Search Results

Search found 14878 results on 596 pages for 'mod security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 527/596 | < Previous Page | 523 524 525 526 527 528 529 530 531 532 533 534  | Next Page >

  • BackgroundWorker From ASP.Net Application

    - by Kevin
    We have an ASP.Net application that provides administrators to work with and perform operations on large sets of records. For example, we have a "Polish Data" task that an administrator can perform to clean up data for a record (e.g. reformat phone numbers, social security numbers, etc.) When performed on a small number of records, the task completes relatively quickly. However, when a user performs the task on a larger set of records, the task may take several minutes or longer to complete. So, we want to implement these kinds of tasks using some kind of asynchronous pattern. For example, we want to be able to launch the task, and then use AJAX polling to provide a progress bar and status information. I have been looking into using the BackgroundWorker class, but I have read some things online that make me pause. I would love to get some additional advice on this. For example, I understand that the BackgroundWorker will actually use the thread pool from the current application. In my case, the application is an ASP.Net web site. I have read that this can be a problem because when the application recycles, the background workers will be terminated. Some of the jobs I mentioned above may take 3 minutes, but others may take a few hours. Also, we may have several hundred administrators all performing similar operations during the day. Will the ASP.Net application thread pool be able to handle all of these background jobs efficiently while still performing it's normal request processing? So, I am trying to determine if using the BackgroundWorker class and approach is right for our needs. Should I be looking at an alternative approach? Thanks and sorry for such a long post! Kevin

    Read the article

  • iPhone SDK Push notification randomly fails

    - by Jameson
    I have a PHP file with the following content that works perfectly on development ceritficates, but when I switch to a production certificate the PHP errors and gives the below message, but it only does this about 50% of the time. The other 50% it works. Anyone know why this might be happening? <?php // masked for security reason $deviceToken = 'xxxxxx'; // jq $ctx = stream_context_create(); stream_context_set_option($ctx, 'ssl', 'local_cert', dirname(__FILE__)."/prod.pem"); $number = 5; $fp = stream_socket_client('ssl://gateway.push.apple.com:2195', $err, $errstr, 60, STREAM_CLIENT_CONNECT, $ctx); if (!$fp) { print "Failed to connect $err $errstr\n"; } else { print "Connection OK\n"; $msg = $_GET['msg']; $payload['aps'] = array('alert' => $msg, 'badge' => 1, 'sound' => 'default'); $payload = json_encode($payload); $msg = chr(0) . pack("n",32) . pack('H*', str_replace(' ', '', $deviceToken)) . pack("n",strlen($payload)) . $payload; print "sending message :" . $payload . "\n"; fwrite($fp, $msg); fclose($fp); } ?> The PHP error: Warning: stream_socket_client() [function.stream-socket-client]: Unable to set local cert chain file `/var/www/vhosts/thissite.com/httpdocs/prod.pem'; Check that your cafile/capath settings include details of your certificate and its issuer in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19 Warning: stream_socket_client() [function.stream-socket-client]: failed to create an SSL handle in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19 Warning: stream_socket_client() [function.stream-socket-client]: Failed to enable crypto in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19 Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Unknown error) in /var/www/vhosts/thissite.com/httpdocs/pushMessageLive.php on line 19 Failed to connect 0

    Read the article

  • TLS with SNI in Java clients

    - by ftrotter
    There is an ongoing discussion on the security and trust working group for NHIN Direct regarding the IP-to-domain mapping problem that is created with traditional SSL. If an HISP (as defined by NHIN Direct) wants to host thousands of NHIN Direct "Health Domains" for providers, then it will an "artificially inflated cost" to have to purchase an IP for each of those domains. Because Apache and OpenSSL have recently released TLS with support for the SNI extension, it is possible to use SNI as a solution to this problem on the server side. However, if we decide that we will allow server implementations of the NHINDirect transport layer to support TLS+SNI, then we must require that all clients support SNI too. OpenSSL based clients should do this by default and one could always us stunnel to implement an TLS+SNI aware client to proxy if your given programming language SSL implementation does not support SNI. It appears that native Java applications using OpenJDK do not yet support SNI, but I cannot get a straight answer out of that project. I know that there are OpenSSL Java libraries available but I have no idea if that would be considered viable. Can you give me a "state of the art" summary of where TLS+SNI support is for Java clients? I need a Java implementers perspective on this.

    Read the article

  • Find the flaws in the concept...

    - by Trindaz
    A web based web browser. Sounds silly right? Here's a use case. All comments about what could go wrong, and if anyone has tried and failed at this, very much wanted User goes to www.theBrowser.com and logs in with credentials specific to theBrowser.com. User tells theBrowser what their username and password for various sites are User goes to theBrowser.com/?uri=somesite.com theBrowser sends off the http request with User's log in details, then sends the http response back to User. This lets theBrowser do weird and wonderful functions like change colours / style sheets / etc. to every site that gets passed through it. From a technical stand point, storing username and password and passing them along is not a challenge for one user, but if there were a few, I'd have to use some kind of server based browser software to store a session per user logged in at theBrowser.com. How could I do that? Will I have to start from scratch? Obviously privacy and security are issues. Would theBrowser.com be too great a risk, even if users are fully warned? Cheers, Dave

    Read the article

  • .NET Membership with Repository Pattern

    - by Zac
    My team is in the process of designing a domain model which will hide various different data sources behind a unified repository abstraction. One of the main drivers for this approach is the very high probability that these data sources will undergo significant change in the near future and we don't want to be re-writing business logic when this happens. One data source will be our membership database which was originally implemented using the default ASP.Net Membership Provider. The membership provider is tied to the System.Web.Security namespace but we have a design guideline requiring that our domain model layer is not dependent upon System.Web (or any other implementation/environment dependency) as it will be consumed in different environments - nor do we want our websites directly communicating with databases. I am considering what would be a good approach to reconciling the MembershipProvider approach with our abstracted n-tier architecture. My initial feeling is that we could create a "DomainMembershipProvider" which interacts with the domain model and then implement objects in the model which deal with the repository and handle validation/business logic. The repository would then implement data access using our (as-yet undecided) ORM/data access tool. Are there are any glaring holes in this approach - I haven't worked closely with the MembershipProvider class so may well be missing something. Alternatively, is there an approach that you think will better serve the requirements I described above? Thanks in advance for your thoughts and advice. Regards, Zac

    Read the article

  • SQL Server 2005 Reporting Services and the Report Viewer

    - by Kendra
    I am having an issue embedding my report into an aspx page. Here's my setup: 1 Server running SQL Server 2005 and SQL Server 2005 Reporting Services 1 Workstation running XP and VS 2005 The server is not on a domain. Reporting Services is a default installation. I have one report called TestMe in a folder called TestReports using a shared datasource. If I view the report in Report Manager, it renders fine. If I view the report using the http ://myserver/reportserver url it renders fine. If I view the report using the http ://myserver/reportserver?/TestReports/TestMe it renders fine. If I try to view the report using http ://myserver/reportserver/TestReports/TestMe, it just goes to the folder navigation page of the home directory. My web application is impersonating somebody specific to get around the server not being on a domain. When I call the report from the report viewer using http ://myserver/reportserver as the server and /TestReports/TestMe as the path I get this error: For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method. When I change the server to http ://myserver/reportserver? I get this error when I run the report: Client found response content type of '', but expected 'text/xml'. The request failed with an empty response. I have been searching for a while and haven't found anything that fixes my issue. Please let me know if there is more information needed. Thanks in advance, Kendra

    Read the article

  • What do I need to do to make a WPF Browser Application (XBAP) that requires Full Trust work on Windo

    - by Benoit J. Girard
    So this is a Visual Studio 2008, .NET, WPF, XBAP, Windows 7 question, regarding .NET trust policies. At work, we have several Web Browser Applications (.XBAP files) developed with Visual Studio 2008 (so .NET 3.5) that we deployed internally. These required a .NET FullTrust policy, we found a way to make a .MSI that adjusted the policy on individual stations, everything worked great. Users love in-browser apps. This was last year and on Windows XP. This year our company started upgrading users to Windows 7, and now none of our Web Browser Applications work. The error message is "Trust Not Granted", as if the policy-changing .MSI had not been run. Other details: I can confirm that our apps work on Windows XP for Internet Explorer 7 and Firefox, and do not work on Windows 7 for Internet Explorer 8 nor Firefox. I must admit that .NET security policies mystify me. Still, I could not find any mention of this problem on the Net at large or on this site. Did anybody else encounter this problem? Any and all help welcome.

    Read the article

  • Listener error not connecting

    - by Sham
    I have two database running on Port No : 1521. When i m connecting to ORCL db it get's connected, but when i try to connect to another DB it gives me following error. ORA-12514: TNS:listener does not currently know of service requested in connect descriptor. My Listener: # listener.ora Network Configuration File: C:\app\Administrator\product\11.2.0 \dbhome_1\network\admin\listener.ora # Generated by Oracle configuration tools. ADMIN_RESTRICTIONS_LISTENER = ON LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 127.1.1.1)(PORT = 1521)) ) ) ADR_BASE_LISTENER = C:\app\Administrator TNSNAMES.ora ORCL = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 127.1.1.1)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl) ) ) PARIVARTAN = (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 127.1.1.1)(PORT = 1521)) ) (CONNECT_DATA = (SERVICE_NAME = Parivartan) ) ) Lsnrctl Result STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for 64-bit Windows: Version 11.2.0.1.0 - Production Start Date 14-DEC-2012 14:22:51 Uptime 0 days 0 hr. 19 min. 31 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File C:\app\Administrator\product\11.2.0\dbhome_1\network\a dmin\listener.ora Listener Log File c:\app\administrator\diag\tnslsnr\127.1.1.1\listener\al ert\log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.1.1.1)(PORT=1521))) Services Summary... Service "orcl" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... Service "orclXDB" has 1 instance(s). Instance "orcl", status READY, has 1 handler(s) for this service... The command completed successfully Reply me soon....

    Read the article

  • XCTest.framework build error

    - by user2703123
    I am using the DropBox Core API in my app and therefore, I must include the XCTest framework, because, when I haven't added the XCTest framework, my app can't connect to dropbox, however when I do add the framework, I get an error while building for the simulator. There is nothing wrong with my code! Here is the error: Ld /Users/Zach/Library/Developer/Xcode/DerivedData/SnapDrop!-fchnxyvnqyeefscfhmohrzxtiqeb/Build/Products/Debug-iphonesimulator/SnapDrop!.app/SnapDrop! normal i386 cd "/Users/Zach/Desktop/SnapDrop!" setenv IPHONEOS_DEPLOYMENT_TARGET 6.1 setenv PATH "/Applications/Xcode5-DP6.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/usr/bin:/Applications/Xcode5-DP6.app/Contents/Developer/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin" /Applications/Xcode5-DP6.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -arch i386 -isysroot /Applications/Xcode5-DP6.app/Contents/Developer/Platforms/iPhoneSimulator.platform/Developer/SDKs/iPhoneSimulator7.0.sdk -L/Users/Zach/Library/Developer/Xcode/DerivedData/SnapDrop!-fchnxyvnqyeefscfhmohrzxtiqeb/Build/Products/Debug-iphonesimulator -F/Users/Zach/Library/Developer/Xcode/DerivedData/SnapDrop!-fchnxyvnqyeefscfhmohrzxtiqeb/Build/Products/Debug-iphonesimulator -F/Users/Zach/Downloads/dropbox-ios-sdk-1.3.5 -F/Users/Zach/Downloads/dropbox-ios-sync-sdk-1-1.1.0 -F/Applications/Xcode5-DP6.app/Contents/Developer/Library/Frameworks -F/Users/Zach/Desktop -filelist /Users/Zach/Library/Developer/Xcode/DerivedData/SnapDrop!-fchnxyvnqyeefscfhmohrzxtiqeb/Build/Intermediates/SnapDrop!.build/Debug-iphonesimulator/SnapDrop!.build/Objects-normal/i386/SnapDrop!.LinkFileList -Xlinker -objc_abi_version -Xlinker 2 -fobjc-arc -fobjc-link-runtime -Xlinker -no_implicit_dylibs -mios-simulator-version-min=6.1 -framework iAd -framework AssetsLibrary -framework QuartzCore -framework SystemConfiguration -framework Security -framework CFNetwork -framework XCTest -framework Dropbox -framework DropboxSDK -framework CoreGraphics -framework UIKit -framework Foundation -Xlinker -dependency_info -Xlinker /Users/Zach/Library/Developer/Xcode/DerivedData/SnapDrop!-fchnxyvnqyeefscfhmohrzxtiqeb/Build/Intermediates/SnapDrop!.build/Debug-iphonesimulator/SnapDrop!.build/Objects-normal/i386/SnapDrop!_dependency_info.dat -o /Users/Zach/Library/Developer/Xcode/DerivedData/SnapDrop!-fchnxyvnqyeefscfhmohrzxtiqeb/Build/Products/Debug-iphonesimulator/SnapDrop!.app/SnapDrop! ld: building for iOS Simulator, but linking against dylib built for MacOSX file '/Applications/Xcode5-DP6.app/Contents/Developer/Library/Frameworks/XCTest.framework/XCTest' for architecture i386 clang: error: linker command failed with exit code 1 (use -v to see invocation) What should I do? If my framework is corrupt, can you tell me how to reinstall it? I have tried deleting and reinstalling Xcode with no luck.

    Read the article

  • SharePoint 2007 and SiteMinder

    - by pborovik
    Here is a question regarding some details how SiteMinder secures access to the SharePoint 2007. I've read a bunch of materials regarding this and have some picture for SharePoint 2010 FBA claims-based + SiteMinder security (can be wrong here, of course): SiteMinder is registered as a trusted identity provider for the SharePoint; It means (to my mind) that SharePoint has no need to go into all those user directories like AD, RDBMS or whatever to create a record for user being granted access to SharePoint - instead it consumes a claims-based id supplied by SiteMinder SiteMinder checks all requests to SharePoint resources and starts login sequence via SiteMinder if does not find required headers in the request (SMSESSION, etc.) SiteMinder creates a GenericIdentity with the user login name if headers are OK, so SharePoint recognizes the user as authenticated But in the case of SharePoint 2007 with FBA + SiteMinder, I cannot find an answer for questions like: Does SharePoint need to go to all those user directories like AD to know something about users (as SiteMinder is not in charge of providing user info like claims-based ids)? So, SharePoint admin should configure SharePoint FBA to talk to these sources? Let's say I'm talking to a Web Service of SharePoint protected by SiteMinder. Shall I make a Authentication.asmx-Login call to create a authentication ticket or this schema is somehow changed by the SiteMinder? If such call is needed, do I also need a SiteMinder authentication sequence? What prevents me from rewriting request headers (say, manually in Fiddler) before posting request to the SharePoint protected by SiteMinder to override its defence? Pity, but I do not have access to deployed SiteMinder + SharePoint, so need to investigate some question blindly. Thanks.

    Read the article

  • Cloud-aware programming and help choosing a good framework

    - by Shoaibi
    How can i write a cloud-aware application? e.g. an application that takes benefit of being deployed on cloud. Is it same as an application that runs or a vps/dedicated server? if not then what are the differences? are there any design changes? What are the procedures that i need to take if i am to migrate an application to cloud-aware? Also i am about to implement a web application idea which would need features like security, performance, caching, and more importantly free. I have been comparing some frameworks and found that django has least RAM/CPU usage and works great in prefork+threaded mode, but i have also read that django based sites stop to respond with huge load of connections. Other frameworks that i have seen/know are Zend, CakePHP, Lithium/Cake3, CodeIgnitor, Symfony, Ruby on Rails.... So i would leave this to your opinion as well, suggest me a good free framework based on my needs. Finally thanks for reading the essay ;)

    Read the article

  • SSL with private key on an HSM

    - by Jason
    I have a client-server architecture in my application that uses SSL. Currently, the private key is stored in CAPI's key store location. For security reasons, I'd like to store the key in a safer place, ideally a hardware signing module (HSM) that is built for this purpose. Unfortunately, with the private key stored on such a device, I can't figure out how to use it in my application. On the server, I am simply using the SslStream class and the AuthenticateAsServer(...) call. This method takes an X509Certificate object that has its private key loaded, but since the private key is stored in a secure (e.g. non exportable) location on the HSM, I don't know how to do this. On the client, I am using an HttpWebRequest object and then using the ClientCertificates property to add my client authentication certificate, but I have the same problem here: how do I get the private key? I know there are some HSMs that act as SSL accelerators but I don't really need an accelerator. Also, these products tend to have special integration with web servers such as IIS and Apache which I'm not using. Any ideas? The only thing I can think of would be to write my own SSL library that would allow me to hand off the signing portion of the transaction to the HSM, but this seems like a huge amount of work.

    Read the article

  • Fixed mouse pointer with jQuery draggable

    - by MikeWyatt
    I'm building a little game in HTML5. The canvas element is a viewport into the game world. The user can move the viewport's position in the world by clicking and dragging with the mouse on a small icon. The problem is that the scrolling stops when the mouse pointer hits the edge of the screen. In all likelihood, that will limit scrolling in one of the directions severely, since the icon will be in one of the corners of the page. The only technical solution I can think of would be to somehow fix the mouse pointer's position on the icon and detect the relative movement each frame. Basically I would just reset the pointer position back to the center of the icon after each drag event. Unfortunately, I'm fairly positive that this is not possible. Playing with the user's pointer is a big no-no from a usability and security standpoint. So, is there any other way to do what I want? I'm primarily looking for technical ideas here, but suggestions for a more appropriate interface would also be welcome.

    Read the article

  • How do people know so much about programming?

    - by Luciano
    I see people in this forums with a lot of points, so I assume they know about a lot of different programming stuff. When I was young I knew about basic (commodore) and the turbo pascal (pc). Then in college I learnt about C, memory management, x86 set, loop invariants, graphs, db query optimization, oop, functional, lambda calculus, prolog, concurrency, polymorphism, newton method, simplex, backtracking, dynamic programming, heuristics, np completeness, LR, LALR, neural networks, static & dynamic typing, turing, godel, and more in between. Then in industry I started with Java several years ago and learnt about it, and its variety of frameworks, and also design patterns, architecture patterns, web development, server development, mobile development, tdd, bdd, uml, use cases, bug trackers, process management, people management if you are a tech lead, profiling, security concerns, etc. I started to forget what I learnt in college... And then there is the stuff I don't know yet, like python, .net, perl, JVM stuff like groovy or scala.. Of course Google is a must for rapid documentation access to know if a problem has been solved already and how, and to keep informed about new stuff by blogs and places like this one. It's just too much or I just have a bad memory.. how do you guys manage it?

    Read the article

  • What AOP tools exist for doing aspect-oriented programming at the assembly language level against x8

    - by JohnnySoftware
    Looking for a tool I can use to do aspect-oriented programming at the assembly language level. For experimentation purposes, I would like the code weaver to operate native application level executable and dynamic link libraries. I have already done object-oriented AOP. I know assembly language for x86 and so forth. I would like to be able to do logging and other sorts of things using the familiar before/after/around constructs. I would like to be able to specify certain instructions or sequences/patterns of consecutive instructions as what to do a pointcut on since assembly/machine language is not exactly the most semantically rich computer language on the planet. If debugger and linker symbols are available, naturally, I would like to be able to use them to identify subroutines' entry points , branch/call/jump target addresses, symbolic data addresses, etc. I would like the ability to send notifications out to other diagnostic tools. Thus, support for sending data through connection-oriented sockets and datagrams is highly desirable. So is normal logging to files, UI, etc. This can be done using the action part of an aspect to make a function call, but then there are portability issues so the tool needs to support a flexible, well-abstracted logging/notifying mechanism with a clean, simple yet flexible. The goal is rapid-QA. The idea is to be able to share aspect source code braodly within communties as well as publicly. So, there needs to be a declarative security policy file that users can share. This insures that nothing untoward that is hidden directly or indirectly in an aspect source file slips by the execution manager. The policy file format needs to be simple to read, write, modify, understand, type-in, edit, and generate. Sort of like Java .policy files. Think the exact opposite of anything resembling XML Schema files and you get the idea. Is there such a tool in existence already?

    Read the article

  • MSMQ on Win2008 R2 won’t receive messages from older clients

    - by Graffen
    Hi all I'm battling a really weird problem here. I have a Windows 2008 R2 server with Message Queueing installed. On another machine, running Windows 2003 is a service that is set up to send messages to a public queue on the 2008 server. However, messages never show up on the server. I've written a small console app that just sends a "Hello World" message to a test queue on the 2008 machine. Running this app on XP or 2003 results in absolutely nothing. However, when I try running the app on my Windows 7 machine, a message is delivered just fine. I've been through all sorts of security settings, disabled firewalls on all machines etc. The event log shows nothing of interest, and no exceptions are being thrown on the clients. Running a packet sniffer (WireShark) on the server reveals only a little. When trying to send a message from XP or 2003 I only see an ICMP error "Port Unreachable" on port 3527 (which I gather is an MQPing packet?). After that, silence. Wireshark shows a nice little stream of packets when I try from my Win7 client (as expected - messages get delivered just fine from Win7). I've enabled MSMQ End2End logging on the server, but only entries from the messages sent from my Win7 machine are appearing in the log. So somehow it seems that messages are being dropped silently somewhere along the route from XP or 2003 to my 2008 server. Does anyone have any clues as to what might be causing this mysterious behaviour? -- Jesper

    Read the article

  • web service - client classes

    - by Noona
    The web service that I implemented is up and running, when I try to run the client I get the following error with regard to the classes that were generated using wsimport, Caused by: java.security.PrivilegedActionException: com.sun.xml.internal.bind.v2.runtime.IllegalAnnotationsException: 4 counts of IllegalAnnotationExceptions Two classes have the same XML type name "{http://server.agency.hw2/}userJoined". Use @XmlType.name and @XmlType.namespace to assign different names to them. this problem is related to the following location: at hw2.chat.backend.main.generatedfromserver.UserJoined at public javax.xml.bind.JAXBElement hw2.chat.backend.main.generatedfromserver.ObjectFactory.createUserJoined(hw2.chat.backend.main.generatedfromserver.UserJoined) at hw2.chat.backend.main.generatedfromserver.ObjectFactory this problem is related to the following location: at ChatCompany.BackendChatServer.hw2.chat.backend.main.generatedfromserver.UserJoined Two classes have the same XML type name "{http://server.agency.hw2/}userJoinedResponse". Use @XmlType.name and @XmlType.namespace to assign different names to them. this problem is related to the following location: at hw2.chat.backend.main.generatedfromserver.UserJoinedResponse at public javax.xml.bind.JAXBElement hw2.chat.backend.main.generatedfromserver.ObjectFactory.createUserJoinedResponse(hw2.chat.backend.main.generatedfromserver.UserJoinedResponse) But I can't figure out what exactly is meant by the error. I am assuming I need to change something in annotations in this class as pointed out by the compiler: @XmlAccessorType(XmlAccessType.FIELD) @XmlType(name = "userJoinedResponse") public class UserJoinedResponse { } could someone please point out why there's a name collision and what annotations I need to change? thanks

    Read the article

  • Banning by IP with php/mysql

    - by incrediman
    I want to be able to ban users by IP. My idea is to keep a list of IP's as rows in an BannedIPs table (the IP column would be an index). To check users' IP's against the table, I will keep a session variable called $_SESSION['IP'] for each session. If on any request, $_SESSION['IP'] doesn't match $_SERVER['REMOTE_ADDR'], I will update $_SESSION['IP'] and check the BannedIPs table to see if the IP is banned. (A flag will also be saved as a session variable specifying whether or not the user is banned) Here are the things I'm wondering: Does that sound like a good strategy with regards to speed and security (would someone be able to get around the IP ban somehow, other than changing IP's)? What's the best way to structure a mysql query that checks to see if a row exists? That is, what's the best way to query the db to see if a row with a certain IP exists (to check if it's banned)? Should I save the IP's as integers or strings? Note that... I estimate there will be between 1,000-10,000 banned IP's stored in the database. $_SERVER['REMOTE_ADDR'] is the IP from which the current request was sent.

    Read the article

  • WSO2 ESB on Carbon 4.2 - Did not find the desired phase 'Transport' while deploying handler 'POXSecurityHandler'

    - by user3385500
    I'm new to WSO2 ESB and would like to try it out for some external integrations. I've installed the WSO2 Carbon 4.2 server and installed the ESB feature 4.8.1. After a restart, I'm getting some errors as below. Any tips or suggestions would be gratefully accepted. Thanks. [2014-03-06 10:01:08,521] INFO {org.wso2.carbon.mediation.initializer.ServiceBusInitializer} - Initializing Apache Synapse... [2014-03-06 10:01:08,525] FATAL {org.wso2.carbon.mediation.initializer.ServiceBusInitializer} - Couldn't initialize the ESB... org.apache.synapse.SynapseException: The synapse.xml location ././ ./repository/deployment/server/synapse-configs /default doesn't exist at org.apache.synapse.SynapseControllerFactory.handleFatal(SynapseControllerFactory.java:121) at org.apache.synapse.SynapseControllerFactory.validatePath(SynapseControllerFactory.java:113) at org.apache.synapse.SynapseControllerFactory.validate(SynapseControllerFactory.java:88) at org.apache.synapse.SynapseControllerFactory.createSynapseController(SynapseControllerFactory.java:44) at org.apache.synapse.ServerManager.init(ServerManager.java:102) at org.wso2.carbon.mediation.initializer.ServiceBusInitializer.initESB(ServiceBusInitializer.java:423) at org.wso2.carbon.mediation.initializer.ServiceBusInitializer.activate(ServiceBusInitializer.java:182) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) ... ... ... [2014-03-06 10:01:08,531] INFO {org.wso2.carbon.rule.kernel.internal.ds.RuleEngineConfigDS} - Successfully registered the Rule Config service [2014-03-06 10:01:08,553] ERROR {org.wso2.carbon.security.internal.SecurityMgtServiceComponent} - Failed to activate SecurityMgtServiceComponent org.apache.axis2.phaseresolver.PhaseException: Did not find the desired phase 'Transport' while deploying handler 'POXSecurityHandler'. at org.apache.axis2.phaseresolver.PhaseHolder.addHandler(PhaseHolder.java:75) at org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToFlow(PhaseResolver.java:68) at org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToOperation(PhaseResolver.java:104) at org.apache.axis2.phaseresolver.PhaseResolver.engageModuleToOperation(PhaseResolver.java:110) at org.apache.axis2.description.AxisOperation.onEngage(AxisOperation.java:152) at org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:478) at org.apache.axis2.description.AxisService.onEngage(AxisService.java:827) at org.apache.axis2.description.AxisDescription.engageModule(AxisDescription.java:478) at org.apache.axis2.description.AxisServiceGroup.onEngage(AxisServiceGroup.java:134)

    Read the article

  • Converting an input text value to a decimal number

    - by vitto
    Hi, I'm trying to work with decimal data in my PHP and MySql practice and I'm not sure about how can I do for an acceptable level af accuracy. I've wrote a simple function which recives my input text value and converts it to a decimal number ready to be stored in the database. <?php function unit ($value, $decimal_point = 2) { return number_format (str_replace (",", ".", strip_tags (trim ($value))), $decimal_point); } ?> I've resolved something like AbdlBsF5%?nl with some jQuery code for replace and some regex to keep only numbers, dots and commas. In some country, people uses the comma , to send decimal numbers, so a number like 72.08 is wrote like 72,08. I'd like avoid to forcing people to change their usual chars and I've decided to use a jQuery to keep this too. Now every web developer knows the last validation must be handled by the dynamic page for security reasons. So my answer is should I use something like unit (); function to store data or shoul I also check if users inserts invalid chars like letters or something else? If I try this and send letters, the query works without save the invalid data, I think this isn't bad, but I could easily be wrong because I'm a rookie. What kind of method should I use if I want a number like 99999.99 for my query?

    Read the article

  • Run time error: what's wrong?

    - by javacode
    I am getting run time error import javax.mail.*; import javax.mail.internet.*; import java.util.*; public class SendMail { public static void main(String [] args)throws MessagingException { SendMail sm=new SendMail(); sm.postMail(new String[]{"[email protected]"},"hi","hello","[email protected]"); } public void postMail( String recipients[ ], String subject, String message , String from) throws MessagingException { boolean debug = false; //Set the host smtp address Properties props = new Properties(); props.put("mail.smtp.host", "webmail.emailmyname.com"); // create some properties and get the default Session Session session = Session.getDefaultInstance(props, null); session.setDebug(debug); // create a message Message msg = new MimeMessage(session); // set the from and to address InternetAddress addressFrom = new InternetAddress(from); msg.setFrom(addressFrom); InternetAddress[] addressTo = new InternetAddress[recipients.length]; for (int i = 0; i < recipients.length; i++) { addressTo[i] = new InternetAddress(recipients[i]); } msg.setRecipients(Message.RecipientType.TO, addressTo); // Optional : You can also set your custom headers in the Email if you Want msg.addHeader("MyHeaderName", "myHeaderValue"); // Setting the Subject and Content Type msg.setSubject(subject); msg.setContent(message, "text/plain"); Transport.send(msg); } } Error Exception in thread "main" java.lang.NoClassDefFoundError: SendMail Caused by: java.lang.ClassNotFoundException: SendMail at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) Could not find the main class: SendMail. Program will exit.

    Read the article

  • Best way to pass image to server?

    - by Chris
    I have an SL3 application that needs to be able to pass an image to the server, and then the server will generate a PDF file with the image in it, and display it to the user. What I already have in place are the following: (1) Code to convert image to byte array (2) Code to generate PDF file with image The main problem that I am running into is the following: In order to bypass the pop-up blocker, which is a requirement for my application, I am using the following code: var button = new NavigationButton(); button.NavigateUri = new Uri("http://localhost:3616/PrintReport.aspx?ReportIndex=11&ActionType=Get&ReportIdentifier=" + reportIdentifier.ToString() + ""); button.TargetName = "_blank"; button.PerformClick(); Initially, I would pass the image to a WCF web service (as a byte array), and then "navigate" to the ASP.NET page that would display the report. However, if I do this, then I can not use my custom HyperlinkButton class, and, certain browsers, including Safari, will block a new window from opening up. Therefore, it appears that the only option is to use the HyperlinkButton class. What I need to be able to do is to somehow pass the image, as a byte array or some other data type, to the server, such that it can temporarily store the image, even if it is in a server variable, and then immediately retrieve it when I navigate to the PrintReport.aspx page. If I upload the image to an ASP.NET form and then use the HyperlinkButton class to navigate to the PrintReport page, it doesn't work, as the app navigates to the PrintReport page before the system has finished uploading the image. I can't pass it to a web service, as that would require that I navigate to the PrintReport.aspx page in the callback code of the web method that I would be passing the image to, and the HyperlinkButton will not allow that, based on security rules. Any help or ideas would be appreciated. Thanks. Chris

    Read the article

  • Maintain order of messages via proxies to app servers

    - by David Turner
    Hi, I am receiving messages from a 3rd party via a http post, and it is important that the order the messages hit our infrastructure is maintained through the load balancers and proxies until it hits our application server. Quick Diagram. (proxies in place due to security requirements.) [ACE load balancer] - [2 proxies] - [Application Servers] or maybe [ACE load balancer] - [2 proxies] - [ACE load balancer] - [Application Servers] My idea was that I would setup the load balancers in active-passive mode, to force all messages to use one proxy, and then both the proxies would hit a second load balancer that would be configured in active passive to hit one application server. Whilst the above is not ideal, it does give me resilience, and once the message is in my app servers, I enter a stateless world, and load balance across both nodes of my cluster. However, I am concerned that even a single proxy could send messages out of order, perhaps if 2 messages are recived very close together, message 2 might get processed faster than message 1. Is this possible? Likely? Is there a simple open source proxy (MOD_PROXY?) that can be easily configured to just pass messages through it, and to guarantee to send the messages through in the order they are received. If so which, and finally links to how I should configure it would be great. In fact any links to articles around avoiding "out of order" messages using hardware would be gratefully received. Thanks, ps for those that are interested, the app is a java spring integration application currently on a appliation server.

    Read the article

  • Error building Visual Studio 2010 Silverlight 4 projects on Windows 7 with XP Mode

    - by Kevin Dente
    I installed Visual Studio 2010 Beta 2 in an XP Mode VM on Windows 7. Then I created a trivial Silverlight 4 (beta) project and tried to build it. I get the following error: Error 1 The "ValidateXaml" task failed unexpectedly. System.IO.FileLoadException: Could not load file or assembly 'file://\tsclient\d\Users\me\Documents\Visual Studio 2010\Projects\SilverlightApplication2\SilverlightApplication2\obj\Debug\SilverlightApplication2.dll' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515) File name: 'file://\tsclient\d\Users\me\Documents\Visual Studio 2010\Projects\SilverlightApplication2\SilverlightApplication2\obj\Debug\SilverlightApplication2.dll' --- System.NotSupportedException: An attempt was made to load an assembly from a network location which would have caused the assembly to be sandboxed in previous versions of the .NET Framework. This release of the .NET Framework does not enable CAS policy by default, so this load may be dangerous. If this load is not intended to sandbox the assembly, please enable the loadFromRemoteSources switch. See http://go.microsoft.com/fwlink/?LinkId=155569 for more information. at System.Reflection.RuntimeAssembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, RuntimeAssembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadAssemblyName(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection, Boolean suppressSecurityChecks) at System.Reflection.RuntimeAssembly.InternalLoadFrom(String assemblyFile, Evidence securityEvidence, Byte[] hashValue, AssemblyHashAlgorithm hashAlgorithm, Boolean forIntrospection, Boolean suppressSecurityChecks, StackCrawlMark& stackMark) at System.Reflection.Assembly.LoadFrom(String assemblyFile) at Microsoft.Silverlight.Build.Tasks.ValidateXaml.XamlValidator.Execute(ITask task) at Microsoft.Silverlight.Build.Tasks.ValidateXaml.XamlValidator.Execute(ITask task) at Microsoft.Silverlight.Build.Tasks.ValidateXaml.Execute() at Microsoft.Build.BackEnd.TaskExecutionHost.Microsoft.Build.BackEnd.ITaskExecutionHost.Execute() at Microsoft.Build.BackEnd.TaskBuilder.ExecuteInstantiatedTask(ITaskExecutionHost taskExecutionHost, TaskLoggingContext taskLoggingContext, TaskHost taskHost, ItemBucket bucket, TaskExecutionMode howToExecuteTask, Boolean& taskResult) I believe this is related to the fact that XP Mode redirects the My Documents folder to the host, turning it into a network share location, and some sort of CAS / security policy is being triggered. Anyone know how to fix it?

    Read the article

  • Ldap query returns null result when deployed.

    - by Trey Carroll
    I'm using a very simple Ldap query in my asp.net mvc 2.0 site: String ldapPath = ConfigReader.LdapPath; String emailAddress = null; try { DirectorySearcher search = new DirectorySearcher(ConfigReader.LdapPath); search.Filter = String.Format("(&(objectClass=user)(objectCategory=person)(objectSid={0})) ", securityIdentifierValue); // add the mail property to the list of props to retrieve search.PropertiesToLoad.Add("mail"); var result = search.FindOne(); if (result == null) { throw new Exception("Ldap Query with filter:" + search.Filter.ToString() + " returned a null value (no match found)"); } else { emailAddress = result.Properties["mail"][0].ToString(); } } catch (ArgumentOutOfRangeException aoorEx) { throw new Exception( "The query could not find an email for this user."); } catch (Exception ex) { //_log.Error(string.Format("======!!!!!! ERROR ERROR ERROR !!!!! in LdapLookupUtil.cs getEmailFromLdap Exception: {0}", ex)); throw ex; } return emailAddress; It works fine on my localhost machine. It works fine when I run it in VS2010 on the server. It always returns a null result when deployed. Here is my web.config: Asp.Net Configuration option in Visual Studio. A full list of settings and comments can be found in machine.config.comments usually located in \Windows\Microsoft.Net\Framework\v2.x\Config -- section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. -- <!-- -- section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages to be displayed in place of a error stack trace. -- I'm running it under the default app pool. Does anybody see the problem? This is driving me crazy!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 523 524 525 526 527 528 529 530 531 532 533 534  | Next Page >