Search Results

Search found 30728 results on 1230 pages for 'app pool'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 428/1230 | < Previous Page | 424 425 426 427 428 429 430 431 432 433 434 435  | Next Page >

  • help req for subsonic

    - by Muhammad Afaq Toufiq
    i m using subsonic with sqlserver its working fine. now my boss say donnt use sqlserver use Oracle database in app config For sqlserver -- now wat changes for oracle database req in app.cof ??? plz help me thanx in advance.

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • background worker in asp.net

    - by vbNewbie
    I migrate my winforms crawler app to a asp.net web app and would like to know how to implement the background worker thread that I use for very long searches? Another posting mentioned asynchronous pages but I am not sure if this would work or how to apply it. The search function that would run can sometimes run for a few days and I would like the user to have the option to perform other functions still. Can this happen?

    Read the article

  • .Net Framework version issue

    - by George2
    Hello everyone, I am using IIS 7.0 + Windows Server 2008 x64. I have installed .Net Framework 3.5 on my machine, but from IIS 7.0 application pool .Net framework settings, I could only set version to v1.0 or v2.0, why I cannot set to version v3.5 -- which is the latest version of .Net framework I installed on my machine? thanks in advance, George

    Read the article

  • Creating a multiplatform webapp with HTML5 and Google maps

    - by Bart L.
    I'm struggling how to develop a webapp for Android and iOS. My first app was a simple todo app which was easy to test in my browser and it only used html, javascript and css. However, I have to create an app which uses Google Maps Api to get the location. I created a simple html5 page to test which places a marker on a map. It works fine when testing it on my local server. But when I create an .apk file for Android, the app doesn't work. So I'm wondering, isn't it possible to use it like this? Do I have the use the phonegap libraries to use their geolocation library? And if so, how do you handle the development of a webapp in phonegap for multiple OS? Do you have to install an Android environment and an iOS environment to each include the right phonegap library and to test them properly? Update: I use the following code on my webserver and it works perfectly. When I upload it in a zip-folder to the photogap cloud and install the APK file on my phone, it doesn't work. <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>Simple Geo test</title> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.8/jquery.min.js"></script> </head> <body> <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=true"></script> <script> function success(position) { var mapcanvas = document.createElement('div'); mapcanvas.id = 'mapcontainer'; mapcanvas.style.height = '200px'; mapcanvas.style.width = '200px'; document.querySelector('article').appendChild(mapcanvas); var coords = new google.maps.LatLng(position.coords.latitude, position.coords.longitude); var options = { zoom: 15, center: coords, mapTypeControl: false, navigationControlOptions: { style: google.maps.NavigationControlStyle.SMALL }, mapTypeId: google.maps.MapTypeId.ROADMAP }; var map = new google.maps.Map(document.getElementById("mapcontainer"), options); var marker = new google.maps.Marker({ position: coords, map: map, title:"You are here!" }); } if (navigator.geolocation) { navigator.geolocation.getCurrentPosition(success); } else { error('Geo Location is not supported'); } </script> <article></article> </body> </html>

    Read the article

  • What's the most minimal Java web MVC framework?

    - by Chris Collins
    I'm looking for a Java web framework that requires the most minimal amount of configuration for a very small app. Spring & Struts are definitely overkill here. This is an app that could be written without any framework at all but I would prefer to use a minimal MVC framework if I can find one.

    Read the article

  • What is the best way to create a Singleton Webservice in PHP?

    - by ChronoFish
    Hello, We have a need to access a DB that only allows one connection at a time. This screams "singleton" to me. The catch of course is that the singleton connection will be exposed (either directly or indirectly) via a web-service (most probable a SOAP based web-service - located on a separate server from the calling app(s) ) - which means that there may be more than one app / instance attempting to connect to the singleton class. In PHP, what is the best way to create a global singleton or a web-service singleton? TIA

    Read the article

  • Best way to interact with facebook from a Rails Application

    - by ricardohead
    What I want to do is automatically post to facebook when a user post something on his profile (inside my app), I want to remember the user facebook credential to post automatically without asking for his credentials again. Tumblr has already implement this functionality and I want to emulate it. What is the best way to implement this functionality whitin a rails app?

    Read the article

  • How do you return draggable content to their original positions in iPhone dev?

    - by Matt Thomas
    I am wanting to create a button in my iPhone app that when touched will return other draggable elements to their original position. I have looked at the Apple "MoveMe' example, but that returns the button to the center of the screen. I want to be able to position draggable objects around the screen, drag the objects within the app, and then return them to their original starting positions by pressing a designated button. Any help appreciated!

    Read the article

  • STL container to pop() by priority?

    - by Pirate for Profit
    I'm writing a thread-pool for Qt as QRunnable doesn't handle event loops in new threads. Not too familiar with STL, what would be the best way to pop() something by priority? Priority should probably be a property of MyRunnable imo, but I can always give that info to an STL container when adding the runnable to the queue.

    Read the article

  • Website gives and error " Unrecognized attribute 'targetFramework'"

    - by user1465978
    I installed VS2010 and NET 4.0 framework and created a simple project. When I uploaded to my server (where I also installed the 4.0 framework), I get this error: Unrecognized attribute 'targetFramework' It's coming from this section in the web.config which was auto-generated by VS2010 when I created the project: I've checked and ensure that the application pool for my website on the server is set to "4.0 Integrated". Any feedback on how to get past this error would be appreciated. Thank you!

    Read the article

  • How to show number of jgrowl notfications?

    - by chobo2
    Hi I am using a pool of 5 with jquery. So only 5 notifications should be shown. I think it would be nice to have maybe under the "close all" button to have a count like shown 5 of 20 notifications. To me it could get confusing if I keep closing notifications and new ones keep poping up. I might think there is some sort of problem with the site. Anyone know how to do this?

    Read the article

  • Detecting operating system or computer name through a Java servlet

    - by Ankur
    I have a Java web app that I develop on a Windows machine and will deploy on a Unix machine. There are some file path settings and permissions details that differ on the two (and there is nothing I can do to change this). Is there some way of detecting which machine the app is sitting on (it's only one of two), either by detecting the operating system or the computer's name so I can then using the appropriate settings.

    Read the article

  • Remove a single non-unique value from a sequence in F#

    - by mavnn
    I have a sequence of integers representing dice in F#. In the game in question, the player has a pool of dice and can choose to play one (governed by certain rules) and keep the rest. If, for example, a player rolls a 6, 6 and a 4 and decides to play one the sixes, is there a simple way to return a sequence with only one 6 removed? Seq.filter (fun x -> x != 6) dice removes all of the sixes, not just one.

    Read the article

  • Android & Google Maps - close info window with back button

    - by m4ch3t3
    I have an activity that holds a fragment with Google Map view in it. App adds several dozens of markers to the MapView, using MarkerManager and ClusterRenderer to form clusters. The problem is that when I have marker's InfoWindow opened and I press hardware Back button, it closes the app. Instead of that, I would like to have the InfoWindow closed. Is there any straightforward way to achieve this?

    Read the article

  • javascript source code reuse

    - by vbNewbie
    I am not familiar with javascript and I have had some exposure to java but I found a web application that fits the goals of my app perfectly. The owner has provided the source by viewing the source in the html and I was wondering how hard it would be to reuse the code to deploy a similar app.

    Read the article

  • Flushing JDBC connection pools

    - by Matt
    Does anyone know the best (or any) way to flush a JDBC connection pool? I can't find anything obvious in the documentation. It appears connection pools aren't meant to ever be deleted. My current thought is to delete all DataSources from the hash we store them in, which will trigger our code to make new ones. However, my first attempt throws a ConcurrentModificationException.

    Read the article

  • ld returned 1 exit status

    - by uzay95
    This is the code that i'm trying to run: #include <QApplication> #include <QPushButton> int main(int argc,char *argv[]) { QApplication app(argc,argv); return app.exec(); } And this is the error that i'm getting: :-1: error: collect2: ld returned 1 exit status

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 424 425 426 427 428 429 430 431 432 433 434 435  | Next Page >