Search Results

Search found 12717 results on 509 pages for 'ouaf security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 446/509 | < Previous Page | 442 443 444 445 446 447 448 449 450 451 452 453  | Next Page >

  • Opaque tenant identification with SQL Server & NHibernate

    - by Anton Gogolev
    Howdy! We're developing a nowadays-fashionable multi-tenanted SaaS app (shared database, shared schema), and there's one thing I don't like about it: public class Domain : BusinessObject { public virtual long TenantID { get; set; } public virtual string Name { get; set; } } The TenantID is driving me nuts, as it has to be accounted for almost everywhere, and it's a hassle from security standpoint: what happens if a malicious API user changes TenantID to some other value and will mix things up. What I want to do is to get rid of this TenantID in our domain objects altogether, and to have either NHibernate or SQL Server deal with it. From what I've already read on the Internets, this can be done with CONTEXT_INFO (here's a NHibernatebased implementation), NHibernate filters, SQL Views and with combination thereof. Now, my requirements are as follows: Remove any mentions of TenantID from domain objects ...but have SQL Server insert it where appropriate (I guess this is achieved with default constraints) ...and obviously provide support for filtering based on this criteria, so that customers will never see each other's data If possible, avoid SQL Server views. Have a solution which plays nicely with NHibernate, SQL Servers' MARS and general nature of SaaS apps being highly concurrent What are your thoughts on that?

    Read the article

  • Associate File Extension with Application

    - by fneep
    I've written a program that edits a specific filetype , and I want to give the user the option to set my application as the default editor for this filetype (since I don't want an installer) on startup. I've tried to write a re-useable method that associates a file for me (preferably on any OS, although I'm running Vista) by adding a key to HKEY_CLASSES_ROOT, and am using it with my application, but it doesn't seem to work. public static void SetAssociation(string Extension, string KeyName, string OpenWith, string FileDescription) { RegistryKey BaseKey; RegistryKey OpenMethod; RegistryKey Shell; RegistryKey CurrentUser; BaseKey = Registry.ClassesRoot.CreateSubKey(Extension); BaseKey.SetValue("", KeyName); OpenMethod = Registry.ClassesRoot.CreateSubKey(KeyName); OpenMethod.SetValue("", FileDescription); OpenMethod.CreateSubKey("DefaultIcon").SetValue("", "\"" + OpenWith + "\",0"); Shell = OpenMethod.CreateSubKey("Shell"); Shell.CreateSubKey("edit").CreateSubKey("command").SetValue("", "\"" + OpenWith + "\"" + " \"%1\""); Shell.CreateSubKey("open").CreateSubKey("command").SetValue("", "\"" + OpenWith + "\"" + " \"%1\""); BaseKey.Close(); OpenMethod.Close(); Shell.Close(); CurrentUser = Registry.CurrentUser.CreateSubKey(@"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ucs"); CurrentUser = CurrentUser.OpenSubKey("UserChoice", RegistryKeyPermissionCheck.ReadWriteSubTree, System.Security.AccessControl.RegistryRights.FullControl); CurrentUser.SetValue("Progid", KeyName, RegistryValueKind.String); CurrentUser.Close(); }

    Read the article

  • P/Invoke declarations should not be safe-critical

    - by Bobrovsky
    My code imports following native methods: DeleteObject, GetFontData and SelectObject from gdi32.dll GetDC and ReleaseDC from user32.dll I want to run the code in full trust and medium trust environments (I am fine with exceptions being thrown when these imported methods are indirectly used in medium trust environments). When I run Code Analysis on the code I get warnings like: CA5122 P/Invoke declarations should not be safe-critical. P/Invoke method 'GdiFont.DeleteObject(IntPtr)' is marked safe-critical. Since P/Invokes may only be called by critical code, this declaration should either be marked as security critical, or have its annotation removed entirely to avoid being misleading. Could someone explain me (in layman terms) what does this warning really mean? I tried putting these imports in static SafeNativeMethods class as internal static methods but this doesn't make the warnings go away. I didn't try to put them in NativeMethods because after reading this article I am unsure that it's the right way to go because I don't want my code to be completely unusable in medium trust environments (I think this will be the consequence of moving imports to NativeMethods). Honestly, I am pretty much confused about the real meaning of the warning and consequences of different options to suppressing it. Could someone shed some light on all this? EDIT: My code target .NET 2.0 framework. Assembly is marked with [assembly: AllowPartiallyTrustedCallers] Methods are declared like this: [DllImport("gdi32")] internal static extern int DeleteObject(HANDLE hObject);

    Read the article

  • C# connect to domain SQL Server 2005 from non-domain machine

    - by user304582
    Hi, I asked a question a few days ago (http://stackoverflow.com/questions/2795723/access-to-sql-server-2005-from-a-non-domain-machine-using-windows-authentication) which got some interesting, but not usable suggestions. I'd like to ask the question again, but make clear what my constraints are: I have a Windows domain within which a machine is running SQL Server 2005 and which is configured to support only Windows authentication. I would like to run a C# client application on a machine on the same network, but which is NOT on the domain, and access a database on the SQL Server 2005 instance. I CANNOT create or modify OS or SQL Server users on either machine, and I CANNOT make any changes to permissions or impersonation, and I CANNOT make use of runas. I know that I can write Perl and Java applications that can connect to the SQL Server database using only these four parameters: server name, database name, username (in the form domain\user), and password. In C# I have tried various things around: string connectionString = "Data Source=server;Initial Catalog=database;User Id=domain\user;Password=password"; SqlConnection connection = new SqlConnection(connectionString); connection.Open(); and tried setting integrated security to true and false, but nothing seems to work. Is what I am trying to do simply impossible in C#? Thanks for any help, Martin

    Read the article

  • With the advent of HTML 5, is there a point in using COMET anymore?

    - by h2g2java
    I am very tempted to use long wait http or periodic polling by the client to set up pseudo-sockets on the browser side, for an application that would be used publicly. But then on the 2nd thought, I am thinking HTML 5 is here. But on the 3rd thought, what is the percentage of browsers out there that remain non-HTML5 within 12 months, 24 months, 36 months? If there are at least 20% of browsers still incapable of HTML5, then I cannot depend on HTML5 because 20% of users not being able to access an application is a significant amount. What do you think, how would your advice be (to me and to developers in general)? Q1. Is there any point in rigging in COMET into an application anymore? I am thinking of gwt comet - http://code.google.com/p/gwt-comet/. Q2. Should we release a new public application within the next 2 months that is dependent on HTML5 sockets and tell non-HTML5 browser users "sorry, your browser version cannot access this application"? Or should we architect the apps to use communication like GWT RPC? Q3. I am also very distrustful of long wait http request. I have never used it before but I have a horrible feeling about it. I have been using 10 to 20 second client-side polling. Is long wait http request risky (risk of hanging a browser session)? Does long wait request present any additional security risk?

    Read the article

  • Converted PowerBuilder to ASP.Net browsing Errors

    - by user493325
    I had a powerbuilder application which i converted to web application in the format of ASP.Net (aspx) files. after deploying and publishing the converted web application (copy it and add ASP.Net and network Service AND IUser permissions to enable users to access it) in IIS V6.0 over Windows server 2003 and The ASP.Net version is 2.0 The error messages I get when I browse default.aspx web page are as the following:- Server Error in '/' Application. Runtime Error Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine. Details: To enable the details of this specific error message to be viewable on remote machines, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "Off". <!-- Web.Config Configuration File --> <configuration> <system.web> <customErrors mode="Off"/> </system.web> </configuration> Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL. <!-- Web.Config Configuration File --> <configuration> <system.web> <customErrors mode="RemoteOnly" defaultRedirect="mycustompage.htm"/> </system.web> </configuration> Another error message appears on the server is:- Server Error in '/' Application. Configuration Error <roleManager enabled="true"> <membership> </roleManager> Thanks in Advance...

    Read the article

  • Is this a good job description? What title would you give this position?

    - by Zack Peterson
    Department: Information Technology Reports To: Chief Information Officer Purpose: Company's ________________ is specifically engaged in the development of World Wide Web applications and distributed network applications. This person is concerned with all facets of the software development process and specializes in software product management. He or she contributes to projects in an application architect role and also performs individual programming tasks. Essential Duties & Responsibilities: This person is involved in all aspects of the software development process such as: Participation in software product definitions, including requirements analysis and specification Development and refinement of simulations or prototypes to confirm requirements Feasibility and cost-benefit analysis, including the choice of architecture and framework Application and database design Implementation (e.g. installation, configuration, customization, integration, data migration) Authoring of documentation needed by users and partners Testing, including defining/supporting acceptance testing and gathering feedback from pre-release testers Participation in software release and post-release activities, including support for product launch evangelism (e.g. developing demonstrations and/or samples) and subsequent product build/release cycles Maintenance Qualifications: Bachelor's degree in computer science or software engineering Several years of professional programming experience Proficiency in the general technology of the World Wide Web: Hypertext Transfer Protocol (HTTP) Hypertext Markup Language (HTML) JavaScript Cascading Style Sheets (CSS) Proficiency in the following principles, practices, and techniques: Accessibility Interoperability Usability Security (especially prevention of SQL injection and cross-site scripting (XSS) attacks) Object-oriented programming (e.g. encapsulation, inheritance, modularity, polymorphism, etc.) Relational database design (e.g. normalization, orthogonality) Search engine optimization (SEO) Asynchronous JavaScript and XML (AJAX) Proficiency in the following specific technologies utilized by Company: C# or Visual Basic .NET ADO.NET (including ADO.NET Entity Framework) ASP.NET (including ASP.NET MVC Framework) Windows Presentation Foundation (WPF) Language Integrated Query (LINQ) Extensible Application Markup Language (XAML) jQuery Transact-SQL (T-SQL) Microsoft Visual Studio Microsoft Internet Information Services (IIS) Microsoft SQL Server Adobe Photoshop

    Read the article

  • What arguments to use to explain why a SQL DB is far better then a flat file

    - by jamone
    The higher ups in my company were told by good friends that flat files are the way to go, and we should switch from MS SQL server to them for everything we do. We have over 300 servers and hundreds of different databases. From just the few I'm involved with we have 10 billion records in quite a few of them with upwards of 100k new records a day and who knows how many updates... Me and a couple others need to come up with a response saying why we shouldn't do this. Most of our stuff is ASP.NET with some legacy ASP. We thought that making a simple console app that tests/times the same interactions between a flat file (stored on the network) and SQL over the network doing large inserts, searches, updates etc along with things like network disconnects randomly. This would show them how bad flat files can be espically when you are dealing with millions of records. What things should I use in my response? What should I do with my demo code to illustrate this? My sort list so far: Security Concurent access Performance with large ammounts of data Ammount of time to do such a massive rewrite/switch Lack of transactions PITA to map relational data to flat files I fear that this will be a great post on the Daily WTF someday if I can't stop it now.

    Read the article

  • What is the best method for updating all changed data in EF 4?

    - by Soul_Master
    I try to create some method that can update any changed data from changed Data object (this object is generated by ASP.NET MVC) to old Data object (this object is retrieved from current data in DBMS) like the following code. public static bool UpdateSomeData(SomeEntities context, SomeModelType changedData) { var oldData = GetSomeModelTypeById(context, changedData.ID); UpdateModel(oldData, changedData); return context.SaveChanges() > 0; } I try to create method for saving any changed data without affects other unchanged data like the following source code. public static void UpdateModel<TModel>(TModel oldData, TModel changedData) { foreach (var pi in typeof(TModel).GetProperties() .Where ( // Ignore Change ID property for security reason x => x.Name.ToUpper() != "ID" && x.CanRead && x.CanWrite && ( // It must be primitive type or Guid x.PropertyType.FullName.StartsWith("System") && !x.PropertyType.FullName.StartsWith("System.Collection") && !x.PropertyType.FullName.StartsWith("System.Data.Entity.DynamicProxies") ) ) { var oldValue = pi.GetValue(oldData, null); var newValue = pi.GetValue(changedData, null); if (!oldValue.Equals(newValue)) { pi.SetValue(oldData, newValue, null); } } } I am not sure about the above method because it is so ugly method for updating data. From recent bug, it realizes me that if you update some property like Navigation Properties (related data from other table), it will remove current record from database. I don't understand why it happened. But it is very dangerous for me. So, do you have any idea for this question to ensure me about updating data from ASP.NET MVC? Thanks,

    Read the article

  • Flash Without a SWF File?

    - by PeterAllenWebb
    Is there any way to embed Flash completely in HTML, without reference to an external SWF file? I ask because I would like to send an HTML file as an email attachment that the recipient will open in a browser and fill out as a form. The last step is that they will copy the result to their clipboard, paste it into a new message, and email it back. I cannot reliably copy to the clipboard with JavaScript because of the security issues, but there are simple Flash apps to add that capability. I know I could just display the response text (which will be Base64 encoded) to the recipient and have them copy/paste, but it would be nice to provide this small convenience to them. Also, so you are aware, the text is often too large to include in an email using mailto. Yes. This needs to be done via email. The users have slow, occasional satellite email access and no other data connection to the interwebs. To make things worse, I cannot make them install anything. It is a difficult situation.

    Read the article

  • PHP in Wordpress Posts - Is this okay?

    - by Thomas
    I've been working with some long lists of information and I've come up with a good way to post it in various formats on my wordpress blog posts. I installed the exec-PHP plugin, which allows you to run php in posts. I then created a new table (NEWTABLE) in my wordpress database and filled that table with names, scores, and other stuff. I was then able to use some pretty simple code to display the information in a wordpress post. Below is an example, but you could really do whatever you wanted. My question is - is there a problem with doing this? with security? or memory? I could just type out all the information in each post, but this is really much nicer. Any thoughts are appreciated. <?php $theResult = mysql_query("SELECT * FROM NEWTABLE WHERE Score < 100 ORDER BY LastName"); while($row = mysql_fetch_array($theResult)) { echo $row['FirstName']; echo " " . $row['LastName']; echo " " . $row['Score']; echo "<br />"; } ?>

    Read the article

  • ASP.Net MVC, JS injection and System.ArgumentException - Illegal Characters in path

    - by Mose
    Hi, In my ASP.Net MVC application, I use custom error handling. I want to perform custom actions for each error case I meet in my application. So I override Application_Error, get the Server.GetLastError(); and do my business depending on the exception, the current user, the current URL (the application runs on many domains), the user IP, and many others. Obviousely, the application is often the target of hackers. In almost all the case it's not a problem to detect and manage it, but for some JS URL attacks, my error handling does not perform what I want it to do. Ex (from logs) : http://localhost:1809/Scripts/]||!o.support.htmlSerialize&&[1 When I got such an URL, an exception is raised when accessing the ConnectionStrings section in the web.config, and I can't even redirect to another URL. It leads to a "System.ArgumentException - Illegal Characters in path, etc." The screenshot below shows the problem : http://screencast.com/t/Y2I1YWU4 An obvious solution is to write a HTTP module to filter the urls before they reach my application, but I'd like to avoid it because : I like having the whole security being managed in one place (in the Application_Error() method) In the module I cannot access the whole data I have in the application itself (application specific data I don't want to debate here) Questions : Did you meet this problem ? How did you manage it ? Thanks for you suggestions, Mose

    Read the article

  • how can we apply client side validation on fileupload control in ASP.NET to check filename contain s

    - by subodh
    I am working on ASP.NET3.5 platform. I have used a file upload control and a asp button to upload a file. Whenever i try to upload a file which contain special characterlike (file#&%.txt) it show crash and give the messeage Server Error in 'myapplication' Application. A potentially dangerous Request.Files value was detected from the client (filename="...\New Text &#.txt"). Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case. Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Files value was detected from the client (filename="...\New Text &#.txt"). Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below. how can i prevent this crash using javascript at client side?

    Read the article

  • How do I make a web interface for a socket server

    - by mgroat
    I've got a socket server running (it's something that's basically like a chat server). Users can telnet into it, but I'd like to make a web interface. This is the first time I've ever done something like this, so I'm not really sure where to start. A few thoughts I've had: Have some server-side Python (or PHP) on my webserver, which accesses the socket server. I think I know enough about sockets to have Python interact with the server, but how do I go about getting the website that the user sees to update in real time? Should I just have the website refresh few seconds? I would prefer to do things this way if I can figure out how. Write a Java applet that interacts with the socket server, and embed the applet in the website. I would have to re-learn a language that I haven't touched in years, but my main goal here is learning -- so that wouldn't be such a bad thing. The main problem I have with this is that it requires end users to have Java installed on their computers, which I'd rather not do. Is one of these two solutions the right way to go? Anybody know where I can find a good tutorial to get started? Edit: There's no real security concerns with exposing the server to the internet.

    Read the article

  • Problem with filefield module after migrating drupal site to a new server: cant upload files

    - by oalo
    We have a content type with two imagefield / filefield fields, and after migrating our site to a new server, we have the following problem: When we submit a new item for this content type, with two images for those fields, drupal gives us the following error and does not upload the images: warning: fopen(sites/default/files/.htaccess) [function.fopen]: failed to open stream: Permission denied in /websites/sitename/data/sites/all/modules/filefield/field_file.inc on line 349. warning: fopen(sites/default/files/.htaccess) [function.fopen]: failed to open stream: Permission denied in /websites/sitename/data/sites/all/modules/filefield/field_file.inc on line 349. An image thumbnail was not able to be created. warning: fopen(sites/default/files/.htaccess) [function.fopen]: failed to open stream: Permission denied in /websites/sitename/data/sites/all/modules/filefield/field_file.inc on line 349. warning: fopen(sites/default/files/.htaccess) [function.fopen]: failed to open stream: Permission denied in /websites/sitename/data/sites/all/modules/filefield/field_file.inc on line 349. An image thumbnail was not able to be created. I understand this is a permissions error, but it is not clear to me where do I have to change permissions. Line 349 of file.inc has the following code: if (($fp = fopen("$directory/.htaccess", 'w')) && fputs($fp, $htaccess_lines)) { fclose($fp); chmod($directory .'/.htaccess', 0664); } else { $repl = array('%directory' = $directory, '!htaccess' = nl2br(check_plain($htaccess_lines))); form_set_error($form_item, t("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines:!htaccess", $repl));

    Read the article

  • Can't decrypt after encrypting with blowfish Java

    - by user2030599
    Hello i'm new to Java and i have the following problem: i'm trying to encrypt the password of a user using the blowfish algorithm, but when i try to decrypt it back to check the authentication it fails to decrypt it for some reason. public static String encryptBlowFish(String to_encrypt, String salt){ String dbpassword = null; try{ SecretKeySpec skeySpec = new SecretKeySpec( salt.getBytes(), "Blowfish" ); // Instantiate the cipher. Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, skeySpec); //byte[] encrypted = cipher.doFinal( URLEncoder.encode(data).getBytes() ); byte[] encrypted = cipher.doFinal( to_encrypt.getBytes() ); dbpassword = new String(encrypted); } catch (Exception e) { System.out.println("Exception while encrypting"); e.printStackTrace(); dbpassword = null; } finally { return dbpassword; } } public static String decryptBlowFish(String to_decrypt, String salt){ String dbpassword = null; try{ SecretKeySpec skeySpec = new SecretKeySpec( salt.getBytes(), "Blowfish" ); // Instantiate the cipher. Cipher cipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding"); cipher.init(Cipher.DECRYPT_MODE, skeySpec); //byte[] encrypted = cipher.doFinal( URLEncoder.encode(data).getBytes() ); byte[] encrypted = cipher.doFinal( to_decrypt.getBytes() ); dbpassword = new String(encrypted); } catch (Exception e) { System.out.println("Exception while decrypting"); e.printStackTrace(); dbpassword = null; } finally { return dbpassword; } } When i call the decrypt function it gives me the following error: java.security.InvalidKeyException: Parameters missing Any ideas? Thank you

    Read the article

  • Meaning of Execute_priv on mysql.db table

    - by Ben Reisner
    I created user 'restriceduser' on my mysql server that is 'locked down'. The mysql.user table has a N for all priveledges for that account. The mysql.db table has Y for only Select, Insert, Update, Delete, Create, Drop; all other privileges are N for that account. I tried to create a stored procedure and then grant him access to run only that procedure, no others, but it does not work. The user receives: Error: execute command denied to user 'restricteduser'@'%' for routine 'mydb.functionname' The stored procedure: CREATE DEFINER = 'restriceduser'@'%' FUNCTION `functionname`(sIn MEDIUMTEXT, sformat MEDIUMTEXT) RETURNS int(11) NOT DETERMINISTIC CONTAINS SQL SQL SECURITY DEFINER COMMENT '' BEGIN .... END; The grant statement I tried: GRANT EXECUTE ON PROCEDURE mydb.functionname TO 'restricteduser'@'%'; I was able to work around by modifying his mysql.db entry with update mysql.db set execute_priv='Y' where user='restricteduser' This seems to be more then I want, because it opens up permissions for him to run any stored procedure in that database, while I only wanted him to have permissions to run the designated function. Does anyone see where my issue may lie?

    Read the article

  • why am I stuck on "Initiating update" when deploying to google

    - by michelle
    I've have not had any trouble deploying through eclipse until now. I'm guessing it might have to do with all the stuff I've added today a folder of .pdf and .tex files (in war/web-inf directory) a bit of JDO stuff and a servlet that reads the files in the directory and indexes them into the JDO Is there any way to find out what exactly is the problem? I currently get stuck at "Initiating update" and the stack trace say "ConnectionReset" Any helkp of imput will be appreciated, I really need to deploy this today, thanks! here's the deploy trace: Unable to update: java.net.SocketException: Connection reset at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) at java.lang.reflect.Constructor.newInstance(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection$6.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.net.www.protocol.http.HttpURLConnection.getChainedException(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at java.net.HttpURLConnection.getResponseCode(Unknown Source) at com.google.appengine.tools.admin.ServerConnection.getAuthCookie(ServerConnection.java:315) at com.google.appengine.tools.admin.ServerConnection.authenticate(ServerConnection.java:219) at com.google.appengine.tools.admin.ServerConnection.send(ServerConnection.java:145) at com.google.appengine.tools.admin.ServerConnection.post(ServerConnection.java:81) at com.google.appengine.tools.admin.AppVersionUpload.send(AppVersionUpload.java:427) at com.google.appengine.tools.admin.AppVersionUpload.beginTransaction(AppVersionUpload.java:241) at com.google.appengine.tools.admin.AppVersionUpload.doUpload(AppVersionUpload.java:98) at com.google.appengine.tools.admin.AppAdminImpl.update(AppAdminImpl.java:56) at com.google.appengine.eclipse.core.proxy.AppEngineBridgeImpl.deploy(AppEngineBridgeImpl.java:271) at com.google.appengine.eclipse.core.deploy.DeployProjectJob.runInWorkspace(DeployProjectJob.java:148) at org.eclipse.core.internal.resources.InternalWorkspaceJob.run(InternalWorkspaceJob.java:38) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:55) Caused by: java.net.SocketException: Connection reset at java.net.SocketInputStream.read(Unknown Source) at java.io.BufferedInputStream.fill(Unknown Source) at java.io.BufferedInputStream.read1(Unknown Source) at java.io.BufferedInputStream.read(Unknown Source) at sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source) at sun.net.www.http.HttpClient.parseHTTP(Unknown Source) at sun.net.www.http.HttpClient.parseHTTP(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getHeaderFieldKey(Unknown Source) at com.google.appengine.tools.util.ClientCookieManager.readCookies(ClientCookieManager.java:123) at com.google.appengine.tools.admin.ServerConnection.connect(ServerConnection.java:340) at com.google.appengine.tools.admin.ServerConnection.getAuthCookie(ServerConnection.java:314) ... 11 more

    Read the article

  • Differences between Assembly Code output of the same program

    - by ultrajohn
    I have been trying to replicate the buffer overflow example3 from this article aleph one I'm doing this as a practice for a project in a computer security course i'm taking so please, I badly need your help. I've been the following the example, performing the tasks as I go along. My problem is the assembly code dumped by gdb in my computer (i'm doing this on a debian linux image running on VM Ware) is different from that of the example in the article. There are some constructs which I find confusing. Here is the one from my computer: here is the one from the article... Dump of assembler code for function main: 0x8000490 <main>: pushl %ebp 0x8000491 <main+1>: movl %esp,%ebp 0x8000493 <main+3>: subl $0x4,%esp 0x8000496 <main+6>: movl $0x0,0xfffffffc(%ebp) 0x800049d <main+13>: pushl $0x3 0x800049f <main+15>: pushl $0x2 0x80004a1 <main+17>: pushl $0x1 0x80004a3 <main+19>: call 0x8000470 <function> 0x80004a8 <main+24>: addl $0xc,%esp 0x80004ab <main+27>: movl $0x1,0xfffffffc(%ebp) 0x80004b2 <main+34>: movl 0xfffffffc(%ebp),%eax 0x80004b5 <main+37>: pushl %eax 0x80004b6 <main+38>: pushl $0x80004f8 0x80004bb <main+43>: call 0x8000378 <printf> 0x80004c0 <main+48>: addl $0x8,%esp 0x80004c3 <main+51>: movl %ebp,%esp 0x80004c5 <main+53>: popl %ebp 0x80004c6 <main+54>: ret 0x80004c7 <main+55>: nop As you can see, there are differences between the two. I'm confuse and I can't understand totally the assembly code from my computer. I would like to know the differences between the two. How is pushl different from push, mov vs movl , and so on... what does the expression 0xhexavalue(%register) means? I am sorry If I'm asking a lot, But I badly need your help. Thanks for the help really...

    Read the article

  • Project management: Implementing custom errors in VS compilation process

    - by David Lively
    Like many architects, I've developed coding standards through years of experience to which I expect my developers to adhere. This is especially a problem with the crowd that believes that three or four years of experience makes you a senior-level developer.Approaching this as a training and code review issue has generated limited success. So, I was thinking that it would be great to be able to add custom compile-time errors to the build process to more strictly enforce this and other guidelines. For instance, we use stored procedures for ALL database access, which provides procedure-level security, db encapsulation (table structure is hidden from the app), and other benefits. (Note: I am not interested in starting a debate about this.) Some developers prefer inline SQL or parametrized queries, and that's fine - on their own time and own projects. I'd like a way to add a compilation check that finds, say, anything that looks like string sql = "insert into some_table (col1,col2) values (@col1, @col2);" and generates an error or, in certain circumstances, a warning, with a message like Inline SQL and parametrized queries are not permitted. Or, if they use the var keyword var x = new MyClass(); Variable definitions must be explicitly typed. Do Visual Studio and MSBuild provide a way to add this functionality? I'm thinking that I could use a regular expression to find unacceptable code and generate the correct error, but I'm not sure what, from a performance standpoint, is the best way to to integrate this into the build process. We could add a pre- or post-build step to run a custom EXE, but how can I return line- and file-specifc errors? Also, I'd like this to run after compilation of each file, rather than post-link. Is a regex the best way to perform this type of pattern matching, or should I go crazy and run the code through a C# parser, which would allow node-level validation via the parse tree? I'd appreciate suggestions and tales of prior experience.

    Read the article

  • IIS Restrict Access to Directory for table of users

    - by Dave
    I am trying to restrict access to files in a directory and it's sub directories based user rights. My user rights are stored in an MS SQL database in a custom format, however it is easy to query the list of users with rights to this directory. I need to know how to apply this to a web config on the server to authenticate against a query of a database table to determine if the username is authenticated and allowed to view the file. Of course if they are not they should be blocked / given a 404. I am using IIS and ASP.Net MVC3 with a form based security as opposed to the built in roles and responsibilities that was custom made for us and that works great. There are over 10k users tied to this non-Active Directory authentication so I am not planning to change my authentication type so please don't go there. It is not my decision on the choice of platform, or I would have gone with a LAMP server and been done with this. Edit 11-13-2012 @ 8:57a: In the web config can you put the result of an SQL query?

    Read the article

  • How to call a javascript function from one frame to another in Chrome/Webkit

    - by bambax
    I have developped an application that has a list of items in one frame; when one clicks on an item it does something in another frame (loads an image). This used to work fine in all browsers, including Chrome 3; now it still works fine in FF but in recent versions of Chrome (I believe since 4) it throws this error: Unsafe JavaScript attempt to access frame with URL (...) from frame with URL (...). Domains, protocols and ports must match. This is obviously a security "feature" but is it possible to get around it? Here is a simple test: index.html: <html> <frameset> <frame src="left.html" name="left"/> <frame src="right.html" name="right"/> </frameset> </html> left.html: <html> <body> <a href="javascript:parent.right.test('hello');">click me</a> </body> </html> right.html: <html> <body> <script> function test(msg) { alert(msg); } </script> </body> </html> The above works in FF 3.6 and Chrome 3 but in Chrome 5 it throws the above error...

    Read the article

  • Classloader issue (GWT)

    - by Banang
    I'm currently working on a gwt app, where the server uses a few third party libs. recently I discovered that one of these libs isn't being properly loaded when running my app in deployed mode, and I just can't seem to figure out what out is I'm doing wrong. In my build script I have the following classpath declaration: <path id="project.class.path"> <pathelement location="${war.dir}/WEB-INF/classes"/> <fileset dir="${war.dir}/WEB-INF/lib" includes="**/*.jar"/> </path> and in a later target I copy the jar I need to the right location: <copy todir="${war.dir}/WEB-INF/lib" file="someJar.jar" /> The project builds as it should, without any errors. The jars are copied to where the should be, and are included in the resulting war file. In development mode everything is working as it should, everything gets loaded properly and I hear no complaints. However, in the deployed version I get this thrown at me: java.lang.NoClassDefFoundError: org/apache/commons/lang/exception/NestableRuntimeException java.lang.ClassLoader.defineClass1(Native Method) java.lang.ClassLoader.defineClass(ClassLoader.java:621) java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124) org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:2331) org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:976) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1451) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1329) java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) my.package.server.util.SomeUtils.doSomethingFantastic(SomeUtils.java:84) Line 84 in SomeUtils is trying to instantiate a class from someJar.jar. I know very little about how the class loader for gwt works, and I sure could use a hand. Anyone got any ideas on how to solve this?

    Read the article

  • Copying contents of a MySQL table to a table in another (local) database

    - by Philip Eve
    I have two MySQL databases for my site - one is for a production environment and the other, much smaller, is for a testing/development environment. Both have identical schemas (except when I am testing something I intend to change, of course). A small number of the tables are for internationalisation purposes: TransLanguage - non-English languages TransModule - modules (bundles of phrases for translation, that can be loaded individually by PHP scripts) TransPhrase - individual phrases, in English, for potential translation TranslatedPhrase - translations of phrases that are submitted by volunteers ChosenTranslatedPhrase - screened translations of phrases. The volunteers who do translation are all working on the production site, as they are regular users. I wanted to create a stored procedure that could be used to synchronise the contents of four of these tables - TransLanguage, TransModule, TransPhrase and ChosenTranslatedPhrase - from the production database to the testing database, so as to keep the test environment up-to-date and prevent "unknown phrase" errors from being in the way while testing. My first effort was to create the following procedure in the test database: CREATE PROCEDURE `SynchroniseTranslations` () LANGUAGE SQL NOT DETERMINISTIC MODIFIES SQL DATA SQL SECURITY DEFINER BEGIN DELETE FROM `TransLanguage`; DELETE FROM `TransModule`; INSERT INTO `TransLanguage` SELECT * FROM `PRODUCTION_DB`.`TransLanguage`; INSERT INTO `TransModule` SELECT * FROM `PRODUCTION_DB`.`TransModule`; INSERT INTO `TransPhrase` SELECT * FROM `PRODUCTION_DB`.`TransPhrase`; INSERT INTO `ChosenTranslatedPhrase` SELECT * FROM `PRODUCTION_DB`.`ChosenTranslatedPhrase`; END When I try to run this, I get an error message: "SELECT command denied to user 'username'@'localhost' for table 'TransLanguage'". I also tried to create the procedure to work the other way around (that is, to exist as part of the data dictionary for the production database rather than the test database). If I do it that, way, I get an identical message except it tells me I'm denied the DELETE command rather than SELECT. I have made sure that my user has INSERT, DELETE, SELECT, UPDATE and CREATE ROUTINE privileges on both databases. However, it seems as though MySQL is reluctant to let this user exercise its privileges on both databases at the same time. How come, and is there a way around this?

    Read the article

  • What arguments to use to explain why SQL Server is far better then a flat file

    - by jamone
    The higher ups in my company were told by good friends that flat files are the way to go, and we should switch from SQL Server to them for everything we do. We have over 300 servers and hundreds of different databases. From just the few I'm involved with we have 10 billion records in quite a few of them with upwards of 100k new records a day and who knows how many updates... Me and a couple others need to come up with a response saying why we shouldn't do this. Most of our stuff is ASP.NET with some legacy ASP. We thought that making a simple console app that tests/times the same interactions between a flat file (stored on the network) and SQL over the network doing large inserts, searches, updates etc along with things like network disconnects randomly. This would show them how bad flat files can be especially when you are dealing with millions of records. What things should I use in my response? What should I do with my demo code to illustrate this? My sort list so far: Security Concurrent access Performance with large amounts of data Amount of time to do such a massive rewrite/switch Lack of transactions PITA to map relational data to flat files NTFS doesn't support tons of files in a directory well I fear that this will be a great post on the Daily WTF someday if I can't stop it now.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 442 443 444 445 446 447 448 449 450 451 452 453  | Next Page >