Search Results

Search found 13059 results on 523 pages for 'security hole'.

Page 401/523 | < Previous Page | 397 398 399 400 401 402 403 404 405 406 407 408 | Next Page >

RewriteCond to change displayed host, but not server

- by coneybeare

Typing out the title to this leads me to believe this might not be possible due to security concerns, but I will ask anyway. I have shortcode support running on my server, lets call it xx.yy I want it so when a user sends a request to xx.yy, it just changes the displayed host to another valid domain running on the same box. I have this so far (lets the server know to accept requests from xx.yy): RewriteCond %{HTTP_HOST} ^.*xx.yy [NC] RewriteRule ^/(.*)$ http://127.0.0.1:<PORT_OMITTED>%{REQUEST_URI} [P,QSA,L] RewriteCond %{HTTP_HOST} ^.*mysite.com [NC] RewriteRule ^/(.*)$ http://127.0.0.1:<PORT_OMITTED>%{REQUEST_URI} [P,QSA,L] It works, and it directs the traffic into my app, but the url says http://xx.yy when I would rather it say http://mysite.com I know i could redirect to http://mysite.com instead of 127.0.0.1, but I have 4 parallel boxes of mysite.com and going back out to DNS to maybe go to another box seems like a waste when I am already here. Also, I am not sure how POST requests would work like that. What can I do?

Read the article
Creating java executable using JNI ?

- by Xinus

I am trying to create executable under windows platform for Java program using JNI ,C/C++ and invocation API, I have already created jar file for my program which includes all dependencies. I want to embed it in exe file, I was successful in running simple main class(present in file system) using JNI invocation API, I am planning to add jar file as resource in C/C++ program. But I don't know how do I run that jar file , One option is create temporary jar file on file system and run it using java, But I do not want to expose my jar file to everyone for security reasons, How can I run serialized jar file on the fly using JNI ?

Read the article
SQL Server Agent 2005 job runs but no output

- by alimack

Essentially I have a job which runs in BIDS and as as a stand lone package and while it runs under the SQL Server Agent it doesn't complete properly (no error messages though). The job steps are: 1) Delete all rows from table; 2) Use For each loop to fill up table from Excel spreasheets; 3) Clean up table. I've tried this [MS page][1] (steps 1 & 2), didn't see any need to start changing from Server side security. Also SQLServerCentral.com for [this page][2], no resolution. How can I get error logging or a fix? Note I've reposted this from Server Fault as it's one of those questions that's not pure admin or programming. I have logged in as the proxy account I'm running this under, and the job runs stand alone but complains that the Excel tables are empty?

Read the article
PHP complete sample website source

- by MarceloRamires

I'm new to PHP, and it appears that the way I learn the fastest is to study a new language a well developed complete program (or website, in this case) changing stuff seeing what happens and consulting books. There are lots of recommendations of books all around, and that's pretty much covered. I'd like to find the sourcecode of a website. Either a well known, well developed open-source website, or a sample sourcecode of a complete website (maybe one used in a book or something). Everyone says they should find the way they learn better.. Well, that's mine. PS.: By complete I mean having several common functionalities (such as login), database connection, use of security conventions, maybe a popular framework, and being up-to-date.

Read the article
Are there built-in issue tracking and task management in IDEs that integrate into SourceForge, Googl

- by Kai Sellgren

Hi, This question may not be exactly programming related, but this is about development. I have been trying to find IDEs that support JIRA/Bugzilla so that I could simply integrate the IDE with SourceForge. I do not like to refresh my browser to see issues, bug reports, security problems, etc. I would like to send issues, resolve issues, right from the IDE. I am currently developing with NetBeans, but I see no ways of integrating into any of the services provided by SourceForge. Am I missing something?

Read the article
At what point should I change the way Struts acquires the session token?

- by Hanno Fietz

It seems I have to find a different way to transmit the session token from a Flex client to a Struts backend without using cookies. If I were to put the session token in the payload of a request, at what point would I have to customize Struts' behaviour so that I can reuse as much of the existing session handling as possible? In particular, I don't want to reimplement whatever security measures (such as tying a token to an IP) and configuration parameters (such as session expiration interval). There's a CreateSession interceptor, rather early in the default stack, should I swap that with a subclassed version?

Read the article
ASP.NET AJAX or jQuery (UpdatePanel/ScriptManager or UFrame/jQuery.ajax)

- by Mark Redman

Hi, We use the asp.net UpdatePanel and the ScriptManager/ScriptManagerProxy for ajax related functionality; reducing full page refreshes and calling WCF Services respectively. we also use jQuery and plugins for some parts of the UI. We have had some issues with javascript library related conflicts, but have come across some posts indicating that there is a lot more overhead using the UpdatePanel. I have found some limited reference to UFrame: http://www.codeproject.com/KB/aspnet/uframe.aspx www.codeplex.com/uframe Is this a commercially viable replacement for the asp.net UpdatePanel? We use a ScriptManagerProxy to reference WCF services and easily create and use a proxy to call the various WCF service methods. Would using jQuery ajax be a more efficient solution here? We have got this working well on various browsers but now seem to be getting some security related issues (as seen in FF Firebug: Access to restricted URI denied" code: "1012) which seem to have started since using jQuery a lot more. Is it possible/viable to not use ASP.NET Ajax at all?

Read the article
Need an Asp.net MVC Application solution

- by Daoming Yang

I have implemented a small ordering and stock control system (for internal using) with the MVC 2 framework. Now my friends, they want to have a website to present the existing products for their customers. I know, I know they will ask me to do this one day. So in the beginning, I have made the controller name to start with "Admin". But now I am not sure the best way to implement their requirements. Could you advise me? 1.For the security reason, I did not allowed anonymous user to access the website a part from the CSS and image files. My question is the controllers' name are not folders' name, how could I set this up? 2.I'm planning to put the admin section into an "area" and will it be a good way to go? Can anyone provide me some suggestions. Many thanks.

Read the article
hash password in SQL Server (asp.net)

- by ile

Is this how hashed password stored in SQL Server should look like? This is function I use to hash password (I found it in some tutorial) public string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to: public string EncryptPassword(string password) { return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1"); } // example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8 Result from the image above looks like broken string, but this sha-1 looks normal.... Will this be secure enough?

Read the article
Cannot read app.config, why???

- by user46503

Hello, I'm trying to get data from app.config and I always get zero. The App.config is here: <?xml version="1.0" encoding="utf-8"?> <configuration> <connectionStrings> <add name="ExplorerContext" connectionString="metadata=res://*/ExplorerData.csdl|res://*/ExplorerData.ssdl|res://*/ExplorerData.msl;provider=System.Data.SqlClient;provider connection string="Data Source=MYT\SQLEXPRESS;Initial Catalog=Explorer;Integrated Security=True;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" /> </connectionStrings> </configuration> Could someone explain what is wrong, why I cannot get the values, System.Configuration.ConfigurationManager.AppSettings.Count is always 0 Thanks

Read the article
How to programaticaly gain root privileges ?

- by ereOn

I am writing a software (in C++, for Linux/Mac OSX) which runs as a non-privileged user and but needs root privileges at some point (to create a new virtual device). Running this program as root is not a option (mainly for security issues) and I need to know the identity (uid) of the "real" user. Is there a way to mimic the "sudo" command behavior (ask for user password) to temporarily gain root privileges and perform the particular task ? If so, which functions would I use ? Thank you very much for your help !

Read the article
Does CAS Support Application Level Impersonation?

- by Rob Wilkerson

I have a PHP application that is successfully authenticating against a CAS server. One of the features supported by the application is impersonation; a user with the appropriate privileges can impersonate another of the application. Generally, this isn't a problem because the app itself can keep track of who the user is impersonating and manage privileges (which are based on username). A new requirement has come up, though, that requires the original app to include, via an iframe, content from a second PHP app that is also CAS-enabled. Somehow, I need for the second app to know whether impersonation is happening in the first. I don't want to pass usernames around for security reasons, so I'm wondering whether I can offload the responsibility for handling impersonation to the CAS server which is shared by both apps. Thanks.

Read the article
MSDTC Distributed Transaction Coordinator Enabling

- by Curtis White

I've a web server and a separate SQL server. I'm trying to use transaction scope to ensure that SQL queries are completed with my linq queries. I wrap everything with this using (TransactionScope scope = new TransactionScope()) I want to know where I need to install DTC. Do I need to install it on the IIS 7.5 box AND the SQL server? Do I need to unblock some ports? Are there any security risk in doing so? I've setup this up once before but don't remember how. If I can't get access to DTC then is there any other way to ensure a lINQ and sql query is atomic?

Read the article
C# SQL Parameter Errors in Loops

- by jakesankey

Please help me out with this. I have this small application to load txt files into a sql db and it works fine with sqlite. When I ported to SQL I started getting 'parameter already declared' errors.. If anyone can help me reorganize this code, it would be great! I need to get the parameter definitions outside of the loops or something.. using System; using System.Data; using System.Data.SQLite; using System.IO; using System.Text.RegularExpressions; using System.Threading; using System.Collections.Generic; using System.Linq; using System.Data.SqlClient; namespace JohnDeereCMMDataParser { internal class Program { public static List<string> GetImportedFileList() { List<string> ImportedFiles = new List<string>(); using (SqlConnection connect = new SqlConnection(@"Server=FRXSQLDEV;Database=RX_CMMData;Integrated Security=YES")) { connect.Open(); using (SqlCommand fmd = connect.CreateCommand()) { fmd.CommandText = @"SELECT FileName FROM Import;"; fmd.CommandType = CommandType.Text; SqlDataReader r = fmd.ExecuteReader(); while (r.Read()) { ImportedFiles.Add(Convert.ToString(r["FileName"])); } } } return ImportedFiles; } private static void Main(string[] args) { using (SqlConnection con = new SqlConnection(@"Server=FRXSQLDEV;Database=RX_CMMData;Integrated Security=YES")) { con.Open(); using (SqlCommand insertCommand = con.CreateCommand()) { Console.WriteLine("Connecting to SQL server..."); SqlCommand cmdd = con.CreateCommand(); string[] files = Directory.GetFiles(@"C:\Documents and Settings\js91162\Desktop\", "R.txt*", SearchOption.AllDirectories); insertCommand.Parameters.Add(new SqlParameter("@FeatType", DbType.String)); insertCommand.Parameters.Add(new SqlParameter("@FeatName", DbType.String)); insertCommand.Parameters.Add(new SqlParameter("@Value", DbType.String)); insertCommand.Parameters.Add(new SqlParameter("@Actual", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@Nominal", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@Dev", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@TolMin", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@TolPlus", DbType.Decimal)); insertCommand.Parameters.Add(new SqlParameter("@OutOfTol", DbType.Decimal)); List<string> ImportedFiles = GetImportedFileList(); foreach (string file in files.Except(ImportedFiles)) { var FileNameExt1 = Path.GetFileName(file); cmdd.Parameters.Add(new SqlParameter("@FileExt", FileNameExt1)); cmdd.CommandText = @" IF (EXISTS (SELECT * FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'RX_CMMData' AND TABLE_NAME = 'Import')) BEGIN SELECT COUNT(*) FROM Import WHERE FileName = @FileExt; END"; int count = Convert.ToInt32(cmdd.ExecuteScalar()); con.Close(); con.Open(); if (count == 0) { Console.WriteLine("Parsing CMM data for SQL database... Please wait."); insertCommand.CommandText = @" INSERT INTO Import (FeatType, FeatName, Value, Actual, Nominal, Dev, TolMin, TolPlus, OutOfTol, PartNumber, CMMNumber, Date, FileName) VALUES (@FeatType, @FeatName, @Value, @Actual, @Nominal, @Dev, @TolMin, @TolPlus, @OutOfTol, @PartNumber, @CMMNumber, @Date, @FileName);"; string FileNameExt = Path.GetFullPath(file); string RNumber = Path.GetFileNameWithoutExtension(file); string RNumberE = RNumber.Split('_')[0]; string RNumberD = RNumber.Split('_')[1]; string RNumberDate = RNumber.Split('_')[2]; DateTime dateTime = DateTime.ParseExact(RNumberDate, "yyyyMMdd", Thread.CurrentThread.CurrentCulture); string cmmDate = dateTime.ToString("dd-MMM-yyyy"); string[] lines = File.ReadAllLines(file); bool parse = false; foreach (string tmpLine in lines) { string line = tmpLine.Trim(); if (!parse && line.StartsWith("Feat. Type,")) { parse = true; continue; } if (!parse || string.IsNullOrEmpty(line)) { continue; } Console.WriteLine(tmpLine); foreach (SqlParameter parameter in insertCommand.Parameters) { parameter.Value = null; } string[] values = line.Split(new[] { ',' }); for (int i = 0; i < values.Length - 1; i++) { SqlParameter param = insertCommand.Parameters[i]; if (param.DbType == DbType.Decimal) { decimal value; param.Value = decimal.TryParse(values[i], out value) ? value : 0; } else { param.Value = values[i]; } } } insertCommand.Parameters.Add(new SqlParameter("@PartNumber", RNumberE)); insertCommand.Parameters.Add(new SqlParameter("@CMMNumber", RNumberD)); insertCommand.Parameters.Add(new SqlParameter("@Date", cmmDate)); insertCommand.Parameters.Add(new SqlParameter("@FileName", FileNameExt)); // insertCommand.ExecuteNonQuery(); } } Console.WriteLine("CMM data successfully imported to SQL database..."); } con.Close(); } } } } FYI - the PartNumber, CMMNumber, Date, etc at the bottom are pulled from the file name and I need it in the table next to each respective record.

Read the article
Accessing Securised Web Service

- by Xstahef

Hi, I need to connect to a provider's web service with a Windows Form application. He gives me a certificate to access it but I have a security problem. I have done these following steps : Add certificate to personal store (on IE & Firefox) Generate a proxy with the remote wsdl (no problem) Use this code to call a method : `using (service1.MessagesService m = new service1.MessagesService()) { X509Certificate crt = new X509Certificate(@"C:\OpenSSL\bin\thecert.p12",string.Empty); m.ClientCertificates.Add(crt); var result = m.AuthoriseTransaction(aut); this.textBox1.AppendText(result.id.ToString()); }` I have the following error : The underlying connection was closed: Could not establish trust relationship for the channel SSL / TLS. Thanks for your help

Read the article
Issues with taglibs while using jasmine-maven-plugin to test dojo widgets with templates

- by user2880454

I am using jasmine-maven-plugin to run javascript unit tests for my dojo widgets. One of my dojo widgets refers to a html template jsp file with taglibs. When I initialize my dojo widgets, I get the following error: Error: Invalid template: <%@ taglib uri="http://www.springframework.org/security/tags" prefix="sec"% The plugin uses jetty to deploy the scripts to test. I tried including jstl jar into the WEB-INF folder but it doesn't work. I am assuming it's just not DOJO and this taglib issue can occur even with simple js file. I am looking for some clue on why taglibs are not recognized here. If I remove the taglib entries, my tests just work fine.

Read the article
getRequestProperty("Authorization") always returns null

- by Thilo

I am trying to read the authorization header for an HTTP request (because I need to add something to it), but I always get null for the header value. Other headers work fine. public void testAuth() throws MalformedURLException, IOException{ URLConnection request = new URL("http://google.com").openConnection(); request.setRequestProperty("Authorization", "MyHeader"); request.setRequestProperty("Stackoverflow", "anotherHeader"); // works fine assertEquals("anotherHeader", request.getRequestProperty("Stackoverflow")); // Auth header returns null assertEquals("MyHeader", request.getRequestProperty("Authorization")); } Am I doing something wrong? Is this a "security" feature? Is there a way to make this work with URLConnection, or do I need to use another HTTP client library?

Read the article
bluetooth emulators/simulators

- by scatman

what are the best bluetooth emulators/simulators? i have a project for the security course, and i chose bluetooth as my topic. so i need to create encryption algorithms using a bluetooth simulator and test them. i have already searched for the best emulaters, and the results were google anroid, and NS2. is there any emulator better? the languages i prefer to program with are c , c++ , and c# java is also not a problem but i prefer any of the above languages.

Read the article
Class Not found exception in JApplet.

- by Nitesh Panchal

Hello, I created a simple Applet using JApplet and everything seems to work fine but as soon i create an object of my userdefined class named ChatUser in my applet, i get this error :- SEVERE: java.lang.ClassNotFoundException: applet.ChatUser at com.sun.enterprise.loader.ASURLClassLoader.findClassData(ASURLClassLoader.java:713) at com.sun.enterprise.loader.ASURLClassLoader.findClass(ASURLClassLoader.java:626) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:247) at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:604) at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1575) at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1496) at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1732) at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351) at misc.ChatClient.run(ChatClient.java:43) Any idea what can be wrong? It only happens when i create an object of any user defined class. Do i need to set some security settings or something? Please help :(

Read the article
Implementing a 'Send Feedback' feature in a Java desktop application

- by William

I would like to implement a 'Send Feedback' option in a Java desktop application. One which will pop up a box for the user to enter a comment, then send it to us along with a screenshot of the application window. How would be the best way to communicate the data to us? Two obvious solutions spring to mind: Email - I'm thinking that the application would connect to an SMTP server set-up by us, with the username/password somehow hidden in the code. SMTP over SSL for security (not of the data being sent, but of the SMTP username/password). Web service - pretty self explanatory. Which of these would be best, or is there a better alternative?

Read the article
How has test first development changed the way you write software?

- by Toran Billups

I've started to find that I can't write software without writing a test first. I ask this subjective question because I want to hear what others in the community think about the reasons I can't go back to writing production code without a test first. If you can't write a test for something you don't understand it Without a regression test you can't clean the code You are going to test it anyway, spend the time to do it right Evolutionary design is possible without fear You actually write less code yourself Fast feedback cycles save time and money Job security (less bugs makes your boss happy) It actually makes my work more enjoyable

Read the article
File Encrypt/Decrypt under load?

- by chopps

I found an interesting article about encrypting and decrypting files but since it uses a file.dat to store the key this will run into problems when theres alot of users on the site dealing with alot of files. http://www.codeproject.com/KB/security/VernamEncryption.aspx?display=Print Should a new file be created every time a file needs decrypting or would there be a better way to do this? UPDATE: Here is what im using to avoid the locking problems. using (Mutex FileLock = new Mutex(true, System.Guid.NewGuid().ToString())) { try { FileLock.WaitOne(); using (FileStream fs = new FileStream(keyFile, FileMode.Open)) { keyBytes = new byte[fs.Length]; fs.Read(keyBytes, 0, keyBytes.Length); } } catch (Exception ex) { EventLog.LogEvent(ex); } finally { FileLock.ReleaseMutex(); } } I tested it on 1000 TIFFs doing both encryption and decryption without any errors.

Read the article
anonymous access disabled but...

- by Melody Friedenthal

My web app (asp VB 2005) uses Windows authentication. If the user isn't part of a specific AD security group they don't get to edit the data; instead I redirect the user to a read-only page. The program works fine in the IDE. I published the web app to my laptop and Disabled anonymous access. When I ran the program I got redirected to the read-only page. I added a write event to the application event log to see what was going on, and found that the WindowsPrincipal.Identity.Name contained my laptop's ID, not my user name. I reassert: anonymous access is disabled in IIS and the web.config file has Windows Authentication. Can anyone suggest what else to check? Or can you explain what's going on?

Read the article
ASP.NET MVC How to call a secured page from a windows app?

- by Malcolm

Hi, I have a MVC app that has forms authentication enabled. The app allows printing of invoices. I have an external app that converts html to pdf. How can I call the secured page from this pdf converter app so that some security remains? The PDF converter app just requires a URL. One thought was to create a HttpHandler for an extenion of say .print and pass a public key in the URL qureystring that can be validated by the MVC app. Any ideas on this? Malcolm

Read the article
How do you handle passwords or credentials for standalone applications?

- by Abel Morelos

Let's say that you have a standalone application (a Java application in my case) and that this application has a configuration file (a XML file in my case) where you store the credentials (user and password) for a bunch of databases you need to connect. Everything works great, but now you discover (or your are given a new requirement like me) that you have to put this application in a different server and that you can't have these credentials in the configuration files because of security and/or compliance considerations. I'm considering to use data sources hosted in the application server (a WAS server), but I think this could have poor performance and maybe it's not the best approach since I'm connecting from a standalone application. I was also considering to use some sort of encryption, but I would like to keep things as simple as possible. How would you handle this case? Where would you put these credentials or protect them from being compromised? Or how would you connect to your databases in this scenario?

Read the article

< Previous Page | 397 398 399 400 401 402 403 404 405 406 407 408 | Next Page >