Search Results

Search found 25872 results on 1035 pages for 'document security'.

Page 678/1035 | < Previous Page | 674 675 676 677 678 679 680 681 682 683 684 685 | Next Page >

Authenticating a user for a single app with multiple domains

- by hofnarwillie

I have one asp.net web application, but two different domains point to this web app. For instance: www.one.com and www.two.com both point to the same web app. I have an issue where I need certain pages to be on a specific domain (due to some security requirements from our online payment provider - a third party website). So let's say page1.aspx needs to be called on www.two.com The process is as follows: A user logs into www.one.com The authentication cookie is saved to the browser The user then navigates to page1.aspx and, if on the wrong domain, gets redirected to the correct domain. (this redirection happens on page1.aspx in the page_load event) Then asp.net redirects the user to the login screen, because the authentication cookie is not sent to www.two.com. How can I track the user and keep him/her logged in between the two domains?

Read the article
Html how to make a part on iframe, unvisible and unclickable externally? (my idea)

- by ozan

I have a page (A) including a BUTTON with a function close_window() , however when I embed A to my main page (B) using iframe, the close_window() can't work as expected since there is no more window anymore, and I am not able to remove the button from the iframe since A is on another domain (Security issues prevents). What I want to do is make this button label invisible. And the only way I think is to put a white image just to the place where that button exists on my iframe, externally. is Smthing like that possible? I want the image to be on the top of iframe? Or do you have any other idea ? Thanks for helps.

Read the article
Execute python code inside browser without Jython

- by proportional

Is there a way to execute python code in a browser, other than using Jython and an applet? The execution does not have to deal with anything related to graphics. For example, just sum all the digits of a binary 1Gb file (chosen by the browser user) and then return the result to the server. I am aware that python can be executed remotely outside a browser, but my requirement is to be done inside a browser. For sure, I take for granted the user will keep the right to execute or not, and will be asked to do so, and all this security stuff... but that is not my question.

Read the article
Is it safe to develop for older versions of Zend Framework?

- by RenderIn

Our vendor-supported server's O/S only supports PHP 5.1.6, which limits us to ZF 1.6. The current version of Zend Framework requires a higher version of PHP. We're struggling to decide whether to adopt ZF because of this incompatibility. Is it feasible to develop (indefinitely) in these older versions of ZF or should we hold off? Features, security, bugs, etc. Is this a path we don't want to go down or are these older versions perfectly usable in a production environment?

Read the article
Web setup Installer(MSI) error on windows server 2008 environment

- by mag1981

Hello!, I have developed a Web Application on VS2008 and I have created WebSetup for my web site. It is working fine when I install this MSI or setup.exe on windows server 2003 environment. If I tried to install on windows server 2008 using MSI file it is throwing error as below- "You do not have sifficient privieges to compelte this instalaltion for all users of the machine. log on as administrator and the retry this instalaltion" settings as below, 1)I have loged in as admin user. 2)secpol.msc --Local Policies--Security Options--User Account Control: Run all administrator in Admin Approvl Mode ==Enabled Please suggest me on this. thanks in advance

Read the article
Problem with bluetooth service in J2ME don't discoverable

- by Fran

Hi! I try to create a service with: LocalDevice localDevice = LocalDevice.getLocalDevice(); localDevice.setDiscoverable(DiscoveryAgent.GIAC); String url = "btl2cap://localhost:"+uuid.toString()+";name="+name+";authorize=true;authenticate=true;encrypt=true"; L2CAPConnectionNotifier notifier = (L2CAPConnectionNotifier)Connector.open(url); ServiceRecord = localDevice.getRecord(notifier); // Set some attributes // ... conn = notifier.acceptAndOpen(); //... I run this code on a Nokia 5800 and Nokia 2760, with 5800 I can see 2760, but not vice versa, I don't know what is the problem, I have think security problems... Any ideas? Thanks!

Read the article
Subversion post-commit hook

- by GeoSQL

I am trying to get SVN to copy files to my htdocs folder on commit. Here is what I have so far in my post-commit.bat: "C:\subversion\bin\svn.exe" update "C:\apache\apache2.2\htdocs" When I look at the log files created by the hook I get the following line: Skipped 'C:\Apache\Apache2.2\htdocs' Does anyone know why this is happening? No matter what directory I choose as a destination, I get the same error. I am running SVN 1.6.4, Tortoise 1.6.8, Apache 2.2, WinXP SP3 I am not using username and password because there is no security set up on the SVN repository. It's just me developing. Thanks

Read the article
Is SHA sufficient for checking file duplication? (sha1_file in PHP)

- by wag2639

Suppose you wanted to make a file hosting site for people to upload their files and send a link to their friends to retrieve it later and you want to insure files are duplicated where we store them, is PHP's sha1_file good enough for the task? Is there any reason to not use md5_file instead? For the frontend, it'll be obscured using the original file name store in a database but some additional concerns would be if this would reveal anything about the original poster. Does a file inherit any meta information with it like last modified or who posted it or is this stuff based in the file system? Also, is using a salt frivolous since security in regards of rainbow table attack mean nothing to this and the hash could later be used as a checksum? One last thing, scalability? initially, it's only going to be used for small files a couple of megs big but eventually... Edit 1: The point of the hash is primarily to avoid file duplication, not to create obscurity.

Read the article
I don't seem to have an ASPNET user account running on my machine.

- by pkiyan

Hi: I'm reading up on ASP.NET, and just came to a chapter that explains how to upload a file to your website. It says that in order to save a file to your file system, in the case of every OS except Win Server '03, an ASP.NET page executes in the security context of the ASPNET account. I don't have an ASPNET account running on my machine (win xp pro sp3; .NET 3.5). The program runs fine, by the way, I'm just trying to understand what an ASPNET account is exactly, and why it doesn't seem to show up on my list of user accounts. Thanks.

Read the article
Drupal does not recognize my website has been installed

- by Marcos Buarque

After a successful Drupal install, I was trying to follow the security recommendations and reverted the settings.php file to 444 permissions (read, read, read). Then, all of a sudden, right after doing that, Drupal does not recognize the installation process was completed. It went back to the install screen. Worst of all. I did chmod back to 666 (write, write, write) but it does not work any more. When I move forward as if I was going to install Drupal again, he tells me he does not have permissions to create the files folder under sites/default... But since the installation has already been completed... the files folder is already there... I am puzzled... Could it be some sort of server caching? Since this is one of my first adventures with a Linux server, I am a bit confused. Any help appreciated... Thanks.

Read the article
Validating/Allowing YouTube Embed Code

- by mellowsoon

Hi, hopefully this is a simple question. I have a simple custom forum on my site written in PHP. For security reasons I don't allow any HTML in the forum posts. I only allow certain BBCode tags. I would however like to allow embedded YouTube videos. So my question is this: What's the best (most secure) way to validate the YouTube embed code? YouTube is currently using iframes to embed videos, but obviously I can't just allow the iframe tag. I also need to ensure the src of the iframe is a YouTube URL, and ensure there's no other malicious bits of code in the iframe code.

Read the article
How to? - part of the site over ssl, other part not

- by spirytus

What is common practice for coding web applications where part of the site has to be secured (e.g. checkout section) and part not necessarily, lets say homepage. As far as I know sharing sessions in between http and https parts of the site is not easily possible (or is it?). What would be common approach if I wanted to display on http page like homepage, shopping cart data (items) that users ordered on https pages? How those two parts of the site would communicate if necessary? Also isn't it security flaw in popular shopping carts as it seems that many of these have only checkout pages secured (ssl) and the rest not? I'm using php if it makes any difference.

Read the article
javascript button click casuing Internet Explorer secuirty exception...

- by hp

Hello, I have a application that allows a user to choose some parameters for a powerpoint report, run the report, then allow the user to "save" or "open" the powerpoint file. I got all of that working OK. When you click on "run" report, it pops open a window which generates the report, stores it in session, then closes the window. I have a button on the main page that will export the report. So, now, when the pop up window that generates the report is finished, i use "window.opener" to call a javascript method on the main page, that will do a javascript click of the button. when this button is pressed, Internet Explorer gives me the following message : "To help protect your security, Internet Explorer blocked this site from downloading files to your computer.." Do you guys know of any tricks around this?

Read the article
Gmail/Facebook/Hotmail not opening in Firefox/IE on Windows 7 Home

- by singlepoint

Hi, I am unable to open Gmail/Facebook/Hotmail on Firefox/IE on Widows 7 Home. I just unboxed a brand new hp laptop with Norton Security Suite running inside. I get following error message on Firefox. Please help. The connection has timed out The server at www.google.com is taking too long to respond. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. * If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web

Read the article
How can I clean up this SELECT query?

- by Cruachan

I'm running PHP 5 and MySQL 5 on a dedicated server (Ubuntu Server 8.10) with full root access. I'm cleaning up some LAMP code I've inherited and I've a large number of SQL selects with this type of construct: SELECT ... FROM table WHERE LCASE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE( strSomeField, ' ', '-'), ',', ''), '/', '-'), '&', ''), '+', '') ) = $somevalue Ignoring the fact that the database should never have been constructed to require such a select in the first place, and the $somevalue field will need to be parameterised to plug the gaping security hole, what is my best option for fixing the WHERE condition into something less offensive? If I was using MSSQL or Oracle I'd simply put together a user-defined function, but my experience with MySQL is more limited and I've not constructed a UDF with it before, although I'm happy coding C. Update: For all those who've already raised their eyebrows at this in the original code, $somevalue is actually something like $GET['product']—there are a few variations on the theme. In this case the select is pulling the product back from the database by product name—after stripping out characters so it matches what could be previously passed as a URI parameter.

Read the article
Windows Server 2008 Antivirus Software with an API

- by Dave Jellison

I'm looking for an Antivirus package that is compliant with Windows Server 2008. That's not the hard part. What I need is an API layer on the Antivirus that i can call from managed .net code. For example: I am developing an Asp.Net (C#) website that allows users to upload files to the web server which the web site resides on. We have full control of the server so there are no security/rights issues on the server. I need to be able to run the antivirus algorithm on the newly uploaded files without (hopefully) shelling out to a command-ilne version of the software. Does anyone know of such a package?

Read the article
Download and replace Android resource files

- by Casebash

My application will have some customisation for each company that uses it. Up until now, I have been loading images and strings from resource files. The idea is that the default resources will be distributed with the application and company specific resources will be loaded from our server after they click on a link from an email to launch the initialisation intent. Does anyone know how to replace resource files? I would really like to keep using resource files to avoid rewriting a lot of code/XML. I would distribute the application from our own server, rather than through the app store, so that we could have one version per company, but unfortunately this will give quite nasty security warnings that would concern our customers.

Read the article
Android sending SOAP object over Https via ksoap2 2.5.8

- by Jack-V

My first time posting a question here so please do not mind my mistakes here. I'm currently making an android application fetching and sending information from a .asmx web service. Everything goes well with the ksoap2 library and am using HttpTransportSE to call the web service. So now what I'm trying to do is to use the HttpsTransportSE to call the web service over Https. I got java.security.cert.certpathvalidatorexception trustanchor for certpath not found exception. I have the server certificate in .pfx , .jks and .bks format. My questions is what do i do with it to make my HttpsTransportSE call to be success? I've read around with articles using custom SSLSocketFactory but am still not sure how to implement it in my application. Thanks in advance for any suggestion/advices

Read the article
What is the best way pre filter user access for sqlalchemy queries?

- by steve

I have been looking at the sqlalchemy recipes on their wiki, but don't know which one is best to implement what I am trying to do. Every row on in my tables have an user_id associated with it. Right now, for every query, I queried by the id of the user that's currently logged in, then query by the criteria I am interested in. My concern is that the developers might forget to add this filter to the query (a huge security risk). Therefore, I would like to set a global filter based on the current user's admin rights to filter what the logged in user could see. Appreciate your help. Thanks.

Read the article
Problem with commit in sharpsvn

- by zhangxiaoning

Hi,I'm a programmer in china. I want to commit the changes of a working copy in my computer to the repository. The repository is in an URL and i´m doing this now: using (SvnClient client = new SvnClient()){ string path = @"C:\testdelete\test.java"; client.Delete(path); client.Authentication.Clear(); // Clear predefined handlers client.Authentication.UserNamePasswordHandlers += delegate(object obj, SharpSvn.Security.SvnUserNamePasswordEventArgs args) { args.UserName = "username"; args.Password = "password"; }; var uri = client.GetUriFromWorkingCopy(path); if (uri != null) { SvnCommitArgs args = new SvnCommitArgs(); args.ThrowOnError = true; args.ThrowOnCancel = true; client.Commit(path, args);//here throw a SvnOperationCanceledException } } But it doesn´t work,Why?Thanks!

Read the article
Accessing FILESTREAM from an SQL CLR assembly

- by superware

I'm trying to stream FILESTREAM data from an unsafe SQL CLR assembly. The connection string is Data Source=LAPTOP2\SQLEXPRESS;Initial Catalog=test;Integrated Security=True;Enlist=False When creating a new SqlFileStream (inside a SqlTransaction, of course), I'm getting: The request is not supported at OpenSqlFilestream. So I decided to try native OpenSqlFilestream, but then I'm getting an invalid handle (-1) while GetLastWin32Error returns that same: The request is not supported (ERROR_NOT_SUPPORTED). I have also tried SqlContext.WindowsIdentity.Impersonate() with no apparent effect. I couldn't find any documentation referencing this restriction. Is it really unsupported? If it is unsupported, is there a good reason? Does anyone know of a workaround?

Read the article
Package names - impl v internal

- by Ben J

In my time of digging around Java APIs I have come across both impl and internal packages. Up until now I never really thought about the difference - as with all enterprisey Java apps, I figured they just meant that "actual implementation in here; you (API user) should be really using the interface. Go away." A little bit of digging around Stack Overflow seems to suggest that the internal package at least can have some security placed around it. So, what is the difference? I don't think it is a matter of taste because I have seen APIs with both.

Read the article
iphone - how to properly handle exceptional situations (signals ?)

- by pmilosev

Hi In my iphone app, I want to provide some sort of app termination handler that will do some final work (delete some sensitive data) before the application terminates. I want to handle as much of the termination situations as possible: 1) User terminates the app 2) The device runs out of battery 3) The system terminates the app due to some reason (e.g. out of memory or app freeze) 4) Application crashes (EXC_BAD_ACCESS or SIGSEGV) Any other exceptional situation ? What is the best way to achieve this (e.g. is applicationWillTerminate method called in situation 2) ? Is it possible to do the cleanup in a signal handler (includes iPhone Security framework calls) ? regards

Read the article
Xampp error on windows

- by Deepak Kumar

My problem is when i use xampp i see many error and when i use my web it has no error Notice: Undefined index: action in C:\xampp\htdocs\xyz\index.php on line 3 Notice: Undefined index: usNick in C:\xampp\htdocs\xyz\config.php on line 11 Notice: Use of undefined constant setname - assumed 'setname' in C:\xampp\htdocs\xyz\config.php on line 31 Notice: Use of undefined constant setname - assumed 'setname' in C:\xampp\htdocs\xyz\config.php on line 31 Notice: Undefined index: usNick in C:\xampp\htdocs\xyz\config.php on line 34 Notice: A session had already been started - ignoring session_start() in C:\xampp\htdocs\xyz\data.php on line 2 Notice: Undefined index: r in C:\xampp\htdocs\xyz\data.php on line 4 Notice: Undefined index: ucNick in C:\xampp\htdocs\xyz\data.php on line 8 I have tried many time changing things in Setting, Security, Privileges etc but nothing changed, I want to know if im missing something out Thanks

Read the article
Is looking for Wi-Fi access points purely passive?

- by Aric TenEyck

Say I carry a Wi-Fi enabled phone or laptop through an area where there are WAPs. Assuming that I don't actively try to connect to them or otherwise interact with them, is it possible for the owner of that WAP to know that I was there? I'm asking this in the context of my earlier question: Looking for MACs on the network I was talking with a friend about my newfound ability to detect phones (and other devices with MAC addresses) on the network, and he pointed out that it might be useful to detect unknown phones on the network; I could use that data to track down anyone who was in my house and brought a Wi-Fi phone with them. So, if I set up a logging fake WAP with no security or encryption, can I glean any useful information about the devices that come into the house? Assuming that the thief doesn't actively try to connect...

Read the article

< Previous Page | 674 675 676 677 678 679 680 681 682 683 684 685 | Next Page >