Search Results

Search found 13059 results on 523 pages for 'security hole'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 464/523 | < Previous Page | 460 461 462 463 464 465 466 467 468 469 470 471  | Next Page >

  • Run Javascript on the body of a Gmail message

    - by saturn
    I want to display LaTeX math in the gmail messages that I receive, so that for example $\mathbb P^2$ would show as a nice formula. Now, there are several Javascripts available (for example, this one, or MathJax which would do the job, I just need to call them at the right time to manipulate the gmail message. I know that this is possible to do in "basic HTML" and "print" views. Is it possible to do in the standard Gmail view? I tried to insert a call to the javascript right before the "canvas_frame" iframe, but that did not work. My suspicion is that manipulating a Gmail message by any Javascript would be a major security flaw (think of all the malicious links one could insert) and that Google does everything to prevent this. And so the answer to my question is probably 'no'. Am I right in this? Of course, it would be very easy for Google to implement viewing of LaTeX and MathML math simply by using MathJax on their servers. I made the corresponding Gmail Lab request, but no answer, and no interest from Google apparently. So, again: is this possible to do without Google's cooperation, on the client side?

    Read the article

  • XSS attack prevention

    - by Colby77
    Hi, I'm developing a web app where users can response to blog entries. This is a security problem because they can send dangerous data that will be rendered to other users (and executed by javascript). They can't format the text they send. No "bold", no colors, no nothing. Just simple text. I came up with this regex to solve my problem: [^\\w\\s.?!()] So anything that is not a word character (a-Z, A-Z, 0-9), not a whitespace, ".", "?", "!", "(" or ")" will be replaced with an empty string. Than every quatation mark will be replaced with: "&quot". I check the data on the front end and I check it on my server. Is there any way somebody could bypass this "solution"? I'm wondering how StackOverflow does this thing? There are a lot of formatting here so they must do a good work with it.

    Read the article

  • Users Hierarchy Logic

    - by user342944
    Hi guys, I am writing a user security module using SQLServer 2008 so threfore need to design a database accordingly. Formally I had Userinfo table with UserID, Username and ParentID to build a recursion and populated tree to represent hierarchy but now I have following criteria which I need to develop. I have now USERS, ADMINISTRATORS and GROUPS. Each node in the user hierarchy is either a user, administrator or group. User Someone who has login access to my application Administrator A user who may also manage all their child user accounts (and their children etc) This may include creating new users and assigning permissions to those users. There is no limit to the number of administrators in user structure. The higher up in the hierarchy that I go administrators have more child accounts to manage which include other child administrators. Group A user account can be designated as a group. This will be an account which is used to group one or more users together so that they can be manage as a unit. But no one can login to my application using a group account. This is how I want to create structure Super Administrator administrator ------------------------------------------------------------- | | | Manager A Manager B Manager C (adminstrator) (administrator) (administrator) | ----------------------------------------- | | | Employee A Employee B Sales Employees (User) (User) (Group) | ------------------------ | | | Emp C Emp D Emp E (User) (User) (User) Now how to build the table structure to achieve this. Do I need to create Users table alongwith Group table or what? Please guide I would really appreciate.

    Read the article

  • IIS to SQL Server kerberos auth issues

    - by crosan
    We have a 3rd party product that allows some of our users to manipulate data in a database (on what we'll call SvrSQL) via a website on a separate server (SvrWeb). On SvrWeb, we have a specific, non-default website setup for this application so instead of going to http://SvrWeb.company.com to get to the website we use http://application.company.com which resolves to SvrWeb and the host headers resolve to the correct website. There is also a specific application pool set up for this site which uses an Active Directory account identity we'll call "company\SrvWeb_iis". We're setup to allow delegation on this account and to allow it to impersonate another login which we want it to do. (we want this account to pass along the AD credentials of the person signed into the website to SQL Server instead of a service account. We also set up the SPNs for the SrvWeb_iis account via the following command: setspn -A HTTP/SrvWeb.company.com SrvWeb_iis The website pulls up, but the section of the website that makes the call to the database returns the message: Cannot execute database query. Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. I thought we had the SPN information set up correctly, but when I check the security event log on SrvWeb I see entries of my logging in, but it seems to be using NTLM and not kerberos: Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Any ideas or articles that cover this setup in detail would be extremely appreciated! If it helps, we are using SQL Server 2005, and both the web and SQL servers are Windows 2003.

    Read the article

  • ASP.NET Web Application: use 1 or multiple virtual directories

    - by tster
    I am working on a (largish) internal web application which has multiple modules (security, execution, features, reports, etc.). All the pages in the app share navigation, CSS, JS, controls, etc. I want to make a single "Web Application" project, which includes all the pages for the app, then references various projects which will have the database and business logic in them. However, some of the people on the project want to have separate projects for the pages of each module. To make this more clear, this is what I'm advocating to be the projects. /WebInterface* /SecurityLib /ExecutionLib etc... And here is what they are advocating: /SecurityInterface* /SecutiryLib /ExecutionInterface* /ExecutionLib etc... *project will be published to a virtual directory of IIS Basically What I'm looking for is the advantages of both approaches. Here is what I can think of so far: Single Virtual Directory Pros Modules can share a single MasterPage Modules can share UserControls (this will be common) Links to other modules are within the same Virtual directory, and thus don't need to be fully qualified. Less chance of having incompatible module versions together. Multiple Virtual Directories Pros Can publish a new version of a single module without disrupting other modules Module is more compartmentalized. Less likely that changes will break other modules. I don't buy those arguments though. First, using load balanced servers (which we will have) we should be able to publish new versions of the project with zero downtime assuming there are no breaking database changes. Second, If something "breaks" another module, then there is either an improper dependency or the break will show up eventually in the other module, when the developers copy over the latest version of the UserControl, MasterPage or dll. As a point of reference, there are about 10 developers on the project for about 50% of their time. The initial development will be about 9 months.

    Read the article

  • Can't get java progam to run! NoClassDefFoundError?

    - by mcintyre321
    I'm a .NET developer, but for my current project I need to use Google Caja, a Java project. Uh-oh! I've followed the guide at http://code.google.com/p/google-caja/wiki/RunningCaja on my windows machine, but can't get the program to run. The command line they suggest didn't word, so I cd'd into the ant-jars directory and tried to run plugin.jar: D:\java\caja\svn-changes\pristine\ant-jars>java -cp . -jar pluginc.jar -i test.htm Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/cli/ParseException at com.google.caja.plugin.PluginCompilerMain.<init>(PluginCompilerMain.java:78) at com.google.caja.plugin.PluginCompilerMain.main(PluginCompilerMain.java:368) Caused by: java.lang.ClassNotFoundException: org.apache.commons.cli.ParseException at java.net.URLClassLoader$1.run(URLClassLoader.java:202) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:248) ... 2 more Whats that all about? I've also tried file:///d:/java/caja/svn-changes/pristine/ant-jars/test.htm instead of test.htm as looking at the source it seems the file param is a Uri... I've also tried running IKVM on pluginc and then not worrying about java, but that came up with the ClassDefNotFoundException too... thanks!

    Read the article

  • Error accessing uncompiled pages using ISA Server 2006 SP1

    - by Bravax
    We are in the processing of configuring a portal to use ISA Server as our front end security provider. So we are using ISA Server 2006 SP1. Unfortunately when we access .net applications through ISA Server, the first time they are accessed. i.e. They are not compiled yet, the following error appears: Error Code: 500 Internal Server Error. The parameter is incorrect. (87) In the ISA Monitoring logs, this shows: Failed Connection Attempt Log type: Web Proxy (Reverse) Status: 87 The parameter is incorrect. Once the application is compiled, the error never appears. Does anyone know how to resolve this, so the site works correctly the first time? Some additional information: The websites accessed are running on windows server 2008 64 bit - standard edition, and occurs for Sharepoint as well as standard .net websites. ISA Server is running on Windows server 2003 R2 SP2 Standard eidtion The firewall on the windows server 2008 box allows all access. (To rule this out.) Nothing odd appears in the IIS logs or firewall logs.

    Read the article

  • connecting to secure database on private network from website host

    - by jim
    Hello all, I've got a requirement to both read and write data via a .net webservice to a sqlserver database that's on a private network. this database is currently accessed via a vpn connection by remote client software (on standard desktop machines) to get latest product prices and to upload product stock sales. I've been tasked with finding a way to centralise this access from a webservice that the clients then access, rather than them using the vpn route to connect directly to the database. My question is related to my .net service's relationship to the sqlserver database. What are the options for connecting to a private network vpn from a domain host in order to achive the functionality of allowing the webservice to both read and write data to the database. For now, I'm not too concerned about the client connectivity and security (tho i appreciate that this will have to be worked out too), I'm really just interested in discovering the options available in order to allow my .net webservice to connect to the private network in as painless and transparent a way as posible. [edit] the webservice will also be available to the retail website in order for it to lookup product info as well as allocate stock transfers to the same sqlserver db. it will therefore be located on the same domain as the retail site The option of switching the database onto public hosting is not feasible, so I have to work with the scenario as described above for now, unless there's a compelling rationale presented to do otherwise. thanks all... jim

    Read the article

  • htmlspecialchars() - How and when to use and avoid multiple use

    - by naescent
    Hi, I'm building a PHP intranet for my boss. A simple customer, order, quote system. It will be denied access from the Internet and only used by 3 people. I'm not so concerned with security as I am with validation. Javascript is disables on all machines. The problem I have is this: Employee enters valid data into a form containing any of the following :;[]"' etc. Form $_POSTS this data to a validationAndProcessing.php page, and determines whether the employee entered data or not in to the fields. If they didn't they are redirected back to the data input page and the field they missed out is highlighted in red. htmlspecialchars() is applied to all data being re-populated to the form from what they entered earlier. Form is then resubmitted to validationAndProcessing.php page, if successful data is entered into the database and employee is taken to display data page. My question is this: If an employee repeatedly enters no data in step 1, they will keep moving between step 1 and 4 each time having htmlspecialchars() applied to the data. So that:- & becomes:- &amp; becomes:- &amp;amp; becomes:- &amp;amp;amp; etc.. How can I stop htmlspecialchars() being applied multiple times to data that is already cleaned? Thanks, Adam

    Read the article

  • GPG error occurs while using "deb file:/local-path-to-repo ..." in /etc/apt/sources.list

    - by Chandler.Huang
    I need to install packages within non-internet connection environment. My plan is to download dist structure from Internet and then add file path to /etc/apt/sources.list. So I download related structure includes ubunt/dists/precise, precise-backports, precise-proposed, precise-security, precise-updates from a ftp mirror server. And then I remove original source and add the following to my /etc/apt/sources.list. deb file:path-to-local-ubuntu-directory/ precise main restricted multiverse universe deb-src file:path-to-local-ubuntu-directory/ precise main restricted multiverse universe Then I got GPG error as following after apt-get update. root@openstack:/~# apt-get update Ign file: precise InRelease Get:1 file: precise Release.gpg [198 B] Get:2 file: precise Release [50.1 kB] Ign file: precise Release Get:3 file: precise/main TranslationIndex [3,761 B] Get:4 file: precise/multiverse TranslationIndex [2,716 B] Get:5 file: precise/restricted TranslationIndex [2,636 B] Get:6 file: precise/universe TranslationIndex [2,965 B] Reading package lists... Done W: GPG error: file: precise Release: The following signatures were invalid: BADSIG 0976EAF437D05B5 Ubuntu Archive Automatic Signing Key <[email protected]> I had tried use the following steps after google but in vain. sudo apt-get clean cd /var/lib/apt sudo mv lists lists.old sudo mkdir -p lists/partial sudo apt-get update Is there any way to resolve this? And why this error occurs? Thanks a lot.

    Read the article

  • Google appEngine: 404 when accesing /_ah/api

    - by jfu
    I try to build a very simple GAE application, using eclipse and the Google Plugin for Eclipse. I've generated some Endpoint from an @Entity class, then I've generated Cloud Endpoint Client library. After that I've started the appEngine project (within eclipse, on the embedded jetty server). When I try to access /_ah/api I get the following issue: HTTP ERROR 500 Problem accessing /_ah/api/. Reason: Failed to retrieve API configs with status: 404 Caused by: java.io.IOException: Failed to retrieve API configs with status: 404 at com.google.api.server.spi.tools.devserver.ApiServlet.getApiConfigSources(ApiServlet.java:102) at com.google.api.server.spi.tools.devserver.ApiServlet.initConfigsIfNecessary(ApiServlet.java:67) at com.google.api.server.spi.tools.devserver.RestApiServlet.service(RestApiServlet.java:117) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166) at com.google.appengine.api.socket.dev.DevSocketFilter.doFilter(DevSocketFilter.java:74) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.tools.development.ResponseRewriterFilter.doFilter(ResponseRewriterFilter.java:123) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.tools.development.HeaderVerificationFilter.doFilter(HeaderVerificationFilter.java:34) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.api.blobstore.dev.ServeBlobFilter.doFilter(ServeBlobFilter.java:63) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.tools.development.StaticFileFilter.doFilter(StaticFileFilter.java:125) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at com.google.appengine.tools.development.DevAppServerModulesFilter.doDirectRequest(DevAppServerModulesFilter.java:368) at com.google.appengine.tools.development.DevAppServerModulesFilter.doDirectModuleRequest(DevAppServerModulesFilter.java:351) at com.google.appengine.tools.development.DevAppServerModulesFilter.doFilter(DevAppServerModulesFilter.java:116) at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157) at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388) at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216) at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182) at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765) at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418) What am I doing wrong?

    Read the article

  • WPF ListView Button - Associate multiple images

    - by Narayanan
    I have a listview in a WPF application that has a button in one of its columns. I associate a image to the button control. I want to configure different images for this button based on the How do I write the XAML in this scenario??? This is what I have already: <ControlTemplate x:Key="IconButtonAddProfile" TargetType="{x:Type Button}"> <Grid> <Image x:Name="myimage" Source="rofile.png" Height="27" Width="65" /> <Border> <ContentPresenter Content="{TemplateBinding Content}"/> </Border> </Grid> </ControlTemplate> <ListView.View> <GridView> <GridViewColumn Header="Security" Width="50"> <GridViewColumn.CellTemplate> <DataTemplate> <Button Template="{StaticResource IconButtonLockSecure}" DataContext="{Binding}" MinHeight="20" MinWidth="50" /> </DataTemplate> </GridViewColumn.CellTemplate> </GridViewColumn> </ListView.View>

    Read the article

  • iPhone Development - calling external JSON API (will Apple reject?)

    - by RPM1984
    Ok guys, so im new to iPhone development, so apologies if this is a silly question, but before i actually create my app i want to know if this is possible, and if Apple will reject this. (Note this is all theoretical) So i'd have a API (.NET) that runs on a cloud server somewhere and can return HTML/JSON/XML. I'll have a website that can access this API and allow customers to do some stuff (but this is not important for this question). I would then like my iPhone app to make a call to this API which would return JSON data. So my iPhone app might make a call to http://myapp/Foos which would return a JSON string of Foo objects. The iPhone app would then parse this JSON and do some funky stuff with it. So, that's the background, now the questions: Is this possible? (that is, call an external cloud API over HTTP, parse JSON response?) What are the chances of Apple rejecting this application (because it would be calling a non-Apple API) Are there any limitations (security, libraries, etc) on the iPhone/Objective-C/Cocoa that might hinder this solution? On this website, they seem to be doing exactly what im asking. Thoughts, suggestions, links would be greatly appreciated...

    Read the article

  • How to (kindly) ask your users to upgrade from IE6?

    - by nickf
    It's no secret at all that IE6 has been a major roadblock to the advancement of the web over the last few years. I couldn't count the number of hours I've spent bashing my head against a wall trying to fix or debug IE6 issues. The way I see it, there are two types of IE6 user. a) the poor corporate schmoe whose IT department doesn't want to upgrade in case something breaks, and b) the mums and dads of the world who think the internet is the blue E on their desktop (and I don't mean that in a nasty way). There's probably a couple of people who know about all the other browsers, but still choose to run IE6. They get what they deserve, IMO. Anyway, getting to the point, I'd say that 90% of my IE6-using visitors are in the the mums and dads category - they're not stupid, they just don't know WHY they should upgrade to IE7 or Firefox or whatever. How do I educate these people without pissing them off? Is there a nice and friendly website I can direct these people to, which explains the reasons for upgrading in plain language? Any mention of "security" or "web standards" I think would just come across as scary. I've just seen http://www.whatbrowser.org which seems to fit the bill nicely. It explains in very basic terms: what a web browser is why you'd want to upgrade it how old your current browser is (subtle hint to those with a 9 year old browser) ..aaaand it's in 22 languages. It's from Google but displays no bias (it links to Firefox, Chrome, Opera, Safari, Internet Explorer displayed in a random order).

    Read the article

  • Do all the HTML5 storage systems work together ?

    - by azera
    While there are a lot of good stuff about html5, one thing I don't get is the redondant storage mechanism, first there is localstorage and sessionstorage, which are key value stores, one is for one instance of the app ("one tab"), and the other works for all the instances of that application so they can share data. Both are saved when you close your browser and have a limited size (usually 5MB), that's great and everything would be nice if we stopped there. But then there is the "Web SQL Database", which has the same security system as the localstorage, the same size limit, the same everything except it works like/is sqlite, with tables and sql syntax and all of that. And the bummer is, they don't work on the same data at all ! This is not two way to access your data, this is really two storage for every html 5 app out there (not created by default yes, but still you see my point). What I would like to know is, is there a reason for both of this mechanisms to exist at the same time ? Or did they just look at sql and nosql movement to pick the best then went "screw it let's add both !" ? Why not implement local/session storage as a table inside web sql db ?

    Read the article

  • could not execute a stored procedure(using DAAB) from a client(aspx page) to a wcf service

    - by user1144695
    i am trying to store data to sql database from a asp.net client website through a stored procedure(using DAAB) in a wcf service hosted in a asp.net empty website.When i try to store data to the DB i get the following error: ** - The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. ** When i try to debug i get the following exception: Activation error occured while trying to get instance of type Database, key "" in the code-- Database db = EnterpriseLibraryContainer.Current.GetInstance<Database>("MyInstance"); where my app.config is <?xml version="1.0"?> <configuration> <configSections> <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="true"/> </configSections> <dataConfiguration defaultDatabase="MyInstance"/> <connectionStrings> <add name="MyInstance" connectionString="Data Source=BLRKDAS307581\KD;Integrated Security=True;User ID=SAPIENT\kdas3;Password=ilove0LINUX" providerName="System.Data.SqlClient" /> </connectionStrings> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/> </startup> </configuration> Can anyone help me with it? Thanks in advance...

    Read the article

  • Protecting sensitive entity data

    - by Andreas
    Hi, I'm looking for some advice on architecture for a client/server solution with some peculiarities. The client is a fairly thick one, leaving the server mostly to peristence, concurrency and infrastructure concerns. The server contains a number of entities which contain both sensitive and public information. Think for example that the entities are persons, assume that social security number and name are sensitive and age is publicly viewable. When starting the client, the user is presented with a number of entities, not disclosing any sensitive information. At any time the user can choose to log in and authenticate against the server, given the authentication is successful the user is granted access to the sensitive information. The client is hosting a domain model and I was thinking of implementing this as some kind of "lazy loading", making the first request instantiating the entities and later refreshing them with sensitive data. The entity getters would throw exceptions on sensitive information when they've not been disclosed, f.e.: class PersonImpl : PersonEntity { private bool undisclosed; public override string SocialSecurityNumber { get { if (undisclosed) throw new UndisclosedDataException(); return base.SocialSecurityNumber; } } } Another more friendly approach could be to have a value object indicating that the value is undisclosed. get { if (undisclosed) return undisclosedValue; return base.SocialSecurityNumber; } Some concerns: What if the user logs in and then out, the sensitive data has been loaded but must be disclosed once again. One could argue that this type of functionality belongs within the domain and not some infrastructural implementation(i.e. repository implementations). As always when dealing with a larger number of properties there's a risk that this type of functionality clutters the code Any insights or discussion is appreciated!

    Read the article

  • Importing Excel spreadsheet data into existing Access DB

    - by Keeb13r
    I've designed an Access 2003 DB with 3 tables: APPLICATIONS, SERVERS, and INSTALLATIONS. Records in the APPLICATIONS and SERVERS tables are uniquely identified by a synthetic primary key (in Access, an "auto number"). The INSTALLATIONS table is essentially a mapping table between APPLICATIONS and SERVERS: it's a list of records of which applications are installed on which servers. A record in the INSTALLATIONS table is also identified by a synthetic primary key, and it consists of an APPLICATION_ID and SERVER_ID for the records in their respective tables. I have an Excel 2003 spreadsheet I would like to import into this database, but it's proving difficult. The spreadsheet is made up of several tabs/worksheets, each one representing a server with its own listing of installed applications. I'm not sure how to proceed with an import - the "Get External Data -- Import" feature in Access has an import "In an Existing Table" option, but it's greyed out. I'm also unsure how I build the relationships between applications and servers for importing records into the INSTALLATIONS table. I had previously fooled around with adding some security to the Access DB file. I think I removed everything but perhaps I didn't and that's causing the problem? Some sample data from the Excel spreadsheet: SERVER101 * Adobe Reader 9 * BMC Remedy User 7.0 * HostExplorer 2008 * Microsoft Office 2003 * Microsoft Office 2007 * Notepad++ SERVER102 * Adobe Reader 9 * DameWare Mini Remote Control * Microsoft Office 2003 * Microsoft .NET Framework 3.5 SP1 * Oracle 9.2 SERVER103 * AWDView * EXTRA! Personal Client 32-bit * Microsoft Office 2003 * Microsoft .NET Framework 3.5 SP1 * Snagit 9.1 * WinZip 12.1 The Access DB design is very simple: APPLICATION * APPLICATION_ID (autonumber) * APPLICATION_NAME (varchar) SERVER * SERVER_ID (autonumber) * SERVER_NAME (varchar) INSTALLATION * INSTALLATION_ID (autonumber) * APPLICATION_ID (number) * SERVER_ID (number)

    Read the article

  • How do you lock down & secure files stored on server in ASP.NET?

    - by Jon
    How do I go about securing files that are stored on the server? We have an ASP.NET app which generates PDFs. These are not stored in the wwwroot folder but in another folder i.e. C:\inetpub\data. This provides more security but maybe not enough. The ASP.NET/IIS process will need write access to this folder so it generate the PDFs there. Once the pdf is generated, it can be viewed using an ASP.NET form called viewpdf.aspx with the file to be viewed add to the query string like so viewpdf.aspx?FILE=mynewfile.pdf. This is loaded from a gridview. The full path to C:\inetpub\data is resolved and loaded in the Page_load event of the viewer page. Now I'm wondering how to secure this. Anybody could just view the file. Not by entering in the URL, as it won't been seen by IIS (its not in wwwroot), but could change the querystring in the viewpdf page. How do I stop anybody hacking this?

    Read the article

  • Bookmarklet, js injection and popup issue

    - by Neewok
    I'm currently writing a bookmarklet that loads and executes a remote js file by appending a new <script> tag in the current window, like so : javascript:(function() { if(typeof __bml_main != "undefined") return __bml_main.init(); var s= document.createElement('script'); s.type= 'text/javascript'; s.src= 'http://127.0.0.1:8000/media/bookmarklet.js'; void(document.body.appendChild(s)); })(); My bookmarklet needs to perform some dom manipulations in order to extract data from the page being viewed, and then to open a new popup to list them. The thing is : if I want to bypass pop-up blockers, I can't open my new window from the injected script. I need to open it right from the beginning in the bookmarklet code, and to access it later when needed. I've tried to do somehting like this : javascript:var my_popup = window.open('http://127.0.0.1:8000/resources/manage/new/', 'newResourcePopup',config='height=200,width=400,toolbar=no,menubar=no,scrollbars=no,resizable=no,location=no,directories=no,status=no'); (function() { // script injection (...) })(); but if I then try to access my_popup from my remotely loaded script, most browsers will throw a security warning and won't let me access the Window object. This is understandable since the script is not from the same domain than the displayed page, but I'm kind of stuck... A solution would be to use a div overlay, but I'd really prefer to open a window in this case. Any hints ?

    Read the article

  • How can I accelerate the generation of the an MD5 Checksum within vb.net?

    - by Richard
    I'm working with some very large files residing on P2 (Panasonic) cards. Part of the process we employ is to first generate a checksum of the file we are going to copy, then copy the file, then run a checksum on the file to confirm that it copied OK. The problem is, is that files are large (70 GB+) and take a long time to complete. It's an issue since we will eventually be dealing with thousands of these files. I would like to find a faster way to generate the checksum other than using the System.Security.Cryptography.MD5CryptoServiceProvider I don't care if this means using a specialized hardware card, provided it works and is not to ungodly expensive. I would prefer to have a method of encoding that provided some feedback as to how far the process has gone along so I can display it like I do now. The application is written in vb.net. I would prefer to be able to use it as component, library, reference within my application, but I'm willing to call an outside application if there is enough improvement in the speed of generating the checksum. Needless to say, the checksum must be consistent and correct. :-) Thank you in advance for your time and efforts, Richard

    Read the article

  • Subversion commands not being run by Ubuntu rc.local

    - by talentedmrjones
    Here is my rc.local for an autoscaling amazon ec2 instance based on ubuntu: (Note that user names, domains, and paths have been changed for security purposes) logger "Begin rc.local startup script:" logger "svn checkout" sudo -u nonRootUser /usr/bin/svn co svn+ssh://[email protected]/path/to/repo /var/www/html | logger logger "chown writeable folder" chown www-data /var/www/html/writeableFolder logger "restart apache" /etc/init.d/apache2 restart | logger exit 0 And here is the output of sudo tail -n 40 /var/log/syslog Mar 10 22:05:20 ubuntu logger: Begin rc.local startup script: Mar 10 22:05:20 ubuntu logger: svn checkout Mar 10 22:05:20 ubuntu logger: chown writeable folder Of course its not getting to apache2 restart because it error'd on the chown. I did find however that if I do a checkout beforehand, and set the rc.local svn command to an svn update, that it still does not run the svn command but does output apache2 restart successfully. These same svn commands work perfectly when I run them manually, tho it's strange that within rc.local they do not produce any output whatsoever to logger yet apache2 restart does. I've also tried running the svn co and svn update both with sudo -u and without. How do I get the svn command to run? Either a full checkout or an update. At this point either would be better than nothing!

    Read the article

  • S3 file Uploading from Mac app though PHP?

    - by Ilija Tovilo
    I have asked this question before, but it was deleted due too little information. I'll try to be more concrete this time. I have an Objective-C mac application, which should allow users to upload files to S3-storage. The s3 storage is mine, the users don't have an Amazon account. Until now, the files were uploaded directly to the amazon servers. After thinking some more about it, it wasn't really a great concept, regarding security and flexibility. I want to add a server in between. The user should authenticate with my server, the server would open a session if the authentication was successful, and the file-sharing could begin. Now my question. I want to upload the files to S3. One option would be to make a POST-request and wait until the server would receive the file. Problems here are, that there would be a delay, when the file is being uploaded from my server to the S3 servers, and it would double the uploading time. Best would be, if I could validate the request, and then redirecting it, so the client uploads it directly to the s3-storage. Not sure if this is possible somehow. Uploading directly to S3 doesn't seem to be very smart. After looking into other apps like Droplr and Dropmark, it looks like they don't do this. Btw. I did this using Little Snitch. They have their api on their own web-server, and that's it. Could someone clear things up for me? EDIT How should I transmit my files to S3? Is there a way to "forward" it, or do I have to upload it to my server and then upload it from there to S3? Like I said, other apps can do this efficiently and without the need of communicating with S3 directly.

    Read the article

  • Getting ellipses function parameters without an initial argument

    - by Tox1k
    So I've been making a custom parser for a scripting language, and I wanted to be able to pass only ellipses arguments. I don't need or want an initial variable, however Microsoft and C seem to want something else. FYI, see bottom for info. I've looked at the va_* definitions #define _crt_va_start(ap,v) ( ap = (va_list)_ADDRESSOF(v) + _INTSIZEOF(v) ) #define _crt_va_arg(ap,t) ( *(t *)((ap += _INTSIZEOF(t)) - _INTSIZEOF(t)) ) #define _crt_va_end(ap) ( ap = (va_list)0 ) and the part I don't want is the v in va_start. As a little background I'm competent in goasm and I know how the stack works so I know what's happening here. I was wondering if there is a way to get the function stack base without having to use inline assembly. Ideas I've had: #define im_va_start(ap) (__asm { mov [ap], ebp }) and etc... but really I feel like that's messy and I'm doing it wrong. struct function_table { const char* fname; (void)(*fptr)(...); unsigned char maxArgs; }; function_table mytable[] = { { "MessageBox", &tMessageBoxA, 4 } }; ... some function that sorts through a const char* passed to it to find the matching function in mytable and calls tMessageBoxA with the params. Also, the maxArgs argument is just so I can check that a valid number of parameters is being sent. I have personal reasons for not wanting to send it in the function, but in the meantime we can just say it's because I'm curious. This is just an example; custom libraries are what I would be implementing so it wouldn't just be calling WinAPI stuff. void tMessageBoxA(...) { // stuff to load args passed MessageBoxA(arg1, arg2, arg3, arg4); } I'm using the __cdecl calling convention and I've looked up ways to reliably get a pointer to the base of the stack (not the top) but I can't seem to find any. Also, I'm not worried about function security or typechecking.

    Read the article

  • For business people to manage, keep binary images in MySQL or just the urls?

    - by Michael Mao
    Hello everyone: I am working on a task to enable image uploading and auto-scaling(from full sized to thumbnail) by jQuery & PHP. I can naturally come up with two approaches : First, store both images as binary objects directly into MySQL; Second, store only urls to the images and keep the images somewhere on server. The images are for everyone to view, so there are no security restrictions, as far as I know. Personally I don't have any preference, however, at the end of the day, it is the business people that are going to manage the images as part of the system(CRUD). So I am wondering which seems to be a bit better for them? Of course I am building a easy-to-use, visualize web interface for the staff to control the process, but I am not sure if that is enough. Lessons told me that if I don't think for the future and seek the most flexible approach, the I will probably screw myself sooner or later. PS. The following link is what I've found so far, which is pretty cool, no flash involved :) Andrew Valum's ajax image upload jQuery plugin

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 460 461 462 463 464 465 466 467 468 469 470 471  | Next Page >