Search Results

Search found 4062 results on 163 pages for 'secure government ficam sicam'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 142/163 | < Previous Page | 138 139 140 141 142 143 144 145 146 147 148 149  | Next Page >

  • Redirection fails in IE but is fine with Firefox

    - by Bob
    I use an <Authorize> attribute in ASP.NET MVC to secure a controller. My page loads portions of its content via AJAX. Here's a problem I have with IE8, but not Firefox 3.6: Sign in as user JohnDoe and navigate to http://www.example.com/AjaxPage. Everything works fine. AjaxPage is protected with the <Authorize> attribute. Sign out, which redirects me to http://www.example.com. That page doesn't use <Authorize>. Navigate to http://www.example.com/AjaxPage without signing in again. I should be redirected to the Sign In page since that controller has the <Authorize> attribute. Step 3 works with Firefox, but IE8 displays the non-Ajax portion of http://www.example.com/AjaxPage and then never loads the Ajax content. I'm surprised any content is displayed at all since I should be redirected to the Sign In page. My code redirects to the login page with: Return Redirect("https://login.live.com/wlogin.srf?appid=MY-APP-ID&alg=wsignin1.0") Why does Firefox handle this redirection, but IE doesn't? Since it works the first time (Step 1 above), is there a cache issue? EDIT: I used Fiddler to see if AjaxPage was being cached, but it appears not to be. I assume if it were cached, I'd get an HTTP Status Code 200 back. I may simply misunderstand this though.

    Read the article

  • Google's Oauth for Installed apps vs. Oauth for Web Apps

    - by burgerguy
    So I'm having trouble understanding something... If you do Oauth for Web Apps, you register your site with a callback URL and get a unique consumer secret key. But once you've obtained an Oauth for Web Apps token, you don't have to generate Oauth calls to the google server from your registered domain. I regularly use my key and token from scripts running via an apache server at localhost on my laptop and Google never says "you're not sending this request from the registered domain." It just sends me the data. Now, as I understand it, if you do Oauth for Installed Apps, you use "anonymous" instead of a secret key you got from Google. I've been thinking of just using the OAuth for Web Apps auth method, then passing that token to an installed app that has my secret code embedded in its innards. The worry is that the code could be discovered by bad people. But what's more secure... making them work for the secret code or letting them default to anonymous? What really goes bad if the "secret" is discovered when the alternative is using "anonymous" as the secret?

    Read the article

  • Asp.net PopupControlExtender inside UpdatePabel

    - by user296422
    Hi, So i use PopupControlExtender (to edit some of the fields) inside ListViewControl which itself is embeded inside an UpdatePanel. The problem is as follows whenever you cause partail postback the popup panels are created client side outside the updatepanel. And you get more clientside controls with the same clientside ID. When you postback with popup panel the server side control eg. Texbox has Text = clientsidecontrol1.text, clientsidecontrol2.text, clientsidecontrol.text3 Is there a way to prevent this. <%@ Page Language="C#" AutoEventWireup="true" CodeFile="Test.aspx.cs" Inherits="Secure_Test" %> <%@ Register assembly="AjaxControlToolkit" namespace="AjaxControlToolkit" tagprefix="cc1" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head runat="server"> <title></title> </head> <body> <form id="form1" runat="server"> <cc1:ToolkitScriptManager ID="ToolkitScriptManager1" runat="server"> </cc1:ToolkitScriptManager> <div> <asp:UpdatePanel ID="UpdatePanel1" runat="server"> <ContentTemplate> <asp:Label ID="InputLabel" runat="server" Text="Whatever you put in the textbox"></asp:Label> <br /> <asp:Label runat="server"> <%= DateTime.Now.ToString() %></asp:Label> <br /> <asp:Button ID="Button1" runat="server" Text="Refresh" /> <br /> <asp:LinkButton ID="PopupLB" runat="server">Popup</asp:LinkButton> <br /> <cc1:PopupControlExtender ID="PopupControlExtender1" runat="server" PopupControlID="Panel1" TargetControlID="PopupLB" CommitProperty="Value"> </cc1:PopupControlExtender> <asp:Panel ID="Panel1" runat="server"> <asp:UpdatePanel ID="UpdatePanel2" runat="server"> <ContentTemplate> <asp:TextBox ID="InputTB" runat="server"></asp:TextBox> <asp:Button ID="SubmitBTN" runat="server" Text="Submit" onclick="SubmitBTN_Click" UseSubmitBehavior="false" /> </ContentTemplate> </asp:UpdatePanel> </asp:Panel> </ContentTemplate> </asp:UpdatePanel> </div> </form> </body> </html> using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using AjaxControlToolkit; public partial class Secure_Test : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void SubmitBTN_Click(object sender, EventArgs e) { PopupControlExtender pce = AjaxControlToolkit.PopupControlExtender.GetProxyForCurrentPopup(Page); pce.Commit("Popup"); InputLabel.Text = InputTB.Text; } } To make it easier to test i post the code of an example page i used for testing. To make myself clear here is an example: i click Popup. Type "asdf" in the textbox and click Submit. InputPanel dispalys "asdf" i click Popup again. Type "qwerty" in the textbox and click Submit. InputPanel now displays "qwerty,asdf" When you check it the firebug you get this: <form id="form1" action="Test.aspx" method="post" name="form1"> <div> <input type="hidden" value=";;AjaxControlToolkit, Version=3.0.30930.21526, Culture=neutral, PublicKeyToken=28f01b0e84b6d53e:pl-PL:c83bc095-c5d9-40da-b175-dc46338fcc3a:865923e8:91bd373d:596d588c:411fea1c:e7c87f07:bbfda34c:30a78ec5:42b7c466;" id="ToolkitScriptManager1_HiddenField" name="ToolkitScriptManager1_HiddenField"> </div> <script type="text/javascript"> //&lt;![CDATA[ var theForm = document.forms['form1']; if (!theForm) { theForm = document.form1; } function __doPostBack(eventTarget, eventArgument) { if (!theForm.onsubmit || (theForm.onsubmit() != false)) { theForm.__EVENTTARGET.value = eventTarget; theForm.__EVENTARGUMENT.value = eventArgument; theForm.submit(); } } //]]&gt; </script> <script type="text/javascript" src="/WebResource.axd?d=B2RAZw_YugtketKJqWIbXA2&amp;t=634051184591131846"></script> <script type="text/javascript" src="/ScriptResource.axd?d=zifZiisoqXYJSwLXuAZ4DmtrWVvn9x0W1r7qfDo40UU7q9QYoa5ChdBZD6dDL66f0flKVDmPL2woIPesut_FUpsFZUN2A5sDN7IOqPUOZO41&amp;t=1a45d080"></script> <script type="text/javascript"> //&lt;![CDATA[ if (typeof(Sys) === 'undefined') throw new Error('Ladowanie struktury strony klienta ASP.NET Ajax nie powiodlo sie.'); //]]&gt; </script> <script type="text/javascript" src="/ScriptResource.axd?d=zifZiisoqXYJSwLXuAZ4DmtrWVvn9x0W1r7qfDo40UU7q9QYoa5ChdBZD6dDL66fyxEJaYB3uJEQ0r_TmOPczeBZ1gpFH5a6x4ug130lptsKAcGA3S1vt08sHQo5sFtH0&amp;t=1a45d080"></script> <script type="text/javascript" src="/Secure/Test.aspx?_TSM_HiddenField_=ToolkitScriptManager1_HiddenField&amp;_TSM_CombinedScripts_=%3b%3bAjaxControlToolkit%2c+Version%3d3.0.30930.21526%2c+Culture%3dneutral%2c+PublicKeyToken%3d28f01b0e84b6d53e%3apl-PL%3ac83bc095-c5d9-40da-b175-dc46338fcc3a%3a865923e8%3a91bd373d%3a596d588c%3a411fea1c%3ae7c87f07%3abbfda34c%3a30a78ec5%3a42b7c466"></script> <div> </div> <script type="text/javascript"> //&lt;![CDATA[ Sys.WebForms.PageRequestManager._initialize('ToolkitScriptManager1', document.getElementById('form1')); Sys.WebForms.PageRequestManager.getInstance()._updateControls(['tUpdatePanel1','tUpdatePanel2'], [], [], 90); //]]&gt; </script> <div> <div id="UpdatePanel1"> <span id="InputLabel">qwerty,asdf</span> <br> <span>2010-06-15 18:26:50</span> <br> <input type="submit" id="Button1" value="Refresh" name="Button1"> <br> <a href="javascript:__doPostBack('PopupLB','')" id="PopupLB">Popup</a> <br> </div> </div> <script type="text/javascript"> //&lt;![CDATA[ (function() {var fn = function() {$get('ToolkitScriptManager1_HiddenField').value = '';Sys.Application.remove_init(fn);};Sys.Application.add_init(fn);})();Sys.Application.initialize(); Sys.Application.add_init(function() { $create(AjaxControlToolkit.PopupControlBehavior, {"CommitProperty":"Value","PopupControlID":"Panel1","dynamicServicePath":"/Secure/Test.aspx","id":"PopupControlExtender1"}, null, null, $get("PopupLB")); }); //]]&gt; </script> <div id="Panel1" style="position: absolute; left: 8px; top: 73px; z-index: 1000; display: none; visibility: hidden;"> <div id="UpdatePanel2"> <input type="text" id="InputTB" name="InputTB"> <input type="button" id="SubmitBTN" onclick="javascript:__doPostBack('SubmitBTN','')" value="Submit" name="SubmitBTN"> </div> </div><span style="display: none ! important;"><input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET" value=""></span><span style="display: none ! important;"><input type="hidden" name="__EVENTARGUMENT" id="__EVENTARGUMENT" value=""></span><span style="display: none ! important;"><input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUJMTkwNzc2NzAzD2QWAgIDD2QWAgIDD2QWAmYPZBYCAgEPDxYCHgRUZXh0BQtxd2VydHksYXNkZmRkZApLPc2nZUC+UkZsCrByuofHMah5"></span><span style="display: none ! important;"><input type="hidden" name="__EVENTVALIDATION" id="__EVENTVALIDATION" value="/wEWBQLi2qWdAwKM54rGBgKIkJujDQKbjp+pDQKc7v+tArliNtJzeG8HrfsGBBXIViJAUGMz"></span><div id="Panel1" style="visibility: hidden; position: absolute; left: 8px; top: 73px; z-index: 1000; display: none;"> <div id="UpdatePanel2"> <input type="text" id="InputTB" value="asdf" name="InputTB"> <input type="button" id="SubmitBTN" onclick="javascript:__doPostBack('SubmitBTN','')" value="Submit" name="SubmitBTN"> </div> </div><div id="Panel1" style="display: none; visibility: hidden; position: absolute;"> <div id="UpdatePanel2"> <input type="text" id="InputTB" value="qwerty,asdf" name="InputTB"> <input type="button" id="SubmitBTN" onclick="javascript:__doPostBack('SubmitBTN','')" value="Submit" name="SubmitBTN"> </div> </div></form> InputTB and Panel1 where generated 3 time.

    Read the article

  • Programmatically open an email from a POP3 and extract an attachment

    - by Josh
    We have a vendor that sends CSV files as email attachments. These CSV files contain statuses that are imported into our application. I'm trying to automate the process end-to-end, but it currently depends on someone opening an email, saving the attachment to a server share, so the application can use the file. Since I cannot convince the vendor to change their process, such as offering an FTP location or a Web Service, I'm stuck with trying to automate the existing process. Does anyone know of a way to programmatically open an email from a POP3 account and extract an attachment? The preferred solution would reside on a Windows 2003 server, be written VB.NET and secure. The application can reside on the same server as the POP3 server, for example, we could setup the free POP3 server that comes with Windows Server and pull against the mail file stored on the file system. BTW, we are willing to pay for an off-the-shelf solution, if one exists. Note: I did look at this question but the answer points to a CodeProject solution that doesn't deal with attachments.

    Read the article

  • Adding editFTPnetPRO to SSIS package causes error message

    - by gfrizzle
    I'm trying to add some secure FTP code to an SSIS package. I've used the EnterpriseDT product successfully on other .NET projects, so I wanted to incorporate it into an SSIS 2008 package I'm working on. If I create a Script Task (VB), edit the script, choose Project | Add Reference, and select the editFTPnetPRO.dll file, it comes back with this error: No template information found. See the application log in Event Viewer for more details. To open Event Viewer, click Start, click Control Panel, double-click Administrative Tools, and then double-click Event Viewer. The application log doesn't contain any pertinent details. I have no idea what this is trying to tell me. I've gone down a couple dead ends searching for this error message and following the prescribed fixes, but nothing has fixed it yet. Any idea what might be going wrong? P.S. - I tried the devenv.exe /installvstemplates fix, which didn't change anything. Update: Here is the error captured in the SSIS package when you try to run it: Error: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. --- System.IO.FileNotFoundException: Could not load file or assembly 'edtFTPnetPRO, Version=6.3.1.20, Culture=neutral, PublicKeyToken=0dce1ad63760d80b' or one of its dependencies. The system cannot find the file specified. Where is it looking for this file? I tried copying it to the project direcory, the bin folder, and the C:\WINDOWS\Microsoft.NET\Framework\v2.0.nnnn folder, but it still can't find it, and it won't tell me where it's looking.

    Read the article

  • Speed vs security vs compatibility over methods to do string concatenation in Python

    - by Cawas
    Similar questions have been brought (good speed comparison there) on this same subject. Hopefully this question is different and updated to Python 2.6 and 3.0. So far I believe the faster and most compatible method (among different Python versions) is the plain simple + sign: text = "whatever" + " you " + SAY But I keep hearing and reading it's not secure and / or advisable. I'm not even sure how many methods are there to manipulate strings! I could count only about 4: There's interpolation and all its sub-options such as % and format and then there's the simple ones, join and +. Finally, the new approach to string formatting, which is with format, is certainly not good for backwards compatibility at same time making % not good for forward compatibility. But should it be used for every string manipulation, including every concatenation, whenever we restrict ourselves to 3.x only? Well, maybe this is more of a wiki than a question, but I do wish to have an answer on which is the proper usage of each string manipulation method. And which one could be generally used with each focus in mind (best all around for compatibility, for speed and for security). Thanks.

    Read the article

  • Submit WordPress form password programmatically

    - by songdogtech
    How can I let a user access a WordPress protected page with a URL that will submit the password in the form below? I want to be able to let a user get to a password protected WordPress page without needing to type the password, so when they go to the page, the password is submitted by a POST URL on page load. This not intended to be secure in any respect; I'll need to hardcode the password in the URL and the PHP. It's just for simplicity for the user, and once they're in, the cookie will let them in for 10 more days. I will select the particular user with separate PHP function that determines their IP or WordPress login status. I used Wireshark to find the POST string: post_password=mypassword&Submit=Submit but using this URL mydomain.com/wp-pass.php?post_password=mypassword&Submit=Submit gives me a blank page. This is the form: <form action="http://mydomain.com/wp-pass.php" method="post"> Password: <input name="post_password" type="password" size="20" /> <input type="submit" name="Submit" value="Submit" /></form> This is wp-pass.php: <?php require( dirname(__FILE__) . '/wp-load.php'); if ( get_magic_quotes_gpc() ) $_POST['post_password'] = stripslashes($_POST['post_password']); setcookie('wp-postpass_' . COOKIEHASH, $_POST['post_password'], time() + 864000, COOKIEPATH); wp_safe_redirect(wp_get_referer()); ?> What am I doing wrong? Or is there a better way to let a user into a password protected page automatically?

    Read the article

  • session regeneration in tomcat ?

    - by shrini1000
    Hi, I am using Spring security to secure my Java web application which is deployed in tomcat. I found out that it is vulnerable to session fixation attacks because tomcat does not create a new session upon successful log in. On debugging some more, here's what I found. For the following code (which is supposed to create a new session - pl. note, it's just a snippet and not full code): HttpSession session = request.getSession(false); session.invalidate(); session = request.getSession(true); // we now have a new session I thought a new session will be created, but tomcat simply uses the same session that got invalidated and hence the session id does not change. I searched online and found a solution which uses a 'valve' - http://marvinsmutterings.blogspot.com/2010/02/fixing-session-fixation-in-liferay-on.html but could not get it to work because it's looking for a jboss logging class and when I add it to lib, I get a reflection exception and the server doesn't start up. I'm using tomcat 5.5.28. Will be glad to have any pointers. Pl. let me know if you need more details, since I don't want to make this post too long. Sincere thanks!

    Read the article

  • TFS and Forms Authentication

    - by George
    I don't know squat about TFS, other than as a user who has performed simple check in/outs. I just installed it locally and would like to do joint development with a friend. I was having trouble making my TFS web site on port 8080 visible (the whole scoop is here if your interested) and I wonder if it could be related to the fact that TFS is probably using Windows Authentication to identify the user. Can TFS be set up to use forms authentication? We probably need to set up a VPN, though that's a learning curve too. To use TFS, do our machines have to belong to a domain? We're not admin types, though he is better than me, though I would be interested in any feedback or advice on which path is likely to pan out the best. I already got AxoSoft OneTime working in this type of an environment and it suits us well, but I am tempted at all the bells & whistles with TFS and the ability to tie tracked bug items to code changes. As far as finding a good way to share code, do sites like SourceForge allow one to keep code secure among members only?

    Read the article

  • Restrict access to connection pool in Weblogic?

    - by Andrew White
    In short, how can I restrict access to connection pool X based on application name or JAR name? A simple use case might help... A business web-app (call it WEB_APP_A) uses pool Y to do basic look-up SQL. Some users of this web-app have access to also update some sensitive data in the database. This code is provided by a JAR file (call it HR_JAR) that can be dropped in where needed. This JAR uses pool X for all of it's connections. We don't want developers of WEB_APP_A using pool X. We only want HR_JAR using pool X. This is to keep devs of WEB_APP_A from accidentally or intentionally abusing the access pool X provides. Some considerations: This is legacy code so HR_JAR is here to stay We are running on Weblogic 9.2 We can not keep passwords in any from in the source code We have researched weblogic user level authn/authz for JDBC resources but then this begs the question; how do we secure the user creds we use to become a user per app/jar? Ideas? Thoughts? I can elaborate more on what I have tried, but I wanted fresh ideas.

    Read the article

  • Using Active Directory to authenticate users in a WWW facing website

    - by Basiclife
    Hi, I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database. This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions) So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it. Any input appreciated Regards Basiclife

    Read the article

  • Setup SSL (self signed cert) with tomcat

    - by Danny
    I am mostly following this page: http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html I used this command to create the keystore keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/tomcat6/keystore and answered the prompts Then i edited my server.xml file and uncommented/edited this line <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="/etc/tomcat6/keystore" keystorePass="tomcat" /> then I go to the web.xml file for my project and add this into the file <security-constraint> <web-resource-collection> <web-resource-name>Security</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> When I try to run my webapp I am met with this: Unable to connect Firefox can't establish a connection to the server at localhost:8443. * The site could be temporarily unavailable or too busy. Try again in a few moments. * If you are unable to load any pages, check your computer's network connection. If I comment out the lines I've added to my web.xml file, the webapp works fine. My log file in /var/lib/tomcat6/logs says nothing. I can't figure out if this is a problem with my keystore file, my server.xml file or my web.xml file.... Any assistance is appreciated I am using tomcat 6 on ubuntu.

    Read the article

  • Works in Firefox & Opera, but not in IE8

    - by Ai Pragma
    1) This issue involves just one html webpage, lets call it "ajax.html".2) I have AJAX functions in this webpage that work in both Firefox and IE8.3) I now attempt generating just the option values of a dropdown list of dates using my ajax functions, and it works in Firefox & Opera, but not IE8.4) The surrounding html code for the dropdown looks like this:<select name="entry_7_single" id="entry_7" onChange="Ajax_PhpResultsWithVar('./secure/db/SummaryCls.php','entry_8','dateval',this.value)"></select>The onchange call refers to an ajax function that successfully(both Firefox & IE8) populates a textarea(entry_8) with a description of an event associated with the date selected in this dropdown. 5) An onload call initiates the ajax function to generate the dropdown list values:<body class="ss-base-body" onLoad="OnLoadWebPage()">6) The js script that calls the ajax function is as follows:function OnLoadWebPage(){    Ajax_PhpResults('./secure/db/GenDateListCls.php','entry_7');}7) Since it works in Firefox, but not IE8, I throw the output of the ajax function into a Firefox large textbox and I get the following:<option selected value="8 JUN 2010">8 JUN 2010</option>                   <option value="9 JUN 2010">9 JUN 2010</option>                   <option value="10 JUN 2010">10 JUN 2010</option>                   <option value="11 JUN 2010">11 JUN 2010</option> 8 ) There are over a hundred generated but you get the gist of what the ajax function generates. Next I will list the PHP function that outputs the above dropdown values://///////////////////////////////////////////////////////////////////////////////////////////////////////<?phpinclude_once 'SPSQLite.class.php';include_once 'misc_funcs.php';class GenDateListCls {    var $dbName;    var $sqlite;        function GenDateListCls()    {        $this->dbName = 'accrsc.db';        $this->ConstructEventDates();    }        function ConstructEventDates()    {         $this->sqlite = new SPSQLite($this->dbName);         $todayarr = getdate();         $today = $todayarr[mday] . " " . substr($todayarr[month],0,3) . " " . $todayarr[year];                  $ICalDate = ChangeToICalDate($today);         $dateQuery = "SELECT dtstart from events where substr(dtstart,1,8) >= '" . $ICalDate . "';";         $this->sqlite->query($dateQuery);         $datesResult = $this->sqlite->returnRows();                      foreach (array_reverse($datesResult) as $indx => $row)         {                       $normDate = NormalizeICalDate(substr($row[dtstart],0,8));              if ($indx==0)              { ?>                 <option selected value=<?php echo('"' . $normDate . '"'); ?>><?php echo $normDate; ?></option><?php                               }                          else              {?>                  <option value=<?php echo('"' . $normDate . '"'); ?>><?php echo $normDate; ?></option><?php                                   }                       }                   $this->sqlite->close();     }}$dateList = new GenDateListCls();    ?>/////////////////////////////////////////////////////////////////////////////////////////////////////////////<<< I appreciate any assistance on this matter. Aipragma >>> My Background: To let you all know, I am a complete newbie to PHP, Ajax, & javascript, and learning it all on my own, no classes. My background is in Linux, Windows, C++, Java, VB,VBA,MS XML, & some html.

    Read the article

  • Rot13 for numbers.

    - by dreeves
    EDIT: Now a Major Motion Blog Post at http://messymatters.com/sealedbids The idea of rot13 is to obscure text, for example to prevent spoilers. It's not meant to be cryptographically secure but to simply make sure that only people who are sure they want to read it will read it. I'd like to do something similar for numbers, for an application involving sealed bids. Roughly I want to send someone my number and trust them to pick their own number, uninfluenced by mine, but then they should be able to reveal mine (purely client-side) when they're ready. They should not require further input from me or any third party. (Added: Note the assumption that the recipient is being trusted not to cheat.) It's not as simple as rot13 because certain numbers, like 1 and 2, will recur often enough that you might remember that, say, 34.2 is really 1. Here's what I'm looking for specifically: A function seal() that maps a real number to a real number (or a string). It should not be deterministic -- seal(7) should not map to the same thing every time. But the corresponding function unseal() should be deterministic -- unseal(seal(x)) should equal x for all x. I don't want seal or unseal to call any webservices or even get the system time (because I don't want to assume synchronized clocks). (Added: It's fine to assume that all bids will be less than some maximum, known to everyone, say a million.) Sanity check: > seal(7) 482.2382 # some random-seeming number or string. > seal(7) 71.9217 # a completely different random-seeming number or string. > unseal(seal(7)) 7 # we always recover the original number by unsealing.

    Read the article

  • What should a developer know before building a public web site?

    - by Joel Coehoorn
    What things should a programmer implementing the technical details of a web site address before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what important thing could I be forgetting as well? I'm thinking about this from a web developer's perspective, such that someone else is creating the actual design and content for the site. So while usability and content may be more important than the platform, you the programmer have little say in that. What you do need to worry about is that your implementation of the platform is stable, performs well, is secure, and meets any other business goals (like not cost too much, take too long to build, and rank as well with Google as the content supports). Think of this from the perspective of a developer who's done some work for intranet-type applications in a fairly trusted environment, and is about to have his first shot and putting out a potentially popular site for the entire big bad world wide web. Also: I'm looking for something more specific than just a vague "web standards" response. I mean, HTML, JavaScript, and CSS over HTTP are pretty much a given, especially when I've already specified that you're a professional web developer. So going beyond that, Which standards? In what circumstances, and why? Provide a link to the standard's specification. This question is community wiki, so please feel free to edit that answer to add links to good articles that will help explain or teach each particular point.

    Read the article

  • iPhone app rejection for using ICU (Unicode extensions)

    - by nickbit
    I received the following mail form Apple, considering my application: *Thank you for submitting your update to ??µ??es?a to the App Store. During our review of your application we found it is using private APIs, which is in violation of the iPhone Developer Program License Agreement section 3.3.1; "3.3.1 Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs." While your application has not been rejected, it would be appropriate to resolve this issue in your next update. The following non-public APIs are included in your application: u_isspace ubrk_close ubrk_current ubrk_first ubrk_next ubrk_open If you have defined methods in your source code with the same names as the above mentioned APIs, we suggest altering your method names so that they no longer collide with Apple's private APIs to avoid your application being flagged with future submissions. Please resolve this issue in your next update to ??µ??es?a. Sincerely, iPhone App Review Team* The functions mentioned in this mail are used in the ICU library (International Components for Unicode). Although my app is not rejected at this point, I don't feel very secure for the future of my app, because it relies heavily on the Unicode protocol and on this components in particular. Another thing is that I do not call these functions directly, but they are called by a custom 'sqlite' build (with FTS3 extensions enabled). Am I missing something here? Any suggestions?

    Read the article

  • Card emulation via software NFC

    - by user85030
    After reading a lot of questions, i decided to post this one. I read that stock version of android does not support API's for card emulation. Also, we cannot write custom applications to secure element embedded in nfc controllers due to keys managed by google/samsung. I need to emulate a card (mifare or desfire etc). The option i can see is doing it via software. I have a ACR122U reader and i've tested that NFC P2P mode works fine with the Nexus-S that i have. 1) I came across a site that said that nexus s's NFC controller (pn532) can emulate a mifare 4k card. If this is true, can i write/read apdu commands to this emulated card? (Probably if i use a modded rom like cyanogenmod) 2) Can i write a android application that reads apdu commands sent from the reader and generate appropriate responses (if not fully, then upto some extent only). To do so, i searched that we need to patch nexus s with cynagenmod. Has someone tried emulating card via this method? I see that this is possible since we have products from access control companies offering mobile applications via which one can open doors e.g. http://www.assaabloy.com/en/com/Products/seos-mobile-access/

    Read the article

  • Set up Gitosis, but can't clone

    - by Tim Rupe
    I've set up Gitosis on a remote Ubuntu box which I will refer to as linuxserver as my host in the following commands. I'm also connecting from a Windows box using Cygwin. I followed the instructions according to: http://scie.nti.st/2007/11/14/hosting-git-repositories-the-easy-and-secure-way I had no problems up until I needed to clone the gitosis-admin repository to my local machine git clone git@linuxserver:gitosis-admin.git When I do this, the command executes, but hangs there displaying nothing until I ctrl-c to get back to a command prompt. No messages are displayed at all. I'm pretty sure I have my ssh keys set up properly, because logging in using "ssh linuxserver" into my regular account works perfectly without asking for a password. Edit: Over the weekend I set up a near identical Ubuntu box at home, and had no problem setting up Gitosis. The only difference was that I was connecting from OSX instead of Cygwin. Edit: I've also discovered that when using the Bash Shell provided with "Git Extensions", I have no problems, so the issue definitely seems to be some kind of Cygwin conflict. Edit: Just an update, but about a month after posting this question, I switched to Mercurial, and found that I prefer it much more than git. Thanks for the suggestions, but I don't plan on going back to git to try any of them out.

    Read the article

  • How Can I: Generate 40/64 Bit WEP Key In Python?

    - by Aktariel
    So, I've been beating my head against the wall of this issue for several months now, partly because it's a side interest and partly because I suck at programming. I've searched and researched all across the web, but have not had any luck (except one small bit of success; see below), so I thought I might try asking the experts. What I am trying to do is, as the title suggests, generate a 40/64 bit WEP key from a passphrase, according to the "de facto" standard. (A site such as [http://www.powerdog.com/wepkey.cgi] produces the expected outputs.) I have already written portions of the script that take inputs and write them to a file; one of the inputs would be the passphrase, sanitized to lower case. For the longest time I had no idea what the defacto standard was, much less how to even go about implementing it. I finally stumbled across a paper (http://www.lava.net/~newsham/wlan/WEP_password_cracker.pdf) that sheds as much light as I've had yet on the issue (page 18 has the relevant bits). Apparently, the passphrase is "mapped to a 32-bit value with XOR," the result of which is then used as the seed for a "linear congruential PRNG (which one of the several PRNGs Python has would fit this description, I don't know), and then from that result several bits of the result are taken. I have no idea how to go about implementing this, since the description is rather vague. What I need is help in writing the generator in Python, and also in understanding how exactly the key is generated. I'm not much of a programmer, so explanations are appreciated as well. (Yes, I know that WEP isn't secure.)

    Read the article

  • how to create an function using jquery live? [Solved]

    - by Mahmoud
    Hey all i am trying to create a function that well keep the user in lightbox images while he adds to cart, for a demo you can visit secure.sabayafrah.com username: mahmud password: mahmud when you click at any image it well enlarge using lightbox v2, so when the user clicks at the image add, it well refresh the page, when i asked about it at jcart support form they informed me to use jquery live, but i dont know how to do it but as far as i tried this code which i used but still nothing is happening jQuery(function($) { $('#button') .livequery(eventType, function(event) { alert('clicked'); // to check if it works or not return false; }); }); i also used jQuery(function($) { $('input=[name=addto') .livequery(eventType, function(event) { alert('clicked'); // to check if it works or not return false; }); }); yet nothing worked for code to create those images http://pasite.org/code/572 Update 1: i have done this function adding(form){ $( "form.jcart" ).livequery('submit', function() {var b=$(this).find('input[name=<?php echo $jcart['item_id']?>]').val();var c=$(this).find('input[name=<?php echo $jcart['item_price']?>]').val();var d=$(this).find('input[name=<?php echo $jcart['item_name']?>]').val();var e=$(this).find('input[name=<?php echo $jcart['item_qty']?>]').val();var f=$(this).find('input[name=<?php echo $jcart['item_add']?>]').val();$.post('<?php echo $jcart['path'];?>jcart-relay.php',{"<?php echo $jcart['item_id']?>":b,"<?php echo $jcart['item_price']?>":c,"<?php echo $jcart['item_name']?>":d,"<?php echo $jcart['item_qty']?>":e,"<?php echo $jcart['item_add']?>":f} }); return false; } and it seems to add to jcart but yet it still refreshes

    Read the article

  • 4.0/WCF: Best approach for bi-idirectional message bus?

    - by TomTom
    Just a technology update, now that .NET 4.0 is out. I write an application that communicates to the server through what is basically a message bus (instead of method calls). This is based on the internal architecture of the application (which is multi threaded, passing the messages around). There are a limited number of messages to go from the client to the server, quite a lot more from the server to the client. Most of those can be handled via a separate specialized mechanism, but at the end we talk of possibly 10-100 small messages per second going from the server to the client. The client is supposed to operate under "internet conditions". THis means possibly home end users behind standard NAT devices (i.e. typical DSL routers) - a firewalled secure and thus "open" network can not be assumed. I want to have as little latency and as little overhad for the communication as possible. What is the technologally best way to handle the message bus callback? I Have no problem regularly calling to the server for message delivery if something needs to be sent... ...but what are my options to handle the messagtes from the server to the client? WsDualHttp does work how? Especially under a NAT scenario? Just as a note: polling is most likely out - the main problem here is that I would have a significant overhead OR a significant delay, both aren ot really wanted. Technically I would love some sort of streaming appraoch, where the server can write messags to a stream while he generates them and they get sent to the client as they come. Not esure this is doable with WCF, though (if not, I may acutally decide to handle the whole message part outside of WCF and just do control / login / setup / destruction via WCF).

    Read the article

  • When connecting SAP Business One to SQL Server 2005, what is the

    - by Nick
    we have SAP Business One - Fourth Shift Edition running here at a small manufacturing company. The consulting company that has come in to do the installation/implementation uses the "sa" id/pass to initially connect to the database to get the list of companies. From then on, I have to assume that its the sa id/pass that is being used to connect the client software to the database. Is this appropriate? I dont know where this data is being stored... as an ODBC connection? directly in the registry somewhere? Is it secure? Would it be better to set the users network ID in the database security and then use the "trusted connection" setting instead? Or do most people create a separate login in the database for each user and use that in the client settings? seems like the easiest way would be to add the users network login to the sql server security so they can use the "trusted connection"... but then wouldn't that allow ANY software to connect to the database from that machine? So anyways: what are the best-practices for setting this up?

    Read the article

  • Custom basic authentication fails in IIS7

    - by manu08
    I have an ASP.NET MVC application, with some RESTful services that I'm trying to secure using custom basic authentication (they are authenticated against my own database). I have implemented this by writing an HTTPModule. I have one method attached to the HttpApplication.AuthenticateRequest event, which calls this method in the case of authentication failure: private static void RejectWith401(HttpApplication app) { app.Response.StatusCode = 401; app.Response.StatusDescription = "Access Denied"; app.CompleteRequest(); } This method is attached to the HttpApplication.EndRequest event: public void OnEndRequest(object source, EventArgs eventArgs) { var app = (HttpApplication) source; if (app.Response.StatusCode == 401) { string val = String.Format("Basic Realm=\"{0}\"", "MyCustomBasicAuthentication"); app.Response.AppendHeader("WWW-Authenticate", val); } } This code adds the "WWW-Authenticate" header which tells the browser to throw up the login dialog. This works perfectly when I debug locally using Visual Studio's web server. But it fails when I run it in IIS7. For IIS7 I have the built-in authentication modules all turned off, except anonymous. It still returns an HTTP 401 response, but it appears to be removing the WWW-Authenticate header. Any ideas?

    Read the article

  • Correct usage of addEventListener() /attachEvent()?

    - by ginny
    Hi guys! I'm wondering how to use "addEventListener" resp. "attachEvent" correctly!? window.onload=function(myFunc1){ // do something } function myFunc2(){ // do something } if (window.addEventListener){ window.addEventListener('load', myFunc2, false); } else if (window.attachEvent){ window.attachEvent('onload', myFunc2); } ... or function myFunc1(){ // do something } if (window.addEventListener){ window.addEventListener('load', myFunc1, false); } else if (window.attachEvent){ window.attachEvent('onload', myFunc1); } function myFunc2(){ // do something } if (window.addEventListener){ window.addEventListener('load', myFunc2, false); } else if (window.attachEvent){ window.attachEvent('onload', myFunc2); } ... ? Is this cross-browser secure or should I better go with sth. like this: function myFunc1(){ // do something } function myFunc2(){ // do something } ... function addOnloadEvent(fnc){ if ( typeof window.addEventListener != "undefined" ) window.addEventListener( "load", fnc, false ); else if ( typeof window.attachEvent != "undefined" ) { window.attachEvent( "onload", fnc ); } else { if ( window.onload != null ) { var oldOnload = window.onload; window.onload = function ( e ) { oldOnload( e ); window[fnc](); }; } else window.onload = fnc; } } addOnloadEvent(myFunc1); addOnloadEvent(myFunc2); ... AND: Say "myfunc2" is for IE 7 only. How to modify the correct/preferred method accordingly? Thank you so much!

    Read the article

  • send email C# using smtp server with username password authentification

    - by KK
    I have a piece of code that sends email.. heres the code This is not working for me. This a remote smtp service ... and i double checked that email web access works fine .. i can login using the gui, recieve and send emails. But when i try to do it through code .. it fails with the message ... {System.Net.Mail.SmtpException: The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.0 No AUTH command has been given. Can anybody advise ... and also they dont have EWS exposed ie.e exchange web service ./.. this is the way to go .. port is 25 and no SSL or TLS Button b = sender as Button; try { MailMessage msg = new MailMessage(senderEmail, recieverEmail, "afdasfas", "safasfa"); //MailMessage msg = new MailMessage(senderEmail, recieverEmail, subject, subject); System.Net.Mail.SmtpClient mailclient = new System.Net.Mail.SmtpClient(EmailSmtpServer, outgoingPort); System.Net.NetworkCredential auth = new System.Net.NetworkCredential(senderEmail, senderPassword); mailclient.Host = EmailSmtpServer; mailclient.UseDefaultCredentials = false; mailclient.Credentials = auth; mailclient.Send(msg); MessageBox.Show(b.Content + ":WORKED"); } catch (Exception e4) { MessageBox.Show(b.Content + ": " +e4.Message); MessageBox.Show(b.Content + ": " + e4.StackTrace); }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 138 139 140 141 142 143 144 145 146 147 148 149  | Next Page >