Search Results

Search found 15648 results on 626 pages for 'wcf security'.

Page 414/626 | < Previous Page | 410 411 412 413 414 415 416 417 418 419 420 421  | Next Page >

• Advanced WSO2 API MANAGER configurations

  - by nuvio

  I am trying to use an 'external' WSO2 ESB, so I changed the "api-manager.xml" as follows: (ESB port: 9443, API MANAGER port: 9445) <ServerURL>https://localhost:9443/services/</ServerURL> ... <APIEndpointURL>http://localhost:9443,https://localhost:9443</APIEndpointURL> But I have an error when publishing an API via "API publisher": Caused by: org.apache.axis2.AxisFault: Error initializing API handler: org.wso2. carbon.apimgt.gateway.handlers.security.APIAuthenticationHandler Any suggestion, many thanks in advance for your help!

  Read the article

• MVC 2 AntiForgeryToken - Why symmetric encryption + IPrinciple?

  - by Brad R

  We recently updated our solution to MVC 2, and this has updated the way that the AntiForgeryToken works. Unfortunately this does not fit with our AJAX framework any more. The problem is that MVC 2 now uses symmetric encryption to encode some properties about the user, including the user's Name property (from IPrincipal). We are able to securely register a new user using AJAX, after which subsequent AJAX calls will be invalid as the anti forgery token will change when the user has been granted a new principal. There are also other cases when this may happen, such as a user updating their name etc. My main question is why does MVC 2 even bother using symmetric encryption? Any then why does it care about the user name property on the principal? If my understanding is correct then any random shared secret will do. The basic principle is that the user will be sent a cookie with some specific data (HttpOnly!). This cookie is then required to match a form variable sent back with each request that may have side effects (POST's usually). Since this is only meant to protect from cross site attacks it is easy to craft up a response that would easily pass the test, but only if you had full access to the cookie. Since a cross site attacker is not going to have access to your user cookies you are protected. By using symmetric encryption, what is the advantage in checking the contents of the cookie? That is, if I already have sent an HttpOnly cookie the attacker cannot override it (unless a browser has a major security issue), so why do I then need to check it again? After having a think about it it appears to be one of those 'added layer of security' cases - but if your first line of defence has fallen (HttpOnly) then the attacker is going to get past the second layer anyway as they have full access to the users cookie collection, and could just impersonate them directly, instead of using an indirect XSS/CSRF attack. Of course I could be missing a major issue, but I haven't found it yet. If there are some obvious or subtle issues at play here then I would like to be aware of them.

  Read the article

• UnsatisfiedLinkError on Websphere Application Server 6.1 Data Source

  - by user338154

  Hi, I am unable to start the installed App on my WAS instance. I believe the root cause is an UnsatisfiedLinkError which is shown as follows: Caused by: java.lang.UnsatisfiedLinkError: no ocijdbc10 in java.library.path at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1682) at java.lang.Runtime.loadLibrary0(Runtime.java:822) at java.lang.System.loadLibrary(System.java:993) at oracle.jdbc.driver.T2CConnection$1.run(T2CConnection.java:3147) at java.security.AccessController.doPrivileged(Native Method) at oracle.jdbc.driver.T2CConnection.loadNativeLibrary(T2CConnection.java:3143) at oracle.jdbc.driver.T2CConnection.logon(T2CConnection.java:221) at oracle.jdbc.driver.PhysicalConnection.(PhysicalConnection.java:441) at oracle.jdbc.driver.T2CConnection.(T2CConnection.java:132) at oracle.jdbc.driver.T2CDriverExtension.getConnection(T2CDriverExtension.java:78) at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:801) at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:297) at oracle.jdbc.xa.client.OracleXADataSource.getPooledConnection(OracleXADataSource.java:515) at oracle.jdbc.xa.client.OracleXADataSource.getXAConnection(OracleXADataSource.java:159) at oracle.jdbc.xa.client.OracleXADataSource.getXAConnection(OracleXADataSource.java:133) at com.ibm.ws.rsadapter.spi.InternalGenericDataStoreHelper$1.run(InternalGenericDataStoreHelper.java:935) at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118) at com.ibm.ws.rsadapter.spi.InternalGenericDataStoreHelper.getPooledConnection(InternalGenericDataStoreHelper.java:972) at com.ibm.ws.rsadapter.spi.WSRdbDataSource.getPooledConnection(WSRdbDataSource.java:1625) at com.ibm.ws.rsadapter.spi.WSManagedConnectionFactoryImpl.createManagedConnection(WSManagedConnectionFactoryImpl.java:1220) at com.ibm.ejs.j2c.FreePool.createManagedConnectionWithMCWrapper(FreePool.java:1988) at com.ibm.ejs.j2c.FreePool.createOrWaitForConnection(FreePool.java:1660) at com.ibm.ejs.j2c.PoolManager.reserve(PoolManager.java:2341) at com.ibm.ejs.j2c.ConnectionManager.allocateMCWrapper(ConnectionManager.java:932) at com.ibm.ejs.j2c.ConnectionManager.allocateConnection(ConnectionManager.java:608) at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcDataSource.java:449) at com.ibm.ws.rsadapter.jdbc.WSJdbcDataSource.getConnection(WSJdbcDataSource.java:418) at org.apache.ojb.broker.accesslayer.ConnectionFactoryAbstractImpl.newConnectionFromDataSource(Unknown Source) at org.apache.ojb.broker.accesslayer.ConnectionFactoryAbstractImpl.lookupConnection(Unknown Source) at org.apache.ojb.broker.accesslayer.ConnectionFactoryManagedImpl.lookupConnection(Unknown Source) at org.apache.ojb.broker.accesslayer.ConnectionManagerImpl.getConnection(Unknown Source) at org.apache.ojb.broker.accesslayer.StatementManager.getPreparedStatement(Unknown Source) at org.apache.ojb.broker.accesslayer.JdbcAccessImpl.executeQuery(Unknown Source) at org.apache.ojb.broker.accesslayer.RsQueryObject.performQuery(Unknown Source) at org.apache.ojb.broker.accesslayer.RsIterator.(Unknown Source) at org.apache.ojb.broker.core.RsIteratorFactoryImpl.createRsIterator(Unknown Source) at org.apache.ojb.broker.core.PersistenceBrokerImpl.getRsIteratorFromQuery(Unknown Source) at org.apache.ojb.broker.core.PersistenceBrokerImpl.getIteratorFromQuery(Unknown Source) at org.apache.ojb.broker.core.QueryReferenceBroker.getCollectionByQuery(Unknown Source) at org.apache.ojb.broker.core.QueryReferenceBroker.getCollectionByQuery(Unknown Source) at org.apache.ojb.broker.core.QueryReferenceBroker.getCollectionByQuery(Unknown Source) at org.apache.ojb.broker.core.PersistenceBrokerImpl.getCollectionByQuery(Unknown Source) at org.apache.ojb.broker.core.DelegatingPersistenceBroker.getCollectionByQuery(Unknown Source) at org.apache.ojb.broker.core.DelegatingPersistenceBroker.getCollectionByQuery(Unknown Source) at com.ascential.xmeta.persistence.orm.impl.ojb.OjbPersistentEObjectPersistenceRegistry.loadPackageCache(OjbPersistentEObjectPersistenceRegistry.java:371) ... 115 more My LD_LIBRARY_PATH variable for the 'was' user is /opt/oracle/product/10.2.0/lib What else should I be checking to fix this error? Please help. Thanks

  Read the article

• Incorrect XML produced by SUDS

  - by Ben

  Hi, I am trying to talk to a SOAP web service using SUDS and Python. After lots of messing around learning Python (yes I am new to this) and working out how to use SUDS I have come across a problem. The signature of the web method I am calling, according to suds, is (FWTCaseCreate){ ClassificationEventCode = None Priority = None Title = None Description = None Queue = None DueDate = None AssociatedObject = (FWTObjectBriefDetails){ ObjectID = (FWTObjectID){ ObjectType = None ObjectReference[] = <empty> } ObjectDescription = None Details = None Category = None } Form = (FWTCaseForm){ FormField[] = <empty> FormName = None FormKey = None } Internal = None InteractionID = None XCoord = None YCoord = None } So I use SUDS to create the classes that I want and send it to the method. However I get an error. So I turned logging on and I can see that the XML that is being sent is not correct which is causing a deserialize error. The SOAP package looks like the following <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:ns0="http://www.lagan.com/wsdl/FLTypes" xmlns:ns1="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header> <wsse:Security> <wsse:BinarySecurityToken>eaadf1ddff99a8</wsse:BinarySecurityToken> </wsse:Security> </SOAP-ENV:Header> <ns1:Body> <ns0:FWTCaseCreate> <ClassificationEventCode> <ClassificationEventCode>2000023</ClassificationEventCode> <Priority>1</Priority> <Title>testing</Title> <Description>testing</Description> <Queue/> <Internal>True</Internal> <XCoord>356570</XCoord> <YCoord>168708</YCoord> </ClassificationEventCode> </ns0:FWTCaseCreate> </ns1:Body> As you can see there is a 'ClassificationEventCode' element around all the other elements, this should not be there. If I cut and paste this xml into SOAPUI and first remove this element and then post it directly to the web service it works successfully. Does anyone have any ideas why this is happening? I guess SUDS thinks that it should be there based on the WSDL. Thanks.

  Read the article

• Changing the working directory for a process remotely

  - by Michael

  I've got an application that has a bug right now, but we're unable to update the end-user to get the fix out. What a possible workaround would be is to change the working directory to the application's install directory, but from what I can tell, there's no way to do that outside of the program itself. Is there some sort of Windows API call that can change other processes' working directories, or is that not available due to security issues? I figure it's not possible.

  Read the article

• How to leverage concurrency checking with EF 4.0 POCO Self Tracking Entities in a N-Tier scenario?

  - by Mark Lindell

  I'm using VS1010RC with the POCO self tracking T4 templates. In my WCF update service method I am using something similar to the following: using (var context = new MyContext()) { context.MyObjects.ApplyChanges(myObject); context.SaveChanges(); } This works fine until I set ConcurrencyMode=Fixed on the entity and then I get an exception. It appears as if the context does not know about the previous values as the SQL statement is using the changed entities value in the WHERE clause. What is the correct approach when using ConcurrencyMode=Fixed?

  Read the article

• Can I use OAuth for a SOAP web service?

  - by Olaseni

  The standard HTTP Authentication for SOAP passed the password etc in cleartext,and I'm looking for an alternative, possibly a key based mechanism to authenticate web services in lieu of the password. OAuth is gaining a lot of popularity; would it be appropriate, and how would I implement it? Or perhaps there are other methods I should use. The project itself is relatively simple, with just a one or two methods to be exposed, but security is of the utmost importance.

  Read the article

• Aspect oriented Programming?

  - by Jaswant Agarwal

  How can we apply attributes to class fucntion using AOP in C#? UPDATE: I am slightly not clear in what context AOP should be used? As we can use AOP for logging purpose, security(Authentication), please suggest some other scenarios where we can take benefit of AOP Is AOP can be use to share data among different running threads in application process?

  Read the article

• Should you do validation checks that go outside the possiblility of normal user activity?

  - by Scarface

  Hey guys I have been thinking about form security a lot lately. I have been told time and time again to check if form input is a number if you are expecting a number or escape it in case (unless you use proper mysqli formatting) to avoid injection. 1.After the safety checks are done, should I do additional logic checks? For example, if the user is sending a friend request to them-self for example even if my user interface will not show the form if the user is looking at their own page.

  Read the article

• Ninject: Dynamically loading modules in Silverlight

  - by joblot

  The reason I want to load modules dynamically is to avoid circular dependency issue. I have following layers View -- ViewModel -- DataProvider -- ServiceClient (wcf proxies). Now I want a static IoC container that can be shared across these layers. I want to make my View testable and to do that I’ll have to inject the various dependencies in various layers and mock out those dependencies as well. Now issue I am facing is where to declare and load ninject modules. i also realised in Silverlight version of Ninject there is no version of Load which take string arugment, which can be used to load the modules dynamically Load("*.dll"). How can I achieve dynamic loading in Silverlight Thanks

  Read the article

• WebService doesn't read web.config

  - by phenevo

  Hi, I've got 3 connectionstrings in web.config, and I used theirs like this: using (SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["SomeName"].ConnectionString)) Every metgod is called by winforms application. One of webmethods doesn't work properly because it reads only one connectionString: data source=.\\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true It's not a connectionString from my web.config . I invoke every method in the same way. How it's impossible ??

  Read the article

• How to ad users using A shiro Plugin

  - by Anirudh

  Hello, I am using Shiro plugin for my grails application security, My application already has a user .Using the shiro plugin, we get a shiro user, now how do i integrate the shiro user with the normal user of my application,show i go ahead and use relationships or is it that the user class ahould be only a shiro user class now ??

  Read the article

• What should I be afraid of when I make a site public?

  - by ggfan

  If I was going to put my site for the public's use, what are some security issues that I should be worried about? I know of SQL injections. What other hacks/injections should I be aware of?

  Read the article

• Federated Identity- Windows Identity Server - disable cookies in the browser

  - by vinoj

  Hello, I see that Federated Identity stores Security token to a cookie, after its first request to the STS(Secure Token Service). In that case if I disable cookie in my browser, how does it work. Does the authentication module again connects to the STS to retrieve the user information or will it throw any error ? Is there any way that I can use federated authentication cookieless ?

  Read the article

• How do I Resolve dependancies that rely on transient context data using castle windsor?

  - by Dan Ryan

  I have a WCF service application that uses a component called EnvironmentConfiguration that holds configuration information for my application. I am converting this service so that it can be used by different applications that have different configuration requirements. I want to identify the configuration to use by allowing an additional parameter to be passed to the service call i.e. public void DoSomething(string originalParameter, string callingApplication) What is the recommended way to alter the behaviour of the EnvironmentConfiguration class based on the transient data (callingApplication) without having to pass the callingApplication variable to all the component methods that need configuration information?

  Read the article

• Silverlight and Active Directory

  - by Refracted Paladin

  I am planning to familiarize(read teach) myself with Silverlight by building an in-house app for managing our employees. I, obviously, would need this to interact with Active Directory on some level. What are my options? Has anyone tried this before? I am currently going to explore using Services(WCF???) to do the AD interaction portion? Thoughts? There is also this SO Post on using PowerShell to interact with AD. Maybe that is a possibility? Thanks,

  Read the article

• Data Import in SQL Server Express

  - by bobsmith123

  SQL Server Express does not have the Tasks - Import Data option that other editions of SQL Server has. Has anyone come across a free tool to import data? I understand I can use the bulk import but I have run into a security issue with it and would like a quick and a dirty way of importing a csv file to a sql express table.

  Read the article

• How to organize Enterprise scale Composite Applications (CAG)

  - by David

  All QuickStarts and RI examples in the CAG documentation are good but I lack the more Enterprise scale examples. Let's say we have 40+ modules, each containing a Proxy,Facade,PresentationModel,Model and Views. Each module also makes calls to a Module-specific WCF service which is to be hosted in IIS or in a stand-alone console host. Our approach have been to include the UI-module, service-module and related tests into one solution so they can be developed and tested separately from other modules. My problem is how the hosting of the services should be done when the services are in separate modules and how to actually run the separate module together with the rest of the application-modules when I press F5. Is there a best practise for this? I guess it has been done before?

  Read the article

• Automated regression tests for java applets?

  - by Roy Tang

  We're working on a project with a number of applets that has to work across a large range of OS (WIndows, Mac, Linux), browsers (IE, FF, Safari, etc) and Java versions (1.5+), and it often happens that a fix we apply will cause some sort of security exception an another platform or some other error. Is there any way for us to prepare automated tests to immediately catch those problems in different platforms? I think it's not necessary to check that the gui parts are appearing as intended, but just to detect whether unexpected exceptions are occuring.

  Read the article

• Should We Mask Passwords?

  - by Abi Noda

  From Jacob Nielson's "Stop Password Masking": Usability suffers when users type in passwords and the only feedback they get is a row of bullets. Typically, masking passwords doesn't even increase security, but it does cost you business due to login failures. What do you guys think?

  Read the article

• Rough/near equivalents of Java and .NET technologies/frameworks

  - by Paul Sasik

  I work in a shop that is a mix of mostly Java and .NET technologists. When discussing new solutions and architectures we often encounter impedance in trying to compare the various technologies, frameworks, APIs etc. in use between the two camps. It seems that each camp knows little about the other and we end up comparing apples to oranges and forgetting about the bushels. While researching the topic I found this: Java -- .Net rough equivalents It's a nice list but it's not quite exhaustive and is missing the key .NET 3.0 technologies and a few other tidbits. To complete that list: what are the near/rough equivalents (or a combination of technologies) in Java to the following in .NET? WCF WPF Silverlight WF Generics Lambda expressions Linq (not Linq-to-SQL) ...have i missed anything else? Note that I omitted technologies that are already covered in the linked article. I would also like to hear feedback on whether the linked article is accurate. Thanks. (Will CW if requested.)

  Read the article

• Silverlight clipping a string on mac

  - by Haris

  hello, I am facing a very strange issue in my silverlight app on all browsers on mac but it is working perfectly in all windows browsers. in my silverlight app there is a scenario in which I create a very long text string and then pass it to a wcf service which then saves the string in a text file server. the issue is that in mac every time string is clipped after about same location. but it is working perfectly fine in all browsers on windows. btw in silverlight I am using string builder to build the string.

  Read the article

• Access to Windows 7 log from a remote machine [closed]

  - by robob

  I'm trying to access with EventViewer (from a Windows XP Prof) to a remote machine with Windows 7 (Seven). Before I started the Service "RemoteRegistry" I received an "Access Denied". After started the service I can connet to the machine Log (in EventViewer app) but when i clik on any log as "Application" or "Security" I receive a "privilege" error. Could someone help me, please?

  Read the article

• Convert this Linq query from query syntax to lambda expression

  - by Jinkinz

  I'm not sure I like linq query syntax...its just not my preference. But I don't know what this query would look like using lambda expressions, can someone help? from securityRoles in user.SecurityRoles from permissions in securityRoles.Permissions where permissions.SecurableEntity.Name == "Unit" && permissions.PermissionType.Name == "Read" orderby permissions.PermissionLevel.Value descending select permissions There is a many-to-many relationship between users and security roles that makes this extra confusing. Thanks! Kelly

  Read the article

• Parameterized include in Classic ASP with VBScript

  - by Thom Smith

  I want to write a function that will include an external file, much like Server.Execute, but will pass along parameters. I'm aware that Server.Execute will pass along query parameters, but I'd like to pass data more generally. For instance: ' main.asp MyInclude("external.inc", Array("mykey", "myval")) ' external.inc Response.Write mykey I doubt I can get quite that far without reading the external fine, twiddling it, and executing, but I'd like to get as close as reasonably possible. Also, if possible, I'd prefer avoiding using the query passing option for security reasons.

  Read the article

< Previous Page | 410 411 412 413 414 415 416 417 418 419 420 421  | Next Page >