Search Results

Search found 43347 results on 1734 pages for 'php security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 585/1734 | < Previous Page | 581 582 583 584 585 586 587 588 589 590 591 592  | Next Page >

  • Certificates Validations Issues

    - by user298331
    Hi All, i am facing some issues related certificates.i need some help to resolve these issues. Requirements : security mode="TransportWithMessageCredential" binding binding name="basicHttpEndpointBinding" certificateValidationMode ="ChainTrust" revocationMode="Online" Certificates : Service Cerificates : Transportlevel : XXXX.cer my cerificate name is my system DNS name and it is having root node i.e RootTrnCA.cer this is used to enable https.but am not validationg transport level certificates. Message Level : services.ca.iim (VXXXX.Cer--Act.Mac.Ca--services.ca.iim ) Client Cerificates : Transportlevel : ZZZZ.cer my cerificate name is my system DNS name and it is having root node i.e RootTrnCA.cer ignoring transport certificate errors through coading..... Message Level : client.ca.iim (VXXXX.Cer--Act.Mac.Ca--client.ca.iim ) Issues : 1) Response message is not contain Service certificate Signature in Soap header.so i am not able to validate Server certificate details in Client code. 2)if i use the transport with message credential and Chaintrust.i am getting error : The revocation function was unable to check revocation because the revocation server was offline.) so please very the below service and cleint config and correct me if i am wrong. Service config : Client config : i am attaching certificate through coading : objProxy.ChannelFactory.Credentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates. StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates. StoreName.My, X509FindType.FindBySubjectName, "client.ca.iim"); <binding name="XXXXXServiceHost.Http" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None" proxyCredentialType="None" realm="" /> <message clientCredentialType="Certificate" algorithmSuite="Default" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://XXXXXX/XXXServiceHost/MemberSvc.svc/soap11" binding="basicHttpBinding" bindingConfiguration="XXXServiceHost.Http" contract="ServiceReference1.IMemberIBA" name="XXXServiceHost.Http" /> </client> </system.serviceModel>Please Verify both and Help me how to resolve above two issues . Thanks Babu

    Read the article

  • uploading image & getting back from database

    - by Anup Prakash
    Putting a set of code which is pushing image to database and fetching back from database: <!-- <?php error_reporting(0); // Connect to database $errmsg = ""; if (! @mysql_connect("localhost","root","")) { $errmsg = "Cannot connect to database"; } @mysql_select_db("test"); $q = <<<CREATE create table image ( pid int primary key not null auto_increment, title text, imgdata longblob, friend text) CREATE; @mysql_query($q); // Insert any new image into database if (isset($_POST['submit'])) { move_uploaded_file($_FILES['imagefile']['tmp_name'],"latest.img"); $instr = fopen("latest.img","rb"); $image = addslashes(fread($instr,filesize("latest.img"))); if (strlen($instr) < 149000) { $image_query="insert into image (title, imgdata,friend) values (\"". $_REQUEST['title']. "\", \"". $image. "\",'".$_REQUEST['friend']."')"; mysql_query ($image_query) or die("query error"); } else { $errmsg = "Too large!"; } $resultbytes=''; // Find out about latest image $query = "select * from image where pid=1"; $result = @mysql_query("$query"); $resultrow = @mysql_fetch_assoc($result); $gotten = @mysql_query("select * from image order by pid desc limit 1"); if ($row = @mysql_fetch_assoc($gotten)) { $title = htmlspecialchars($row[title]); $bytes = $row[imgdata]; $resultbytes = $row[imgdata]; $friend=$row[friend]; } else { $errmsg = "There is no image in the database yet"; $title = "no database image available"; // Put up a picture of our training centre $instr = fopen("../wellimg/ctco.jpg","rb"); $bytes = fread($instr,filesize("../wellimg/ctco.jpg")); } if ($resultbytes!='') { echo $resultbytes; } } ?> <html> <head> <title>Upload an image to a database</title> </head> <body bgcolor="#FFFF66"> <form enctype="multipart/form-data" name="file_upload" method="post"> <center> <div id="image" align="center"> <h2>Heres the latest picture</h2> <font color=red><?php echo $errmsg; ?></font> <b><?php echo $title ?></center> </div> <hr> <h2>Please upload a new picture and title</h2> <table align="center"> <tr> <td>Select image to upload: </td> <td><input type="file" name="imagefile"></td> </tr> <tr> <td>Enter the title for picture: </td> <td><input type="text" name="title"></td> </tr> <tr> <td>Enter your friend's name:</td> <td><input type="text" name="friend"></td> </tr> <tr> <td><input type="submit" name="submit" value="submit"></td> <td></td> </tr> </table> </form> </body> </html> --> Above set of code has one problem. The problem is whenever i pressing the "submit" button. It is just displaying the image on a page. But it is leaving all the html codes. even any new line message after the // Printing image on browser echo $resultbytes; //************************// So, for this i put this set of code in html tag: This is other sample code: <!-- <?php error_reporting(0); // Connect to database $errmsg = ""; if (! @mysql_connect("localhost","root","")) { $errmsg = "Cannot connect to database"; } @mysql_select_db("test"); $q = <<<CREATE create table image ( pid int primary key not null auto_increment, title text, imgdata longblob, friend text) CREATE; @mysql_query($q); // Insert any new image into database if (isset($_POST['submit'])) { move_uploaded_file($_FILES['imagefile']['tmp_name'],"latest.img"); $instr = fopen("latest.img","rb"); $image = addslashes(fread($instr,filesize("latest.img"))); if (strlen($instr) < 149000) { $image_query="insert into image (title, imgdata,friend) values (\"". $_REQUEST['title']. "\", \"". $image. "\",'".$_REQUEST['friend']."')"; mysql_query ($image_query) or die("query error"); } else { $errmsg = "Too large!"; } $resultbytes=''; // Find out about latest image $query = "select * from image where pid=1"; $result = @mysql_query("$query"); $resultrow = @mysql_fetch_assoc($result); $gotten = @mysql_query("select * from image order by pid desc limit 1"); if ($row = @mysql_fetch_assoc($gotten)) { $title = htmlspecialchars($row[title]); $bytes = $row[imgdata]; $resultbytes = $row[imgdata]; $friend=$row[friend]; } else { $errmsg = "There is no image in the database yet"; $title = "no database image available"; // Put up a picture of our training centre $instr = fopen("../wellimg/ctco.jpg","rb"); $bytes = fread($instr,filesize("../wellimg/ctco.jpg")); } } ?> <html> <head> <title>Upload an image to a database</title> </head> <body bgcolor="#FFFF66"> <form enctype="multipart/form-data" name="file_upload" method="post"> <center> <div id="image" align="center"> <h2>Heres the latest picture</h2> <?php if ($resultbytes!='') { // Printing image on browser echo $resultbytes; } ?> <font color=red><?php echo $errmsg; ?></font> <b><?php echo $title ?></center> </div> <hr> <h2>Please upload a new picture and title</h2> <table align="center"> <tr> <td>Select image to upload: </td> <td><input type="file" name="imagefile"></td> </tr> <tr> <td>Enter the title for picture: </td> <td><input type="text" name="title"></td> </tr> <tr> <td>Enter your friend's name:</td> <td><input type="text" name="friend"></td> </tr> <tr> <td><input type="submit" name="submit" value="submit"></td> <td></td> </tr> </table> </form> </body> </html> --> ** But in this It is showing the image in format of special charaters and digits. 1) So, Please help me to print the image with some HTML code. So that i can print it in my form to display the image. 2) Is there any way to convert the database image into real image, so that i can store it into my hard-disk and call it from tag? Please help me.

    Read the article

  • NGINX returning 404 error on a valid url

    - by Harrison
    We have a site that runs PHP-FPM and NGINX. The application sends invitations to site members that are keyed with 40 character random strings (alphanumerics only -- example below). Today for the first time we ran into an issue with this approach. The following url: http://oursite.com/notices/response/approve/1960/OzH0pedV3rJhefFlMezDuoOQSomlUVdhJUliAhjS is returning a 404 error. This url format has been working for 6 months now without an issue, and other urls following this exact format continue to resolve properly. We have a very basic config with a simple redirect to a front controller, and everything else has been running fine for a while now. Also, if we change the last character from an "S" to anything other than a lower-case "s", no 404 error and the site handles the request properly, so I'm wondering if there's some security module that might see something wrong with this specific string... Not sure if that makes any sense. We are not sure where to look to find out what specifically is causing the issue, so any direction would be greatly appreciated. Thanks! Update: Adding a slash to the end of the url allowed it to be handled properly... Would still like to get to the bottom of the issue though. Solved: The problem was caused by part of my configuration... Realized I should have posted, but was headed out of town and didn't have a chance. Any url that ended in say "css" or "js" and not necessarily preceded by a dot (so, for example, http://site.com/response/somerandomestringcss ) was interpreted as a request for a file and the request was not routed through the front controller. The problem was my regex for disabling logging and setting expiration headers on jpgs, gifs, icos, etc. I replaced this: location ~* ^.+(jpg|jpeg|gif|css|png|js|ico)$ { with this: location ~* \.(jpg|jpeg|gif|css|png|js|ico)$ { And now urls ending in css, js, png, etc, are properly routed through the front controller. Hopefully that helps someone else out.

    Read the article

  • NGINX returning 404 error on a valid url

    - by Harrison
    We have a site that runs PHP-FPM and NGINX. The application sends invitations to site members that are keyed with 40 character random strings (alphanumerics only -- example below). Today for the first time we ran into an issue with this approach. The following url: http://oursite.com/notices/response/approve/1960/OzH0pedV3rJhefFlMezDuoOQSomlUVdhJUliAhjS is returning a 404 error. This url format has been working for 6 months now without an issue, and other urls following this exact format continue to resolve properly. We have a very basic config with a simple redirect to a front controller, and everything else has been running fine for a while now. Also, if we change the last character from an "S" to anything other than a lower-case "s", no 404 error and the site handles the request properly, so I'm wondering if there's some security module that might see something wrong with this specific string... Not sure if that makes any sense. We are not sure where to look to find out what specifically is causing the issue, so any direction would be greatly appreciated. Thanks! Update: Adding a slash to the end of the url allowed it to be handled properly... Would still like to get to the bottom of the issue though. Solved: The problem was caused by part of my configuration... Realized I should have posted, but was headed out of town and didn't have a chance. Any url that ended in say "css" or "js" and not necessarily preceded by a dot (so, for example, http://site.com/response/somerandomestringcss ) was interpreted as a request for a file and the request was not routed through the front controller. The problem was my regex for disabling logging and setting expiration headers on jpgs, gifs, icos, etc. I replaced this: location ~* ^.+(jpg|jpeg|gif|css|png|js|ico)$ { with this: location ~* \.(jpg|jpeg|gif|css|png|js|ico)$ { And now urls ending in css, js, png, etc, are properly routed through the front controller. Hopefully that helps someone else out.

    Read the article

  • Wordpress issue with footer

    - by Raelona
    I've been trying to turn my simple html/css site into a wordpress site. my big issue which no one seem to be able to solve appears in my footer. The footer is pretty much ignoring everything and just staying in the top of the site ( like it was a part of my header). All my files is split into 3 files. A header.php a footer.php and the page.php (one for each site). Header! <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php bloginfo('charset'); ?>" /> <?php if (is_search()) { ?> <meta name="robots" content="noindex, nofollow" /> <?php } ?> <title> <?php if (function_exists('is_tag') && is_tag()) { single_tag_title("Tag Archive for &quot;"); echo '&quot; - '; } elseif (is_archive()) { wp_title(''); echo ' Archive - '; } elseif (is_search()) { echo 'Search for &quot;'.wp_specialchars($s).'&quot; - '; } elseif (!(is_404()) && (is_single()) || (is_page())) { wp_title(''); echo ' - '; } elseif (is_404()) { echo 'Not Found - '; } if (is_home()) { bloginfo('name'); echo ' - '; bloginfo('description'); } else { bloginfo('name'); } if ($paged>1) { echo ' - page '. $paged; } ?> </title> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /> <link rel="stylesheet" href="<?php bloginfo('stylesheet_url'); ?>" type="text/css" /> <link rel="pingback" href="<?php bloginfo('pingback_url'); ?>" /> <?php if ( is_singular() ) wp_enqueue_script( 'comment-reply' ); ?> <?php wp_head(); ?> </head> <body <?php body_class(); ?>> <div id="Menu" ></div> <div id="Mainbody"> <div id="Portfolio"><a href="<?php echo get_option('home'); ?>"><?php bloginfo('name'); ?></a> </div> <div id="Slogan"><a href="index.html"><?php bloginfo('description'); ?></a></div> <div id="nav-menu"> <?php $defaults = array( 'theme_location' => '', 'menu' => '', 'container' => 'div', 'container_class' => 'menu-{menu slug}-container', 'container_id' => '', 'menu_class' => 'menu', 'menu_id' => '', 'echo' => true, 'fallback_cb' => 'wp_page_menu', 'before' => '', 'after' => '', 'link_before' => '', 'link_after' => '', 'items_wrap' => '<ul id="%1$s" class="%2$s">%3$s</ul>', 'depth' => 0, 'walker' => '' ); ?> <?php wp_nav_menu( $defaults ); ?> </div> <div class="Box"> <div id="Mainindhold"> page ! <?php get_header(); ?> <div id="Arbejde"> <h2>Uddrag af mine webdesigns</h2> <br /> <br /> <?php if (have_posts()) : while (have_posts()) : the_post(); ?> <?php $key='link'; $custom = get_post_meta($post->ID, $key, true); ?> <?php $key2='brugt'; $custom2 = get_post_meta($post->ID, $key2, true); ?> <?php $key3='linkexternal'; $custom3 = get_post_meta($post->ID, $key3, true); ?> <?php $billede = get_the_post_thumbnail($post->ID, 'full'); ?> <div class="Raekke"> <div class="Arbejds_Billede"> <a href="<?php echo $custom; ?>" rel="lightbox"> <?php print $billede; ?></a> </div> <div class="Arbejdsbeskrivelse"> <h3><?php the_title(); ?></h3> <?php the_content(); ?> <div id="program"> <img src="<?php echo $custom2; ?>" /> </div> <div class="Knap"><a href="<?php echo $custom3; ?>"><p>Besøg siden</p></a> </div> </div> </div> <div class="clear"></div> <?php endwhile; else: ?> <?php _e('No posts were fond. Sorry!'); ?> <?php endif; ?> </div> <?php get_footer();?> footer ! </div> </div> </div> <div id="footer"> &copy;<?php echo date("Y"); echo " "; bloginfo('name'); ?> 4000 Roskilde </div> <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-31920214-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> <?php wp_footer(); ?> </body> </html>

    Read the article

  • IIS_IUSRS cannot access files uploaded and created by Network Service - error 401.3

    - by Max
    Let me rephrase my question as I investigated further: The problem: I have a php script that is used to upload images on my windows webserver 2008. The files are created in the correct directory. The are created and owned by the user Network Service. Network Service has full access to the uploaded file. As soon as I try to access the uploaded file (mostly an image) via HTTP, I get an 401.3 not authorized error. Now, if I right-click on the not accessible image and grant IIS_IUSRS group read permissions via the security tab, the image can be accessed! By default IIS_IUSRS has NO access at all for the uploaded file. The directory containing the image files has the correct access rights set. But each file that is new uploaded to the directory is permitted for IIS_IUSRS. The question: How can I grant IIS_IUSRS by default access to the newly uploaded file? The appPool of the website has its identity set to its default, I also tried setting it to "networkIdentity" or so, but that did not work either.

    Read the article

  • Web application/ site service (like Google App Engine) for PHP/ MySQL and Postgres

    - by Simon
    I would like to find a service similar to Google App Engine for PHP/ MySQL/ Postgres sites/ applications. We host two different types of site. i). PHP/ Mysql/ Zend Framework <VirtualHost *:80> DocumentRoot "/home/websites/website.com/public" ServerName website.com # This should be omitted in the production environment SetEnv APPLICATION_ENV development <Directory "/home/websites/website.com/public"> Options Indexes MultiViews FollowSymLinks AllowOverride All Order allow,deny Allow from all RewriteEngine On RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L] </Directory> </VirtualHost> ii). Matrix CMS - PHP/ Postgres + loads of pear classes <VirtualHost *:80> ServerName server.example.com DocumentRoot /home/websites/mysource_matrix/core/web Options -Indexes FollowSymLinks <Directory /home/websites/mysource_matrix> Order deny,allow Deny from all </Directory> <DirectoryMatch "^/home/websites/mysource_matrix/(core/(web|lib)|data/public|fudge)"> Order allow,deny Allow from all </DirectoryMatch> <DirectoryMatch "^/home/websites/mysource_matrix/data/public/assets"> php_flag engine off </DirectoryMatch> <FilesMatch "\.inc$"> Order allow,deny Deny from all </FilesMatch> <LocationMatch "/(CVS|\.FFV)/"> Order allow,deny Deny from all </LocationMatch> Alias /__fudge /home/websites/mysource_matrix/fudge Alias /__data /home/websites/mysource_matrix/data/public Alias /__lib /home/websites/mysource_matrix/core/lib Alias / /home/websites/mysource_matrix/core/web/index.php/ </VirtualHost> My key requirements are: I don't want to worry/ know/ care about the server/ infrastructure Secure/ up to date software/ os Good monitoring Automatic scalability SLA I apologise for the length of the question. In short all I want to do is i). create vhost, ii). create db iii). install app/ site iv). relax. Thanks. Edit: I include the Matrix vhost because that is the only complication that I cannot really do via a .htaccess file.

    Read the article

  • PHP `virtual()` with Apache MultiViews not working after upgrade to Ubuntu 12.04

    - by Izzy
    I use PHP's virtual() directive quite a lot on one of my sites, including central elements. This worked fine for the last ~10 years -- but after upgrading (or rather moving, as it is on a new machine) to Ubuntu 12.04 it somehow got broken. Example setup (simplified) To make it easier to understand, I simplify some things (contents). So say I need a HTML fragment like <P>For further instructions, please look <A HREF='foobar'>here</P> in multiple pages. 10 years ago, I used SSI for that, so it is put into a file in a central place -- so if e.g. the targeted URL changes, I only need to update it in one place. To serve multiple languages, I have Apache's MultiViews enabled -- and at $DOCUMENT_ROOT/central/ there are the files: foobar.html (English variant, and the default) foobar.html.de (German variant). Now in the PHP code, I simply placed: <? virtual("/central/foobar"); ?> and let Apache take care to deliver the correct language variant. The problem As said, this worked fine for about 10 years: German visitors got the German variant, all others the English (depending on their preferred language). But after upgrading to Ubuntu 12.04, it no longer worked: Either nothing was delivered from the virtual() command, or (in connection with framesets) it even ended up in binary gibberish. Trying to figure out what happens, I played with a lot of things. I first thought MultiViews was (somehow) not available anymore -- but calling http://<server>/central/foobar showed the right variant, depending on the configured language preferences. This also proved there was nothing wrong with file permissions. The error.log gave no clues either (no error message thrown). Finally, just as a "last ressort", I changed the PHP command to <? virtual("central/foobar.html"); ?> -- and that very same file was in fact included. So PHP's virtual() function basically worked -- but the language dependend stuff obviously did no longer work together with it as it did before. Of course I tried to find some change (most likely in PHP's virtual() command), using Google a lot, and also searching the questions here -- unfortunately to no avail. Finally: The question Putting "design questions" aside (surely today I would design things differently -- but at least currently I miss the time to change that for a quite huge amount of pages): What can be done to make it work again? I surely missed something -- but I cannot figure out what...

    Read the article

  • GlassFish Security Realm, Active Directory and Referral

    - by Allan Lykke Christensen
    I've setup up a Security Realm in Glassfish to authenticate against an Active Directory server. The configuration of the realm is as follows: Class Name: com.sun.enterprise.security.auth.realm.ldap.LDAPRealm JAAS context: ldapRealm Directory: ldap://172.16.76.10:389/ Base DN: dc=smallbusiness,dc=local search-filter: (&(objectClass=user)(sAMAccountName=%s)) group-search-filter: (&(objectClass=group)(member=%d)) search-bind-dn: cN=Administrator,CN=Users,dc=smallbusiness,dc=local search-bind-password: abcd1234! The realm is functional and I can log-in, but when ever I log in I get the following error in the log: SEC1106: Error during LDAP search with filter [(&(objectClass=group)(member=CN=Administrator,CN=Users,dc=smallbusiness,dc=local))]. SEC1000: Caught exception. javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name 'dc=smallbusiness,dc=local' at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2820) .... .... ldaplm.searcherror While searching for a solution I found that it was recommended to add java.naming.referral=follow to the properties of the realm. However, after I add this it takes 20 minutes for GlassFish to authenticate against Active Directory. I suspect it is a DNS problem on the Active Directory server. The Active Directory server is a vanilla Windows Server 2003 setup in a Virtual Machine. Any help/recommendation is highly appreciated!

    Read the article

  • Does Security Trimming work with Web Forms Routing?

    - by Slauma
    In my web.config I have configured a SiteMapProvider with securityTrimmingEnabled="true" and on my main master page is an asp:Menu control bound to an asp:SiteMapDataSource. In addition I have configured restricted access to all pages in a subfolder "Admin" (using another web.config in this subfolder). If I put a sitemapNode in Web.sitemap... <siteMapNode url="~/Admin/Default.aspx" title="Administration" description="" > ... only users in role "Admin" will have the menu item related to that siteMapNode. So this is working fine and as intended. Now I have defined a URL route in Global.asax to map the physical file to a new URL: System.Web.Routing.RouteTable.Routes.MapPageRoute("AdminHomeRoute", "Administration/Home", "~/Admin/Default.aspx"); But when I use this route-URL in the SiteMap file... <siteMapNode url="Administration/Home" title="Administration" description="" > ... it seems that security trimming does not work: The menu item is visible for all users. (Access to the page is still restricted though, so selecting the menu item by non-Admin users does not navigate to the restricted page.) Question: Is there any setting I've missed so far to make security trimming working with URL routing in ASP.NET 4.0 Web Forms? Did I do something wrong? Is there any work-around? Thank you for help!

    Read the article

  • Applying fine-grained security to an existing application

    - by Mark
    I've inherited a reasonably large and complex ASP.NET MVC3 web application using EF Code First on SQL Server. It uses ASP.NET Membership roles with database authentication. The controller actions are secured with attributes derived from AuthorizeAttribute that map roles to actions. There are extension methods for the finer points, such as showing a particular widget to particular roles. This is works great and I have a good understanding of the current security model. I've been asked to provide finer grained security at the data level. For example a 'Customer' user can only see data (throughout the database) associated with themselves and not other Customers. The problem is that 'Customer' is only 1 of 5 different types with their own specific restrictions (each of the 9 roles is one of these 5 types). The best thing I can think of is to go through all the data repositories and extend each and every LINQ statements/query with a filter for every user type. Even if I had time for that it doesn't seem like the most elegant way. Any suggestions? I really don't know where to start with this so anything could be helpful. Many thanks.

    Read the article

  • mscomctl.ocx on my dev machine gives me problems since security patch of MS

    - by Bronzato
    I am busy on this problem since 2 days ago and hope someone can get me out of it. I have Excel 2010 (full install 944Mb) on my Windows 8 computer. It works well. But when I modify my workbook (containing a ListView version 6.0) I am not able to run it on my client's computer. I get the error: Could Not Load An Object. Not Available on This Machine. Even it works well on my dev machine. The reason is: Microsoft applied a Security Patch (near august 2012 I think) on mscomctl.ocx and my Excel 2010 installation files (downloaded not long ago) contains the new version of mscomctl.ocx. The clients using my Excel file don't apply the security patch at this moment. Se everytime I publish my Excel file to client's computers (from my dev environment), I reference the new mscomctl.ocx. That's the problem. I already try to get the old mscomctl.ocx from client's computer and copy & register it on my dev machine but then I got errors (Class not registered, ...) when I create a userform and drag a listview on it. So: mscomctl.ocx on client's machine is version 6.1.98.13 from 2008. mscomctl.ocx on my dev machine is version 6.1.98.34 from 2012. My question: Does someone have an idea how to proceed to have a usable version of mscomctl.ocx on my dev machine? Thank you very much.

    Read the article

  • what should be limit to use for IPTABLE rate limiting for a webserver

    - by Registered User
    I see on my webserver some logs as follows 203.252.157.98 - :25:02 "GET //phpmyadmin/ HTTP/1.1" 404 393 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :25:03 "GET //phpMyAdmin/ HTTP/1.1" 404 394 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :25:03 "GET //pma/ HTTP/1.1" 404 388 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :25:04 "GET //dbadmin/ HTTP/1.1" 404 391 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :25:05 "GET //myadmin/ HTTP/1.1" 404 391 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :25:06 "GET //phppgadmin/ HTTP/1.1" 404 394 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :25:06 "GET //PMA/ HTTP/1.1" 404 389 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :25:07 "GET //admin/ HTTP/1.1" 404 389 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :25:08 "GET //MyAdmin/ HTTP/1.1" 404 392 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :27:36 "GET //phpmyadmin/ HTTP/1.1" 404 393 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :27:42 "GET //phpMyAdmin/ HTTP/1.1" 404 394 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :27:42 "GET //pma/ HTTP/1.1" 404 388 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - :27:43 "GET //dbadmin/ HTTP/1.1" 404 391 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" 203.252.157.98 - - "GET //myadmin/ HTTP/1.1" 404 391 "-" "Made by ZmEu @ WhiteHat Team - www.whitehat.ro" and some more as follows 118.219.234.254 - - [19/Oct/2010:22:57:41 "GET /pma/scripts/setup.php HTTP/1.1" 404 399 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:22:57:41 "GET /scripts/setup.php HTTP/1.1" 404 397 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:22:57:42 "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:22:57:42 "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 408 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:22:57:43 "GET /web/phpmyadmin/scripts/setup.php HTTP/1.1" 404 408 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:22:57:44 "GET /web/scripts/setup.php HTTP/1.1" 404 400 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:22:57:44 "GET /webadmin/scripts/setup.php HTTP/1.1" 404 403 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:22:57:45 "GET /webdb/scripts/setup.php HTTP/1.1" 404 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:22:57:45 "GET /websql/scripts/setup.php HTTP/1.1" 404 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:51 "GET /admin/phpmyadmin/scripts/setup.php HTTP/1.1" 404 407 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:52 "GET /admin/pma/scripts/setup.php HTTP/1.1" 404 404 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:52 "GET /admin/scripts/setup.php HTTP/1.1" 404 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:53 "GET /db/scripts/setup.php HTTP/1.1" 404 399 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:54 "GET /dbadmin/scripts/setup.php HTTP/1.1" 404 402 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:54 "GET /myadmin/scripts/setup.php HTTP/1.1" 404 403 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:55 "GET /mysql/scripts/setup.php HTTP/1.1" 404 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:55 "GET /mysqladmin/scripts/setup.php HTTP/1.1" 404 405 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:56 "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 405 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:56 "GET /phpadmin/scripts/setup.php HTTP/1.1" 404 403 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:57 "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 404 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:57 "GET /pma/scripts/setup.php HTTP/1.1" 404 399 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:58 "GET /scripts/setup.php HTTP/1.1" 404 397 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:58 "GET /sqlweb/scripts/setup.php HTTP/1.1" 404 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:59 "GET /web/phpMyAdmin/scripts/setup.php HTTP/1.1" 404 408 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:38:59 "GET /web/phpmyadmin/scripts/setup.php HTTP/1.1" 404 408 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:39:00 "GET /web/scripts/setup.php HTTP/1.1" 404 400 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:39:01 "GET /webadmin/scripts/setup.php HTTP/1.1" 404 403 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:39:01 "GET /webdb/scripts/setup.php HTTP/1.1" 404 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" 118.219.234.254 - - [19/Oct/2010:05:39:02 "GET /websql/scripts/setup.php HTTP/1.1" 404 401 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)" I have 2 questions 1) When such an attack happens on my site then while such scanning is going on how do I detect it? (In a very less time) 2)I have decided to rate limit the IPTABLES so as to reduce such DOS attacks by some script kiddies (to scan for vulnerabilities in phpmyadmin or some other script) to some extent.So how much should it be limited so that genuine users do not get kicked out.What is the best practise for question 2?

    Read the article

  • Facebook graph api photo upload to a fan page album

    - by kielie
    Hi guys, I have gotten the photo upload function to work with this code, <?php include_once 'facebook-php-sdk/src/facebook.php'; include_once 'config.php';//this file contains the secret key and app id etc... $facebook = new Facebook(array( 'appId' => FACEBOOK_APP_ID, 'secret' => FACEBOOK_SECRET_KEY, 'cookie' => true, 'domain' => 'your callback url goes here' )); $session = $facebook->getSession(); if (!$session) { $url = $facebook->getLoginUrl(array( 'canvas' => 1, 'fbconnect' => 0, 'req_perms'=>'user_photos,publish_stream,offline_access'//here I am requesting the required permissions, it should work with publish_stream alone, but I added the others just to be safe )); echo 'You are not logged in, please <a href="' . $facebook->getLoginUrl() . '">Login</a> to access this application'; } else{ try { $uid = $facebook->getUser(); $me = $facebook->api('/me'); $token = $session['access_token'];//here I get the token from the $session array $album_id = 'the id of the album you wish to upload to eg: 1122'; //upload your photo $file= 'test.jpg'; $args = array( 'message' => 'Photo from application', ); $args[basename($file)] = '@' . realpath($file); $ch = curl_init(); $url = 'https://graph.facebook.com/'.$album_id.'/photos?access_token='.$token; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $args); $data = curl_exec($ch); //returns the id of the photo you just uploaded print_r(json_decode($data,true)); } catch(FacebookApiException $e){ echo "Error:" . print_r($e, true); } } ?> I hope this helps, a friend and I smashed our heads against a wall for quite some time to get this working! Anyways, here is my question, how can I upload a image to a fan page? I am struggling to get this working, when I upload the image all I get is the photo id but no photo in the album. So basically, when the user clicks the upload button on our application, I need it to upload the image they created to our fan page's album with them tagged on it. Anyone know how I can accomplish this?

    Read the article

  • Loading a class into a function ?

    - by Adrian
    I`m currently working on a script, and I have the following situation. function somnicefunction() { require 'someexternalclass.php'; $somevar = new SomeExternalClass(); } For some reason, the above breaks the function. I'm not sure why, I haven't seen much documentation in php.net regarding this, plus google returned no real results. Does anyone have any idea ?

    Read the article

  • Dynamic Colorbox galleries using Ajax

    - by Gobitron
    Hi, I am new to jQuery / AJAX. I have a page that uses colorbox to display photo galleries. The page displays only one image from each gallery. When clicked, a colorbox opens up with all of the photos from that gallery. These inner photo references (for all photos from all galleries) are hidden on the page in an invisible div. The page is a PHP generated page. The galleries/photos are being populated via Picasa. All of the above works fine, but instead of loading all of the images from all galleries on page load (via PHP), I'd like to load only the requested gallery into the colorbox via AJAX. So far, I have a test page which can insert the proper links into a div on the page, but the Colorbox won't pick up on these links. This is where I need help. How can I get Colorbox to recognize the links generated by my AJAX call? The colorbox scripts sit in the header: <script type="text/javascript" src="libs/js/jquery.colorbox.js"></script> <script type="text/javascript"> //Writing out the ColorBox command for each album $(document).ready(function(){ <?php $setnum = 0; foreach ($albumIds as $albumId){ echo "\t\t\t$(\"a[rel='set" . $setnum . "']\").colorbox({maxWidth:\"640px\", maxHeight:\"480px\"});\n"; $setnum++; } ?> }); </script> Here is my get JSON code located in the body section of the page: $.getJSON("myserv.php",formContent, function(json){ var photos = json.data.items; var numpics = json.data.items.length; var pointer = 1; while (pointer < numpics){ var stuffineed = photos[pointer].media.image.url; $("#ajaxBox").append("<a href='" + stuffineed + "' rel='set" + pointer +"'>" + photos[pointer].media.image.url + "</a><br />"); pointer++; } }); //End json Again, I can get the AJAX to populate the div correctly, but the colorbox script isn't picking up these images. Any help would be greatly appreciated.

    Read the article

  • Pay online service

    - by Samuel
    Hellow, I have a database where you can select articles etc, users have an account, it's all in mysql and php (i guess you don't need that code). What i was wondering was how to write a script that allows users to pay online for the articles they selected? It doesn't need to be any code, just ideas / hints / tips / ... (that are doable in PHP or something similar) Thanks in advance!! -Samuel

    Read the article

  • Fatal Error in uploading to google DOcs using Zend_GData

    - by Ali
    Hi guys I'm trying the code samples from zend frameworks site on how to upload a document to google docs but I keep getting this error. PHP Fatal error: Uncaught exception 'Zend_Gdata_App_HttpException' with message 'Expected response code 200, got 415 Content-Type application/x-www-form-urlencoded is not a valid input type.' in C:\...\Zend\Gdata\App.php:700 It can't be an unlisted type as I tried to upload even a .txt file - whats happening here - I've googled everywhere for an answer and landed nowhere - please help :(

    Read the article

  • Large file uploads from web pages

    - by jerrygarciuh
    Hi folks, I code primarily in PHP and Perl. I have a client who is insisting on seeking video submissions (any encoding) from the public via one of their pages rather than letting YouTube do its job. Server in question is a virtual machine and I can adjust ini settings for max post, max upload size etc as needed. My initial thought is to use a Flash based uploader with PHP on the back end but I wondered if someone might have useful advice and experience on the subject? Peace JG

    Read the article

  • How to make a general profile for PHPUnit testing in WebIDE?

    - by Ondrej Slinták
    I'm playing a bit with beta version of PHP Storm (PHP version of WebIDE) and its integration of PHPUnit. I know how to set a profile to run tests in particular file, directory or class. Problem is, I'd like to create some profile where Run button would run tests in currently opened file. Any idea if there's a way to do it? Or perhaps it isn't implemented in beta version yet?

    Read the article

  • Phpunit Testing with Codeignitor and Doctrine

    - by Bhavin Rana
    I M Currently using Phpunit PHP Testing Framework. But i have problems in using combination of Doctrine ORM and Codeignitor PHP Framework. PHPUnit not working with the Combine Codeignitor and Doctrine so much errors there.. what should do? any body can solve this problem? Code ignitor and PHPUnit User plz contact. well i ve used the foo stack for codeignitor //Bhavin A Rana

    Read the article

  • redirect http to https for some page in site in APACHE

    - by Avinash
    Hi I want to one of my site's page will use only HTTPS. i have given manually link to all sites to https. But i want that if user manually types that page url with http then it should be redirected to https page. So if user types. http://mydomain.com/application.php then it should be redirected to https://mydomain.com/application.php Thanks Avinash

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 581 582 583 584 585 586 587 588 589 590 591 592  | Next Page >