Search Results

Search found 42331 results on 1694 pages for 'event log security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 103/1694 | < Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110  | Next Page >

  • Servlet 3.0 logout doesn't work

    - by Kevin
    I've got a problem with the authentication features of Servlet 3.0: With this code in a Servlet v3: log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); log.info("===^==="); request.logout() ; log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); request.authenticate(response) ; log.info("===v==="); log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); I would always expect to see the Username/login windows, because of the logout() function. Instead, it seems to be a 'cache' mechanism which repopulate the credential and cancel my logout ... Admin BASIC ===^=== null null ===v=== Admin BASIC Is it a problem with my firefox, or something I'm missing in the Servlet code?

    Read the article

  • raising a vb6 event using interop

    - by Steve
    Hi, I have a legacy VB6 component that I've imported into VS using tlbimp.exe to generate my interop assembly. The VB6 component defines an event that allows me to pass messages within VB6. Public Event Message(ByVal iMsg As Variant, oCancel As Variant) I would really like to be able to raise this even in my C# program, but its getting imported as an event, not a delegate or something else useful. So, I can only listen, but never fire. Does anyone know how to fire an event contained within VB6? The C# event looks like [TypeLibType(16)] [ComVisible(false)] public interface __MyObj_Event { event __MyObj_MessageEventHandler Message; } I unfortunately cannot change the VB6 code. Thanks.

    Read the article

  • How does WCF RIA Services handle authentication/authorization/security?

    - by Edward Tanguay
    Since no one answered this question: What issues to consider when rolling your own data-backend for Silverlight / AJAX on non-ASP.NET server? Let me ask it another way: How does WCF RIA Services handle authentication/authorization/security at a low level? e.g. how does the application on the server determine that the incoming http request to change data is coming from a valid client and not from non-desirable source, e.g. a denial-of-service bot?

    Read the article

  • Adding custom filter in spring framework problem?

    - by user298768
    hello there iam trying to make a custom AuthenticationProcessingFilter to save some user data in the session after successful login here's my filter: Code: package projects.internal; import java.io.IOException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.security.Authentication; import org.springframework.security.ui.webapp.AuthenticationProcessingFilter; public class MyAuthenticationProcessingFilter extends AuthenticationProcessingFilter { protected void onSuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException { super.onSuccessfulAuthentication(request, response, authResult); request.getSession().setAttribute("myValue", "My value is set"); } } and here's my security.xml file Code: <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <global-method-security pre-post-annotations="enabled"> </global-method-security> <http use-expressions="true" auto-config="false" entry-point-ref="authenticationProcessingFilterEntryPoint"> <intercept-url pattern="/" access="permitAll" /> <intercept-url pattern="/images/**" filters="none" /> <intercept-url pattern="/scripts/**" filters="none" /> <intercept-url pattern="/styles/**" filters="none" /> <intercept-url pattern="/p/login.jsp" filters="none" /> <intercept-url pattern="/p/register" filters="none" /> <intercept-url pattern="/p/**" access="isAuthenticated()" /> <form-login login-processing-url="/j_spring_security_check" login-page="/p/login.jsp" authentication-failure-url="/p/login_error.jsp" /> <logout /> </http> <authentication-manager alias="authenticationManager"> <authentication-provider> <jdbc-user-service data-source-ref="dataSource"/> </authentication-provider> </authentication-manager> <beans:bean id="authenticationProcessingFilter" class="projects.internal.MyAuthenticationProcessingFilter"> <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> </beans:bean> <beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint"> </beans:bean> </beans:beans> it gives an error here: Code: <custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> multiple annotation found at this line:cvc-attribute.3 cvc-complex-type.4 cvc-enumeration-vaild what is the problem? thanks in advance

    Read the article

  • Why should I Use ASP.NET Membership security model?

    - by ListenToRick
    I'm updating my website at the moment and figure that if I am to update my login/security mode, now is a good time. I have looked through the Membership model which is included in ASP.NET but I'm convinced that it will provide any benefit apart from being familiar to other .NET deevlopers. There seems to be quite a lot of documentation for it, but little discussion for why its worth the effort. Can anybody shed some light upon this?

    Read the article

  • What kind of security issues will I have if I provide my web app write access?

    - by iama
    I would like to give my web application write access to a particular folder on my web server. My web app can create files on this folder and can write data to those files. However, the web app does not provide any interface to the users nor does it publicize the fact that it can create files or write to files. Am I susceptible to any security vulnerabilities? If so, what are they?

    Read the article

  • Enable PyGTK Eventbox motion-notify-event while is a Layout child

    - by mkotechno
    I noticed when a Eventbox is added into a Layout some events are missed, this does not happend for example adding it to a Fixed (very similar widget), I tried to restore the event mask in this way with no sucess: import pygtk import gtk def foo(widget, event): print event pygtk.require('2.0') window = gtk.Window(gtk.WINDOW_TOPLEVEL) window.connect('destroy', lambda x: gtk.main_quit()) eventbox = gtk.EventBox() eventbox.connect('button-press-event', foo) # works eventbox.connect('motion-notify-event', foo) # fail eventbox.set_events( gtk.gdk.BUTTON_MOTION_MASK| # restoring missed masks gtk.gdk.BUTTON1_MOTION_MASK| gtk.gdk.BUTTON2_MOTION_MASK| gtk.gdk.BUTTON3_MOTION_MASK) layout = gtk.Layout() image = gtk.image_new_from_file('/home/me/picture.jpg') layout.add(image) eventbox.add(layout) window.add(eventbox) window.show_all() gtk.main() How should I restore the missed event/mask?

    Read the article

  • flex 3 cancel tooltip event

    - by gmoniey
    I am trying to cancel a tooltip event (I only want it to display when the mouse is hovered over a certain area), and can't seem to figure it out. I tried stopPropagation, preventDefault, and stopImmediatePropagation, but none of them seem to work. Here the code I am using: private function toolTipCreateHandler(event:ToolTipEvent):void { if(event.currentTarget.mouseX < 130) { var tooltip:PhotoToolTip = new PhotoToolTip(); tooltip.src = event.currentTarget.toolTip; event.toolTip = tooltip; } else { event.stopImmediatePropagation(); } } Any ideas? Thanks

    Read the article

  • Keypress event on inserted span (jQuery)

    - by Coder
    Hi, I've been researching for a long time, and haven't found a possible solution. The problem I have is that I'm trying to attach an event handler to an span element just inserted. So basically the problem is, when a user performs a particular action that I set (clicking a button by example) I call this function: function AppendSpan() { $('#mydiv').append('<span id="someid" contenteditable="true">Some TExt</span>'); //Then I want to handle the keypress event on the inserted span $('#someid').keypress(function(event){//Do something here}); } The problem is that the keypress event is never triggered on the inserted span, I tried with the click event and it works fine, but not the keypress or keydown,keyup events. I also tried with $('span').live("keypress",function(event){//Do something}); but didn't work. Any suggestions would be appreciated, I need this to work only in FF, so no support for IE required.

    Read the article

  • Hibernate updating records and implementing listeners : getting only required attribute values for event.getOldState()

    - by Narendra
    Hi All, I am using Hibernate 3 as my persistence framework. Below is the sample hbm file I am using. <?xml version="1.0"?> <!DOCTYPE hibernate-mapping PUBLIC "-//Hibernate/Hibernate Mapping DTD 3.0//EN" "http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd"> <hibernate-mapping> <class name="com.test.User" table="user"> <meta attribute="implements">com.test.dao.interfaces.IEntity</meta> <id name="key" type="long" column="user_key"> <generator class="increment" /> </id> <property name="userName" column="user_name" not-null="true" type="string" /> <property name="password" column="password" not-null="true" type="string" /> <property name="firstName" column="first_name" not-null="true" type="string" /> <property name="lastName" column="last_name" not-null="true" type="string" /> <property name="createdDate" column="created_date" not-null="true" type="timestamp" insert="false" update="false" /> <property name="createdBy" column="created_by" not-null="true" type="string" update="false" /> </class> </hibernate-mapping> I am added a post-update listener. What it will do is if there any updations perfomed on User then it will be invoked and cahnges will be inserted to audit table. Below is the sample implementation for postupdate event. public void onPostUpdate(PostUpdateEvent event) { LogHelper.info(logger, "Begin - onPostUpdate " + event.getEntity().getClass().getSimpleName()); if (!this.checkForAudit(event.getEntity().getClass().getSimpleName())) { // check do we need to audit it. } // Get Attribute Names String[] attrNames = event.getPersister().getEntityMetamodel() .getPropertyNames(); Object[] oldobjectValue = c Object[] newObjectValue = event.getState(); this.auditDetailsEvent(attrNames, oldobjectValue, newObjectValue); LogHelper.info(logger, "End - onPostUpdate"); // return false; } Here is my requirement. event.getPersister().getEntityMetamodel() .getPropertyNames(); or event.getOldState(); or event.getState(); must return attribute names or value which i can update or insert. Is there any way to control the return values of above one's. Pleas help me on this regard. Thanks, Narendra

    Read the article

  • How to set a bean property before executing this f:event listener

    - by user
    How to set a bean property from jsf page before executing this f:event listener: <f:event type="preRenderComponent" listener="bean.method}"/> I tried the below code but it does not set the value to the bean property. <f:event type="preRenderComponent" listener="bean.method}"> <f:setPropertyActionListener target="#{bean.howMany}" value="2"/> </f:event> JSF2.1.6 with PF 3.3 EDIT Any issues with this below code? (This works! but I just want to confirm if there are any issues with this!?) <f:event type="preRenderComponent" listener="#{bean.setHowMany(15)}"/> <f:event type="preRenderComponent" listener="#{bean.method}"/>

    Read the article

  • best approah (security) to do some admin work through web page in Linux?

    - by Data-Base
    Hello, I want to build a web based admin tools that allow the system admin to run pre-configured commands and scripts through a web page (simple and limited webmin), what is the best approach? I already started with Ubuntu installing LAMP and give the user www-data root's privileges !!! as I learned (please check the link) this is a really bad move !!!, so how to build such web-based system without the security risk? cheers

    Read the article

  • Java embedded applet page security, how to properly meet its recquirements?

    - by meds
    If I have an applet embedded in a webpage and I want it to connect to server side software (also written in Java) how can I do this properly on a windows machine running local host? Would I have to run the java application from within the localhost directory and access the applet html from a browser (i.e. localhost/applet.html)? From what I undestand if you don't have everything setup correctly you won't be able to connect because of Java's security requirements. Thanks for any help :)

    Read the article

  • EJB3.1 logout doesn't work

    - by Kevin
    Hello, I've got a problem with the authentication features of EJB3.1: With this code in a Servlet v3: log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); log.info("===^==="); request.logout() ; log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); request.authenticate(response) ; log.info("===v==="); log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); I would always expect to see the Username/login windows, because of the logout() function. Instead, it seems to be a 'cache' mechanism which repopulate the credential and cancel my logout ... Admin BASIC ===^=== null null ===v=== Admin BASIC is it a problem with my firefox, or something I'm missing in the Servlet code? Thanks

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110  | Next Page >