Search Results

Search found 22139 results on 886 pages for 'security testing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 424/886 | < Previous Page | 420 421 422 423 424 425 426 427 428 429 430 431  | Next Page >

  • max file upload size change in web.config

    - by Christopher Johnson
    using .net mvc 3 and trying to increase the allowable file upload size. This is what I've added to web.config: <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules runAllManagedModulesForAllRequests="true"> <add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" /> <add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" /> <add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" /> </modules> <handlers> <add name="Elmah" path="elmah.axd" verb="POST,GET,HEAD" type="Elmah.ErrorLogPageFactory, Elmah" preCondition="integratedMode" /> </handlers> <security> <requestFiltering> <requestLimits maxAllowedContentLength="104857600"/> </requestFiltering> </security> *ignore the elmah stuff. it's still not allowing file sizes larger than 50MB and this should allow up to 100MB no? any ideas?

    Read the article

  • Why is OpenSubKey() returning null on my Win 7 64 bit system?

    - by BrMcMullin
    Has anyone seen OpenSubKey() and other Microsoft.Win32 registry functions return null on 64 bit systems when 32 bit registry keys are under Wow6432node in the registry? I'm working on a unit testing framework that makes a call to OpenSubKey() from the .net library. My dev system is a Win 7 64 bit environment with VS 2008 SP1 and the Win 7 SDK installed. The application we're unit testing is a 32 bit application, so the registry is virtualized under HKLM\Software\Wow6432node. When we call: Registry.LocalMachine.OpenSubKey( @"Software\MyCompany\MyApp\" ); Null is returned, however explicitly stating to look here works: Registry.LocalMachine.OpenSubKey( @"Software\Wow6432node\MyCompany\MyApp\" ); From what I understand this function should be agnostic to 32 bit or 64 bit environments and should know to jump to the virtual node. Even stranger is the fact that the exact same call inside a compiled and installed version of our application is running just fine on the same system and is getting the registry keys necessary to run; which are also being placed in HKLM\Software\Wow6432node. Any suggestions? Thanks in advance!

    Read the article

  • When connecting SAP Business One to SQL Server 2005, what is the

    - by Nick
    we have SAP Business One - Fourth Shift Edition running here at a small manufacturing company. The consulting company that has come in to do the installation/implementation uses the "sa" id/pass to initially connect to the database to get the list of companies. From then on, I have to assume that its the sa id/pass that is being used to connect the client software to the database. Is this appropriate? I dont know where this data is being stored... as an ODBC connection? directly in the registry somewhere? Is it secure? Would it be better to set the users network ID in the database security and then use the "trusted connection" setting instead? Or do most people create a separate login in the database for each user and use that in the client settings? seems like the easiest way would be to add the users network login to the sql server security so they can use the "trusted connection"... but then wouldn't that allow ANY software to connect to the database from that machine? So anyways: what are the best-practices for setting this up?

    Read the article

  • Make Ant's delete task fail when a directory exists and is not deleted but not when it doesn't exist

    - by Tim Visher
    I have tho following clean function in my build script and I'd like to know how I can improve it. <target name="clean" description="Clean output directories."> <!-- Must not fail on error because it fails if directories don't exist. Is there really no better way to do this? --> <delete includeEmptyDirs="true" failonerror="false"> <fileset dir="${main.build.directory}" /> <fileset dir="dist" /> <fileset dir="${documentation.build.directory}" /> <fileset dir="/build-testing" /> </delete> </target> Specifically regarding my comment, I'm unhappy with the fact that I can't run this on a fresh box because the directory structure hasn't been set up yet by the other targets. We run the build in such a way that it entirely recreates the structures necessary for testing and deployment every time to avoid stale class files and such. With the way that delete currently is set up, a failure to delete a file does not fail the build and I'd like it to. I don't want it to fail the build if the file doesn't exist though. If it doesn't exist then what I'm asking it to do has already happened. Thoughts?

    Read the article

  • Javascript keyup doesn't work as expected, it executes in instances where I have not removed my fing

    - by Binni
    I'm trying to create a simple game in javascript and I'm stuck on how to deal with keys. Small example: function keyUpEvent(event) { alert(event.keyCode); } window.addEventListener("keyup", keyUpEvent, false); I'm running Ubuntu 9.10 and testing it in Firefox 3.5 and Chromium. If I press and release a button instantly I get an alert, which is to be expected, but when I press and hold a button I get a small pause and then a series of alert windows, the expected result is that I only get an alert window when I remove my finger from a button. I reason it has something to do with the fact that when I press and hold a button in a text area for example I get one character, small pause, and then a series of characters: dddddddddddddddd. I believe it's possible to get around this or do it more right or whatever since this game for example: http://bohuco.net/testing/gamequery/pong.html seams not to be affected by this. But I notice if I try out the jquery keyup demo ( api.jquery.com/keyup/ ) I get the same problem. How can I implement basic game key event handling?

    Read the article

  • ExternalInterface

    - by Jesse
    Hey, so I'm having a bunch of trouble getting ExternalInterface to work, which is odd, because I use it somewhat often. I'm hoping it's something I just missed because I've been looking at it too long. The flash_ready function is correctly returning the objectID, and as far as I can tell, everything else is in order. Unfortunately, when I run it, I get an error (varying by browser) telling me that basically document.getElementById(<movename>).test() is not a valid method. Here's the code: javascript: function flash_ready(i){ document.getElementById(i).test('success!'); } Embed Html (Generated): <script type="text/javascript"> swfobject.embedSWF("/chainmaille/includes/media/flash/upload_image.swf", "/chainmaille/includes/media/flash/upload_image", "500", "50", "9.0.0","expressInstall.swf", {}, {allowScriptAccess:'always', wmode:'transparent'},{id:'uploader_flash',name:'uploader_flash'}); </script> <object type="application/x-shockwave-flash" id="uploader_flash" name="uploader_flash" data="/chainmaille/includes/media/flash/upload_image.swf" width="500" height="50"><param name="allowScriptAccess" value="always"><param name="wmode" value="transparent"></object> AS3 : package com.jesseditson.uploader { import flash.display.MovieClip; import flash.external.ExternalInterface; import flash.system.Security; public class UI extends MovieClip { // Initialization: public function UI() { Security.allowDomain('*'); ExternalInterface.addCallback("test", test); var jscommand:String = "flash_ready('"+ExternalInterface.objectID+"');"; var url:URLRequest = new URLRequest("javascript:" + jscommand + " void(0);"); navigateToURL(url, "_self"); } public function test(t){ trace(t); } } } Swfobject is being included via google code, and the flash embeds just fine, so that's not the problem. I've got a very similar setup working on another server, but can't seem to get it working on this one. It's a Hostgator shared server. Could it be the server's fault? Anybody see any obvious syntax problems? Thanks in advance!

    Read the article

  • Applets failing to load

    - by Roy Tang
    While testing our setup for user acceptance testing, we got some reports that java applets in our web application would occasionally fail to load. The envt where it was reported was WinXP/IE6, and there were no errors found in the java console. Obviously we'd like to avoid it. What sort of things should we be checking for here? On our local servers, everything seems fine. There's some turnaround time when sending questions to the on-site guy, so I'd look to cover as many possible causes as possible. Some more info: We have multiple applets, in the instance that they fail loading, all of them fail loading. The applet jar files vary in size from 2MB to 8MB. I'm told it seems more likely to happen if the applet isn't cached yet, i.e. if they've been able to load the applets once on a given machine, further runs on that machine go smoothly. I'm wondering if there's some sort of network transfer error when downloading the applets, but I don't know how to verify that. Any advise is welcome!

    Read the article

  • How do I simulate the usage of a sequence of web pages?

    - by Rory Becker
    I have a simple sequence of web pages written in ASP.Net 3.5 SP1. Page1 - A Logon Form.... txtUsername, txtPassword and cmdLogon Page2 - A Menu (created using DevExpress ASP.Net controls) Page3 - The page redirected to by the server in the event that the user picks the right menu option in Page2 I would like to create a threaded program to simulate many users trying to use this sequence of pages. I have managed to create a host Winforms app which Launches a new thread for each "User" I have further managed to work out the basics of WebRequest enough to perform a request which retrieves the Logon page itself. Dim Request As HttpWebRequest = TryCast(WebRequest.Create("http://MyURL/Logon.aspx"), HttpWebRequest) Dim Response As HttpWebResponse = TryCast(Request.GetResponse(), HttpWebResponse) Dim ResponseStream As StreamReader = New StreamReader(Response.GetResponseStream(), Encoding.GetEncoding(1252)) Dim HTMLResponse As String = ResponseStream.ReadToEnd() Response.Close() ResponseStream.Close() Next I need to simulate the user having entered information into the 2 TextBoxes and pressing logon.... I have a hunch this requires me to add the right sort of "PostData" to the request. before submitting. However I'm also concerned that "ViewState" may be an issue. Am I correct regarding the PostData? How do I add the postData to the request? Do I need to be concerned about Viewstate? Update: While I appreciate that Selenium or similar products are useful for acceptance testing , I find that they are rather clumsy for what amounts to load testing. I would prefer not to load 100 instances of Firefox or IE in order to simulate 100 users hitting my site. This was the reason I was hoping to take the ASPNet HttpWebRequest route.

    Read the article

  • SqlCe odd results why? -- Same SQL, different results in different apps. Issue with

    - by NitroxDM
    When I run this SQl in my mobile app I get zero rows. select * from inventory WHERE [ITEMNUM] LIKE 'PUMP%' AND [LOCATION] = 'GARAGE' When I run the same SQL in Query Analyzer 3.5 using the same database I get my expected one row. Why the difference? Here is the code I'm using in the mobile app: SqlCeCommand cmd = new SqlCeCommand(Query); cmd.Connection = new SqlCeConnection("Data Source="+filePath+";Persist Security Info=False;"); DataTable tmpTable = new DataTable(); cmd.Connection.Open(); SqlCeDataReader tmpRdr = cmd.ExecuteReader(); if (tmpRdr.Read()) tmpTable.Load(tmpRdr); tmpRdr.Close(); cmd.Connection.Close(); return tmpTable; UPDATE: For the sake of trying I used the code found in one of the answers found here and it works as expected. So my code looks like this: SqlCeConnection conn = new SqlCeConnection("Data Source=" + filePath + ";Persist Security Info=False;"); DataTable tmpTable = new DataTable(); SqlCeDataAdapter AD = new SqlCeDataAdapter(Query, conn); AD.Fill(tmpTable); The issue appears to be with the SqlCeDataReader. Hope this helps someone else out!

    Read the article

  • Login for webapp, needs to be availible for supportstaff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". 1. Authorized licenseholders which does all setup themselves. 2. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want's us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support, we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • jQuery plugin Breaks after ajax call

    - by Jason
    Hello, I am quite a newbie to jQuery/ajax but am having a problem with my site that im making. Basically at first the page loads fine. On the boxes is a fade caption, when the title of the caption is clicked you are brought to an ajax page. Once you use the 'Back' button on browser, or the 'Back to list' button i've made the caption fade plugin no longer works and the box i had previously clicked is no longer clickable. can anyone help? heres my website: http://www.jcianfrone.com/testing jquery: h**p://www.jcianfrone.com/testing/script.js HTML: <div id="pageContent"> <div class="item"><a href="#page6"><img src="images/wrk-kd.jpg" width="286" height="200" alt="Koodikkki"></a><span id="caption"><a href="#">Title</a><p>Description</p></span></div> <div class="item"><a href="#page7"><img src="images/wrk-kd.jpg" width="286" height="200" alt="Koodikkki"></a><span id="caption"><a href="#">Title</a><p>Description</p></span></div> <div class="item"><a href="#page8"><img src="images/wrk-kd.jpg" width="286" height="200" alt="Koodikkki"></a><span id="caption"><a href="#">Title</a><p>Description</p></span></div> <div class="item"><a href="#page9"><img src="images/wrk-kd.jpg" width="286" height="200" alt="Koodikkki"></a><span id="caption"><a href="#">Title</a><p>Description</p></span></div> </div> Many thanks in advance

    Read the article

  • NPE with logging while launching webstart on jre7 update 40

    - by atulsm
    My application was running fine until I upgraded my jre to 7u40. When my application is initializing, it's doing Logger.getLogger("ClassName"), and I'm getting the following exception. java.lang.ExceptionInInitializerError at java.util.logging.Logger.demandLogger(Unknown Source) at java.util.logging.Logger.getLogger(Unknown Source) at com.company.Application.Applet.<clinit>(Unknown Source) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at com.sun.javaws.Launcher.executeApplication(Unknown Source) at com.sun.javaws.Launcher.executeMainClass(Unknown Source) at com.sun.javaws.Launcher.doLaunchApp(Unknown Source) at com.sun.javaws.Launcher.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.NullPointerException at java.util.logging.Logger.setParent(Unknown Source) at java.util.logging.LogManager$6.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.util.logging.LogManager.doSetParent(Unknown Source) at java.util.logging.LogManager.access$1100(Unknown Source) at java.util.logging.LogManager$LogNode.walkAndSetParent(Unknown Source) at java.util.logging.LogManager$LoggerContext.addLocalLogger(Unknown Source) at java.util.logging.LogManager$LoggerContext.addLocalLogger(Unknown Source) at java.util.logging.LogManager.addLogger(Unknown Source) at java.util.logging.LogManager$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.util.logging.LogManager.<clinit>(Unknown Source) The exception is coming from this line: private static Logger logger = Logger.getLogger(Applet.class.getName()); Could it be because of any sideeffects with fix http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=8017174 ? A workaround is to open the java control center and enable logging. This is a concern since by default "Enable Logging" is unchecked. If I select "Enable Logging", the application starts fine.

    Read the article

  • how to set SqlMapClient outside of spring xmls

    - by Omnipresent
    I have the following in my xml configurations. I would like to convert these to my code because I am doing some unit/integration testing outside of the container. xmls: <bean id="MyMapClient" class="org.springframework.orm.ibatis.SqlMapClientFactoryBean"> <property name="configLocation" value="classpath:sql-map-config-oracle.xml"/> <property name="dataSource" ref="IbatisDataSourceOracle"/> </bean> <bean id="IbatisDataSource" class="org.springframework.jndi.JndiObjectFactoryBean"> <property name="jndiName" value="jdbc/my/mydb"/> </bean> code I used to fetch stuff from above xmls: this.setSqlMapClient((SqlMapClient)ApplicationInitializer.getApplicationContext().getBean("MyMapClient")); my code (for unit testing purposes): SqlMapClientFactoryBean bean = new SqlMapClientFactoryBean(); UrlResource urlrc = new UrlResource("file:/data/config.xml"); bean.setConfigLocation(urlrc); DriverManagerDataSource dataSource = new DriverManagerDataSource(); dataSource.setDriverClassName("oracle.jdbc.OracleDriver"); dataSource.setUrl("jdbc:oracle:thin:@123.210.85.56:1522:ORCL"); dataSource.setUsername("dbo_mine"); dataSource.setPassword("dbo_mypwd"); bean.setDataSource(dataSource); SqlMapClient sql = (SqlMapClient) bean; //code fails here when the xml's are used then SqlMapClient is the class that sets up then how come I cant convert SqlMapClientFactoryBean to SqlMapClient

    Read the article

  • Editing a .class file directly, playing around with opcodes

    - by echox
    Hi, today I just tried to play a little bit around with the opcodes in compiled java class file. After inserting iinc 1,1 the java virtual machine responds with: Exception in thread "main" java.lang.ClassFormatError: Truncated class file at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClassCond(ClassLoader.java:632) at java.lang.ClassLoader.defineClass(ClassLoader.java:616) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:141) at java.net.URLClassLoader.defineClass(URLClassLoader.java:283) at java.net.URLClassLoader.access$000(URLClassLoader.java:58) at java.net.URLClassLoader$1.run(URLClassLoader.java:197) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:248) Could not find the main class: Test. Program will exit. This is my example source code: public class Test { public static void main(String[] args) { int i = 5; i++; i++; i++; System.out.println("Number: " + i + "\n"); } } The opcode for an increment is 0x84 + 2 bytes for operands. There's only one section in the resulting class file, which contains 0x84: [..] 8401 0184 0101 8401 01[..] So I would translate this as: iinc 1,1 iinc 1,1 iinc 1,1 corresponding to my i++; i++; i++; I then tried to append just 840101 to increment the variable once more, but that didn't work and resulted in the ClassFormatError. Is there anything like a checksum for the class file? I looked up the format of a classfile in http://java.sun.com/docs/books/jvms/second_edition/html/ClassFile.doc.html but could not find anything which points out to some kind of bytes_of_classfile or something. I also don't understand why the error is "Truncated Class File", because I did append something :-) I know its not a good idea to edit class files directly, but I'm just interested on the VM internals here.

    Read the article

  • Rspec Selenium. Test to check certain Ajax functions passes when i expect it to fail.

    - by alokswain
    I am testing a Ajax action using Rspec and Selenium. My story is as follows: it "should create a new User with any input" do @browser.open "/people" @browser.wait_for_page_to_load "2000" @browser.type "user_name", "Alok Swain" @browser.click "user_submit" @browser.text?("Alok Swain").should be_true end The action i am testing is: def add_user @users = User.all User.create(params[:user]) render :update do |page| page.alert "Created User" page.replace_html "users", :partial => '/people/users_list', :locals => {:users => @users} end end The test fails and the error I get is: 'User should create a new User with any input' FAILED expected false to be true. This test should pass right ? I also kept an alert and tried @browser.is_alert_present.should be_true but i got the same error. I tried @browser.is_text_present("test") and this test succeeded. In the test database a record was created for Alok Swain but when I tried the above assertion it passed when i expected it to fail. Is there any thing else to be done here. What am I missing ?

    Read the article

  • struts datagrid problem - can't solve this problem

    - by shien-angel
    i am creating datagrid using the struts-layout. and i encountered this problem javax.servlet.ServletException: DispatchMapping[/monitor/datagridBL]???????????????????? at org.apache.struts.actions.DispatchAction.getParameter(DispatchAction.java:325) at org.apache.struts.actions.DispatchAction.execute(DispatchAction.java:170) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:431) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at jp.terasoluna.fw.web.struts.action.RequestProcessorEx.process(RequestProcessorEx.java:149) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at javax.servlet.http.HttpServlet.service(HttpServlet.java:707) at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292) at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at jp.co.anicom.fw.web.common.controller.RequestEncodeFilter.doFilter(RequestEncodeFilter.java:42) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at jp.co.anicom.fw.web.common.controller.SessionExpirationFilter.doFilter(SessionExpirationFilter.java:89) at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200) at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106) at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428) at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201) at weblogic.work.ExecuteThread.run(ExecuteThread.java:173) i have been looking for ways on how to solve this. would somebody help me please...

    Read the article

  • Is there a way to prevent Maven Test from rebuilding the database?

    - by Christopher W. Allen-Poole
    I've recently been asked to, effectively, sell my department on unit testing. I can't tell you how excited this makes me, but I do have one concern. We're using JUnit with Spring and Maven, and this means that each time mvn test is called, it rebuilds the database. Obviously, we can't integrate that with our production server -- it would kill valuable data. How do I prevent the rebuilding without telling maven to skip testing? The best I could figure was to assign the script to operate in a test database (line breaks added for readability): mvn test -Ddbunit.schema=<database>test -Djdbc.url=jdbc:mysql://localhost/<database>test? createDatabaseIfNotExist=true&amp; useUnicode=true&amp;characterEncoding=utf-8 I can't help but think there must be a better way. I'm especially interested in learning if there is an easy way to tell Maven to only run tests on particular classes without building anything else? mvn -Dtest=<test-name> test still rebuilds the database. ======= update ======= Bit of egg on my face here. I didn't realize that I was using the same variable in two places, meaning that the POM was using a "skip.test" variable for both rebuilding the database and for running the tests...

    Read the article

  • UAC need for console application

    - by Daok
    I have a console application that require to use some code that need administrator level. I have read that I need to add a Manifest file myprogram.exe.manifest that look like that : <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"> <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"> <security> <requestedPrivileges> <requestedExecutionLevel level="requireAdministrator"> </requestedPrivileges> </security> </trustInfo> </assembly> But it still doesn't raise the UAC (in the console or in debugging in VS). How can I solve this issue? Update I am able to make it work if I run the solution in Administrator or when I run the /bin/*.exe in Administrator. I am still wondering if it's possible to have something that will pop when the application start instead of explicitly right clickRun as Administrator?

    Read the article

  • SiteMap control based on user roles doesn't works

    - by nCdy
    <siteMapNode roles="*"> <siteMapNode url="~/Default.aspx" title=" Main" description="Main" roles="*"/> <siteMapNode url="~/Items.aspx" title=" Adv" description="Adv" roles="Administrator"/> .... any user can see Adv page. That is a trouble and a qustion : why and how to hide out of role sitenodes. but if I do HttpContext.Current.User.IsInRole("Administrator") it shows me if user in Administrator role or not. web config : <authentication mode="Forms"/> <membership defaultProvider="SqlProvider" userIsOnlineTimeWindow="20"> <providers> <add connectionStringName="FlowWebSQL" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="true" passwordFormat="Hashed" applicationName="/" name="SqlProvider" type="System.Web.Security.SqlMembershipProvider"/> </providers> </membership> <roleManager enabled="true" defaultProvider="SqlProvider"> <providers> <add connectionStringName="FlowWebSQL" name="SqlProvider" type="System.Web.Security.SqlRoleProvider" /> </providers> </roleManager>

    Read the article

  • tipfy for Google App Engine: Is it stable? Can auth/session components of tipfy be used with webapp?

    - by cv12
    I am building a web application on Google App Engine that requires users to register with the application and subsequently authenticate with it and maintain sessions. I don't want to force users to have Google accounts. Also, the target audience for the application is the average non-geek, so I'm not very keen on using OpenID or OAuth. I need something simple like: User registers with an e-mail and password, and then can log back in with those credentials. I understand that this approach does not provide the security benefits of Google or OpenID authentication, but I am prepared to trade foolproof security for end-user convenience and hassle-free experience. I explored Django, but decided that consecutive deprecations from appengine-helper to app-engine-patch to django-nonrel may signal that path may be a bit risky in the long-term. I'd like to use a code base that is likely to be maintained consistently. I also explored standalone session/auth packages like gaeutilities and suas. GAEUtilities looked a bit immature (e.g., the code wasn't pythonic in places, in my opinion) and SUAS did not give me a lot of comfort with the cookie-only sessions. I could be wrong with my assessment of these two, so I would appreciate input on those (or others that may serve my objective). Finally, I recently came across tipfy. It appears to be based on Werkzeug and Alex Martelli spoke highly of it here on stackoverflow. I have two primary questions related to tipfy: As a framework, is it as mature as webapp? Is it stable and likely to be maintained for some time? Since my primary interest is the auth/session components, can those components of the tipfy framework be used with webapp, independent of the broader tipfy framework? If yes, I would appreciate a few pointers to how I could go about doing that.

    Read the article

  • Login for webapp, needs to be available for support staff

    - by Christian W
    I know the title is a little off, but it's hard to explain the problem in a short sentence. I am the administrator of a legacy webapp that lets users create surveys and distribute them to a group of people. We have two kinds of "users". Authorized licenseholders which does all setup themselves. Clients who just want to have a survey run, but still need a user (because the webapp has "User" as the top entity in a surveyenvironment.) Sometimes users in #1 want us to do the setup for them (which we offer to do). This means that we have to login as them. This is also how we do support: we login as them and then follow them along, guiding them. Which brings me to my dilemma. Currently our security is below par. But this makes it simple for us to do support. We do want to increase our security, and one thing I have been considering is just doing the normal hashing to DB, however, we need to be able to login as a customer, and if they change their password without telling us, and the password is hashed in the db, we have no way of knowing it. So I was thinking of some kind of twoway encryption for the passwords. Either that or some kind of master password. Any suggestions? (The platform is classic ASP... I said it was legacy...)

    Read the article

  • Allowing Google to bypass CAPTCHA verification - sensible or not?

    - by edanfalls
    My web site has a database lookup; filling out a CAPTCHA gives you 5 minutes of lookup time. There is also some custom code to detect any automated scripts. I do this as I don't want someone data mining my site. The problem is that Google does not see the lookup results when it crawls my site. If someone is searching for a string that is present in the result of a lookup, I would like them to find this page by Googling it. The obvious solution to me is to use the PHP variable $_SERVER['HTTP_USER_AGENT'] to bypass the CAPTCHA and custom security code for the Google bots. My question is whether this is sensible or not. People could then use Google's cache to view the lookup results without having to fill out the CAPTCHA, but would Google's own script detection methods prevent them from data mining these pages? Or would there be some way for people to make $_SERVER['HTTP_USER_AGENT'] appear as Google to bypass the security measures? Thanks in advance.

    Read the article

  • How can I programatically create this custom binding?

    - by user277040
    We've got to access a web service that uses soap11... no problem I'll just set the binding as: BasicHttpBinding wsBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential); Nope. No dice. So I asked the host of the service why we're having authentication issues and he said that our config needed to have this custom binding: <bindings> <customBinding> <binding name="lbinding"> <security authenticationMode="UserNameOverTransport" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11" securityHeaderLayout="Strict" includeTimestamp="false" requireDerivedKeys="true" keyEntropyMode="ServerEntropy"> </security> <textMessageEncoding messageVersion="Soap11" /> <httpsTransport authenticationScheme ="Negotiate" requireClientCertificate ="false" realm =""/> </binding> </customBinding> </bindings> Only problem is we're creating our binding programmatically not via the config. So if someone could point me in the right direction in regards to changing my BasicHttpBinding into a custombinding that conforms to the .config value provided I'll give them a big shiny gold star for the day.

    Read the article

  • Printing to different printers using mozilla.

    - by Nick-ACNB
    I am currently creating a web application that will be deployed in an intranet environment. I chose firefox to be the browser that will run it. However, in the application I am building, I need to be able to print to different printers quickly since they use different paper size depending on what client is coming. To avoid many time-wasting mistakes that could occur, for instance someone choosing the wrong printer and wasting paper. Also, the time used to find the right printer for the job and then pressing print is considered too long in the current context. Is there any solution to this problem? I understand the potential security flaw behind this, but please be aware that this is solely an intranet project and that I can reduce the browser's security to the lowest since they don't access internet. I know there could be something doable behind IE (ActiveX or VBScript) but I am using firefox. Also, I guess there could also be something rather tricky that when you press print on the browser, it saves what needs to be printed to a DB and then there is an exe app that runs and fetch that DB every set ammount of time and print to the right printer. Any suggestion would be greatly appreciated. I doubt I am the only one to ever face this issue! :) Thank you very much.

    Read the article

  • Make PasswordRecovery control work with locked out users ?

    - by Moe Sisko
    Example scenario in an ASP.NET application using SQL Server membership provider : 1) a user can't remember their exact password, and tries many times in a short space of time to login with an invalid password (say 5 times in a 10 minute window). This locks out the user (i.e. sets the IsLockedOut flag of the aspnet_Membership table to 1). 2) user goes to the "forgot my password" screen to try to get a new password emailed to them. This screen uses the PasswordRecovery control. User enters their correct user id, but then cannot go further in the password recovery process, since the IsLockedOut flag is 1. (They don't even get to see their security question). 3) The user would then have to phone tech support to get themselves unlocked etc. To reduce the burden on support staff, we are trying to eliminate step 3) if possible, by making the PasswordRecovery control (if possible), work with locked out users. i.e. when they enter their login ID, the security question comes up, and IF they enter the correct answer, the system will unlock the user, then send the new email to them. I'm wondering if it is possible to tweak the PasswordRecovery control to do this. Or maybe I'm approaching this the wrong way ?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 420 421 422 423 424 425 426 427 428 429 430 431  | Next Page >