Search Results

Search found 13059 results on 523 pages for 'security hole'.

Page 403/523 | < Previous Page | 399 400 401 402 403 404 405 406 407 408 409 410  | Next Page >

• Django or Drupal, which one should I use that suits best my needs ?

  - by HJ-INCPP

  Hello, I want to learn and use Drupal or Django for the following: dynamic web sites, medium database, multi-level users, paypal integration, content managment, speed (developing), security I like MVC, ORM and object-oriented prg. Which is better to jump into ? Which one is more mature, powerful, understandable, object-oriented and easier to use by the time ? What about Python Spring ... Also, which of these 3 are better documented, are better for a cv and have more extensions? Known languages: php, java, mysql Thank you !

  Read the article

• Sanitize HTML before storing in the DB or before rendering? (AntiXSS library in ASP.NET)

  - by user102533

  I have an editor that lets users add HTML that is stored in the database and rendered on a web page. Since this is untrusted input, I plan to use Microsoft.Security.Application.AntiXsSS.GetSafeHtmlFragment to sanitize the HTML. Should I santiize before saving to the database or before rendering the untrusted input into the webpage? Is there an advantage in including the AntiXSS source code in my project instead of just the DLL? (Maybe I can customize the white list?) Which class file should I look in for actual implementation of the GetSafeHtmlFragment

  Read the article

• Is it possible to use Integrated Windows Auth when Server isn't on the domain?

  - by jskentzos

  Our production web servers ARE NOT part of the domain, but we'd like people to be able to log in automatically since they are logged into the domain on their PC. Is there anyway to get the browser (IE7+) to send the appropriate information to the server (IIS6) so I can retrieve the ServerVariables["AUTH_USER"] or ServerVariables["LOGON_USER"]? I presume the answer is no since if I set the security for windows auth to "on" and anonymous access to "off", then the server wouldn't know what do do with any user information for a domain which it has no knowledge of. I just want to know for sure before I give the SSO team a "not possible" answer.

  Read the article

• Are there any e-commerce websites that use NoSQL databases

  - by Saif Bechan

  I have read a lot lately about 'NoSQL' databases such as CouchDB, MongoDB etc. Most of the websites I have seen using this are mainly text based websites such as The New York Times and Source forge. I was wondering if you could apply this to websites where payment is a huge issue. I am thinking of the following issues: How well can you secure the data Do these system provide an easy backup/restore machanism How are transactions handled commit/rollback I have read the following articles that cover some aspects: Can I do transactions and locks in CouchDB? Pros/Cons of document based database vs relational database In these posts the aspect of transactions if covered. However the questions of security and backups is not covered. Can someone shed some light on this subject? And if possible, does anyone know of some e-commerce websites that have successfully implemented the document based database.

  Read the article

• WCF: connecting to service over internet times out

  - by Shaul

  Still on the WCF learning curve: I've set up a self-hosted WCF Service (WSDualHttpBinding), which works fine on my own computer, which resides behind a firewall. If I run the client on my own computer, everything works great. Now I installed the client on a computer outside my network, and I'm trying to access the service via a dynamic DNS, like so: http://mydomain.dyndns.org:8000/MyService. My port forwarding issues were taken care of in a previous question; I can now see the service is up in my browser. But now when I try to run the client on the other machine, I get the following error message: "The open operation did not complete within the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout." I have disabled security on the service, so that's not it. What else might be preventing the connection from happening?

  Read the article

• Facebook Api - Local development, Testserver, Liveserver ... How?

  - by Thijs Kaspers

  I'm working on a new website that uses the Facebook API for users to login and several implementations of the graph Api. My workflow usually is: Development on localhost Development using MAMP/XAMPP or similar software Push to server - testing domain A team of people can test the changes for a few days to see if everything works as planned. Push to server - live domain Changes are live for public Facebook uses the site URL in the appsettings and for security reasons, they will only redirect to that url... Problem is.. I have localhost and 2 different domains. How can I make this work? Ofcourse I could edit the hostsfile, but that only fixes it for localhost.. Still no solution for the testdomain. Please tell me this is somehow possible! I'm getting more and more depressed with the Facebook API.

  Read the article

• Symfony 2 - UrlGenerator::doGenerate is called before listener

  - by guyaloni

  I want to add to the context a parameter, so when login is called I can use it in the route (similar to _locale). I can add this piece of code in HttpUtils.php (as resetLocale), but i don't find it very clean. The reason I need it is the firewall redirection to the login controller, which I would like to have in its route a customized parameter. My problem is that my listener is called after UrlGenerator::doGenerate is called, so I get a MissingMandatoryParametersException. Here is my config.yml relevant code: services: mycompany.demobundle.listener.request: class: MyCompany\DemoBundle\RequestListener arguments: [@router, @security.context] tags: - { name: kernel.event_listener, event: kernel.request, method: onKernelRequest } Any idea???

  Read the article

• UNC path to a folder on my local computer

  - by xt_20

  Hi all, What's the UNC path to a folder on my local computer, and how can I access it? I have tried: 1. Security for the folder -- set to Everyone Full Control (for now!) 2. Sharing permissions -- set to Everyone Full Control (for now!) I can see the folder in \, but can't go in ( is not accessible.) Error message: "You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access pernmissions. The network location cannot be reached. For information about network troubleshooting, see Windows Help." My computer is not connected to a network.

  Read the article

• How to connect to a SQLite database in iphone

  - by Lee

  I am attempting converting an application from VB6 to an iphone app. In the VB version, the database is in Access. But, I have read that I need to convert it to SQLite. How I amend the following code to switch from Access to SQLite? cnList = new ADODB.Connection(); rsList = new ADODB.Recordset(); cnList.Provider = "Microsoft.Jet.OLEDB.4.0;"; cnList.ConnectionString = "Persist Security Info=False;"+CString("Data Source=cbe.mdb"); cnList.Open();

  Read the article

• Scoping in embedded groovy scripts

  - by Aaron Digulla

  In my app, I use Groovy as a scripting language. To make things easier for my customers, I have a global scope where I define helper classes and constants. Currently, I need to run the script (which builds the global scope) every time a user script is executed: context = setupGroovy(); runScript( context, "global.groovy" ); // Can I avoid doing this step every time? runScript( context, "user.groovy" ); Is there a way to setup this global scope once and just tell the embedded script interpreter: "Look here if you can't find a variable"? That way, I could run the global script once. Note: Security is not an issue here but if you know a way to make sure the user can't modify the global scope, that's an additional plus.

  Read the article

• Pass HTML form entries into a Javascript array to then be written to a client side cookie?

  - by Tom

  I'm building a bit of a test-case JS application, something very basic, but have run into some problems. I'm trying to use a HTML form for a user to enter a number, which is then written to a Javascript Array. The user then has the option to write that same array to a local (client side) cookie. (I understand the security implications of this - it's a test-case and not for commercial use.) However, I can't make the connection - how can I capture the HTML entry, press 'submit' which will send it to a JS array, where the user can then press a different 'submit' which will write the array to a text file? If anyone can help I'd appreciate it because it's been nearly 6 hours and it's not funny anymore.

  Read the article

• How do I make a hyperlink to a local executable?

  - by Scott Ferguson

  We have an Intranet website, and a WPF windows executable installed on every workstation. How can we create a hyperlink on the intranet website that will launch the locally installed executable? Ideally we want the launch to be seamless. Is there a way of setting the browsers trust settings so that it won't display a security warning dialog for this executable? We have full admin capabilities on each workstation, and each user only uses Internet Explorer. We also know the correct local path for the exe.

  Read the article

• Running a Java process in Windows even after the user is logged out

  - by Mani

  I have a batch file that starts a Java process in a Windows 2003 server. As per the security policy, the users of that machine are logged off forcefully, if the user is inactive for a certain period of time. The problem is that when the user is logged out, the process also dies. I scheduled a new task (Control Panel - Scheduled Tasks) and selected the option of 'When my computer starts' and gave the user account details there. But it doesn't seem to have any effect, the user is still logged out and the process dies. Is a reboot necessary to make this change effective? And after the reboot, will I achieve what I'm expecting (keeping the process alive)? Alternatively, will running this process as a Windows Service solve the problem? If so, can you please let me know how I can make a Java program or a batch file to run as a Windows Service? I would prefer not to use any other third party tools or libraries. Thanks

  Read the article

• Custom URL protocol in Windows to serve HTML content

  - by Jen

  This question addresses how to register a custom URL protocol to launch an application in response to a link, but I want my handler to serve dynamic content. Essentially, I'm looking to create a web application that runs on the user's machine instead of a web server. I could set up a localhost, but I want to use a "friendly" URL format that the user can reference elsewhere, e.g. a hypothetical cats protocol: cats:fluffy/cheeseburger-consumption-stats How can I accomplish this? Also, do you see any pitfalls with this approach, such as security warnings from browsers? Thanks!

  Read the article

• buffer overflow with boost::program_options

  - by f4

  Hello, I have a problem using boost:program_options this simple program, copy-pasted from boosts' documentation : #include <boost/program_options.hpp> int main( int argc, char** argv ) { namespace po = boost::program_options; po::options_description desc("Allowed options"); desc.add_options() ("help", "produce help message") ("compression", po::value<int>(), "set compression level") ; return 0; } fails with a buffer overflow. I have activated the "buffer security switch", and when I run it I get an "unknown exception (0xc0000409)" when I step over the line desc.add_options()... I use Visual Studio 2005 and boost 1.43.0. By the way it does run if I deactivate the switch but I don't feel comfortable doing so... unless it's possible to deactivate it locally. So do you have a solution to this problem? EDIT I found the problem I was linking against libboost_program_options-vc80-mt.lib which wasn't the good library.

  Read the article

• Group SQL tables in Microsoft SQL Server Management Studio object explorer

  - by MainMa

  I have a table which has approximately sixty tables, and other tables are added constantly. Each table is a part of a schema. A such quantity of tables makes it difficult to use Microsoft SQL Server Management Studio 2008. For example, I must scroll up in object explorer to access database related functions, or scroll down each time I need to access Views or Security features. Is it possible to group several tables to be able to expand or collapse them in Object Explorer? Maybe a folder may be displayed for each schema, letting collapse the folders I don't need to use?

  Read the article

• Gridview with row being edited causing error when form submitted

  - by Chris Phelps

  Using ASP.NET VB, I have a form with some text boxes and a Gridview. If a user clicks the Edit button on a row in the gridview, and then tries to submit the form with a row still in edit mode on the Gridview, this error is generated - "Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" % in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation. " Any idea how to prevent this error??

  Read the article

• Wordpress & Django -- One domain, two servers. Possible?

  - by DomoDomo

  My question is about hosting Django and Wordpress under one domain, but two physical machines (actually, they are VMs but same diff). Let's say I have a Django webapp at example.com. I'd like to start a Wordpress blog about my webapp, so any blog page rank mojo flows back to my webapp, I'd like the blog address t be example.com/blog. My understanding is blog.example.com would not transfer said page rank mojo. Because I'm worried about Wordpress security flaws compromising my Django webapp, I want to host Django and Wordpress on two physically separate machines. Given all that, is it possible using re-write rules or a reverse proxy server to do this? I know the easy way is to make my Wordpress blog a subdomain, but I really don't want to do that. Has anyone done this in the past, is it stable? If I need a third server to be a dedicated reverse proxy, that's totally fine. Thanks!

  Read the article

• PHP CHECKBOX Array Issue

  - by Val

  I have a list of checkboxes like you would see in most email clients (You tick a box press delete then it deletes an email). <input type="checkbox" value="yes" name="box[]" /> The problem stands here ... print_r($_POST['box']);//Returns nothing at all ... var_dump($_POST['box']);// returns null... I was reading something about register globals that php5 has turned it off for security reason. Does anyone know what my options are ?

  Read the article

• Best practice for partial updates in a RESTful service

  - by magiconair

  I am writing a RESTful service for a customer management system and I am trying to find the best practice for updating records partially. For example, I want the caller to be able to read the full record with a GET request. But for updating it only certain operations on the record are allowed, like change the status from ENABLED to DISABLED. (I have more complex scenarios than this) I don't want the caller to submit the entire record with just the updated field for security reasons (it also feels like overkill). Is there a recommended way of constructing the URIs? Do I use GET, POST, PUT or is there no agreed way of doing these kind of things? When reading the REST books RPC style calls seem to be frowned upon. Thanks Frank

  Read the article

• How to preload local javascript everytime a new tab or page is opened?

  - by Klerk

  I would like to autoload a local javascript file, everytime a new page/tab is opened in a browser. I tried the bookmarklet approach, but it gets tiresome as the button needs to be pressed everytime a new page/tab is opened. Chrome extensions also seem to work along the same lines (where you have to press an icon to run the js). Googling for javascript and preload seems to return everything except what I am looking for. Is there a browser indepent way of autoloading (no user action required) a local js file? If not, any browser specific info to do this would be appreciated (even if they mean reducing security by turning off required options). Thanks!

  Read the article

• Taking web page screen shot in Windows 8 Metro app

  - by Megan

  I'm trying to take screen shot of web page in Windows 8 Metro app. So far the only helpful control is the WebView. Unfortunately it does not contain any method like DrawToBitmap (known from Forms WebBrowser control). Am I missing something? Different approach would focus on injecting some JS (e.g. html2canvas) to page rendered in WebView but I don't think it is possible due to security reasons. I would greatly appreciate any help.

  Read the article

• Cannot connect via HTTPS in Java app on MacOSX (Certificate validation issue)

  - by johnnyx

  I have a java application that connects to a webservice over https. The domain where i host the webservice has a valid Goddaddy issued SSL certificate. The application works fine on Windows but on MacOSx i receive the following exception when attempting to connect to the webservice via https. sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target I've tested it on two machines running Mac OS X 10.7.2 with the latest java runtime updates. I understand this is usually a problem with self signed certificates that need to be added manually, but i have a valid Godaddy issued certificate. In webbrowsers (safari & firefox) on mac os the certificate is recognized and seems ok. I even tried adding the certificate to the key chain manually like in the gase of a self signed one but to no result.

  Read the article

• Rails3 and safe nl2br !

  - by arkannia

  Hi, I have a system for the users to be able to post comments. The comments are grasped into a textarea. My problem is to format the comments with br tag to replace \n In fact, i could do something like that s.gsub(/\n/, '<br />') But the xss protection including in rails escapes br tags. So i could do this s.gsub(/\n/, '<br />').html_safe But then, all the tags are accepted even script.... causing a big security problem So my question is : how to format text with br safely ? Thanks EDIT: For now, i have add this def sanitaze self.gsub(/(<.*?>)/, '') end def nl2br self.sanitaze.gsub(/\n/, '<br />').html_safe end

  Read the article

• JCarousellite not working in IE8

  - by eclipse31

  I have a user who's having issues running the JCarousellite plug-in in IE8. Not just on my own site, but also on the jcarousellite homepage (http://www.gmarwaha.com/jquery/jcarousellite/) It runs fine on my own machine and all his IE Security settings/levels are the same as my own (Secruity is at "Medium-High" and Privacy at "Medium"). JQuery also seems to be working for him as other aspects controlled by jquery on the site are functioning correctly. I use Firefox normally, so am not aware of every feature IE8 offers, but am thinking he has some setting/option set incorrectly. Anyone experienced something similar or have any suggestions for settings I could look at changing? Thanks

  Read the article

< Previous Page | 399 400 401 402 403 404 405 406 407 408 409 410  | Next Page >