Search Results

Search found 33677 results on 1348 pages for 'access levels'.

Page 456/1348 | < Previous Page | 452 453 454 455 456 457 458 459 460 461 462 463 | Next Page >

MVC 2 AntiForgeryToken - Why symmetric encryption + IPrinciple?

- by Brad R

We recently updated our solution to MVC 2, and this has updated the way that the AntiForgeryToken works. Unfortunately this does not fit with our AJAX framework any more. The problem is that MVC 2 now uses symmetric encryption to encode some properties about the user, including the user's Name property (from IPrincipal). We are able to securely register a new user using AJAX, after which subsequent AJAX calls will be invalid as the anti forgery token will change when the user has been granted a new principal. There are also other cases when this may happen, such as a user updating their name etc. My main question is why does MVC 2 even bother using symmetric encryption? Any then why does it care about the user name property on the principal? If my understanding is correct then any random shared secret will do. The basic principle is that the user will be sent a cookie with some specific data (HttpOnly!). This cookie is then required to match a form variable sent back with each request that may have side effects (POST's usually). Since this is only meant to protect from cross site attacks it is easy to craft up a response that would easily pass the test, but only if you had full access to the cookie. Since a cross site attacker is not going to have access to your user cookies you are protected. By using symmetric encryption, what is the advantage in checking the contents of the cookie? That is, if I already have sent an HttpOnly cookie the attacker cannot override it (unless a browser has a major security issue), so why do I then need to check it again? After having a think about it it appears to be one of those 'added layer of security' cases - but if your first line of defence has fallen (HttpOnly) then the attacker is going to get past the second layer anyway as they have full access to the users cookie collection, and could just impersonate them directly, instead of using an indirect XSS/CSRF attack. Of course I could be missing a major issue, but I haven't found it yet. If there are some obvious or subtle issues at play here then I would like to be aware of them.

Read the article
Accessing HTTP status code while using WCF client for accessing RESTful services

- by Hemant

Thanks to this answer, I am now able to successfully call a JSON RESTful service using a WCF client. But that service uses HTTP status codes to notify the result. I am not sure how I can access those status codes since I just receive an exception on client side while calling the service. Even the exception doesn't have HTTP status code property. It is just buried in the exception message itself. So the question is, how to check/access the HTTP status code of response when the service is called.

Read the article
EXC_BAD_ACCESS signal received

- by Hector Ramos

When deploying the application to the device, the program will quit after a few cycles with the following error: Program received signal: "EXC_BAD_ACCESS". The program runs without any issue on the iPhone simulator, it will also debug and run as long as I step through the instructions one at a time. As soon as I let it run again, I will hit the EXC_BAD_ACCESS signal. In this particular case, it happened to be an error in the accelerometer code. It would not execute within the simulator, which is why it did not throw any errors. However, it would execute once deployed to the device. Most of the answers to this question deal with the general EXC_BAD_ACCESS error, so I will leave this open as a catch-all for the dreaded Bad Access error. EXC_BAD_ACCESS is typically thrown as the result of an illegal memory access. You can find more information in the answers below. Have you encountered the EXC_BAD_ACCESS signal before, and how did you deal with it?

Read the article
Dependency between multiple classes

- by CliffC

I am confuse between the best way to organize dependency between multiple classes assume i have the following classes Employee, Salary, DataAccess Should i go for: Option1 Employee emp = new Employee(); Salary sal = new Salary(); DataAccess data = new DataAccess(); sal.Calculate(emp); data.Save(emp); or Option2 Employee emp = new Employee(); Salary sal = new Salary(); sal.Calculate(emp); //once salary has been calculated salary object will initialize data access class to do the actual saving. or Option 3 Employee emp = new Employee(); emp.Calculate(); // employee object will encapsulate both the salary and data access object

Read the article
HttpWebRequest socket operation during WPF binding in a property getter

- by wpfwannabe

In a property getter of a C# class I am doing a HTTP GET using HttpWebRequest to some https address. WPF's property binding seems to choke on this. If I try to access the property in a simple method e.g. Button_Clicked, it works perfectly. If I use WPF binding to access the same property, the app seems to be blocked on a socket's recv() method indefinitely. Is it a no-no to do this sort of thing during binding? Is app in some special state during binding? Is there an easy way for me to overcome this limitation and still maintain the same basic idea?

Read the article
File I/O OS handling

- by Albinoswordfish

This isn't a direct coding question but more of a OS handling mechanism. I was reading somebody's previous question regarding C# and file handling. Apparently C# was throwing an exception regarding a file being locked when trying to access this. So my question is, does C# use an internal lock to handle file I/O between processes, or does the OS use some type of mutual exclusion for file I/O? From what I learned about operating systems, well at least unix, is that the OS doesn't implement any type of mutual exclusion for processes trying to access the same file.

Read the article
Hide script extension

- by Ali

I have a html form that posts to a python script test.py. If someone tries to access the script directly, it redirects them to the form. I not using a web framework, just straight python cgi programming. My website is hosted on a shared hosting provider that allows me access to a .htaccess file. I wanted to know if there was a way to have the form post to the script and in the address bar show mydomain.com/test/ and not mydomain.com/test.py ? Thanks.

Read the article
PyQt: How to keep QTreeView nodes correctly expanded after a sort

- by taynaron

I'm writing a simple test program using QTreeModel and QTreeView for a more complex project later on. In this simple program, I have data in groups which may be contracted or expanded, as one would expect in a QTreeView. The data may also be sorted by the various data columns (QTreeView.setSortingEnabled is True). Each tree item is a list of data, so the sort function implemented in the TreeModel class uses the built-in python list sort: self.layoutAboutToBeChanged.emit() self.rootItem.childItems.sort(key=lambda x: x.itemData[col], reverse=order) for item in self.rootItem.childItems: item.childItems.sort(key=lambda x: x.itemData[col], reverse=order) self.layoutChanged.emit() The problem is that whenever I change the sorting of the root's child items (the tree is only 2 levels deep, so this is the only level with children) the nodes aren't necessarily expanded as they were before. If I change the sorting back without expanding or collapsing anything, the nodes are expanded as before the sorting change. Can anyone explain to me what I'm doing wrong? I suspect it's something with not properly reassigning QModelIndex with the sorted nodes, but I'm not sure.

Read the article
Create signed urls for CloudFront with Ruby

- by wiseleyb

History: I created a key and pem file on Amazon. I created a private bucket I created a public distribution and used origin id to connect to the private bucket: works I created a private distribution and connected it the same as #3 - now I get access denied: expected I'm having a really hard time generating a url that will work. I've been trying to follow the directions described here: http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/index.html?PrivateContent.html This is what I've got so far... doesn't work though - still getting access denied: def url_safe(s) s.gsub('+','-').gsub('=','_').gsub('/','~').gsub(/\n/,'').gsub(' ','') end def policy_for_resource(resource, expires = Time.now + 1.hour) %({"Statement":[{"Resource":"#{resource}","Condition":{"DateLessThan":{"AWS:EpochTime":#{expires.to_i}}}}]}) end def signature_for_resource(resource, key_id, private_key_file_name, expires = Time.now + 1.hour) policy = url_safe(policy_for_resource(resource, expires)) key = OpenSSL::PKey::RSA.new(File.readlines(private_key_file_name).join("")) url_safe(Base64.encode64(key.sign(OpenSSL::Digest::SHA1.new, (policy)))) end def expiring_url_for_private_resource(resource, key_id, private_key_file_name, expires = Time.now + 1.hour) sig = signature_for_resource(resource, key_id, private_key_file_name, expires) "#{resource}?Expires=#{expires.to_i}&Signature=#{sig}&Key-Pair-Id=#{key_id}" end resource = "http://d27ss180g8tp83.cloudfront.net/iwantu.jpeg" key_id = "APKAIS6OBYQ253QOURZA" pk_file = "doc/pk-APKAIS6OBYQ253QOURZA.pem" puts expiring_url_for_private_resource(resource, key_id, pk_file) Can anyone tell me what I'm doing wrong here?

Read the article
How can I block based on URL (from address bar) in a safari extension

- by PerilousApricot

I'm trying to write an extension that will block access to (configurable) list of URLs if they are accessed more than N times per hour. From what I understand, I need to have a start script pass a "should I load this" message to a global HTML page (who can access the settings object to get the list of URLs), who will give a thumbs up/thumbs down message back to the start script to deny/allow loading. That works out fine for me, but when I use the usual beforeLoad/canLoad handlers, I get messages for all the sub-items that need to be loaded (images/etc..), which screws up the #accesses/hour limit I'm trying to make. Is there a way to synchronously pass messages back and forth between the two sandboxes so I can tell the global HTML page, "this is the URL in the window bar and the timestamp for when this request came in", so I can limit duplicate requests? Thanks!

Read the article
VS2008: File creation fails randomly in unit testing?

- by Tim

I'm working on implementing a reasonably simple XML serializer/deserializer (log file parser) application in C# .NET with VS 2008. I have about 50 unit tests right now for various parts of the code (mostly for the various serialization operations), and some of them seem to be failing mostly at random when they deal with file I/O. The way the tests are structured is that in the test setup method, I create a new empty file at a certain predetermined location, and close the stream I get back. Then I run some basic tests on the file (varying by what exactly is under test). In the cleanup method, I delete the file again. A large portion (usually 30 or more, though the number varies run to run) of my unit tests will fail at the initialize method, claiming they can't access the file I'm trying to create. I can't pin down the exact reason, since a test that will work one run fails the next; they all succeed when run individually. What's the problem here? Why can't I access this file across multiple unit tests? Relevant methods for a unit test that will fail some of the time: [TestInitialize()] public void LogFileTestInitialize() { this.testFolder = System.Environment.GetFolderPath( System.Environment.SpecialFolder.LocalApplicationData ); this.testPath = this.testFolder + "\\empty.lfp"; System.IO.File.Create(this.testPath); } [TestMethod()] public void LogFileConstructorTest() { string filePath = this.testPath; LogFile target = new LogFile(filePath); Assert.AreNotEqual(null, target); Assert.AreEqual(this.testPath, target.filePath); Assert.AreEqual("empty.lfp", target.fileName); Assert.AreEqual(this.testFolder + "\\empty.lfp.lfpdat", target.metaPath); } [TestCleanup()] public void LogFileTestCleanup() { System.IO.File.Delete(this.testPath); } And the LogFile() constructor: public LogFile(String filePath) { this.entries = new List<Entry>(); this.filePath = filePath; this.metaPath = filePath + ".lfpdat"; this.fileName = filePath.Substring(filePath.LastIndexOf("\\") + 1); } The precise error message: Initialization method LogFileParserTester.LogFileTest.LogFileTestInitialize threw exception. System.IO.IOException: System.IO.IOException: The process cannot access the file 'C:\Users\<user>\AppData\Local\empty.lfp' because it is being used by another process..

Read the article
How do I pass argument from an activity to another in Workflow 4

- by Jimmy Engtröm

Hi I have created an Activity (CodeActivity) that retrieves the temperature where I live. I wan't to add that activity to a workflow and connect it to an if statement/activity that can based on my temperature outargument do different things. But I can't seem to find how to access the outargument from my temperature-activity. This is my first Windows Workflow 4 project so perhaps I'm attacking this in the wrong way. I have: public OutArgument Degrees { get; set; } But how do I access it? I have found tutorials how to get the data when running the activity (only one) but not as part of a workflow. Hope my question makes sence. /Jimmy

Read the article
Group SQL tables in SQL Server Management Studio object explorer

- by MainMa

I have a table which has approximately sixty tables, and other tables are added constantly. Each table is a part of a schema. A such quantity of tables makes it difficult to use Microsoft SQL Server Management Studio 2008. For example, I must scroll up in object explorer to access database related functions, or scroll down each time I need to access Views or Security features. Is it possible to group several tables to be able to expand or collapse them in Object Explorer? Maybe a folder may be displayed for each schema, letting collapse the folders I don't need to use?

Read the article
Silverlight -> WCF -> Database -> problem

- by Billy

Hi there, I have some silverlight code that calls a WCF service which then uses the Entity Framework to access the database and return records. Everything runs fine but ... when I replace the Entity Framework code with classic ADO.NET code I get an error: The remote server returned an error: NotFound When I call the ADO.NET code directly with a unit test it returns records fine so it's not a problem with the ADO.NEt code I used fiddler and it seems to say that the service cannot be found with a "500" error. i don't think it's anything to do with the service as the only thing I change is the technology to access the database. Anyone know what i'm missing here?

Read the article
c# Active Directory via WMI

- by Juri Bogdanov

Hi! Does anyone has some example about accessing Active Directory, LDAP querying using WMI (System.Management namespace) and not System.DirectoryServices namespace. Here on MSDN page it is described a little using CIM classes http://msdn.microsoft.com/en-us/library/aa392320(v=VS.85).aspx But I cant find some C# example realizing it. For example, to access some Win32 class you have to initialize Scope object to use CIMV2 namespace private ConnectionOptions connection; private ManagementScope scope; ... connection = new ConnectionOptions(); ... scope = new ManagementScope("\\\\" + computer + "\\root\\CIMV2", connection); try { scope.Connect(); } And use ObjectQuery class for querying WMI data ObjectQuery objectQuery = new ObjectQuery("SELECT Name FROM Win32_Processor"); ManagementObjectSearcher searcher = ManagementObjectSearcher(scope, objectQuery); foreach (ManagementObject queryObj in searcher.Get()) { return queryObj["Name"].ToString(); } How is it possible to access AD using the same scope? Thanks :)

Read the article
Nasty deep nested loop in Rails

- by CalebHC

I have this nested loop that goes 4 levels deep to find all the image widgets and calculate their sizes. This seems really inefficient and nasty! I have thought of putting the organization_id in the widget model so I could just call something like organization.widgets.(named_scope), but I feel like that's a bad short cut. Is there a better way? Thanks class Organization < ActiveRecord::Base ... def get_image_widget_total total_size = 0 self.trips.each do |t| t.phases.each do |phase| phase.pages.each do |page| page.widgets.each do |widget| if widget.widget_type == Widget::IMAGE total_size += widget.image_file_size end end end end end return total_size end ... end

Read the article
image scaling with C

- by sa125

Hi - I'm trying to read an image file and scale it by multiplying each byte by a scale its pixel levels by some absolute factor. I'm not sure I'm doing it right, though - void scale_file(char *infile, char *outfile, float scale) { // open files for reading FILE *infile_p = fopen(infile, 'r'); FILE *outfile_p = fopen(outfile, 'w'); // init data holders char *data; char *scaled_data; // read each byte, scale and write back while ( fread(&data, 1, 1, infile_p) != EOF ) { *scaled_data = (*data) * scale; fwrite(&scaled_data, 1, 1, outfile); } // close files fclose(infile_p); fclose(outfile_p); } What gets me is how to do each byte multiplication (scale is 0-1.0 float) - I'm pretty sure I'm either reading it wrong or missing something big. Also, data is assumed to be unsigned (0-255). Please don't judge my poor code :) thanks

Read the article
Easiest way to retrofit retry logic on LINQ to SQL migration to SQL Azure

- by Pat James

I have a couple of existing ASP .NET web forms and MVC applications that currently use LINQ to SQL with a SQL Server 2008 Express database on a Windows VPS: one VPS for both IIS and SQL. I am starting to outgrow the VPS's ability to effectively host both SQL and IIS and am getting ready to split them up. I am considering migrating the database to SQL Azure and keeping IIS on the VPS. After doing initial research it sounds like implementing retry logic in the data access layer is a must-do when adopting SQL Azure. I suspect this is even more critical to implement in my situation where IIS will be on a VPS outside of the Azure infrastructure. I am looking for pointers on how to do this with the least effort and impact on my existing code base. Is there a good retry pattern that can be applied once at the LINQ to SQL data access layer, as opposed to having to wrap all of my LINQ to SQL operations in try/catch/wait/retry logic?

Read the article
how to change strip.text labels in ggplot with facet and margin=TRUE

- by Andreas

I have looked here but still can't figure it out. How do I change the strip.text.x labels in a ggplot with faceting? Specifically I am using facet_grid with margins. The strip.text label for the margin is "(all)" - but since I am in a non-english speaking country I would rather write "Total" or something similar in my native tongue. opts(stip.text.x=c(levels(facetvariabel,"Total")) does not work. Any ideas? Example (not really the best dataset for this - but I guess it will work) ggplot(cars, aes(x=dist))+geom_bar()+facet_grid(.~speed, margin=T)

Read the article
How powerful is the <script> tag in ASP.NET ?

- by MarceloRamires

I'm new at web development with .NET, and I'm currently studying a page where I have both separated codebehinds (in my case, a .CS file associated to the ASPX file), and codebehind that is inside the ASPX file inside tags like this: <script runat="server"> //code </script> Q1:What is the main difference (besides logical matters like organization, readability and ETC), what could be done in one way that could not be done in another? What is each mode best suited for ? Q2:If I'm going to develop a simple page with database connection, library imports, access to controls (ascx) and image access in other folders.. which method should I choose ?

Read the article
what is the global.asax Application_Start equivalent when using WAS in IIS7

- by Mike Tours

Hi I'd like to use the netTcpBinding for my WCF application which is currently hosted in IIS7, which means configuring it to use WAS instead. This is fairly straight forward however, my application previously made use of the Application_Start event in the global.asax file. I do not require access to the httpContext(which I understand access has been removed in IIS7), however I would still like to hook into the start or init methods? Does an equivalent exist when hosting an application in WAS as apposed to IIS7? Using classic mode is not an option(again I'm not interested in the httpcontext and this only appears to work if using an http binding) - and I've seen an example of putting a static class instide the app_code folder which looks like a horrible hack.

Read the article
Sending message to windows service by web page

- by Enriquev

Hello, How could I do this with no access denied problem? I have a windows service: protected override void OnCustomCommand(int command) { if (command == 1) { foreach (Process traceProcess in Process.GetProcessesByName("notepad.exe")) { traceProcess.Kill(); } } } when I do this: ServiceController sc = new ServiceController("ProjectManager"); if (sc != null) sc.ExecuteCommand(1); From a windows forms it works, but not from a web page, I get access denied on sc.ExecuteCommand. What's the best way for a web page to talk to a service?

Read the article
What some good books on software testing/quality?

- by mjh2007

I'm looking for a good book on software quality. It would be helpful if the book covered: The software development process (requirements, design, coding, testing, maintenance) Testing roles (who performs each step in the process) Testing methods (white box and black box) Testing levels (unit testing, integration testing, etc) Testing process (Agile, waterfall, spiral) Testing tools (simulators, fixtures, and reporting software) Testing of embedded systems The goal here is to find an easy to read book that summarizes the best practices for ensuring software quality in an embedded system. It seems most texts cover the testing of application software where it is simpler to generate automated test cases or run a debugger. A book that provided solutions for improving quality in a system where the tests must be performed manually and therefore minimized would be ideal.

Read the article
Rails, REST Architecture and HTML 5: Cross domain requests with pre-flight requests

- by Orion

While working on a project to make our site HTML 5 friendly, we were eager to embrace the new method for Cross Domain requests (no more posting through hidden iframes!!!). Using the Access Control specification we begin setting up some tests to verify the behaviour of various browsers. The current Rails RESTful architecture relies on the four HTTP verbs: GET, POST, PUT, DELETE. However in the Access Control spec, it dictates that non-simple methods (PUT, DELETE) require a pre-flight request using the HTTP verb OPTIONS. In addition during testing we discovered that Firefox 3.5.8 pre-flight POST requests as well. My question is this. Is anyone aware of any project for the Rails framework working to address the issue? If not, any opinions about the best strategy to support the OPTIONS method, since it has to support the routes for all the POST, PUT, DELETE methods?

Read the article
Flash ActionScript 3 runtime SecurityError

- by dd

I have swf that loads swf, which loads another swf(video player). Is there a trick in publish settings? everything works fine on my local machine, when I upload it on the sever error happen and video doesnt load SecurityError: Error #2148: SWF file http:// (URL where Site is hosted)/video.swf cannot access local resource file:///Macintosh%20HD/Users/..flash.flv. Only local-with-filesystem and trusted local SWF files may access local resources. at flash.net::NetStream/play() at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_play() at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_setUpStream() at fl.video::VideoPlayer/http://www.adobe.com/2007/flash/flvplayback/internal::_load() at fl.video::VideoPlayer/load() at fl.video::FLVPlayback/doContentPathConnect()

Read the article

< Previous Page | 452 453 454 455 456 457 458 459 460 461 462 463 | Next Page >