Search Results

Search found 13059 results on 523 pages for 'security hole'.

Page 396/523 | < Previous Page | 392 393 394 395 396 397 398 399 400 401 402 403 | Next Page >

Why exactly is eval evil?

- by Jay

I know that Lisp and Scheme programmers usually say that eval should be avoided unless strictly necessary. I´ve seen the same recommendation for several programming languages, but I´ve not yet seen a list of clear arguments against the use of eval. Where can I find an account of the potential problems of using eval? For example, I know the problems of GOTO in procedural programming (makes programs unreadable and hard to maintain, makes security problems hard to find, etc), but I´ve never seen the arguments against eval. Interestingly, the same arguments against GOTO should be valid against continuations, but I see that Shemers, for example, won´t say that continuations are "evil" -- you should just be careful when using them. They´re much more likely to frown upon code using eval than upon code using continuations (as far as I can see -- I could be wrong).

Read the article
How to communicate/share a session between pages over HTTP and HTTPS

- by spirytus

What is common practice for coding web applications where part of the site has to be secured (e.g. checkout section) and part not necessarily, let's say homepage? As far as I know sharing sessions in between HTTP and HTTPS parts of the site is not easily possible (or is it?). What would be common approach if I wanted to display on HTTP page like homepage, shopping cart data (items) that users ordered on HTTPS pages? How those two parts of the site would communicate if necessary? Also isn't it security flaw in popular shopping carts as it seems that many of these have only checkout pages secured (SSL) and the rest not? I'm using PHP if it makes any difference.

Read the article
Make SQL Server 2005 accessible via Internet

- by Gary Joynes

I have an application that runs on a client's server built on a SQL Server 2005 database. We have now developed an ASP.NET v2 application which connects to this database. This web application will be hosted on an ISP's server but needs to access the SQL Server database on the client's server. The client's server has a firewall and so forth so I assume it should be possible to make the SQL Server accessible via the Internet but of course I am woriied about security. Can someone point me to some best practices to achieve this.

Read the article
rpcbind authorization problems

- by Milan

Hy, I am using rpcbind (SunRPC) on Arch linux and python rpc.py (wich use standard python socket module) interface for comunication with it, but every time I try to send request for registration or unregistration to rpcbind I get message that I am rejected for security reasons. Only situation when everything works is that when I call rpcbind in insecure mode (rpcbind -i) but I realy want to make everything works in secure mode.I found information from rpcbind datasheet that i can make request in secure mode only from loopback address, but I have tried every aproach i had knew to make such socket and everything fall down. Please help me. Thank you

Read the article
Adding AllowPartiallyTrustedCallersAttribute To Paypal ASP.NET SDK

- by snwr

Currently, I cannot use Paypal Pro on my host (GoDaddy) because it requires Full trust level. After digging in Google, it seems a workaround is possible by adding AllowPartiallyTrustedCallersAttribute to the Paypal assembly. I have seen code samples that use AllowPartiallyTrustedCallersAttribute in their AssemblyInfo.cs file, however, I've yet to run into a code example that also happens to be using PayPal. My question is where should the AllowPartiallyTrustedCallersAttribute be added in my project if my objective is to make the PayPal assembly work? I have tried adding it to my AssemblyInfo.cs for the project that contains the entire website, but I have not been successful. At this point, any insight or shot in the dark would be greatly appreciated. Even if someone could point me in the general direction of some documentation I would be grateful. AllowPartiallyTrustedCallersAttribute Reference: http://msdn.microsoft.com/en-us/library/system.security.allowpartiallytrustedcallersattribute.aspx

Read the article
problem in loading class from 'me.prettyprint.hector.api.Serializer'

- by dhananjay patil

I have created executable jar but having some problem with Class not found Exception. When I type command: java -jar JarFileName.jar arguments.. I get error message, Exception in thread "main" java.lang.NoClassDefFoundError: me/prettyprint/hector/api/Serializer at com.ensarm.niidle.web.scraper.NiidleScrapeManager.main(NiidleScrapeManager.java:21) Caused by: java.lang.ClassNotFoundException: me.prettyprint.hector.api.Serializer at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) ... 1 more please tell me solution for this,class is not getting loaded from the external jar

Read the article
How should I use random.jumpahead in Python

- by Peter Smit

I have a application that does a certain experiment 1000 times (multi-threaded, so that multiple experiments are done at the same time). Every experiment needs appr. 50.000 random.random() calls. What is the best approach to get this really random. I could copy a random object to every experiment and do than a jumpahead of 50.000 * expid. The documentation suggests that jumpahead(1) already scrambles the state, but is that really true? Or is there another way to do this in 'the best way'? (No, the random numbers are not used for security, but for a metropolis hasting algorithm. The only requirement is that the experiments are independent, not whether the random sequence is somehow predictable or so)

Read the article
Attribute class not calling constructor

- by Coppermill

I have created an Attribute, call MyAttribute, which is performing some security and for some reason the Constructor is not being fired, any reason why? public class Driver { // Entry point of the program public static void Main(string[] Args) { Console.WriteLine(SayHello1("Hello to Me 1")); Console.WriteLine(SayHello2("Hello to Me 2")); Console.ReadLine(); } [MyAttribute("hello")] public static string SayHello1(string str) { return str; } [MyAttribute("Wrong Key, should fail")] public static string SayHello2(string str) { return str; } } [AttributeUsage(AttributeTargets.Method)] public class MyAttribute : Attribute { public MyAttribute(string VRegKey) { if (VRegKey == "hello") { Console.WriteLine("Aha! You're Registered"); } else { throw new Exception("Oho! You're not Registered"); }; } }

Read the article
Do I need to auto-login after account activation?

- by Art

This is the standard scenario: User registers on the site User receives an account activation email, clicks link to activate Web site notifies the user that account is activated Now there are at least two pathways: User is taken to the login screen and asked to enter login details User is automatically logged in and taken to a welcome/profile/etc page While there are obvious benefits in (1) as far as the user's experience is concerned, there could be drawbacks as well. Option (2) offers improved security at cost of UX. Which of the scenarios is preferable and why? Any serious flaws in any of them?

Read the article
Macros no longer working in VS2005

- by NPVN

I'm using VS2005 on Vista. I'm using some macros, but now they have suddenly stopped working. No error messages of any kind. I am not aware of having done anything that could trigger this. I have made sure that "Allow macros to run" is checked in Tools-Options-Addin/Macro Security. I have tried running the macros from a keyboard shortcut, from the Macro Explorer, and from the Macros IDE, all in vain: The little spinning icon displays shortly (<1 sec) and then disappears without the macro being executed. I have tried putting a breakpoint on the first line of the macro and then executing it from the main IDE, with no effect (the breakpoint isn't hit). I have tried the same from the Macro IDE: The state changes to "running", but the breakpoint isn't hit. I have to break the execution manually. Any ideas?

Read the article
Why don't web fonts in Firefox don't work on a different domain?

- by mikez302

I was experimenting with the fancy new OpenType font capability in Firefox 3.5 and I ran into a problem. I was trying to embed a font on a different domain than the page it would be used on, and it didn't work. I thought it may have been a bug, but from what I read on the MDC reference page, I noticed this note: In Gecko, web fonts are subject to the same domain restriction (font files must be on the same domain as the page using them), unless HTTP access controls are used to relax this restriction. It looks like they designed the browser that way on purpose. Out of curiosity, why would they do that? Is there any security risk with embedding a font? Or is it for legal trademark or copyright issues? Or something else?

Read the article
Is there a way in PHP to check if a directory is a symlink?

- by tixrus

The title says it all. I have symlinks to certain directories because the directories' names have non English characters that I got fed up trying to get apache's rewrite rules to match. There's a bounty on that question http://stackoverflow.com/questions/2916194/trouble-with-utf-8-chars-apache2-rewrite-rulesif anyone wants to go for it, and from the looks of things a lot of people would like to see a general solution to this problem, but meanwhile I made a plain ascii symlink to each of these offending directories. Now the rewrite rules are back to just alpha and _ and - and my security concerns are less and it loads the resources I want. But I still need the actual target directory name for display purposes. I googled "PHP directory info, PHP symlink" but didn't find anything. I need to do something like this: if (is_symlink($myResDirName)) { $realDirName = follow_symlink($myResDirName); }

Read the article
Is it possible to use JSONP on the server?

- by Denis Hoctor

Hi all, I'm stuck on a clients host that has medium trust setup which blocks cross domain requests and need data from a 3rd party domain. I now have the option to use JSONP. I've used JSONP from the client with jQuery to get around the browsers cross domain security and I've used HttpWebRequest in ASP.Net 3.5. Is it possible to use JSON on the server and if so how? I don't think it is, but worth asking seeing as I already have this app written server side.... Thanks, Denis

Read the article
Lotus Notes doesn't send customised button

- by damo_inc

Hi All, I created a customised button with some simple actions attached to it in Lotus Notes 6.5. It's just a simple voting button, which I emailed to a group of nearly 200 people. While sending I got a pop up telling me that the button can't be send. After about 10 seconds I got a first reply asking 'where's the button'. Then an avalanche of very clever emails followed, such as: 'no button', 'where's the button', etc. Before I spammed everyon I had tried the email on my work mate and the button went through fine! Any ideas? I suspect some security policy.... I really need to send this mail and get the survey results, so I don't want to fail again. Any suggestions appreciated. Many Thanks, Damo

Read the article
Use of COM object in IIS 7

- by Wouter d.A.

Hi all, I am currently moving an ASP.NET web-project from an IIS 6 to a IIS 7 hosting environment. Everything seems to be running OK, except my calls to a COM object. I can perfectly instantiate an object of the COM type, but when I call one of its methods, the IIS crashes. The event log reports an error code "0xc0000374", which indicates a heap corruption. When I run the application inside the visual studio development server, everything goes well and the COM object code gets executed without any errors. This is also the case when the application is hosted on an IIS 6 machine. I have looked through all settings of the IIS 7 and have not found anything configurable for COM objects, like security or ... I have been struggling with this for a while and I'm out of ideas. Does anyone have any experience deploying COM objects on IIS 7? Your help would be very appreciated!

Read the article
Generate SQL Server Express database from Entity Framework 4 model

- by Cranialsurge

I am able to auto-generate a SQL Server CE 4.0 *.sdf file using code-first generation as explained by Scott Guthrie here. The connection string for the same is as follows: <add name="NerdDinners" providerName="System.Data.SqlServerCe.4.0" connectionString="data source=|DataDirectory|NerdDinner.sdf"/> However if I try to generate an mdf instead using the following connection string, it fails to do so with the following error - "The provider did not return a ProviderManifestToken string.". <add name="NerdDinners" providerName="System.Data.SqlClient" connectionString="data source=|DataDirectory|NerdDinner.mdf"/> Even directly hooking into a SQLEXPRESS instance using the following connection string fails <add name="NerdDinners" providerName="System.Data.SqlClient" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=NerdDinner;Integrated Security=True"/> Does EF 4 only support SQL CE 4.0 for database creation from a model for now or am I doing something wrong here?

Read the article
About local Final varibles in java

- by Sathish

In java Program, parameters which is defined as String in method declaration.But in method definition it is accessed as final String variable. Whether it'll lead to some issues (like security, memory problem)? For Example: Method Declaration join(String a,String b); Method definition public void join(final String a,final String b) { Authenticator au = new Authenticator(){ public PasswordAuthentication getPasswordAuthentication(){ return new PasswordAuthentication(a,b)} }; } Please help for me and clarify my doubts. Thanks in advance P.S. I;m accessing a and b as final variable because i've to use it in the inner class.

Read the article
c# xml string special characters

- by sam

Please help explain why the dataset cannot read the encoded xml? string xml = "<?xml version=\"1.0\" standalone=\"yes\" ?> <DataSet><node>it's my \"node\" & i like it</node></DataSet>"; string encodedXml = System.Security.SecurityElement.Escape(xml); DataSet ds = new DataSet(); ds.ReadXml(New XmlTextReader(new StringReader(encodedXml))); I have checked the link http://weblogs.sqlteam.com/mladenp/archive/2008/10/21/Different-ways-how-to-escape-an-XML-string-in-C.aspx What i want to do is to read a string with special characters into a dataset. But the code cannot locate the special characters in the string, c# added all the \ so the linenumber is not accurate generated by XmlException object. Anyone could provide the code to read a string with special characters into a dataset. thanks very much

Read the article
VS2010 Clean Web.configs - not updating

- by cw

Hello, I'm messing around with MVC 2.0 on VS2010 and am having an issue getting the clean web config feature working. Basically in my Web.debug.config I have <connectionStrings xdt:Transform="Replace"> <add name="ApplicationServices" connectionString="Server=localhost;Database=SITE_DB;User ID=dbuser;Password=P@ssw0rd;Trusted_Connection=False;" /> </connectionStrings> and in my Web.config I have <connectionStrings> <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> When I run the site in debug mode, I'd expect that xdt:Transform="Replace" would replace the entire connectionStrings section with what is in the Web.debug.config. Am I assuming wrong? Or am I doing something else incorrect. Not much info posted around this and I'd figure I'd ask you guys.

Read the article
Decompressing file with gzip produces file with no read-permissions on Windows 7

- by Abiel

I am attempting to decompress a .gz file using the GnuWin32 gzip program in Windows 7. I have full permissions on the compressed file, and my user account is an administrator. However, I end up not having read permissions on the decompressed file. To get read permissions I would have to manually change the permissions on it through right-clicking and selecting Properties Security. I am able to do this exact same thing with no permission problems in Windows XP, which leads me to believe that Windows 7's user account control system is causing problems. Does anyone know what I can do to make things work as I would expect (read permission on the decompressed file) in Windows 7? Thanks.

Read the article
A web framework where AJAX was not an after thought

- by Pirate for Profit

AJAX is a pain in the ass because it essentially means you'll have to write two sets of similarish code: one for browsers with JavaScript enabled and those without. Not only this, but you have to connect JavaScript events to hook into your models and display the results. And if all that weren't bad enough, you need to send an address change with the request, otherwise the user won't be able to "click back" correctly (if confused look at what happens to the address bar when you click links in GMail). We're searching for something that had the foresight and design goals with all these concerns in mind. Performance and security are also obvious major concerns. We love config-based systems as well, where you don't have to write a lot of code you just drop it into an easily read config format. It's like asking for the holy grail right?

Read the article
What's wrong with this SQL Server query ?

- by ClixNCash

What's wrong this T-SQL query : Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click Dim SQLData As New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True") Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT COUNT(*) FROM Table1 WHERE Name ='" + TextBox1.Text + "'", SQLData) SQLData.Open() If cmdSelect.ExecuteScalar > 0 Then Label1.Text = "You have already voted this service" Return End If Dim con As New SqlConnection Dim cmd As New SqlCommand con.Open() cmd.Connection = con cmd.CommandText = "INSERT INTO Tabel1 (Name) VALUES('" & Trim(Label1.Text) & "')" cmd.ExecuteNonQuery() Label1.Text = "Thank You !" SQLData.Close() End Sub

Read the article
Digital signature integration with software written in java

- by Serkan Kasapbasi

hi everyone, i'm extremely rookie on this security field, so please forgive if my questions are dumb. i am asked to convert and migrate couple "Lotus Forms" forms to our software that is written in java. One thing in forms that bother me is digital signatures. These forms can be signed by digital signatures, probably generated by "Silanis Approve-it". as i have said before, i dont have much knowledge about this technology. and strangely couldnt find any tutorial or example of integrating digital signature and java. So what are the possibilities here ? how my code read a digital signature, sign a document with this signature? There should be an API or something that is provided by vendors right :)

Read the article
WCF Windows service permissions problem

- by Elad

I have created a WCF service and hosted it using Windows Services host. To install the project I created an installation project (as described here). In the tutorial, it says to define in the ProjectInstaller.cs the serviceProcessInstaller1 Account property to be Network Service. When using this setting the service did not started on the server. When I tried to start the process manually, it immediately return to stopped state. After when I changed the Account to LocalSystem the service works properly. My questions are: Any ideas why it won't work with Network Service account? What are the security implications of using a server with LocalSystem account? This server is used locally in the intranet as a reporting server for other servers.

Read the article
System.Web.AspNetHostingPermission Exception on New Deployment

- by Jason N. Gaylord

I have a friend that is moving a web application from one server over to another. The new server has the same settings as the first server, however, he's running into a Security issue. Here's the error details: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. The Event Viewer does not point to anything specific in the web.config file or anything. The web applicaiton is on the C: drive. This is a Windows Server 2008 R2 x64 server with a brand new IIS 7 installation. IIS is set in classic mode for this app pool.

Read the article

< Previous Page | 392 393 394 395 396 397 398 399 400 401 402 403 | Next Page >