Search Results

Search found 13059 results on 523 pages for 'security hole'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 398/523 | < Previous Page | 394 395 396 397 398 399 400 401 402 403 404 405  | Next Page >

  • Criteria for selecting software for embedded device

    - by Suresh Kumar
    We are currently evaluating Web servers for an embedded device. We have laid down the evaluation criteria for things like HTTP version, Security, Compression etc. On the embeddable side, we have identified the following criteria: Memory footprint Memory management (support for plugging in a custom memory manager) CPU usage Thread usage (support for thread pool) Portability What I want inputs on is: Are there any other criteria that an embeddable software should meet? What exactly does it mean when someone says that a software is designed for embeddable use? We currently have zeroed in on two Web servers: AppWeb Lighttpd (lighty) Feature wise, both the above Web servers seem to be on par. However, it is claimed that AppWeb is designed for embedded use while Lighttpd is not. To choose between the above two Web servers, what criteria should I be looking at?

    Read the article

  • WCF: what timeout property to use?

    - by Tom234
    I have a piece of code like so NetTcpBinding binding = new NetTcpBinding(SecurityMode.Transport); binding.Security.Message.ClientCredentialType = MessageCredentialType.Windows; binding.CloseTimeout = new TimeSpan(0, 0, 1); binding.OpenTimeout = new TimeSpan(0, 0, 1); binding.SendTimeout = new TimeSpan(0, 0, 1); binding.ReceiveTimeout = new TimeSpan(0, 0, 1); EndpointAddress endPoint = new EndpointAddress(new Uri(clientPath)); DuplexChannelFactory<Iservice> channel = new DuplexChannelFactory<Iservice>(new ClientCallBack(clientName), binding, endPoint); channel.Ping() When the endpoint doesn't exist it still waits 20seconds before throwing an EndpointNotFoundException. The weird thing is that when i changed the SendTimeout the exception message changed from The connection attempt lasted for a time span of 00:00:20 to ....01 but still took 20seconds to throw the exception! How can i change this timeout?

    Read the article

  • Concepts a web application developer should know?

    - by iama
    I think it is imperative for web application developers to know the answers surrounding the following general questions on web development irrespective of the programming language/framework used. What authentication mechanisms HTTP offer & what are their pros and cons? Why should one go for FORMS authentication? How to secure authentication or for that matter any transactions via HTTP? How to maintain state in HTTP? What are the downsides to maintaining state via cookie & what happens when browsers disable them? Security issues like cross site scripting, session hijacking etc. What other questions a web developer should have answers for similar to the ones above that are programming language/web framework agnostic?

    Read the article

  • ptrace'ing of parent process

    - by osgx
    Hello Can child process use the ptrace system call to trace its parent? Os is linux 2.6 Thanks. upd1: I want to trace process1 from "itself". It is impossible, so I do fork and try to do ptrace(process1_pid, PTRACE_ATTACH) from child process. But I can't, there is a strange error, like kernel prohibits child from tracing their parent processes UPD2: such tracing can be prohibited by security policies. Which polices do this? Where is the checking code in the kernel? UPD3: on my embedded linux I have no errors with PEEKDATA, but not with GETREGS: child: getregs parent: -1 errno is 1, strerror is Operation not permitted errno = EPERM

    Read the article

  • Administrators vs Programmers: Who's got more people Interaction / Working hours?

    - by sanksjaya
    Well, I've heard programmers get to interact with other programmers quiet a lot. But, who gets to meet a lot of new people on a daily basis at work without getting the feeling "Goosh! I'm stuck with him/this for another year :(" - Admins or Coders? And what kind of people domain do each get to interact with? Secondly, I've had this myth for a long time that unlike programmers, Network/System/Security Admins get locked-up in a den and juiced up late nights and early mornings. Most of the time they had to slip out of work without being noticed. But recently one of my seniors from my grad school told he had to work late and on weekends for a product release. How true and often does this happen with programmers and admins?

    Read the article

  • Sessionstate not being saved between pages

    - by Grant
    Hi, i am having problems with an asp.net c# site whereby i am setting a session state object to true and then redirecting to another page that needs to check the value of the session state object and it is null. Sometimes it is set correctly and other times is is simply null. When i debug on my local machine it works perfectly every time. Only when i upload to my web server does this temperamental behaviour happen. As it is based around the security of the site it is obviously important that the session data be valid and accurate every time. Is session state data unreliable? AFAIK its set to inproc, cookieless, 30 min timeout, vanilla installation of IIS. Does anyone have any suggestions? Perhaps i need to thread.sleep inbetween the storing of the session data and the reading? NB: the time between the write and the read is about 70ms.. ample time for the data to be written to RAM.....

    Read the article

  • samba windows gvim & "READ ERRORS"

    - by l.thee.a
    I have a samba server on my embedded box. I was planning to use it to edit files easily. However when I open files on my windows machine, I get read errors. I have tried textpad, gvim and kate(andLinux). On gvim I first get "write error in swap file" and it is replaced by "[READ ERRORS]". If I access the same file through pyNeighborhood (ubuntu) I can read/write/delete etc. Samba security is set to share and guest user is root. Also if I move the file to my ubuntu samba server, I get no problems. Any ideas? PS: I am using smbd 3.0.25b.

    Read the article

  • Automatic e-mail processing

    - by Jon Harrop
    I'd like to write a .NET application in F# to automate some of the processing of my e-mails. For example, when an order comes in my program might compute a new htpasswd from the e-mail's contents, upload it to our web server and reply to the customer with login details. How do people do this? I've tried Outlook 2007 automation but it just prompts the user for security and my attempts to get it to stop doing this have failed so I cannot automate anything with it. Is there a .NET-friendly e-mail client I can use more easily? This has been so tedious that I'm seriously considering writing my own .NET-friendly e-mail client...

    Read the article

  • application authentication design ideas

    - by Berryl
    Hello I am working with on an app that uses wpf / silverlight on the front end and nhibernate on the back end, and looking for some design ideas to address authentication; I was looking at Rhino Security which I think is pretty slick and certainly useful, but doesn't in and of itself seem to address authentication. That said, I am looking for something of a technology agnostic overview of authentication design issues at this point. Does anyone have any links and / or experiences with an authentication design that is relatively easy to adapt to different common technologies. Cheers, Berryl

    Read the article

  • What are the pros and cons to keeping SQL in Stored Procs versus Code

    - by Guy
    What are the advantages/disadvantages of keeping SQL in your C# source code or in Stored Procs? I've been discussing this with a friend on an open source project that we're working on (C# ASP.NET Forum). At the moment, most of the database access is done by building the SQL inline in C# and calling to the SQL Server DB. So I'm trying to establish which, for this particular project, would be best. So far I have: Advantages for in Code: Easier to maintain - don't need to run a SQL script to update queries Easier to port to another DB - no procs to port Advantages for Stored Procs: Performance Security

    Read the article

  • WCF 4: Fileless Activation Fails On XP (IIS 5) that has SSL port enabled.

    - by Richard Collette
    I have a service being hosted in IIS on XP via fileless activation. The service starts fine when there is no SSL port enabled for IIS but when the SSL port is enabled, I get the error message: System.ServiceModel.ServiceActivationException: The service '/SkillsPrototype.Web/services/Linkage.svc' cannot be activated due to an exception during compilation. The exception message is: A binding instance has already been associated to listen URI 'http://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc'. If two endpoints want to share the same ListenUri, they must also share the same binding object instance. The two conflicting endpoints were either specified in AddServiceEndpoint() calls, in a config file, or a combination of AddServiceEndpoint() and config. . ---> System.InvalidOperationException: A binding instance has already been associated to listen URI 'http://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc'. If two endpoints want to share the same ListenUri, they must also share the same binding object instance. The two conflicting endpoints were either specified in AddServiceEndpoint() calls, in a config file, or a combination of AddServiceEndpoint() and config. My service model configuration is <system.serviceModel> <diagnostics wmiProviderEnabled="true"> <messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="3000"/> </diagnostics> <standardEndpoints> <webHttpEndpoint> <standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" /> </webHttpEndpoint> </standardEndpoints> <behaviors> <serviceBehaviors> <behavior> <serviceMetadata httpGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="true" /> </behavior> </serviceBehaviors> </behaviors> <bindings> <webHttpBinding> <binding> <security mode="None"> <transport clientCredentialType="None"/> </security> </binding> </webHttpBinding> </bindings> <protocolMapping> </protocolMapping> <services> </services> <serviceHostingEnvironment multipleSiteBindingsEnabled="false"> <serviceActivations> <clear/> <add factory="System.ServiceModel.Activation.WebScriptServiceHostFactory" service="SkillsPrototype.ServiceModel.Linkage" relativeAddress="~/Services/Linkage.svc"/> </serviceActivations> </serviceHostingEnvironment> </system.serviceModel> When you look in the svclog file, there two base addresses that are returned when SSL is enabled, one for http and one for https. I suspect that this is part of the issue but I am not sure how to resolve it. <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent"> <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system"> <EventID>524333</EventID> <Type>3</Type> <SubType Name="Information">0</SubType> <Level>8</Level> <TimeCreated SystemTime="2010-06-16T17:40:55.8168605Z" /> <Source Name="System.ServiceModel" /> <Correlation ActivityID="{95927f9a-fa90-46f4-af8b-721322a87aaa}" /> <Execution ProcessName="aspnet_wp" ProcessID="1888" ThreadID="5" /> <Channel/> <Computer>RCOLLET</Computer> </System> <ApplicationData> <TraceData> <DataItem> <TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Information"> <TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.ServiceHostBaseAddresses.aspx</TraceIdentifier> <Description>ServiceHost base addresses.</Description> <AppDomain>/LM/w3svc/1/ROOT/SkillsPrototype.Web-1-129211836532542949</AppDomain> <Source>System.ServiceModel.WebScriptServiceHost/49153359</Source> <ExtendedData xmlns="http://schemas.microsoft.com/2006/08/ServiceModel/CollectionTraceRecord"> <BaseAddresses> <Address>http://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc</Address> <Address>https://rcollet.hsb-corp.hsb.com/SkillsPrototype.Web/Services/Linkage.svc</Address> </BaseAddresses> </ExtendedData> </TraceRecord> </DataItem> </TraceData> </ApplicationData> </E2ETraceEvent> I can't post the full service log due to character limits on the post.

    Read the article

  • How to generate a cryptographically secure Double between 0 and 1?

    - by Portman
    I know how to generate a random number between 0 and 1 using the NextDouble method of the pseudo-random number generator. var rng1 = new System.Random(); var random1 = rng1.NextDouble(); // generates a random double between 0 and 1.0 And I know how to fill a random byte array using the cryptographically secure random number generator. Byte[] bytes = new Byte[8]; var rng2 = new System.Security.Cryptography.RNGCryptoServiceProvider(); rng2.GetBytes(bytes); // generates 8 random bytes But how can I convert the byte-array output of RNGCryptoServiceProvider into a random number between 0 (inclusive) and 1 (exclusive)?

    Read the article

  • Passing value in silverlight

    - by Dilse Naaz
    How can pass a value from one page to another page in silverlight. I have one silver light application which contains two pages, one xaml.cs file and one asmx.cs file. I have one text box in xaml page names Text1. My requirement is that at the time of running, i could pass the textbox value to asmx.cs file. How it will be done? my code in asmx.cs file is public string DataInsert(string emp) { SqlConnection conn = new SqlConnection("Data Source=Nisam\\OFFICESERVERS;Initial Catalog=Employee;Integrated Security=SSPI"); SqlCommand cmd = new SqlCommand(); conn.Open(); cmd.Connection = conn; cmd.CommandText = "Insert into demo Values (@Name)"; cmd.Parameters.AddWithValue("@Name", xxx); cmd.ExecuteNonQuery(); return "Saved"; } the value xxx in code is replaced by the passed value from xaml.cs page. pls help me

    Read the article

  • Apache 13 permission denied in user's home directory

    - by Dave
    Hi, My friend's website was working fine until he moved the document root from /var/www/xxx to /home/user/xxx Apache give 13 permission denied error messages when we try to access the site via a web browser. The site is configured as a virtual directory. All the Apache configurations were unchanged (except for the directory change). We tried to chmod 777 /home/user/xxx, chown apache /home/user/xxx. But they didn't work. Is there some kind of security feature set on the user's home directories? The server OS is CentOS (Godaddy VPS). Any help is appreciated! Thanks!

    Read the article

  • For Loop help In a Hash Cracker Homework.

    - by aaron burns
    On the homework I am working on we are making a hash cracker. I am implementing it so as to have my cracker. java call worker.java. Worker.java implements Runnable. Worker is to take the start and end of a list of char, the hash it is to crack, and the max length of the password that made the hash. I know I want to do a loop in run() BUT I cannot think of how I would do it so it would go to the given max pasword length. I have posted the code I have so far. Any directions or areas I should look into.... I thought there was a way to do this with a certain way to write the loop but I don't know or can't find the correct syntax. Oh.. also. In main I divide up so x amount of threads can be chosen and I know that as of write now it only works for an even number of the 40 possible char given. package HashCracker; import java.util.*; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; public class Cracker { // Array of chars used to produce strings public static final char[] CHARS = "abcdefghijklmnopqrstuvwxyz0123456789.,-!".toCharArray(); public static final int numOfChar=40; /* Given a byte[] array, produces a hex String, such as "234a6f". with 2 chars for each byte in the array. (provided code) */ public static String hexToString(byte[] bytes) { StringBuffer buff = new StringBuffer(); for (int i=0; i<bytes.length; i++) { int val = bytes[i]; val = val & 0xff; // remove higher bits, sign if (val<16) buff.append('0'); // leading 0 buff.append(Integer.toString(val, 16)); } return buff.toString(); } /* Given a string of hex byte values such as "24a26f", creates a byte[] array of those values, one byte value -128..127 for each 2 chars. (provided code) */ public static byte[] hexToArray(String hex) { byte[] result = new byte[hex.length()/2]; for (int i=0; i<hex.length(); i+=2) { result[i/2] = (byte) Integer.parseInt(hex.substring(i, i+2), 16); } return result; } public static void main(String args[]) throws NoSuchAlgorithmException { if(args.length==1)//Hash Maker { //create a byte array , meassage digestand put password into it //and get out a hash value printed to the screen using provided methods. byte[] myByteArray=args[0].getBytes(); MessageDigest hasher=MessageDigest.getInstance("SHA-1"); hasher.update(myByteArray); byte[] digestedByte=hasher.digest(); String hashValue=Cracker.hexToString(digestedByte); System.out.println(hashValue); } else//Hash Cracker { ArrayList<Thread> myRunnables=new ArrayList<Thread>(); int numOfThreads = Integer.parseInt(args[2]); int charPerThread=Cracker.numOfChar/numOfThreads; int start=0; int end=charPerThread-1; for(int i=0; i<numOfThreads; i++) { //creates, stores and starts threads. Runnable tempWorker=new Worker(start, end, args[1], Integer.parseInt(args[1])); Thread temp=new Thread(tempWorker); myRunnables.add(temp); temp.start(); start=end+1; end=end+charPerThread; } } } import java.util.*; public class Worker implements Runnable{ private int charStart; private int charEnd; private String Hash2Crack; private int maxLength; public Worker(int start, int end, String hashValue, int maxPWlength) { charStart=start; charEnd=end; Hash2Crack=hashValue; maxLength=maxPWlength; } public void run() { byte[] myHash2Crack_=Cracker.hexToArray(Hash2Crack); for(int i=charStart; i<charEnd+1; i++) { Cracker.numOfChar[i]////// this is where I am stuck. } } }

    Read the article

  • Displaying Powerpoint slides on a web page automatically

    - by Jamie
    Anyone know of any Flash components that would do the job of displaying an external PPT/PPTX file in a Flash movie on a web page? Or a way of automatically parsing uploaded Powerpoint docs from a PHP-based CMS and displaying them on a web page. Our client needs to be able to upload a Powerpoint documents on their site without any intervention (if necessary). I know about Slideshare and the like, but the content needs to live on the client's web server due to security restrictions. Also, Adobe Presenter seems to require Adobe software/plugins on the clients machine which wouldn't be ideal. Thanks in advance

    Read the article

  • Trouble getting Flash socket policy file to work.

    - by Alex
    Basically I'm using Flash to connect to a Java server. Despite my Java application replying to the , in the Flash debug log it lists (not sure about the order as there are lots): * Security Sandbox Violation * Connection to 192.168.1.86:4049 halted - not permitted from http://127.0.0.1:8888/Current/wander.swf Warning: Timeout on xmlsocket://192.168.1.86:4049 (at 3 seconds) while waiting for socket policy file. This should not cause any problems, but see http://www.adobe.com/go/strict_policy_files for an explanation. Error: Request for resource at xmlsocket://192.168.1.86:4049 by requestor from http://127.0.0.1:8888/Current/wander.swf is denied due to lack of policy file permissions. What I don't understand is, the server (port 4049) receives the request, outputs the policy file and then closes the connection, surely it shouldn't time out? The policy file I'm using is: <?xml version="1.0"?> <cross-domain-policy><allow-access-from domain="*" to-ports="*" /> </cross-domain-policy>

    Read the article

  • Scheduled task username changed

    - by Ernst
    Hi, I created a user on our exchange server, but later changed the username. Now, when I create a scheduled task for that user, and change it's settings (run only when logged on), the username is automatically changed back to the old username. What's causing this and how do I make sure the correct, new username is used for the task (otherwise it won't run), security settings are okay. I did already log in with a different user to delete the profile on the computer and tried again with this user to no avail. The OS is windows xp, the exchange server is on windows server 2003. Thanks

    Read the article

  • AesCryptoServiceProvider not part of SymmetricAlgorithm?

    - by user330006
    I have a quick little app that steps through the possible symmetric encryption methods. I get them with the following line: private static List<Type> GetAlgorithmTypes { get { return Assembly.GetAssembly(typeof(SymmetricAlgorithm)).GetTypes().Where( type => type.IsSubclassOf(typeof(SymmetricAlgorithm))).ToList(); } } As you can see when i run this, AesCryptoServiceProvider is not a member of this group, even though it inherits from AES, which does belong to SymmetricAlgorithm and shows up in my list. This wouldn't be so much of a problem, i can manually add the provider in the group if i have too, but then if i try to retrieve this type by its name: Type t = Type.GetType("System.Security.Cryptography.AesCryptoServiceProvider"); i get a null object for AesCryptoServiceProvider, but not for any of the other items in the group. This is really strange, and i'm wondering if anyone has any ideas. It's kinda making me need to use tripleDES because of this (since my machines are all running the FIPS compliance requirement). Thanks for any help!

    Read the article

  • Storing script files outside web root

    - by memilanuk
    I've seen recommendations to store some or all php include files some place other than in the web document root directory (username/public_html in my case) for the specific reason of protecting php files with sensitive information (like database connection and login info) in the event that the web server hiccups and stops protecting php files and they become 'visible' to outsiders who know where to look. It seems somewhat paranoid to me, but I'm guessing people have gotten burned badly on this before so I'm willing to go along. The suggestion usually takes the form of having the include files in something like '../include_files/' so its not directly in the document root and not directly accessible to outsiders through the web server. My question is this: is there a significant difference in security between that way and just putting your 'include_files' directory under the document root and sticking an .htaccess file in there (with the appropriate entries)? Would putting an .htaccess file in '../include_files/' make any significant improvement there? TIA, Monte

    Read the article

  • accessing pdf via https URL

    - by Paul
    I send out a newsletter email containing URLs to a https website that then redirects to a pdf document. On first invocation of a URL the user is prompted with the typical https browser "security alert" popup, on selecting "Yes" the display of the PDF fails. The HTTP Header on the failed response is: HTTP/1.1 200 OK Server: ECS/HTTP-Server Date: Tue, 16 Mar 2010 15:57:26 GMT Content-type: application/pdf Content-language: en-US Set-cookie: JSESSIONID=0000r111cRz1Vc-PtCJg8Cdu4eR:-1; Path=/ Expires: Thu, 01 Dec 1994 16:00:00 GMT Cache-control: no-cache="set-cookie, set-cookie2" Connection: close Subsequent invocations of the URL successfully opens the PDF (at this point we have the session id cookie set by the initial failed request). The HTTP Header on the successful response is: HTTP/1.1 200 OK Server: ECS/HTTP-Server Date: Tue, 16 Mar 2010 16:53:03 GMT Content-type: application/pdf Content-language: en-US Connection: close The email client is Lotus Notes 6.5 which launches an IE6 browser Any ideas?

    Read the article

  • Non-string role names in ASP.NET MVC?

    - by MikeWyatt
    ASP.NET MVC has good support for role-based security, but the usage of strings as role names is maddening, simply because they cannot be strongly-typed as enumerations. For example, I have an "Admin" role in my app. The "Admin" string will now exist in the Authorize attribute of my action, in my master page (for hiding a tab), in my database (for defining the roles available to each user), and any other place in my code or view files where I need to perform special logic for admin or non-admin users. Is there a better solution, short of writing my own authorization attribute and filter, that would perhaps deal with a collection of enumeration values?

    Read the article

  • Check for Existence of a Result in Linq-to-xml

    - by NateD
    I'm using Linq-to-XML to do a simple "is this user registered" check (no security here, just making a list of registered users for a desktop app). How do I handle the result from a query like this: var people = from person in currentDoc.Descendants("Users") where (string)person.Element("User") == searchBox.Text select person; I understand the most common way to use the result would be something like foreach (var line in people){ //do something here } but what do you do if person comes back empty, which is what would happen if the person isn't registered? I've looked around on this site and on MSDN and haven't found a really clear answer yet. Extra credit: Give a good explanation of what people contains.

    Read the article

  • [ASP.NET] Problems with error: "Access to the path <path> is denied."

    - by Tony
    Hi, I was looking for the the trick to resolve that error (google, stackoverflow.com etc) and every nothing works. I need to dinamically create an .aspx file via the asp.net application. What I've done to try fix it: 1) In the folder's Properties - Security, I've added IUSR_TONY and also IIS_IUSRS and allow them the Full control to the folder. Just to check if that will help. Nope, it won't. 2) in the IIS Manager, I tried to change the Application's Pool Defaults Identity (based on that) I checked all options, with no success I don't know what to do more to fix it. Any ideas ?

    Read the article

  • Prepend 'www' to an HTTPS url using .htaccess & mod_rewrite

    - by webfac
    I have a dilemma with this one. With the following code I am able to force SSL on any non SSL url, however when the user (and results from Google) take the user to http://mysite.co.za then we hit an issue as the url is then rewritten to https://mysite.co.za Due to the fact that my certificate is bound to www.mysite.co.za it immediately throws a security error because of the missing 'www' in the url. Can someone point out a way to add the www to the domain when the domain starts with HTTPS and not HTTP? Much appreciated. And the current code to add the https:// is as follows: RewriteCond %{HTTP_HOST} !^www\. RewriteCond %{HTTPS}s ^on(s)| RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 394 395 396 397 398 399 400 401 402 403 404 405  | Next Page >