Search Results

Search found 30932 results on 1238 pages for 'rogue security software'.

Page 307/1238 | < Previous Page | 303 304 305 306 307 308 309 310 311 312 313 314 | Next Page >

SharePoint: You cannot grant limited access permission level

- by chiccodoro

In my team, we implemented some UI to set user access rights (assign/revoke permission levels) on a certain SharePoint list. The UI supplies a "undo" feature: If you change the rights over the UI, you can restore the rights the user had before by clicking "undo". Now there is a problem if the user had the "Limited Access" permission level: This permission level is removed when you do a change over the UI. When trying to Undo, the permission level should be added again, which leads to a You cannot grant a user the limited access permission level. I've read that SharePoint grants that right automatically when a user gets access to some entity beneath the site. Still I can revoke the right manually, but then I cannot re-grant it. Is there a proper way I could work around that? My thoughts: Did I get it right that this "limited access" is granted by SharePoint on the site level only? So, do all the lists beneath the site only contain that permission level "accidentally" because they inherit it? Does that permission level have any effect at all on a list, or does it only apply to the site itself? So, would it be save to just remove it from a list and do not add it anymore when the user clicks "undo", since it has no effect anyway? (My UI always works on list / list item level, never on the whole site/web).

Read the article
SQL Server 2008 - Login failed. The login is from an untrusted domain and cannot be used with Window

- by Tom

I've just installed SQL Server 2008 Developer edition and I'm trying to connect using SQLCMD.exe, but I get the following error: H:\>sqlcmd.exe -S ".\SQL2008" Msg 18452, Level 14, State 1, Server DEVBOX\SQL2008, Line 1 Login failed. The login is from an untrusted domain and cannot be used with Windows authentication. Has anyone seen this before? Any idea what it means??

Read the article
How to organize Python modules for PyPI to support 2.x and 3.x

- by Craig McQueen

I have a Python module that I would like to upload to PyPI. So far, it is working for Python 2.x. It shouldn't be too hard to write a version for 3.x now. But, after following guidelines for making modules in these places: Distributing Python Modules The Hitchhiker’s Guide to Packaging it's not clear to me how to support multiple source distributions for different versions of Python, and it's not clear if/how PyPI could support it. I envisage I would have separate code for: 2.x 2.6 (maybe, as a special case to use the new buffer API) 3.x How is it possible to set up a Python module in PyPI so that someone can do: easy_install modulename and it will install the right thing whether the user is using 2.x or 3.x?

Read the article
Managing a file-based public maven repository

- by Roland Ewald

I am looking for an easy way to manage a public file-based Maven repository. While we are using the open-source version of Artifactory internally, we now want to put a file-based repository of our published artifacts (and their dependencies) on a separate machine that is publicly available. There are several ways how to do this, but none of them seems ideal: Use Maven Dependency plugin: if it is configured correctly and executed with the goal dependency:copy-dependencies for the release-module of our project, it creates a local repository structure that is fine, but this structure does not contain the meta-data.xml files, nor the hash-sums. Use Artifactory to export repo: AFAIK Artifactory only allows to export a repository as a whole. This would include the non-published modules from our project (which would then need to be deleted manually). Also, all dependencies are sitting in another repository, so this needs to be done twice, and many dependencies are not even required by a published artifact (only by artifacts that are still for internal use only). Nevertheless, this method would also include the meta-data.xml files and the hash-sums for all files. To set up an initial version of the repository, I used a mixture of both methods: I first created the Maven repository for all required dependencies via dependency:copy-dependencies and then wrote a script to cherry-pick the meta-data.xml files (etc.) from Artifactory. This is terribly cumbersome, isn't there a better way to solve this? Maybe there is another Maven 3 - plugin that I am unaware of, or some other command-line tool that does the job? I basically just need a simple way to create a Maven repository that contains all artifacts a given artifact depends on (and no more), and also contains all meta-data expected in a remote repository. Any ideas?

Read the article
WCF Session without Credentials

- by mcoolbeth

Is it possible to configure a WCF service to use sessions, and also not to require the client to send any credentials? If so, how should the bindings section of the service's App.config file look?

Read the article
Web application development platform recommendation

- by TK.Maxi

Hi all I did a year's worth of Pascal, Visual Basic and C++ 15 years ago, so suffice it to say that I'm a complete n00b & lamer when it comes to this. I really do hope that this question doesn't canned, but if it does, please be so kind as to point me in the direction of where it should be posted. I have an idea, like so many others, for a web app. I don't necessarily have the capital to outsource the development of the app right now, and I probably wouldn't want to, since non-disclosure agreements can be expensive to enforce, especially in this day and age of intercontinental outsourcing. I need the app to be usable on any mobile device (eventually), primarily on the major mobile platforms at first, on the web, (pc/mac/*ix) obviously, on mobile web browsers like opera mobile, etc. I envisage the app interacting with the major social networks like fb, orkut, msn im, twitter, et al in a way where friend's are messaged and/or wall posted, a message is posted to the users wall. Geo-location functionality is a plus, considering the service/app can be location sensitive in two ways, 1, the immediate location of the user, 2. the desired location of the user. I'd like to incorporate OpenID sign on, and the flip-side, the service will require that people (service providers) list their specialities/specialisations/interests/areas of expertise, so that matches to user requests can be made by the service, while users' requests are posted into the web universe. I've probably described a glut of apps out there, but I'd appreciate feedback on the sort of platform that I should look at using, be it hosted on something like Google's app engine, or written in android friendly code, or whatever. I'm a firm believer in herd mentality, especially at the start of a project that I have very little experience in. The more opinions, the merrier! I can't get very much more specific, since that would give the idea away. Thanks for your time and I look forward to hearing from wise and experienced and the fresh and innovative alike. Thanks

Read the article
Delphi: Get MAC of Router

- by Daniel Marschall

Hello, I am using Delphi and I want to determinate the physical MAC address of a network device in my network, in this case the Router itself. My code: var idsnmp: tidsnmp; val:string; begin idsnmp := tidsnmp.create; try idsnmp.QuickSend('.1.3.6.1.2.1.4.22.1.2', 'public', '10.0.0.1', val); showmessage(val); finally idsnmp.free; end; end; where 10.0.0.1 is my router. Alas, QuickSend does always send "Connection reset by peer #10054". I tried to modify the MIB-OID and I also tried the IP 127.0.0.1 which connection should never fail. I did not find any useable Tutorials about TIdSNMP at Google. :-( Regards Daniel Marschall

Read the article
Authenticating Windows 7 against MIT Kerberos 5

- by tommed

Hi There, I've been wracking my brains trying to get Windows 7 authenticating against a MIT Kerberos 5 Realm (which is running on an Arch Linux server). I've done the following on the server (aka dc1): Installed and configured a NTP time server Installed and configured DHCP and DNS (setup for the domain tnet.loc) Installed Kerberos from source Setup the database Configured the keytab Setup the ACL file with: *@TNET.LOC * Added a policy for my user and my machine: addpol users addpol admin addpol hosts ank -policy users [email protected] ank -policy admin tom/[email protected] ank -policy hosts host/wdesk3.tnet.loc -pw MYPASSWORDHERE I then did the following to the windows 7 client (aka wdesk3): Made sure the ip address was supplied by my DHCP server and dc1.tnet.loc pings ok Set the internet time server to my linux server (aka dc1.tnet.loc) Used ksetup to configure the realm: ksetup /SetRealm TNET.LOC ksetup /AddKdc dc1.tnet.loc ksetip /SetComputerPassword MYPASSWORDHERE ksetip /MapUser * * After some googl-ing I found that DES encryption was disabled by Windows 7 by default and I turned the policy on to support DES encryption over Kerberos Then I rebooted the windows client However after doing all that I still cannot login from my Windows client. :( Looking at the logs on the server; the request looks fine and everything works great, I think the issue is that the response from the KDC is not recognized by the Windows Client and a generic login error appears: "Login Failure: User name or password is invalid". The log file for the server looks like this (I tail'ed this so I know it's happening when the Windows machine attempts the login): If I supply an invalid realm in the login window I get a completely different error message, so I don't think it's a connection problem from the client to the server? But I can't find any error logs on the Windows machine? (anyone know where these are?) If I try: runas /netonly /user:[email protected] cmd.exe everything works (although I don't get anything appear in the server logs, so I'm wondering if it's not touching the server for this??), but if I run: runas /user:[email protected] cmd.exe I get the same authentication error. Any Kerberos Gurus out there who can give me some ideas as to what to try next? pretty please?

Read the article
Clickonce intranet application trust

- by Mark

Hi, we have a VSTO outlook add-in we'd like to silently deploy to everyone via AD. I'm signing the App with a "Code signing" certificate (requested certmgr from AD). If I add this certificate to my Trusted Publishers, then I can silently install the signed app via the VSTOInstaller.exe (with the /S switch). We don't want to have to install my certificate as a trusted publisher on everyone's machine - we'd like to be able to say that any code signed by a certificate issued within our AD is trusted. Is there some way to do this?

Read the article
Design for a machine learning artificial intelligence framework

- by Lirik

This is a community wiki which aims to provide a good design for a machine learning/artificial intelligence framework (ML/AI framework). Please contribute to the design of a language-agnostic framework which would allow multiple ML/AI algorithms to be plugged into a single framework which: runs the algorithms with a user-specified data set. facilitates learning, qualification, and classification. allows users to easily plug in new algorithms. can aggregate or create an ensemble of the existing algorithms. can save/load the progress of the algorithm (i.e. save the network and weights of a neural network, save the tree of a decision tree, etc.). What is a good design for this sort of ML/AI framework?

Read the article
How do you protect against specific CSRF attack

- by Saif Bechan

I am going trough the OWASP Top 10 list of 2007 and 2010. I stumbled upon Cross Site Request Forgery (CSRF) this is often called session riding as you let the user usee his session to fulfill your wishes. Now a solution to this is adding a token to every url and this token is checked for every link. For example to vote on product x the url would be: 'http://mysite.com?token=HVBKJNKL' This looks like a solid solution to because a hacker can not guess the token. But I was thinking of the following scenario(I do not know if it is possible): You create a website with an hidden iFrame or div. After that you can load my website in it either using just the normal iFrame or ajax. When you have my website loaded hidden inside your website, and the user has a stored session, the following can be done. You can retrieve the token from the URLS, and still do all the actions needed. Is it possible to do something like this. Or is it not possible to do this cross domain.

Read the article
allow file download to all types of files

- by Avinash

hi i have given my user to upload nay types of files. But my problem is that how can i force user top just download any type of files? Since pdf, jpg and text files are directly viewable to browser. So i want that any type of file should be downloaded to view. Running on php Thanks Avinash

Read the article
Impersonation in ASP.NET MVC

- by eibrahim

I have an Action that needs to read a file from a secure location, so I have to use impersonation to read the file. This code WORKS: [AcceptVerbs(HttpVerbs.Get)] public ActionResult DirectDownload(Guid id) { if (Impersonator.ImpersonateValidUser()) { try { var path = "path to file"; if (!System.IO.File.Exists(path)) { return View("filenotfound"); } var bytes = System.IO.File.ReadAllBytes(path); return File(bytes, "application/octet-stream", "FileName"); } catch (Exception e) { Log.Exception(e); }finally { Impersonator.UndoImpersonation(); } } return View("filenotfound"); } The only problem with the above code is that I have to read the entire file into memory and I am going to be dealing with VERY large files, so this is not a good solution. But if I replace these 2 lines: var bytes = System.IO.File.ReadAllBytes(path); return File(bytes, "application/octet-stream", "FileName"); with this: return File(path, "application/octet-stream", "FileName"); It does NOT work and I get the error message: Access to the path 'c:\projects\uploads\1\aa2bcbe7-ea99-499d-add8-c1fdac561b0e\Untitled 2.csv' is denied. I guess using the File results with a path, tries to open the file at a later time in the request pipeline when I have already "undone" the impersonation. Remember, the impersonation code works because I can read the file in the bytes array. What I want to do though is stream the file to the client. Any idea how I can work around this? Thanks in advance.

Read the article
SHA512 vs. Blowfish and Bcrypt

- by Chris

I'm looking at hashing algorithms, but couldn't find an answer. Bcrypt uses Blowfish Blowfish is better than MD5 Q: but is Blowfish better than SHA512? Thanks.. Update: I want to clarify that I understand the difference between hashing and encryption. What prompted me to ask the question this way is this article, where the author refers to bcrypt as "adaptive hashing" http://chargen.matasano.com/chargen/2007/9/7/enough-with-the-rainbow-tables-what-you-need-to-know-about-s.html Since bcrypt is based on Blowfish, I was led to think that Blowfish is a hashing algorithm. If it's encryption as answers have pointed out, then seems to me like it shouldn't have a place in this article. What's worse is that he's concluding that bcrypt is the best. What's also confusing me now is that the phpass class (used for password hashing I believe) uses bcrypt (i.e. blowfish, i.e. encryption). Based on this new info you guys are telling me (blowfish is encryption), this class sounds wrong. Am I missing something?

Read the article
Creating Custom Assertions in Oracle Web service Manager (OWSM)

- by sachin

I am trying to create example given at this site: http://download.oracle.com/docs/cd/E12839_01/web.1111/b32511/custom_assertions.htm#CIHFGJAG but While compiling I get following errors: Error(63,64): cannot access oracle.annotation.logging.Publish Error: error: in class file D:\Installations\Oracle\Middleware_11g\oracle_common\modules\oracle.wsm.common_11.1.1\wsm-policy-core.jar/oracle/wsm/resources/enforcement/EnforcementMessageID.class: unknown enum constant oracle.annotation.logging.Publish.NO Error(69,28): cannot access oracle.annotation.logging.Category Error(70,48): cannot find variable FAULT_FAILED_CHECK Error(75,17): cannot access oracle.annotation.logging.Severity I have included: wsm-policy-core.jar, wsm-agent-core.jar findjars.com shows oracle.annotation.logging.Publish present in: logging-utils.jar I downloaded latest oc4j, but still not able to find this jar or resolve the issue. Please help!

Read the article
XSS attack to bypass htmlspecialchars() function in value attribute

- by Setzer

Let's say we have this form, and the possible part for a user to inject malicious code is this below ... <input type=text name=username value=<?php echo htmlspecialchars($_POST['username']); ? ... We can't simply put a tag, or a javascript:alert(); call, because value will be interpreted as a string, and htmlspecialchars filters out the <,,',", so We can't close off the value with quotations. We can use String.fromCode(.....) to get around the quotes, but I still unable to get a simple alert box to pop up. Any ideas?

Read the article
Disable browser 'Save Password' functionality

- by mattsmith321

One of the joys of working for a government healthcare agency is having to deal with all of the paranoia around dealing with PHI (Protected Health Information). Don't get me wrong, I'm all for doing everything possible to protect people's personal information (health, financial, surfing habits, etc.), but sometimes people get a little too jumpy. Case in point: One of our state customers recently found out that the browser provides the handy feature to save your password. We all know that it has been there for a while and is completely optional and is up to the end user to decide whether or not it is a smart decision to use or not. However, there is a bit of an uproar at the moment and we are being demanded to find a way to disable that functionality for our site. Question: Is there a way for a site to tell the browser not to offer to remember passwords? I've been around web development a long time but don't know that I have come across that before. Any help is appreciated. Thanks, Matt

Read the article
asp.net mvc, IIS 6 vs IIS7.5, and integrated windows authentication causing javascript errors?

- by chris

This is a very strange one. I have an asp.net MVC 1 app. Under IIS6, with no anon access - only integrated windows auth - every thing works fine. I have the following on most of my Foo pages: <% using (Html.BeginForm()) { %> Show All: <%= Html.CheckBox("showAll", new { onClick = "$(this).parent('form:first').submit();" })%> <% } %> Clicking on the checkbox causes a post, the page is reloaded, everything is good. When I look at the access logs, that's what I see, with one oddity - the js library is requested during the page first request, but not for any subsequent page requests. Log looks like: GET / 401 GET / 200 GET /Content/Site.css 304 GET /Scripts/jquery-1.3.2.min.js 401 GET /Scripts/jquery-ui-1.7.2.custom.min.js 401 GET /Scripts/jquery.tablesorter.min.js 401 GET /Scripts/jquery-1.3.2.min.js 304 GET /Scripts/jquery-ui-1.7.2.custom.min.js 304 GET /Scripts/jquery.tablesorter.min.js 304 GET /Content/Images/logo.jpg 401 GET /Content/Images/logo.jpg 304 GET /Foo 401 GET /Foo 200 POST /Foo/Delete 302 GET /Foo/List 200 POST /Foo/List 200 This corresponds to home page, click on "Foo", delete a record, click a checkbox (which causes the 2nd POST). Under IIS7.5, it sometimes fails - the click on the check box doesn't cause a postback, but there are no obvious reasons why. I've noticed under IIS7.5 that every single page request re-issues the requests for the js libraries - the first one a 401, followed by either a 200 (OK) or 304 (not modified), as opposed to the above log extract where that only happened during the 1st request. Is there any way to eliminate the 401 requests? Could a timing issue have something to do with the click being ignored? Would increasing the number of concurrent connections help? Any other ideas? I'm at a bit of a loss to explain this.

Read the article
Request a user's roles in AD when caller is not in domain

- by grootjans

I would like to get a user's group memberships in an ActiveDirectory, without being in the domain. When I run this inside the domain, all is well. var context = new PrincipalContext(ContextType.Domain); var principal = UserPrincipal.FindByIdentity(context, IdentityType.Name, "administrator"); foreach (var authorizationGroup in principal.GetAuthorizationGroups()) { Console.WriteLine(authorizationGroup.Name); } However, when I run outside the domain, I have to specify the PrincipalContext lie this: var context = new PrincipalContext(ContextType.Domain, "10.0.1.255", "DC=test,DC=ad,DC=be", "administrator", "password"); When I run this code, I get an exception when I execute principal.GetAuthorizationGroups(). The exception I get is: System.DirectoryServices.AccountManagement.PrincipalOperationException: Information about the domain could not be retrieved (1355). at System.DirectoryServices.AccountManagement.Utils.GetDcName(String computerName, String domainName, String siteName, Int32 flags) at System.DirectoryServices.AccountManagement.ADStoreCtx.LoadDomainInfo() at System.DirectoryServices.AccountManagement.ADStoreCtx.get_DnsDomainName() at System.DirectoryServices.AccountManagement.ADStoreCtx.GetGroupsMemberOfAZ(Principal p) at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroupsHelper() at System.DirectoryServices.AccountManagement.UserPrincipal.GetAuthorizationGroups()

Read the article
Can I encrypt web.config with a custom protection provider who's assembly is not in the GAC?

- by James

I have written a custom protected configuration provider for my web.config. When I try to encrypt my web.config with it I get the following error from aspnet_iisreg aspnet_regiis.exe -pef appSettings . -prov CustomProvider (This is running in my MSBuild) Could not load file or assembly 'MyCustomProviderNamespace' or one of its dependencies. The system cannot find the file specified. After checking with the Fusion log, I confirm it is checking both the GAC, and 'C:/WINNT/Microsoft.NET/Framework/v2.0.50727/' (the location of aspnet_iisreg). But it cannot find the provider. I do not want to move my component into the GAC, I want to leave the custom assembly in my ApplicationBase to copy around to various servers without having to pull/push from the GAC. Here is my provider configuration in the web.config. <configProtectedData> <providers> <add name="CustomProvider" type="MyCustomProviderNamespace.MyCustomProviderClass, MyCustomProviderNamespace" /> </providers> </configProtectedData> I want aspnet_iisreg to check my ApplicationBase Bin folder for this assembly. Has anyone got any ideas?

Read the article
Download manager that can continue download

- by eWolf

I have a file half-downloaded. Do you know a download manager that can continue the download without loading the part I already loaded? Is this possible with HTTP? Thanks

Read the article
How to enable HTTP response caching in Spring Boot

- by Samuli Kärkkäinen

I have implemented a REST server using Spring Boot 1.0.2. I'm having trouble preventing Spring from setting HTTP headers that disable HTTP caching. My controller is as following: @Controller public class MyRestController { @RequestMapping(value = "/someUrl", method = RequestMethod.GET) public @ResponseBody ResponseEntity<String> myMethod( HttpServletResponse httpResponse) throws SQLException { return new ResponseEntity<String>("{}", HttpStatus.OK); } } All HTTP responses contain the following headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Expires: 0 Pragma: no-cache I've tried the following to remove or change those headers: Call setCacheSeconds(-1) in the controller. Call httpResponse.setHeader("Cache-Control", "max-age=123") in the controller. Define @Bean that returns WebContentInterceptor for which I've called setCacheSeconds(-1). Set property spring.resources.cache-period to -1 or a positive value in application.properties. None of the above have had any effect. How do I disable or change these headers for all or individual requests in Spring Boot?

Read the article
Where does Internet Explorer store saved passwords?

- by Ian Boyd

Where does Internet Explorer store saved passwords? And since this is a programming site, i'm not literally asking for the location where IE stores passwords, but which API ie uses to save passwords. At first i assumed that Microsoft was using the standard api: CredRead CredWrite which is used to save domain and generic program/web-site credentials. CredRead/CredWrite turn around and use CryptProtectData CryptUnprotectData to encrypt data with the current user's account. CredRead/CredWrite then store the data in some magical location, which contents you can see from the control panel: But i don't see IE passwords in there. So ie doesn't store passwords using CredRead/CredWrite. What api does IE use to store passwords, and if it uses CryptProtectData, where does it then store the protected data?

Read the article
faking a filesystem / virtual filesystem

- by attwad

I have a web service to which users upload python scripts that are run on a server. Those scripts process files that are on the server and I want them to be able to see only a certain hierarchy of the server's filesystem (best: a temporary folder on which I copy the files I want processed and the scripts). The server will ultimately be a linux based one but if a solution is also possible on Windows it would be nice to know how. What I though of is creating a user with restricted access to folders of the FS - ultimately only the folder containing the scripts and files - and launch the python interpreter using this user. Can someone give me a better alternative? as relying only on this makes me feel insecure, I would like a real sandboxing or virtual FS feature where I could run safely untrusted code.

Read the article
User.IsInRole returning false

- by Curtis

My ASP.NET app is using windows authentication. If I run the following code: WindowsIdentity wi = (WindowsIdentity)User.Identity; foreach (IdentityReference r in wi.Groups) { ListBox1.Items.Add(r.Translate (typeof (NTAccount)).Value); } if (User.IsInRole ("Everyone")) Label1.Text = "Is in role"; The listbox will contain the name of every group the user belongs to. If I then call User.IsInRole, and pass in the name of any of those groups, I always get a false. Can anyone tell me what I am doing wrong? Thanks

Read the article

< Previous Page | 303 304 305 306 307 308 309 310 311 312 313 314 | Next Page >