Search Results

Search found 15415 results on 617 pages for 'security groups'.

Page 485/617 | < Previous Page | 481 482 483 484 485 486 487 488 489 490 491 492  | Next Page >

• Prepend 'www' to an HTTPS url using .htaccess & mod_rewrite

  - by webfac

  I have a dilemma with this one. With the following code I am able to force SSL on any non SSL url, however when the user (and results from Google) take the user to http://mysite.co.za then we hit an issue as the url is then rewritten to https://mysite.co.za Due to the fact that my certificate is bound to www.mysite.co.za it immediately throws a security error because of the missing 'www' in the url. Can someone point out a way to add the www to the domain when the domain starts with HTTPS and not HTTP? Much appreciated. And the current code to add the https:// is as follows: RewriteCond %{HTTP_HOST} !^www\. RewriteCond %{HTTPS}s ^on(s)| RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  Read the article

• Execute Oracle RAC cluster commands via Solaris RBAC?

  - by David Citron

  Executing Oracle RAC cluster management commands such as $ORA_CRS_HOME/bin/crs_start requires root permissions. Using Solaris RBAC (Role-Based Access Control), one can give a non-root user permissions to execute those commands, but the commands still fail internally. Example: $pfexec /opt/11.1.0/crs/bin/crs_stop SomeArg CRS-0259: Owner of the resource does not belong to the group. Is there a complete RBAC solution for Oracle RAC or does the executor need to be root? EDIT: Note that my original /etc/security/exec_attr contained: MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0 MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0 As Martin suggests below, this needed to be changed to add gid=0 as: MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0;gid=0 MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0;gid=0

  Read the article

• Where to place java applet policy file?

  - by makdere

  Hi all, I am working on an artificial intelligence project which is a logic game and aims two user connecting to the server on the network who acts as an Admin and then start to play one by one. In order to create connections, i have a server code which is just listening on localhost:8000 and assigning team values to the clients as they arrive. After connecting, clients make their move under Admin's control. The question is that when i try to put my code to work in the browser it fails with the following error: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:8000 connect,resolve) Even though i have created my own policy, first granting only Socket access permission to the codebase of my project folder (file:///home/xxx/projects/-), after it didnt work i granted all permissions from all codebase. I tried placing my policy file both in the home directory and in the same directory where my applet code resides. Appreciate any tips, thanks.

  Read the article

• URL encoded POST bad practice?

  - by StackedCrooked

  I am (just for fun) trying to implement a High Score web-service. I would like it be compatible with REST principles. I want to be able to add a new highscore using url parameters like this http://mydomain.com/hs/add&name=John&score=987. According to REST this must be done using a POST request. Which leads to empty POST request with all data contained in the URL parameters. Would this be considered a bad practice? Update Security is currently not a big concern.

  Read the article

• "Cleanly" Deploying an ASP.NET Application with LINQ to SQL Server

  - by Bob Kaufman

  In my development environment, my SQL Server is PHILIP\SQLEXPRESS. In testing, it's ANNIE, and the live environment will have a third name yet to be determined. I would have assumed that updating the following statement in web.config would have been enough: <add name="MyConnectionString"providerName="System.Data.SqlClient" connectionString="Data Source=PHILIP\SQLEXPRESS;Initial Catalog=MyDtabase;Integrated Security=True" /> When using SqlConnection, SqlCommand, SqlDataReader and friends, that's all it took. Using LINQ, it doesn't seem to work that nicely. I see the servername repeated in my .dbml file as well as in Settings.settings. After changing it in all of those places, I get it to work. However if I'm doing a few deployments per day during testing, I want to avoid this regimen. My question is: is there a programmatic solution for LINQ to SQL that will allow me to specify the connection string once, preferably in web.config, and get everybody else to refer to it?

  Read the article

• NHibernate and SetSessionAuth audit columns

  - by user86431

  We have audit columns set by triggers. For obscure security reasons predating my tenure and out of my control, we log in with a generic user, and do a 'set session authorization' to change the user to the db user of the user who is logged in. When we converted to NHibernate, it creates a whole new session and jacks everything up when we try to do a set session auth, so we turned the set session auth off... Now we are trying to find out a way to get NHibernate to let us do 'set session authorization' without recycling the session on us, so we can use our existing trigger based audit column stuff with both legacy apps, and our new NHibernate apps. It's not a ideal soloution, or the best way to do it even, but is it possible? I was hoping there was a alternate interface that allowed this kind of access. Does anyone know how to do it, or can you point me towards and good hints? Thanks, Eric-

  Read the article

• Postback problem downloading zip file

  - by Chris Conway

  I've got a problem on a webforms application where a user selects some criteria from dropdowns on the page and hits a button on the page which calls this method: protected void btnSearch_Click(object sender, EventArgs e) They then click on button to download a zip file based on the criteria which calls this method: protected void btnDownload_Click(object sender, EventArgs e) In IE, they are prompted with the bar at the top of the browser that tells them "To help protect your security, Internet Explorer blocked this site from downloading files to your computer". When they click on that bar to download the file, it fires the btnSearch_Click event again. Response.ContentType and Response.AddHeader has been set up correctly. The problem is, that btnSearch appends criteria so basically it is being appended twice and causing problems. Is there something I can do to prevent this? This is a vs2008 web app using c# 3.5 for what it's worth. Thanks!

  Read the article

• What are the main benefits of implementing a virtual machine as part of an application?

  - by Marplesoft

  Several databases I've been looking at recently implement a virtual machine internally to perform the respective data reads and writes. For an example, check out this article on SQLite's virtual machine they call the 'VDBE'. I'm curious as to what the benefits of such an architecture are. I would assume performance is one but why would a virtual machine like this run faster? In fact, it seems to be that this extra layer could cause it to run slower. So perhaps it's for security? Or portability? Anyway, just curious about this.

  Read the article

• FOSUserBundle: embedding the login form and choosing its template

  - by tirengarfio

  i want to insert the login form of FOSUserBundle in my template like this: <div id="sidebar"> {% render "FOSUserBundle::Security::login" %} </div> but not to render the template that is been calling in the code of loginAction() originally. I have thought I'd find useful the possibility of passing the template I want to render as a parameter as 'max' in this example: <div id="sidebar"> {% render "AcmeArticleBundle:Article:recentArticles" with {'max': 3} %} </div> Is that possible in symfony2? If not.. should I create another action for my bundle with the same code inside of loginAction? or should I modify the original loginAction code and write control structures? if(currentPage == 'home') renderResponse('template1') else renderResponse('template2')

  Read the article

• How to force Weblogic to start deployments in active state (i.e. not just prepared)

  - by doublep

  When I start a Weblogic instance with a deployed application, the deployment is sometimes left in prepared state, not in active state. I have to go to Weblogic Console and start the deployment manually, which is quite slow and annoying repetetive work. Since this is done on a development machine — sometimes 50 times a day, — there are no security implication as the server is only visible on the local network. Is there some way to have it always start the deployment active? Note that I'm not redeploying the application, I instead have it "constantly deployed" and stop/start the Weblogic instance using the scripts in bin directory.

  Read the article

• What are the app pool identity and account for anonymous access for?

  - by apollodude217

  I understand what the two are used for, except I don't know what each does--i.e. what one is for vs. what the other is for. (I usually set them to the same account anyway.) If you're not sure what accounts I'm talking about, in the IIS manager thingy: Right-click on the app pool in question, go to Properties, and click the Identity tab to see the App Pool Identity. Right-click a Web site, go to Properties - Directory Security, and click Edit under Anonymous Access and authentication control to view the Account for anonymous access.

  Read the article

• Any foundation to administrate an Android open source application?

  - by Nicolas Raoul

  Our open source application is quite popular, and we are many developers. The app uses my Android Market account, and I shared the keys with a developer. But if both of us disappear, the application's Market account will be lost, and all users trapped. Giving the keys to all developers is not a solution either, for security reasons. Is there a foundation (like in Mozilla Foundation or Apache Foundation) that could accept to hold our Android Market account and release new versions in accordance with their own guidelines and our community consensus? There are quite a lot of Open Source foundations, but I could not find any that tackles this particular aspect of Android applications.

  Read the article

• Start multiple processes of a dll in delphi

  - by Tom

  I have a "ActiveX library" project created with Delphi 2007. The library interface return XML data based on input values. This is then used by a PHP script that displays the data on a web page. This works great! The problem is that i can only run one instance of the dll process on the server. However, for security reasons, each of my customer should be able to access their own process of the dll (because the dll is always connected to only one database). Also, because of the way the delphi code is built, it doesn't support multiple threads. (It's a 100 000+ lines project using lots of singleton classes) Is there a way of starting several instances of the same dll? Is there a better way of transferring XML data from delphi to PHP? Sorry for the longish question, any help is appreciated (ps. I know the delphi code should be refactored, but this would mean 6 months of "circular reference" -hell :)

  Read the article

• Trouble Avoiding Microsoft Outlook's Email Warning

  - by talbright

  I have a set of records in Microsoft Access that I am trying to send in an Email. The email feature works great. Except a warning message pops up every time a message is ready to send, and the user has to click "Allow" or "Deny" for every email sent. I looked up a workaround, and have been following the tutorial for it: http://www.everythingaccess.com/tutorials.asp?ID=Outlook-Send-E-mail-Without-Security-Warning. My problem is that when I put my message in the function it always returns false, and the message fails. Any help would be appreciated. Dim sendMail As Boolean Dim strMessage As String strMessage = Some Message sendMail = FnSafeSendEmail(![Email Id], "Subject", strMessage) The entire "FnSafeSendEmail" function can be found in the link provided. These are the parameters though. Public Function FnSendMailSafe(strTo As String, _ strCC As String, _ strBCC As String, _ strSubject As String, _ strMessageBody As String, _ Optional strAttachments As String) As Boolean The error is thrown on this line of the function. Dim blnSuccessful As Boolean blnSuccessful = objOutlook.FnSendMailSafe(strTo, strCC, strBCC, _ strSubject, strMessageBody, _ strAttachmentPaths)

  Read the article

• Do not use IE browser settings when using a proxy with Indy

  - by JD

  Hi At one of our customer sites, we have a Delphi 2007 application that makes a number of HTTPS requests using indy components. All requests are made using the proxy settings the client provides. For this to work, in IE we have to put the URL's in the trusted zones section. After a month due to security settings the trusted zones are cleared. This means we have to re-add the URLs again to make our application work. Is there a way of bypassing IE settings or using a client side HTTP stack so we do not go through the browser to make https requests? JD

  Read the article

• Why to store username and password in Keychain in iPhone app

  - by Suriya

  I have worked with NSUserDefault but this keychain concept is totally new for me. I have tried looking for similar Questions but couldn't find the exact reason to do so. What I have done: I already know how to store data in NSUserDefault. and also the reason why do we need to store it. Regarding Keychain I just know that storing in keychain stores the data with some extra security by encoding the original text while NSUserDefault stores the data as plain text. Is this the only reason for storing the data in keychain?

  Read the article

• How to Canonicalize a Stax XML object.

  - by Enrique San Martín

  Hello, i want to Canonicalize a Stax object, the program it's doing it with DOM, but dom can't manage big XML documents (like 1GB), so STAX it's the solution. The Code that i have it's: File file=new File("big-1gb.xml"); org.apache.xml.security.Init.init(); DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); DocumentBuilder documentBuilder = dfactory.newDocumentBuilder(); Document doc = documentBuilder.parse(file); Canonicalizer c14n = Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); outputBytes = c14n.canonicalizeSubtree(doc.getElementsByTagName("SomeTag").item(0)); The idea it's do the code below with Stax... Thx :)

  Read the article

• Why .NET ASMX web service on secure.site.com can't be called from www.site.com?

  - by user118657

  Hello, We have a web service on https://secure.site.com/service.asmx it works fine from https://secure.site.com/consumer.html but when we try to use it from https://www.site.com/consumer.html we can't do it. Getting 403 error. I'ts probably something related to webservice security (because of different subdomains) but I can't figure out what. How to make https://secure.site.com/service.asmx be accessible from https://www.site.com/consumer.html? Update: Calling webserivce using JQuery Ajax. $.ajax({ type: "POST", url: "https://secure.site.com/service.asmx/method", data: {}, dataType: "xml", success: method_result, error: AjaxFailed }) ; Thanks.

  Read the article

• XMLHttpRequest cross site scripting on same server but differnt port

  - by clamp

  hello, using XMLHttpRequest it is not possible to open a connection to a document on a different domain than where the page itself is hosted. but what about different ports? for example i have a webserver running on my machine listening on port 80 so the webaddress would look like this: http://localhost:80/mypage.html and i have another webserver running on localhost which is meant to process the ajax requests but listens on a different port. so the javascript in mypage.html would look like this: var xmlhttprequest = new XMLHttpRequest(); xmlhttp.open("GET", "http://localhost:1234/?parameters", true); xmlhttp.send(); would this work? or will it give a security exception as well?

  Read the article

• How can I launch a system command via Javascript in Google Chrome?

  - by kvsn

  I want to execute a local program on my computer via Javascript in Chrome. In Firefox, it can be done as follows (after setting 'signed.applets.codebase_principal_support' to true in about:config): function run_cmd(cmd, args) { netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); var file = Components.classes["@mozilla.org/file/local;1"] .createInstance(Components.interfaces.nsILocalFile); file.initWithPath(cmd); var process = Components.classes["@mozilla.org/process/util;1"] .createInstance(Components.interfaces.nsIProcess); process.init(file); process.run(false, args, args.length); } What's the equivalent code for Chrome?

  Read the article

• ASP.NET AJAX or jQuery (UpdatePanel/ScriptManager or UFrame/jQuery.ajax)

  - by Mark Redman

  Hi, We use the asp.net UpdatePanel and the ScriptManager/ScriptManagerProxy for ajax related functionality; reducing full page refreshes and calling WCF Services respectively. we also use jQuery and plugins for some parts of the UI. We have had some issues with javascript library related conflicts, but have come across some posts indicating that there is a lot more overhead using the UpdatePanel. I have found some limited reference to UFrame: http://www.codeproject.com/KB/aspnet/uframe.aspx www.codeplex.com/uframe Is this a commercially viable replacement for the asp.net UpdatePanel? We use a ScriptManagerProxy to reference WCF services and easily create and use a proxy to call the various WCF service methods. Would using jQuery ajax be a more efficient solution here? We have got this working well on various browsers but now seem to be getting some security related issues (as seen in FF Firebug: Access to restricted URI denied" code: "1012) which seem to have started since using jQuery a lot more. Is it possible/viable to not use ASP.NET Ajax at all?

  Read the article

• Grails deploy on Tomcat6

  - by Jack

  Hello, while trying to deploy a Grails application into tomcat6 I ran into some problems: I used the grails war command to build up a war, then copied it to var/lib/tomcat6/webapps and tried to restart the container. I had to change default Tomcat policy to skip security exceptions, since I couldn't access environment variable (like grails.env), then tried again but it gives me an exception related to instantiating something, but it's not clear where should I try to fix the error, according to tomcat6 logs the problem is: SEVERE: Exception sending context initialized event to listener instance of class org.codehaus.groovy.grails.web.context.GrailsC$ org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'pluginManager' defined in ServletContext$ at java.lang.Thread.run(Thread.java:619) Caused by: org.codehaus.groovy.grails.exceptions.NewInstanceCreationException: Could not create a new instance of class [Hiberna$ ... 1 more Caused by: java.lang.NoClassDefFoundError: org.hibernate.cfg.Environment It seems like it's unable to load org.hibernate.cfg.Environment class. I checked the applicationContext.xml and it refers to grails.xml to search for plugins, in this last file I actually have HibernateGrailsPlugin. Where should I look to find if the plugin is present?

  Read the article

• LDAP in medium trust

  - by eych

  I've have a solution with one website and several projects. The projects all have the AllowPartiallyTrustedCallers attribute and are strongly-named. The site works in full trust. However, after set the trust to medium, I get the System.Security.SecurityException: Request failed. error as soon as I browse to the site. In my projects, I have calls to LogOnUser, as well as many calls to variousSystem.DirectoryServices.AccountManagement methods. Can this site run with medium trust or do I have to have full trust for all the LDAP calls? As I mentioned, I've set the AllowPartiallyTrustedCallers attribute on all projects. Not sure what else to do. Also, I have no idea what/where the error is being generated. The event logs on the server have nothing in regards to this SecurityException. Is there any way to find out what the error location is so maybe I can attempt to rewrite some code? [running .NET 4.0 on Win2k8R2]

  Read the article

• What is a read only collection in C#?

  - by acidzombie24

  I ran a security code analyst i found myself having a CA2105 warning. I looked at the grade tampering example. I didnt realize you can assign int[] to a readonly int. I thought readonly was like the C++ const and makes it illegal. The How to Fix Violations suggest i clone the object (which i dont want to do) or 'Replace the array with a strongly typed collection that cannot be changed'. I clicked the link and see 'ArrayList' and adding each element one by one and it doesnt look like you can prevent something adding more. So when i have this piece of code what is the easiest or best way to make it a read only collection? public static readonly string[] example = { "a", "b", "sfsdg", "sdgfhf", "erfdgf", "last one"};

  Read the article

• How to verify a digital signature with openssl

  - by Aaron Carlino

  I'm using a thirdparty credit card processing service (Paybox) that, after a successful transaction, redirects back to the website with a signature in the URL as a security measure to prevent people from manipulating data. It's supposed to prove that the request originated from this service. So my success URL looks something like this: /success.php?signature=[HUGE HASH] I have no idea where to start with verifying this signature. This service does provide a public key, and I assume I need to create a private key, but I don't know much beyond that. I'm pretty good with linux, and I know I'll have to run some openssl commands. I'm writing the verification script in PHP, which also has native openssl() functions. If anyone could please push me in the right direction with some pseudo code, or even functional code, I'd be very grateful. Thanks.

  Read the article

< Previous Page | 481 482 483 484 485 486 487 488 489 490 491 492  | Next Page >