Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 615/886 | < Previous Page | 611 612 613 614 615 616 617 618 619 620 621 622 | Next Page >

Benefit for implementing OAuth

- by zfranciscus

Hi, I am just wondering from a webservice provider point of view what is the benefit of asking users to create an account or login using 3rd party web service provider e.g: Twitter or facebook. Wouldn't it be easier to ask the user to provide their twitter or facebook login and use that to pull the user's twitter or facebook data. I can understand the benefit of using From user point of view using OAuth provide security. It is safer to use OAuth than giving some one the internet our twitter or facebook login credential. But some how I can't figure out the benefit from the web service point of view. Thank you. Cheers

Read the article
Microsoft.Web.Administration.ServerManager can't read config sections containing encrypted passwords in applicationHost.config

- by Dylan Beattie

I have some sites in IIS7 that are configured to run as domain users (MYDOMAIN\someuser). I'm using the Microsoft.Web.Administration namespace to scan my server configuration, but it's throwing an exception when I hit one of these "impersonator" sites: using (ServerManager sm = new ServerManager()) { foreach (Site site in sm.Sites) { foreach (Application app in site.Applications.Reverse()) { foreach (VirtualDirectory vdir in app.VirtualDirectories.Reverse()) { var config = app.GetWebConfiguration(); foreach (var locationPath in config.GetLocationPaths()) { // error occurs in GetLocationPaths() } } } } } The actual error message is: COMException was unhandled Filename: \\?\C:\Windows\system32\inetsrv\config\applicationHost.config Line number: 279 Error: Failed to decrypt attribute 'password' because the keyset does not exist It appears that IIS is storing the MYDOMAIN\someuser password encrypted in applicationHost.config, which is great in terms of security - but I have no idea how to get the ServerManager to decrypt this. Any tips on how I can either allow ServerManager to decrypt this, or just tell IIS to store the passwords in plain text? This is on IIS7 under Windows 7 RC, by the way.

Read the article
Best approach for authorisation rules

- by Maciej

I'm wonder about best approach of implementation auth. rules in Client-Server app using Business Objects. I've noticed common tactic is: - on DB side: implement one role for application, used for all app's users - definition users right and roles and assign users to proper group - Client side: add to Business Object's getters/setters rights checker allowing write / display data for particular user My concern is if this is really good approach from security perspective. It looks DB sends all information to Client, and then client's logic decide what to display or not. So, potentially advanced user can make query from their box and see/change anything. Isn't it?

Read the article
generate only objectLayer of Entity Framework Model by edmgen tool

- by loviji

How to generate only objectLayer by edmgen tool, without generating csdl, ssdl and views ? *"%windir%\Microsoft.NET\Framework\v4.0.30319\edmgen.exe" /mode:fullgeneration /c:"Data Source=.\sqlexpress; Initial Catalog=uqs; Integrated Security=SSPI" /project:generateEntityModel /entitycontainer:uqsEntities /namespace:uqsModel /language:CSharp /outobjectlayer:"D:/uqsObjectLayer.cs" * in this script I don't write location to write csdl, ssdl and views , but they are generated in C:\Users\adminUser in windows Vista and objectLayer generated to D:/uqsObjectLayer.cs. If I use /mode:EntityClassGeneration, this option requires the /incsdl argument and either the /project argument or the /outobjectlayer argument. The /language argument is optional. But I don't want use csdl file. As I understand, edmgen.tool can not create objectlayer without csdl file. Now is there alternate way or tool for generating objectlayer from db?

Read the article
How to access the Principal from a Java service object without using FlexContext?

- by Marplesoft

We're building some Java objects that are exposed via BlazeDS to our flex client application. So basically the BlazeDS messagebroker servlet instantiates and invokes methods on these objects in response to client requests. Works great. We're using app server-based authentication and have set up a security constraint on the <destination> elements in the remoting-config.xml file element to prevent unauthenticated clients from being able to access these remote java objects. Again, works fine. However, there are several places within the implementation of these java objects where we want to get the currently logged on user's username. Right now we are doing this via FlexContext.getUserPrincipal(), which gives access to this but we have a nagging concern that we don't like the idea that the implementation of these objects (the service layer) has a hard dependency on a BlazeDS class. But we're not sure how else to get access to this. The same applies to accessing the ServletContext and such. Any ideas?

Read the article
tcp checksum and tcp offloading

- by scatman

i am using raw sockets to create my own socket. i need to set the tcp_checksum. i have tried a lot of references but all are not working (i am using wireshark for testing). could you help me please. by the way, i read somewhere that if you set tcp_checksum=0. then the hardware will calculate the checksum automatically for you. is this true? i tried it, but in wireshark the tcp_checksum gives a value of 0X000 and says tcp offload. i also read about tcp offloading, and didn't understand, is it only that wireshark is cannot check an offloaded tcp checksum, but there is a correct one??

Read the article
Convert old NuSoap code into PHP core soap functions

- by Enrique

Hi I've been testing nuSoap with codeIgniter (PHP Framework) but seems nuSoap isn't prepared to work with latest php 5.3, even if I download a patched nusoap version for php 5.3 I have the following code: require_once(APPPATH.'libraries/NuSOAP/lib/nusoap'.EXT); //includes nusoap $n_params = array('CityName' => 'San Juan', 'CountryName' => 'Argentina'); $client = new nusoap_client('http://www.webservicex.net/globalweather.asmx?WSDL'); $client->setHTTPProxy("10.2.0.1",6588,"",""); $result = $client->call('GetWeather', $n_params); Can any1 help me to convert these functions into php soap functions? Including proxy function? Thanks a lot

Read the article
Efficiency Question for an Ajax App

- by Kubi

Hi, Currently I am dealing with a web application which uses a txt file as a database for testing for now. But we will connect it to a server later on. My question is, if there is a more efficient way to get my objects than the way I am using now. During the page_init I am getting all my objects into a Collection as List, then I am populating the ajax toolkit accordion objects in the page with that. I have some client side buttons which fires callbacks for getting some other objects to populate the accordions in an update panel. And I am using .net Collections too much like dictionary and list, I am wondering if using arrays is more efficient. Could you advise me about how to make this site better and faster ? Is it better or possible to initialize those TravelP objects in javascript at the beginning and use it like that ? Any comments would be greatly appreciated, Thanks

Read the article
Core Animation not working on Leopard, working on Snow Leopard

- by Nick Paulson

Hi, I animate NSImageViews using its animator proxy. While testing my application on Snow Leopard, everything works as expected. However, on Leopard, none of the animations are functioning. In addition, NSImageViews don't seem to take into effect the alphaValue I set on them, whether through the animator proxy or not. The only way I can get them to disappear is by setting their image to nil. What is weird is that this all works fine in Snow Leopard, but does not work on Leopard 10.5.8. Any idea on why this may be occurring?

Read the article
Database design for very large amount of data

- by Hossein

Hi, I am working on a project, involving large amount of data from the delicious website.The data available is at files are "Date,UserId,Url,Tags" (for each bookmark). I normalized my database to a 3NF, and because of the nature of the queries that we wanted to use In combination I came down to 6 tables....The design looks fine, however, now a large amount of data is in the database, most of the queries needs to "join" at least 2 tables together to get the answer, sometimes 3 or 4. At first, we didn't have any performance issues, because for testing matters we haven't had added too much data in the database. No that we have a lot of data, simply joining extremely large tables does take a lot of time and for our project which has to be real-time is a disaster.I was wondering how big companies solve these issues.Looks like normalizing tables just adds complexity, but how does the big company handle large amounts of data in their databases, don't they do the normalization? thanks

Read the article
iPhone - Web Access Authentication

- by Terry

I am building a secure app for our exec's... here is my setup. It's a somewhat Macgyver approach, but bear with me :) There are only 10 users, I have a record of each uniqueIdentifier on my backend in a database table. (This is internal only for our users, so I don't believe I am breaking the public user registration rule mentioned in the API docs) Through adhoc distribution I install my app on all 10 devices My app is simply composed of a UIWebView. When the app starts it does a POST to our https site sending the uniqueIdentifier. (Thanks to this answer) The server page that recieves the POST, checks the uniqueIdentifier and if found sets a session cookie that automatically logs them into the site. This way the user doesn't have to enter in their credentials every time. So what do you think, is there a security hole with this? Thanks

Read the article
rpm installation error

- by JiminyCricket

im trying to install an RPM compat-db-4.1.25-9 on oracle linux enterprise, since its required to install WebCenter...however the rpm installation is throwing a warning and then not working [root@devsebl downloads]# rpm -i compat-db-4.1.25-9.rpm warning: compat-db-4.1.25-9.rpm: Header V3 DSA signature: NOKEY, key ID 9b3c94f4 [root@devsebl downloads]# rpm -q compat-db-4.1.25-9.rpm package compat-db-4.1.25-9.rpm is not installed any idea what that warning means and why its crashing there? i tried to use Yum, but its not available i guess: [root@devsebl downloads]# yum search compat-db Loaded plugins: security Warning: No matches found for: compat-db No Matches found

Read the article
Map a column to be IDENTITY in db with EF4 Code-Only

- by Tomas Lycken

Although I have marked my ID column with .Identity(), the generated database schema doesn't have IDENTITY set to true, which gives me problems when I'm adding records. If I manually edit the database schema (in SQL Management Studio) to have the Id column marked IDENTITY, everything works as I want it - I just can't make EF do that by itself. This is my complete mapping: public class EntryConfiguration : EntityConfiguration<Entry> { public EntryConfiguration() { Property(e => e.Id).IsIdentity(); Property(e => e.Amount); Property(e => e.Description).IsRequired(); Property(e => e.TransactionDate); Relationship(e => (ICollection<Tag>)e.Tags).FromProperty(t => t.Entries); } } As I'm using EF to build and re-build the database for integration testing, I really need this to be done automatically...

Read the article
MVC4 bundling GZIP and headers

- by plurby

I'm testing my site with Google PageSpeed and YSlow and the bundles that i've created with MVC4 bundles aren't getting Gzipped (Compressing resources with gzip or deflate can reduce the number of bytes sent over the network) and there is no Vary: Accept-Encoding header (Instructs proxy servers to cache two versions of the resource: one compressed, and one uncompressed. This helps avoid issues with public proxies that do not detect the presence of a Content-Encoding header properly.) And also how can i add encoding header for the whole scripts folder on the ISS. I know there is HTTP Response Headers, then Add Custom HTTP Response Header, but will this work on the whole scripts folders and subfolders and what to put in the Name and Value fields. How can this be solved. Regards.

Read the article
Most popular classroom, bootcamp, or online training for ASP.NET 3.5

- by Curtis White

What are the most popular and highest quality training sources for ASP.NET 3.5. I am interested in both "boot camp" class room training and online self-paced training. I am interested in both training that can be applied to certification but also non certification based training in the following areas: ASP.NET 3.5, AJAX, and web security. The training should be geared to real world projects and not memorization. I am most interested to hear from Microsoft MVP's on the matter and those who personally have attended or scheduled such training.

Read the article
ASPNETDB and ASPSTATE database. How to change the connectionstrings?

- by George

I have two ASP-specific SQL Server databases 1) ASPState - To store session state 2) ASPNETDB - To store Security/Role stuff. In my web.config, I am specifying the connection string used to identify the location of the APState database: <sessionState mode="SQLServer" sqlConnectionString="server=(local)\sql2008b;uid=sa;pwd=iainttelling;" timeout="120"/> Where is the conenction string specified for the ASPNETDB database? I am trying to point it to a db on a remote server. I have a feeling it is somewhere in IIS orthe Machine Config. I'd like to add it to my WEB.CONFIG Could someone help me to do this?

Read the article
Cross-domain policy issues after redirect in Flash

- by ggambett

I'm having trouble with a cross-domain policy. I'm using the AS3 Loader to fetch an image; I'm making it load the policy file, like this : var pLoader : Loader = new Loader(); var pContext : LoaderContext = new LoaderContext(); pContext.checkPolicyFile = true; pLoader.load(new URLRequest(sURL), pContext); This works fine as long as the image is directly accessible; however, when the server sends a redirect, the loader follows it but loses the checkPolicyFile flag, resulting in a SecurityException - that is, it doesn't check the cross-domain policy of the redirected URL. I've found a solution here ( http://www.stevensacks.net/2008/12/23/solution-as3-security-error-2122-with-300-redirects ) but looks fragile (that is, looks like it will fail if there's more than one redirect). What would be the correct way of doing this?

Read the article
Expose url to webservice

- by Patrick Peters

In our project we want to query a document management system for a specific document or movie. The dms returns a URL with the document location (for example: http://mydomain.myserver1.share/mypdf.pdf or http://mydomain.myserver2.share/mymovie.avi). We want to expose the document to internet users and intranet users. The requested file can be large (large video files). Our architecture is like: request goes like: webapp1 - webapp2 - webapp3 - dms response goes like: dms - webapp3 - webapp2 - webapp1 webapp1 could be on the internet. I have have been thinking how we can obfusicate the real url from the dms, due to security issues. I have seen implementations from other webapps where the pdf URL was obfusicated by creating a temp file for the requested document that is specific for the session and user. So other users cannot easily guess the documentname of other users. My question: is there a pattern that deals with exposing company/user vulernable data to the public ? Our development is in C# 3.5.

Read the article
MSSQL2008: DTC Transaction - Internal abort

- by Teutales

Hi all, I write a small own replication - a trigger which fires an DTC INSERT to another server (one reason for my own "replication": while trigger is running it calculates some data, another: it works from an express version to an express version). When I do the initial insert from the same Host with the windows authentification it works fine. But there is a webserver on another host, which uses the sqlserver login (for testing sa). When this Host do the initial insert I get a Internal abort after the entlisting and creating phase in the DTCTransaction EventClass (Profiler). The magic is: When I first fire it from the same Host with the windows authentification, I can fire it from the webserver and it works fine. But I just have to wait some minutes and it won't work. Where is my error in reasoning... Thanks! Greetz Teutales Here is my initial server script: EXEC master.dbo.sp_addlinkedserver @server = @Servername, @srvproduct=N'SQL Server' EXEC master.dbo.sp_addlinkedsrvlogin @rmtsrvname = @Servername, @locallogin = NULL , @useself = N'False', @rmtuser = @Serverlogin, @rmtpassword = @Serverpwd

Read the article
CakePHP session sharing between two apps, on the same domain

- by Amit Yadav

I am having two cakephp application working on the same domain. I access them like localhost:8080/wishlist & localhost:8080/lighthouse The wishlist is a separate cakePHP application and the lighthouse is a separate CakePHP application. The login page is at localhost:8080/lighthouse, now i want the session generated by the lighthouse application to be used in the wishlist application. The directory structure is /htdocs /wishlist /app /config .... /lighthouse /app /config .... I have edited the core.php file for both the application. I am using the same session cookie name and the same security sale but i am not able to get the session on the wishlist application. Can some one let me know how can i share session in between my two application.

Read the article
Should I use vnd.youtube:videoID?

- by Felix

While playing around with the emulator, I noticed that when trying to view a YouTube video the browser gives an error saying it can not load the page at vnd.youtube:ngc978y6rCU?some=parameters. I don't have an Android device, but by this I can suppose that launching a VIEW intent with the data URI set to vnd.youtube:VIDEO_ID would launch the default YouTube application and watch that video. Now, my application has to be able to display YouTube videos. Right now I have a custom-made YouTube activity which does just that, but I'm thinking of: Removing my custom activity and just launching a VIEW intent with a vnd.youtube:VIDEO_ID Uri, or Testing whether that Intent is available and using it, or, if it's not available, using my custom activity. Is this a good idea? Does this work at all (as I said I have no Android device, I'll just be borrowing one from a friend to test my final application)? Which way should I go?

Read the article
Using Tweepy API behind proxy

- by user1505819

I have a using Tweepy, a python wrapper for Twitter.I am writing a small GUI application in Python which updates my twitter account. Currently, I am just testing if the I can get connected to Twitter, hence used test() call. I am behind Squid Proxy server.What changes should I make to snippet so that I should get my work done. Setting http_proxy in bash shell did not help me. def printTweet(self): #extract tweet string tweet_str = str(self.ui.tweet_txt.toPlainText()) ; #tweet string extracted. self.ui.tweet_txt.clear() ; self.tweet_on_twitter(str); def tweet_on_twitter(self,my_tweet) : auth = tweepy.OAuthHandler(CONSUMER_KEY, CONSUMER_SECRET); auth.set_access_token(ACCESS_KEY, ACCESS_SECRET) ; api = tweepy.API(auth) ; if api.test() : print 'Test successful' ; else : print 'Test unsuccessful';

Read the article
Objective-C : BOOL vs bool

- by santoni

Hi, I'm new to objective-c and I saw the "new type" BOOL (YES, NO). I read that this type is almost like a char. For testing I did : NSLog(@"Size of BOOL %d", sizeof(BOOL)); NSLog(@"Size of bool %d", sizeof(bool)); Good to see both display 1 (sometimes in C++ bool just an int and sizeof is 4) So I was just wondering I there were some issues with the bool type or something ? Can I just use bool (that seems to work) without loosing speed? Thanks for answers

Read the article
Asp.net fileupload control postback problems

- by Spooky2010

using ASP.net, vs2008 C#. Im using a FileUpload control on a webform. The uploading of a file (ie PDF dcouments) to a server directory works ok. I have on the webform a "preview" button that the user can use to preview the PDF file after they have selected it via the Fileupload browse feature. I do this by if (this.FileUpload1.HasFile) { localURL = FileUpload1.PostedFile.FileName; // use this to preview file. Other methods are restricted by local security requirements Process.Start(localURL); } My problems is that after the button click Postback occurs the location of the selected file disappears from the textbox part of the Fileupload control. How can i keep this info there, so the user does not have to browse again and instead can just click upload to upload the file. Any help appreciated thanks

Read the article
Where can I download a free, text-rich dataset?

- by blee

I want to do a bit of lightweight testing and bench-marking for full-text search, so the dataset should have the qualities: 10,000 - 100,000 records. good dispersion of English words. In CSV or Excel format--i.e. I don't want to access it via API. Something like books or movies with title and description fields would be perfect. I browsed the UCI Machine Learning Repo, but it was too number-oriented. Thanks!

Read the article

< Previous Page | 611 612 613 614 615 616 617 618 619 620 621 622 | Next Page >