Search Results

Search found 42331 results on 1694 pages for 'event log security'.

Page 229/1694 | < Previous Page | 225 226 227 228 229 230 231 232 233 234 235 236 | Next Page >

What is the event dispatching thread?

- by Roman

I know what "thread" means and if I understand the event dispatching thread (EDT) as "just a thread", it explains a lot but, apparently, it does not explain everything. I do not understand what is special about this thread. For example I do not understand why we should start a GUI in a the EDT? Why the "main" thread is bed for GUI? Well, if we just do not want to occupy the main thread why we cannot start GUI just in "another thread" why it should be some "special" thread called EDT? Then I do not understand why we cannot start the EDT like any other thread? Why we should use some special tool (called invokeLater). And why GUI, unlike any other thread, does not start immediately. We should wait until it is ready to accept our job. Is it because EDT can, potentially execute several task simultaneously? If you decide to answer this question, could you pleas use a really simple terminology because otherwise, I am afraid, I will not be able to understand the answer.

Read the article
Form doesn't resize smoothly with a timer event

- by BDotA

I have a grid control at the bottom of my form and it can be shown or hidden if user wants to show/hide it. So one way was to well use AutoSize of the form and change the Visuble property of that grid to true or false,... But I thought let's make it a little cooler! so I wanted the form to resize a little more slowly, like a garage door! So I dropped a Timer on the form and started increasing the height of the form little by little while the timer ticks... so something like this when user says show/hide the grid: timer1.Enabled = true; timer1.Start(); and something like this on the timer_click event: this.Height = this.Height + 5; if(this.Height -10 > ErrorsGrid.Bottom ) timer1.Stop(); It kind of works but still not perfect. For example it lags at the very beginning, stop a like a second and then start moving it...So now with this idea in mind what alterations do you suggest I should do to make this thing look and work better?

Read the article
Jquery dynamic dropdown event not firing

- by kevin

Hi i am trying to create dropdownlists dynamically and populating the contents via an ajax call, this sort of works in the sense that the drop down is created and populated as required but its 'change' event does not fire. I am posting the code below, if anyone can spot something obvious, can you please let me know regards $(document).ready(function () { $("#positions select").change(function (e) { alert("in"); var id = $("#category_id").val(); $.getJSON("/Category/GetSubCategories/" + id, function (data) { if (data.length > 0) { alert(data.length); var position = document.getElementById('positions'); var tr = position.insertRow(7); var td1 = tr.insertCell(-1); var td = tr.insertCell(-1); var sel = document.createElement("select"); sel.name = 'sel'; sel.id = 'sel'; sel.setAttribute('class', 'category'); td.appendChild(sel); $.each(data, function (GetSubCatergories, category) { $('#sel').append($("<option></option>"). attr("value", category.category_id). text(category.name)); }); } }); }); });

Read the article
JQuery event that triggers after CSS is loaded?

- by Dave

(I posted this on the jquery forums but it's still awaiting moderation, so I thought I'd try my luck here since stackoverflow is so awesome. If I get an answer I'll post it here.) Maybe someone can help me with this, I have a couple of links on my page (inside a <div id="theme-selector">) which allow you to change the CSS stylesheets: $('#theme-selector a').click(function(){ var path = $(this).attr('href'); $('head link').remove(); $('head').append('<link type="text/css" href="'+path+'" rel="stylesheet" />'); return false; }); Now, after I've changed the style on the page, I want to get the new background color, using the following code (which I put after the $('head').append call): var bgcolor = $('body').css('background-color'); alert(bgcolor); The problem is, I think, that it takes some time for the browser to download the new stylesheet and I sometimes get the old background color in my alert message. Is there some event I can bind that will only alert me after all the stylesheets are loaded on the page? At the moment, all I can think of is using a setTimeout(function(){}, 5000); which isn't great, because what if it takes longer/shorter to load all the CSS on the page. Let me know if I need to clarify anything and I can provide more code. Thanks in advance.

Read the article
“User Control” uses an incorrect event

- by Lijo

Hi, I am using two instances of a user control. But when I click on a button in the user control, both of the instances calls the function corresponding to the first event (AcknowledgeReceipt()) However, when I remove the first user control and clicks on the btnRequestClarification, it calls the correct method (RequestClarification()) Is there a way to correct this behavior? acknowledgeModificationPopupCtrl = (ConfirmationPopup)this.LoadControl("~/ConfirmationPopup.ascx"); plHConfirmationPopup.Controls.Add(acknowledgeModificationPopupCtrl); acknowledgeModificationPopupCtrl.ContinueClick += new EventHandler(AcknowledgeReceipt); RequiredFieldValidator reqFValidatorAcknowledge = (RequiredFieldValidator)acknowledgeModificationPopupCtrl.FindControl("reqValidatorTxt"); reqFValidatorAcknowledge.ValidationGroup = "AcknowledgeReceipt"; acknowledgeModificationPopupCtrl.ValidationGroup = "AcknowledgeReceipt"; btnAcknowledgeReceipt.Attributes.Add("onclick", "validateconfirmPopup('true','xx' ,’yyy','Note' ,'true'); return false;"); requestModificationPopupCtrl = (ConfirmationPopup)this.LoadControl("~/ConfirmationPopup.ascx"); plHConfirmationPopup.Controls.Add(requestModificationPopupCtrl); requestModificationPopupCtrl.ContinueClick += new EventHandler(RequestClarification); RequiredFieldValidator reqFValidator = (RequiredFieldValidator)requestModificationPopupCtrl.FindControl("reqValidatorTxt"); reqFValidator.ValidationGroup = "request"; requestModificationPopupCtrl.ValidationGroup = "request"; btnRequestClarification.Attributes.Add("onclick", "validateconfirmPopup('true',’kkk' ,’lll','ff' ,'true'); return false;"); Thanks Lijo

Read the article
Click event for dynamically added li element?

- by user1774460

I am having totally 20 links.First 10 links directly visible to user and remaining 10 links shown when user hover the down arrow image(used for hover). When user click any one hover link, the link till the currently clicked are moved to left side(another down arrow used for add the right side links to left side dynamically by creating li). This one working fine.But this is not working as vice versa. (i.e)When i click left side link it should navigate to right side.Click event not working for li element that i created dynamically. Please Can any one help for me?????? My sample Code: //To append the line from right hover to looplink div $('#loop_link').append(''+$('#pagelinkli_'+val3).html()+''); //To hide the link in right hover div once it selected and appended in loop link div $('#pagelink_a #pagelinkli_'+val3).css('display','none'); //This line to move the link from loop link to left hover div $('#pagelink_a_left ul').prepend((''+$('#pagelinkli_'+val6).html()+'')); //This line to hide the link in looplink div $('#loop_link #pagelinkli_'+val6).css('display','none'); This code is like navigating link from right hover to tab and from tab to left hover and vice versa.....

Read the article
How can I generate a client proxy for a WCF service with an HTTPS endpoint?

- by ng5000

Might be the same issue as this previuos question: WCF Proxy but not sure... I have an HTTPS service connfigured to use transport security and, I hope, Windows credentials. The service is only accessed internally (i.e. within the intranet). The configuration is as follows: <configuration> <system.serviceModel> <services> <service name="WCFTest.CalculatorService" behaviorConfiguration="WCFTest.CalculatorBehavior"> <host> <baseAddresses> <add baseAddress = "https://localhost:8000/WCFTest/CalculatorService/" /> </baseAddresses> </host> <endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> </services> <bindings> <basicHttpBinding> <binding name="basicHttpBindingConfig"> <security mode="Transport"> <transport clientCredentialType = "Windows"/> </security> </binding> </basicHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="WCFTest.CalculatorBehavior"> <serviceAuthorization impersonateCallerForAllOperations="false" principalPermissionMode="UseWindowsGroups" /> <serviceCredentials > <windowsAuthentication allowAnonymousLogons="false" includeWindowsGroups="true" /> </serviceCredentials> <serviceMetadata httpsGetEnabled="True"/> <serviceDebug includeExceptionDetailInFaults="False" /> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> </configuration> When I run the service I can't see the service in IE. I get a "this page can not be displayed" error. If I try and create a client in VS2008 via the "add service reference" wizard I get this error: There was an error downloading 'https://localhost:8000/WCFTest/CalculatorService/'. There was an error downloading 'https://localhost:8000/WCFTest/CalculatorService/'. The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream. Metadata contains a reference that cannot be resolved: 'https://localhost:8000/WCFTest/CalculatorService/'. An error occurred while making the HTTP request to https://localhost:8000/WCFTest/CalculatorService/. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream. If the service is defined in the current solution, try building the solution and adding the service reference again. I think I'm missing some fundamental basics here. Do I need to set up some certificates? Or should it all just work as it seems to do when I use NetTcpBinding? Thanks

Read the article
JSF SSL Hazzard

- by java beginner

In my application it is required that only certain pages need to be secured using SSL so I configured it security-constraint> <display-name>Security Settings</display-name> <web-resource-collection> <web-resource-name>SSL Pages</web-resource-name> <description/> <url-pattern>/*.jsp</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <description>CONFIDENTIAL requires SSL</description> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> and added filter http://blogs.sun.com/jluehe/entry/how_to_downshift_from_https but only one hazard is there. I am using it with richFaces. Once it goes to HTTPS its not changing the page—I mean if I perform post action it doesn't actually happen. But if I do it from the local machine's browser it works perfectly, from a remote browser it stucks with HTTPS and not changing after that. Here is my web.xml's snap: <filter> <filter-name>MyFilter</filter-name> <filter-class>MyFilter</filter-class> <init-param> <param-name>httpPort</param-name> <param-value>8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>MyFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <security-constraint> <web-resource-collection> <web-resource-name>Protected resource</web-resource-name> <url-pattern>somePattern</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> and some other filters of richfaces. Problem is strange. If I try to access the web app from local's machine's browser it works fine but in remote machine's browser once it get into HTTP, all the forms of that page aswell as href stops working.(JSF,facelet is used.)

Read the article
Exchange 2010 OWA with Client Certificates

- by Christian

I have enabled Client Certificate Authentication for Exchange 2010 through IIS7 and the users are prompted to choose their User Certificate when they log in, but they are all then presented with the following error message Request Url: https://<domain_name>:443/owa/ User host address: <server_ip_address> OWA version: 14.1.355.2 Exception Exception type: System.NullReferenceException Exception message: Object reference not set to an instance of an object. Call stack Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.GetUserIdentities(OwaContext owaContext, OwaIdentity& logonIdentity, OwaIdentity& mailboxIdentity, Boolean& isExplicitLogon, Boolean& isAlternateMailbox, ExchangePrincipal& logonExchangePrincipal) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext) Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext) Microsoft.Exchange.Clients.Owa.Core.OwaRequestEventInspector.OnPostAuthorizeRequest(Object sender, EventArgs e) System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) The method I followed to enable Certificate authentiaction was from this post: http://www.miru.ch/2011/04/how-to-enable-certificate-based-authentication-on-exchange-2010/ Any ideas? Google isn't being very helpful

Read the article
Is there a serious issue with setting the SUID bit on tcpdump?

- by Dean

I'm running tcpdump on a remote machine, and piping the output to Wireshark on my local machine over SSH. In order to do this, I had to set the SUID bit on tcpdump. For background, the remote machine is an Amazon EC2 running "Amazon Linux AMI 2012.09". On this image, there is no root password, and it is not possible to log in as root. You can't use sudo without a TTY, and therefore you have to set the SUID. What are the practical risks of setting this bit on tcpdump? Is there any need to be paranoid? Should I unset it whenever I'm not capturing?

Read the article
robot hammering apache2

- by user1571418

My apache2 log is bombarded with lines like: 108.5.114.118 - - [03/Aug/2012:15:23:28 +0200] "GET http://xchecker.net/tmp_proxy2012/http/engine.php HTTP/1.0" 404 1690 "http://xchecker.net/tmp_proxy2012/http/engine.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)" I am puzzled by this -- why is a request for some weird xchecker.net domain ending up on my server in the first place?! The request comes every few dozens of seconds, must be a robot. Any ideas what it is? Btw that URL is valid -- apparently it contains some test page...

Read the article
Detecting Request that uses invalid Encoding using Modsecurity

- by Ali Ahmad

I am trying write a virtual patch using modsecurity for my hosted web application using following rule i.e. <Location /index.php> SecDefaultAction phase:2,t:none,log,deny # Validate parameter names SecRule ARGS_NAMES "!^(articleid)$" \ "msg:'Unknown parameter: %{MATCHED_VAR_NAME}'" # Expecting articleid only once SecRule &ARGS:articleid "!@eq 1" \ "msg:'Parameter articleid seen more than once'" # Validate parameter articleid SecRule ARGS:articleid "!^[0-9]{1,10}$" \ "msg:'Invalid parameter articleid'" </Location> The problem is how can i reject requests that use invalid encoding as a global WAF configuration so that this patch cannot be circumvented.

Read the article
Best way to find the computer a user last logged on from?

- by Garrett

I am hoping that somewhere in Active Directory the "last logged on from [computer]" is written/stored, or there is a log I can parse out? The purpose of wanting to know the last PC logged on from is for offering remote support over the network - our users move around pretty infrequently, but I'd like to know that whatever I'm consulting was updating that morning (when they logged in, presumably) at minimum. I'm also considering login scripts that write the user and computer names to a known location I can reference, but some of our users don't like to logout for 15 days at a time. If there is an elegant solution that uses login scripts, definitely mention it - but if it happens to work for merely unlocking the station, that would be even better!

Read the article
Firefox: This connection is untrusted + Behind corporate firewall

- by espais

I've seen some similar issues strewn throughout Google's results about this, but none seem to be corporate-specific. I continually get the 'This connection is untrusted' screen every time I attempt to log into a secure site...for instance Gmail. This is pretty annoying as sometimes I have to go through the process of adding the exception two or three times before it finally lets me into Gmail. I am behind a corporate firewall, going through an internal proxy server to get to the Internet, so there is no possibility for me to update the firewall...etc. Does anybody know a way around this? Can it simply be disabled (and is that safe)? EDIT I'm going to reopen this question with a bit of new information. I have been using Google Chrome lately until today, and one thing that I noticed was that I never had this issue when using either Chrome or Internet Explorer. Is there something that these other browsers do that I need to manually do in FF?

Read the article
Monitor the shell activity of a user on your Unix system?

- by Joseph Turian

Trust, but verify. Let's say I want to hire someone a sysadmin, and give them root access to my Unix system. I want to disable X windows for them, only allow shell usage (through SSH, maybe), so that all operations they perform will be through the shell (not mouse operations). I need a tool that will log to a remote server all commands they issue, as they issue them. So even if they install a back door and cover their tracks, that will be logged remotely. How do I disable everything but shell access? Is there a tool for instantaneously remotely logging commands as they are issued?

Read the article
Strategy to allow emergency access to colocation crew

- by itsadok

I'm setting up a server at a new colocation center half way around the world. They installed the OS for me and sent me the root password, so there's obviously a great amount of trust in them. However, I'm pretty sure I don't want them to have my root password on a regular basis. And anyway, I intend to only allow key-based login. On some cases, though, it might be useful to let their technical support log in through a physical terminal. For example, if I somehow mess up the firewall settings. Should I even bother worrying about that? Should I set up a sudoer account with a one-time password that will change if I ever use it? Is there a common strategy for handling something like this?

Read the article
Blocking IP Range in .htaccess Problem

- by Pedro

Hi, I'm trying to block the access of one of my webapps using IP Filter in the .htaccess, the problem is that after updating the file with: order allow,deny deny from 58.14.0.0/15 allow from all I get the folowing error: Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, [email protected] and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. What is wrong? Regards, Pedro

Read the article
PCRE limits exceeded, but triggering rules are SQL related

- by Wolfe

[Mon Oct 15 17:12:13 2012] [error] [client xx.xx.xx.xx] ModSecurity: Rule 1d4ad30 [id "300014"][file "/usr/local/apache/conf/modsec2.user.conf"][line "349"] - Execution error - PCRE limits exceeded (-8): (null). [hostname "domain.com"] [uri "/admin.php"] [unique_id "UHx8LEUQwYEAAGutKkUAAAEQ"] And similar are spamming my error log for apache. It's only the admin side.. and only these two lines in the config: line 349: #Generic SQL sigs SecRule ARGS "(or.+1[[:space:]]*=[[:space:]]1|(or 1=1|'.+)--')" "id:300014,rev:1,severity:2,msg:'Generic SQL injection protection'" And line 356: SecRule ARGS "(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+\(.*from)" Is there a way to fix this problem? Can someone explain what is going on or if these rules are even valid to cause this error? I know it's supposedly a recursion protection.. but these protect against SQL injection so I'm confused.

Read the article
RDP over VPN only

- by shiva

I know this question has been asked many a times here. But i want to gain certain perspective here. I have enabled VPN on certain systems and then can access remote system using rdp. However they can access the remote system without rdp as well. Is this because all these systems are in same lan group? How can i ensure that rdp works only when connected to vpn? I am looking at one vpn system and people should log into that system and then connect to vpn and then access remote system using rdp. I know that this can be achieved but i am not sure how to go about it. please guide me

Read the article
mystery Internet traffic to port 445

- by Ben Collver

Recently, I noticed traffic from the office network to TCP port 445 on the Internet [a]. Below are the Linux firewall log entries to Facebook's network [b] and Google's network [c]. I would like to identify the source of this traffic. My first guess is that Facebook and Google might be using multiple TCP ports for SSL load balancing. However, I could not confirm this based on the web proxy logs. What else might it be? [a] http://support.microsoft.com/kb/204279 [b] Sep 4 08:30:03 firewall01 kernel: IN=eth0 OUT=eth2 SRC=10.0.0.131 DST=69.171.237.34 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=14287 DF PROTO=TCP SPT=51711 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 [c] Aug 28 06:02:41 firewall01 kernel: IN=eth0 OUT=eth2 SRC=10.0.0.115 DST=173.194.33.47 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=4558 DF PROTO=TCP SPT=49294 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0

Read the article
Setting up Shibboleth to secure part of a website

- by HorusKol

I've installed the Shibboleth module for apache on Ubuntu 10.04 using aptitude to install libapache2-mod-shib2 as per https://groups.google.com/group/shibboleth-users/browse_thread/thread/9fca3b2af04d5ca8?pli=1 and enabled the module (I have checked in /etc/apache2/mods-enabled) I then proceeded to secure a directory on the server by placing a .htaccess file with the following directives: AuthType shibboleth ShibRequestSetting requireSession 1 Require valid-user Now - I haven't set up an SSL host yet - and I also haven't set up the IdP - but I would expect that the server would block access to this directory - but I'm getting the content without any problems. I have restarted the apache service and I have no errors in the log files.

Read the article
hosts.deny not working

- by Captain Planet

Currently I am watching the live auth.log and someone is continuously trying the brute force attack for 10 hours. Its my local server so no need to worry but I want to test. I have installed denyhosts. There is already an entry for that IP address in hosts.deny. But still he is trying the attacks from same IP. System is not blocking that. Firstly I don't know how did that IP address get entered in that file. I didn't enter it, is there any other system script which can do that. hosts.deny is sshd: 120.195.108.22 sshd: 95.130.12.64 hosts.allow ALL:ALL sshd: ALL Is there any iptable setting that can override the host.deny file

Read the article
Best way to find the computer a user last logged on from?

- by Garrett

I am hoping that somewhere in Active Directory the "last logged on from [computer]" is written/stored, or there is a log I can parse out? The purpose of wanting to know the last PC logged on from is for offering remote support over the network - our users move around pretty infrequently, but I'd like to know that whatever I'm consulting was updating that morning (when they logged in, presumably) at minimum. I'm also considering login scripts that write the user and computer names to a known location I can reference, but some of our users don't like to logout for 15 days at a time. If there is an elegant solution that uses login scripts, definitely mention it - but if it happens to work for merely unlocking the station, that would be even better!

Read the article
Can I disable Pam Loginuid? Can I find out options used to configure kernel?

- by dunxd

I am getting a lot of the following types of error in my secure log on a CentOS 5.4 server: crond[10445]: pam_loginuid(crond:session): set_loginuid failed opening loginuid sshd[10473]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid I've seen discussion of this being caused when using a non-standard kernel without the correct CONFIG_AUDIT and CONFIG_AUDITSYSCALL options set. Where this is the case, it is advised to comment out some lines in the pam.d config files. I am running a Virtual Private Server where I need to use the kernel provided by the supplier. Is there a way to find out what options they used to configure the kernel? I want to verify if the above is the cause. If this turns out not to be the cause, what are the risk of disabling pam_loginuid for crond and sshd?

Read the article
Retrieve malicious IP addresses from Apache logs and block them with iptables

- by Gabriel Talavera

Im trying to keep away some attackers that try to exploit XSS vulnerabilities from my website, I have found that most of the malicious attempts start with a classic "alert(document.cookie);\" test. The site is not vulnerable to XSS but I want to block the offending IP addresses before they found a real vulnerability, also, to keep the logs clean. My first thought is to have a script constantly checking in the Apache logs all IP addresses that start with that probe and send those addresses to an iptables drop rule. With something like this: cat /var/log/httpd/-access_log | grep "alert(document.cookie);" | awk '{print $1}' | uniq Why would be an effective way to send the output of that command to iptables? Thanks in advance for any input!

Read the article

< Previous Page | 225 226 227 228 229 230 231 232 233 234 235 236 | Next Page >