w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML Categories
access to a tomcat from internet (security terms)
The best way to do this (in security terms), is to leave the Tomcat server running on the local network, but provide VPN access to the network. This way others can access the server from the internet if they're connected via VPN, but not just everyone will be able to access it. That being said, is there a reason you are worried about externally facing your Tomcat? As long as your Tomcat and the host OS are both fully patched, you should be OK unless your web app itself has vulnerabilities. Keep those patches up to date though! If you're worried about the security of your web app, you should probably consider hiring a professional penetration tester to take a look at things for you. That can be really expensive, so before you do that scan your app with some scanners like w3af, Wapiti,

Categories : Security

Launcher.LaunchFileAsync() and dealing with internet security settings
You can use the wget for windows circumvent this problem. For wget you need to download wget.exe. It uses the libraries libssl, libiconv2, libintl3. I tested it and got it to work, I also packagaed wget and the libraries to https://dl.dropboxusercontent.com/u/5402101/Desktop.zip, so you wont have to google+download+unzip. For download a file write wget.exe www.mydomain.com/myfile. Relevant options for you may include: -O mydoc.doc, saving the file as mydoc.doc, no matter what the file was named by the server. -c continues to download the file, if it was interrupted. I know this is properly what you thought of as solution, but it works :)

Categories : C#

What is Security Development Lifecycle Checks option in Visual Studio?
The Microsoft Security Development Lifecycle is a software development process used and proposed by Microsoft to reduce software maintenance costs and increase reliability of software concerning software security related bugs. These may helpful: http://download.microsoft.com/download/B/5/A/B5A89F4C-D591-4AAB-BF45-D818D80527B6/SDLServices2011.pdf http://msdn.microsoft.com/en-us/library/windows/desktop/84aed186-1d75-4366-8e61-8d258746bopq.aspx

Categories : C++

Comodo internet security detect c++ hello world program as a viruses (trojan)
I faced the same problem. Since I know there is no virus in the programs, I excluded my dev c++ folder and program file folders from antivirus software. Steps in comodo antivirus is: 1.Open CIS 2.click Tasks in upper right corner 3.click Advanced tasks 4.select open advanced settings 5.Expand security settings 6.Expand antivirus 7.click Exclusions 8.Click on the arrow or right click anywhere on the screen. 9.select Add->folders 10.Add the dev c++ folders and program files folder in the list. 11.You have excluded the files Now run your program, will surely get the output without any virus.

Categories : C++

Javascript on local machine - How to disable restrictions without changing security settings on Internet Explorer?
Try the following header: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!-- saved from url=(0016)http://localhost --> <html> Here you have full description of that feature.

Categories : Javascript

Do any standards and practices exist for applying acceptance test driven development to non-development tasks?
Take a look at this post in StackExchange: Agile methodologies such as Scrum in non-software development projects Also there is a nice article called "Scrum is not just for software" written by the Agile Alliance (note that this is a PDF download)

Categories : Misc

No internet access on Android Emulator, Shared Internet Connection
Finally I sorted out my problem. It was problem due to dns server address. I did below steps open CMD Goto your android-sdk/tools path, Like my path is G:Andriod Developmentandroid-sdk ools type this command G:Andriod Developmentandroid-sdk ools>emulator.exe -avd Android_2.3.3 -dns-server 8.8.8.8 -scale 0.75 here Android_2.3.3 is your AVD name, -dns-server 8.8.8.8 will set your DNS address to 8.8.8.8 or 8.8.8.8:55 and -scale will scale your AVD to specified value. this will start a new emulator. Enjoy :) Hope may be helpful to others

Categories : Android

Can android differentiate between a lost internet connection and no internet connect?
You need to use a BroadcastReceiver that will be triggered when the connectivity status for Wi-Fi has changed. Set following things before registering BroadcastReceiver: private class ConnectionChangeReceiver extends BroadcastReceiver { public void onReceive( Context context, Intent intent ) { Log.d(tag, "Inside Broadcast Reciever"); CheckWifiStatus(); } } private void RegisterWifiWatcher() { if(wifiWatcher == null) wifiWatcher = new ConnectionChangeReceiver(); final IntentFilter intentFilter= new IntentFilter(); intentFilter.addAction("android.net.wifi.WIFI_STATE_CHANGED"); intentFilter.addAction("android.net.wifi.STATE_CHANGE"); registerReceiver(wifiWatcher, intentFilter); } WIFI_STATE_CHANGED : Broadcast intent action indicating that Wi-Fi has been enabled,

Categories : Android

Spring Security 3.1.x & JSF 2.0 : " BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains' "
I would start by checking your classpath (look in the lib directory of your WAR file) and make sure you don't have different Spring jars in there. It's not uncommon for maven to pull in transitive dependencies from some dependency and cause you to end up with Spring 3.0.x and Spring 3.1.x jars at once. You can avoid this by adding exclusions to your pom, or more simply by explicit versions each Spring jar you need. Then make sure you are using up-to-date versions of both Spring Security and Spring. Note that Spring and Spring Security are separate projects with independent version numbers. There's no reason why you can't be using Spring 3.2.3 with Spring Security 3.1.4, for example, but you should have the latest minor version of whichever release you choose.

Categories : Java

What are the security ramifications of checking security with an HTTP call to an external server?
HTTPS makes sure the message can't be read or tampered with any relaying parties (proxies, etc.) but it doesn't guarantee the source of the data is trusted. If another service can determine the other URL and wire format they could spoof a request to it. This is generally where something like request signing comes into play using a shared-secret signing mechanism. Twilio's API uses this method to prove to you that they're actually calling your servers. HTTP Signatures is a proposal for a standardized way of doing this.

Categories : Api

Cannot perform CAS Asserts in Security Transparent methods security level issue
I guess you are using a shared host, so there's no way you can changed trust level if they don't give you permissions to do it. What versions of the MySQL connector are you using? Have you tried copying them to the in folder of your project? (right-click on MySQL.* references and setting then to "Copy Local = true") Are you able to try to connect to your database server from localhost to make sure your connection string parameters are ok?

Categories : C#

System.Security.SecurityException Request for the permission of type 'Microsoft.SharePoint.Security.SharePointPermission
I am also facing the same issue in my code. I have did the following and the issue has resolved. Please try the below and let me know whether it is solved the issue or not. File > Info > Design Checker > Open the Design Checker Window. In that, click Change Settings > Security and Trust > Choose the option Full Trust.

Categories : Sharepoint

java.lang.ClassNotFoundException: org.springframework.security.access.expression.SecurityExpressionHandler when using tag
When I checked my WEB-INF/lib folder I found that I had different versions of spring-security jars, some had 3.1.4 and others 3.0.2. It's working well now with all jars on 3.1.4 version ! Thank you Luke, your comment gave me the answer !

Categories : Spring

Spring security override specific message : Your login attempt was not successful, try again. - not found under org.springframework.security
Actually it is easy resolvable by custom login form. Since it won't display any of sf error messages we can pass error param back after processing. Consequently simply check for this param and add whatever text message you like. authentication-failure-url="/login?error=true" then in our new login page simply add something like: <c:if test="${error}"> <s:message code="AbstractUserDetailsAuthenticationProvider.badCredentials"/></c:if> where you can use any message code from your resource bundle.

Categories : Spring

Providing security for Restful Web Services into existing Spring security 3.1
You should use two http tags. One for your web application and the other one for your REST API. Let's say, you can use an entry point web/** for your web app and an entry point api/** for your REST API. You propaply want to secure your API with HTTP Basic, so your web app should work with form login (that uses java session) and your REST API with HTTP Basic authentication. REST APIs are better secured with OAuth 2, but depending on size or audience of your application would be overkill.

Categories : Spring

ajax security versus php include in root directory security
There is nothing to stop someone from looking at your JavaScript code, getting the URL to the AJAX call. However, if security is a huge issue then look into session variables and the method of storing the value(s). There is file, database and cookie. You do not want php to store session variables in a cookie as these would be accessible to the visitor (they are stored like normal cookies). Set a session value, when the AJAX request is made then check if the session value is also set. If it is then continue as per normal. If it isn't (and the session could have timed out) then do nothing.

Categories : PHP

Spring Security - 'global-method-security' does not work
Looks like you should follow with recomendation from Spring Security Reference Manual: The annotated methods will only be secured for instances which are defined as Spring beans (in the same application context in which method-security is enabled). A similar problem is discussed here: How can <global-method-security> work on my controller by Spring-Security? See the last post.

Categories : Java

WCF Security - Transport Level Security with username password
I think your consumers are asking for Basic Authentication. That is, where the authentication token is passed in the HTTP Authorization header rather than in the SOAP security header. Confidentiality of the credentials will be provided only by the transport (HTTPS). The binding configuration for this is: <basicHttpBinding> <binding name="HTTPSwithBasicAuthentication"> <security mode="Transport"> <transport clientCredentialType="Basic" /> </security> </binding> </basicHttpBinding> On the client, you set the credentials like this serviceClient.ClientCredentials.UserName.UserName = "username"; serviceClient.ClientCredentials.UserName.Password = "password"; Assuming your service is hosted in IIS, remember to enable Bas

Categories : C#

Spring security 3.2.0 > deprecated
I'm not sure if this answer can help you. However, the warning message generated by IDE is not a big problem because you did not use the deprecated method. I'm using spring security too and I also can see the same warning message but the service is working perfectly. I'm sorry if the answer is not you wanted.

Categories : Spring

Got security prompt for "yui.yahooapis.com" with security set to High on IE
This is by design. When you have IE security set to high, all JavaScript is disabled. IE security settings set to high - javascript not working

Categories : Internet Explorer

Why do Web Services use WS-Security instead of using Transport Layer Security?
Many people new to Web services see SOAP as a way to exchange messages between two endpoints over HTTP. Over HTTP, one can authenticate the caller, sign the message, and encrypt the contents of the message. This makes the message secure in several dimensions: the caller is known, the receiver of the message can verify that the message did not change in transit, and entities watching the wire traffic cannot figure out what data is being exchanged. For those looking at SOAP messaging to solve bigger problems, however, HTTP-based security simply isn't enough. Many of the bigger problems involve sending the message along a path more complicated than request/response or over a transport that does not involve HTTP. The identity, integrity, and security of the message and the caller need to be pr

Categories : Ssl

Referring Internet Explorer - Using Internet Explorer Object Model
You can use the Shell.Application object to find an already running IE instance. Set sh = CreateObject("Shell.Application") For Each wnd In sh.Windows If InStr(1, wnd.FullName, "iexplore.exe", vbTextCompare) > 0 Then Set ie = wnd Exit For End If Next The above will attach to the first instance found. If you remove the Exit For it will instead attach to the last instance found.

Categories : Vbscript

Spring security- org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains'
Looking at the stacktrace information it appears as if you have conflicting framework jars in your classpath. When using maven use mvn dependency:tree to figure out which dependencies get used, I suspect that there is an older spring-beans.jar in your classpath.

Categories : Java

C# and SQL Server 2005
First of all - you should use the appropriate type for your dates - that is DATETIME - do not cast dates into strings and back if you can avoid it! (and you can definitely avoid it here) Secondly: the DATETIME in SQL Server as well as the DateTime in .NET both have dates and time information, e.g. 2013-06-23 14:57:34 so if you're doing an equality comparison in your JOIN condition, only those rows that exactly match your date and time will be selected. So you need strip off the time portion, if you want to use just dates for comparison. So try this code here: ALTER PROCEDURE dbo.YourProcedureNameHere (@currentdate DATETIME) SELECT DISTINCT table1.name, table2.class, table3.stream FROM dbo.table1 INNER JOIN dbo.table2 ON table1.id = table2.id INNER JOIN

Categories : C#

Explain the difference between Java *client* security concerns and *server* security concerns
Generally speaking you don't see many CVEs that affect the server side because the server side virtually never runs user provided code (or an attacker's code). The vulnerabilities with server side are mostly failure to properly handle input, and issues with configuration, so not Java's fault. The client side however (applets being a great example) has lots of CVEs because the user's local JVM is actually running byte code that was provided by the attacker. Vulnerabilities in the JVM can then be triggered and exploited. These same vulnerabilities are usually present on the server side, but they aren't accessible to attackers. Another reason you don't see many server side CVEs is because most of the server side vulnerabilities are application/implementation specific, and only affect t

Categories : Java

Spring Security UI plugin for Grails creates neither spring-security-ui.css nor i18n files
Try extracting the files from the directory you need, from the version you need https://github.com/grails-plugins/grails-spring-security-ui/tree/master/grails-app/assets/stylesheets https://github.com/grails-plugins/grails-spring-security-ui/tree/master/grails-app/i18n

Categories : Grails

Why can't I target .NET 1.1 from VS 2005/2008?
Short answer: .NET 1.x is no longer supported. They're not going to help people write for an unsupported framework. There are many "fixes" in .NET 2.0 and greater that aren't in .NET 1.x, I can't think of a compelling technical reason to want to work in .NET 1.1. Not all newer versions of .NET "include" older versions.

Categories : Dotnet

EF and datetime in SQL Server 2005
PrimitiveType 'Time' Are you sure it's not trying to create a datatype of time? 2005 does not have this type. I'm not sure if this is what you're using, but it looks like there is a difference between time and datetime. http://msdn.microsoft.com/en-us/library/ee382832.aspx

Categories : Sql Server

MS SQL Server 2005 and Node.JS
Unfortunately the "official" drivers are Windows only. If you need a cross platform SQL Driver, checkout tedious. There is some work going on to make edge cross platform which would allow you to bridge .NET (or Mono) and Node.JS which would allow you to get much more performant SQL access, but it is not ready yet.

Categories : SQL

SQL Server 2005 FOR XML limitation
I have a feeling you're exceeding the size of data SSMS is allowing to be displayed. Try adjusting the size in SSMS here: Tools -> Options -> Query Results -> SQL Srver -> Results to Grid -> XML data Change 2MB to something larger

Categories : Xml

SQL Server 2005 Varchar less than
Query 2 displays the '090' data beneath the '90' data because that's what you're telling it to do in the ORDER BY aspect. Remember, your SOURCE column is a VARCHAR. It's a string, despite being numbers, and as such will sort according to the rules of strings. Thus, it's looks at the first character for order, rather than to the numerical value. If you want it to sort according to the numerical value which the string represents, then you'll need to cast the SOURCE column to an integer in the ORDER BY statement. And as for why it returns all data, that's because you're comparing the numerical representation of a number to a number. SQL performs an implicit conversion within the where clause to deal with the boolean operator. Now, your reported results for Query 1 are not what I'd expec

Categories : Sql Server

Internet explorer 9 and internet explorer 10's browser mode, are they the same?
Try some sort of emulator: http://www.my-debugbar.com/wiki/IETester/HomePage There are many more, also refer to: how to install multiple versions of IE on the same system?

Categories : Jquery

System.Web.Security.AntiXss.AntiXssEncoder vs Microsoft.Security.Application.AntiXssEncoder
The one in the System.Web.* namespace is a clone of the one in the Microsoft.Security.* namespace, but the System.Web one is slightly tweaked for better performance characteristics. We recommend the System.Web one going forward. If you set the <httpRuntime encoderType> setting as described at http://www.asp.net/aspnet/overview/aspnet-45/whats-new#_Toc318097382, then you can just use the built-in encoding routines like HttpUtility.HtmlEncode, and the implementation will be provided by the Anti-XSS libraries.

Categories : Asp Net

Is it impossible to have both transport level security and message level security in rampart? Why?
I too agree to the point that the specification doesn't say if we can use more than one binding or not (but may be we both have missed it). But you can still use Asymmetric binding for an HTTPS endpoint.

Categories : Java

Connect to SQL Server 2005 with PHP from linux
Have you configured your these files on your Linux server? (These are taken from an Ubuntu 12.04 server) /etc/odbc.ini # Define a connection to the MSSQL server. # The Description can be whatever we want it to be. # The Driver value must match what we have defined in /etc/odbcinst.ini # The Database name must be the name of the database this connection will connect to. # The ServerName is the name we defined in /etc/freetds/freetds.conf # The TDS_Version should match what we defined in /etc/freetds/freetds.conf [mssql] Description = MSSQL Server Driver = freetds Database = MyDatabase ServerName = mssql TDS_Version = 8.0 /etc/odbcinst.ini # Define where to find the driver for the Free TDS connections. [freetds] Descr

Categories : Sql Server

How to add and subtract hours in SQL Server 2005?
You may use the DateAdd function to do this, e.g.Dateadd(hour,2, @yourTime). To display the result, you can use the convert function. The convert function has many format options, so pick the one that suits your needs (I guess '0' would be ok). Example: select convert(varchar, dateadd(hour,2,myTimeColumn),0) as PlusTwoHours from myTable. Hint: Avoid formatting in SQL. I would suggest removing the convert part and do the formatting in your application (report engine, excel or whatever).

Categories : SQL

Character length SQL Server 2005
If you change the else part of the case statements to return the length you'll get the value you're looking for like so: SELECT cc_units_of_measure.description AS UOM_Description , CASE WHEN LEN(cc_units_of_measure.description) < 20 THEN 'OK' ELSE LEN(cc_units_of_measure.description) END AS Results_UOM_description , cc_units_of_measure.company_abbreviation AS UOM_Company_Abbreviation , CASE WHEN LEN(cc_units_of_measure.company_abbreviation) < 20 THEN 'OK' ELSE LEN(cc_units_of_measure.company_abbreviation) END AS Results_UOM_company_abbreviation , cc_frequencies.description AS Freq_Description , CASE WHEN LEN(cc_frequencies.description) < 30 THEN 'OK' ELSE LEN(cc_frequencies.description

Categories : Sql Server

Multiple row totals in SSRS 2005
Yes, you can use conditional summation: SELECT OGL.PACostCenter, vpt.LL6, sum((vpt.timeinseconds*1.0)/3600) [Hours], sum(case when vpt.PAYCODENAME in ('519-H-Overtime 1.0', '519-H-Holiday OT 1.5', '519-H-Overtime 1.5', '519-H-Overtime 2.0' ) then (vpt.timeinseconds*1.0)/3600 else 0 end) as OvertimeHours, sum(case when vpt.PAYCODENAME in ('519-H-Regular') then (vpt.timeinseconds*1.0)/3600 else 0 end) as RegularHours, FROM totals as vpt INNER JOIN OracleLookup OGL on vpt.LL6 = OGL.OracleCostCenter COLLATE SQL_Latin1_General_CP1_CI_AI WHERE vpt.DATE BETWEEN @StartDate AND @EndDate AND vpt.PAYCODENAME in ('519-H-Ov

Categories : SQL

Sum of group items SSRS 2005
The approach described at http://www.sqljason.com/2010/07/aggregate-of-aggregate-function-in-ssrs.html should work for 2005. The trick is to write some custom code that keeps track of the running total as a variable, and then call that code once per group to add to the total. Calling the code can be done by placing a reference within a cell to the code, such as in that article =Code.AddTotal(Avg(Fields!Order_Count.Value)

Categories : Sql Server

Flag records in SQL Server 2005
You can update the CTE directly; you're trying to make the subsequent query far too complicated: ;WITH cte as -- don't call this a column name. Confusing. ( Select acct_id,Row_Number() Over (Partition By Segment_Code Order By NewID()) as RowNumber From Table_tr WHERE LiveSam is NULL and acct_id IS NOT NULL and seedrecordindicator is null and HasMtg_Flag = '1' ) UPDATE cte Set LiveSam = 'Y' Where RowNumber = 1; I think this is what you need based on your query, but if you want people to follow your word problem accurately, please show some sample data before the update and the desired results after. I have no idea how you would ever expect to update rows where Mtg_Flag = 0 when you've eliminated those in the first place...

Categories : Sql Server



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.