Search Results

Search found 93618 results on 3745 pages for 'server security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 174/3745 | < Previous Page | 170 171 172 173 174 175 176 177 178 179 180 181  | Next Page >

  • .net 4.0 with Code Access Security NetFx40_LegacySecurityPolicy won't work

    - by user210903
    Hi- I'm trying to use an external library DevExpress.XtraTreeList.v8.1.dll in my vsto office addin built using VS2010 beta 2. I am getting the following compile time error: DevExpress.Utils.AppareanceObject threw an exception -- System.NotSupportedException. The error message goes on to say that for compatibility reasons I can use the NetFx40_LegacySecurityPolicy switch. I've tried putting this config variable in all of the following locations: 1) my applications config file. 2) C:\Windows\Microsoft.NET\Framework\v4.0.21006\msbuild.exe.config 3) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\dev.exe.config None of these have resolved the problem. Here were the references I've used. re-enable cas msdn.microsoft.com/en-us/library/ee191568(VS.100).aspx How do I get rid of this error so I can build the application in vs 2010?

    Read the article

  • firefox extension security issue

    - by rep_movsd
    I'm writing a firefox addon that logs certain user activity and displays some statistics on a webpage. When the page is opened, the page sends an event to the addon. The addon adds data to the page and sends an event back, and the page refreshes the statistics. Now how do I ensure that the extension only puts the (sensitive) data on the right page and not some other malicious one? Thanks V

    Read the article

  • Security for ASP.NET application running on intranet / VPN

    - by Ryan
    Hi, I have an ASP.NET app that sits on our intranet, using the WindowsIdentity to identify the user: WindowsIdentity wi = HttpContext.Current.User.Identity as WindowsIdentity; if (wi == null || wi.Name == null) { noAccess("No WindowsIdentity"); return; } string username = wi.Name; if (username.Contains("\\")) username = username.Substring(username.LastIndexOf("\\") + 1); This works fine on our Intranet. However, when users from other offices (separate network, with firewall open) they get a password request input box. Why are they getting the password dialogue? What is the recommended way identify users of the app? I want to avoid using password, but windows identities. Anyone attempting to access the application is inside a trusted network. Thanks a lot for any help Ryan

    Read the article

  • Python: Dennis Nedry - Security

    - by Peter Nielsen
    Has anyone seen Jurrassic Park where Dennis Nedry has protected the system with an animation that says 'You didn't say the magic word' where after the system goes down. Is it possible to do something similar ikn Python ? To describe it less humoristic: A response screen which waits for a condition fulfilled by the user. And encrypts and locks the system after a certain time. Is that possible on a linux system by the use of Python ?

    Read the article

  • Asp.net Security: IIdentity.IsAuthenticated default implementation.

    - by Pickels
    Hello Stackoverflowers, I am writing my own custom Identity class which implements IIdentity. I don't need to change the default method IsAuthenticated but so now I was wondering how does the default IIdentity determines if it should return true or false? I thought to find the answer in the FormsAuthenticationTicket I am using but not sure if that is correct. Thanks in advance, Pickels

    Read the article

  • Locking down RAD Studio internal browser security.

    - by HMcG
    I use Firefox as my web browser, mostly for access to add-ins such as Flashblock and No-script. I noticed yesterday that the RAD Studio internal browser used for the Welcome Page etc has scripting and Active X etc enabled. Is there a way to disable scripting, or better still, block all access to non-local sources in the built-in browser?

    Read the article

  • Spring Security: Authentication returns null

    - by Mike
    Hi! I implemented FilterInvocationSecurityMetadataSource. in getAttribute, i am trying to extract the Authentication object to achieve the user and get his allowed views from the database:Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); but the authentication is null! why? how can i achieve it?

    Read the article

  • SBS2003 to SBS2011 Migration - Installation Error

    - by Shawn Gradwell
    Microsoft Small Business Server 2003 to 2011 Migration. I followed the Migration Guide from Microsoft and the source server had no errors when running the various tests prior to the migration. I have completed the destination server setup using the Answer File and the server is up and running. It all looks good, I can access Exchange and AD and the only problem is the error message when you log in stating that the setup did not complete and to check the logs. Because all looks good I am continuing the migration to the destination server. I also have to state that this client does not use Sharepoint at all. Do I have to redo everything? Herewith the logs: [4992] 121016.225454.5905: Task: Starting Add User or Group access VSS registry. [4992] 121016.225454.7645: TaskManagement: In TaskScheduler.RunTasks(): The "ConfigureSharePointVSSRegistryTask" Task threw an Exception during the Run() call:System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified) at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.AddUsersToAccessRegistry(List`1 names) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.Run(ITaskDataLink dl) at Microsoft.WindowsServerSolutions.TaskManagement.Data.Task.Run(ITaskDataLink dataLink) at Microsoft.WindowsServerSolutions.TaskManagement.TaskScheduler.RunTasks(String taskListId, String stateFileName) [4992] 121016.225454.7655: Setup: An error was encountered on the TME thread: System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified) at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.AddUsersToAccessRegistry(List`1 names) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.Run(ITaskDataLink dl) at Microsoft.WindowsServerSolutions.TaskManagement.Data.Task.Run(ITaskDataLink dataLink) at Microsoft.WindowsServerSolutions.TaskManagement.TaskScheduler.RunTasks(String taskListId, String stateFileName) at Microsoft.WindowsServerSolutions.Setup.SBSSetup.ProgressPagePresenter._RunTasks(Object sender, DoWorkEventArgs e) [4956] 121016.225455.0685: Setup: _UnhandledExceptionHandler: Setup encountered an error: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.Reflection.TargetInvocationException: The TME thread failed (see the inner exception). ---> System.Security.Principal.IdentityNotMappedException: Some or all identity references could not be translated. at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess) at System.Security.Principal.NTAccount.Translate(Type targetType) at System.Security.AccessControl.CommonObjectSecurity.ModifyAccess(AccessControlModification modification, AccessRule rule, Boolean& modified) at System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(AccessRule rule) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.AddUsersToAccessRegistry(List`1 names) at Microsoft.WindowsServerSolutions.IWorker.Tasks.ConfigureSharePointVSSRegistryTask.Run(ITaskDataLink dl) at Microsoft.WindowsServerSolutions.TaskManagement.Data.Task.Run(ITaskDataLink dataLink) at Microsoft.WindowsServerSolutions.TaskManagement.TaskScheduler.RunTasks(String taskListId, String stateFileName) at Microsoft.WindowsServerSolutions.Setup.SBSSetup.ProgressPagePresenter._RunTasks(Object sender, DoWorkEventArgs e) at System.ComponentModel.BackgroundWorker.WorkerThreadStart(Object argument) --- End of inner exception stack trace --- at Microsoft.WindowsServerSolutions.Setup.SBSSetup.ProgressPagePresenter.TasksCompleted(Object sender, RunWorkerCompletedEventArgs e) --- End of inner exception stack trace --- at System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks) at System.Delegate.DynamicInvokeImpl(Object[] args) at System.Windows.Forms.Control.InvokeMarshaledCallbackDo(ThreadMethodEntry tme) at System.Windows.Forms.Control.InvokeMarshaledCallbackHelper(Object obj) at System.Threading.ExecutionContext.runTryCode(Object userData) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Windows.Forms.Control.InvokeMarshaledCallback(ThreadMethodEntry tme) at System.Windows.Forms.Control.InvokeMarshaledCallbacks() at System.Windows.Forms.Control.WndProc(Message& m) at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam) at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg) at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr dwComponentID, Int32 reason, Int32 pvLoopData) at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context) at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context) at Microsoft.WindowsServerSolutions.Common.Wizards.Framework.WizardChainEngine.Launch() at Microsoft.WindowsServerSolutions.Setup.SBSSetup.MainClass._LaunchWizard() at Microsoft.WindowsServerSolutions.Setup.SBSSetup.MainClass.RealMain(String[] args) at Microsoft.WindowsServerSolutions.Setup.SBSSetup.MainClass.Main(String[] args) [4956] 121016.225455.0865: Setup: Removed the password. [4956] 121016.225455.0905: Setup: Deleting scheduled task at path Microsoft\Windows\Windows Small Business Server 2011 Standard with name Setup [4956] 121016.225455.8055: Setup: Removed SBSSetup from the RunOnce.

    Read the article

  • database security with php page that spits out XML

    - by Rees
    Hello, I just created a PHP page that spits outs some data from my database in an XML format. This data is fetched from a flex application I made. I had spent a long time formatting my tables and database information and do not want anyone to be able to simply type www.mysite.com/page_that_spits_out_XML.php and steal my data. However, at the same time I need to be able to access this page from my flex application. Is there a way I can prevent other people from doing this? Thank you!

    Read the article

  • silverlight security with WCF service, Forms Authentication and Custom Form Ticket

    - by user74825
    I have a silverlight application with login on the silverlight page. It uses Forms Authentication with WCF authentication service and customer Membership Provider. Something like : http://blogs.msdn.com/phaniraj/archive/2009/09/10/using-the-ado-net-data-services-silverlight-client-library-in-x-domain-and-out-of-browser-scenarios-ii-forms-authentication.aspx So, SL page login page calls the WCF service authentication service, it validates using DB - brings back username and password. Now, in each subsequent calls (in Global.asax in Authenticate_Request, I get HttpContext.User.IsAuthenticated and HttpContext.User.UserName). I have all this working properly. But, I just don't want the username, but more information surrounding the user, like UserId, UserAddress, UserAssociateCustomer etc. I tried couple of different approaches. 1) Use HttpContext.Cache as a dictionary to save the item and get it off based on httpcontext.user.name, problem is cache can be erased if there memory is being used heavily. 2) Tried CustomFormsAuth Ticket, when forms authentication writes a ticket, I intercept CreatingCookie method and write additional info in formauthentication ticket, so that I can read it in subsequent requests, I am having problems with this approach, I don't find the ticket in subsequent requests. I read about how we should use REsponse.Redirect, but where do I redirect user from WCF call. How do you guys implement the above scenario? Any best practices.? Any issues you see with going on HTTPS? All examples (or most of them) just explains simple forms authentication with "I am logged in message".. Any suggestions ?

    Read the article

  • HTML5 Web DB Security

    - by darrenc
    Hi all! I'm looking into an offline web app solution using HTML5. The functionality is everything I need BUT the data stored can be directly queried right in the browser and therefore completely unsecure! Is there anyway to encrypt/hide so that the data is secure? Thanks, D.

    Read the article

  • WPF Skin Skinning Security Concerns

    - by Erik Philips
    I'm really new to the WPF in the .Net Framework (get that out of the way). I'm writing an application where the interface is very customizable by simply loading .xaml (at the moment a Page element) files into a frame and then mapping the controls via names as needed. The idea is to have a community of people who are interested in making skins, skin my application however they want (much like Winamp). Now the question arises, due to my lack of Xaml knowledge, is it possible to create malicious Xaml pages that when downloaded and used could have other embedded Iframes or other elements that could have embed html or call remote webpages with malicious content? I believe this could be the case. If this is the case then I two options; either I have an automated process that can remove these types of Xaml files by checking it’s elements prior to allowing download (which I would assume would be most difficult) or have a human review them prior to download. Are there alternatives I’m unaware of that could make this whole process a lot easier?

    Read the article

  • Best Practices / Patterns for Enterprise Protection/Remediation of SSNs (Social Security Numbers)

    - by Erik Neu
    I am interested in hearing about enterprise solutions for SSN handling. (I looked pretty hard for any pre-existing post on SO, including reviewing the terriffic SO automated "Related Questions" list, and did not find anything, so hopefully this is not a repeat.) First, I think it is important to enumerate the reasons systems/databases use SSNs: (note—these are reasons for de facto current state—I understand that many of them are not good reasons) Required for Interaction with External Entities. This is the most valid case—where external entities your system interfaces with require an SSN. This would typically be government, tax and financial. SSN is used to ensure system-wide uniqueness. SSN has become the default foreign key used internally within the enterprise, to perform cross-system joins. SSN is used for user authentication (e.g., log-on) The enterprise solution that seems optimum to me is to create a single SSN repository that is accessed by all applications needing to look up SSN info. This repository substitutes a globally unique, random 9-digit number (ASN) for the true SSN. I see many benefits to this approach. First of all, it is obviously highly backwards-compatible—all your systems "just" have to go through a major, synchronized, one-time data-cleansing exercise, where they replace the real SSN with the alternate ASN. Also, it is centralized, so it minimizes the scope for inspection and compliance. (Obviously, as a negative, it also creates a single point of failure.) This approach would solve issues 2 and 3, without ever requiring lookups to get the real SSN. For issue #1, authorized systems could provide an ASN, and be returned the real SSN. This would of course be done over secure connections, and the requesting systems would never persist the full SSN. Also, if the requesting system only needs the last 4 digits of the SSN, then that is all that would ever be passed. Issue #4 could be handled the same way as issue #1, though obviously the best thing would be to move away from having users supply an SSN for log-on. There are a couple of papers on this: UC Berkely: http://bit.ly/bdZPjQ Oracle Vault: bit.ly/cikbi1

    Read the article

  • jboss server log

    - by user309281
    Hi I am having web application running in JBOSS AS 4.2.2. Observed that jboss server automatically shuts down, and the following exception is observed in server.log 14:20:38,048 INFO [Server] Runtime shutdown hook called, forceHalt: true 14:20:38,049 INFO [Server] JBoss SHUTDOWN: Undeploying all packages I want to enable TRACE for org.jboss.system.server.Server in jboss-log4j.xml, to hopefully get some more info when the server shuts down. Pls let me know how to enable TRACE for org.jboss.system.server.Server in jboss-log4j.xml Thanks in advance

    Read the article

  • PHP Form Security With Referer

    - by Jascha
    I'm putting together a site that will make itself available for user input. I was wondering if writing a function like: if(getenv("HTTP_REFERER") != 'http://www.myURL.com/submitArea'){ die('don\'t be an jerk, ruin your own site'); }else{ // continue with form processing } is enough to prevent cross site form submissions.

    Read the article

  • Cloud security and privacy

    - by Rakesh K
    Hi, I have a very basic doubt regarding cloud computing that is catching up pretty fast these days. To my understanding, cloud computing is a paradigm in which companies put up their data and applications on somebody else's machines aka 'The Cloud'. I want to know just how secure is it to put up my data on some third party machines, especially if my data contains private details. In particular, how can an enterprise trust the cloud computing service providers in this data privacy aspect? Thanks, rakesh.

    Read the article

  • SSRS 2008 Snapshotting Security

    - by Holy Christ
    Hi, I'm writing a report that will show data based on the User!UserID built into the SSRS infrastructure. The data is sensitive to the user's department. In addition to these department users, there will be admins that should be able to run for all departments, or have a report parameter to run for a specific department. Ideally, I'd like to use SSRS snapshotting so that users can rerun a report they ran on a previous date. It's important that a user can only view the snapshots he created for his department. My questions are: 1.) Does SSRS snapshotting provide a mechanism to limit viewing snapshots by the user that created them? 2.) Will I need to write two reports, one for the admin and one for the department users? I think I do since there isn't a way to secure report parameters. Thanks!

    Read the article

  • Security of WCF endpoints

    - by Matt
    For the sake of argument, lets say that I've got a basicHttp WCF service. Besides implementing authentication (login/logout methods), what is stopping someone from just cracking open Visual Studio, adding a web reference to my website's service, and then playing playing around with my service? I'm not familiar with a method of stopping someone from doing this. The idea of someone downloading all of my Data/Operation contracts and then start playing around is keeping me up at night, and I like my sleep!

    Read the article

  • Code igniter authentication code in controller security question

    - by Prime Studios
    I have a main controller to handle the very front-end of my authentication system, it handles login, logout, update user info, etc. functions that I anticipate calling by POST'ing from views/forms. What about something like a "delete_user" function though? My thoughts are a button in someones admin panel would say "Delete Account" and it would post to "/auth/delete", and the function would delete the user based on their session username or id. This seems a bit open ended, you could send out a link to someone and when they opened it while in that application it would delete their account.. Whats the best way to handle this?

    Read the article

  • Security concerns for a multi-language site.

    - by The Rook
    I am converting a PHP MySQL web application written for English language into a Multi-Language site. Do you know any vulnerabilities that affect web applications in another language? Or perhaps vulnerabilities that could be introduced in the conversion of code base to support multiple languages. (If you know any vulnerabilities of this type in another language I'll give you a +1)

    Read the article

  • ColdFusion Security

    - by Andrew
    What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks) Is cfqueryparam enough?

    Read the article

  • Security approach in web application

    - by meep
    Hello everyone. I am designing a web application in ASP.NET / C# where each registered user has the ability to add/modify/delete rows based on their user-id. Take this example: I am going to edit my route on the page /route.aspx?routeid=854 which belongs to me (user-id: 1). But because I am a curious guy I try to access /route.aspx?routeid=855 which belongs to another user (user-id: 2). How can I best avoid people from accessing other peoples data? Should I send each user id (from session) with each database-call, should I validate user/password on every page load or what is the best and most secure approach? I hope I made this clear enough.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 170 171 172 173 174 175 176 177 178 179 180 181  | Next Page >