mod security - Page 539

i read that for RESTful websites. it is not good to use $_SESSION. Why is it not good? how then do i

- by keisimone

I read that it is not good to use $_SESSION. http://www.recessframework.org/page/towards-restful-php-5-basic-tips I am creating a WEBSITE, not web service in PHP. and i am trying to make it more RESTful. at least in spirit. right now i am rewriting all the action to use Form tags POST and add in a hidden value called _method which would be "delete" for deleting action and "put" for updating action. however, i am not sure why it is recommended NOT to use $_SESSION. i would like to know why and what can i do to improve. To allow easy authorization checking, what i did was to after logging in the user, the username is stored in the $_SESSION. Everytime the user navigates to a page, the page would check if the username is stored inside $_SESSION and then based on the $_SESSION retrieves all the info including privileges from the database and then evaluates the authorization to access the page based on the info retrieved. Is the way I am implementing bad? not RESTful? how do i improve performance and security? Thank you.

Read the article

asp.net stored procedure problem

- by kenom

Why this code don't work,when i want run this code vwd 2008 express show me this error message:Invalid object name 'answers'. this is my ascx.cs code: using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Data; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.Security; using System.Data.SqlClient; using System.Configuration; public partial class odgl : System.Web.UI.UserControl { protected void Page_Load(object sender, EventArgs e) { string connectionString = @"SANATIZEDSTRING!!!!"; using (SqlConnection cn = new SqlConnection(connectionString)) { using (SqlCommand dohvati = new SqlCommand("dbo.get_answers",cn)) { dohvati.CommandType = CommandType.StoredProcedure; SqlParameter izracun = new SqlParameter("@count", SqlDbType.Int); izracun.Direction = ParameterDirection.Output; dohvati.Parameters.Add(izracun); cn.Open(); dohvati.ExecuteNonQuery(); int count = Int32.Parse(dohvati.Parameters["@count"].Value.ToString()); Response.Write(count.ToString()); cn.Close(); } } } } and this is my stored procedure : set ANSI_NULLS ON set QUOTED_IDENTIFIER ON GO ALTER procedure [dbo].[get_answers] @ukupno int output as select @count= (SELECT COUNT(*) FROM answers) go

Read the article

Java Client interoperating with WSE 3.0 Web Service

- by Dee

I have a Interoperable Security Token Service (STS) that authenticates the User and then issues a SAML token. I also have transaction services that expects the SAML token in the incoming SOAP request header. For a client to make a call to transaction service, it first needs to authenticate with the STS, get the SAML token and then make a call to the transaction services. The STS is an interoperable service and can be invoked from a Java client. The Transaction services are build using WSE 3.0 framework, but the WSDL that it generates is not good enough for a Java client to understand it. I want my Java client to explicitly call the STS and then using the received SAML token make a call to Transaction Services. I tried with Netbeans and Metro WSIT toolkit. I was able to call the Transaction Services if it were implemented using WCF. With WCF Transaction Service the WSDL generated has complete information using which the Java client can figure out how to call to STS and then call the WCF Transaction service. How can my Java client explicitly call the STS and then in turn call the WSE 3.0 transaction services?

Read the article

Editting CSS in iframe that sets Select tag's text color to black?

- by Corey Ogburn

This is a very specific question for a Google Chrome extension. http://www.meebo.com/mobile/ This page is where you're kicked to when you go to Meebo.com on an iPhone or Droid phone. But if you notice, the Status box where you can set yourself away or what you want your status to be has white text on a white background. In order to get a website to appear in a Google Chrome extension's popup window (the one that drops down when you click the icon next to the address bar) that isn't an included html file in the extension, I need to use an iFrame. I know that there's security measures about Cross-Site stuff like javascript and I'm not surprised I'm having trouble accessing the CSS. But there's a class, status, and it's color is white and I need to change that to black. I've tested it with Chrome's Inspect Element window and if I change that, I'll be fine. I've tried changing the manifest.json file to inject a CSS file using Content-Scripts, but nothing... I'm new to Chrome Extensions but I have experience doing web development.

Read the article

Currently using View, Should I use a hard table instead?

- by 1001010101

Read the article

database design - empty fields

- by imanc

Hey, I am currently debating an issue with a guy on my dev team. He believes that empty fields are bad news. For instance, if we have a customer details table that stores data for customers from different countries, and each country has a slightly different address configuration - plus 1-2 extra fields, e.g. French customer details may also store details for entry code, and floor/level plus title fields (madamme, etc.). South Africa would have a security number. And so on. Given that we're talking about minor variances my idea is to put all of the fields into the table and use what is needed on each form. My colleague believes we should have a separate table with extra data. E.g. customer_info_fr. But this seams to totally defeat the purpose of a combined table in the first place. His argument is that empty fields / columns is bad - but I'm struggling to find justification in terms of database design principles for or against this argument and preferred solutions. Another option is a separate mini EAV table that stores extra data with parent_id, key, val fields. Or to serialise extra data into an extra_data column in the main customer_data table. I think I am confused because what I'm discussing is not covered by 3NF which is what I would typically use as a reference for how to structure data. So my question specifically: - if you have slight variances in data for each record (1-2 different fields for instance) what is the best way to proceed?

Read the article

Approach For Syncing One SharePoint List With One or More SharePoint Lists

- by plattnum

What would be the best approach or strategy for configuring, customizing or developing in SharePoint a solution that allows me to keep one or more SharePoint lists in sync with a SharePoint list I have designated as a master or parent list. I would like to be able to create a master/parent list of some information that can be extended or used by different parts of the organization without them being able to CRUD any items on the actual columns of the master list. (I have seen some commercial web parts that offer column security on SharePoint lists and although that’s one way of potentially meeting my needs I would like to explore other options.) Scenario: I have a list called FOO: FOO Title Description I would like to create a new list BAR based off of FOO (BAR is managed by sub-organization that doesn't have access to FOO List): BAR FOO.Title (Read-Only) FOO.Description (Read-Only) NewColumn1 NewColumn2 Actions: Create- If a new item is entered in FOO I would like the new item added to BAR. Read - N/A Update - If the title or description is changed in FOO I would like it changed in BAR. Delete- No Deletes in the scenario. (Deletes are handled by the business with status column.) Templates with content extraction offer me this but it’s a one time shot at list creation. Just not sure what the best approach or strategy would be for this in MOSS 2007. Thanks!

Read the article

What is the simplest way to map a folder on the file system to a url in Tomcat?

- by Simon

Here's my problem... I have a small prototype app (happens to be in Grails hosted on AWS) and I want to add the ability of the user to upload a few (max 10) images. I want to persist these images on disk on the server machine, in a folder location which is outside my WAR. I realise that there is probably a super-scalable solution involving more web servers and optimised static asset serving, but for the approximately 100 users I am likely to get, it's really not worth the effort and cost. So, what is the simplest way I can have a virtual folder from my url map to a physical folder on disk? I sort of want... http://myapp.com/static to map to a folder which I can configure e.g. /var/www/static so I can then have in my code... <img src="/static/user1/picture.jpg"/> I don't particularly mind whether the resulting physical folders are directly browsable. Security will eventually be an issue, but it isn't at the start. So, what are my options? I have looked at virtual hosts on the apache site, but it feels more complicated than I need. I don't want to use the Grails static rendering plugins.

Read the article

Custom authentication module inheriting IHttpModule issue.

- by Chandan Khatwani

LoginPage.aspx:- protected void Button1_Click(object sender, EventArgs e) { Context.Items["Username"] = txtUserId.Text; Context.Items["Password"] = txtPassword.Text; // FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, Context.Items["Username"].ToString(), DateTime.Now, DateTime.Now.AddMinutes(10), true, "users", FormsAuthentication.FormsCookiePath); // Encrypt the cookie using the machine key for secure transport string hash = FormsAuthentication.Encrypt(ticket); HttpCookie cookie = new HttpCookie( FormsAuthentication.FormsCookieName, // Name of auth cookie hash); // Hashed ticket // Set the cookie's expiration time to the tickets expiration time if (ticket.IsPersistent) cookie.Expires = ticket.Expiration; Response.Cookies.Add(cookie); Response.Redirect("Default.aspx"); } Global.asax file:- void Application_AuthenticateRequest(object sender, EventArgs e) { if (HttpContext.Current.User != null) { if (HttpContext.Current.User.Identity.IsAuthenticated) { if (HttpContext.Current.User.Identity is FormsIdentity) { FormsIdentity id = (FormsIdentity)HttpContext.Current.User.Identity; FormsAuthenticationTicket ticket = id.Ticket; // Get the stored user-data, in this case, our roles string userData = ticket.UserData; string[] roles = userData.Split(','); HttpContext.Current.User = new System.Security.Principal.GenericPrincipal(id, roles); Response.Write(HttpContext.Current.User.Identity.Name); Response.Redirect("Default.aspx"); } } } } I get the following error after signing in This webpage has a redirect loop. The webpage at http://localhost:1067/Default.aspx has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.

Read the article

C# Linq to SQL connection string (newbie)

- by Chris'o

i am a new linq to sql learner and this is my very first attempt to create a data viewer program. The idea is simple, i'd like to create a software that is able to view content of a table in a database. That's it. I got an early problem here already and i have seen many tutes and articles online but I still cant fix the bug. Here is my code: static void Main(string[] args) { string cs = "Data Source=localhost;Initial Catalog=somedb;Integrated Security=SSPI;"; var db = new DataClasses1DataContext(cs); db.Connection.Open(); foreach (var b in db.Mapping.GetTables()) Console.WriteLine(b.TableName); Console.ReadKey(true); } When I tried to check db.connection.equals(null); it returns false, so i thought i have connected successfully to the database since there is no error at all. But the code above doesn't print anything out to the screen. I kind of lost and don't know what's going on here. Does anyone know what is going wrong here?

Read the article

How to organize RMI Client-Server eBanking architecture

- by xenom

I am developing a secured eBanking service in RMI with a GUI both for Server and Client. The Server must be able to log every operations (new User, deleted User, Withdrawal, Lodgement...) The Client will do these operations. As everything is secured, the Client must at first, create an account with a name and a password in the GUI. After that, the GUI adds the User in the Bank UserList(arrayList) as a new Customer and the User can do several operations. It seems straightforward at first but I think my conception is not correct. Is it correct to send the whole Bank by RMI ? Because at first I thought Bank would be the server but I cannot find another way to do that. Currently, the Client GUI asks for a login and a password, and receives the Bank by RMI. A User is characterized by a name and a hash of the password. private String name; private byte[] passwordDigest; In fact the GUI is doing every security checking and I don't know if it's relevant. When you type login//password, it will search the login in the Bank and compare the hash of the password. In fact I have the impression that the Client knows too much information because when you have the Bank you have everything.. Does it seem correct or do I need to change my implementation ?

Read the article

position of View on asp.net mvc site master page

- by ognjenb

How fix data table to open only in Main Content Frame? Structure of my site.master page is: left content, main content and right content. When open View page in main content she goes to the right content if it is large. Is this CSS problem? My problem is similar to this http://www.inq.me/post/ASPNet-MVC-Extension-method-to-create-a-Security-Aware-HtmlActionLink.aspx This is my CSS(come with template): /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ PRIMARY LAYOUT STYLES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~*/ .content-container { position:relative; _height:1px; min-height:1px; width:900px; /* background:url(images/bg-column-left.png) repeat-y;*/ } .content-container-inner { /*background:url(images/bg-column-right.png) repeat-y right;*/ _height:1px; min-height:1px; /*padding:0 200px;*/ position:relative; /*width:900px;*/ } .content-main { padding :15px 0% 0px 2%; /*position:relative;*/ min-height:1px; _height:1px; float:left; position:relative; /*width:96%;*/ /*width:900px;*/ } .content-left { padding:20px 10px; float:left; width:180px; margin-top:-1px; position:relative; margin-left:-100%; right:200px; _left:200px; border-top:1px dotted #797979; } .content-right { padding :15px 10px 10px 10px; float:left; width:160px; position:relative; margin-right:-200px; } .ads { text-align:center; margin:20px 0; } /*~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Read the article

Google appEngine: 404 when accesing /_ah/api

- by jfu

I try to build a very simple GAE application, using eclipse and the Google Plugin for Eclipse. I've generated some Endpoint from an @Entity class, then I've generated Cloud Endpoint Client library. After that I've started the appEngine project (within eclipse, on the embedded jetty server). When I try to access /_ah/api I get the following issue: HTTP ERROR 500 Problem accessing /_ah/api/. Reason: Failed to retrieve API configs with status: 404 Caused by: java.io.IOException: Failed to retrieve API configs with status: 404 at com.google.api.server.spi.tools.devserver.ApiServlet.getApiConfigSources(ApiServlet.java:102) at com.google.api.server.spi.tools.devserver.ApiServlet.initConfigsIfNecessary(ApiServlet.java:67) at com.google.api.server.spi.tools.devserver.RestApiServlet.service(RestApiServlet.java:117) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166) at com.google.appengine.api.socket.dev.DevSocketFilter.doFilter(DevSocketFilter.java:74) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.tools.development.ResponseRewriterFilter.doFilter(ResponseRewriterFilter.java:123) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.tools.development.HeaderVerificationFilter.doFilter(HeaderVerificationFilter.java:34) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:63) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.tools.development.DevAppServerModulesFilter.doDirectRequest(DevAppServerModulesFilter.java:368) at com.google.appengine.tools.development.DevAppServerModulesFilter.doDirectModuleRequest(DevAppServerModulesFilter.java:351) at com.google.appengine.tools.development.DevAppServerModulesFilter.doFilter(DevAppServerModulesFilter.java:116) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) What am I doing wrong?

Read the article

What library can I use to do simple, lightweight message passing?

- by Mike

I will be starting a project which requires communication between distributed nodes(the project is in C++). I need a lightweight message passing library to pass very simple messages(basically just strings of text) between nodes. The library must have the following characteristics: No external setup required. I need to be able to get everything up-and-running in my code - I don't want to require the user to install any packages or edit any configuration files(other than a list of IP addresses and ports to connect to). The underlying protocol which the library uses must be TCP(or if it is UDP, the library must guarantee the eventual receipt of the message). The library must be able to send and receive arbitrarily large strings(think up to 3GB+). The library needn't support any security mechanisms, fault tolerance, or encryption - I just need it to be fast, simple, and easy to use. I've considered MPI, but concluded it would require too much setup on the user's machine for my project. What library would you recommend for such a project? I would roll my own, but due to time constraints, I don't think that will be feasible.

Read the article

Can tomcat perform ssl redirection by filtering host alias?

- by Stephen

Hi, We have a tomcat server (6.0.20) running one web application behind two urls, e.g. www.foo and secure.foo This is configured in the server.xml as one host with a single alias: <Host name="www.foo" appBase="webapps"> <Context docBase="foo" path=""></Context> <Alias>secure.foo</Alias> </Host> Ideally we'd like any requests to secure.foo on port 80 to be automatically redirected to use ssl. However, I can only find instructions for redirecting based on the path after the hostname, so I could add a /* security constraint but then this would apply to both urls. Does anyone know if it's possible to apply the redirection by filtering on hostname requested? (We've already got the ssl connector, certificate, etc. working ok). I know we could do it by sticking an apache server in front of tomcat and handling the redirection there, but I'm curious to know if tomcat can do this on its own. Thanks

Read the article

ADO.NET Data Services Media type requires a ';' character before a parameter definition.

- by idahosaedokpayi

I am experimenting with ADO.NET and I am seeing this error on the second attempt to browse the service: <?xml version="1.0" encoding="utf-8" standalone="yes" ?> <error xmlns="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"> <code /> <message xml:lang="en-US">Media type requires a ';' character before a parameter definition.</message> </error> The first attempt is normal. I am working with an exactly identical service on an internal development network and it is fine. I am including my connection string: <add name="J4Entities" connectionString="metadata=res://*;provider=System.Data.SqlClient;provider connection string="Data Source=MNSTSQL01N;Initial Catalog=J4;Integrated Security=True;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient"/> and my Data service class: using System; using System.Data.Services; using System.Collections.Generic; using System.Linq; using System.ServiceModel.Web; public class Data : DataService< J4Model.J4Entities > { // This method is called only once to initialize service-wide policies. public static void InitializeService(IDataServiceConfiguration config) { // TODO: set rules to indicate which entity sets and service operations are visible, updatable, etc. // Examples: config.SetEntitySetAccessRule("*", EntitySetRights.AllRead); // config.SetServiceOperationAccessRule("MyServiceOperation", ServiceOperationRights.All); } } Is there something obvious I am not doing?

Read the article

public class ImageHandler : IHttpHandler

- by Ken

cmd.Parameters.AddWithValue("@id", new system.Guid (imageid)); What using System reference would this require? Here is the handler: using System; using System.Collections.Specialized; using System.Web; using System.Web.Configuration; using System.Web.Security; using System.Globalization; using System.Configuration; using System.Data.SqlClient; using System.Data; using System.IO; using System.Web.Profile; using System.Drawing; public class ImageHandler : IHttpHandler { public void ProcessRequest(HttpContext context) { string imageid; if (context.Request.QueryString["id"] != null) imageid = (context.Request.QueryString["id"]); else throw new ArgumentException("No parameter specified"); context.Response.ContentType = "image/jpeg"; Stream strm = ShowProfileImage(imageid.ToString()); byte[] buffer = new byte[8192]; int byteSeq = strm.Read(buffer, 0, 8192); while (byteSeq > 0) { context.Response.OutputStream.Write(buffer, 0, byteSeq); byteSeq = strm.Read(buffer, 0, 8192); } //context.Response.BinaryWrite(buffer); } public Stream ShowProfileImage(String imageid) { string conn = ConfigurationManager.ConnectionStrings["MyConnectionString1"].ConnectionString; SqlConnection connection = new SqlConnection(conn); string sql = "SELECT image FROM Profile WHERE UserId = @id"; SqlCommand cmd = new SqlCommand(sql, connection); cmd.CommandType = CommandType.Text; cmd.Parameters.AddWithValue("@id", new system.Guid (imageid));//Failing Here!!!! connection.Open(); object img = cmd.ExecuteScalar(); try { return new MemoryStream((byte[])img); } catch { return null; } finally { connection.Close(); } } public bool IsReusable { get { return false; } } }

Read the article

Question about using an access database as a resource file in Visual Studio.

- by user354303

Hi I am trying to embed a Microsoft Access database file into my Class assembly DLL. I want my code to reference the resource file and use it with a ADODB.Connection object. Any body know a simpler way, or an easier way? Or what is wrong with my code, when i added the resource file it added me dataset definitions, but i have no idea what to do with those. The connection string I am trying below is from an automatically generated app.config. I did add the item as a resource... using System; using System.Collections.Generic; using System.Linq; using System.Text; using System.Data; using ConsoleApplication1.Resources;//SPPrinterLicenses using System.Data.OleDb; using ADODB; using System.Configuration; namespace ConsoleApplication1 { class SharePointPrinterManager { public static bool IsValidLicense(string HardwareID) { OleDbDataAdapter da = new OleDbDataAdapter(); DataSet ds = new DataSet(); ADODB.Connection adoCn = new Connection(); ADODB.Recordset adoRs = new Recordset(); //**open command below fails** adoCn.Open( @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\Resources\SPPrinterLicenses.accdb;Persist Security Info=True", "", "", 1); adoRs.Open("Select * from AllWorkstationLicenses", adoCn, ADODB.CursorTypeEnum.adOpenForwardOnly, ADODB.LockTypeEnum.adLockReadOnly, 1); da.Fill(ds, adoRs, "AllworkstationLicenses"); adoCn.Close(); DataTable dt = new DataTable(); //ds.Tables. return true; } } }

Read the article

T4 trouble compiling transformation

- by John Leidegren

I can't figure this one out. Why doesn't T4 locate the IEnumerable type? I'm using Visual Studio 2010. And I just hope someone knows why? <#@ template debug="true" hostspecific="false" language="C#" #> <#@ assembly name="System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" #> <#@ import namespace="System" #> <#@ import namespace="System.Data" #> <#@ import namespace="System.Data.SqlClient" #> <#@ output extension=".cs" #> public static class Tables { <# var q = @" SELECT tbl.name 'table', col.name 'column' FROM sys.tables tbl INNER JOIN sys.columns col ON col.object_id = tbl.object_id "; // var source = Execute(q); #> } <#+ static IEnumerable Execute(string cmdText) { using (var conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;Initial Catalog=t4build;Integrated Security=True;")) { conn.Open(); var cmd = new SqlCommand(cmdText, conn); using (var reader = cmd.ExecuteReader()) { while (reader.Read()) { } } } } #> Error 2 Compiling transformation: The type or namespace name 'IEnumerable' could not be found (are you missing a using directive or an assembly reference?) c:\Projects\T4BuildApp\T4BuildApp\TextTemplate1.tt 26 9

Read the article

Linq - reuse expression on child property

- by user175528

Not sure if what I am trying is possible or not, but I'd like to reuse a linq expression on an objects parent property. With the given classes: class Parent { int Id { get; set; } IList<Child> Children { get; set; } string Name { get; set; } } class Child{ int Id { get; set; } Parent Dad { get; set; } string Name { get; set; } } If i then have a helper Expression<Func<Parent,bool> ParentQuery() { Expression<Func<Parent,bool> q = p => p.Name=="foo"; } I then want to use this when querying data out for a child, along the lines of: using(var context=new Entities.Context) { var data=context.Child.Where(c => c.Name=="bar" && c.Dad.Where(ParentQuery)); } I know I can do that on child collections: using(var context=new Entities.Context) { var data=context.Parent.Where(p => p.Name=="foo" && p.Childen.Where(childQuery)); } but cant see any way to do this on a property that isnt a collection. This is just a simplified example, actually the ParentQuery will be more complex and I want to avoid having this repeated in multiple places as rather than just having 2 layers I'll have closer to 5 or 6, but all of them will need to reference the parent query to ensure security.

Read the article

Log in to subdomain via main domain

- by Mattias

I have a website, available through multiple domainnames. like www.domain1.com .... www.domain5.com All my customers have their own subdomain. like: customer1.domain1.com customer2.domain1.com .... customer351.domain4.com Currently i dont use SSL, each customer log in their own account via their sub domain. I want to change this, and make all customers log in on a central log in page, that would use SSL, for example. https://login.domain1.com And somehow redirect each user to the correct sub domain adress. (Sub domain that don't use SSL) How do I do this, and maintain security? One idea i had: Login - add random value somewhere in the database, Redirect to subdomain, with querystring the randomvalue. And after that the session takes care of it, Each value can be used once only.. But how secure is that? I guess someone would ask the question "why?" to me. Because SSL costs money. And unfortunately i dont have a lot of it. :D Thanks for your time!

Read the article

IE Information Bar, download file...how do I code for this?

- by flatline

I have a web page (asp.net) that compiles a package then redirects the user to the download file via javascript (window.location = ....). This is accompanied by a hard link on the page in case the redirect doesn't work - emulating the download process on many popular sites. When the IE information bar appears at the top due to restricted security settings, and a user clicks on it to download the file, it redirects the user to the page, not the download file, which refreshes the page and removes the hard link. What is the information bar doing here? Shouldn't it send the user to the location of the redirect? Am I setting something wrong in the headers of the download response, or doing something else wrong to send the file in the first place? C# Code: m_context.Response.Buffer = false; m_context.Response.ContentType = "application/zip"; m_context.Response.AddHeader("Content-Length", fs.Length.ToString()); m_context.Response.AddHeader("Content-Disposition", string.Format("attachment; filename={0}_{1}.zip", downloadPrefix, DateTime.Now.ToString("yyyy-MM-dd_HH-mm"))); //send the file

Read the article

Ruby on Rails login using legacy user database

- by ricsmania

Hello, I have a Rails application that connects to a legacy database (Oracle) and displays some information from a particular user. Right now the user is passed as a URL parameter, but this has obvious security issues because users should only be able to see their own data. To solve that, I want to implement a user login, and I did some research and came across 2 components for that, restful_authentication and authlogic. The problem is that I need to use an existing user/password database instead of creating a new one, which is the common way to use those components. The password is encrypted by a custom Oracle package, but let's assume it is stored as plain text to make things simpler. I only need very basic functionality, which is login a user and keep them logged in forever until logout. No changes to the database will be made by this application, so there's no need for sign up, e-mail activation, reset password, etc. Can someone point me in the right direction on how to do that? Is any of those 2 components a good solution? If not, what would be recommended? Thanks!

Read the article

TortoiseSVN Error: "OPTIONS of 'https://...' could not connect to server (...)"

- by Zack Peterson

I'm trying to setup a new computer to synchronize with my SVN repository that's hosted with cvsdude.com. I get this error: Here's what I did (these have worked in the past): Downloaded and installed TortoiseSVN Created a new folder C:\aspwebsite Right-clicked, chose SVN Checkout... Entered the following information, clicked OK: URL of repository: https://<reponame>-svn.cvsdude.com/aspwebsite Checkout directory: C:\aspwebsite Checkout depth: Fully recursive Omit externals: Unchecked Revision: HEAD revision Got TortoiseSVN error: OPTIONS of 'https://<reponame>-svn.cvsdude.com/aspwebsite': could not connect to server (https://<reponame>-svn.cvsdude.com) Rather than getting the error, TortoiseSVN should have asked for my username and password and then downloaded about 90MB. Why can't I checkout from my Subversion repository? Kent Fredric wrote: Either their security certificate has expired, or their hosting is broken/down. Contact CVSDude and ask them whats up. It could also be a timeout, because for me their site is exhaustively slow.. It errors after only a couple seconds. I don't think it's a timeout. Matt wrote: Try visiting https://[redacted]-svn.cvsdude.com/aspwebsite and see what happens. If you can visit it in your browser, you ought to be able to get the files in your SVN client and we can work from there. If it fails, then there's your answer. I can access the site in a web browser.

Read the article

Providing downloads on ASP.net website

- by Dave

I need to provide downloads of large files (upwards of 2 GB) on an ASP.net website. It has been some time since I've done something like this (I've been in the thick-client world for awhile now), and was wondering on current best practices for this. Ideally, I would like: To be able to track download statistics: # of downloads is essential; actual bytes sent would be nice. To provide downloads in a way that "plays nice" with third-party download managers. Many of our users have unreliable internet connections, and being able to resume a download is a must. To allow multiple users to download the same file simultaneously. My download files are not security-sensitive, so providing a direct link ("right-click to download...") is a possibility. Is just providing a direct link sufficient, letting IIS handle it, and then using some log analyzer service (any recommendations?) to compile and report the statistics? Or do I need to intercept the download request, store some info in a database, then send a custom Response? Or is there an ASP.net user control (built-in or third party) that does this? I appreciate all suggestions.

Search Results

Search found 14878 results on 596 pages for 'mod security'.

Page 539/596 | < Previous Page | 535 536 537 538 539 540 541 542 543 544 545 546 | Next Page >

- by keisimone

- by kenom

- by Dee

- by Corey Ogburn

- by 1001010101

- by imanc

- by plattnum

- by Simon

- by Chandan Khatwani

- by Chris'o

- by xenom

- by ognjenb

- by jfu

- by Mike

- by Stephen

- by idahosaedokpayi

- by Ken

- by user354303

- by John Leidegren

- by user175528

- by Mattias

- by flatline

- by ricsmania

- by Zack Peterson

- by Dave

< Previous Page | 535 536 537 538 539 540 541 542 543 544 545 546 | Next Page >