Search Results

Search found 30080 results on 1204 pages for 'iframe app'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 424/1204 | < Previous Page | 420 421 422 423 424 425 426 427 428 429 430 431  | Next Page >

  • help req for subsonic

    - by Muhammad Afaq Toufiq
    i m using subsonic with sqlserver its working fine. now my boss say donnt use sqlserver use Oracle database in app config For sqlserver -- now wat changes for oracle database req in app.cof ??? plz help me thanx in advance.

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • Creating a multiplatform webapp with HTML5 and Google maps

    - by Bart L.
    I'm struggling how to develop a webapp for Android and iOS. My first app was a simple todo app which was easy to test in my browser and it only used html, javascript and css. However, I have to create an app which uses Google Maps Api to get the location. I created a simple html5 page to test which places a marker on a map. It works fine when testing it on my local server. But when I create an .apk file for Android, the app doesn't work. So I'm wondering, isn't it possible to use it like this? Do I have the use the phonegap libraries to use their geolocation library? And if so, how do you handle the development of a webapp in phonegap for multiple OS? Do you have to install an Android environment and an iOS environment to each include the right phonegap library and to test them properly? Update: I use the following code on my webserver and it works perfectly. When I upload it in a zip-folder to the photogap cloud and install the APK file on my phone, it doesn't work. <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Simple Geo test</title> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.8/jquery.min.js"></script> </head> <body> <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=true"></script> <script> function success(position) { var mapcanvas = document.createElement('div'); mapcanvas.id = 'mapcontainer'; mapcanvas.style.height = '200px'; mapcanvas.style.width = '200px'; document.querySelector('article').appendChild(mapcanvas); var coords = new google.maps.LatLng(position.coords.latitude, position.coords.longitude); var options = { zoom: 15, center: coords, mapTypeControl: false, navigationControlOptions: { style: google.maps.NavigationControlStyle.SMALL }, mapTypeId: google.maps.MapTypeId.ROADMAP }; var map = new google.maps.Map(document.getElementById("mapcontainer"), options); var marker = new google.maps.Marker({ position: coords, map: map, title:"You are here!" }); } if (navigator.geolocation) { navigator.geolocation.getCurrentPosition(success); } else { error('Geo Location is not supported'); } </script> <article></article> </body> </html>

    Read the article

  • background worker in asp.net

    - by vbNewbie
    I migrate my winforms crawler app to a asp.net web app and would like to know how to implement the background worker thread that I use for very long searches? Another posting mentioned asynchronous pages but I am not sure if this would work or how to apply it. The search function that would run can sometimes run for a few days and I would like the user to have the option to perform other functions still. Can this happen?

    Read the article

  • What is the best way to create a Singleton Webservice in PHP?

    - by ChronoFish
    Hello, We have a need to access a DB that only allows one connection at a time. This screams "singleton" to me. The catch of course is that the singleton connection will be exposed (either directly or indirectly) via a web-service (most probable a SOAP based web-service - located on a separate server from the calling app(s) ) - which means that there may be more than one app / instance attempting to connect to the singleton class. In PHP, what is the best way to create a global singleton or a web-service singleton? TIA

    Read the article

  • How do you return draggable content to their original positions in iPhone dev?

    - by Matt Thomas
    I am wanting to create a button in my iPhone app that when touched will return other draggable elements to their original position. I have looked at the Apple "MoveMe' example, but that returns the button to the center of the screen. I want to be able to position draggable objects around the screen, drag the objects within the app, and then return them to their original starting positions by pressing a designated button. Any help appreciated!

    Read the article

  • Best way to interact with facebook from a Rails Application

    - by ricardohead
    What I want to do is automatically post to facebook when a user post something on his profile (inside my app), I want to remember the user facebook credential to post automatically without asking for his credentials again. Tumblr has already implement this functionality and I want to emulate it. What is the best way to implement this functionality whitin a rails app?

    Read the article

  • Android & Google Maps - close info window with back button

    - by m4ch3t3
    I have an activity that holds a fragment with Google Map view in it. App adds several dozens of markers to the MapView, using MarkerManager and ClusterRenderer to form clusters. The problem is that when I have marker's InfoWindow opened and I press hardware Back button, it closes the app. Instead of that, I would like to have the InfoWindow closed. Is there any straightforward way to achieve this?

    Read the article

  • What's the most minimal Java web MVC framework?

    - by Chris Collins
    I'm looking for a Java web framework that requires the most minimal amount of configuration for a very small app. Spring & Struts are definitely overkill here. This is an app that could be written without any framework at all but I would prefer to use a minimal MVC framework if I can find one.

    Read the article

  • Detecting operating system or computer name through a Java servlet

    - by Ankur
    I have a Java web app that I develop on a Windows machine and will deploy on a Unix machine. There are some file path settings and permissions details that differ on the two (and there is nothing I can do to change this). Is there some way of detecting which machine the app is sitting on (it's only one of two), either by detecting the operating system or the computer's name so I can then using the appropriate settings.

    Read the article

  • javascript source code reuse

    - by vbNewbie
    I am not familiar with javascript and I have had some exposure to java but I found a web application that fits the goals of my app perfectly. The owner has provided the source by viewing the source in the html and I was wondering how hard it would be to reuse the code to deploy a similar app.

    Read the article

  • ld returned 1 exit status

    - by uzay95
    This is the code that i'm trying to run: #include <QApplication> #include <QPushButton> int main(int argc,char *argv[]) { QApplication app(argc,argv); return app.exec(); } And this is the error that i'm getting: :-1: error: collect2: ld returned 1 exit status

    Read the article

  • mobile: html5 vs xhtml

    - by Sean
    I am building a mobile app (hybrid mobile web app but with a native shell) with most users on the iphone (some on the blackberry) and am wondering if it should be written in html5 or xhtml? Any insight would be great.

    Read the article

  • What are the requirements for running .net application on windows ce5?

    - by citronas
    What are the requirements for running .net framework targeted application on Windows CE 5? When I try to start an application that I developed for Windows Mobile 6, I'm getting an error Cannot find 'Projectname' (or one of its components) Make sure the path and filename are correct and that all the required libraries are available My app is a simple hello world app. What could cause that such error message? Is there a way to dertimine which .net compact framework version is running on my system?

    Read the article

  • How to change sync settings through Android API?

    - by Kyle Slattery
    Is there a way to change the sync settings of a Gmail account programmatically with an Android app? For instance, I'd like to enable/disable syncing of a Gmail account from my app, without the user having to do anything. I took a look at AccountManager, but that doesn't seem to be the right place to look.

    Read the article

  • Restoring Typus plugin after changing DB Schema

    - by benoror
    I installed Typus plugin (http://intraducibles.com/projects/typus) for my app and I love it. But along the development of the app I frequently do migrations and change the DB Schema and relationships, and then the plugin fails. Is there a way to re-generate the plugin with the new schema? Thanks!

    Read the article

  • How much does it cost to develop an iphone application?

    - by delooks
    How much can a developer charge for an iphone app like twitterrific. I want to know this because I need such an app with the same functionality for a new community website. I can do Ruby but have no experience with Objective C. So it would be interesting for me if I should start reading books about iPhone programming or outsource the work to a iPhone programmer.

    Read the article

  • Accessing weakly typed facebook sdk result object properties in .NET 3.5 using the API?

    - by John K
    Consider the following in .NET 3.5 (using the Bin\Net35\Facebook*.dll assemblies): var app = new FacebookApp(); var result = app.Get("me"); // want to access result properties with no dynamic ... in the absence of the C# 4.0 dynamic keyword this provides only a generic object. How best should I access the properties of this result value? Are there helper or utility methods or stronger types in the facebook C# sdk, or should I use standard .NET reflection techniques?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 420 421 422 423 424 425 426 427 428 429 430 431  | Next Page >