Search Results

Search found 43347 results on 1734 pages for 'php security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 74/1734 | < Previous Page | 70 71 72 73 74 75 76 77 78 79 80 81  | Next Page >

  • Compiling PHP with GD crashes with EXC_BREAKPOINT (SIGTRAP) on PPC Mac

    - by Ömer
    First of all, I should say that I have searched the whole Internet for this problem but I couldn't find any solution yet. I have a Mac mini PowerPC (PPC) and I run Apache webserver (httpd-2.2.22) with PHP (5.4.0) and I do all the configure & compilation jobs by myself. If configure with: './configure' '--prefix=/usr/local/php5' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--with-config-file-path=/etc' '--with-zlib' '--with-zlib-dir=/usr' '--with-openssl=/usr' '--without-iconv' '--enable-exif' '--enable-ftp' '--enable-mbstring' '--enable-mbregex' '--enable-sockets' '--with-mysql=/usr/local/mysql' '--with-pdo-mysql=/usr/local/mysql' '--with-mysqli=/usr/local/mysql/bin/mysql_config' '--with-apxs2=/usr/local/apache2/bin/apxs' '--with-mcrypt' then the PHP works flawlessly. But if I add the GD module by adding these to the script above: '--with-gd' '--with-jpeg-dir=/usr/local/lib' '--with-freetype-dir=/usr/X11R6' '--with-png-dir=/usr/X11R6' '--with-xpm-dir=/usr/X11R6' the PHP gets configured and compiled without any errors but it causes EXC_BREAKPOINT (SIGTRAP) (see the Crash Reporter log below) when I request a page which calls PHP module. It's obvious that something related to the GD module is causing this, probably FreeType module because it's present in the log but it may not be definite of course. When the PHP crashes (or more accurately, httpd) the CPU goes 100% for 10 to 15 seconds until it recovers. I need to use the GD module and keep the Mac mini PowerPC. So, what should I do to solve this problem? Process: httpd [79852] Path: /usr/local/apache2/bin/httpd Identifier: httpd Version: ??? (???) Code Type: PPC (Native) Parent Process: httpd [79846] Date/Time: 2013-11-04 15:44:28.444 +0200 OS Version: Mac OS X 10.5.8 (9L31a) Report Version: 6 Anonymous UUID: 0178B7F8-2241-43F7-A651-9E7234D41A37 Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000001, 0x0000000093c11e0c Crashed Thread: 0 Application Specific Information: *** single-threaded process forked *** Thread 0 Crashed: 0 com.apple.CoreFoundation 0x93c11e0c __CFRunLoopFindMode + 328 1 com.apple.CoreFoundation 0x93c13d88 CFRunLoopAddSource + 276 2 com.apple.DiskArbitration 0x901a6e8c DAApprovalSessionScheduleWithRunLoop + 52 3 ...ple.CoreServices.CarbonCore 0x9512e67c _FSGetDiskArbSession(__DASession**, __DAApprovalSession**) + 540 4 ...ple.CoreServices.CarbonCore 0x9512e420 CreateDiskArbDiskForMountPath(char const*) + 84 5 ...ple.CoreServices.CarbonCore 0x9512d2c8 FSCacheableClient_GetVolumeCachedInfo(char const*, statfs const*, CachedVolumeInfo*, __DADisk*, __DADisk**) + 280 6 ...ple.CoreServices.CarbonCore 0x9512cca4 MountVolume(char const*, statfs*, unsigned char, unsigned char, __DADisk*, short*) + 352 7 ...ple.CoreServices.CarbonCore 0x9512ca48 MountInitialVolumes() + 172 8 ...ple.CoreServices.CarbonCore 0x9512c4d4 INIT_FileManager() + 164 9 ...ple.CoreServices.CarbonCore 0x9512c390 GetRetainedVolFSVCBByVolumeID(unsigned long) + 48 10 ...ple.CoreServices.CarbonCore 0x9512adf4 PathGetObjectInfo(char const*, unsigned long, unsigned long, VolumeInfo**, unsigned long*, unsigned long*, char*, unsigned long*, unsigned char*) + 184 11 ...ple.CoreServices.CarbonCore 0x9512acc4 FSPathMakeRefInternal(unsigned char const*, unsigned long, unsigned long, FSRef*, unsigned char*) + 64 12 libfreetype.6.dylib 0x0070a0fc FT_New_Face_From_Resource + 56 13 libfreetype.6.dylib 0x0070a3b0 FT_New_Face + 48 14 libphp5.so 0x0118d1a8 fontFetch + 824 15 libphp5.so 0x0118edac php_gd_gdCacheGet + 220 16 libphp5.so 0x0118d6d8 php_gd_gdImageStringFTEx + 360 17 libphp5.so 0x011763c0 php_imagettftext_common + 1504 18 libphp5.so 0x01176494 zif_imagefttext + 20 19 libphp5.so 0x014b9c68 zend_do_fcall_common_helper_SPEC + 1048 20 libphp5.so 0x01452898 _ZEND_DO_FCALL_SPEC_CONST_HANDLER + 440 21 libphp5.so 0x014ba878 execute + 776 22 libphp5.so 0x013f190c zend_execute_scripts + 316 23 libphp5.so 0x013779f4 php_execute_script + 596 24 libphp5.so 0x014bbe64 php_handler + 1972 25 httpd 0x000020c0 ap_run_handler + 96 26 httpd 0x00006ae0 ap_invoke_handler + 224 27 httpd 0x000305c4 ap_process_request + 116 28 httpd 0x0002c768 ap_process_http_connection + 104 29 httpd 0x00012d30 ap_run_process_connection + 96 30 httpd 0x00012ecc ap_process_connection + 92 31 httpd 0x000373e4 child_main + 1220 32 httpd 0x000376a8 make_child + 296 33 httpd 0x000377e4 startup_children + 100 34 httpd 0x000387d4 ap_mpm_run + 3988 35 httpd 0x0000a320 main + 3280 36 httpd 0x000019c0 start + 64

    Read the article

  • APC PHP cache size does not exceed 32MB, even though settings allow for more

    - by hardy101
    I am setting up APC (v 3.1.9) on a high-traffic WordPress installation on CentOS 6.0 64 bit. I have figured out many of the quirks with APC, but something is still not quite right. No matter what settings I change, APC never actually caches more than 32MB. I'm trying to bump it up to 256 MB. 32MB is a default amount for apc.shm_size, so I am wondering if it's stuck there somehow. I have run the following echo '2147483648' > /proc/sys/kernel/shmmax to increase my system's shared memory to 2G (half of my 4G box). Then ran ipcs -lm which returns ------ Shared Memory Limits -------- max number of segments = 4096 max seg size (kbytes) = 2097152 max total shared memory (kbytes) = 8388608 min seg size (bytes) = 1 Also made a change in /etc/sysctl.conf then ran sysctl -p to make the settings stick on the server. Rebooted, too, for good measure. In my APC settings, I have mmap enabled (which happens by default in recent versions of APC). php.ini looks like: apc.stat=0 apc.shm_size="256M" apc.max_file_size="10M" apc.mmap_file_mask="/tmp/apc.XXXXXX" apc.ttl="7200" I am aware that mmap mode will ignore references to apc.shm_segments, so I have left it out with default 1. phpinfo() indicates the following about APC: Version 3.1.9 APC Debugging Disabled MMAP Support Enabled MMAP File Mask /tmp/apc.bPS7rB Locking type pthread mutex Locks Serialization Support php Revision $Revision: 308812 $ Build Date Oct 11 2011 22:55:02 Directive Local Value apc.cache_by_default On apc.canonicalize O apc.coredump_unmap Off apc.enable_cli Off apc.enabled On On apc.file_md5 Off apc.file_update_protection 2 apc.filters no value apc.gc_ttl 3600 apc.include_once_override Off apc.lazy_classes Off apc.lazy_functions Off apc.max_file_size 10M apc.mmap_file_mask /tmp/apc.bPS7rB apc.num_files_hint 1000 apc.preload_path no value apc.report_autofilter Off apc.rfc1867 Off apc.rfc1867_freq 0 apc.rfc1867_name APC_UPLOAD_PROGRESS apc.rfc1867_prefix upload_ apc.rfc1867_ttl 3600 apc.serializer default apc.shm_segments 1 apc.shm_size 256M apc.slam_defense On apc.stat Off apc.stat_ctime Off apc.ttl 7200 apc.use_request_time On apc.user_entries_hint 4096 apc.user_ttl 0 apc.write_lock On apc.php reveals the following graph, no matter how long the server runs (cache size fluctuates and hovers at just under 32MB. See image http://i.stack.imgur.com/2bwMa.png You can see that the cache is trying to allocate 256MB, but the brown piece of the pie keeps getting recycled at 32MB. This is confirmed as refreshing the apc.php page shows cached file counts that move up and down (implying that the cache is not holding onto all of its files). Does anyone have an idea of how to get APC to use more than 32 MB for its cache size?? **Note that the identical behavior occurs for eaccelerator, xcache, and APC. I read here: http://www.litespeedtech.com/support/forum/archive/index.php/t-5072.html that suEXEC could cause this problem.

    Read the article

  • PHP 5.2 to 5.3 not upgrading, no errors

    - by Webnet
    I'm following this guide: http://atik97.wordpress.com/2010/06/12/how-to-upgrade-to-php-5-3-in-ubuntu-9-10/ I've done all the steps, but it's still showing php 5.2.6 - any ideas? I have also tried -cgi instead of -cli, neither have any effect. update I've tried rebooting the server to see if that would have any effect and unfortunately it didn't update Output of dpkg -l *php*: Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Cfg-files/Unpacked/Failed-cfg/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-=============================================-=============================================-========================================================================================================== un libapache2-mod-php4 <none> (no description available) ii libapache2-mod-php5 5.2.6.dfsg.1-3ubuntu4.6 server-side, HTML-embedded scripting language (Apache 2 module) un libapache2-mod-php5filter <none> (no description available) ii php-pear 5.2.6.dfsg.1-3ubuntu4.6 PEAR - PHP Extension and Application Repository un php4-cli <none> (no description available) un php4-dev <none> (no description available) un php4-mysql <none> (no description available) un php4-pear <none> (no description available) ii php5 5.2.6.dfsg.1-3ubuntu4.6 server-side, HTML-embedded scripting language (metapackage) ii php5-cgi 5.2.6.dfsg.1-3ubuntu4.6 server-side, HTML-embedded scripting language (CGI binary) ii php5-cli 5.2.6.dfsg.1-3ubuntu4.6 command-line interpreter for the php5 scripting language ii php5-common 5.2.6.dfsg.1-3ubuntu4.6 Common files for packages built from the php5 source ii php5-curl 5.2.6.dfsg.1-3ubuntu4.6 CURL module for php5 un php5-dev <none> (no description available) ii php5-gd 5.2.6.dfsg.1-3ubuntu4.6 GD module for php5 ii php5-imap 5.2.6-0ubuntu5.1 IMAP module for php5 un php5-json <none> (no description available) ii php5-mcrypt 5.2.6-0ubuntu2 MCrypt module for php5 ii php5-mysql 5.2.6.dfsg.1-3ubuntu4.6 MySQL module for php5 un php5-mysqli <none> (no description available) ii php5-xsl 5.2.6.dfsg.1-3ubuntu4.6 XSL module for php5 un phpapi-20060613+lfs <none> (no description available) ii phpmyadmin 4:3.1.2-1ubuntu0.2 MySQL web administration tool update The following commands and their outputs: grep php53 /etc/apt/sources.list deb http://php53.dotdeb.org stable all deb-src http://php53.dotdeb.org stable all apt-cache search -f "libapache2-mod-php5" http://pastebin.com/XNXdsXYC update I've updated the question with more details on installed packages.

    Read the article

  • PHP errors -> Warning: mysqli_stmt::execute(): Couldn't fetch mysqli_stmt | Warning: mysqli_stmt::c

    - by Tunji Gbadamosi
    I keep getting this error while trying to modify some tables. Here's my code: /** <- line 320 * * @param array $guests_array * @param array $tickets_array * @param integer $seat_count * @param integer $order_count * @param integer $guest_count */ private function book_guests($guests_array, $tickets_array, &$seat_count, &$order_count, &$guest_count){ /* @var $guests_array ArrayObject */ $sucess = false; if(sizeof($guests_array) >= 1){ //$this->mysqli->autocommit(FALSE); //insert the guests into guest, person, order, seat $menu_stmt = $this->mysqli->prepare("SELECT id FROM menu WHERE name=?"); $menu_stmt->bind_param('s',$menu); //$menu_stmt->bind_result($menu_id); $table_stmt = $this->mysqli->prepare("SELECT id FROM tables WHERE name=?"); $table_stmt->bind_param('s',$table); //$table_stmt->bind_result($table_id); $seat_stmt = $this->mysqli->prepare("SELECT id FROM seat WHERE name=? AND table_id=?"); $seat_stmt->bind_param('ss',$seat, $table_id); //$seat_stmt->bind_result($seat_id); for($i=0;$i<sizeof($guests_array);$i++){ $menu = $guests_array[$i]['menu']; $table = $guests_array[$i]['table']; $seat = $guests_array[$i]['seat']; //get menu id if($menu_stmt->execute()){ $menu_stmt->bind_result($menu_id); while($menu_stmt->fetch()) ; } $menu_stmt->close(); //get table id if($table_stmt->execute()){ $table_stmt->bind_result($table_id); while($table_stmt->fetch()) ; } $table_stmt->close(); //get seat id if($seat_stmt->execute()){ $seat_stmt->bind_result($seat_id); while($seat_stmt->fetch()) ; } $seat_stmt->close(); $dob = $this->create_date($guests_array[$i]['dob_day'], $guests_array[$i]['dob_month'], $guests_array[$i]['dob_year']); $id = $this->add_person($guests_array[$i]['first_name'], $guests_array[$i]['surname'], $dob, $guests_array[$i]['sex']); if(is_string($id)){ $seat = $this->add_seat($table_id, $seat_id, $id); /* @var $tickets_array ArrayObject */ $guest = $this->add_guest($id,$tickets_array[$i+1],$menu_id, $this->volunteer_id); /* @var $order integer */ $order = $this->add_order($this->volunteer_id, $table_id, $seat_id, $id); if($guest == 1 && $seat == 1 && $order == 1){ $seat_count += $seat; $guest_count += $guest; $order_count += $order; $success = true; } } } } return $success; } <- line 406 Here are the warnings: The person PRSN10500000LZPH has been added to the guest tablePRSN10500000LZPH added to table (1), seat (1)The order for person(PRSN10500000LZPH) is registered with volunteer (PRSN10500000LZPH) at table (1) and seat (1)PRSN10600000LZPH added to table (1), seat (13)The person PRSN10600000LZPH has been added to the guest tableThe order for person(PRSN10600000LZPH) is registered with volunteer (PRSN10500000LZPH) at table (1) and seat (13) Warning: mysqli_stmt::execute(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 358 Warning: mysqli_stmt::close(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 363 Warning: mysqli_stmt::execute(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 366 Warning: mysqli_stmt::close(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 371 Warning: mysqli_stmt::execute(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 374 Warning: mysqli_stmt::close(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 379 PRSN10700000LZPH added to table (1), seat (13)The person PRSN10700000LZPH has been added to the guest tableThe order for person(PRSN10700000LZPH) is registered with volunteer (PRSN10500000LZPH) at table (1) and seat (13) Warning: mysqli_stmt::execute(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 358 Warning: mysqli_stmt::close(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 363 Warning: mysqli_stmt::execute(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 366 Warning: mysqli_stmt::close(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 371 Warning: mysqli_stmt::execute(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 374 Warning: mysqli_stmt::close(): Couldn't fetch mysqli_stmt in /Users/olatunjigbadamosi/Sites/ST_Ambulance/FormDB.php on line 379 PRSN10800000LZPH added to table (1), seat (13)The person PRSN10800000LZPH has been added to the guest tableThe order for person(PRSN10800000LZPH) is registered with volunteer (PRSN10500000LZPH) at table (1) and seat (13)

    Read the article

  • SQL SERVER – Solution – User Not Able to See Any User Created Object in Tables – Security and Permissions Issue

    - by pinaldave
    There is an old quote “A Picture is Worth a Thousand Words”. I believe this quote immensely. Quite often I get phone calls that something is not working if I can help. My reaction is in most of the cases, I need to know more, send me exact error or a screenshot. Until and unless I see the error or reproduce the scenario myself I prefer not to comment. Yesterday I got a similar phone call from an old friend, where he was not sure what is going on. Here is what he said. “When I try to connect to SQL Server, it lets me connect just fine as well let me open and explore the database. I noticed that I do not see any user created instances but when my colleague attempts to connect to the server, he is able to explore the database as well see all the user created tables and other objects. Can you help me fix it? “ My immediate reaction was he was facing security and permission issue. However, to make the same recommendation I suggested that he send me a screenshot of his own SSMS and his friend’s SSMS. After carefully looking at both the screenshots, I was very confident about the issue and we were able to resolve the issue. Let us reproduce the same scenario and many there is some learning for us. Issue: User not able to see user created objects First let us see the image of my friend’s SSMS screen. (Recreated on my machine) Now let us see my friend’s colleague SSMS screen. (Recreated on my machine) You can see that my friend could not see the user tables but his colleague was able to do the same for sure. Now I believed it was a permissions issue. Further to this I asked him to send me another image where I can see the various permissions of the user in the database. My friends screen My friends colleagues screen This indeed proved that my friend did not have access to the AdventureWorks database and because of the same he was not able to access the database. He did have public access which means he will have similar rights as guest access. However, their SQL Server had followed my earlier advise on having limited access for guest access, which means he was not able to see any user created objects. My next question was to validate what kind of access my friend’s colleague had. He replied that the colleague is the admin of the server. I suggested that if my friend was suppose to have admin access to the database, he should request of having admin access to his colleague. My friend promptly asked for the same to his colleague and on following screen he added him as an admin. You can do the same using following T-SQL script as well. USE [AdventureWorks2012] GO ALTER ROLE [db_owner] ADD MEMBER [testguest] GO Once my friend was admin he was able to access all the user objects just like he was expecting. Please note, this complete exercise was done on a development server. One should not play around with security on live or production server. Security is such an issue, which should be left with only senior administrator of the server. Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Security, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • Spring Security 3 - j_spring_security_check is not found

    - by newbie
    I use Spring Security with Spring Framework 3 and when I tyr to login from homepage I get following error: 2010-04-26 12:16:39,525 [tomcat-http--2] WARN org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/AppName/app/j_spring_security_check] in DispatcherServlet with name 'Spring MVC Dispatcher Servlet' Spring Security is initialized as loggings tell and there are no errors. So what could be reason for this error? I have understood that j_spring_security_check is default url for Spring Security login chekeing servlet.

    Read the article

  • Spring Security - Interactive login attempt was unsuccessful

    - by Taylor L
    I've been trying to track down why Spring Security isn't creating the SPRING_SECURITY_REMEMBER_ME_COOKIE so I turned on logging for org.springframework.security.web.authentication.rememberme. At first glance, the logs make it seem like the login is failing but the login is actually successful in the sense that if I navigate to a page that requires authentication I am not redirected back to the login page. However, the logs appear to be saying the login credentials are invalid. Any ideas as to what is going on? Mar 16, 2010 10:05:56 AM org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices onLoginSuccess FINE: Creating new persistent login for user [email protected] Mar 16, 2010 10:10:07 AM org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices loginFail FINE: Interactive login attempt was unsuccessful. Mar 16, 2010 10:10:07 AM org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices cancelCookie FINE: Cancelling cookie <http auto-config="false"> <intercept-url pattern="/css/**" filters="none" /> <intercept-url pattern="/img/**" filters="none" /> <intercept-url pattern="/js/**" filters="none" /> <intercept-url pattern="/app/admin/**" filters="none" /> <intercept-url pattern="/app/login/**" filters="none" /> <intercept-url pattern="/app/register/**" filters="none" /> <intercept-url pattern="/app/error/**" filters="none" /> <intercept-url pattern="/" filters="none" /> <intercept-url pattern="/**" access="ROLE_USER" /> <logout logout-success-url="/" /> <form-login login-page="/app/login" default-target-url="/" authentication-failure-url="/app/login?login_error=1" /> <session-management invalid-session-url="/app/login" /> <remember-me services-ref="rememberMeServices" key="myKey" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetailsService"> <password-encoder hash="sha-256" base64="true"> <salt-source user-property="username" /> </password-encoder> </authentication-provider> </authentication-manager> <beans:bean id="userDetailsService" class="com.my.service.auth.UserDetailsServiceImpl" /> <beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices"> <beans:property name="userDetailsService" ref="userDetailsService" /> <beans:property name="tokenRepository" ref="persistentTokenRepository" /> <beans:property name="key" value="myKey" /> </beans:bean> <beans:bean id="persistentTokenRepository" class="com.my.service.auth.PersistentTokenRepositoryImpl" />

    Read the article

  • Inheritance security rules violated while overriding member - SecurityRuleSet.Level2

    - by Page Brooks
    I have a class that inherits from Exception. In .NET 4, I started receiving a runtime error: Inheritance security rules violated while overriding member: MyBusinessException.GetObjectData(System.Runtime.Serialization.SerializationInfo, System.Runtime.Serialization.StreamingContext)'. Security accessibility of the overriding method must match the security accessibility of the method being overriden. I think the issue is caused by the fact that I am overriding GetObjectData. I know one answer for resolving the issue is to set the SecurityRuleSet: [assembly: SecurityRules(SecurityRuleSet.Level1)] This is not an acceptable answer, I'd like to know how to fix the issue without having to relax the default security rules in .NET 4.

    Read the article

  • Using multiple distinct TCP security binding configurations in a single WCF IIS-hosted WCF service a

    - by Sandor Drieënhuizen
    I have a set of IIS7-hosted net.tcp WCF services that serve my ASP.NET MVC web application. The web application is accessed over the internet. WCF Services (IIS7) <--> ASP.NET MVC Application <--> Client Browser The services are username authenticated, the account that a client (of my web application) uses to logon ends up as the current principal on the host. I want one of the services to be authenticated differently, because it serves the view model for my logon view. When it's called, the client is obviously not logged on yet. I figure Windows authentication serves best or perhaps just certificate based security (which in fact I should use for the authenticated services as well) if the services are hosted on a machine that is not in the same domain as the web application. That's not the point here though. Using multiple TCP bindings is what's giving me trouble. I tried setting it up like this: <bindings> <netTcpBinding> <binding> <security mode="TransportWithMessageCredential"> <message clientCredentialType="UserName"/> </security> </binding> <binding name="public"> <security mode="Transport"> <message clientCredentialType="Windows"/> </security> </binding> </netTcpBinding> </bindings> The thing is that both bindings don't seem to want live together in my host. When I remove either of them, all's fine but together they produce the following exception on the client: The requested upgrade is not supported by 'net.tcp://localhost:8081/Service2.svc'. This could be due to mismatched bindings (for example security enabled on the client and not on the server). In the server trace log, I find the following exception: Protocol Type application/negotiate was sent to a service that does not support that type of upgrade. Am I looking into the right direction or is there a better way to solve this?

    Read the article

  • Ws-Security headers using Metro

    - by Bhushan
    I have a web service which implements WS-Security but does not define a policy in the WSDL. I am able to consume this web service successfully using Axis 2 as client. I am trying to consume the same web service using Metro 2 but the wsse:security headers are not going. It works only if the service defines the security policy which is not under my control. I tested this by creating a sample web service and unless I define the policy my metro client never sends the wsse:security headers. Is there anything I am missing using Metro?

    Read the article

  • Security error accessing Service outside of FlexBuilder

    - by MikeHoss
    I'm very new to Flex and I have what I think it a head-scratcher. I am building a little Flash app that will consume some web services over HTTP. When I am in Flexbuilder and run my app there, it works fine. When I goto to my FlexBuilder project on my OS and double-click on it, it works fine. When I zip up my bin-debug file, I get this error: Security error accessing url faultCode:Channel.Security.Error faultString: 'Security error accessing url' faultDetail:'Destination: DefaultHTTP' So I googled that and got information on about the crossdomain.xml file. Well, I can't put a crossdomain file in the service I am calling, but I can put one somewhere else. So I put the following lines in Flex app: Security.allowDomain("vx1391"); Security.loadPolicyFile("http://vx1391:8080/job/Remote%20FIT%20Runner/ws/trunk/flash-cross-domain.xml"); My cross-domain.xml file is wide-open: &lt;cross-domain-policy&gt; &lt;allow-access-from domain="*"/&gt; </cross-domain-policy> Which I know is bad in a prod enivironment, but right now I just need to get this working locally but outside of FlexBuilder. Anyone want to help out this Flex-noob?

    Read the article

  • JBOSS Security: web.xml vs. jboss-web.xml

    - by sixtyfootersdude
    What is the relation between web.xml and jboss-web.xml? Seems like: Jboss-web.xml specifies the security domain (which can be found in login-config.xml) web.xml specifies what the security level is I don't understand what happens when jboss-web.xml specifies a weak security domain. Ie: one that cannot do what web.xml specifies. What happens then?

    Read the article

  • spring security login pages?

    - by es11
    I have some confusion with how spring security works: In my application, I need to have a login page for users after which they are redirected back the page from where they came. I went through a few spring security tutorials and read some articles, and the examples work by securing a certain page on a site (managed by the <intercept url ..> tag). Then Spring security will generate a login page (or you can specify your own) in order to access the secured page. I am confused because I don't want to necessary secure a given page on my site: I want a login page for users to log into after which they have access to elevated features of the site (through spring security's authorization features). My question is: given what I described, what would be the strategy to create this login page which, after login, would grant the logged in user the appropriate authorities? The hack I thought of would be to create a simple JSP page who's only function is to redirect back to the previous page. Then I would use Spring Security to secure that JSP page. But it seems like there should be a better way of doing this... Thanks

    Read the article

  • Calling a .NET web service (WSE 3.0, WS-Security) from JAXWS-RI

    - by elduff
    I'm writing a JAXWS-RI client that must call a .NET Web Service that is using WS-Security. The service's WSDL does not contain any WS-Security info, but I have an example soap message from the service's authors and know that I must include wsse:Security headers, including X:509 tokens. I've been researching, and I've seen example of folks calling this type of web service from Axis and CXF (in conjunction with Rampart and/or WSS4J), but nothing about using plain JAXWS-RI itself. However, I'm (unfortunately) constrained to using JAXWS-RI by my gov't client. Does anyone have any examples/documentation of doing this from JAXWS-RI? I need to ultimately generate a SOAP header that looks something like the one below - this is a sample soap:header from a .NET client written by the service's authors. (Note: I've put the 'VALUE_HERE' string in places where I need to provide my own values) <soapenv:Envelope xmlns:iri="http://EOIR/IRIES" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <soapenv:Header xmlns:wsa="http://www.w3.org/2005/08/addressing"> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401- wss-wssecurity-secext-1.0.xsd"> <xenc:EncryptedKey Id="VALUE_HERE"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference> <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> VALUE_HERE </wsse:KeyIdentifier> </wsse:SecurityTokenReference> </ds:KeyInfo> <xenc:CipherData> <xenc:CipherValue>VALUE_HERE</xenc:CipherValue> </xenc:CipherData> <xenc:ReferenceList> <xenc:DataReference URI="#EncDataId-8"/> </xenc:ReferenceList> </xenc:EncryptedKey> </wsse:Security>

    Read the article

  • How to configure Spring Security PasswordComparisonAuthenticator

    - by denlab
    I can bind to an embedded ldap server on my local machine with the following bean: <b:bean id="secondLdapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> <b:constructor-arg> <b:bean class="org.springframework.security.ldap.authentication.BindAuthenticator"> <b:constructor-arg ref="contextSource" /> <b:property name="userSearch"> <b:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <b:constructor-arg index="0" value="ou=people"/> <b:constructor-arg index="1" value="(uid={0})"/> <b:constructor-arg index="2" ref="contextSource" /> </b:bean> </b:property> </b:bean> </b:constructor-arg> <b:constructor-arg> <b:bean class="com.company.security.ldap.BookinLdapAuthoritiesPopulator"> </b:bean> </b:constructor-arg> </b:bean> however, when I try to authenticate with a PasswordComparisonAuthenticator it repeatedly fails on a bad credentials event: <b:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider"> <b:constructor-arg> <b:bean class="org.springframework.security.ldap.authentication.PasswordComparisonAuthenticator"> <b:constructor-arg ref="contextSource" /> <b:property name="userDnPatterns"> <b:list> <b:value>uid={0},ou=people</b:value> </b:list> </b:property> </b:bean> </b:constructor-arg> <b:constructor-arg> <b:bean class="com.company.security.ldap.BookinLdapAuthoritiesPopulator"> </b:bean> </b:constructor-arg> </b:bean> Through debugging, I can see that the authenticate method picks up the DN from the ldif file, but then tries to compare the passwords, however, it's using the LdapShaPasswordEncoder (the default one) where the password is stored in plaintext in the file, and this is where the authentication fails. Here's the authentication manager bean referencing the preferred authentication bean: <authentication-manager> <authentication-provider ref="ldapAuthProvider"/> <authentication-provider user-service-ref="userDetailsService"> <password-encoder hash="md5" base64="true"> <salt-source system-wide="secret"/> </password-encoder> </authentication-provider> </authentication-manager> On a side note, whether I set the password-encoder on ldapAuthProvider to plaintext or just leave it blank, doesn't seem to make a difference. Any help would be greatly appreciated. Thanks

    Read the article

  • ASP.NET Membership for high security scenarios?

    - by Joachim Kerschbaumer
    Hi there, Is the asp.net membership system used over wcf (transport security turned on) enough for high security internet scenarios with thousands of clients spread all over the internet? I'm just evaluating possible solutions and wanted to know if this might fit in this category. If not, what would be the best method to provide high security access over wcf for internet scenarios?

    Read the article

  • PHP contact form font color is stuck to black

    - by Richard Hayward
    No matter what i try strangely enough my form and thank you page both php files one with embed font coloring and one with an external style sheet refuse to change font color from black. thank you php file: http://www.richiesportfolio.com/contact/thank-you.php contact form php file: http://www.richiesportfolio.com/contact/contactform.php Everything else works purfectly but changing the contact forms font color contactform.php ` <?PHP require_once("./include/fgcontactform.php"); $formproc = new FGContactForm(); if(isset($_POST['submitted'])) { if($formproc->ProcessForm()) { $formproc->RedirectToURL("thank-you.php"); } } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US"> <head> <meta http-equiv='Content-Type' content='text/html; charset=utf-8'/> <title>Contact us</title> <link rel="stylesheet" type="text/css" href="http://www.richiesportfolio.com/contact/contact.css" /> <script type='text/javascript' src='scripts/gen_validatorv31.js'></script> </head> <body> <!-- Form Code Start --> <form id='contactus' action='<?php echo $formproc->GetSelfScript(); ?>' method='post' accept-charset='UTF-8'> <fieldset > <legend>Contact Me</legend> <input type='hidden' name='submitted' id='submitted' value='1'/> <input type='hidden' name='<?php echo $formproc->GetFormIDInputName(); ?>' value='<?php echo $formproc->GetFormIDInputValue(); ?>'/> <input type='text' class='spmhidip' name='<?php echo $formproc->GetSpamTrapInputName(); ?>' /> <div class='short_explanation'>* required fields</div> <div><span class='error'><?php echo $formproc->GetErrorMessage(); ?></span></div> <div class='container'> <label for='name' >Your Full Name*: </label><br/> <input type='text' name='name' id='name' value='<?php echo $formproc->SafeDisplay('name') ?>' maxlength="50" /><br/> <span id='contactus_name_errorloc' class='error'></span> </div> <div class='container'> <label for='email' >Email Address*:</label><br/> <input type='text' name='email' id='email' value='<?php echo $formproc->SafeDisplay('email') ?>' maxlength="50" /><br/> <span id='contactus_email_errorloc' class='error'></span> </div> <div class='container'> <label for='message' >Message:</label><br/> <span id='contactus_message_errorloc' class='error'></span> <textarea rows="10" cols="50" name='message' id='message'><?php echo $formproc->SafeDisplay('message') ?></textarea> </div> <div class='container'> <input type='submit' name='Submit' value='Submit' /> </div> </fieldset> </form> <!-- client-side Form Validations: Uses the excellent form validation script from JavaScript-coder.com--> <script type='text/javascript'> // <![CDATA[ var frmvalidator = new Validator("contactus"); frmvalidator.EnableOnPageErrorDisplay(); frmvalidator.EnableMsgsTogether(); frmvalidator.addValidation("name","req","Please provide your name"); frmvalidator.addValidation("email","req","Please provide your email address"); frmvalidator.addValidation("email","email","Please provide a valid email address"); frmvalidator.addValidation("message","maxlen=2048","The message is too long!(more than 2KB!)"); // ]]> </script> </body> </html>` contact.css body,table,tr,td,a,p,h1,h2,h3,h4,h5,input,h3 a,h4 a,h5 ul, li, ul, a { color:#FFF; } #contactus fieldset { width:320px; padding:20px; border:20px; -moz-border-radius: 10px; -webkit-border-radius: 10px; -khtml-border-radius: 10px; border-radius: 10px; } #contactus legend, h2 { font-family : Arial, sans-serif; font-size:1.3em; font-weight:bold; color:#FFF; } #contactus label { font-family : Arial, sans-serif; font-size:0.8em; font-weight: bold; color:#FFF; } #contactus input[type="text"],textarea { font-family : Arial, Verdana, sans-serif; font-size: 0.8em; line-height:140%; color : #000; padding : 3px; border : 1px solid; #999; -moz-border-radius: 5px; -webkit-border-radius: 5px; -khtml-border-radius: 5px; border-radius: 5px; } #contactus input[type="text"] { height:18px; width:220px; -webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px; } #contactus #scaptcha { width:60px; height:18px; } #contactus input[type="submit"] { width:100px; height:30px; padding-left:0px; -webkit-border-radius: 5px; -moz-border-radius: 5px; border-radius: 5px; } #contactus textarea { height:120px; width:310px; -webkit-border-radius:8px; -moz-border-radius: 8px; border-radius: 8px; } #contactus input[type="text"]:focus,textarea:focus { color : #009; border : 1px solid #990000; background-color : #ffff99; font-weight:bold; } #contactus .container { margin-top:8px; margin-bottom:10px; color:#FFF; } #contactus .error { font-family: Verdana, Arial, sans-serif; font-size: 0.7em; color: #900; background-color : #111; } #contactus fieldset#antispam { padding:2px; border-top:1px solid #EEE; border-left:0; border-right:0; border-bottom:0; width:350px; } #contactus fieldset#antispam legend { font-family : Arial, sans-serif; font-size: 0.8em; font-weight:bold; color:#FFF; } #contactus .short_explanation { font-family : Arial, sans-serif; font-size: 0.6em; color:#FFF; } /* spam_trap: This input is hidden. This is here to trick the spam bots*/ #contactus .spmhidip { display:none; width:10px; height:3px; } #fg_crdiv { font-family : Arial, sans-serif; font-size: 0.3em; opacity: .2; -moz-opacity: .2; filter: alpha(opacity=20); } #fg_crdiv p { display:none; }

    Read the article

  • Help with 2-part question on ASP.NET MVC and Custom Security Design

    - by JustAProgrammer
    I'm using ASP.NET MVC and I am trying to separate a lot of my logic. Eventually, this application will be pretty big. It's basically a SaaS app that I need to allow for different kinds of clients to access. I have a two part question; the first deals with my general design and the second deals with how to utilize in ASP.NET MVC Primarily, there will initially be an ASP.NET MVC "client" front-end and there will be a set of web-services for third parties to interact with (perhaps mobile, etc). I realize I could have the ASP.NET MVC app interact just through the Web Service but I think that is unnecessary overhead. So, I am creating an API that will essentially be a DLL that the Web App and the Web Services will utilize. The API consists of the main set of business logic and Data Transfer Objects, etc. (So, this includes methods like CreateCustomer, EditProduct, etc for example) Also, my permissions requirements are a little complicated. I can't really use a straight Roles system as I need to have some fine-grained permissions (but all permissions are positive rights). So, I don't think I can really use the ASP.NET Roles/Membership system or if I can it seems like I'd be doing more work than rolling my own. I've used Membership before and for this one I think I'd rather roll my own. Both the Web App and Web Services will need to keep security as a concern. So, my design is kind of like this: Each method in the API will need to verify the security of the caller In the Web App, each "page" ("action" in MVC speak) will also check the user's permissions (So, don't present the user with the "Add Customer" button if the user does not have that right but also whenever the API receives AddCustomer(), check the security too) I think the Web Service really needs the checking in the DLL because it may not always be used in some kind of pre-authenticated context (like using Session/Cookies in a Web App); also having the security checks in the API means I don't really HAVE TO check it in other places if I'm on a mobile (say iPhone) and don't want to do all kinds of checking on the client However, in the Web App I think there will be some duplication of work since the Web App checks the user's security before presenting the user with options, which is ok, but I was thinking of a way to avoid this duplication by allowing the Web App to tell the API not check the security; while the Web Service would always want security to be verified Is this a good method? If not, what's better? If so, what's a good way of implementing this. I was thinking of doing this: In the API, I would have two functions for each action: // Here, "Credential" objects are just something I made up public void AddCustomer(string customerName, Credential credential , bool checkSecurity) { if(checkSecurity) { if(Has_Rights_To_Add_Customer(credential)) // made up for clarity { AddCustomer(customerName); } else // throw an exception or somehow present an error } else AddCustomer(customerName); } public void AddCustomer(string customerName) { // actual logic to add the customer into the DB or whatever // Would it be good for this method to verify that the caller is the Web App // through some method? } So, is this a good design or should I do something differently? My next question is that clearly it doesn't seem like I can really use [Authorize ...] for determining if a user has the permissions to do something. In fact, one action might depend on a variety of permissions and the View might hide or show certain options depending on the permission. What's the best way to do this? Should I have some kind of PermissionSet object that the user carries around throughout the Web App in Session or whatever and the MVC Action method would check if that user can use that Action and then the View will have some ViewData or whatever where it checks the various permissions to do Hide/Show?

    Read the article

  • security deleting a mysql row with jQuery $.post

    - by FFish
    I want to delete a row in my database and found an example on how to do this with jQuery's $.post() Now I am wondering about security though.. Can someone send a POST request to my delete-row.php script from another website? JS function deleterow(id) { // alert(typeof(id)); // number if (confirm('Are you sure want to delete?')) { $.post('delete-row.php', {album_id:+id, ajax:'true'}, function() { $("#row_"+id).fadeOut("slow"); }); } } PHP: delete-row.php <?php require_once("../db.php"); mysql_connect(DB_SERVER, DB_USER, DB_PASSWORD) or die("could not connect to database " . mysql_error()); mysql_select_db(DB_NAME) or die("could not select database " . mysql_error()); if (isset($_POST['album_id'])) { $query = "DELETE FROM albums WHERE album_id = " . $_POST['album_id']; $result = mysql_query($query); if (!$result) die('Invalid query: ' . mysql_error()); echo "album deleted!"; } ?>

    Read the article

  • How to process AJAX requests more securely in PHP?

    - by animuson
    Ok, so I want to send AJAX requests to my website from my Flash games to process data, but I don't want people downloading them, decompiling them, then sending fake requests to be processed, so I'm trying to figure out the most secure way to process in the PHP files. My first idea was to use Apache's built in Authorization module to require a username and password to access the pages on a separate subdomain of my website, but then you'd have to include that username and password in the AJAX request anyway so that seems kind of pointless to even try. My current option looks pretty promising but I want to make sure it will work. Basically it just checks the IP address being sent using REMOTE_ADDR to make sure it's the IP address that my server runs on. <? $allowed = new Array("64.120.211.89", "64.120.211.90"); if (!in_array($_SERVER['REMOTE_ADDR'], $allowed)) header("HTTP/1.1 403 Forbidden"); ?> Both of those IP addresses point to my server. Things I'm worried about: 1) If I send a request from Flash/ActionScript, will that affect the IP address in any way? 2) Is it possible for malicious users to change the IP address that is being sent with REMOTE_ADDR to one of my IP addresses? Any other ways you would suggest that might be more secure?

    Read the article

  • Spring Security 3 - Login is not working

    - by newbie
    I use Spring Security with Spring Framework 3 and when I tyr to login from homepage I get following error: 2010-04-26 12:16:39,525 [tomcat-http--2] WARN org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/AppName/app/j_spring_security_check] in DispatcherServlet with name 'Spring MVC Dispatcher Servlet' Spring Security is initialized as loggings tell and there are no errors. So what could be reason for this error? I have understood that j_spring_security_check is default url for Spring Security login chekeing servlet.

    Read the article

  • Which Java modules get Spring Security

    - by HDave
    I have a classic Java SOA application, with a web UI module, web services module, a service module (Java API), a domain module and a persistence module. In a sense, each of these modules has their own public API. My understanding of Spring Security is that I can use web filters to handle the security of the web gui and web services, and method level security (via annotations) for the service module. My question is this: should I bother to add method level security to the domain module and the persistence module or is that considered overkill?

    Read the article

  • Spring Security 3.0- Customise basic http Authentication Dialog

    - by gav
    Rather than reading; A user name and password are being requested by http://localhost:8080. The site says: "Spring Security Application" I want to change the prompt, or at least change what the "site says". Does anyone know how to do this via resources.xml? In my Grails App Spring configuration, my current version is as follows; <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http auto-config="true" use-expressions="true"> <http-basic/> <intercept-url pattern="/**" access="isAuthenticated()" /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <user-service> <user name="admin" password="admin" authorities="ROLE_ADMIN"/> </user-service> </authentication-provider> </authentication-manager> </beans:beans>

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 70 71 72 73 74 75 76 77 78 79 80 81  | Next Page >