Search Results

Search found 13059 results on 523 pages for 'security hole'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 322/523 | < Previous Page | 318 319 320 321 322 323 324 325 326 327 328 329  | Next Page >

  • Mocking digest authentication in RestEasy

    - by Ralph
    I am using RestEasy to develop a REST server and using the mock dispatcher (org.jboss.resteasy.mockMockDispatcherFactory) for testing the service in my unit tests. My service requires digest authentication and I would to make that part of my testing. Each of my services accepts a @Context SecurityContext securityContext parameter. Is there any way is inject a fake SecurityContext in the dispatcher so that I can test that my security methods function properly?

    Read the article

  • Semantic urls with dots in .net

    - by Jokin
    I'm trying to make semantic urls for search pages, but if someone use a search finished in dot, the .net engine return a 404. The request don't even get to the routing engine, so i think its something related to security or something like that. For example, the stackoverflow routes also don't work in these case: http://stackoverflow.com/questions/tagged/etc.

    Read the article

  • Is there a Base64Stream for .NET? where?

    - by Cheeso
    If I want to produce a Base64-encoded output, how would I do that in .NET? I know that since .NET 2.0, there is the ICryptoTransform interface, and the ToBase64Transform() and FromBase64Transform() implementations of that interface. But those classes are embedded into the System.Security namespace, and require the use of a TransformBlock, TransformFinalBlock, and so on. Is there an easier way to base64 encode a stream of data in .NET?

    Read the article

  • Registry Problem

    - by Dominik
    I made a launcher for my game server. (World of Warcraft) I want to get the installpath of the game, browsed by the user. I'm using this code to browse, and get the installpath, then set some other strings from the installpath string, then just strore in my registry key. using System; using System.Drawing; using System.Reflection; using System.Collections; using System.ComponentModel; using System.Windows.Forms; using System.Data; using Microsoft.Win32; using System.IO; using System.Net.NetworkInformation; using System.Diagnostics; using System.Runtime; using System.Runtime.InteropServices; using System.Security; using System.Security.Cryptography; using System.Text; using System.Net; using System.Linq; using System.Net.Sockets; using System.Collections.Generic; using System.Threading; namespace WindowsFormsApplication1 { public partial class Form1 : Form { public Form1() { InitializeComponent(); } string InstallPath, WoWExe, PatchPath; private void Form1_Load(object sender, EventArgs e) { RegistryKey LocalMachineKey_Existence; MessageBox.Show("Browse your install location.", "Select Wow.exe"); OpenFileDialog BrowseInstallPath = new OpenFileDialog(); BrowseInstallPath.Filter = "wow.exe|*.exe"; if (BrowseInstallPath.ShowDialog() == DialogResult.OK) { InstallPath = System.IO.Path.GetDirectoryName(BrowseInstallPath.FileName); WoWExe = InstallPath + "\\wow.exe"; PatchPath = InstallPath + "\\Data\\"; LocalMachineKey_Existence = Registry.LocalMachine.CreateSubKey(@"SOFTWARE\ExistenceWoW"); LocalMachineKey_Existence.SetValue("InstallPathLocation", InstallPath); LocalMachineKey_Existence.SetValue("PatchPathLocation", PatchPath); LocalMachineKey_Existence.SetValue("WoWExeLocation", WoWExe); } } } } The problem is: On some computer, it doesnt stores like it should be. For example, your wow.exe is in C:\ASD\wow.exe, your select it with the browse windows, then the program should store it in the Existence registry key as C:\ASD\Data\ but it stores like this: C:\ASDData , so it forgots a backslash :S Look at this picture: http://img21.imageshack.us/img21/2829/regedita.jpg My program works cool on my PC, and on my friends pc, but on some pc this "bug" comes out :S I have windows 7, with .NEt 3.5 Please help me.

    Read the article

  • User Control as container at design time

    - by Luca
    I'm designing a simple expander control. I've derived from UserControl, drawn inner controls, built, run; all ok. Since an inner Control is a Panel, I'd like to use it as container at design time. Indeed I've used the attributes: [Designer(typeof(ExpanderControlDesigner))] [Designer("System.Windows.Forms.Design.ParentControlDesigner, System.Design", typeof(IDesigner))] Great I say. But it isn't... The result is that I can use it as container at design time but: The added controls go back the inner controls already embedded in the user control Even if I push to top a control added at design time, at runtime it is back again on controls embedded to the user control I cannot restrict the container area at design time into a Panel area What am I missing? Here is the code for completeness... why this snippet of code is not working? [Designer(typeof(ExpanderControlDesigner))] [Designer("System.Windows.Forms.Design.ParentControlDesigner, System.Design", typeof(IDesigner))] public partial class ExpanderControl : UserControl { public ExpanderControl() { InitializeComponent(); .... [System.Security.Permissions.PermissionSet(System.Security.Permissions.SecurityAction.Demand, Name = "FullTrust")] internal class ExpanderControlDesigner : ControlDesigner { private ExpanderControl MyControl; public override void Initialize(IComponent component) { base.Initialize(component); MyControl = (ExpanderControl)component; // Hook up events ISelectionService s = (ISelectionService)GetService(typeof(ISelectionService)); IComponentChangeService c = (IComponentChangeService)GetService(typeof(IComponentChangeService)); s.SelectionChanged += new EventHandler(OnSelectionChanged); c.ComponentRemoving += new ComponentEventHandler(OnComponentRemoving); } private void OnSelectionChanged(object sender, System.EventArgs e) { } private void OnComponentRemoving(object sender, ComponentEventArgs e) { } protected override void Dispose(bool disposing) { ISelectionService s = (ISelectionService)GetService(typeof(ISelectionService)); IComponentChangeService c = (IComponentChangeService)GetService(typeof(IComponentChangeService)); // Unhook events s.SelectionChanged -= new EventHandler(OnSelectionChanged); c.ComponentRemoving -= new ComponentEventHandler(OnComponentRemoving); base.Dispose(disposing); } public override System.ComponentModel.Design.DesignerVerbCollection Verbs { get { DesignerVerbCollection v = new DesignerVerbCollection(); v.Add(new DesignerVerb("&asd", new EventHandler(null))); return v; } } } I've found many resources (Interaction, designed, limited area), but nothing was usefull for being operative... Actually there is a trick, since System.Windows.Forms classes can be designed (as usual) and have a correct behavior at runtime (TabControl, for example).

    Read the article

  • Business Objects: Refresh Data problem with .NET API

    - by jlrolin
    I'm currently using the BO API for .NET to connect to our reports database. In .NET, I'm getting the following error: Your security profile does not include permission to refresh Web Intelligence documents. (WIS 30253) Interestingly enough, I can log into BO, and I can refresh the data and grab prompts as I'm logged in. From .NET, with the same username and password, I can't seem to do so. Anybody have any thoughts on this?

    Read the article

  • Membership with Mysql, EF 1 and ASP.NET 3.5

    - by sanfra1983
    Hi, I created a web application with asp.net 3.5 and ado.net entity framework WebForms 1, but have not yet succeeded in creating a memebrship and roles. When I go on ASP.NET Configuration and click the Security Tab I get the following error: Keyword not supported. Parameter name: metadata Someone has already created an application with these same features to help me understand where is the problem? P.S.: I'm going crazy Thanks to all

    Read the article

  • Creating a MySQL view with an auto-incrementing id column

    - by hmemcpy
    I have a MySQL database from which a view is created. Is is possible to add an auto-incrementing id for each row in the view? I tried CREATE ALGORITHM=UNDEFINED DEFINER=`database_name`@`%` SQL SECURITY DEFINER VIEW `MyView` AS set @i = 0; select @i:=@i+1 as `id` ... but that doesn't work in a View. Sorry, my SQL is weak, any help is appreciated.

    Read the article

  • Permissions error when connecting to EC2 via SSH on Mac OSx

    - by resonantmedia
    I am new to EC2. I created my security credentials from this site: http://paulstamatiou.com/how-to-getting-started-with-amazon-ec2 It worked great, I rebooted and now when I try to connect I get a login/password prompt. (Which I never set up.) After several attempts I get this error: Permission denied (publickey,gssapi-with-mic). What am I doing wrong? Thanks, Josh

    Read the article

  • what to do when you are completely burnt out from working on a project ?

    - by dfafa
    so i started this SaaS project around July 2009, was expecting to finish it in 2 months. i ended up working on it for about 4 months straight, spending about 6~12 hours nearly everyday. then one day i just couldn't bare to look at the code. it seems like my efforts are being sucked in by some black hole. i would need to put lot of work to make incremental changes. i felt burnt out in December....and now it's May. i am working on the project maybe for about 10 hours every 2 weeks...i am not getting much done. it seems like it will never be perfect. the more i code, more problems and bugs to fix, its absolutely sickening. so what should i do now ? i have invested all of my available time and money, i've shut off all social connections and basically have been spending most of my time in my room working on my project alone. i feel consumed by this project i created ironically, to make my life easier.

    Read the article

  • Send A DataSet via Sockets in .NET

    - by FinancialRadDeveloper
    I had written a Web Service to return a DataSet back to my ASP.Net site and this was working fine. However due to security issues and also the ability to get certain references installed, I have to move this to an App Server and so doing it as a Windows Service and communicating with the ASP.Net site now via sockets. Is there a way I can easily give the Website a serialized DataSet via Sockets from my App Server so I can read this in and then just carry on using the code I currently have to bind this to a GridView?

    Read the article

  • Mcafee PCI Compliance failing on Session ID cookie?

    - by frio80
    Hello there. I am attempting to obtain PCI compliance for my site but the Mcafee security scan has thrown a: Potential Sensitive Persistent Cookie Sent Over a Non-Encrypted (SSL) Channel Drupal (default behavior) sets a session cookie when you simply arrive at the site. This is causing the problem. Clearly, the entire site shouldn't be under SSL; plenty of other sites set session cookies like this. What gives?

    Read the article

  • ADOdb Lite versus MySqli

    - by Sofyan
    Hello, I am working an a project to build an arcade site with PHP. I am considering using ADOdb Lite or MySqli. Which one is better for performance, speed and security? Thanks,

    Read the article

  • Preventing HTML character entities in locale files from getting munged by Rails3 xss protection

    - by Chris S
    We're building an app, our first using Rails 3, and we're having to build I18n in from the outset. Being perfectionists, we want real typography to be used in our views: dashes, curled quotes, ellipses et al. This means in our locales/xx.yml files we have two choices: Use real UTF-8 characters inline. Should work, but hard to type, and scares me due to the amount of software which still does naughty things to unicode. Use HTML character entities (&#8217; &#8212; etc). Easier to type, and probably more compatible with misbehaving software. I'd rather take the second option, however the auto-escaping in Rails 3 makes this problematic, as the ampersands in the YAML get auto-converted into character entities themselves, resulting in 'visible' &8217;s in the browser. Obviously this can be worked around by using raw on strings, i.e.: raw t('views.signup.organisation_details') But we're not happy going down the route of globally raw-ing every time we t something as it leaves us open to making an error and producing an XSS hole. We could selectively raw strings which we know contain character entities, but this would be hard to scale, and just feels wrong - besides, a string which contains an entity in one language may not in another. Any suggestions on a clever rails-y way to fix this? Or are we doomed to crap typography, xss holes, hours of wasted effort or all thre?

    Read the article

  • Get email address from OpenId using Jboss/Seam

    - by Andy
    I'm using the org.jboss.seam.security.openid.OpenId class to login user's to my seam webapp. Currently I'm saving the validatedId (openid.getValidatedId()) into the database, and asking the user to provide their own email address and first and last name after logging in. I'm using Google, Yahoo, AOL, and MyOpenID for the openId Providers. Is there any way to retrieve the email address and or first/last name of the user without having them enter this in manually?

    Read the article

  • Question about oracle db connection with .NET

    - by john
    I'm trying to connect to an oracle database with .net but i get the error: ERROR [IM002] [Microsoft][ODBC Driver Manager] Data source name not found and no default driver specified however, when I enter add a new database connection through toolsconnect to database. it works fine. even after copying the connection string which is: Data Source=source here;Persist Security Info=True;User ID=userhere;Password=pass;Unicode=True

    Read the article

  • Why can I call a non-const member function pointer from a const method?

    - by sdg
    A co-worker asked about some code like this that originally had templates in it. I have removed the templates, but the core question remains: why does this compile OK? #include <iostream> class X { public: void foo() { std::cout << "Here\n"; } }; typedef void (X::*XFUNC)() ; class CX { public: explicit CX(X& t, XFUNC xF) : object(t), F(xF) {} void execute() const { (object.*F)(); } private: X& object; XFUNC F; }; int main(int argc, char* argv[]) { X x; const CX cx(x,&X::foo); cx.execute(); return 0; } Given that CX is a const object, and its member function execute is const, therefore inside CX::execute the this pointer is const. But I am able to call a non-const member function through a member function pointer. Are member function pointers a documented hole in the const-ness of the world? What (presumably obvious to others) issue have we missed?

    Read the article

  • Giving writing permissions for IIS user at Windows 2003 Server

    - by Steve
    I am running a website over Windows 2003 Server and IIS6 and I am having problems to write or delete files in some temporary folder obtaining this kind of warmings: Warning: unlink(C:\Inetpub\wwwroot\cakephp\app\tmp\cache\persistent\myapp_cake_core_cake_): Permission denied in C:\Inetpub\wwwroot\cakephp\lib\Cake\Cache\Engine\FileEngine.php on line 254 I went to the tmp directory and at the properties I gave the IIS User the following permissions: Read & Execute List folder Contents Read And it still showing the same warnings. When I am on the properties window, if I click on Advanced the IIS username appears twice. One with Allow type and read & execute permissions and the other with Deny type and Special permissions. My question is: Should I give this user not only the Read & Execute permissions but also this ones?: Create Attributes Create Files/ Write Data Create Folders/ Append Data Delete Subfolders and Files Delete They are available to select if I Click on the edit button over the username. Wouldn't I be opening a security hole if I do this? Otherwise, how can I do to read and delete the files my website uses? Thanks.

    Read the article

  • Potential problem with C standard malloc'ing chars.

    - by paxdiablo
    When answering a comment to another answer of mine here, I found what I think may be a hole in the C standard (c1x, I haven't checked the earlier ones and yes, I know it's incredibly unlikely that I alone among all the planet's inhabitants have found a bug in the standard). Information follows: Section 6.5.3.4 ("The sizeof operator") para 2 states "The sizeof operator yields the size (in bytes) of its operand". Para 3 of that section states: "When applied to an operand that has type char, unsigned char, or signed char, (or a qualified version thereof) the result is 1". Section 7.20.3.3 describes void *malloc(size_t sz) but all it says is "The malloc function allocates space for an object whose size is specified by size and whose value is indeterminate". It makes no mention at all what units are used for the argument. Annex E startes the 8 is the minimum value for CHAR_BIT so chars can be more than one byte in length. My question is simply this: In an environment where a char is 16 bits wide, will malloc(10 * sizeof(char)) allocate 10 chars (20 bytes) or 10 bytes? Point 1 above seems to indicate the former, point 2 indicates the latter. Anyone with more C-standard-fu than me have an answer for this?

    Read the article

  • Losing session after Login - Java

    - by Patrick Villela
    I'm building an application that needs to login to a certain page and make a navigation. I can login, provided that the response contains a string that identifies it. But, when I navigate to the second page, I can't see the page as a logged user, only as anonymous. I'll provide my code. import java.net.*; import java.security.*; import java.security.cert.*; import javax.net.ssl.*; import java.io.*; import java.util.*; public class PostTest { static HttpsURLConnection conn = null; private static class DefaultTrustManager implements X509TrustManager { @Override public void checkClientTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} @Override public void checkServerTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {} @Override public X509Certificate[] getAcceptedIssuers() { return null; } } public static void main(String[] args) { try { SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(new KeyManager[0], new TrustManager[] {new DefaultTrustManager()}, new SecureRandom()); SSLContext.setDefault(ctx); String data = URLEncoder.encode("txtUserName", "UTF-8") + "=" + URLEncoder.encode(/*username*/, "UTF-8"); data += "&" + URLEncoder.encode("txtPassword", "UTF-8") + "=" + URLEncoder.encode(/*password*/", "UTF-8"); data += "&" + URLEncoder.encode("envia", "UTF-8") + "=" + URLEncoder.encode("1", "UTF-8"); connectToSSL(/*login url*/); conn.setDoOutput(true); OutputStreamWriter wr = new OutputStreamWriter(conn.getOutputStream()); wr.write(data); wr.flush(); BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream())); String line; String resposta = ""; while((line = rd.readLine()) != null) { resposta += line + "\n"; } System.out.println("valid login -> " + resposta.contains(/*string that assures me I'm looged in*/)); connectToSSL(/*first navigation page*/); rd = new BufferedReader(new InputStreamReader(conn.getInputStream())); while((line = rd.readLine()) != null) { System.out.println(line); } } catch(Exception e) { e.printStackTrace(); } } private static void connectToSSL(String address) { try { URL url = new URL(address); conn = (HttpsURLConnection) url.openConnection(); conn.setHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String arg0, SSLSession arg1) { return true; } }); } catch(Exception ex) { ex.printStackTrace(); } } } Any further information, just ask. Thanks in advance.

    Read the article

  • Runtime.exec causes duplicate JVM to hang indefinitely until killed (Solaris 10)

    - by John
    All, We are running a J2EE application on WebLogic server 9.2 MP2 with a jrockit 64-bit JVM (27.3.1) on Solaris 10. We call use runtime.exec to call an executable called jfmerge to create PDF documents. We have found that in Solaris, when runtime.exec is called, a duplicate JVM is temporarily spawned to kick off the jfmerge process. While this is inefficient (our JVM is 5 GB, thus the duplicated shell JVM is also 5 GB), the major problem lies in the fact that when there is heavy load on this functionality (PDF generation) in our application, sometimes the duplicated JVM never exits. When the JVM hangs, the servers create large issues (extreme application slowness and terminated user sessions) as the entire duplicate JVM get's all of its 5 GB of process size written to disk swap. We have noted the following hung thread correlated with a hung JVM process until the process is manually killed: "[STUCK] ExecuteThread: '17' for queue: 'weblogic.kernel.Default (self-tuning)'" id=3463 idx=0x158 tid=3460 prio=1 alive, in native, daemon at jrockit/io/FileNativeIO.readBytesPinned(Ljava/io/FileDescriptor;[BII)I(Native Method) at jrockit/io/FileNativeIO.readBytes(FileNativeIO.java:30) at java/io/FileInputStream.readBytes([BII)I(FileInputStream.java) at java/io/FileInputStream.read(FileInputStream.java:194) at java/lang/UNIXProcess$DeferredCloseInputStream.read(UNIXProcess.java:227) at java/io/BufferedInputStream.fill(BufferedInputStream.java:218) at java/io/BufferedInputStream.read(BufferedInputStream.java:235) ^-- Holding lock: java/io/BufferedInputStream@0xfffffffec6510470[thin lock] at gov/v3/common/formgeneration/sessionbean/FormsBean.getProcessStatus(FormsBean.java:809) at gov/v3/common/formgeneration/sessionbean/FormsBean.createPDF(FormsBean.java:750) at gov/v3/common/formgeneration/sessionbean/FormsBean.getTemplateDetails(FormsBean.java:450) at gov/v3/common/formgeneration/sessionbean/FormsBean.generateSinglePDF(FormsBean.java:1371) at gov/v3/common/formgeneration/sessionbean/FormsBean.generatePDF(FormsBean.java:263) at gov/v3/common/formgeneration/sessionbean/FormsBean.endorseDocument(FormsBean.java:2377) at gov/v3/common/formgeneration/sessionbean/Forms_qaco28_EOImpl.endorseDocument(Forms_qaco28_EOImpl.java:214) at gov/v3/delegates/common/FormsAndNoticesDelegate.endorseDocument(FormsAndNoticesDelegate.java:128) at gov/v3/actions/common/EndorseDocumentAction.executeRequest(EndorseDocumentAction.java:68) at gov/v3/fwk/controller/struts/action/V3CommonDispatchAction.dispatchToExecuteMethod(V3CommonDispatchAction.java:532) at gov/v3/fwk/controller/struts/action/V3CommonDispatchAction.executeBaseAction(V3CommonDispatchAction.java:336) at gov/v3/fwk/controller/struts/action/V3BaseDispatchAction.execute(V3BaseDispatchAction.java:69) at org/apache/struts/action/RequestProcessor.processActionPerform(RequestProcessor.java:484) at gov/v3/fwk/controller/struts/requestprocessor/V3TilesRequestProcessor.processActionPerform(V3TilesRequestProcessor.java:384) at org/apache/struts/action/RequestProcessor.process(RequestProcessor.java:274) at org/apache/struts/action/ActionServlet.process(ActionServlet.java:1482) at org/apache/struts/action/ActionServlet.doGet(ActionServlet.java:507) at gov/v3/fwk/controller/struts/servlet/V3ControllerServlet.doGet(V3ControllerServlet.java:110) at javax/servlet/http/HttpServlet.service(HttpServlet.java:743) at javax/servlet/http/HttpServlet.service(HttpServlet.java:856) at weblogic/servlet/internal/StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227) at weblogic/servlet/internal/StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125) at weblogic/servlet/internal/ServletStubImpl.execute(ServletStubImpl.java:283) at weblogic/servlet/internal/ServletStubImpl.execute(ServletStubImpl.java:175) at weblogic/servlet/internal/WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3231) at weblogic/security/acl/internal/AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic/security/service/SecurityManager.runAs(SecurityManager.java:121) at weblogic/servlet/internal/WebAppServletContext.securedExecute(WebAppServletContext.java:2002) at weblogic/servlet/internal/WebAppServletContext.execute(WebAppServletContext.java:1908) at weblogic/servlet/internal/ServletRequestImpl.run(ServletRequestImpl.java:1362) at weblogic/work/ExecuteThread.execute(ExecuteThread.java:209) at weblogic/work/ExecuteThread.run(ExecuteThread.java:181) at jrockit/vm/RNI.c2java(JJJJJ)V(Native Method) -- end of trace We would like to do a couple of things: 1.) Prevent the spawning of a duplicate JVM, as we do not need any of it's functions when executing the simple jfmerge executable, and it creates massive overhead. 2.) In the short term at least prevent this duplicate JVM from handing indefinitely.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 318 319 320 321 322 323 324 325 326 327 328 329  | Next Page >