. So \\eridanus or \\192.168.1.85 still work to connect to the shared directories of computers on our network. Does anyone know where I can find these settings? and how I can fix this problem? Thanks, Giawa

Read the article
Which PHP mcrypt cipher is safest?

- by Industrial

So guys, there's plenty of different ciphers available - but which one is the safest to use nowadays? List: http://www.php.net/manual/en/mcrypt.ciphers.php

Read the article
2 Shaders using the same vertex data

- by Fonix

So im having problems rendering using 2 different shaders. Im currently rendering shapes that represent dice, what i want is if the dice is selected by the user, it draws an outline by drawing the dice completely red and slightly scaled up, then render the proper dice over it. At the moment some of the dice, for some reason, render the wrong dice for the outline, but the right one for the proper foreground dice. Im wondering if they aren't getting their vertex data mixed up somehow. Im not sure if doing something like this is even allowed in openGL: glGenBuffers(1, &_vertexBuffer); glBindBuffer(GL_ARRAY_BUFFER, _vertexBuffer); glBufferData(GL_ARRAY_BUFFER, numVertices*sizeof(GLfloat), vertices, GL_STATIC_DRAW); glEnableVertexAttribArray(effect->vertCoord); glVertexAttribPointer(effect->vertCoord, 3, GL_FLOAT, GL_FALSE, 0, 0); glEnableVertexAttribArray(effect->toon_vertCoord); glVertexAttribPointer(effect->toon_vertCoord, 3, GL_FLOAT, GL_FALSE, 0, 0); im trying to bind the vertex data to 2 different shaders here when i load my first shader i have: vertCoord = glGetAttribLocation(TexAndLighting, "position"); and the other shader has: toon_vertCoord = glGetAttribLocation(Toon, "position"); if I use the shaders independently of each other they work fine, but when i try to render both one on top of the other they get the model mixed up some times. here is how my draw function looks: - (void) draw { [EAGLContext setCurrentContext:context]; glBindVertexArrayOES(_vertexArray); effect->modelViewMatrix = mvm; effect->numberColour = GLKVector4Make(numbers[colorSelected].r, numbers[colorSelected].g, numbers[colorSelected].b, 1); effect->faceColour = GLKVector4Make(faceColors[colorSelected].r, faceColors[colorSelected].g, faceColors[colorSelected].b, 1); if(selected){ [effect drawOutline]; //this function prepares the shader glDrawElements(GL_TRIANGLES, numIndices, GL_UNSIGNED_SHORT, 0); } [effect prepareToDraw]; //same with this one glDrawElements(GL_TRIANGLES, numIndices, GL_UNSIGNED_SHORT, 0); } this is what it looks like, as you can see most of the outlines are using the wrong dice, or none at all: links to full code: http://pastebin.com/yDKb3wrD Dice.mm //rendering stuff http://pastebin.com/eBK0pzrK Effects.mm //shader stuff http://pastebin.com/5LtDAk8J //my shaders, shouldn't be anything to do with them though TL;DR: trying to use 2 different shaders that use the same vertex data, but its getting the models mixed up when rendering using both at the same time, well thats what i think is going wrong, quite stumped actually.

Read the article
Deny http access to a directory, allow access from WordPress plugin

- by luke

Hey. I need to prevent direct access to http://www.site.com/wp-content/uploads/folder/something.pdf through the browser. However the Download Monitor plugin I am using, which allows logged in users to download the file, needs to be able to work. Trying Order Allow,Deny Deny from all Allow from all but the download links do not now work... even though (I think) they are links produced by the script e.g. http://www.site.com/wp-content/plugins/download-monitor/download.php?id=something.pdf Enter that in the address bar and you correctly get a WordPress message, 'You must be logged in to download this file.' However, if someone knows the URL where the file was uploaded http://www.site.com/wp-content/uploads/folder/something.pdf they can still access it directly. I don't know how (guesswork?) they would find the direct URL anyway, but the client wants it stopped! Thanks for any help.

Read the article
An introductory text about digital certificates

- by cool-RR

I would like to learn the basics of digital certificates. Including how to create a self-signed certificate. Does anyone know a good introductory text about this?

Read the article
how to implement window based authentication for web service

- by user353881

how to implement window based authentication for web service

Read the article
Restricting access to records. Is claim-based permissions a good idea.

- by Vitalik

in .net Claim-based identity framework If i wanted to restrict users to do an operation (view or edit) on let's say an account, a particular account #123456.(i am talking about business entity, like a bank account.) Is it a good idea to create a claim for each account they can view or edit? Any disadvantages of having a lot of claims in a set? a system admin might have access to all accounts in the system thus creating hundreds of claims (maybe more than one for each account)

Read the article
Java: BufferedImage from raw BMP file format data

- by Victor

Hello there. I've got BMP file's raw pixels table in byte[], it's structure is: (b g r) (b g r) ... (b g r) padding ... (b g r) (b g r) ... (b g r) padding Where r, g, b are byte each, padding is to round row length up to a multiple of 4 bytes. So, how can I create new BufferedImage from this raw data without copying, just using this raw data? I took a look at creating BufferedImage from DataBuffer, but I just didn't get it. Unfortunately ImageIO is not allowed in my situation.

Read the article
Determining when or when not to escape output

- by Ygam

I have a page, where I have approximately 90 items I need to output. Most of them are object properties (I am using ORM so these objects map to my database tables). But the question is, do I have to escape each of those 90 outputs by applying functions to each (in my case, the htmlspecialchars)? Wouldn't that add a bit of an overhead (calling a single function 90 times)?

Read the article
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?

- by Damian Hickey

Can a (||any) proxy server cache content that is requested by a client over https? As the proxy server can't see the querystring, or the http headers, I reckon they can't. I'm considering a desktop application, run by a number of people behind their companies proxy. This application may access services across the internet and I'd like to take advantage of the in-built internet caching infrastructure for 'reads'. If the caching proxy servers can't cache SSL delivered content, would simply encrypting the content of a response be a viable option? I am considering all GET requests that we wish to be cachable be requested over http with the body encrypted using asymmetric encryption, where each client has the decryption key. Anytime we wish to perform a GET that is not cachable, or a POST operation, it will be performed over SSL.

Read the article
ideas: per-file authentication in order to download

- by suIIIha

i would love to use mod_xsendfile but i live in a shared environment which does not provide such a module. processing large files such as videos through a server-side script and sending it to the browser that way seems to be unacceptable in my case, so i am looking for a way to enable per-file authentication in such a way that is not going to consume resources much. nobody shall know what the actual path is to the file they are downloading. please suggest how to do that.

Read the article
Why wouldn't I be able to establish a trust relationship for a SSL/TLS channel?

- by Abe Miessler

I have a piece of .NET code that is erroring out when it makes a call to HTTPWebRequest.GetRequestStream. Here is the error message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. I've read a few things that suggest that I might need a certificate on the machine running the code, but i'm not sure if that's true or how to do it. If I need to get a certificate, how do I do it? Code: var request = (HttpWebRequest)HttpWebRequest.Create(requestUrl); //my url request.Method = StringUtilities.ConvertToString(httpMethod); // Set the http method GET, POST, etc. if (postData != null) { request.ContentLength = postData.Length; request.ContentType = contentType; using (var dataStream = request.GetRequestStream()) { dataStream.Write(postData, 0, postData.Length); } }

Read the article
MS Access: Permission problems with views

- by Keith Williams

"I'll use an Access ADP" I said, "it's only a tiny project and I've got better things to do", I said, "I can build an interface really quickly in Access" I said. </sarcasm> Sorry for the rant, but it's Friday, I have a date in just under two hours, and I'm here late because this just isn't working - so, in despair, I turn to SO for help. Access ADP front-end, linked to a SQL Server 2008 database Using a SQL Server account to log into the database (for testing); this account is a member of the role, "Api"; this role has SELECT, EXECUTE, INSERT, UPDATE, DELETE access to the "Api" schema The "Api" schema is owned by "dbo" All tables have a corresponding view in the Api schema: e.g. dbo.Customer -- Api.Customers The rationale is that users don't have direct table access, but can deal with views as if they were tables I can log into SQL using my test login, and it works fine: no access to the tables, but I can select, insert, update and delete from the Api views. In Access, I see the views, I can open them, but whenever I try to insert or update, I get the following error: The SELECT permission was denied on the object '[Table name which the view is using]', database '[database name]', schema 'dbo' Crazy as it sounds, Access seems to be trying to access the underlying table rather than the view. Any ideas?

Read the article
PHP hashing function not working properly

- by Jordan Foreman

So I read a quick PHP login system securing article, and was trying to sort of duplicate their hashing method, and during testing, am not getting the proper output. Here is my code: function decryptPassword($pw, $salt){ $hash = hash('sha256', $salt . hash('sha256', $pw)); return $hash; } function encryptPassword($pw){ $hash = hash('sha256', $pw); $salt = substr(md5(uniqid(rand(), true)), 0, 3); $hash = hash('sha265', $salt . $hash); return array( 'salt' => $salt, 'hash' => $hash ); } And here is my testing code: $pw = $_GET['pw']; $enc = encryptPassword($pw); $hash = $enc['hash']; $salt = $enc['salt']; echo 'Pass: ' . $pw . '<br />'; echo 'Hash: ' . $hash . '<br />'; echo 'Salt: ' . $salt . '<br />'; echo 'Decrypt: ' . decryptPassword($hash, $salt); Now, the output of this should be pretty obvious, but unfortunately, the $hash variable always comes out empty! I'm trying to figure out what the problem could be, and my only guess would be the second $hash assignment line in the encryptPassword(..) function. After a little testing, I've determined that the first assignment works smoothly, but the second does not. Any suggestions? Thanks SO!

Read the article
Is it immoral to put a captcha on a login form?

- by azkotoki

In a recent project I put a captcha test on a login form, in order to stop possible brute force attacks. The immediate reaction of other coworkers was a request to remove it, saying that it was inapropiate for that purpose, and that it was quite exotic to see a captcha in that place. I've seen captcha images on signup, contact, password recovery forms, etc. So I personally don't see inapropiate to put a captcha also on a place like that. Well, it obviously burns down usability a little bit, but it's a matter of time and getting used to it. With the lack of a captcha test, one would have to put some sort of blacklist / account locking mechanism, which also has some drawbacks. Is it a good choice for you? Am I getting somewhat captcha-aholic and need some sort of group therapy? Thanks in advance.

Read the article
Getting 403 error when using CSRF filter with tomcat 6.0.32

- by sps

This is my filer config in web.xml <filter> <filter-name>CSRFPreventionFilter</filter-name> <filter-class>org.apache.catalina.filters.CsrfPreventionFilter</filter-class> <init-param> <param-name>entryPoints</param-name> <param-value>/login<param-value> </init-param> </filter> <filter-mapping> <filter-name>CSRFPreventionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> Am I missing something? Are any code-changes necessary to enable csrf protection in tomcat

Read the article
Is it possible to make XSS attacks through html comments with JSP code inside?

- by Dmitriy Matveev

Hello! Is it true that following code adds a XSS vulnerability to some JPS page?  It looks like a "leftover debug" and definitely should be removed from the code, but how dangerous is it?

Read the article
RewriteRule help

- by Camran

I have successfully setup htaccess to do this: domain.com/ad.php?ad_id=bmw_m3_2498224 INTO: domain.com/ads/bmw_m3_2498224 However, I have a link on the page which makes the page submit to itself... The link saves the ad inside a cookie: domain.com/ad.php?ad_id=bmw_m3_2498224&save=1 // Note the 'save' variable I need to make this work on the rewritten rule also, so this link: domain.com/ads/bmw_m3_2498224/save will save the cookie... I have this so far which DOES NOT work for the save part: RewriteRule ^annons/([a-zA-Z0-9_]+)$ ad.php?ad_id=$1 [NC,L] How can I include another rule to accomplish what I want? Thanks

Read the article

< Previous Page | 419 420 421 422 423 424 425 426 427 428 429 430 | Next Page >