Search Results

Search found 30819 results on 1233 pages for 'software security'.

Page 849/1233 | < Previous Page | 845 846 847 848 849 850 851 852 853 854 855 856 | Next Page >

Why don't web fonts in Firefox don't work on a different domain?

- by mikez302

I was experimenting with the fancy new OpenType font capability in Firefox 3.5 and I ran into a problem. I was trying to embed a font on a different domain than the page it would be used on, and it didn't work. I thought it may have been a bug, but from what I read on the MDC reference page, I noticed this note: In Gecko, web fonts are subject to the same domain restriction (font files must be on the same domain as the page using them), unless HTTP access controls are used to relax this restriction. It looks like they designed the browser that way on purpose. Out of curiosity, why would they do that? Is there any security risk with embedding a font? Or is it for legal trademark or copyright issues? Or something else?

Read the article
Use of COM object in IIS 7

- by Wouter d.A.

Hi all, I am currently moving an ASP.NET web-project from an IIS 6 to a IIS 7 hosting environment. Everything seems to be running OK, except my calls to a COM object. I can perfectly instantiate an object of the COM type, but when I call one of its methods, the IIS crashes. The event log reports an error code "0xc0000374", which indicates a heap corruption. When I run the application inside the visual studio development server, everything goes well and the COM object code gets executed without any errors. This is also the case when the application is hosted on an IIS 6 machine. I have looked through all settings of the IIS 7 and have not found anything configurable for COM objects, like security or ... I have been struggling with this for a while and I'm out of ideas. Does anyone have any experience deploying COM objects on IIS 7? Your help would be very appreciated!

Read the article
Do I need to auto-login after account activation?

- by Art

This is the standard scenario: User registers on the site User receives an account activation email, clicks link to activate Web site notifies the user that account is activated Now there are at least two pathways: User is taken to the login screen and asked to enter login details User is automatically logged in and taken to a welcome/profile/etc page While there are obvious benefits in (1) as far as the user's experience is concerned, there could be drawbacks as well. Option (2) offers improved security at cost of UX. Which of the scenarios is preferable and why? Any serious flaws in any of them?

Read the article
Lotus Notes doesn't send customised button

- by damo_inc

Hi All, I created a customised button with some simple actions attached to it in Lotus Notes 6.5. It's just a simple voting button, which I emailed to a group of nearly 200 people. While sending I got a pop up telling me that the button can't be send. After about 10 seconds I got a first reply asking 'where's the button'. Then an avalanche of very clever emails followed, such as: 'no button', 'where's the button', etc. Before I spammed everyon I had tried the email on my work mate and the button went through fine! Any ideas? I suspect some security policy.... I really need to send this mail and get the survey results, so I don't want to fail again. Any suggestions appreciated. Many Thanks, Damo

Read the article
About local Final varibles in java

- by Sathish

In java Program, parameters which is defined as String in method declaration.But in method definition it is accessed as final String variable. Whether it'll lead to some issues (like security, memory problem)? For Example: Method Declaration join(String a,String b); Method definition public void join(final String a,final String b) { Authenticator au = new Authenticator(){ public PasswordAuthentication getPasswordAuthentication(){ return new PasswordAuthentication(a,b)} }; } Please help for me and clarify my doubts. Thanks in advance P.S. I;m accessing a and b as final variable because i've to use it in the inner class.

Read the article
A web framework where AJAX was not an after thought

- by Pirate for Profit

AJAX is a pain in the ass because it essentially means you'll have to write two sets of similarish code: one for browsers with JavaScript enabled and those without. Not only this, but you have to connect JavaScript events to hook into your models and display the results. And if all that weren't bad enough, you need to send an address change with the request, otherwise the user won't be able to "click back" correctly (if confused look at what happens to the address bar when you click links in GMail). We're searching for something that had the foresight and design goals with all these concerns in mind. Performance and security are also obvious major concerns. We love config-based systems as well, where you don't have to write a lot of code you just drop it into an easily read config format. It's like asking for the holy grail right?

Read the article
VS2010 Clean Web.configs - not updating

- by cw

Hello, I'm messing around with MVC 2.0 on VS2010 and am having an issue getting the clean web config feature working. Basically in my Web.debug.config I have <connectionStrings xdt:Transform="Replace"> <add name="ApplicationServices" connectionString="Server=localhost;Database=SITE_DB;User ID=dbuser;Password=P@ssw0rd;Trusted_Connection=False;" /> </connectionStrings> and in my Web.config I have <connectionStrings> <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> When I run the site in debug mode, I'd expect that xdt:Transform="Replace" would replace the entire connectionStrings section with what is in the Web.debug.config. Am I assuming wrong? Or am I doing something else incorrect. Not much info posted around this and I'd figure I'd ask you guys.

Read the article
Decompressing file with gzip produces file with no read-permissions on Windows 7

- by Abiel

I am attempting to decompress a .gz file using the GnuWin32 gzip program in Windows 7. I have full permissions on the compressed file, and my user account is an administrator. However, I end up not having read permissions on the decompressed file. To get read permissions I would have to manually change the permissions on it through right-clicking and selecting Properties Security. I am able to do this exact same thing with no permission problems in Windows XP, which leads me to believe that Windows 7's user account control system is causing problems. Does anyone know what I can do to make things work as I would expect (read permission on the decompressed file) in Windows 7? Thanks.

Read the article
Generate SQL Server Express database from Entity Framework 4 model

- by Cranialsurge

I am able to auto-generate a SQL Server CE 4.0 *.sdf file using code-first generation as explained by Scott Guthrie here. The connection string for the same is as follows: <add name="NerdDinners" providerName="System.Data.SqlServerCe.4.0" connectionString="data source=|DataDirectory|NerdDinner.sdf"/> However if I try to generate an mdf instead using the following connection string, it fails to do so with the following error - "The provider did not return a ProviderManifestToken string.". <add name="NerdDinners" providerName="System.Data.SqlClient" connectionString="data source=|DataDirectory|NerdDinner.mdf"/> Even directly hooking into a SQLEXPRESS instance using the following connection string fails <add name="NerdDinners" providerName="System.Data.SqlClient" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=NerdDinner;Integrated Security=True"/> Does EF 4 only support SQL CE 4.0 for database creation from a model for now or am I doing something wrong here?

Read the article
c# xml string special characters

- by sam

Please help explain why the dataset cannot read the encoded xml? string xml = "<?xml version=\"1.0\" standalone=\"yes\" ?> <DataSet><node>it's my \"node\" & i like it</node></DataSet>"; string encodedXml = System.Security.SecurityElement.Escape(xml); DataSet ds = new DataSet(); ds.ReadXml(New XmlTextReader(new StringReader(encodedXml))); I have checked the link http://weblogs.sqlteam.com/mladenp/archive/2008/10/21/Different-ways-how-to-escape-an-XML-string-in-C.aspx What i want to do is to read a string with special characters into a dataset. But the code cannot locate the special characters in the string, c# added all the \ so the linenumber is not accurate generated by XmlException object. Anyone could provide the code to read a string with special characters into a dataset. thanks very much

Read the article
System.Web.AspNetHostingPermission Exception on New Deployment

- by Jason N. Gaylord

I have a friend that is moving a web application from one server over to another. The new server has the same settings as the first server, however, he's running into a Security issue. Here's the error details: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. The Event Viewer does not point to anything specific in the web.config file or anything. The web applicaiton is on the C: drive. This is a Windows Server 2008 R2 x64 server with a brand new IIS 7 installation. IIS is set in classic mode for this app pool.

Read the article
WCF Windows service permissions problem

- by Elad

I have created a WCF service and hosted it using Windows Services host. To install the project I created an installation project (as described here). In the tutorial, it says to define in the ProjectInstaller.cs the serviceProcessInstaller1 Account property to be Network Service. When using this setting the service did not started on the server. When I tried to start the process manually, it immediately return to stopped state. After when I changed the Account to LocalSystem the service works properly. My questions are: Any ideas why it won't work with Network Service account? What are the security implications of using a server with LocalSystem account? This server is used locally in the intranet as a reporting server for other servers.

Read the article
How can I get Hudson to be able to access JUnit?

- by Bedwyr Humphreys

I've got Hudson running on TOMCAT, it can build my Netbeans project using the ant build.xml, but it won't run any of my unit tests because of what I assume is a problem with the classpath: package org.junit does not exist [javac] import org.junit.After; [javac] ^ But I've got the junit-4.8.1.jar on the classpath in /etc/environment and I can successfuly run the junit tests from a console using java org.junit.runner.JUnitCore org.junit.tests.AllTests My CLASSPATH is set to /home/bedwyr/junit4.8.1/junit-4.8.1.jar:. Am I going wrong somewhere or is there anything else I need to set? [edit] What I did was to export/include (using the ide) all libraries (including Junit) hudson then reads all it needs from the subversion repo. I then ran into an issue with exposing hudson to the internet, and pretty soon gave up on tomcat on ubuntu server (again, to do with the tomcat security manager) - glassfish is a lot smoother and that's where I am now - apache front end with ajp_proxy to hudson on glassfish.

Read the article
What's wrong with this SQL Server query ?

- by ClixNCash

What's wrong this T-SQL query : Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click Dim SQLData As New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True") Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT COUNT(*) FROM Table1 WHERE Name ='" + TextBox1.Text + "'", SQLData) SQLData.Open() If cmdSelect.ExecuteScalar > 0 Then Label1.Text = "You have already voted this service" Return End If Dim con As New SqlConnection Dim cmd As New SqlCommand con.Open() cmd.Connection = con cmd.CommandText = "INSERT INTO Tabel1 (Name) VALUES('" & Trim(Label1.Text) & "')" cmd.ExecuteNonQuery() Label1.Text = "Thank You !" SQLData.Close() End Sub

Read the article
Restfull authentication between two GAE apps.

- by user259349

Hello everyone, i am trying to write a restful google app engine application (python) that accepts requests only from another GAE that i wrote. I dont like any of the ways that i thought of to get this done, please advice if you know of something better than: Get SSL setup, and simply add the credentials on the request that my consuming app will send. I dont like it cause SSL will slow things down. Security by obsecurity. Pass a long number by my consuming app that is in Xmod0, where X is a secret number that both applications know. I just,,,, dont like this. Check the HTTP header to see where is the request coming from. This option is the one that i hate the least, not alot of processing, and spoofing an HTTP request is not really worth it, for my application's data. Is there any other clean solution for this?

Read the article
Javascript/iframe/embed/object question

- by thinkfuture

OK, so here is my issue. I'm building a system which will allow people to embed lists of links on their pages. When the link is clicked, i'd like to use something like Lightview or Lightwindow to open it up over the whole window, not just in the iframe. I don't have access to the page that the user will be embedding this object into. Everything I've tried so far tells me that I can't open anything over the parent window, since I don't have access to it from the iframe or object, javacript security issue. However, I've seen sites that do that kind of overlay. so it must be possible. If anyone can point me to any resources that could help, that would be great. if it matters, i'm using Ruby on Rails... Thanks...chris

Read the article
Microsoft Speech Recognition in web service

- by Diana

I'm trying to use the System.Speech.Recognition namespace for recognizing speech in a web service. Actually, the WS calls a dll that uses this namespace. The problem is that...I can't. First, I had a Access denied error. After changing the Identity of my application pool to LocalSystem (security break, I know), that disappeared. But a timeout appeared. I receive no error, but no response either. I did some tests, and, the same code (very simple) that I use for recognizing the text in a WAV returns the answer in around 2 seconds, when integrated in a desktop application, but hangs and does nothing in a web application. I think I'm missing something... I'm not supposed to use System.Speech.Recognition in a web application? Am I supposed to use something else? Any help is greatly appreciated. Thank you!

Read the article
Browser Helper Object doesnot get loaded in IE8

- by velusbits

I have a BHO, which i can see it as enabled in Add On's list. But it does not get loaded when i start my IE on the Win2k8 R2 machines(64 bit). I have disabled IE Enhanced security as well but no help. The same BHO gets loaded in other machines. The registry details under (HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects & HKEY_CLASSES_ROOT\Wow6432Node\CLSID) seem to be fine. Is there any setting that disables BHO from actually getting loaded?

Read the article
How to parse JSON to receive a Date object in JavaScript?

- by Piotr Owsiak

I have a following piece of JSON: \/Date(1293034567877)\/ which is a result of this .NET code: var obj = DateTime.Now; var serializer = new System.Web.Script.Serialization.JavaScriptSerializer(); serializer.Serialize(obj).Dump(); Now the problem I am facing is how to create a Date object from this in JavaScript. All I could find was incredible regex solution (many containing bugs). It is hard to believe there is no elegant solution as this is all in JavaScrip, I mean JavaScript code trying to read JSON (JavaScript Object Notation) which is supposed to be a JavaScript code and at this moment it turns out it's not cause JavaScript cannot do a good job here. I've also seen some eval solutions which I could not make to work (besides being pointed out as security threat). Is there really no way to do it in an elegant way? Similar question with no real answer: How to parse ASP.NET JSON Date format with GWT

Read the article
launching java test bycommand line

- by lamisse

I created runner.bat to launch one java test it contains : path to java,classpath org.junit.runner.JUnitCore package.class when I launch it : FAILURES Tests run: 1, Failures: 1 Exception in thread "Thread-0" java.lang.IllegalStateException: Shutdown in progress at java.lang.ApplicationShutdownHooks.add(Unknown Source) at java.lang.Runtime.addShutdownHook(Unknown Source) at com.sun.imageio.stream.StreamCloser$2.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.imageio.stream.StreamCloser.addToQueue(Unknown Source) at javax.imageio.stream.FileCacheImageInputStream.<init>(Unknown Source) at com.sun.imageio.spi.InputStreamImageInputStreamSpi.createInputStreamInstance(Unknown Source) at javax.imageio.ImageIO.createImageInputStream(Unknown Source) at javax.imageio.ImageIO.read(Unknown Source) at com.polyspace.util.guicomponent.CompositePanel.setBufferedImage(Unknown Source) at com.polyspace.util.guicomponent.CompositePanel.<init>(Unknown Source)

Read the article
How safe is JSONP implementation for login functionality

- by MKS

Hi Guys, I am using JSONP for login authentication, below is sample JQuery Code: $.ajax({ type:"GET", url: "https://staging/login/Login.aspx", // Send the login info to this page data: str, dataType: "jsonp", timeout: 200000, jsonp:"skywardDetails", success: function(result) { //Do something after the success } }); In above code, I am having HTTPS page for authentication, from my login dailog box, I am sending username and password to my login.aspx page, which calls "WEB SERVICE" taking input send by the login dialog page and return the users details as JSONP object. My question is that, how safe is above implementation and do also suggest how can I improve my security implementation. Thanks!

Read the article
Error in PushNotification from iPhone Device

- by Shibin Moideen

Hi All, I am trying to do a sample project on the Apple the push notification. I created an AppID, done some terminal commands, and finally got a Provisional Certificate for do the same. I got the certificate installed on my device and SDK. Till now every thing goes fine. But when i try to run the app on the device.... it doesnt. It throws an error stating "Error from debugger:Error launching remote program:security policy error." Can any one help me to overcome this. Please Help needed. thanks in advance Shibin

Read the article
Is writing eSQL database independant or not?

- by Robert Koritnik

Using EF we can use LINQ to read data which is rather simple (especialy using fluent calls), but we have less control unless we write eSQL on our own. Is writing eSQL database actually data store independant code? So if we decide to change data store, can the same statements still be used? Is writing eSQL strings in your code pose any serious security threats similar to writing TSQL statements in plain strings? So we moved to SPs. Could we still mode eSQL scripts outside of code as well and use some other technique to make them a bit more secure?

Read the article
ASP.NET - Manual authentication system

- by Gal V

Hello all, Wer'e developing an ASP.NET C# application, which will contain an authentication system that authenticates users in multiple levels (user, admin, super-admin, etc.). Our idea is NOT to use the built in ASP.NET forms authentication feature. Our plan is to create a whole 'new' system for it- based on the Session object, and SQL database contains users' info such as username & password. Is there any SERIOUS different between our idea to the Forms authentication feature? What security risks do we take? How do we solve them? Is this a good alternative for the forms authentication feature? Thanks in advance !

Read the article
I cannot connect to SQL Server Express using VB.NET

- by konin

Can someone tell me what I am missing? I am using this connection string to connect to my database and still it won't connect: Dim str As String = "Provider = .NET Framework Data Provider for SQL Server; Data Source=C:\Users\konin\Documents\UHMS\bin\Debug\UHMS.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True" This is the process I used to get the data source: right-click the database select properties and click select data source I hope I am clear enough. Thanks for reading. Edit: Error Message is as follows: unable to connect to database please contact administrator

Read the article

< Previous Page | 845 846 847 848 849 850 851 852 853 854 855 856 | Next Page >