Search Results

Search found 30819 results on 1233 pages for 'software security'.

Page 840/1233 | < Previous Page | 836 837 838 839 840 841 842 843 844 845 846 847  | Next Page >

• Handling redirected URL within Flex app?

  - by fortpointuiguy

  We have a Flex client and a server that is using the Spring/Blazeds project. After the user logs in and is authenticated, the spring security layer sends a redirect to a new URL which is where our main application is located. However, within the flex client, I'm currently using HTTPService for the initial request and I get the redirected page sent back to me in its entirety. How can I just get the URL so that I can use navigatetourl to get where the app to go where it needs to? Any help would greatly be appreciated. Thanks!

  Read the article

• Check ReturnUrl is valid before redirecting

  - by Josh

  I'm using ASP.NET Membership and Form Authentication and before redirecting to the returnURL I wanted to validate it. For those unfamiliar with the workflow, basically if you request a page that requires that you are authenticated, you are redirected to a login page. In the URL string you'll see a parameter called returnURL, e.g. http://example.com/login.aspx?ReturnUrl=%2fprotected%2fdefault.aspx Whether you use this in a redirect such as Response.Redirect(returnURL) or indirectly through the FormsAuthentication.RedirectFromLoginPage method, it passes without validating returnURL. FormsAuthentication.RedirectFromLoginPage does have a security check that it is isn't leaving the domain, but that still doesn't stop someone from putting enough random characters to cause an error. I tried using System.IO.File.Exists(Server.MapPath(returnURL)) but given enough illegal characters it cause Server.MapPath to error. Note: URLEncoding doesn't work because we are not cleaning a parameter, but the primary URL. Any other suggestions for validating or cleaning the returnURL value?

  Read the article

• How can I use the SSRS ReportViewer from VS 2008 in a VS2010 project?

  - by Adrian Grigore

  Hi, I'm working on an ASP.NET MVC 2 / .NET 3.5 project which includes SSRS 2008 reports. After migrating to VS 2010 RC, the new web forms report viewer has been giving so much trouble that I'd like to use the old report viewer from VS 2008 again. Now I'm just wondering what would be the easiest way to do that. The report viewer is embedded in a Webforms ASPX file which is loaded in an IFrame by the the MVC view. Report parameters are currently stored as session variables, and for security reasons I would prefer not to change that for HTTP POST or GET parameters. So I can't just put the report viewer in a separate application and build that with VS2008. Moving the entire project back to VS 2008 is not an option. So, what's the easiest way for me to use the VS 2008 ReportViewer in VS 2010? Is there way to grab an assembly from VS 2008 and use that in my project? Thanks, Adrian

  Read the article

• Logging exceptions in WCF with IErrorHandler inside HandleError or ProvideFault?

  - by Dannerbo

  I'm using IErrorHandler to do exception handling in WCF and now I want to log the exceptions, along with the stack trace and the user that caused the exception. I've read everywhere to put the logging in the HandleError method, and not the ProvideFault method. My question is, why? The only way I can see to get the user that caused the exception is: OperationContext.Current.IncomingMessageProperties.Security.ServiceSecurityContext.PrimaryIdentity ...But this only seems to work inside ProvideFault, and not inside HandleError. Is there a way to get the user inside HandleError?

  Read the article

• XMPP TLS connection with SslStream

  - by Marcom

  I am trying to create a simple xmpp client that connects to Gtalk. The first part of the handshake seems to work. Ror the TLS handshake I created a client SslStream, connected to the intended server (talk.google.com) and successfully got authenticated . The first SSlStream.Read is to receive the greeting reply, it went fine . I do a SslStream.write to send my first command, but when i do my Sslstream.Read() to get the reply , i get this error."System.IO.IOException: Unable to read data from the transport connection: An established connection was aborted by the software in your host machine." Can anyone point me to the right direction? I am using code very similar to the example on msdn http://msdn.microsoft.com/en-us/library/system.net.security.sslstream.aspx except that I switch from a Network stream to a Sslstream when TLS is negotiated. netStream.Flush(); sslStream = new SslStream(netStream, true, new RemoteCertificateValidationCallback(ValidateServerCertificate), null ); sslStream.AuthenticateAsClient("talk.google.com");

  Read the article

• Asp.net membership logout automatically

  - by alejandrobog

  Hi, I recently deploy an application that uses asp.net membership (SqlMembershipProvider) and I dont know why but it automatically log out after 1 minute of inactivity. This doesn´t happen on my development environment. I even set the userIsOnlineTimeWindow to 60 which is supposed to be in minutes. Any ideas why this is happening? Im deploying to a virtual directory on a shared hosting environment. Here is how I set up the membership provider <membership defaultProvider="FaceMoviesMembership" userIsOnlineTimeWindow="60"> <providers> <clear/> <add name="FaceMoviesMembership" type="System.Web.Security.SqlMembershipProvider" connectionStringName="FaceMoviesAuthConnectionString" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" maxInvalidPasswordAttempts="10" passwordAttemptWindow="60" requiresUniqueEmail="false" passwordFormat="Clear" applicationName="FaceMoviesWeb" minRequiredPasswordLength="5" minRequiredNonalphanumericCharacters="0"/> </providers>

  Read the article

• How to handle encrypted column in SQL Server Database in LINQ to SQL?

  - by Raja

  Hi Guys, We are in the process of encrypting all the SSN columns (had to do it now due to security audit). We already built the DBML and now we have to change it. Can you guys let me know if there is a good way of handling this in LINQ to SQL? We use stored procedures for Insert, Update and Delete but use LINQ to SQL for all our selects (ease of use). Do I have to change the format for those tables with SSN or Is there any other manner we can handle it in LINQ to SQL? Thanks, Raja

  Read the article

• JMF Registry could not add item (Vista)

  - by Ranch

  Hello, I'm using JMF to capture video stream (webcam) on my Java project. The camera I'm using is recognized by JMF (JFMStudio) and I manage to get the video stream. However, on JMF Registry Editor - there's a list of available capture devices, when I click "Add" on one of the items (including the one I need) I get a "Could not add item" error. Therefore this camera is not set in the registry of it (god know where) and later on it is not recognized by my project: RGBFormat fmt = new RGBFormat(); // could be YUV - doesn't matter Vector v = CaptureDeviceManager.getDeviceList(fmt); v is empty (while I know the video source is recognized by Java , since I manage to get video on JMF Studio). Now, this happens only on Vista (where else) and not on XP. I have a suspiction that somehow Vista security blocks Java from writing the registry file, but of course, I might be wrong. One more comments: this is vfw:Microsoft WDM Image Capture(Win32):0 device. Any idea ?

  Read the article

• Best XPath tools

  - by Sayed Ibrahim Hashimi

  What tools are you guys using for XPath and why? Right now I'm using SketchPath because its totally awesome, but its a windows app that needs to be installed WhiteBeam online XPath test bedbecause you can test expressions from the website SketchPath seems to stand out the most to me because it actually helps you create the xpath and it is very advanced. If you haven't tried it you should. Cons to SketchPath: you have to install it on the machine, otherwise it is fantastic. Cons to WhiteBeam: you have to upload your file which I don't always want to do for security reasons and the file size you can upload has some limit on it, and uploading a file is annoying anyways. Also I think there might be some subtle differences between the xpath used for that tool and when running a .NET app. But don't remember any right now. Just keep it in mind.

  Read the article

• reporting services: use a custom assembly with a local (RDLC) report

  - by JMarsch

  Hello: I am designing a report that will be used in local mode (an RDLC file) in a Winform app. I have a custom assembly with a static class that has some functions that I want to use inside of the report (as expressions). I have found all sorts of help for doing this with RDL reports, but I'm running into a permissions problem with my RDLC report. I get the following error at runtime: "The report references the code module (my module), which is not a trusted assembly". I know that this is some kind of a code security issue, but I'm not sure what to do to fix it. The documentation that I have seen online is aimed at RDL reports, and it instructs me to edit a SQL Server-specific policy file. I'm using RDLC, so there is no sql server involved. What do I need to do to acquire the appropriate permissions?

  Read the article

• Membership.GetUser() within TransactionScope throws TransactionAbortedException

  - by Bob Kaufman

  The following code throws a TransactionAbortedException with message "The transaction has aborted": using ( MyDataContext context = new MyDataContext() ) { using ( TransactionScope transactionScope = new TransactionScope() ) { Guid accountID = new Guid( Request.QueryString[ "aid" ] ); Account account = ( from a in context.Accounts where a.UniqueID.Equals( accountID ) select a ).SingleOrDefault(); IQueryable < My_Data_Access_Layer.Login > loginList = from l in context.Logins where l.AccountID == account.AccountID select l; foreach ( My_Data_Access_Layer.Login login in loginList ) { MembershipUser membershipUser = Membership.GetUser( login.UniqueID ); } } } The error occurs at the call to Membership.GetUser(). My Connection String is: <add name="MyConnectionString" connectionString="Data Source=localhost\SQLEXPRESS;Initial Catalog=MyDatabase;Integrated Security=True" providerName="System.Data.SqlClient" /> Everything I've read tells me that TransactionScope should just get magically applied to the Membership calls. The user exists (I'd expect a null return otherwise.)

  Read the article

• How to allow my Asp.net MVC 3 web app using MathJax to accept user input $x<y>z$ ?

  - by Recycle Bin

  I am developing a mathematics site using Asp.Net MVC 3 + Razor + MathJax. MathJax is a javascript library to render TeX or LaTeX codes on the web browser. And TeX or LaTeX codes represent mathematics contents such as an inline math $y=mx+c$ and a displayed math \[y=mx+c\]. Right now my site can accept input, for example, $x<y$. However it cannot accept $x<y>z$ because the framework regards this input is vulnerable to XSS and XSRF. Shortly speaking, what I should do to accomplish what I want but it does not open security vulnerability.

  Read the article

• How to get Xvfb to work on 32 bit color

  - by Robus

  Can anybody tell me how to get Xvfb to work on 32bit color? Vnc4server works fine for example, but didn't fit my purpose. > /etc/X11# Xvfb :1 -screen 0 1600x1200x24 error opening security policy file /etc/X11/xserver/SecurityPolicy (EE) XKB: Couldn't open rules file /usr/share/X11/xkb/rules/base Could not init font path element /usr/share/fonts/X11/cyrillic, removing from list! [config/hal] couldn't initialise context: (null) ((null)) FreeFontPath: FPE "/usr/share/fonts/X11/misc" refcount is 2, should be 1; fixing. Aka - it works, while: > /etc/X11# Xvfb :1 -screen 0 1600x1200x32 Fatal server error: Couldn't add screen 0

  Read the article

• Get timestamp from Authenticode Signed files in .NET

  - by SlavaGu

  We need to verify that binary files are signed properly with digital signature (Authenticode). This can be achieved with signtool.exe pretty easily. However, we need an automatic way that also verifies signer name and timestamp. This is doable in native C++ with CryptQueryObject() API as shown in this wonderful sample: How To Get Information from Authenticode Signed Executables However we live in a managed world :) hence looking for C# solution to the same problem. Straight approach would be to pInvoke Crypt32.dll and all is done. But there is similar managed API in System.Security.Cryptography.X509Certificates Namespace. X509Certificate2 Class seems to provide some information but no timestamp. Now we came to the original question how can we get that timestamp of a digital signature in C Sharp?

  Read the article

• ExceptionPolicy.HandleException does not install Event Source for Logging in Registry if XBAP run ou

  - by Neo

  I am using the Logging Application Block (of Microsoft Enterprise Library) to log exceptions in the Event Viewer that occur in my WPF XBAP application. If I run the XBAP in the debugger from Visual Studio, an Event Source entry for my application is automatically created in the Registry at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\MyApp This occurs at the point ExceptionPolicy.HandleException() is called. However, if I run the XBAP outside of the IDE directly from the file system or from its published location, the Registry entry isn't added. Therefore, no logging takes place. I can only assume this is a security issue with running XBAP applications and they do not have access to write to the Registry. Is this a setting within my project? Any idea on why this might be happening? Any help much appreciated.

  Read the article

• iPhone Shell - is there any?

  - by alee

  While working on iphone security architecture, i came to know that i can run applications from other applications in iphone. referring to the following url http://iphonedevelopertips.com/cocoa/launching-other-apps-within-an-iphone-application.html for example, i can put a link in a website with following hyperlink skype:// will result skype to run and call at particular number. Now i have few concerns here. is there a shell running in background in iphone, so that it allows other application to run basic app commands. if the above statement is true then how can i enable or run commands directly into iphone shell? if above statements are false, then could you please explain how these commands are being executed? is this part of iPhone SDK? or this funcationality is iPhone OS

  Read the article

• iPhone Shell - is there any?

  - by alee

  While working on iphone security architecture, i came to know that i can run applications from other applications in iphone. referring to the following url http://iphonedevelopertips.com/cocoa/launching-other-apps-within-an-iphone-application.html for example, i can put a link in a website with following hyperlink skype:// will result skype to run and call at particular number. Now i have few concerns here. is there a shell running in background in iphone, so that it allows other application to run basic app commands. if the above statement is true then how can i enable or run commands directly into iphone shell? if above statements are false, then could you please explain how these commands are being executed? is this part of iPhone SDK? or this funcationality is iPhone OS

  Read the article

• Extending Code Igniter Model functions to external PHP Scripts

  - by Fábio Antunes

  Hello everybody. I'm doing a small web app, which uses CKeditor for user input, and CKfinder for file management (images/flash). Those who know CKFinder, also know that the config file for CKFinder as a function named CheckAuthentication() that returns false or true, giving or not permissions to use CKFinder. This is were a Custom PHP Code checks if the user as authorization to access CKFinder or not. Well for my app I'm using Code Igniter, and of course I've created a model were i handle everything about User Permissions, Loggin, Session Cookies, etc. And i also have a function witch its propose is just to check if the user is Logged in. So I would like to know if someone knows a way that i can call the function isLoggedIn() inside the model security from inside the function CheckAuthentication() in CKFinder config file. Thanks in advance.

  Read the article

• How to access the Principal from a Java service object without using FlexContext?

  - by Marplesoft

  We're building some Java objects that are exposed via BlazeDS to our flex client application. So basically the BlazeDS messagebroker servlet instantiates and invokes methods on these objects in response to client requests. Works great. We're using app server-based authentication and have set up a security constraint on the <destination> elements in the remoting-config.xml file element to prevent unauthenticated clients from being able to access these remote java objects. Again, works fine. However, there are several places within the implementation of these java objects where we want to get the currently logged on user's username. Right now we are doing this via FlexContext.getUserPrincipal(), which gives access to this but we have a nagging concern that we don't like the idea that the implementation of these objects (the service layer) has a hard dependency on a BlazeDS class. But we're not sure how else to get access to this. The same applies to accessing the ServletContext and such. Any ideas?

  Read the article

• ClassNotFoundException error in implementing Bayesian algorithm in Apache Mahout on Hadoop

  - by Shweta

  Hi, I have a problem in executing the Bayesian algorithm in Mahout. I built it with Maven and the job file is in target directory. When run from terminal using hadoop, I'm getting the ClassNotFoundException error. What should be done? $HADOOP_HOME/bin/hadoop jar mahout-core-0.3-SNAPSHOT.job org.apache.mahout.classifier.bayes.mapreduce.bayes.bayesdriver -i test -o output Exception in thread "main" java.lang.ClassNotFoundException: org.apache.mahout.classifier.bayes.mapreduce.bayes.bayesdriver at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:247) at org.apache.hadoop.util.RunJar.main(RunJar.java:149)

  Read the article

• Installing Java3D on Eclipse

  - by Matt

  I'm trying to use Java3D in my project. This is the error I receive: 29-Dec-2010 1:01:29 AM javax.media.j3d.NativePipeline getSupportedOglVendor SEVERE: java.lang.UnsatisfiedLinkError: no j3dcore-ogl-chk in java.library.path Exception in thread "main" java.lang.UnsatisfiedLinkError: no j3dcore-d3d in java.library.path at java.lang.ClassLoader.loadLibrary(Unknown Source) at java.lang.Runtime.loadLibrary0(Unknown Source) at java.lang.System.loadLibrary(Unknown Source) at javax.media.j3d.NativePipeline$1.run(NativePipeline.java:189) at java.security.AccessController.doPrivileged(Native Method) at javax.media.j3d.NativePipeline.loadLibrary(NativePipeline.java:180) at javax.media.j3d.NativePipeline.loadLibraries(NativePipeline.java:137) at javax.media.j3d.MasterControl.loadLibraries(MasterControl.java:948) at javax.media.j3d.VirtualUniverse.<clinit>(VirtualUniverse.java:280) at World.<init>(World.java:10) at Start.main(Start.java:12) I have copied the .jar files into my project's lib folder and linked them in Project - Properties - Add Jar File. There was also a .dll file in the Java3D download that I haven't touched or included in any way. What am I missing?

  Read the article

• Middleware for MongoDB or CouchDB with jQuery Ajax/JSON frontend

  - by Tauren

  I've been using the following web development stack for a few years: java/spring/hibernate/mysql/jetty/wicket/jquery For certain requirements, I'm considering switching to a NoSQL datastore with an AJAX frontend. I would probably build the frontend with jQuery and communicate with the web application middleware using JSON. I'm leaning toward MongoDB because of more dynamic query capabilities, but am still considering CouchDB. I'm not sure what to use in the middle. Probably something RESTful? My preference is to stick with Java (or maybe Scala or Groovy) since I'm using tools like Drools for rules and Shiro for security. But then again, I want to pick something that is quick an easy to work with, so I'm open to other solutions. If you are building ajax/json/nosql solutions, I'd like to hear details about what tools you are using and any pros/cons you've found to using them. Thanks!

  Read the article

• Best approach for authorisation rules

  - by Maciej

  I'm wonder about best approach of implementation auth. rules in Client-Server app using Business Objects. I've noticed common tactic is: - on DB side: implement one role for application, used for all app's users - definition users right and roles and assign users to proper group - Client side: add to Business Object's getters/setters rights checker allowing write / display data for particular user My concern is if this is really good approach from security perspective. It looks DB sends all information to Client, and then client's logic decide what to display or not. So, potentially advanced user can make query from their box and see/change anything. Isn't it?

  Read the article

• Microsoft.Web.Administration.ServerManager can't read config sections containing encrypted passwords in applicationHost.config

  - by Dylan Beattie

  I have some sites in IIS7 that are configured to run as domain users (MYDOMAIN\someuser). I'm using the Microsoft.Web.Administration namespace to scan my server configuration, but it's throwing an exception when I hit one of these "impersonator" sites: using (ServerManager sm = new ServerManager()) { foreach (Site site in sm.Sites) { foreach (Application app in site.Applications.Reverse()) { foreach (VirtualDirectory vdir in app.VirtualDirectories.Reverse()) { var config = app.GetWebConfiguration(); foreach (var locationPath in config.GetLocationPaths()) { // error occurs in GetLocationPaths() } } } } } The actual error message is: COMException was unhandled Filename: \\?\C:\Windows\system32\inetsrv\config\applicationHost.config Line number: 279 Error: Failed to decrypt attribute 'password' because the keyset does not exist It appears that IIS is storing the MYDOMAIN\someuser password encrypted in applicationHost.config, which is great in terms of security - but I have no idea how to get the ServerManager to decrypt this. Any tips on how I can either allow ServerManager to decrypt this, or just tell IIS to store the passwords in plain text? This is on IIS7 under Windows 7 RC, by the way.

  Read the article

• Benefit for implementing OAuth

  - by zfranciscus

  Hi, I am just wondering from a webservice provider point of view what is the benefit of asking users to create an account or login using 3rd party web service provider e.g: Twitter or facebook. Wouldn't it be easier to ask the user to provide their twitter or facebook login and use that to pull the user's twitter or facebook data. I can understand the benefit of using From user point of view using OAuth provide security. It is safer to use OAuth than giving some one the internet our twitter or facebook login credential. But some how I can't figure out the benefit from the web service point of view. Thank you. Cheers

  Read the article

< Previous Page | 836 837 838 839 840 841 842 843 844 845 846 847  | Next Page >