Search Results

Search found 15648 results on 626 pages for 'wcf security'.

Page 501/626 | < Previous Page | 497 498 499 500 501 502 503 504 505 506 507 508 | Next Page >

How can I change or remove HttpRequest input arguments in a HttpModule

- by Eric Gunn

Is it possible to change or remove http request form inputs in an httpmodule? My goal is to create a security IHttpmodule that will check the request for reasonable values, such as limits on acceptable input and query parameter length, or use the AntiXSS Sanitizer to remove threats, log potential hack attempts, etc. before a request is passed on to a processor. Because this is a cross cutting concern I'd prefer to find a solution that applies to all requests and affects all ways request values could be accessed, Reqest.Form, Action(model), Action(FormCollection), HttpContext.Current.Request.Form, etc. I'm using MVC and have considered creating custom model binders to clean the data before creating the model instance. But that would be application specific, require remembering to register every model binder and only apply to Action(model).

Read the article
How to Canonicalize a Stax XML object.

- by Enrique San Martín

Hello, i want to Canonicalize a Stax object, the program it's doing it with DOM, but dom can't manage big XML documents (like 1GB), so STAX it's the solution. The Code that i have it's: File file=new File("big-1gb.xml"); org.apache.xml.security.Init.init(); DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance(); DocumentBuilder documentBuilder = dfactory.newDocumentBuilder(); Document doc = documentBuilder.parse(file); Canonicalizer c14n = Canonicalizer.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); outputBytes = c14n.canonicalizeSubtree(doc.getElementsByTagName("SomeTag").item(0)); The idea it's do the code below with Stax... Thx :)

Read the article
Why isn't UTF-8 allowed as the "ANSI" code page?

- by dan04

The Windows _setmbcp function allows any valid code page... (except UTF-7 and UTF-8, which are not supported) OK, not supporting UTF-7 makes sense: Characters have non-unique representations and that introduces complexity and security risks. But why not UTF-8? As I understand it, the "ANSI" versions of the Windows API functions convert their arguments to UTF-16, call the equivalent "W" function, and convert any strings in the output to "ANSI". This is what I've been doing manually. So why can't Windows do it for me?

Read the article
Postback problem downloading zip file

- by Chris Conway

I've got a problem on a webforms application where a user selects some criteria from dropdowns on the page and hits a button on the page which calls this method: protected void btnSearch_Click(object sender, EventArgs e) They then click on button to download a zip file based on the criteria which calls this method: protected void btnDownload_Click(object sender, EventArgs e) In IE, they are prompted with the bar at the top of the browser that tells them "To help protect your security, Internet Explorer blocked this site from downloading files to your computer". When they click on that bar to download the file, it fires the btnSearch_Click event again. Response.ContentType and Response.AddHeader has been set up correctly. The problem is, that btnSearch appends criteria so basically it is being appended twice and causing problems. Is there something I can do to prevent this? This is a vs2008 web app using c# 3.5 for what it's worth. Thanks!

Read the article
Grails deploy on Tomcat6

- by Jack

Hello, while trying to deploy a Grails application into tomcat6 I ran into some problems: I used the grails war command to build up a war, then copied it to var/lib/tomcat6/webapps and tried to restart the container. I had to change default Tomcat policy to skip security exceptions, since I couldn't access environment variable (like grails.env), then tried again but it gives me an exception related to instantiating something, but it's not clear where should I try to fix the error, according to tomcat6 logs the problem is: SEVERE: Exception sending context initialized event to listener instance of class org.codehaus.groovy.grails.web.context.GrailsC$ org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'pluginManager' defined in ServletContext$ at java.lang.Thread.run(Thread.java:619) Caused by: org.codehaus.groovy.grails.exceptions.NewInstanceCreationException: Could not create a new instance of class [Hiberna$ ... 1 more Caused by: java.lang.NoClassDefFoundError: org.hibernate.cfg.Environment It seems like it's unable to load org.hibernate.cfg.Environment class. I checked the applicationContext.xml and it refers to grails.xml to search for plugins, in this last file I actually have HibernateGrailsPlugin. Where should I look to find if the plugin is present?

Read the article
Why is this not a bug in qmail?

- by jemfinch

I was reading DJB's "Some thoughts on security after ten years of Qmail 1.0" and he listed this function for moving a file descriptor: int fd_move(to,from) int to; int from; { if (to == from) return 0; if (fd_copy(to,from) == -1) return -1; close(from); return 0; } It occurred to me that this code does not check the return value of close, so I read the man page for close(2), and it seems it can fail with EINTR, in which case the appropriate behavior would seem to be to call close again with the same argument. Since this code was written by someone with far more experience than I in both C and UNIX, and additionally has stood unchanged in qmail for over a decade, I assume there must be some nuance that I'm missing that makes this code correct. Can anyone explain that nuance to me?

Read the article
How to force Weblogic to start deployments in active state (i.e. not just prepared)

- by doublep

When I start a Weblogic instance with a deployed application, the deployment is sometimes left in prepared state, not in active state. I have to go to Weblogic Console and start the deployment manually, which is quite slow and annoying repetetive work. Since this is done on a development machine — sometimes 50 times a day, — there are no security implication as the server is only visible on the local network. Is there some way to have it always start the deployment active? Note that I'm not redeploying the application, I instead have it "constantly deployed" and stop/start the Weblogic instance using the scripts in bin directory.

Read the article
NHibernate and SetSessionAuth audit columns

- by user86431

We have audit columns set by triggers. For obscure security reasons predating my tenure and out of my control, we log in with a generic user, and do a 'set session authorization' to change the user to the db user of the user who is logged in. When we converted to NHibernate, it creates a whole new session and jacks everything up when we try to do a set session auth, so we turned the set session auth off... Now we are trying to find out a way to get NHibernate to let us do 'set session authorization' without recycling the session on us, so we can use our existing trigger based audit column stuff with both legacy apps, and our new NHibernate apps. It's not a ideal soloution, or the best way to do it even, but is it possible? I was hoping there was a alternate interface that allowed this kind of access. Does anyone know how to do it, or can you point me towards and good hints? Thanks, Eric-

Read the article
Start multiple processes of a dll in delphi

- by Tom

I have a "ActiveX library" project created with Delphi 2007. The library interface return XML data based on input values. This is then used by a PHP script that displays the data on a web page. This works great! The problem is that i can only run one instance of the dll process on the server. However, for security reasons, each of my customer should be able to access their own process of the dll (because the dll is always connected to only one database). Also, because of the way the delphi code is built, it doesn't support multiple threads. (It's a 100 000+ lines project using lots of singleton classes) Is there a way of starting several instances of the same dll? Is there a better way of transferring XML data from delphi to PHP? Sorry for the longish question, any help is appreciated (ps. I know the delphi code should be refactored, but this would mean 6 months of "circular reference" -hell :)

Read the article
LDAP in medium trust

- by eych

I've have a solution with one website and several projects. The projects all have the AllowPartiallyTrustedCallers attribute and are strongly-named. The site works in full trust. However, after set the trust to medium, I get the System.Security.SecurityException: Request failed. error as soon as I browse to the site. In my projects, I have calls to LogOnUser, as well as many calls to variousSystem.DirectoryServices.AccountManagement methods. Can this site run with medium trust or do I have to have full trust for all the LDAP calls? As I mentioned, I've set the AllowPartiallyTrustedCallers attribute on all projects. Not sure what else to do. Also, I have no idea what/where the error is being generated. The event logs on the server have nothing in regards to this SecurityException. Is there any way to find out what the error location is so maybe I can attempt to rewrite some code? [running .NET 4.0 on Win2k8R2]

Read the article
Where to place java applet policy file?

- by makdere

Hi all, I am working on an artificial intelligence project which is a logic game and aims two user connecting to the server on the network who acts as an Admin and then start to play one by one. In order to create connections, i have a server code which is just listening on localhost:8000 and assigning team values to the clients as they arrive. After connecting, clients make their move under Admin's control. The question is that when i try to put my code to work in the browser it fails with the following error: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:8000 connect,resolve) Even though i have created my own policy, first granting only Socket access permission to the codebase of my project folder (file:///home/xxx/projects/-), after it didnt work i granted all permissions from all codebase. I tried placing my policy file both in the home directory and in the same directory where my applet code resides. Appreciate any tips, thanks.

Read the article
FOSUserBundle: embedding the login form and choosing its template

- by tirengarfio

i want to insert the login form of FOSUserBundle in my template like this: <div id="sidebar"> {% render "FOSUserBundle::Security::login" %} </div> but not to render the template that is been calling in the code of loginAction() originally. I have thought I'd find useful the possibility of passing the template I want to render as a parameter as 'max' in this example: <div id="sidebar"> {% render "AcmeArticleBundle:Article:recentArticles" with {'max': 3} %} </div> Is that possible in symfony2? If not.. should I create another action for my bundle with the same code inside of loginAction? or should I modify the original loginAction code and write control structures? if(currentPage == 'home') renderResponse('template1') else renderResponse('template2')

Read the article
How can I launch a system command via Javascript in Google Chrome?

- by kvsn

I want to execute a local program on my computer via Javascript in Chrome. In Firefox, it can be done as follows (after setting 'signed.applets.codebase_principal_support' to true in about:config): function run_cmd(cmd, args) { netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); var file = Components.classes["@mozilla.org/file/local;1"] .createInstance(Components.interfaces.nsILocalFile); file.initWithPath(cmd); var process = Components.classes["@mozilla.org/process/util;1"] .createInstance(Components.interfaces.nsIProcess); process.init(file); process.run(false, args, args.length); } What's the equivalent code for Chrome?

Read the article
What are the app pool identity and account for anonymous access for?

- by apollodude217

I understand what the two are used for, except I don't know what each does--i.e. what one is for vs. what the other is for. (I usually set them to the same account anyway.) If you're not sure what accounts I'm talking about, in the IIS manager thingy: Right-click on the app pool in question, go to Properties, and click the Identity tab to see the App Pool Identity. Right-click a Web site, go to Properties - Directory Security, and click Edit under Anonymous Access and authentication control to view the Account for anonymous access.

Read the article
Why .NET ASMX web service on secure.site.com can't be called from www.site.com?

- by user118657

Hello, We have a web service on https://secure.site.com/service.asmx it works fine from https://secure.site.com/consumer.html but when we try to use it from https://www.site.com/consumer.html we can't do it. Getting 403 error. I'ts probably something related to webservice security (because of different subdomains) but I can't figure out what. How to make https://secure.site.com/service.asmx be accessible from https://www.site.com/consumer.html? Update: Calling webserivce using JQuery Ajax. $.ajax({ type: "POST", url: "https://secure.site.com/service.asmx/method", data: {}, dataType: "xml", success: method_result, error: AjaxFailed }) ; Thanks.

Read the article
How to verify a digital signature with openssl

- by Aaron Carlino

I'm using a thirdparty credit card processing service (Paybox) that, after a successful transaction, redirects back to the website with a signature in the URL as a security measure to prevent people from manipulating data. It's supposed to prove that the request originated from this service. So my success URL looks something like this: /success.php?signature=[HUGE HASH] I have no idea where to start with verifying this signature. This service does provide a public key, and I assume I need to create a private key, but I don't know much beyond that. I'm pretty good with linux, and I know I'll have to run some openssl commands. I'm writing the verification script in PHP, which also has native openssl() functions. If anyone could please push me in the right direction with some pseudo code, or even functional code, I'd be very grateful. Thanks.

Read the article
SBT equivalent of Ant target

- by adelbertc

What is the SBT equivalent (if any) of Ant targets? For example, a snippet in a build.xml file for Ant would be: <target name="runClient" description="run client"> <java classname="client.Client" fork="true"> <jvmarg value="-Djava.rmi.server.codebase=${client_web_codebase}"/> <jvmarg value="-Djava.security.policy=policy"/> <arg value="localhost"/> <classpath> <pathelement location="dist/client.jar"/> </classpath> </java> </target> And then I would do something like ant runClient to launch the application "client.Client" with the jvmargs specified in the XML.. is there an SBT equivalent, or a way for SBT to hook into Ant to do this?

Read the article
if isset PHP not working?

- by Ellie

Okay, Im trying to set a captcha up, However with this code in, it breaks. if(isset($_POST["captcha"])) if($_SESSION["captcha"]==$_POST["captcha"]) When i do it with out it, the page works, but the captcha is letting incorrect submits through. Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /hermes/waloraweb085/b2027/moo.lutarinet/jointest.php on line 71 <?php $pagetitle = "Home"; $checkrank = 0; include ($_SERVER['DOCUMENT_ROOT'].'/header.inc.php'); ECHO <<<END <br><br> <b><center><i><u>DO NOT</u> USE YOUR NEOPETS PASSWORD OR PIN NUMBER!!!</b></i></center> <p> ?> <?php session_start() ?> <center><P><FORM ACTION="join.pro.php" enctype="multipart/form-data" METHOD=POST> <table width="393" height="188" border="0" cellpadding="0" cellspacing="0"> <td width="150">Username</td> <td width="243"><input type=text name="name" value="" size=32 maxlength=15></td> </tr> <tr> <td>Password</td> <td><input type=password name="pass1" VALUE="" maxlength=15></td> </tr> <tr> <td>Confirm Password</td> <td><input type=password name="pass2" VALUE="" size=32 maxlength=15></td> </tr> <tr> <td>Security Code (4 Diget Number)</td> <td><input type=password name="security" VALUE="" size=32 maxlength=4></td> </tr> <tr> <td>Email Address</td> <td><INPUT TYPE=text NAME="email" VALUE="" SIZE=32 maxlength=100></td> </tr> <tr> <td height="41" colspan="2" valign="middle"><p><p><center> By registering an account here you agree to all of our <A HREF="$baseurl/tos.php">Terms and Conditions</A>. You can also view our <A HREF="$baseurl/privacy.php">Privacy Policy</A>. </center></p></td> </tr> <tr><td align="center">CAPTCHA:<br> (antispam code, 3 black symbols)<br> <table><tr><td><img src="captcha.php" alt="captcha image"></td><td><input type="text" name="captcha" size="3" maxlength="3"></td></tr></table> </td></tr> <td height="27" colspan="2" valign="middle"> <center><input type=submit name=Submit value="Register"></center> </td> </table> </form> <?php if(isset($_POST["captcha"])) if($_SESSION["captcha"]==$_POST["captcha"]) { //CAPTHCA is valid; proceed the message: save to database, send by e-mail ... echo 'CAPTHCA is valid; proceed the message'; } else { echo 'CAPTHCA is not valid; ignore submission'; } ?> <?php END; include ($_SERVER['DOCUMENT_ROOT'].'/footer.inc.php'); ?> captcha.php <?php session_start(); header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); header("Cache-Control: no-store, no-cache, must-revalidate"); header("Cache-Control: post-check=0, pre-check=0", false); header("Pragma: no-cache"); function _generateRandom($length=6) { $_rand_src = array( array(48,57) //digits , array(97,122) //lowercase chars // , array(65,90) //uppercase chars ); srand ((double) microtime() * 1000000); $random_string = ""; for($i=0;$i<$length;$i++){ $i1=rand(0,sizeof($_rand_src)-1); $random_string .= chr(rand($_rand_src[$i1][0],$_rand_src[$i1][1])); } return $random_string; } $im = @imagecreatefromjpeg("http://sketchedneo.com/images/sitedesigns/captcha.jpg"); $rand = _generateRandom(3); $_SESSION['captcha'] = $rand; ImageString($im, 5, 2, 2, $rand[0]." ".$rand[1]." ".$rand[2]." ", ImageColorAllocate ($im, 0, 0, 0)); $rand = _generateRandom(3); ImageString($im, 5, 2, 2, " ".$rand[0]." ".$rand[1]." ".$rand[2], ImageColorAllocate ($im, 255, 0, 0)); Header ('Content-type: image/jpeg'); imagejpeg($im,NULL,100); ImageDestroy($im); ?> Help please anyone? Line 71: if(isset($_POST["captcha"])) Line 72: if($_SESSION["captcha"]==$_POST["captcha"])

Read the article
Converting SQL to LINQ to XML

- by Morano88

I'm writing the following code to convert SQL to LINQ and then to XML: SqlConnection thisConnection = new SqlConnection(@"Data Source=3BDALLAH-PC;Initial Catalog=XMLC;Integrated Security=True;Pooling=False;"); thisConnection.Open(); XElement eventsGive = new XElement("data", from c in ?????? select new XElement("event", new XAttribute("start", c.start), new XAttribute("end",c.eend), new XAttribute("title",c.title), new XAttribute("Color",c.Color), new XAttribute("link",c.link))); Console.WriteLine(eventsGive); The name of the table is "XMLC" and I want to refer to it. How can I do that? When I put its name directly VS gives an error. Also when I say thisConnection.XMLC it doesn't work.

Read the article
Anyone run recurring payments in their website? Preferably; Paypal API

- by James

I'm wrapping up my startup and will need to implement Paypal API into my sign up page. Does anyone use recurring payments via Paypal API integrated into their billing? Better yet, guide me to a trustable developer with experience or will I have to use Elance? I need it to go to a welcome/get started screen in their logged in account once they hit the 'create account' button after filling out billing info. I was also wondering, can you leave the CSC (3 digit security code) field out with integration, because it makes things very hard for recurring payments. I'd like to stick with Paypal, as I have been very satisfied with them for a few years now; I already checked out Chargify, authorize.net, etc. I'd love to see someone with something like this set up already to take a look at and ask a few questions.

Read the article
protect flash files

- by user172697

Hello Ive a website that create avatars for users and provide them with link for avatar to use it in their website or singuters etc , my problems is the website based on flash . the main page has 1 swf file that load other swfs used to create avatars , if someone knows the link for the these swf files he can download them which means he can have all the website lets say: www.test.com as main page which load main swf and other swfs files which located at www.test.com/resources/flash/swffiles/file1.swf anyone can grap these files and have all the website which is a big security breach ive trying so many way protect these files from not download but protecting them means the main swf cant talk to them and cant load the main page correctaly , any suggestion for these .. thanks in advance

Read the article
What is a read only collection in C#?

- by acidzombie24

I ran a security code analyst i found myself having a CA2105 warning. I looked at the grade tampering example. I didnt realize you can assign int[] to a readonly int. I thought readonly was like the C++ const and makes it illegal. The How to Fix Violations suggest i clone the object (which i dont want to do) or 'Replace the array with a strongly typed collection that cannot be changed'. I clicked the link and see 'ArrayList' and adding each element one by one and it doesnt look like you can prevent something adding more. So when i have this piece of code what is the easiest or best way to make it a read only collection? public static readonly string[] example = { "a", "b", "sfsdg", "sdgfhf", "erfdgf", "last one"};

Read the article
Do not use IE browser settings when using a proxy with Indy

- by JD

Hi At one of our customer sites, we have a Delphi 2007 application that makes a number of HTTPS requests using indy components. All requests are made using the proxy settings the client provides. For this to work, in IE we have to put the URL's in the trusted zones section. After a month due to security settings the trusted zones are cleared. This means we have to re-add the URLs again to make our application work. Is there a way of bypassing IE settings or using a client side HTTP stack so we do not go through the browser to make https requests? JD

Read the article
XMLHttpRequest cross site scripting on same server but differnt port

- by clamp

hello, using XMLHttpRequest it is not possible to open a connection to a document on a different domain than where the page itself is hosted. but what about different ports? for example i have a webserver running on my machine listening on port 80 so the webaddress would look like this: http://localhost:80/mypage.html and i have another webserver running on localhost which is meant to process the ajax requests but listens on a different port. so the javascript in mypage.html would look like this: var xmlhttprequest = new XMLHttpRequest(); xmlhttp.open("GET", "http://localhost:1234/?parameters", true); xmlhttp.send(); would this work? or will it give a security exception as well?

Read the article
Why to store username and password in Keychain in iPhone app

- by Suriya

I have worked with NSUserDefault but this keychain concept is totally new for me. I have tried looking for similar Questions but couldn't find the exact reason to do so. What I have done: I already know how to store data in NSUserDefault. and also the reason why do we need to store it. Regarding Keychain I just know that storing in keychain stores the data with some extra security by encoding the original text while NSUserDefault stores the data as plain text. Is this the only reason for storing the data in keychain?

Read the article

< Previous Page | 497 498 499 500 501 502 503 504 505 506 507 508 | Next Page >