Search Results

Search found 29222 results on 1169 pages for 'network security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1001/1169 | < Previous Page | 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008  | Next Page >

  • Spring MVC: How to resolve the path to subdirectories of the root 'JSP' folder in a web application

    - by chrisjleu
    What is a simple way to resolve the path to a JSP file that is not located in the root JSP directory of a web application using SpringMVCs viewResolvers? For example, suppose we have the following web application structure: web-app |-WEB-INF |-jsp |-secure |-admin.jsp |-admin2.jsp index.jsp login.jsp I would like to use some out-of-the-box components to resolve the JSP files within the jsp root folder and the secure subdirectory. I have a *-servlet.xml file that defines: an out-of-the-box, InternalResourceViewResolver: <bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"></property> <property name="prefix" value="/WEB-INF/jsp/"></property> <property name="suffix" value=".jsp"></property> </bean> a handler mapping: <bean id="handlerMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"> <property name="mappings"> <props> <prop key="/index.htm">urlFilenameViewController</prop> <prop key="/login.htm">urlFilenameViewController</prop> <prop key="/secure/**">urlFilenameViewController</prop> </props> </property> </bean> an out-of-the-box UrlFilenameViewController controller: <bean id="urlFilenameViewController" class="org.springframework.web.servlet.mvc.UrlFilenameViewController"> </bean> The problem I have is that requests to the JSPs in the secure directory cannot be resolved, as the jspViewResolver only has a prefix defined as /jsp/ and not /jsp/secure/. Is there a way to handle subdirectories like this? I would prefer to keep this structure because I'm also trying to make use of Spring Security and having all secure pages in a subdirectory is a nice way to do this. There's probably a simple way to acheive this but I'm new to Spring and the Spring MVC framework so any pointers would be appreciated.

    Read the article

  • How To Generate Parameter Set for the Diffie-Hellman Key Agreement Algorithm in Android

    - by sebby_zml
    Hello everyone, I am working on mobile/server security related project. I am now stuck in generating a Diffie-Hellman key agreement part. It works fine in server side program but it is not working in mobile side. Thus, I assume that it is not compactible with Android. I used the following class to get the parameters. It returns a comma-separated string of 3 values. The first number is the prime modulus P. The second number is the base generator G. The third number is bit size of the random exponent L. My question is is there anything wrong with the code or it is not compactible for android?What kind of changes should I do? Your suggestion and guidance would be very much help for me. Thanks a lot in advance. public static String genDhParams() { try { // Create the parameter generator for a 1024-bit DH key pair AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance("DH"); paramGen.init(1024); // Generate the parameters AlgorithmParameters params = paramGen.generateParameters(); DHParameterSpec dhSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class); // Return the three values in a string return ""+dhSpec.getP()+","+dhSpec.getG()+","+dhSpec.getL(); } catch (NoSuchAlgorithmException e) { } catch (InvalidParameterSpecException e) { } return null; } Regards, Sebby

    Read the article

  • php & mySQL: Storing doc, xls, zip, etc. with limited access and archiving

    - by Devner
    Hi all, In my application, I have a provision for users to upload files like doc, xls, zip, etc. I would like to know how to store these files on my website and have only restricted people access it. I may have a group of people and let only these group access those uploaded files. I know that some may try to just copy the link to the document or the file and pass it to another (non-permitted) user and they can download it. So how can I prevent it? How can I check if the request to download the file was made by a legitimate user who has access to the file? The usernames of the group members are stored in the database along with the document name and location in the database so they can access it. But how do I prevent non-permitted users from being able to access that confidential data in all ways? With the above in mind, how do I store these documents? Do I store the documents in a blob column in the Database or just just let user upload to a folder and merely store the path to the file in the database? The security of the documents is of utmost importance. So any procedure that could facilitate this feature would definitely help. I am not into Object Oriented programming so if you have a simpler code that you would like to share with me, I would greatly appreciate it. Also how do I archive documents that are old? Like say there are documents that are 1 year old and I want to conserve my website space by archiving them but still make them available to the user when they need it. How do I go about this? Thank you.

    Read the article

  • GoDaddy Subdomain Hosting Issue/Question with Disk Access (C#/ASP.NET 3.5)

    - by Vogel
    This isn't a very complicated scenario really, but as I start to type out the problem I'm realizing how convoluted it can become textually. Let me try and be very clear: First, the set up... I have a C#/ASP.NET web application that is publicly facing on my main domain (www), let's call it www.mysite.com. Nothing fancy, just a front-end that connects to SQL to display records. Then, I have a second C#/ASP.NET web application that is secured using forms authentication running on a subdomain, let's call it admin.mysite.com. This is a very light-weight CMS system to administer the public site. Now, the problem... Both of these sites run fine for basic tasks, however, my problem arises when I try to gain access to the file system for uploading. GoDaddy requires subdomains to run as a virtual directories under the main application in IIS (so the subdomains actually resolve/re-direct to www.mysite.com/admin when you type in admin.mysite.com), but because of this I am unable to write to my website root from the subfolder. Let me explain a little more... The CMS system (running as a virtual directory) gives the admin the ability to upload photos for display on the main site, the target folder of which is www.mysite.com/images - when attempting disk access from the root app, I am able to write to the virtual directory, but cannot do the opposite -- that is, write to the root from the virtual directory, getting security violations. If I can only upload to the /admin/ virtual directory, the entire point is moot because it's a secured folder that the public can't see! The only solution I can think of is to upload the files to the /admin/ virtual directory, then call a URL in the root that moves files from /admin/ back to the root, but that is entirely ghetto. I hope this post makes sense. Anyone else experience anything like this? The bottom line is that it seems virtual directories ONLY have access to themselves, and not their parent directories, no matter what credentials are used. Thanks!

    Read the article

  • Where and how to start on C# and .Net Framework ?

    - by Rachel
    Currently, I have been working as an PHP developer for approximately 1 year now and I want learn about C# and .Net Framework, I do not have any experience with .Net Framework and C# and also there is not firm basis as to why I am going for C# and .Net Framework vs Java or any other programming languages, this decision is mere on career point of view and job opportunities. So my question is about: Is my decision wise to go for C# and .Net Framework route after working for sometime as an PHP Developer ? What are the good resources which I can refer and learn from to get knowledge on C# and .NET Framework ? How should I go about learning on C# and .NET Framework ? What all technologies should I be learning OR have experience with to be considered as an C#/.Net Developer, I am mentioning some technologies, please add or suggest one, if am missing out any ? Technologies C#-THE LANGUAGE GUI APPLICATION DEVELOPMENT WINDOWS CONTROL LIBRARY DELEGATES DATA ACCESS WITH ADO.NET MULTI THREADING ASSEMBLIES WINDOWS SERVICES VB INTRODUCTION TO VISUAL STUDIO .NET WINDOWS CONTROL LIBRARY DATA ACCESS WITH ADO.NET ASP.NET WEB TECHNOLOGIES CONTROLS VALIDATION CONTROL STATE MANAGEMENT CACHING ASP.NET CONFIGURATION ADO.NET ASP.NET TRACING & SECURITY IN ASP.NET XMLPROGRAMMING WEB SERVICES CRYSTAL REPORTS SSRS (SQL Server Reporting Services) MS-Reports LINQ: NET Language-Integrated Query NET Language-Integrated Query LINQ to SQL: SQL Integration WCF: Windows Communication Foundation What Is Windows Communication Foundation? Fundamental Windows Communication Foundation Concepts Windows Communication Foundation Architecture WPF: Windows Presentation Foundation Getting Started (WPF) Application Development WPF Fundamentals What are your thoughts, suggestions on this and from Job and Market Perspective, what areas of C#/.Net Development should I put my focus on ? I know this is very subjective and long question but advice would be highly appeciated. Thanks.

    Read the article

  • java connectivity with mysql error

    - by abson
    I just started with the connectivity and tried this example. I have installed the necessary softwares. Also copied the jar file into the /ext folder.Yet the code below has the following error import java.sql.*; public class Jdbc00 { public static void main(String args[]){ try { Statement stmt; Class.forName("com.mysql.jdbc.Driver"); String url = "jdbc:mysql://localhost:3306/mysql" DriverManager.getConnection(url,"root", "root"); //Display URL and connection information System.out.println("URL: " + url); System.out.println("Connection: " + con); //Get a Statement object stmt = con.createStatement(); //Create the new database stmt.executeUpdate( "CREATE DATABASE JunkDB"); stmt.executeUpdate( "GRANT SELECT,INSERT,UPDATE,DELETE," + "CREATE,DROP " + "ON JunkDB.* TO 'auser'@'localhost' " + "IDENTIFIED BY 'drowssap';"); con.close(); }catch( Exception e ) { e.printStackTrace(); }//end catch }//end main }//end class Jdbc00 But it gave the following error D:\Java12\Explore>java Jdbc00 java.lang.ClassNotFoundException: com.mysql.jdbc.Driver at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Unknown Source) at Jdbc11.main(Jdbc00.java:11) Could anyone please guide me in correcting this?

    Read the article

  • Getting a users Facebook profile url

    - by Greg Pabst
    I am creating a registry site so similar people can find each other easily. I don't want to use Facebook Connect as the primary log in method or use Facebook to store their information. I'll be creating a database on my end to store that info. For security reasons I won't be displaying the users address, phone number or email address so I wanted to provide the next best way for people to connect with each other, this is where Facebook comes in. Normally I would just ask them to type their Facebook URL in a text box but I don't think most people know what their url is which is why I think I need to use Facebook Connect. So here is my idea..when the users signs up there is a check box that when checked signifies they are allowing people to find them on Facebook. I assume once they click the register button that a Facebook Connect popup will show up asking for permission to access their Facebook account. When they "allow" it, then I can get their profile url. All I need is their Facebook profile url, I don't want any other Facebook features or information. Is Facebook Connect the best thing to use for this scenario? Is there an easier way? Several months ago on the Facebook Connect site their used to be examples of doing this, but all the documentation has been rearranged and changed and I can't seem to find the information. Any help you can provide would be great!

    Read the article

  • Java: Exception in thread main java.lang.NoClassDefFoundError

    - by cath
    I am trying to get the Red5 Flash Media Server working on my computer. I have installed it, but when I run the server I get this error Exception in thread "main" java.lang.NoClassDefFoundError: org/red5/server/Bootstrap Caused by: java.lang.ClassNotFoundException: org.red5.server.Bootstrap at java.net.URLClassLoader$1.run(URLClassLoader.java:217) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:205) at java.lang.ClassLoader.loadClass(ClassLoader.java:321) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) at java.lang.ClassLoader.loadClass(ClassLoader.java:266) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:334) Could not find the main class: org.red5.server.Bootstrap. Program will exit. I came across this link where someone had the same issue: http://trac.red5.org/ticket/762 It looks like they ran this command: export CLASSPATH=3D$RED5_HOME/lib/slf4j-api-1.5.10.jar:$RED5_HOME/lib/logback- core-0.9.18.jar:$RED5_HOME/lib/logback-classic-0.9.18.jar I have red5 installed in /usr/share/red5, so I ran this: export CLASSPATH=3D$/usr/share/red5/lib/slf4j-api-1.5.10.jar:$/usr/share/red5/lib/logback-core-0.9.18.jar:$/usr/share/red5/lib/logback-classic-0.9.18.jar Yet despite all this I am still seeing the same error message.

    Read the article

  • Encryption puzzle / How to create a ProxyStub for a Remote Assistance ticket

    - by Jon Clegg
    I am trying to create a ticket for Remote Assistance. Part of that requires creating a PassStub parameter. As of the documenation: http://msdn.microsoft.com/en-us/library/cc240115(PROT.10).aspx PassStub: The encrypted novice computer's password string. When the Remote Assistance Connection String is sent as a file over e-mail, to provide additional security, a password is used.<16 In part 16 they detail how to create as PassStub. In Windows XP and Windows Server 2003, when a password is used, it is encrypted using PROV_RSA_FULL predefined Cryptographic provider with MD5 hashing and CALG_RC4, the RC4 stream encryption algorithm. As PassStub looks like this in the file: PassStub="LK#6Lh*gCmNDpj" If you want to generate one yourself run msra.exe in Vista or run the Remote Assistance tool in WinXP. The documentation says this stub is the result of the function CryptEncrypt with the key derived from the password and encrypted with the session id (Those are also in the ticket file). The problem is that CryptEncrypt produces a binary output way larger then the 15 byte PassStub. Also the PassStub isn't encoding in any way I've seen before. Some interesting things about the PassStub encoding. After doing statistical analysis the 3rd char is always a one of: !#$&()+-=@^. Only symbols seen everywhere are: *_ . Otherwise the valid characters are 0-9 a-z A-Z. There are a total of 75 valid characters and they are always 15 bytes. Running msra.exe with the same password always generates a different PassStub, indicating that it is not a direct hash but includes the rasessionid as they say. Some other ideas I've had is that it is not the direct result of CryptEncrypt, but a result of the rasessionid in the MD5 hash. In MS-RA (http://msdn.microsoft.com/en-us/library/cc240013(PROT.10).aspx). The "PassStub Novice" is simply hex encoded, and looks to be the right length. The problem is I have no idea how to go from any hash to way the ProxyStub looks like.

    Read the article

  • How to verify the SSL connection when calling an URI?

    - by robertokl
    Hello, I am developing an web application that is authenticated using CAS (A single-sign-on solution: http://www.ja-sig.org/wiki/display/CAS/Home). For security reasons, I need two things to work: The communication between CAS and my application needs to be secure My application needs to accept the certification coming with CAS, so that I can guarantee that the CAS responding is the real CAS Server. This is what I got so far: uri = URI.parse("https://www.google.com/accounts") https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = (uri.scheme == 'https') https.verify_mode = (OpenSSL::SSL::VERIFY_PEER) raw_res = https.start do |conn| conn.get("#{uri.path}?#{uri.query}") end This works just great in my Mac OSX. When I try to reach an insecure uri, it raises an exception, and when I try to reach a secure uri, it allow me normally, just like expected. The problem starts when I deploy my application on my Linux server. I tried in both Ubuntu and Red Hat. Independing of what uri I try to reach, it always raises me this exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect' from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect' from /usr/local/lib/ruby/1.8/net/http.rb:553:in `do_start' from /usr/local/lib/ruby/1.8/net/http.rb:542:in `start' from (irb):7 I think this have something to do with my installed OpenSSL package, but I can't be sure. This are my installed OpenSSL packages: openssl.x86_64 0.9.8e-12.el5 installed openssl-devel.x86_64 0.9.8e-12.el5 installed I tried using HTTParty as well, but it just ignores the SSL certificated. I hope someone can help me, either by telling me a gem that works the way I need. Thanks.

    Read the article

  • Design Practice Retrieve Multiple Users - PHP

    - by pws5068
    Greetings all, I'm looking for a more efficient way to grab multiple users without too much code redundancy. I have a Users class, (here's a highly condensed representation) Class Users { function __construct() { ... ... } private static function getNew($id) { // This is all only example code $sql = "SELECT * FROM Users WHERE User_ID=?"; $user = new User(); $user->setID($id); .... return $user; } public static function getNewestUsers($count) { $sql = "SELECT * FROM Users ORDER BY Join_Date LIMIT ?"; $users = array(); // Prepared Statement Data Here while($stmt->fetch()) { $users[] = Users::getNew($id); ... } return $users; } // These have more sanity/security checks, demonstration only. function setID($id) { $this->id = $id; } function setName($name) { $this->name = $name; } ... } So clearly calling getNew() in a loop is inefficient, because it makes $count number of calls to the database each time. I would much rather select all users in a single SQL statement. The problem is that I have probably a dozen or so methods for getting arrays of users, so all of these would now need to know the names of the database columns which is repeating a lot of structure that could always change later. What are some other ways that I could approach this problem? My goals include efficiency, flexibility, scalability, and good design practice.

    Read the article

  • problem with MANIFEST.MF in jar

    - by dhananjay
    I have created my jar file in the following folder: /usr/local/bin/niidle.jar And I have one jarfile which is in the following folder /Projects/EnwelibDatedOct13/Niidle/lib/hector-0.6.0-17.jar And this file 'hector-0.6.0-17.jar' I have to include in MANIFEST.MF in jar. And when I mention class path in MANIFEST.MF as follows: Manifest-Version: 1.0 Main-Class: com.ensarm.niidle.web.scraper.NiidleScrapeManager Class-Path: /Projects/EnwelibDatedOct13/Niidle/lib/hector-0.6.0-17.jar When I run this using command: java -jar /usr/local/bin/niidle.jar It works properly.. But I dont want to give full Class-Path name, I have to give Class-Path as follows: Manifest-Version: 1.0 Main-Class: com.ensarm.niidle.web.scraper.NiidleScrapeManager Class-Path: lib/hector-0.6.0-17.jar And when I run this using command: java -jar /usr/local/bin/niidle.jar It is showing error message: Exception in thread "main" java.lang.NoClassDefFoundError: me/prettyprint/hector/api/Serializer at com.ensarm.niidle.web.scraper.NiidleScrapeManager.main(NiidleScrapeManager.java:21) Caused by: java.lang.ClassNotFoundException: me.prettyprint.hector.api.Serializer at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) ... 1 more Please tell me solution for that...

    Read the article

  • Mahout - Error when try out wikipedia exmaples

    - by Li'
    Note this post is similar to Caused by: java.lang.ClassNotFoundException: classpath but different error message. When I try to run Wikipedia Bayes Example from https://cwiki.apache.org/confluence/display/MAHOUT/Wikipedia+Bayes+Example When I ran the following command : lis-macbook-pro:mahout-distribution-0.8 Li$ mahout wikipediaXMLSplitter -d examples/temp/enwiki-latest-pages-articles10.xml -o wikipedia/chunks -c 64 I got error message: MAHOUT_LOCAL is set, so we don't add HADOOP_CONF_DIR to classpath. MAHOUT_LOCAL is set, running locally SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/Users/Li/File/Java/mahout-distribution-0.8/examples/target/mahout-examples-0.8-job.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/Users/Li/File/Java/mahout-distribution-0.8/examples/target/dependency/slf4j-jcl-1.7.5.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [org.slf4j.impl.JCLLoggerFactory] Oct 21, 2013 4:25:47 PM org.slf4j.impl.JCLLoggerAdapter warn WARNING: Unable to add class: wikipediaXMLSplitter java.lang.ClassNotFoundException: wikipediaXMLSplitter at java.net.URLClassLoader$1.run(URLClassLoader.java:202) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:247) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:171) at org.apache.mahout.driver.MahoutDriver.addClass(MahoutDriver.java:236) at org.apache.mahout.driver.MahoutDriver.main(MahoutDriver.java:127) I am using Hadoop 1.2 and Mahout 0.8. mahout-distribution-0.8/bin has been added to $PATH. $MAHOUT_LOCAL is set to "True", so it runs locally. I dont know why I got "Unable to add class: wikipediaXMLSplitter"

    Read the article

  • How to verify the SSL connection when calling a URI?

    - by robertokl
    Hello, I am developing a web application that is authenticated using CAS (A single-sign-on solution: http://www.ja-sig.org/wiki/display/CAS/Home). For security reasons, I need two things to work: The communication between CAS and my application needs to be secure My application needs to accept the certification coming from CAS, so that I can guarantee that the CAS responding is the real CAS server This is what I got so far: uri = URI.parse("https://www.google.com/accounts") https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = (uri.scheme == 'https') https.verify_mode = (OpenSSL::SSL::VERIFY_PEER) raw_res = https.start do |conn| conn.get("#{uri.path}?#{uri.query}") end This works just great in Mac OS X. When I try to reach an insecure URI, it raises an exception, and when I try to reach a secure URI, it allows me normally, just like expected. The problem starts when I deploy my application on my Linux server. I tried in both Ubuntu and Red Hat. Independent of what URI I try to reach, it always raises this exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect' from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect' from /usr/local/lib/ruby/1.8/net/http.rb:553:in `do_start' from /usr/local/lib/ruby/1.8/net/http.rb:542:in `start' from (irb):7 I think this have something to do with my installed OpenSSL package, but I can't be sure. This are my installed OpenSSL packages: openssl.x86_64 0.9.8e-12.el5 installed openssl-devel.x86_64 0.9.8e-12.el5 installed I tried using HTTParty as well, but it just ignores the SSL certificate. I hope someone can help me, or tell me about a gem that works the way I need. Thanks.

    Read the article

  • Request for the permission of type 'System.Web.AspNetHostingPermission' when compiling web site

    - by ahsteele
    I have been using Windows 7 for a while but have not had to work with a particular legacy intranet application since my upgrade. Unfortunately, this application is setup as an ASP.NET Website project hosted on a remote server. When I have the website open in Visual Studio 2008 and try to debug it: Request for the permission of type 'System.Web.AspNetHostingPermission' failed To resolve this issue on Windows Vista machines I would change the machine's .NET Security Configuration to trust the local intranet. I believe this configuration utility relied upon the mscorcfg.msc which from some cursory research appears to be apart of the .NET 2.0 SDK. I have tried to follow the instructions from this Microsoft Support article running the command below to no avail. Drive:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\caspol.exe -m -ag 1 -url "file:////\\computername\sharename\*" FullTrust -exclusive on Presently, I have the following .NET and ASP.NET components installed on my machine Microsoft .NET Compact Framework 2.0 SP2 Microsoft .NET Compact Framework 3.5 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft ASP.NET MVC 1.0 Microsoft ASP.NET MVC 2 Microsoft ASP.NET MVC 2 - Visual Studio 2008 Tools Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Do I need to install the .NET 2.0 SDK? Am I issuing the caspol command incorrectly? Is there something else that I am missing?

    Read the article

  • How to setup Lucene search for a B2B web app?

    - by Bill Paetzke
    Given: 5000 databases (spread out over 5 servers) 1 database per client (so you can infer there are 1000 clients) 2 to 2000 users per client (let's say avg is 100 users per client) Clients (databases) come and go every day (let's assume most remain for at least one year) Let's stay agnostic of language or sql brand, since Lucene (and Solr) have a breadth of support The Question: How would you setup Lucene search so that each client can only search within its database? How would you setup the index(es)? Would you need to add a filter to all search queries? If a client cancelled, how would you delete their (part of the) index? (this may be trivial--not sure yet) Possible Solutions: Make an index for each client (database) Pro: Search is faster (than one-index-for-all method). Indices are relative to the size of the client's data. Con: I'm not sure what this entails, nor do I know if this is beyond Lucene's scope. Have a single, gigantic index with a database_name field. Always include database_name as a filter. Pro: Not sure. Maybe good for tech support or billing dept to search all databases for info. Con: Search is slower (than index-per-client method). Flawed security if query filter removed. For Example: Joel Spolsky said in Podcast #11 that his hosted web app product, FogBugz On-Demand, uses Lucene. He has thousands of on-demand clients. And each client gets their own database. His situation is quite similar to mine. Although, he didn't elaborate on the setup (particularly indices); hence, the need for this question. One last thing: I would also accept an answer that uses Solr (the extension of Lucene). Perhaps it's better suited for this problem. Not sure.

    Read the article

  • how to create nettcpbinding of this custombinding

    - by evgeni
    I am new at wcf programming model and i want to use nettcpbinding. before i ask my question below is my custom binding : <customBinding> <binding name="basic"> <security authenticationMode="UserNameForCertificate"/> <binaryMessageEncoding/> <httpsTransport/> </binding> </customBinding> when i create a service reference using a simple console application it finds a certificate and ask me to use it.and this way i can use the webservice ... but when i change binding to nettcpbinding with TransportWithMessageCredential the service is looking for certificate and could not find it like this : </binding> </netTcpBinding> ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByIssuerName, "Contoso.com"). at this point i use a customnamevalidator and i do it programmatically. so why when i use nettcpbinding with TransportWithMessageCredential why is SetCertificate could not find the installed certificate ? am i missed something ? or do i have to ad something? thanks .

    Read the article

  • Encryption puzzle / How to create a PassStub for a Remote Assistance ticket

    - by Jon Clegg
    I am trying to create a ticket for Remote Assistance. Part of that requires creating a PassStub parameter. As of the documentation: http://msdn.microsoft.com/en-us/library/cc240115(PROT.10).aspx PassStub: The encrypted novice computer's password string. When the Remote Assistance Connection String is sent as a file over e-mail, to provide additional security, a password is used.<16 In part 16 they detail how to create as PassStub. In Windows XP and Windows Server 2003, when a password is used, it is encrypted using PROV_RSA_FULL predefined Cryptographic provider with MD5 hashing and CALG_RC4, the RC4 stream encryption algorithm. As PassStub looks like this in the file: PassStub="LK#6Lh*gCmNDpj" If you want to generate one yourself run msra.exe in Vista or run the Remote Assistance tool in WinXP. The documentation says this stub is the result of the function CryptEncrypt with the key derived from the password and encrypted with the session id (Those are also in the ticket file). The problem is that CryptEncrypt produces a binary output way larger then the 15 byte PassStub. Also the PassStub isn't encoding in any way I've seen before. Some interesting things about the PassStub encoding. After doing statistical analysis the 3rd char is always a one of: !#$&()+-=@^. Only symbols seen everywhere are: *_ . Otherwise the valid characters are 0-9 a-z A-Z. There are a total of 75 valid characters and they are always 15 bytes. Running msra.exe with the same password always generates a different PassStub, indicating that it is not a direct hash but includes the rasessionid as they say. Some other ideas I've had is that it is not the direct result of CryptEncrypt, but a result of the rasessionid in the MD5 hash. In MS-RA (http://msdn.microsoft.com/en-us/library/cc240013(PROT.10).aspx). The "PassStub Novice" is simply hex encoded, and looks to be the right length. The problem is I have no idea how to go from any hash to way the PassStub looks like.

    Read the article

  • using paypals html api is safe?

    - by ajsie
    im trying out paypals html api where you specify price, item_name, customer information and so on in the html: <form action="https://www.paypal.com/cgi-bin/webscr" method="post" id="payPalForm"> <input type="hidden" name="cmd" value="_cart" /> <input type="hidden" name="upload" value="1" /> <input type="hidden" name="no_note" value="1" /> <input type="hidden" name="business" value="[email protected]" /> <input type="hidden" name="currency_code" value="SEK" /> <input type="hidden" name="return" value="http://freelanceswitch.com/payment-complete/" /> <input type="hidden" name="tax_rate" value="25" /> <input type="hidden" name="item_name_1" value="Apple Macpro" /> <input type="hidden" name="item_number_1" value="01 - Product 1" /> <input type="hidden" name="amount_1" value="25000" /> <input type="hidden" name="item_name_2" value="Apple Macbook" /> <input type="hidden" name="item_number_2" value="02 - Product 2" /> <input type="hidden" name="amount_2" value="12500" /> <input type="hidden" name="item_name_3" value="Apple Macbook Air" /> <input type="hidden" name="item_number_3" value="03 - Product 3" /> <input type="hidden" name="amount_3" value="12500" /> <input type="submit" name="Submit" value="Submit" /> </form> when the user clicks submit it takes him/her to paypals payment page. but doesn't this mean that a hacker could change the order by manipulating the html code? i can´t figure out how paypal prevents this security problem.

    Read the article

  • Broken ssl, what to do

    - by TIT
    I have a site and i implemented ssl there. but when i browse it, the security seals dont come. i asked to godaddy, they replaid: Thank you for contacting online support. I cannot replicate the issue you have described. The error you described is caused by the way your site has been designed. If you receive this error, you have a combination of secure and non-secure objects on the page. For example, if your secure website was https://www.domain.tld and you added an object (an image, script, flash file, etc.) to that page that was located at http://www.domain.tld/image.jpg, you would break the seal. You will need to change your design to link to objects using https (ie https://www.domain.tld/image.jpg) or modify your site design to use relative paths (/image.jpg). This error can only be corrected by modifying your site design. Please contact your web designer or the manufacturer of your web design software if you require additional assistance modifying your site design. but the problem is i made everything,all my images javascripts are unders https, but the seal still not coming, saying: some content insecure. what is the problem.

    Read the article

  • Java - encrypt / decrypt user name and password from a configuration file

    - by nzpcmad
    We are busy developing a Java web service for a client. There are two possible choices: Store the encrypted user name / password on the web service client. Read from a config. file on the client side, decrypt and send. Store the encrypted user name / password on the web server. Read from a config. file on the web server, decrypt and use in the web service. The user name / password is used by the web service to access a third-party application. The client already has classes that provide this functionality but this approach involves sending the user name / password in the clear (albeit within the intranet). They would prefer storing the info. within the web service but don't really want to pay for something they already have. (Security is not a big consideration because it's only within their intranet). So we need something quick and easy in Java. Any recommendations? The server is Tomkat 5.5. The web service is Axis2. What encrypt / decrypt package should we use? What about a key store? What configuration mechanism should we use? Will this be easy to deploy?

    Read the article

  • Java XMLRPC request-String

    - by Philip
    Hi, I'm using Apache XML-RPC 3.1.2 to talk to an online-service. They have something special, they need a hash over the whole XML with a secret key for some kind of security, like this: String hash = md5(xmlRequest + secretKey); String requestURL = "http://foo.bar/?authHash=" + hash; So I need the XML-request like this: <?xml version="1.0"?> <methodCall> <methodName>foo.bar</methodName> <params> <param> <value><struct> <member><name>bla</name> <value><int>1</int></value> </member> <member><name>blubb</name> <value><int>2</int></value> </member> </struct></value> </param> </params> </methodCall> But how do I get this String-representation of the XMLRPC-Request with the lib Apache XML-RPC?

    Read the article

  • Password Confirmation Overlay

    - by Alasdair
    Hello, I'm creating a J2EE web application that uses jQuery and Ajax to help with some of the presentation for a user-friendly interface. I've done a lot of work ensuring security around persistant login cookies, and I've decided to request the password from any user that logged in using a persistant login cookie before being allowed to make any changes that could be malicious. This request would only happen once to confirm the user is who they say they are and will last throughout the session. At present, any requests that meet this criteria has their request information stored in session and then the user is forwarded to a page to confirm their password. Once confirmed, the user's original request is then performed and the requestion information removed from session. What I would like to do is avoid all this redirection and minimize what's held in session (even if it's just for a small time), thus improving usability and convenience for the user. I believe that a jQuery overlay could allow me to prompt the user for their password (if required) and then continue to submit the request if successful. I would of originally used ThickBox, but since that's now deprecated I don't see the benefit in implementing it in an application at this development stage. However, I have tried to create an overlay using jQuery but I've scrapped every attempt as I can't seem to make it all come together. My main problem is preventing the submission when the user incorrectly types a password or cancels the overlay. Desired Flow Persistant Login Sensitive Page Submit Password Confirmation Overlay [Continue Submit | (Cancel | Incorrect] I have already created JavaScript code to encrypt the password to be sent in a parameter, but all I need now is a method of controlling the overlay and how best to use Ajax for this purpose. Please ignore the fact that this is a J2EE web application when answering as it is irrelevant really. Thanks in advance, Alasdair

    Read the article

  • How to use Profile in asp.net?

    - by Phsika
    i try to learn asp.net Profile management. But i added below xml firstName,LastName and others. But i cannot write Profile. if i try to write Profile property. drow my editor Profile : Error 1 The name 'Profile' does not exist in the current context C:\Documents and Settings\ykaratoprak\Desktop\Security\WebApp_profile\WebApp_profile\Default.aspx.cs 18 13 WebApp_profile How can i do that? <authentication mode="Windows"/> <profile> <properties> <add name="FirstName"/> <add name="LastName"/> <add name="Age"/> <add name="City"/> </properties> </profile> protected void Button1_Click(object sender, System.EventArgs e) { Profile.FirstName = TextBox1.Text; Profile.LastName = TextBox2.Text; Profile.Age = TextBox3.Text; Profile.City = TextBox4.Text; Label1.Text = "Profile stored successfully!<br />" + "<br />First Name: " + Profile.FirstName + "<br />Last Name: " + Profile.LastName + "<br />Age: " + Profile.Age + "<br />City: " + Profile.City; }

    Read the article

  • ASP.NET SQLMembership Provider not logging in

    - by cfdev9
    My web app uses the sql memebership provider. Running it locally all is well, deploying to a dev server it works fine too in firefox, but in IE8 something unexpected is happening. Once a user logs in they're supposed to be redirected to home.aspx. What's happening when I attempt to login is it appears to accept the login credentials but then doesn't redirect to home.aspx. Instead it just redirects me to the login page as though I had attempted to access home.aspx directly without being logged in. The url parameter ReturnUrl is appended, Login.aspx?ReturnUrl=%2fhome.aspx Why is this only happening with IE8? My local PC is IIS7 but the server is IIS6. Using the same web.config Full code behind public partial class Login : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { Session.Abandon(); FormsAuthentication.SignOut(); } } protected void btnSubmit_Click(object sender, EventArgs e) { if (Membership.ValidateUser(tbUsername.Text, tbPassword.Text)) { if (Request.QueryString["ReturnUrl"] != null) { FormsAuthentication.RedirectFromLoginPage(tbUsername.Text, false); } else { FormsAuthentication.SetAuthCookie(tbUsername.Text, false); Response.Redirect("~/Home.aspx"); } } } } Full web.config <?xml version="1.0"?> <configuration> <configSections> <sectionGroup name="system.web.extensions" type="System.Web.Configuration.SystemWebExtensionsSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <sectionGroup name="scripting" type="System.Web.Configuration.ScriptingSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <section name="scriptResourceHandler" type="System.Web.Configuration.ScriptingScriptResourceHandlerSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <sectionGroup name="webServices" type="System.Web.Configuration.ScriptingWebServicesSectionGroup, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"> <section name="jsonSerialization" type="System.Web.Configuration.ScriptingJsonSerializationSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="Everywhere"/> <section name="profileService" type="System.Web.Configuration.ScriptingProfileServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <section name="authenticationService" type="System.Web.Configuration.ScriptingAuthenticationServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> <section name="roleService" type="System.Web.Configuration.ScriptingRoleServiceSection, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" requirePermission="false" allowDefinition="MachineToApplication"/> </sectionGroup> </sectionGroup> </sectionGroup> </configSections> <appSettings/> <connectionStrings> <add name="ASPNET_DB" connectionString="..."/> </connectionStrings> <system.web> <membership defaultProvider="SqlMembershipProvider"> <providers> <add name="SqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" connectionStringName="ASPNET_DB" enablePasswordRetrieval="true" enablePasswordReset="true" requiresQuestionAndAnswer="false" applicationName="/" requiresUniqueEmail="false" passwordFormat="Clear" maxInvalidPasswordAttempts="5" passwordAttemptWindow="10" passwordStrengthRegularExpression="" minRequiredPasswordLength="1" minRequiredNonalphanumericCharacters="0"/> </providers> </membership> <roleManager enabled="true" defaultProvider="SqlRoleManager"> <providers> <add name="SqlRoleManager" type="System.Web.Security.SqlRoleProvider" connectionStringName="ASPNET_DB" applicationName="/"/> </providers> </roleManager> <authentication mode="Forms"> <forms name="CHOUSE.ASPXAUTH" loginUrl="login.aspx" protection="All" path="/"/> </authentication> <authorization> <allow roles="AccountManager"/> <allow roles="Client"/> <deny users="*"/> </authorization> <compilation debug="true"> <assemblies> <add assembly="System.Core, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Data.DataSetExtensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> <add assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add assembly="System.Xml.Linq, Version=3.5.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/> </assemblies> </compilation> <pages> <controls> <add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add tagPrefix="asp" namespace="System.Web.UI.WebControls" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </controls> </pages> <httpHandlers> <remove verb="*" path="*.asmx"/> <add verb="*" path="*.asmx" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add verb="*" path="*_AppService.axd" validate="false" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" validate="false"/> </httpHandlers> <httpModules> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </httpModules> </system.web> <location path="Admin"> <system.web> <authorization> <allow roles="AccountManager"/> <deny users="*"/> </authorization> </system.web> </location> <system.codedom> <compilers> <compiler language="c#;cs;csharp" extension=".cs" warningLevel="4" type="Microsoft.CSharp.CSharpCodeProvider, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"> <providerOption name="CompilerVersion" value="v3.5"/> <providerOption name="WarnAsError" value="false"/> </compiler> </compilers> </system.codedom> <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules> <remove name="ScriptModule"/> <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </modules> <handlers> <remove name="WebServiceHandlerFactory-Integrated"/> <remove name="ScriptHandlerFactory"/> <remove name="ScriptHandlerFactoryAppServices"/> <remove name="ScriptResource"/> <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> <add name="ScriptResource" preCondition="integratedMode" verb="GET,HEAD" path="ScriptResource.axd" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> </handlers> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Extensions" publicKeyToken="31bf3856ad364e35"/> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/> </dependentAssembly> <dependentAssembly> <assemblyIdentity name="System.Web.Extensions.Design" publicKeyToken="31bf3856ad364e35"/> <bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="3.5.0.0"/> </dependentAssembly> </assemblyBinding> </runtime>

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008  | Next Page >