Search Results

Search found 29222 results on 1169 pages for 'network security'.

Page 819/1169 | < Previous Page | 815 816 817 818 819 820 821 822 823 824 825 826  | Next Page >

• Can you let users upload Sinatra apps and run them inside Rails as middleware?

  - by Brian Armstrong

  I want to let users write small custom apps (think themes or plugins on Wordpress) and upload/run them on my site. I'm thinking about using Sinatra apps for this since it would give the users a lot of flexibility, and then running them as middleware inside my rails app. But I can't figure out the security implications of this. I tried creating a simple sinatra app as middleware, and it has access to all the rails models and everything - so that is bad. Is there a way for rack to keep these separate so that the sinatra apps are effectively sandboxed and can't do any bad things (outside of an API or some specific way I setup for them to communicate)? There may be an easier way to accomplish this that I haven't thought of too, so ideas welcome. Thanks!

  Read the article

• Adding AllowPartiallyTrustedCallersAttribute To Paypal ASP.NET SDK

  - by snwr

  Currently, I cannot use Paypal Pro on my host (GoDaddy) because it requires Full trust level. After digging in Google, it seems a workaround is possible by adding AllowPartiallyTrustedCallersAttribute to the Paypal assembly. I have seen code samples that use AllowPartiallyTrustedCallersAttribute in their AssemblyInfo.cs file, however, I've yet to run into a code example that also happens to be using PayPal. My question is where should the AllowPartiallyTrustedCallersAttribute be added in my project if my objective is to make the PayPal assembly work? I have tried adding it to my AssemblyInfo.cs for the project that contains the entire website, but I have not been successful. At this point, any insight or shot in the dark would be greatly appreciated. Even if someone could point me in the general direction of some documentation I would be grateful. AllowPartiallyTrustedCallersAttribute Reference: http://msdn.microsoft.com/en-us/library/system.security.allowpartiallytrustedcallersattribute.aspx

  Read the article

• How to add a Web Reference to a SSL web service?

  - by Matt W

  Hi, I have a web service in a C#/3.5 project which has been running fine. This is until I set the "SSL port" in IIS to 443 and set the "IIS - Directory Security - Secure Communications - Require secure channel (SSL)" option to true. Now, the web reference cannot be updated and I cannot add a new web reference to the web service in that site. When I try to view the service in a browse using just HTTP I get the "This page must be viewed over a secure channel" and when viewed with HTTPS on the front I get "This web page not available." Could someone tell me how to get a Web Reference added using Visual Studio to this secure web service, please? Thanks, Matt.

  Read the article

• Make SQL Server 2005 accessible via Internet

  - by Gary Joynes

  I have an application that runs on a client's server built on a SQL Server 2005 database. We have now developed an ASP.NET v2 application which connects to this database. This web application will be hosted on an ISP's server but needs to access the SQL Server database on the client's server. The client's server has a firewall and so forth so I assume it should be possible to make the SQL Server accessible via the Internet but of course I am woriied about security. Can someone point me to some best practices to achieve this.

  Read the article

• Problem authenticating with shiro in grails app

  - by xain

  I have a grails 1.2 app and I want to use declarative security in order to restrict accesses based on roles. I decided to try shiro, installed the plugin, but when I try to authenticate, the message "Invalid username and/or password" shows up in the header. I check the db entry and the user is there with the sha'ed password. No messages are shown neither in the console nor in the stacktrace file. I added "warn 'org.jsecurity'" to Config.groovy with no results. Any hints/tricks to troubleshoot this ?

  Read the article

• Key stroke time in Openmoko or any smart phones

  - by Adi

  Dear all, I am doing a project in which I am working on security issues related to smart phones. I want to develop an authentication scheme which is based on biometrics, Every human being have a unique key-hold time,digraph time error rate. Key-Hold Time : Time difference between pressing and releasing a key . Digraph Time : Time difference between releasing one and pressing next one. Error Rate : No of times backspace is pressed. I got these metrics from a paper "Keystroke-based User Identification on Smart Phones" by Saira Zahid1, Muhammad Shahzad1, Syed Ali Khayam1,2, Muddassar Farooq1. I was planning to get the datasets to test my algorithm from openmoko phone, but the phone is mis-behaving and I am finding trouble in generating these time data-sets. If anyone can help me or tell me a good source of data sets for the 3 metrics I defined, it will be a great help. Thanks Aditya

  Read the article

• rpcbind authorization problems

  - by Milan

  Hy, I am using rpcbind (SunRPC) on Arch linux and python rpc.py (wich use standard python socket module) interface for comunication with it, but every time I try to send request for registration or unregistration to rpcbind I get message that I am rejected for security reasons. Only situation when everything works is that when I call rpcbind in insecure mode (rpcbind -i) but I realy want to make everything works in secure mode.I found information from rpcbind datasheet that i can make request in secure mode only from loopback address, but I have tried every aproach i had knew to make such socket and everything fall down. Please help me. Thank you

  Read the article

• Would a Socket Connection Outperform an Intarvaled Database Sweep and Requests?

  - by Jascha

  I'm building a small chat application to add to an existing framework. There will only be 20-50 users MAX at any one time. I was wondering if I could get away with updating a cache file containing (semi) live chat data for whichever users happen to be chatting just by performing timed queries and regular AJAX refreshes for new data as opposed to learning how to open and maintain a socket connection. I'm sure there are existing chat plug-ins out there. But I just had a hell of a time installing one and I could see building the whole damn thing taking just as much time as plugging one in. Am I off to a bad start? Thanks in advance -J (p.s. this is a semi closed network behind a php login so security isn't a great concern)

  Read the article

• File Encryption Operation

  - by kiruthika

  Hi All, I have doubt in gpg command operation . Actually we are using gpg command for encrypting the file . File.txt has following things. Testing hello world My security things. Now I am doing the file encryption for File.txt gpg --symmetric File.txt Now I got File.txt.gpg file , which is encrypted. My doubt, if some open that file and did someone changes in that I am not able get file content . It says my following things. $ gpg --decrypt File.txt.gpg gpg: no valid OpenPGP data found. gpg: decrypt_message failed: eof I want my file content , even though some body has done changes in that . what should I do for this problem....?

  Read the article

• Running custom Javascript on every page in Mozilla Firefox

  - by saturn

  I have a custom piece of Javascript which I would like to run on every web page from specific domains, or perhaps simply on every web page. (If you are wondering: it is not malicious. It allows to display formulas by using MathJax.) Is that possible? I tried including it in userContent.css, that of course did not work. A simple Greasemonkey script I tried did not insert it. Is it because of the security precautions? (Which would be very logical). Still, there should be a way to do it on the machine I physically control, by changing something in Mozilla chrome directory, shouldn't it? Anyway, how can I do this for myself?

  Read the article

• How to call webservice using same credentials as Sharepoint?

  - by Saab

  Is it possible to do a webservice call from within an Excel sheet that has been downloaded from a sharepoint server, using the same credentials as the ones that are used for accessing the Sharepoint server? We're currently developing an Excel solution, which does webservice request from within the Excel sheet. This works fine, but the user has to log in at least twice : one for downloading/opening the Excel sheet from Sharepoint, and one to be able to execute the webservice using the right credentials. The Sharepoint server and the client machine are not in the same Active Directory domain. So "System.Security.Principal.WindowsIdentity.GetCurrent()" is not an option, since this will return a user that doesn't exist on the server.

  Read the article

• ASP.NET MVC + MySql Membership Provider, user cannot login

  - by Jason Miesionczek

  Hello, I've been playing around with using MySql as the membership provider for asp.net mvc forms authentication. I've got things configured correctly as far as i can tell, and i can create users via both the register action and asp.net web config site. however, when i try to login with one of the users, it does not work. it returns an error as if i had entered a wrong password, or if the account doesn't exist. i have verified in the database that the account does exist. I've followed the instructions here for reference: http://blog.tchami.com/post/ASPNET-MVC-2-and-MySQL-Membership-Provider.aspx here is my web.config: <?xml version="1.0"?> <!-- For more information on how to configure your ASP.NET application, please visit http://go.microsoft.com/fwlink/?LinkId=152368 --> <configuration> <connectionStrings> <add name="MySQLConn" connectionString="Server=localhost;Database=intereditor;Uid=<user>;Pwd=<password>;"/> </connectionStrings> <system.web> <compilation debug="true" targetFramework="4.0"> <assemblies> <add assembly="System.Web.Abstractions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Web.Routing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> <add assembly="System.Web.Mvc, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" /> </assemblies> </compilation> <authentication mode="Forms"> <forms loginUrl="~/Account/LogOn" timeout="2880" name=".ASPXFORM$" path="/" requireSSL="false" slidingExpiration="true" enableCrossAppRedirects="false" /> </authentication> <membership defaultProvider="MySqlMembershipProvider"> <providers> <clear/> <add name="MySqlMembershipProvider" type="MySql.Web.Security.MySQLMembershipProvider,MySql.Web,Version=6.3.4.0, Culture=neutral,PublicKeyToken=c5687fc88969c44d" autogenerateschema="true" connectionStringName="MySQLConn" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" passwordFormat="Hashed" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" passwordStrengthRegularExpression="" applicationName="/" /> </providers> </membership> <profile defaultProvider="MySqlProfileProvider"> <providers> <clear/> <add name="MySqlProfileProvider" type="MySql.Web.Profile.MySQLProfileProvider,MySql.Web,Version=6.3.4.0,Culture=neutral,PublicKeyToken=c5687fc88969c44d" connectionStringName="MySQLConn" applicationName="/" /> </providers> </profile> <roleManager enabled="true" defaultProvider="MySqlRoleProvider"> <providers> <clear /> <add name="MySqlRoleProvider" type="MySql.Web.Security.MySQLRoleProvider,MySql.Web,Version=6.3.4.0,Culture=neutral,PublicKeyToken=c5687fc88969c44d" connectionStringName="MySQLConn" applicationName="/" /> </providers> </roleManager> <pages> <namespaces> <add namespace="System.Web.Mvc" /> <add namespace="System.Web.Mvc.Ajax" /> <add namespace="System.Web.Mvc.Html" /> <add namespace="System.Web.Routing" /> </namespaces> </pages> </system.web> <system.webServer> <validation validateIntegratedModeConfiguration="false"/> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> <runtime> <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" /> <bindingRedirect oldVersion="1.0.0.0" newVersion="2.0.0.0" /> </dependentAssembly> </assemblyBinding> </runtime> </configuration> Can anyone please help me identify what is wrong so that users can login? UPDATE So after debugging the login process in the code of the membership provider itself, i discovered that there is a bug in the provider. There is a discrepancy between the password hash that is stored in the database, and the has that is generated based on the inputted password. As a workaround for my issue, i changed the password format to 'encrpyted' and added a machine key to my web.config. I am still interested in figuring out the issue with the hashed format in the provider, and will spend some more time debugging it, and if i can figure out the problem, i will put together a patch and submit it.

  Read the article

• Attribute class not calling constructor

  - by Coppermill

  I have created an Attribute, call MyAttribute, which is performing some security and for some reason the Constructor is not being fired, any reason why? public class Driver { // Entry point of the program public static void Main(string[] Args) { Console.WriteLine(SayHello1("Hello to Me 1")); Console.WriteLine(SayHello2("Hello to Me 2")); Console.ReadLine(); } [MyAttribute("hello")] public static string SayHello1(string str) { return str; } [MyAttribute("Wrong Key, should fail")] public static string SayHello2(string str) { return str; } } [AttributeUsage(AttributeTargets.Method)] public class MyAttribute : Attribute { public MyAttribute(string VRegKey) { if (VRegKey == "hello") { Console.WriteLine("Aha! You're Registered"); } else { throw new Exception("Oho! You're not Registered"); }; } }

  Read the article

• Verify windows log-in via smart card

  - by Ronen Rabinovitz

  Hi I need to verify in my WPF application if the user log in to his computer via password or via smart-card. Both login options are available in my company clients but my application need to open only in the smart-card login. All the clients are windows 7 OS. I look at some sites: http://technet.microsoft.com/en-us/library/ff404285(v=ws.10).aspx http://www.codeproject.com/Articles/240655/Using-a-Smart-Card-Certificate-with-NET-Security-i and I'm thinking I need to get the enhanced key usage (EKU) attribute field. If the EKU is empty = then the user was loged via password and not via smartcard. I only need this simple check, I do not care for creating/validations on certificates atc.

  Read the article

• problem in loading class from 'me.prettyprint.hector.api.Serializer'

  - by dhananjay patil

  I have created executable jar but having some problem with Class not found Exception. When I type command: java -jar JarFileName.jar arguments.. I get error message, Exception in thread "main" java.lang.NoClassDefFoundError: me/prettyprint/hector/api/Serializer at com.ensarm.niidle.web.scraper.NiidleScrapeManager.main(NiidleScrapeManager.java:21) Caused by: java.lang.ClassNotFoundException: me.prettyprint.hector.api.Serializer at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:307) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) ... 1 more please tell me solution for this,class is not getting loaded from the external jar

  Read the article

• Why exactly is eval evil?

  - by Jay

  I know that Lisp and Scheme programmers usually say that eval should be avoided unless strictly necessary. I´ve seen the same recommendation for several programming languages, but I´ve not yet seen a list of clear arguments against the use of eval. Where can I find an account of the potential problems of using eval? For example, I know the problems of GOTO in procedural programming (makes programs unreadable and hard to maintain, makes security problems hard to find, etc), but I´ve never seen the arguments against eval. Interestingly, the same arguments against GOTO should be valid against continuations, but I see that Shemers, for example, won´t say that continuations are "evil" -- you should just be careful when using them. They´re much more likely to frown upon code using eval than upon code using continuations (as far as I can see -- I could be wrong).

  Read the article

• Graceful handling of server timeout in BlazeDS

  - by Rydell

  I have a flex client that makes service calls to a tomcat server running BlazeDS. I would like to gracefully handle server session timeouts in this environment. I do have security constraints on the service, so the client authenticates against a remote object by initializing a ChannelSet based on the destination, and then logging in using that ChannelSet. After the user is authenticated, if they go get a (long) cup of coffee, their session will inevitably time out. I would like the client to detect the timeout, and return the user back to the login page, with the appropriate informational messages. But I am having difficulty finding the best way to detect this timeout from the client. Is it possible, or must I have the server throw an error when the timeout occurs? Thanks!

  Read the article

• Problem in SQL Server 2005 using ASP.Net

  - by megala

  I created one ASP.Net project using SQLServer database as back end.I shows the foollwing error .How to solve this? ===============Coding Imports System.Data.SqlClient Partial Class Default2 Inherits System.Web.UI.Page Dim myConnection As SqlConnection Dim myCommand As SqlCommand Dim ra As Integer Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click myConnection = New SqlConnection("Data Source=JANANI-FF079747\SQLEXPRESS;Initial Catalog=new;Persist Security Info=True;User ID=sa;Password=janani") 'server=localhost;uid=sa;pwd=;database=pubs") myConnection.Open() myCommand = New SqlCommand("Insert into table3 values 'janani','jan'") ra = myCommand.ExecuteNonQuery() ========---> error is showing here MsgBox("New Row Inserted" & ra) myConnection.Close() End Sub End Class =========Error Message============ ExecuteNonQuery: Connection property has not been initialized.

  Read the article

• How to create virtual Environment for users on server

  - by Bhushan Nagaonkar

  I have a web application where users can register them self and then save Java and C++ programs in their account. Programs are saved in a tmp directory like, /tmp -user1 --program1 --program2 -user2 --program1 --program2 So all the users folders are in same "tmp" directory. I want to know how can I proved security by not allowing a user to access files of other users. A user will be executing a java or c++ program in his folder which can be used to read files on the server. How to prevent this? I am new to this thing I don't know how to go about this. The server is Linux server and project is in python using Django. Thank in advance

  Read the article

• Facebook Is it possible to grab a user's data and populate a form in an iframe?

  - by super9

  I am trying to create an iframe tab for a Facebook Page. On this page, I am loading in an iframe which consists of a form from another domain/site. Is it possible to use javascript to query the graph api to load the user's data into this iframe loaded form using javascript such that is appears pre-populated to the user? I am aware that there is a cross domain security issue. In that case, suppose that my iframe tab is now hosted on the same domain as the iframe loaded form, will this be doable now?

  Read the article

• Use of COM object in IIS 7

  - by Wouter d.A.

  Hi all, I am currently moving an ASP.NET web-project from an IIS 6 to a IIS 7 hosting environment. Everything seems to be running OK, except my calls to a COM object. I can perfectly instantiate an object of the COM type, but when I call one of its methods, the IIS crashes. The event log reports an error code "0xc0000374", which indicates a heap corruption. When I run the application inside the visual studio development server, everything goes well and the COM object code gets executed without any errors. This is also the case when the application is hosted on an IIS 6 machine. I have looked through all settings of the IIS 7 and have not found anything configurable for COM objects, like security or ... I have been struggling with this for a while and I'm out of ideas. Does anyone have any experience deploying COM objects on IIS 7? Your help would be very appreciated!

  Read the article

• Why don't web fonts in Firefox don't work on a different domain?

  - by mikez302

  I was experimenting with the fancy new OpenType font capability in Firefox 3.5 and I ran into a problem. I was trying to embed a font on a different domain than the page it would be used on, and it didn't work. I thought it may have been a bug, but from what I read on the MDC reference page, I noticed this note: In Gecko, web fonts are subject to the same domain restriction (font files must be on the same domain as the page using them), unless HTTP access controls are used to relax this restriction. It looks like they designed the browser that way on purpose. Out of curiosity, why would they do that? Is there any security risk with embedding a font? Or is it for legal trademark or copyright issues? Or something else?

  Read the article

• Spring - MVC - Sanitize URL before redisplaying to the user

  - by Raghav

  In my application , a HTTP GET request URL to the application with script tag is getting redisplayed as it is although it fails the authorization. Example: http://www.example.com/welcome<script>alert("hi")</script> The issue is sanitizing external input entered directly into address bar by modifying existing GET URL. Spring redisplays the submitted URL as it is. Though the script does not get executed in the browser(FF), is there anyway to strip the URL of these values before displaying it back to the user Reference: Spring MVC application filtering HTML in URL - Is this a security issue?

  Read the article

• VS2010 Clean Web.configs - not updating

  - by cw

  Hello, I'm messing around with MVC 2.0 on VS2010 and am having an issue getting the clean web config feature working. Basically in my Web.debug.config I have <connectionStrings xdt:Transform="Replace"> <add name="ApplicationServices" connectionString="Server=localhost;Database=SITE_DB;User ID=dbuser;Password=P@ssw0rd;Trusted_Connection=False;" /> </connectionStrings> and in my Web.config I have <connectionStrings> <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient" /> </connectionStrings> When I run the site in debug mode, I'd expect that xdt:Transform="Replace" would replace the entire connectionStrings section with what is in the Web.debug.config. Am I assuming wrong? Or am I doing something else incorrect. Not much info posted around this and I'd figure I'd ask you guys.

  Read the article

• Macros no longer working in VS2005

  - by NPVN

  I'm using VS2005 on Vista. I'm using some macros, but now they have suddenly stopped working. No error messages of any kind. I am not aware of having done anything that could trigger this. I have made sure that "Allow macros to run" is checked in Tools-Options-Addin/Macro Security. I have tried running the macros from a keyboard shortcut, from the Macro Explorer, and from the Macros IDE, all in vain: The little spinning icon displays shortly (<1 sec) and then disappears without the macro being executed. I have tried putting a breakpoint on the first line of the macro and then executing it from the main IDE, with no effect (the breakpoint isn't hit). I have tried the same from the Macro IDE: The state changes to "running", but the breakpoint isn't hit. I have to break the execution manually. Any ideas?

  Read the article

< Previous Page | 815 816 817 818 819 820 821 822 823 824 825 826  | Next Page >