Search Results

Search found 29222 results on 1169 pages for 'network security'.

Page 830/1169 | < Previous Page | 826 827 828 829 830 831 832 833 834 835 836 837 | Next Page >

How can I receive messages using over http without MSMQ

- by pduncan

I need a reliable messaging framework that runs over http/https (due to client security requirements) and that doesn't use MSMQ (because some clients will use Windows XP Home). The clients only need to be able to receive messages, not send them. We already have a message queue on the server for each user, and the receivers have been getting messages by connecting to an HttpHandler on the server and getting a Stream from WebResponse.GetResponseStream() We keep this stream open, and pull messages off of it using Stream.Read(). This MOSTLY works, but Stream.Read() is a blocking call, and we can't reliably interrupt it. We need to be able to stop and start the receiver without losing messages, but the old stream often hangs around, even after we call Thread.Abort on its thread. Any suggestions?

Read the article
PHP with SQL Injection

- by Scott S

For our first assignment in a System Security class, we have to hack into the professors "cheaply organized" sql database. I know the only user is "admin" and the select statement generated in the php is: select user_id from user where user_username = 'admin' AND user_password = md5('noob') I am having a number of problems attempting to bypass the password part of this statement as the professor has some javascript embedded in the page to sanitize the username and password of any non-alphanumeric values. This can be bypassed by turning off javascript :P but any values sent still get cleaned by the operating system (some build of Debian 32-bit). I've seen the code for the login request and it does not escape any characters. How do I bypass the operating systems escape sequences?

Read the article
yum update fails

- by user1670818

i have RHEL 6.3 [root@RHEL6 yum.repos.d]# uname -a Linux RHEL6.3-64-BuildMac 2.6.32-279.el6.x86_64 #1 SMP Wed Jun 13 18:24:36 EDT 2012 x86_64 x86_64 x86_64 GNU/Linux My /etc/yum.conf looks like [main] cachedir=/var/cache/yum/$basearch/$releasever keepcache=0 debuglevel=2 logfile=/var/log/yum.log exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 installonly_limit=3 reposdir=/etc/yum.repos.d/rhel.repo The contents of my /etc.yum.repo.d/rhel.repo looks like [rhelrepo] name=my rhel repo baseurl=http://mirror.centos.org/centos/6.3/os/x86_64/ #gpgkey=http://mirror.centos.org/centos/6.3/os/x86_64/RPM-GPG-KEY-CentOS-6 enabled=1 gpgcheck=0 But my yum update fails with the following error [root@RHEL6 yum.repos.d]# yum update Loaded plugins: product-id, security, subscription-manager Updating certificate-based repositories. Unable to read consumer identity Setting up Update Process No Packages marked for Update please could somebody help

Read the article
Code First entity framework connection string

- by Suneel Dixit

I have 3 class projects in my solutions. 1. MVC4 project 2. Domain 3. Tests In the MVC4 project I have added a web.config file with the connection string as <add name="EfDbContext" connectionString="Data Source=.;Initial Catalog=SportsStore;Integrated Security=true;" providerName="System.Data.SqlClient"/> I have a class by name EfDbContext in Domain project which inherits DbContext. When I view the website in browser, I get the server not found error. I debugged the EfDbContext class and found that the Database.Connection.ConnectionString is set to \SqlExpress with database as EfDbContext. Why is that?

Read the article
Problem with commit in sharpsvn

- by zhangxiaoning

Hi,I'm a programmer in china. I want to commit the changes of a working copy in my computer to the repository. The repository is in an URL and i´m doing this now: using (SvnClient client = new SvnClient()){ string path = @"C:\testdelete\test.java"; client.Delete(path); client.Authentication.Clear(); // Clear predefined handlers client.Authentication.UserNamePasswordHandlers += delegate(object obj, SharpSvn.Security.SvnUserNamePasswordEventArgs args) { args.UserName = "username"; args.Password = "password"; }; var uri = client.GetUriFromWorkingCopy(path); if (uri != null) { SvnCommitArgs args = new SvnCommitArgs(); args.ThrowOnError = true; args.ThrowOnCancel = true; client.Commit(path, args);//here throw a SvnOperationCanceledException } } But it doesn´t work,Why?Thanks!

Read the article
How do I gain permissions to a Sql Compact Database?

- by Quenton Jones

I have an Sql Compact Database v3.5 that I'm bundling with my application. When the application is installed, the database is copied into the application's Program Files directory. Because of Vista and Win7's security settings, the installed application can't access the database file. It is merely a problem of having the database file reside in the Program Files. The solution I have thought of is to copy the file into Program Data, but does anyone have another solution? I am sure others have come across a similar problem. Thanks in advance for your input.

Read the article
Is SHA sufficient for checking file duplication? (sha1_file in PHP)

- by wag2639

Suppose you wanted to make a file hosting site for people to upload their files and send a link to their friends to retrieve it later and you want to insure files are duplicated where we store them, is PHP's sha1_file good enough for the task? Is there any reason to not use md5_file instead? For the frontend, it'll be obscured using the original file name store in a database but some additional concerns would be if this would reveal anything about the original poster. Does a file inherit any meta information with it like last modified or who posted it or is this stuff based in the file system? Also, is using a salt frivolous since security in regards of rainbow table attack mean nothing to this and the hash could later be used as a checksum? One last thing, scalability? initially, it's only going to be used for small files a couple of megs big but eventually... Edit 1: The point of the hash is primarily to avoid file duplication, not to create obscurity.

Read the article
Deploying plugins for Internet Explorer

- by Techpriester

Hi everybody. I'm looking for a way to deploy an Internet Explorer plugin for SVG-rendering without manually installing it on every client machine. Is there a way to use some ActiveX voodoo stuff to automatically install a plugin? I have no reliable information about the IE versions that are used on the client side so I assume the worst: IE6. To make things even harder, the users probably don't have administrator privileges on the client machines. The whole thing happens in an enclosed local network, so security considerations are entirely secondary. It also does not really matter which actual plugin it will be, anything that can render SVG and run Javascript on it will do just fine. I can't think of anything to make this work so I'm desperate for help here...

Read the article
authorization services question cocoa

- by Marius

Sorry for being a total beginner in cocoa and for asking the following stupid question, but it's too confusing for me to google it myself or maybe i'm just missing something. I need to run a shellscript with elevated privileges in cocoa. As i understand, "AuthorizationExecuteWithPrivileges" is the correct way to do it. So i've created an application and tried to use some code from one example i found online. The problem is ... if i understand it correctly ... there should be a Security framework in /System/Library/Frameworks that i have to import to the project, but ... it's not there. What am i missing here? Thank you.

Read the article
I don't seem to have an ASPNET user account running on my machine.

- by pkiyan

Hi: I'm reading up on ASP.NET, and just came to a chapter that explains how to upload a file to your website. It says that in order to save a file to your file system, in the case of every OS except Win Server '03, an ASP.NET page executes in the security context of the ASPNET account. I don't have an ASPNET account running on my machine (win xp pro sp3; .NET 3.5). The program runs fine, by the way, I'm just trying to understand what an ASPNET account is exactly, and why it doesn't seem to show up on my list of user accounts. Thanks.

Read the article
what's the key different between data management and data governance?

- by Sid Xing

i just read some articles about these two theories, and i thought they have the similar goal, but DG is more about process management by follow some best practice. So my 1st question is about the difference between DG & DM. I'm confused. There're so many concepts around data management. Data quality, data security, data governance, data profiling, data integration, master data management, metadata management.... It seems like neither of them is EXACTLY separated, they're together. My 2nd question, or ask for your suggestion to help me better understand the relation between these concepts. Appreciate your help.

Read the article
server.sh gives me following error Exception"main" java.lang.NoClassDefFoundError:

- by NickNaik

i am trying to start the "Program D" from the terminal, command in terminal "sh server.sh" gives me following error Starting Alicebot Program D. Exception in thread "main" java.lang.NoClassDefFoundError: org/alicebot/server/net/AliceServer Caused by: java.lang.ClassNotFoundException: org.alicebot.server.net.AliceServer at java.net.URLClassLoader$1.run(URLClassLoader.java:202) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:190) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) at java.lang.ClassLoader.loadClass(ClassLoader.java:247) My Server.sh file ALICE_HOME=.SERVLET_LIB=lib/servlet.jar ALICE_LIB=lib/aliceserver.jar JS_LIB=lib/js.jar # Set SQL_LIB to the location of your database driver. SQL_LIB=lib/mysql_comp.jar # These are for Jetty; you will want to change these if you are using a different http server. HTTP_SERVER_LIBS=lib/org.mortbay.jetty.jar:lib/javax.xml.jaxp.jar:lib/org.apache.crimson.jar PROGRAMD_CLASSPATH=$SERVLET_LIB:$ALICE_LIB:$JS_LIB:$SQL_LIB:$HTTP_SERVER_LIBS java -classpath $PROGRAMD_CLASSPATH -Xms64m -Xmx64m org.alicebot.server.net.AliceServer $1

Read the article
Validating/Allowing YouTube Embed Code

- by mellowsoon

Hi, hopefully this is a simple question. I have a simple custom forum on my site written in PHP. For security reasons I don't allow any HTML in the forum posts. I only allow certain BBCode tags. I would however like to allow embedded YouTube videos. So my question is this: What's the best (most secure) way to validate the YouTube embed code? YouTube is currently using iframes to embed videos, but obviously I can't just allow the iframe tag. I also need to ensure the src of the iframe is a YouTube URL, and ensure there's no other malicious bits of code in the iframe code.

Read the article
Html how to make a part on iframe, unvisible and unclickable externally? (my idea)

- by ozan

I have a page (A) including a BUTTON with a function close_window() , however when I embed A to my main page (B) using iframe, the close_window() can't work as expected since there is no more window anymore, and I am not able to remove the button from the iframe since A is on another domain (Security issues prevents). What I want to do is make this button label invisible. And the only way I think is to put a white image just to the place where that button exists on my iframe, externally. is Smthing like that possible? I want the image to be on the top of iframe? Or do you have any other idea ? Thanks for helps.

Read the article
What is the most suitable for writing a high speed server C, C++ or C# ?

- by wniroshan

I'm goint to write a server which does lots of image processing. Server-end processsing is expected to be very tedious. Server will maily have mobile phones as its clients. I am really concerend about speed and effciency. Security is pretty important too. Server will be running on a windows platform. Can anyone tell me what should I use as the language C, C++ or C#? or at least what are the ares that I should be looking at when selecting one of them Thank you.

Read the article
How to? - part of the site over ssl, other part not

- by spirytus

What is common practice for coding web applications where part of the site has to be secured (e.g. checkout section) and part not necessarily, lets say homepage. As far as I know sharing sessions in between http and https parts of the site is not easily possible (or is it?). What would be common approach if I wanted to display on http page like homepage, shopping cart data (items) that users ordered on https pages? How those two parts of the site would communicate if necessary? Also isn't it security flaw in popular shopping carts as it seems that many of these have only checkout pages secured (ssl) and the rest not? I'm using php if it makes any difference.

Read the article
Hooking a synchronous event handler on a form submit button in JS

- by Xzhsh

Hi, I'm working on a security project in javascript (something I honestly have not used), and I'm having some trouble with EventListeners. My code looks something like this: function prevclick(evt) { evt.preventDefault(); document.loginform.submitbtn.removeEventListener('click',prevclick,false); var req = new XMLHttpRequest(); req.open("GET","testlog.php?submission=complete",false); req.send(); document.loginform.submitbtn.click(); //tried this and loginform.submit() } document.loginform.submitbtn.addEventListener('click',prevclick,false); But the problem is, the submit button doesn't submit the form on the first click (it does, however, send the http request on the first click), and on the second click of the submit button, it works as normal. I think there is a problem with the synchronization, but I do need to have the request processed before forwarding the user to the next page. Any ideas on this would be great. Thanks in advance.

Read the article
Pros and Cons of Proprietary Software

- by Jon Purdy

Proprietary software is about as good as open-source software. There are so many problems with proprietary technologies, however, that I'm beginning to think it's best to avoid them: The software will only be maintained as long as the company exists (and profits). The level of security of the application is as unknowable as the source code. Alterations and derivative works, however necessary and beneficial, are disallowed. I simply don't see any point in even learning to use such systems as those created by Microsoft and Apple. Of course I don't pretend that ignorance is the superior option: one has to have a certain working knowledge simply because of the ubiquity of these things. I just don't see any reason why, as an independent developer, I should ever consider it a remotely good idea to actually use them. So that's the question, or discussion topic, or what have you: In what ways do developers benefit at all from using closed-source development software?

Read the article
whatz wrong in this SELECt query of MSSQL... ?

- by user522211

Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load Dim SQLData As New System.Data.SqlClient.SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True;User Instance=True") Dim cmdSelect As New System.Data.SqlClient.SqlCommand("SELECT * FROM Table1 WHERE Date =" & TextBox1.Text & "'", SQLData) SQLData.Open() Dim dtrReader As System.Data.SqlClient.SqlDataReader = cmdSelect.ExecuteReader() While dtrReader.Read() For j As Integer = 1 To 31 Dim s As String = "s" & j If dtrReader(s.ToString()).ToString() = "b" Then Dim img As ImageButton = DirectCast(Panel1.FindControl(s.ToString()), ImageButton) img.ImageUrl = "~/Images/booked.gif" img.Enabled = False End If Next End While dtrReader.Close() SQLData.Close() End Sub SHOWS AN ERROR : Unclosed quotation mark after the character string ''.

Read the article
Best language to develop medical software

- by Grace

I need to write medical program to manage medical practices (patient records, appointments, prescription, etc). Note that this is not for US practices so US EMRs will not work. What is the best platform to develop the software in ie. language and database? Considerations include: - Integration with the web - will need to have Doctors download updates to the software from the web. Will also post reports from the software unto webpages - The software will include a mobile application - probably for Blackberry - Cost is a big factor - need to minimize the license cost to the users - Need tight security on the program

Read the article
Unable to edit and save a file on remote machine using notepad++

- by gsk

I am using Notepad++ 5.3.1. I want to edit and save files on a remote machine(both are running on windows xp). I have granted the access privileges and security permissions in the folder containing the files. When I try to save any of these files after editing in Notepad ++, I get the following error. 'Please check whether if this file is opened in another program' There are no other places where the file has been opened but I still get this error. I was able to edit and save earlier but this error seems to be coming only since yesterday.

Read the article
CouchDB read authorization

- by mdikici

In couchdb website - technical overview - security and validation - http://couchdb.apache.org/docs/overview.html - it writes that (on reader access part) "To protect document contents, CouchDB documents can have a reader list. This is an optional list of reader-names allowed to read the document. When a reader list is used, protected documents are only viewable by listed users." I searched about how to use it but i found nothing. So is it actually used and if it is how? Thanks. -- Mustafa

Read the article
How can I clean up this SELECT query?

- by Cruachan

I'm running PHP 5 and MySQL 5 on a dedicated server (Ubuntu Server 8.10) with full root access. I'm cleaning up some LAMP code I've inherited and I've a large number of SQL selects with this type of construct: SELECT ... FROM table WHERE LCASE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE( strSomeField, ' ', '-'), ',', ''), '/', '-'), '&', ''), '+', '') ) = $somevalue Ignoring the fact that the database should never have been constructed to require such a select in the first place, and the $somevalue field will need to be parameterised to plug the gaping security hole, what is my best option for fixing the WHERE condition into something less offensive? If I was using MSSQL or Oracle I'd simply put together a user-defined function, but my experience with MySQL is more limited and I've not constructed a UDF with it before, although I'm happy coding C. Update: For all those who've already raised their eyebrows at this in the original code, $somevalue is actually something like $GET['product']—there are a few variations on the theme. In this case the select is pulling the product back from the database by product name—after stripping out characters so it matches what could be previously passed as a URI parameter.

Read the article
Problem with bluetooth service in J2ME don't discoverable

- by Fran

Hi! I try to create a service with: LocalDevice localDevice = LocalDevice.getLocalDevice(); localDevice.setDiscoverable(DiscoveryAgent.GIAC); String url = "btl2cap://localhost:"+uuid.toString()+";name="+name+";authorize=true;authenticate=true;encrypt=true"; L2CAPConnectionNotifier notifier = (L2CAPConnectionNotifier)Connector.open(url); ServiceRecord = localDevice.getRecord(notifier); // Set some attributes // ... conn = notifier.acceptAndOpen(); //... I run this code on a Nokia 5800 and Nokia 2760, with 5800 I can see 2760, but not vice versa, I don't know what is the problem, I have think security problems... Any ideas? Thanks!

Read the article
Storing API keys in Android, is obfustication enough?

- by fredley

I'm using the Dropbox API. In the sample app, it includes these lines: // Replace this with your consumer key and secret assigned by Dropbox. // Note that this is a really insecure way to do this, and you shouldn't // ship code which contains your key & secret in such an obvious way. // Obfuscation is good. final static private String CONSUMER_KEY = "PUT_YOUR_CONSUMER_KEY_HERE"; final static private String CONSUMER_SECRET = "PUT_YOUR_CONSUMER_SECRET_HERE"; I'm well aware of the mantra 'Secrecy is not Security', and obfuscation really only slightly increases the amount of effort required to extract the keys. I disagree with their statement 'Obfustication is good'. What should I do to protect the keys then? Is obfustication good enough, or should I consider something more elaborate?

Read the article

< Previous Page | 826 827 828 829 830 831 832 833 834 835 836 837 | Next Page >