Search Results

Search found 13222 results on 529 pages for 'security gate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 467/529 | < Previous Page | 463 464 465 466 467 468 469 470 471 472 473 474  | Next Page >

  • What arguments to use to explain why a SQL DB is far better then a flat file

    - by jamone
    The higher ups in my company were told by good friends that flat files are the way to go, and we should switch from MS SQL server to them for everything we do. We have over 300 servers and hundreds of different databases. From just the few I'm involved with we have 10 billion records in quite a few of them with upwards of 100k new records a day and who knows how many updates... Me and a couple others need to come up with a response saying why we shouldn't do this. Most of our stuff is ASP.NET with some legacy ASP. We thought that making a simple console app that tests/times the same interactions between a flat file (stored on the network) and SQL over the network doing large inserts, searches, updates etc along with things like network disconnects randomly. This would show them how bad flat files can be espically when you are dealing with millions of records. What things should I use in my response? What should I do with my demo code to illustrate this? My sort list so far: Security Concurent access Performance with large ammounts of data Ammount of time to do such a massive rewrite/switch Lack of transactions PITA to map relational data to flat files I fear that this will be a great post on the Daily WTF someday if I can't stop it now.

    Read the article

  • Problem with filefield module after migrating drupal site to a new server: cant upload files

    - by oalo
    We have a content type with two imagefield / filefield fields, and after migrating our site to a new server, we have the following problem: When we submit a new item for this content type, with two images for those fields, drupal gives us the following error and does not upload the images: warning: fopen(sites/default/files/.htaccess) [function.fopen]: failed to open stream: Permission denied in /websites/sitename/data/sites/all/modules/filefield/field_file.inc on line 349. warning: fopen(sites/default/files/.htaccess) [function.fopen]: failed to open stream: Permission denied in /websites/sitename/data/sites/all/modules/filefield/field_file.inc on line 349. An image thumbnail was not able to be created. warning: fopen(sites/default/files/.htaccess) [function.fopen]: failed to open stream: Permission denied in /websites/sitename/data/sites/all/modules/filefield/field_file.inc on line 349. warning: fopen(sites/default/files/.htaccess) [function.fopen]: failed to open stream: Permission denied in /websites/sitename/data/sites/all/modules/filefield/field_file.inc on line 349. An image thumbnail was not able to be created. I understand this is a permissions error, but it is not clear to me where do I have to change permissions. Line 349 of file.inc has the following code: if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) { fclose($fp); chmod($directory .'/.htaccess', 0664); } else { $repl = array('%directory' = $directory, '!htaccess' = nl2br(check_plain($htaccess_lines))); form_set_error($form_item, t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines:!htaccess", $repl));

    Read the article

  • ASP.Net MVC, JS injection and System.ArgumentException - Illegal Characters in path

    - by Mose
    Hi, In my ASP.Net MVC application, I use custom error handling. I want to perform custom actions for each error case I meet in my application. So I override Application_Error, get the Server.GetLastError(); and do my business depending on the exception, the current user, the current URL (the application runs on many domains), the user IP, and many others. Obviousely, the application is often the target of hackers. In almost all the case it's not a problem to detect and manage it, but for some JS URL attacks, my error handling does not perform what I want it to do. Ex (from logs) : http://localhost:1809/Scripts/]||!o.support.htmlSerialize&&[1 When I got such an URL, an exception is raised when accessing the ConnectionStrings section in the web.config, and I can't even redirect to another URL. It leads to a "System.ArgumentException - Illegal Characters in path, etc." The screenshot below shows the problem : http://screencast.com/t/Y2I1YWU4 An obvious solution is to write a HTTP module to filter the urls before they reach my application, but I'd like to avoid it because : I like having the whole security being managed in one place (in the Application_Error() method) In the module I cannot access the whole data I have in the application itself (application specific data I don't want to debate here) Questions : Did you meet this problem ? How did you manage it ? Thanks for you suggestions, Mose

    Read the article

  • Some web pages (especially Apple documentation) cause heavy CPU usage in Windows IE8

    - by Mark Lutton
    Maybe this belongs in Server Fault instead, but some of you may have noticed this issue (particularly those developing on Mac, using a Windows machine to read the reference material). I posted the same question on a Microsoft forum and got one answer from someone who reproduced the problem, so it's not just my machine. No solution yet. Ever since this month's security updates, I find that many web pages cause the CPU to run at maximum for as long as the web page is visible. This happens in both IE7 and IE8 on at least three different computers (two with Windows XP, one with Vista). Here is one of the pages, running on XP with IE 8: http://learning2code.blogspot.com/2007/11/update-using-subversion-with-xcode-3.html Here is one that does it in Vista with IE8: http://developer.apple.com/iphone/library/documentation/Cocoa/Reference/Foundation/Classes/NSString_Class/Reference/NSString.html You can leave the page open for hours and the CPU is still at high usage. This doesn't happen every time. It is not always reproduceable. Sometimes it is OK the second or third time it loads. In IE7 the high usage is in ieframe.dll, version 7.0.6000.16890. In IE8 the high usage is in iertutil.dll, version 8.0.6001.18806.

    Read the article

  • Asp.net Web Site Administration Tool with SqlCeMembership

    - by Riderman de Sousa Barbosa
    I am developing an application in MVC 3. I installed this provider via Nuget . Basically, it allows to use any part of memberships, rules and profiles with a .sdf (compact) database. I need the "Web Site Administration Tool" use this provider. But I can not use it. Already checked the web.config and everything is ok. When I open the "Web Site Administration Tool" on the Security I click test (any provider) and the error happens. The following images. Error when clicking test "Could not establish a connection to the database. If you have not yet created the SQL Server database, exit the Web Site Administration tool, use the aspnet_regsql command-line utility to create and configure the database, and then return to this tool to set the provider." Here part of my web.config <authentication mode="Forms" /> <membership> <providers> <add connectionStringName="SqlCeServices" applicationName="/" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed" writeExceptionsToEventLog="false" name="SqlCeMembershipProvider" type="ErikEJ.SqlCeMembershipProvider, ErikEJ.SqlCeMembership" /> </providers> </membership> <profile enabled="false"> <providers> <clear /> <add name="SqlCeProfileProvider" type="ErikEJ.SqlCeProfileProvider" connectionStringName="SqlCeServices" applicationName="/" /> </providers> </profile> <roleManager> <providers> <add connectionStringName="SqlCeServices" applicationName="/" writeExceptionsToEventLog="false" name="SqlCeRoleProvider" type="ErikEJ.SqlCeRoleProvider, ErikEJ.SqlCeMembership" /> </providers> </roleManager> <connectionStrings> <add name="SqlCeServices" connectionString="data source=|DataDirectory|\SqlCeAspnetdb.sdf" /> </connectionStrings>

    Read the article

  • wcf trying to set up tracing to debug, not writing to log file

    - by joey j
    here's my web.config, running a WCF service in an application on IIS7, but nothing is being written to the specified file. permission on the file has been granted for everyone. </listeners> I can add a service reference just fine. I then try to call the service from a windows app and, after a few minutes, get an error on the machine running the windows app "Client is unable to finish the security negotiation within the configured timeout (00:00:00). The current negotiation leg is 1 (00:00:00)." but absolutely nothing is written to the trace log file specified in config. Is there something else I need to do to enable tracing? thanks for your help EDIT: "sources" section now matches the section recommended here: http://msdn.microsoft.com/en-us/library/aa702726.aspx I've added the "diagnostics and the event viewer shows: "Message Logging has been turned on. Sensitive information may be logged in the clear, even if it was encrypted on the wire: for example, message bodies. Process Name: w3wp Process ID: 1784 " but the log file is still empty

    Read the article

  • Copying contents of a MySQL table to a table in another (local) database

    - by Philip Eve
    I have two MySQL databases for my site - one is for a production environment and the other, much smaller, is for a testing/development environment. Both have identical schemas (except when I am testing something I intend to change, of course). A small number of the tables are for internationalisation purposes: TransLanguage - non-English languages TransModule - modules (bundles of phrases for translation, that can be loaded individually by PHP scripts) TransPhrase - individual phrases, in English, for potential translation TranslatedPhrase - translations of phrases that are submitted by volunteers ChosenTranslatedPhrase - screened translations of phrases. The volunteers who do translation are all working on the production site, as they are regular users. I wanted to create a stored procedure that could be used to synchronise the contents of four of these tables - TransLanguage, TransModule, TransPhrase and ChosenTranslatedPhrase - from the production database to the testing database, so as to keep the test environment up-to-date and prevent "unknown phrase" errors from being in the way while testing. My first effort was to create the following procedure in the test database: CREATE PROCEDURE `SynchroniseTranslations` () LANGUAGE SQL NOT DETERMINISTIC MODIFIES SQL DATA SQL SECURITY DEFINER BEGIN DELETE FROM `TransLanguage`; DELETE FROM `TransModule`; INSERT INTO `TransLanguage` SELECT * FROM `PRODUCTION_DB`.`TransLanguage`; INSERT INTO `TransModule` SELECT * FROM `PRODUCTION_DB`.`TransModule`; INSERT INTO `TransPhrase` SELECT * FROM `PRODUCTION_DB`.`TransPhrase`; INSERT INTO `ChosenTranslatedPhrase` SELECT * FROM `PRODUCTION_DB`.`ChosenTranslatedPhrase`; END When I try to run this, I get an error message: "SELECT command denied to user 'username'@'localhost' for table 'TransLanguage'". I also tried to create the procedure to work the other way around (that is, to exist as part of the data dictionary for the production database rather than the test database). If I do it that, way, I get an identical message except it tells me I'm denied the DELETE command rather than SELECT. I have made sure that my user has INSERT, DELETE, SELECT, UPDATE and CREATE ROUTINE privileges on both databases. However, it seems as though MySQL is reluctant to let this user exercise its privileges on both databases at the same time. How come, and is there a way around this?

    Read the article

  • What arguments to use to explain why SQL Server is far better then a flat file

    - by jamone
    The higher ups in my company were told by good friends that flat files are the way to go, and we should switch from SQL Server to them for everything we do. We have over 300 servers and hundreds of different databases. From just the few I'm involved with we have 10 billion records in quite a few of them with upwards of 100k new records a day and who knows how many updates... Me and a couple others need to come up with a response saying why we shouldn't do this. Most of our stuff is ASP.NET with some legacy ASP. We thought that making a simple console app that tests/times the same interactions between a flat file (stored on the network) and SQL over the network doing large inserts, searches, updates etc along with things like network disconnects randomly. This would show them how bad flat files can be especially when you are dealing with millions of records. What things should I use in my response? What should I do with my demo code to illustrate this? My sort list so far: Security Concurrent access Performance with large amounts of data Amount of time to do such a massive rewrite/switch Lack of transactions PITA to map relational data to flat files NTFS doesn't support tons of files in a directory well I fear that this will be a great post on the Daily WTF someday if I can't stop it now.

    Read the article

  • Classloader issue (GWT)

    - by Banang
    I'm currently working on a gwt app, where the server uses a few third party libs. recently I discovered that one of these libs isn't being properly loaded when running my app in deployed mode, and I just can't seem to figure out what out is I'm doing wrong. In my build script I have the following classpath declaration: <path id="project.class.path"> <pathelement location="${war.dir}/WEB-INF/classes"/> <fileset dir="${war.dir}/WEB-INF/lib" includes="**/*.jar"/> </path> and in a later target I copy the jar I need to the right location: <copy todir="${war.dir}/WEB-INF/lib" file="someJar.jar" /> The project builds as it should, without any errors. The jars are copied to where the should be, and are included in the resulting war file. In development mode everything is working as it should, everything gets loaded properly and I hear no complaints. However, in the deployed version I get this thrown at me: java.lang.NoClassDefFoundError: org/apache/commons/lang/exception/NestableRuntimeException java.lang.ClassLoader.defineClass1(Native Method) java.lang.ClassLoader.defineClass(ClassLoader.java:621) java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124) org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2331) org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:976) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1451) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1329) java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) my.package.server.util.SomeUtils.doSomethingFantastic(SomeUtils.java:84) Line 84 in SomeUtils is trying to instantiate a class from someJar.jar. I know very little about how the class loader for gwt works, and I sure could use a hand. Anyone got any ideas on how to solve this?

    Read the article

  • How to receive Email in JEE application

    - by Hank
    Obviously it's not so difficult to send out emails from a JEE application via JavaMail. What I am interested in is the best pattern to receive emails (notification bounces, mostly)? I am not interested in IMAP/POP3-based approaches (polling the inbox) - my application shall react to inbound emails. One approach I could think of would be Keep existing MTA (postfix on linux in my case) - ops team already knows how to configure / operate it For every mail that arrives, spawn a Java app that receives the data and sends it off via JMS. I could do this via an entry in /etc/aliases like myuser: "|/path/to/javahelper" with javahelper calling the Java app, passing STDIN along. MDB (part of JEE application) receives JMS message, parses it, detects bounce message and acts accordingly. Another approach could be Open a listening network socket on port 25 on the JEE application container. Associate a SessionBean with the socket. Bean is part of JEE application and can parse/detect bounces/handle the messages directly. Keep existing MTA as inbound relay, do all its security/spam filtering, but forward emails to myuser (that pass the filter) to the JEE application container, port 25. The first approach I have done before (albeit in a different language/setup). From a performance and (perceived) cleanliness point of view, I think the second approach is better, but it would require me to provide a proper SMTP transport implementation. Also, I don't know if it's at all possible to connect a network socket with a bean... What is your recommendation? Do you have details about the second approach?

    Read the article

  • Project management: Implementing custom errors in VS compilation process

    - by David Lively
    Like many architects, I've developed coding standards through years of experience to which I expect my developers to adhere. This is especially a problem with the crowd that believes that three or four years of experience makes you a senior-level developer.Approaching this as a training and code review issue has generated limited success. So, I was thinking that it would be great to be able to add custom compile-time errors to the build process to more strictly enforce this and other guidelines. For instance, we use stored procedures for ALL database access, which provides procedure-level security, db encapsulation (table structure is hidden from the app), and other benefits. (Note: I am not interested in starting a debate about this.) Some developers prefer inline SQL or parametrized queries, and that's fine - on their own time and own projects. I'd like a way to add a compilation check that finds, say, anything that looks like string sql = "insert into some_table (col1,col2) values (@col1, @col2);" and generates an error or, in certain circumstances, a warning, with a message like Inline SQL and parametrized queries are not permitted. Or, if they use the var keyword var x = new MyClass(); Variable definitions must be explicitly typed. Do Visual Studio and MSBuild provide a way to add this functionality? I'm thinking that I could use a regular expression to find unacceptable code and generate the correct error, but I'm not sure what, from a performance standpoint, is the best way to to integrate this into the build process. We could add a pre- or post-build step to run a custom EXE, but how can I return line- and file-specifc errors? Also, I'd like this to run after compilation of each file, rather than post-link. Is a regex the best way to perform this type of pattern matching, or should I go crazy and run the code through a C# parser, which would allow node-level validation via the parse tree? I'd appreciate suggestions and tales of prior experience.

    Read the article

  • injection attack (I thought I was protected!) <?php /**/eval(base64_decode( everywhere

    - by Cyprus106
    I've got a fully custom PHP site with a lot of database calls. I just got injection hacked. This little chunk of code below showed up in dozens of my PHP pages. <?php /**/ eval(base64_decode(big string of code.... I've been pretty careful about my SQL calls and such; they're all in this format: $query = sprintf("UPDATE Sales SET `Shipped`='1', `Tracking_Number`='%s' WHERE ID='%s' LIMIT 1 ;", mysql_real_escape_string($trackNo), mysql_real_escape_string($id)); $result = mysql_query($query); mysql_close(); For the record, I rarely use mysql_close() at the end though. That just happened to be the code I grabbed. I can't think of any places where I don't use mysql_real_escape_string(), (although I'm sure there's probably a couple. I'll be grepping soon to find out) There's also no places where users can put in custom HTML or anything. In fact, most of the user-accessible pages, if they use SQL calls at all, are almost inevitably "SELECT * FROM" pages that use a GET or POST, depending. Obviously I need to beef up my security, but I've never had an attack like this and I'm not positive what I should do. I've decided to put limits on all my inputs and go through looking to see if i missed a mysql_real_escape_string somewhere... Anybody else have any suggestions? Also... what does this type of code do? Why is it there?

    Read the article

  • How to best future proof my application that needs to connect to Outlook?

    - by Troy
    I have a contact management application written in Delphi which has a “Sync with Outlook” feature that I developed 10 years ago. Now, I’m going back to add some features and fix some bugs. This sync feature uses the Outlook object model to get started, but it has an optional mode called “Use MAPI Enhancements” where it uses pure MAPI to speed up how it looks for changes, and it allows notes to be synced w/ RTF instead of just plain text. I'm wondering if supporting two parallel paths of execution is a good idea or not. If I went with all MAPI, I believe I'd avoid some security prompts, and I'd avoid situations where anti-virus has "script-blocking" features which block my app from connecting to Outlook. But I believe that on the down side, my 32-bit app would not be able to to connect with 64-bit Outlook 2010 using MAPI. And I wonder about the future of MAPI in general. If I stick with the Outlook object model, will my 32-bit app be able to connect to the Outlook object model (since it's out of process COM)? If so, this is a compelling reason to keep my Outlook object model execution path in place. But if not, and if my app needs to be compiled for x64, then why not just go with pure MAPI?

    Read the article

  • Differences between Assembly Code output of the same program

    - by ultrajohn
    I have been trying to replicate the buffer overflow example3 from this article aleph one I'm doing this as a practice for a project in a computer security course i'm taking so please, I badly need your help. I've been the following the example, performing the tasks as I go along. My problem is the assembly code dumped by gdb in my computer (i'm doing this on a debian linux image running on VM Ware) is different from that of the example in the article. There are some constructs which I find confusing. Here is the one from my computer: here is the one from the article... Dump of assembler code for function main: 0x8000490 <main>: pushl %ebp 0x8000491 <main+1>: movl %esp,%ebp 0x8000493 <main+3>: subl $0x4,%esp 0x8000496 <main+6>: movl $0x0,0xfffffffc(%ebp) 0x800049d <main+13>: pushl $0x3 0x800049f <main+15>: pushl $0x2 0x80004a1 <main+17>: pushl $0x1 0x80004a3 <main+19>: call 0x8000470 <function> 0x80004a8 <main+24>: addl $0xc,%esp 0x80004ab <main+27>: movl $0x1,0xfffffffc(%ebp) 0x80004b2 <main+34>: movl 0xfffffffc(%ebp),%eax 0x80004b5 <main+37>: pushl %eax 0x80004b6 <main+38>: pushl $0x80004f8 0x80004bb <main+43>: call 0x8000378 <printf> 0x80004c0 <main+48>: addl $0x8,%esp 0x80004c3 <main+51>: movl %ebp,%esp 0x80004c5 <main+53>: popl %ebp 0x80004c6 <main+54>: ret 0x80004c7 <main+55>: nop As you can see, there are differences between the two. I'm confuse and I can't understand totally the assembly code from my computer. I would like to know the differences between the two. How is pushl different from push, mov vs movl , and so on... what does the expression 0xhexavalue(%register) means? I am sorry If I'm asking a lot, But I badly need your help. Thanks for the help really...

    Read the article

  • How to call a javascript function from one frame to another in Chrome/Webkit

    - by bambax
    I have developped an application that has a list of items in one frame; when one clicks on an item it does something in another frame (loads an image). This used to work fine in all browsers, including Chrome 3; now it still works fine in FF but in recent versions of Chrome (I believe since 4) it throws this error: Unsafe JavaScript attempt to access frame with URL (...) from frame with URL (...). Domains, protocols and ports must match. This is obviously a security "feature" but is it possible to get around it? Here is a simple test: index.html: <html> <frameset> <frame src="left.html" name="left"/> <frame src="right.html" name="right"/> </frameset> </html> left.html: <html> <body> <a href="javascript:parent.right.test('hello');">click me</a> </body> </html> right.html: <html> <body> <script> function test(msg) { alert(msg); } </script> </body> </html> The above works in FF 3.6 and Chrome 3 but in Chrome 5 it throws the above error...

    Read the article

  • Netbeans with Oracle connection java.lang.ClassNotFoundException

    - by Attilah
    I use NetBeans 6.5 . When I try to run the following code : package com.afrikbrain.numeroteur16; import java.sql.Connection; import java.sql.DriverManager; import java.sql.SQLException; import java.util.logging.Level; import java.util.logging.Logger; /** * * @author */ public class NumeroteurTest { public NumeroteurTest() { } public void doIt() throws ClassNotFoundException{ try { Class.forName("oracle.jdbc.OracleDriver"); Connection connection = DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:XE","user","pwd"); String newNUMERO = new Numeroteur16("MATCLI", connection).numeroter(); System.out.println("NUMERO GENERE : "+newNUMERO.toString()); } catch (SQLException ex) { Logger.getLogger(NumeroteurTest.class.getName()).log(Level.SEVERE, null, ex); ex.printStackTrace(); } catch (NumException ex) { System.out.println(ex.getMessage()); ex.printStackTrace(); } } public static void main(String[] args){ try { new NumeroteurTest().doIt(); } catch (ClassNotFoundException ex) { Logger.getLogger(NumeroteurTest.class.getName()).log(Level.SEVERE, null, ex); System.out.println("Driver not found."); } } } when running it, I get this error : java.lang.ClassNotFoundException: oracle.jdbc.OracleDriver at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:169) at com.afrikbrain.numeroteur16.NumeroteurTest.doIt(NumeroteurTest.java:27) at com.afrikbrain.numeroteur16.NumeroteurTest.main(NumeroteurTest.java:45) Driver not found. how do I solve this problem ?

    Read the article

  • Sometimes can rename, remove a folder; sometimes cannot

    - by Vy Clarks
    In my website project. I need to rename or remove some folder by code. Sometimes I can do all of that, but sometimes I cannot with error: Access to the path is denied Try to find to solution on Google. May be, there are two reason: The permisstion of that Folder Some subFolder or some file in that Folder that's being held open. Try to check: Right click on Folder- Properties-- Security: if this is the right way to check the permission, the Folder allowes every action (read, write....) There are no file, no subfolder of that Folder is opened. Why? I still dont understant why sometimes I can rename folder but sometimes I cannot. Help!! I need your opinions!!! UPDATE: take a look at my code above: I want to rename the a folder with the new name inputed in a Textbox txtFilenFolderName: protected void btnUpdate_Click(object sender, EventArgs e) { string[] values = EditValue; string oldpath = values[0];// = "D:\\C#Projects\\website\\Lecturer\\giangvien\\New folder" string oldName = values[2]; //= New Folder string newName = txtFilenFolderName.Text; //= New Folder1 string newPath = string.Empty; if (oldName != newName) { newPath = oldpath.Replace(oldName, newName); Directory.Move(oldpath, newPath); } else lblmessage2.Text = "New name must not be the same as the old "; } } Try to debug: oldpath = "D:\\C#Projects\\website\\Lecturer\\giangvien\\New folder" oldName = New Folder newName= New Folder1 newpath = "D:\\C#Projects\\website\\Lecturer\\giangvien\\New folder1" Everything seems right, but I when I click on buton Edit --- rename--- Update--- an error occur: Access to the path is denied D:\\C#Projects\\website\\Lecturer\\giangvien\\New folder Help!

    Read the article

  • IIS Restrict Access to Directory for table of users

    - by Dave
    I am trying to restrict access to files in a directory and it's sub directories based user rights. My user rights are stored in an MS SQL database in a custom format, however it is easy to query the list of users with rights to this directory. I need to know how to apply this to a web config on the server to authenticate against a query of a database table to determine if the username is authenticated and allowed to view the file. Of course if they are not they should be blocked / given a 404. I am using IIS and ASP.Net MVC3 with a form based security as opposed to the built in roles and responsibilities that was custom made for us and that works great. There are over 10k users tied to this non-Active Directory authentication so I am not planning to change my authentication type so please don't go there. It is not my decision on the choice of platform, or I would have gone with a LAMP server and been done with this. Edit 11-13-2012 @ 8:57a: In the web config can you put the result of an SQL query?

    Read the article

  • How do I read a public twitter feed using .Net

    - by Jeff Weber
    I'm trying to read the public twitter status of a user so I can display it in my Windows Phone application. I'm using Scott Gu's example: http://weblogs.asp.net/scottgu/archive/2010/03/18/building-a-windows-phone-7-twitter-application-using-silverlight.aspx When my code comes back from the async call, I get a "System.Security.SecurityException" as soon as I try to use the e.Result. I know my uri is correct because I can plop it in the browser and get good results. Here is my relavent code: public void LoadNewsLine() { WebClient twitter = new WebClient(); twitter.DownloadStringCompleted += new DownloadStringCompletedEventHandler(twitter_DownloadStringCompleted); twitter.DownloadStringAsync(new Uri("http://api.twitter.com/1/statuses/user_timeline.xml?screen_name=krashlander")); } void twitter_DownloadStringCompleted(object sender, DownloadStringCompletedEventArgs e) { XElement xmlTweets = XElement.Parse(e.Result); //exception thrown here! var message = from tweet in xmlTweets.Descendants("status") select tweet.Element("text").Value; //Set message and tell UI to update. //NewsLine = message.ToString(); //RaisePropertyChanged("NewsLine"); } Any ideas anyone?

    Read the article

  • amount of data returned by wcf 3.0 service contract method causes error

    - by ferrell carr
    CommuncationException was unhandled The maximum message size quota for incoming messages (65536) has been exceeded. To increase the quota, use the MaxReceivedMessageSize property on the appropriate binding element. here is my svc.map file <?xml version="1.0" encoding="utf-8"?> <ServiceReference> <ProxyGenerationParameters ServiceReferenceUri="http://d3w9501/SimpleWCF/SimpleWCF.svc" Name="svc" NotifyPropertyChange="False" UseObservableCollection="False"> </ProxyGenerationParameters> <EndPoints> <EndPoint Address="http://d3w9501.americas.hpqcorp.net/SimpleWCF/SimpleWCF.svc" BindingConfiguration="BasicHttpBinding_ISimpleWCF" Contract="TestSimpleWCF.svc.ISimpleWCF" > </EndPoint> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_ISimpleWCF" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" > <security mode="None" /> </binding> </basicHttpBinding> </bindings> </EndPoints> </ServiceReference>

    Read the article

  • Should client-server code be written in one "project" or two?

    - by Ricket
    I've been beginning a client-server application. At first I naturally created two projects in Eclipse, two source control repositories, etc. But I'm quickly seeing that there is a bit of shared code between the two that would probably benefit to sharing instead of copying. In addition, I've been learning and trying test-driven development, and it seems to me that it would be easier to test based on real client components rather than having to set up a huge amount of code just to mock something, when the code is probably mostly in the client. My biggest concern in merging the client and server is of security; how do I ensure that the server pieces of the code do not reach an user's computer? So especially if you are writing client-server applications yourself (and especially in Java, though this can turn into a language-agnostic question if you'd like to share your experience with this in other languages), what sort of separation do you keep between your client and server code? Are they just in different packages/namespaces or completely different binaries using shared libraries, or something else entirely? How do you test the code together and yet ship separately?

    Read the article

  • ASP MVC - Routing Required?

    - by evo_9
    I've been reading up on MVC2 which came in VS2010 and it sounds pretty interesting. I'm actually in the middle of a large multi-tenant application project, and have just started coding the UI. I'm considering changing to MVC as I'm not that far along at this point. I have some questions about the Routing capabilities, namely are they required to use MVC or can I more or less ignore Routing? Or do I have to setup a default routing record that will make things work like standard ASPX (as far as routing alone is concerned)? The reason why I don't want to use Routing is because I've already defined a custom URL 'rewrite' mechanism of my own (which fires on session_start). In addition, I'm using jquery and opens-standards for the entire UI, and MVC's aspx overhead-free approach seems like a better fit based on how I've already started to build the application (I am not using viewstate at all, for example). I guess my big concern is whether the routing can be ignored, of if I will have to re-implement my custom URL rewriting to work with MVC, and if that's the case, how would I do that? As a new Routing routine, or stick with the session_start (if that's even possible?). Lastly, I don't want to use anything even remotely 'intelligent/readable' for the url - for a site like StackOverflow, the readability of the URL is a positive, but the opposite is true if it's not a public website like this one. In fact, it would seem to me that the more friendly MVC routing URL (which indirectly show method names) could pose a security risk on a private, non-public website app like I'm developing. For all these reasons I would love to use the lightweight aspects of MVC but skip the Routing entirely - is this possible?

    Read the article

  • java applet won't work

    - by scoobi_doobi
    hey guys, this is homework stuff, but the question is not much about coding. the task is to write a java applet to work on an m-grid server. i have the server running on apache. it has a few sample applets in .jar and .class form. the .class versions work; the .jar versions work on appletviewer, but they break if I submit them as a job to the server with this: load: class examples/pixelcount/PixelCount.class not found. java.lang.ClassNotFoundException: examples.pixelcount.PixelCount.class at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source) at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source) at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(Unknown Source) at java.net.PlainSocketImpl.connectToAddress(Unknown Source) at java.net.PlainSocketImpl.connect(Unknown Source) at java.net.SocksSocketImpl.connect(Unknown Source) at java.net.Socket.connect(Unknown Source) at sun.net.NetworkClient.doConnect(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.openServer(Unknown Source) at sun.net.www.http.HttpClient.<init>(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.http.HttpClient.New(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getNewHttpClient(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at java.net.HttpURLConnection.getResponseCode(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.getBytes(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader.access$000(Unknown Source) at sun.plugin2.applet.Applet2ClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) ... 7 more Exception: java.lang.ClassNotFoundException: examples.pixelcount.PixelCount.class I'm not really sure where exactly is the problem in here, given that they work on appletviewer. any help would be appreciated.. EDIT: don't know if I wrote it clearly. by ".class version" i refer to html file with this content: <applet height="300" width="450" code="examples/pixelcount/PixelCount.class"></applet> and ".jar" with this content: <applet height="300" width="450" archive="PixelCount.jar" code="examples.pixelcount.PixelCount.class"></applet>

    Read the article

  • PHP + MYSQLI: Variable parameter/result binding with prepared statements.

    - by Brian Warshaw
    In a project that I'm about to wrap up, I've written and implemented an object-relational mapping solution for PHP. Before the doubters and dreamers cry out "how on earth?", relax -- I haven't found a way to make late static binding work -- I'm just working around it in the best way that I possibly can. Anyway, I'm not currently using prepared statements for querying, because I couldn't come up with a way to pass a variable number of arguments to the bind_params() or bind_result() methods. Why do I need to support a variable number of arguments, you ask? Because the superclass of my models (think of my solution as a hacked-up PHP ActiveRecord wannabe) is where the querying is defined, and so the find() method, for example, doesn't know how many parameters it would need to bind. Now, I've already thought of building an argument list and passing a string to eval(), but I don't like that solution very much -- I'd rather just implement my own security checks and pass on statements. Does anyone have any suggestions (or success stories) about how to get this done? If you can help me solve this first problem, perhaps we can tackle binding the result set (something I suspect will be more difficult, or at least more resource-intensive if it involves an initial query to determine table structure).

    Read the article

  • Characters in usernames that cause trouble

    - by acidzombie24
    I am testing out security and reliability issues on my site. I have made \n and \r illegal. I created a user with null in the name which caused my PM system to not message the user. However \b worked and \t didnt allow copy/paste to work correctly. The browser (firefox which i am testing with) copied the tab as a single space causing the name not to be the same thus not recognizing the username. Since i cant copy paste easily i'll probably disallow it. \f works as well although i do see a symbol in the title but nowhere else because of the \f. What else should i try? It appears 0-31 127-159 (i dont understand this range) are illegal. What characters in legal range might i want to disallow? I heard there was a 0 width character space. That may be something i want to disallow? What else is there?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 463 464 465 466 467 468 469 470 471 472 473 474  | Next Page >