Search Results

Search found 13059 results on 523 pages for 'security hole'.

Page 399/523 | < Previous Page | 395 396 397 398 399 400 401 402 403 404 405 406  | Next Page >

• Execute Oracle RAC cluster commands via Solaris RBAC?

  - by David Citron

  Executing Oracle RAC cluster management commands such as $ORA_CRS_HOME/bin/crs_start requires root permissions. Using Solaris RBAC (Role-Based Access Control), one can give a non-root user permissions to execute those commands, but the commands still fail internally. Example: $pfexec /opt/11.1.0/crs/bin/crs_stop SomeArg CRS-0259: Owner of the resource does not belong to the group. Is there a complete RBAC solution for Oracle RAC or does the executor need to be root? EDIT: Note that my original /etc/security/exec_attr contained: MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0 MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0 As Martin suggests below, this needed to be changed to add gid=0 as: MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0;gid=0 MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0;gid=0

  Read the article

• Why isn't UTF-8 allowed as the "ANSI" code page?

  - by dan04

  The Windows _setmbcp function allows any valid code page... (except UTF-7 and UTF-8, which are not supported) OK, not supporting UTF-7 makes sense: Characters have non-unique representations and that introduces complexity and security risks. But why not UTF-8? As I understand it, the "ANSI" versions of the Windows API functions convert their arguments to UTF-16, call the equivalent "W" function, and convert any strings in the output to "ANSI". This is what I've been doing manually. So why can't Windows do it for me?

  Read the article

• Grails deploy on Tomcat6

  - by Jack

  Hello, while trying to deploy a Grails application into tomcat6 I ran into some problems: I used the grails war command to build up a war, then copied it to var/lib/tomcat6/webapps and tried to restart the container. I had to change default Tomcat policy to skip security exceptions, since I couldn't access environment variable (like grails.env), then tried again but it gives me an exception related to instantiating something, but it's not clear where should I try to fix the error, according to tomcat6 logs the problem is: SEVERE: Exception sending context initialized event to listener instance of class org.codehaus.groovy.grails.web.context.GrailsC$ org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'pluginManager' defined in ServletContext$ at java.lang.Thread.run(Thread.java:619) Caused by: org.codehaus.groovy.grails.exceptions.NewInstanceCreationException: Could not create a new instance of class [Hiberna$ ... 1 more Caused by: java.lang.NoClassDefFoundError: org.hibernate.cfg.Environment It seems like it's unable to load org.hibernate.cfg.Environment class. I checked the applicationContext.xml and it refers to grails.xml to search for plugins, in this last file I actually have HibernateGrailsPlugin. Where should I look to find if the plugin is present?

  Read the article

• URL encoded POST bad practice?

  - by StackedCrooked

  I am (just for fun) trying to implement a High Score web-service. I would like it be compatible with REST principles. I want to be able to add a new highscore using url parameters like this http://mydomain.com/hs/add&name=John&score=987. According to REST this must be done using a POST request. Which leads to empty POST request with all data contained in the URL parameters. Would this be considered a bad practice? Update Security is currently not a big concern.

  Read the article

• How can I change or remove HttpRequest input arguments in a HttpModule

  - by Eric Gunn

  Is it possible to change or remove http request form inputs in an httpmodule? My goal is to create a security IHttpmodule that will check the request for reasonable values, such as limits on acceptable input and query parameter length, or use the AntiXSS Sanitizer to remove threats, log potential hack attempts, etc. before a request is passed on to a processor. Because this is a cross cutting concern I'd prefer to find a solution that applies to all requests and affects all ways request values could be accessed, Reqest.Form, Action(model), Action(FormCollection), HttpContext.Current.Request.Form, etc. I'm using MVC and have considered creating custom model binders to clean the data before creating the model instance. But that would be application specific, require remembering to register every model binder and only apply to Action(model).

  Read the article

• Why is this not a bug in qmail?

  - by jemfinch

  I was reading DJB's "Some thoughts on security after ten years of Qmail 1.0" and he listed this function for moving a file descriptor: int fd_move(to,from) int to; int from; { if (to == from) return 0; if (fd_copy(to,from) == -1) return -1; close(from); return 0; } It occurred to me that this code does not check the return value of close, so I read the man page for close(2), and it seems it can fail with EINTR, in which case the appropriate behavior would seem to be to call close again with the same argument. Since this code was written by someone with far more experience than I in both C and UNIX, and additionally has stood unchanged in qmail for over a decade, I assume there must be some nuance that I'm missing that makes this code correct. Can anyone explain that nuance to me?

  Read the article

• How to force Weblogic to start deployments in active state (i.e. not just prepared)

  - by doublep

  When I start a Weblogic instance with a deployed application, the deployment is sometimes left in prepared state, not in active state. I have to go to Weblogic Console and start the deployment manually, which is quite slow and annoying repetetive work. Since this is done on a development machine — sometimes 50 times a day, — there are no security implication as the server is only visible on the local network. Is there some way to have it always start the deployment active? Note that I'm not redeploying the application, I instead have it "constantly deployed" and stop/start the Weblogic instance using the scripts in bin directory.

  Read the article

• F# Interactive bug?

  - by John Reynolds

  I've tried the following code in VS2010: open System.Security.Cryptography let rsaTest1 = let ecKey = [|0uy..143uy|] // junk data for testing let ecKeyMod = ecKey.[8..8+128-1] let ecKeyExp = ecKey.[136..136+8-1] let rsa = RSAParameters(Modulus = ecKeyMod, Exponent = ecKeyExp) rsa let rsaTest2 = let ecKey = [|0uy..143uy|] // junk data for testing let rsa = RSAParameters(Modulus = ecKey.[8..8+128-1], Exponent = ecKey.[136..136+8-1]) rsa If I highlight all code and send it to F# Interactive (Alt+Enter), then rsaTest1 works, but rsaTest2 gives an error message, System.NullReferenceException: Object reference not set to an instance of an object. at <StartupCode$FSI_0004>.$FSI_0004.main@() in P:\proj\Tachograph\Project\CompuTachTest\CompuTachTest\rsaTest.fsx:line 16 However, if I change rsaTest2 from a value into a function and call it, let rsaTest2 () = let ecKey = [|0uy..143uy|] // junk data for testing let rsa = RSAParameters(Modulus = ecKey.[8..8+128-1], Exponent = ecKey.[136..136+8-1]) rsa let x = rsaTest2 () then there is no error. F# bug or my mistake?

  Read the article

• Postback problem downloading zip file

  - by Chris Conway

  I've got a problem on a webforms application where a user selects some criteria from dropdowns on the page and hits a button on the page which calls this method: protected void btnSearch_Click(object sender, EventArgs e) They then click on button to download a zip file based on the criteria which calls this method: protected void btnDownload_Click(object sender, EventArgs e) In IE, they are prompted with the bar at the top of the browser that tells them "To help protect your security, Internet Explorer blocked this site from downloading files to your computer". When they click on that bar to download the file, it fires the btnSearch_Click event again. Response.ContentType and Response.AddHeader has been set up correctly. The problem is, that btnSearch appends criteria so basically it is being appended twice and causing problems. Is there something I can do to prevent this? This is a vs2008 web app using c# 3.5 for what it's worth. Thanks!

  Read the article

• How to Canonicalize a Stax XML object.

  - by Enrique San Martín

  Hello, i want to Canonicalize a Stax object, the program it's doing it with DOM, but dom can't manage big XML documents (like 1GB), so STAX it's the solution. The Code that i have it's: File file=new File("big-1gb.xml"); org.apache.xml.security.Init.init(); DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); DocumentBuilder documentBuilder = dfactory.newDocumentBuilder(); Document doc = documentBuilder.parse(file); Canonicalizer c14n = Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); outputBytes = c14n.canonicalizeSubtree(doc.getElementsByTagName("SomeTag").item(0)); The idea it's do the code below with Stax... Thx :)

  Read the article

• Trouble Avoiding Microsoft Outlook's Email Warning

  - by talbright

  I have a set of records in Microsoft Access that I am trying to send in an Email. The email feature works great. Except a warning message pops up every time a message is ready to send, and the user has to click "Allow" or "Deny" for every email sent. I looked up a workaround, and have been following the tutorial for it: http://www.everythingaccess.com/tutorials.asp?ID=Outlook-Send-E-mail-Without-Security-Warning. My problem is that when I put my message in the function it always returns false, and the message fails. Any help would be appreciated. Dim sendMail As Boolean Dim strMessage As String strMessage = Some Message sendMail = FnSafeSendEmail(![Email Id], "Subject", strMessage) The entire "FnSafeSendEmail" function can be found in the link provided. These are the parameters though. Public Function FnSendMailSafe(strTo As String, _ strCC As String, _ strBCC As String, _ strSubject As String, _ strMessageBody As String, _ Optional strAttachments As String) As Boolean The error is thrown on this line of the function. Dim blnSuccessful As Boolean blnSuccessful = objOutlook.FnSendMailSafe(strTo, strCC, strBCC, _ strSubject, strMessageBody, _ strAttachmentPaths)

  Read the article

• Where to place java applet policy file?

  - by makdere

  Hi all, I am working on an artificial intelligence project which is a logic game and aims two user connecting to the server on the network who acts as an Admin and then start to play one by one. In order to create connections, i have a server code which is just listening on localhost:8000 and assigning team values to the clients as they arrive. After connecting, clients make their move under Admin's control. The question is that when i try to put my code to work in the browser it fails with the following error: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:8000 connect,resolve) Even though i have created my own policy, first granting only Socket access permission to the codebase of my project folder (file:///home/xxx/projects/-), after it didnt work i granted all permissions from all codebase. I tried placing my policy file both in the home directory and in the same directory where my applet code resides. Appreciate any tips, thanks.

  Read the article

• LDAP in medium trust

  - by eych

  I've have a solution with one website and several projects. The projects all have the AllowPartiallyTrustedCallers attribute and are strongly-named. The site works in full trust. However, after set the trust to medium, I get the System.Security.SecurityException: Request failed. error as soon as I browse to the site. In my projects, I have calls to LogOnUser, as well as many calls to variousSystem.DirectoryServices.AccountManagement methods. Can this site run with medium trust or do I have to have full trust for all the LDAP calls? As I mentioned, I've set the AllowPartiallyTrustedCallers attribute on all projects. Not sure what else to do. Also, I have no idea what/where the error is being generated. The event logs on the server have nothing in regards to this SecurityException. Is there any way to find out what the error location is so maybe I can attempt to rewrite some code? [running .NET 4.0 on Win2k8R2]

  Read the article

• Start multiple processes of a dll in delphi

  - by Tom

  I have a "ActiveX library" project created with Delphi 2007. The library interface return XML data based on input values. This is then used by a PHP script that displays the data on a web page. This works great! The problem is that i can only run one instance of the dll process on the server. However, for security reasons, each of my customer should be able to access their own process of the dll (because the dll is always connected to only one database). Also, because of the way the delphi code is built, it doesn't support multiple threads. (It's a 100 000+ lines project using lots of singleton classes) Is there a way of starting several instances of the same dll? Is there a better way of transferring XML data from delphi to PHP? Sorry for the longish question, any help is appreciated (ps. I know the delphi code should be refactored, but this would mean 6 months of "circular reference" -hell :)

  Read the article

• What are the main benefits of implementing a virtual machine as part of an application?

  - by Marplesoft

  Several databases I've been looking at recently implement a virtual machine internally to perform the respective data reads and writes. For an example, check out this article on SQLite's virtual machine they call the 'VDBE'. I'm curious as to what the benefits of such an architecture are. I would assume performance is one but why would a virtual machine like this run faster? In fact, it seems to be that this extra layer could cause it to run slower. So perhaps it's for security? Or portability? Anyway, just curious about this.

  Read the article

• Why .NET ASMX web service on secure.site.com can't be called from www.site.com?

  - by user118657

  Hello, We have a web service on https://secure.site.com/service.asmx it works fine from https://secure.site.com/consumer.html but when we try to use it from https://www.site.com/consumer.html we can't do it. Getting 403 error. I'ts probably something related to webservice security (because of different subdomains) but I can't figure out what. How to make https://secure.site.com/service.asmx be accessible from https://www.site.com/consumer.html? Update: Calling webserivce using JQuery Ajax. $.ajax({ type: "POST", url: "https://secure.site.com/service.asmx/method", data: {}, dataType: "xml", success: method_result, error: AjaxFailed }) ; Thanks.

  Read the article

• How can I launch a system command via Javascript in Google Chrome?

  - by kvsn

  I want to execute a local program on my computer via Javascript in Chrome. In Firefox, it can be done as follows (after setting 'signed.applets.codebase_principal_support' to true in about:config): function run_cmd(cmd, args) { netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); var file = Components.classes["@mozilla.org/file/local;1"] .createInstance(Components.interfaces.nsILocalFile); file.initWithPath(cmd); var process = Components.classes["@mozilla.org/process/util;1"] .createInstance(Components.interfaces.nsIProcess); process.init(file); process.run(false, args, args.length); } What's the equivalent code for Chrome?

  Read the article

• NHibernate and SetSessionAuth audit columns

  - by user86431

  We have audit columns set by triggers. For obscure security reasons predating my tenure and out of my control, we log in with a generic user, and do a 'set session authorization' to change the user to the db user of the user who is logged in. When we converted to NHibernate, it creates a whole new session and jacks everything up when we try to do a set session auth, so we turned the set session auth off... Now we are trying to find out a way to get NHibernate to let us do 'set session authorization' without recycling the session on us, so we can use our existing trigger based audit column stuff with both legacy apps, and our new NHibernate apps. It's not a ideal soloution, or the best way to do it even, but is it possible? I was hoping there was a alternate interface that allowed this kind of access. Does anyone know how to do it, or can you point me towards and good hints? Thanks, Eric-

  Read the article

• Converting SQL to LINQ to XML

  - by Morano88

  I'm writing the following code to convert SQL to LINQ and then to XML: SqlConnection thisConnection = new SqlConnection(@"Data Source=3BDALLAH-PC;Initial Catalog=XMLC;Integrated Security=True;Pooling=False;"); thisConnection.Open(); XElement eventsGive = new XElement("data", from c in ?????? select new XElement("event", new XAttribute("start", c.start), new XAttribute("end",c.eend), new XAttribute("title",c.title), new XAttribute("Color",c.Color), new XAttribute("link",c.link))); Console.WriteLine(eventsGive); The name of the table is "XMLC" and I want to refer to it. How can I do that? When I put its name directly VS gives an error. Also when I say thisConnection.XMLC it doesn't work.

  Read the article

• Anyone run recurring payments in their website? Preferably; Paypal API

  - by James

  I'm wrapping up my startup and will need to implement Paypal API into my sign up page. Does anyone use recurring payments via Paypal API integrated into their billing? Better yet, guide me to a trustable developer with experience or will I have to use Elance? I need it to go to a welcome/get started screen in their logged in account once they hit the 'create account' button after filling out billing info. I was also wondering, can you leave the CSC (3 digit security code) field out with integration, because it makes things very hard for recurring payments. I'd like to stick with Paypal, as I have been very satisfied with them for a few years now; I already checked out Chargify, authorize.net, etc. I'd love to see someone with something like this set up already to take a look at and ask a few questions.

  Read the article

• What is a read only collection in C#?

  - by acidzombie24

  I ran a security code analyst i found myself having a CA2105 warning. I looked at the grade tampering example. I didnt realize you can assign int[] to a readonly int. I thought readonly was like the C++ const and makes it illegal. The How to Fix Violations suggest i clone the object (which i dont want to do) or 'Replace the array with a strongly typed collection that cannot be changed'. I clicked the link and see 'ArrayList' and adding each element one by one and it doesnt look like you can prevent something adding more. So when i have this piece of code what is the easiest or best way to make it a read only collection? public static readonly string[] example = { "a", "b", "sfsdg", "sdgfhf", "erfdgf", "last one"};

  Read the article

• What are the app pool identity and account for anonymous access for?

  - by apollodude217

  I understand what the two are used for, except I don't know what each does--i.e. what one is for vs. what the other is for. (I usually set them to the same account anyway.) If you're not sure what accounts I'm talking about, in the IIS manager thingy: Right-click on the app pool in question, go to Properties, and click the Identity tab to see the App Pool Identity. Right-click a Web site, go to Properties - Directory Security, and click Edit under Anonymous Access and authentication control to view the Account for anonymous access.

  Read the article

• asp.net webservice user management across pages

  - by nakori

  I'm developing a site that will display confidential readonly information, with data fetched from a WCF service. My question: What is the best approach to user management across different information pages. The service returns a collection with customer info after a secure login. My idea is to have a Customer object class that is stored in session. Is it possible to use things like HttpContext.Current.User.Identity.IsAuthenticated followed by HttpContext.Current.Session["UserId"] without using a database with role-based security? Would I be better off with a combination of local database, Linq to SQL or datasets rather than using just class objects for data fetched from service? thanks, nakori

  Read the article

• FOSUserBundle: embedding the login form and choosing its template

  - by tirengarfio

  i want to insert the login form of FOSUserBundle in my template like this: <div id="sidebar"> {% render "FOSUserBundle::Security::login" %} </div> but not to render the template that is been calling in the code of loginAction() originally. I have thought I'd find useful the possibility of passing the template I want to render as a parameter as 'max' in this example: <div id="sidebar"> {% render "AcmeArticleBundle:Article:recentArticles" with {'max': 3} %} </div> Is that possible in symfony2? If not.. should I create another action for my bundle with the same code inside of loginAction? or should I modify the original loginAction code and write control structures? if(currentPage == 'home') renderResponse('template1') else renderResponse('template2')

  Read the article

• How to verify a digital signature with openssl

  - by Aaron Carlino

  I'm using a thirdparty credit card processing service (Paybox) that, after a successful transaction, redirects back to the website with a signature in the URL as a security measure to prevent people from manipulating data. It's supposed to prove that the request originated from this service. So my success URL looks something like this: /success.php?signature=[HUGE HASH] I have no idea where to start with verifying this signature. This service does provide a public key, and I assume I need to create a private key, but I don't know much beyond that. I'm pretty good with linux, and I know I'll have to run some openssl commands. I'm writing the verification script in PHP, which also has native openssl() functions. If anyone could please push me in the right direction with some pseudo code, or even functional code, I'd be very grateful. Thanks.

  Read the article

< Previous Page | 395 396 397 398 399 400 401 402 403 404 405 406  | Next Page >