Search Results

Search found 39968 results on 1599 pages for 'access manager'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 622/1599 | < Previous Page | 618 619 620 621 622 623 624 625 626 627 628 629  | Next Page >

  • Multitenant shared user account?

    - by jpartogi
    Dear all, Based on your experience, which is the route to go for a multi-tenant user login? One user login per account. Which means if there is one user that has access to multiple account, there will be redundancy of record in the database One user login for all account that she has privileges to. Which means one user record has access to multiple account if she has privileges to that account. From your experience, which one is better and why? I was thinking to choose the latter, but I don't know whether it will cause security issue or less flexibility. Thank you for sharing your experience.

    Read the article

  • Possible Performance Considerations using Linq to SQL Repositories

    - by Robert Harvey
    I have an ASP.NET MVC application that uses Linq to SQL repositories for all interactions with the database. To deal with data security, I do trimming to filter data to only those items to which the user has access. This occurs in several places: Data in list views Links in a menu bar A treeview on the left hand side containing links to content Role-based security A special security attribute, inheriting from AuthorizeAttribute, that implements content-based authorization on every controller method. Each of these places instantiates a repository, which opens a Linq to Sql DataContext and accesses the database. So, by my count, each request for a page access opens at least six separate Linq to SQL DataContexts. Should I be concerned about this from a performance perspective, and if so, what can be done to mitigate it?

    Read the article

  • Generating custom-form documents from base-form plus XML?

    - by KlaymenDK
    Hi all, this is my first stack overflow, and it's a complex one. Sorry. My task is to generate custom documents from a basic template plus some XML without having a custom form design element for each case. Here's the whole picture: We are building a Lotus Notes (client, not web) application for world-wide application access control; the scope is something like 400.000 users being able to request access to any of 1000+ applications. Each application needs its own request form -- different number of approvers, various info required, that sort of thing. We simply can't have a thousand forms in a database (one per application), and anyway their maintenance really needs to be pushed from the developers to the application owners. So instead of custom forms, we'd like to create a generic "template" form that stores a block of basic fields, but then allows application owners to define another block of fields dynamically -- "I want a mandatory plain-text field named 'Name' here, and then a date field named 'Due' here that must be later than today's date, and then ...". I hope this makes sense (if not, think of it as a generic questionnaire application). I pretty much have the structure in place for designing the dynamic fields (form builder GUI - XML-encoded data - pre-rendered DXL for injecting into a form), including mark-up for field types, value options, and rudimentary field validation instructions. My problem is generating a document with this dynamic content injected at the proper location (without needing a custom form design element for each case). Doing the dynamic content via HTML is out. The Notes client web rendering is simply way too poor, and it would be quite a challenge to implement things like field validation instructions, date selectors, and name look-ups. DXL, on the other hand, would allow us to use native Notes fields and code. As a tech demo, I've managed to implement a custom form generator that injects the pre-rendered DXL for the dynamic content into a base form; but as I said, we don't want a ton of custom form design elements. I've tried to implement a way to create a document with the "store form in document" flag set, but once I've created the document from the base form, I can't get DXL access to the stored form design, and so I can't inject my dynamic content. I know this is not something Notes was ever intended to do. Has anyone ever tried something like it (and gotten away with it)? Thanks for reading this far. With a boatload of thanks in advance, Jan Gundtofte-Bruun

    Read the article

  • PHP can be exclusively accessed by SWF

    - by brett
    I'm not sure how to describe this, but basically I have a PHP class file: class HelloHello { public function getSomeData($input_parameter){ // code to retrieve data from the database } public function deleteSomeData($input_parameter){ // code to delete data from the database } } This class is on the server and is part of the backend that connects with a database, and it's meant to be accessed by the frontend SWF only (not to be directly accessed). I've setup Flex to read this class and access it. But how do I make sure that someone doesn't develop a script that can call this php file directly and access its methods? For example using a script to add data in a fast automated way, or use the delete method directly, ouch. Is this a legitimate concern, or this can't be done?

    Read the article

  • How do I configure SSIS logging to overwrite the log file?

    - by theog
    My SSIS package has logging configured with a SSIS log provider for text files, which works fine, but each time the package is run the log appends to the end of the log file. I want it to truncate the file and only keep the log from the most recent execution of the package, but I don't see an option anywhere to do that. I've tried both file usage types (Existing file and New file) in the File Connection manager with the same results.

    Read the article

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • Removing the email validation requirement - Login Toboggan

    - by Rob Orr
    I'm building a premium membership site where a visitor can purchase a role and gain access to the privileged content using ubercart. I've got all that working fine, but the last tiny snag that my client wants to remove is to remove the validation email requirement that's fired when someone signs up on the site in Login Toboggan (6.1.9). I've got nothing set that is forcing this extra step and I've come to believe that this may be a feature in Drupal (acquia distro 6.22) core for any user that registers. I was hoping that this module (login toboggan) would eliminate that step but I've not as of yet been able to do so. I can allow the newly registered user access by setting that in the module, but the notification and validation email requirement still remains. Can anyone recommend a way around this? I just want them to be able to come to the site purchase their membership without any validation/confirmation email. Is this possible? Thanks - Rob

    Read the article

  • .NET WebService Security who can see and use.

    - by user295734
    Trying to firgure out how to test the security of a WebService. Is there some way to search a site for webservices? I have 2 applications one has a webservice and the other a reference to that service. I let visual studio build the reference in the App_WebReferences folder. The webservice works, but i started wondering, can anyone access this service from any website? If so, how can i test this? How do you search a site for webservices? Could I use jQuery/JSON code from a simple site to access a webservice? I guess if it is not secure, how do you secure a webservice?

    Read the article

  • How many layers is too many?

    - by Nathan
    As I have been learning about software development the last 2 years the more I learn, it seems the more gray areas I am running into. One gray area I have issues with right now is trying to decide how many layers an application should have. For example, in a WPF MVVM application what fashion of layering is ok? Is the following too separated? When I mention layering I mean creating a new class library for each layer. Presentation (View) View Model Business Layer Data Access Model Layer Utility Layer Or for a non MVVM application is this too separated? Presenation Business Data Access Model Layer Utility Layer Is acceptable to run layers together and just create folders for each layer? Any coloring of this gray area would be appreciated.

    Read the article

  • Starting with asp.net MVC

    - by Josemalive
    Hello, Actually im doing a home page that only have an action called Index() that returns the view Index.ascx. This index page will be composed by lastest news and lastest registered users, i think that create two partial views is the best idea (this way i could use it in other views). for other hand i have a data access class that calls to database for get stuff (get last news, get last users, etc...) My question is simple, should i call to the this data access class in the Index() action of my HomeController, and add to the ViewData the data obtained? I think that this index() action shouldnt be the responsable of passing this data to the partial views, right? Could you give me a hand? im messing too much? ;-) Thanks in advance. Best Regards. Jose

    Read the article

  • Convert NSData into Hex NSString

    - by Dawson
    With reference to the following question: Convert NSData into HEX NSSString I have solved the problem using the solution provided by Erik Aigner which is: NSData *data = ...; NSUInteger capacity = [data length] * 2; NSMutableString *stringBuffer = [NSMutableString stringWithCapacity:capacity]; const unsigned char *dataBuffer = [data bytes]; NSInteger i; for (i=0; i<[data length]; ++i) { [stringBuffer appendFormat:@"%02X", (NSUInteger)dataBuffer[i]]; } However, there is one small problem in that if there are extra zeros at the back, the string value would be different. For eg. if the hexa data is of a string @"3700000000000000", when converted using a scanner to integer: unsigned result = 0; NSScanner *scanner = [NSScanner scannerWithString:stringBuffer]; [scanner scanHexInt:&result]; NSLog(@"INTEGER: %u",result); The result would be 4294967295, which is incorrect. Shouldn't it be 55 as only the hexa 37 is taken? So how do I get rid of the zeros? EDIT: (In response to CRD) Hi, thanks for clarifying my doubts. So what you're doing is to actually read the 64-bit integer directly from a byte pointer right? However I have another question. How do you actually cast NSData to a byte pointer? To make it easier for you to understand, I'll explain what I did originally. Firstly, what I did was to display the data of the file which I have (data is in hexadecimal) NSData *file = [NSData dataWithContentsOfFile:@"file path here"]; NSLog(@"Patch File: %@",file); Output: Next, what I did was to read and offset the first 8 bytes of the file and convert them into a string. // 0-8 bytes [file seekToFileOffset:0]; NSData *b = [file readDataOfLength:8]; NSUInteger capacity = [b length] * 2; NSMutableString *stringBuffer = [NSMutableString stringWithCapacity:capacity]; const unsigned char *dataBuffer = [b bytes]; NSInteger i; for (i=0; i<[b length]; ++i) { [stringBuffer appendFormat:@"%02X", (NSUInteger)dataBuffer[i]]; } NSLog(@"0-8 bytes HEXADECIMAL: %@",stringBuffer); As you can see, 0x3700000000000000 is the next 8 bytes. The only changes I would have to make to access the next 8 bytes would be to change the value of SeekFileToOffset to 8, so as to access the next 8 bytes of data. All in all, the solution you gave me is useful, however it would not be practical to enter the hexadecimal values manually. If formatting the bytes as a string and then parsing them is not the way to do it, then how do I access the first 8 bytes of the data directly and cast them into a byte pointer?

    Read the article

  • Installing Ruby 1.9.1 on Ubuntu?

    - by Björn
    I wonder about installing the latest version of Ruby on Ubuntu 9.04. Now I can run through the ./configure and make stuff fine, but what I wonder about: how to avoid conflicts with the packaging system? For example if some other package I install depends on Ruby, wouldn't the package manager install the (outdated) Ruby package and in the worst case overwrite my files? So I think I need some way to tell Ubuntu that Ruby is in fact already installed?

    Read the article

  • How to create a communication layer in android

    - by Palo
    I want to create a communication layer in android. The layer will communicate with server asynchronously. Multiple activities should be able to call methods of the communication layer. The layer will get messages from the server (it is not important for the scope of this question how) and should be able to tell activities to do some work based on these messages. How should I implement this? Should I do this using android Service? The main questions that I need to answer are: How can activities access the layer? How can the layer access activities? How can i make the communication layer live for the lifetime of the application?

    Read the article

  • jquery ajax vs browser url

    - by danwoods
    Hello all, I'm trying to use youtube's api to bring back a listing of a user's videos. The request url looks something like: http://gdata.youtube.com/feeds/api/users/username/uploads with 'username' being the correct username. This bring back the appropriate url in the browser. However when I try to access that url via jQuery's $.ajax or $.get functions, using something like: $.ajax({ //set parameters url: "http://gdata.youtube.com/feeds/api/users/username/uploads", type: "GET", //on success success: function (data) { alert("xml successfully captured\n\n" + data); }, //on error error:function (XMLHttpRequest, textStatus, errorThrown, data){ alert(" We're sorry, there seem to be a problem with our connection to youtube.\nYou can access all our videos here: http://www.youtube.com/user/username"); alert(data); } }); $.get("http://gdata.youtube.com/feeds/api/users/username/uploads", function(data){ alert("Data Loaded: " + data); }); I get an empty document returned. Any ideas why this is?

    Read the article

  • What is Problem in Runtime.getruntime which does not open notepad.exe

    - by magh
    when try to execute the servlet containing following code Runtime rt = Runtime.getRuntime(); Process p = rt.exec("notepad.exe"); It doesn't launch the application in the environment windows server 2003 and Tomcat 5 but a process is being created as notepad.exe in the windows task manager. In windows xp and tomcat 6 environment launches the notepad i need to work on the windows server 2003 and tomcat 5 Thanks in advance

    Read the article

  • How to disable back button in browser using javascript or any script

    - by user225269
    Im using wamp server for my php scripts. And Im having difficulties on the logout code. Every time I click on the logout link and then click on the back button on web browser it still shows the page which can only be access by the user who is logged in. I have this code at the beginning of the index.php which is called by the log out link to destroy the session: <?php session_start(); session_destroy(); ?> And I have this at the beginning of the user page: <? session_start(); if(!session_is_registered(myusername)){ header("location:login.php"); } ?> I don't know why the userpage can still be access after the user has logged out. So I'm thinking of disabling the back button when the user has logged out. Please help.

    Read the article

  • C# Calling Methods in Generic Classes

    - by aip.cd.aish
    I am extending the ImageBox control from EmguCV. The control's Image property can be set to anything implementing the IImage interface. All of the following implement this interface: Image<Bgr, Byte> Image<Ycc, Byte> Image<Hsv, Byte> Now I want to call the Draw method on the object of the above type (what ever it may be). The problem is when I access the Image property, the return type is IImage. IImage does not implement the Draw method, but all of the above do. I believe I can cast the object of type IImage to one of the above (the right one) and I can access the Draw method. But how do I know what the right one is? If you have a better way of doing this, please suggest that as well.

    Read the article

  • Question about oracle db connection with .NET

    - by john
    I'm trying to connect to an oracle database with .net but i get the error: ERROR [IM002] [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified however, when I enter add a new database connection through toolsconnect to database. it works fine. even after copying the connection string which is: Data Source=source here;Persist Security Info=True;User ID=userhere;Password=pass;Unicode=True

    Read the article

  • Iterating 'Active' View Controllers

    - by ISDi
    Ola Folks, In an iPhone application I am displaying different views by using the addSubView:SomeViewController.view method. I want to be able to, at the very least, log the view controllers that are in the view hierarchy that is being displayed. I would prefer to be able to get a handle to a specific view controller. I know how to iterate the views, I just do not see how to access the view controllers of those views. I am looking for something that will give me the type of access to the view controllers that UINavigationController::ViewControllers does. I thought I could get away with: for (UIViewController* oVC in [self.view subviews]) but this is not having the intended effect. If someone has a way of doing this, please share it with me. -isdi-

    Read the article

  • What goes between SQL Server and Client?

    - by worlds-apart89
    This question is an updated version of a previous question I have asked on here. I am new to client-server model with SQL Server as the relational database. I have read that public access to SQL Server is not secure. If direct access to the database is not a good practice, then what kind of layer should be placed between the server and the client? Note that I have a desktop application that will serve as the client and a remote SQL Server database that will provide data to the client. The client will input their username and password in order to see their data. I have heard of terms like VPN, ISA, TMG, Terminal Services, proxy server, and so on. I need a fast and secure n-tier architecture. P.S. I have heard of web services in front of the database. Can I use WCF to retrieve, update, insert data? Would it be a good approach in terms of security and performance?

    Read the article

  • DAO design pattern and using it across multiple tables

    - by Casey
    I'm looking for feedback on the Data Access Object design pattern and using it when you have to access data across multiple tables. It seems like that pattern, which has a DAO for each table along with a Data Transfer Object (DTO) that represents a single row, isn't too useful for when dealing with data from multiple tables. I was thinking about creating a composite DAO and corresponding DTO that would return the result of, let's say performing a join on two tables. This way I can use SQL to grab all the data instead of first grabbing data from one using one DAO and than the second table using the second DAO, and than composing them together in Java. Is there a better solution? And no, I'm not able to move to Hibernate or another ORM tool at the moment. Just straight JDBC for this project.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 618 619 620 621 622 623 624 625 626 627 628 629  | Next Page >