Hi Guys, I am sending an AJAX request using POST over X-Domain for a widget we are producing for our website. The problem we are facing is that this is getting blocked. My question is - for "modern browsers" [Chrome, Safari, FF, IE8] - it is my understanding that setting "Access-Control" headers Access-Control-Allow-Origin: http://www...
Hi everyone, I am working with jsp/servlet project and i have to complete the module of access management to my jsps since I have more than one user with different profile. I defined a table in my database wich resume the profil and the url permitted like that: id_profil :1 url : http://localhost/...xyz.jsp id page 1 Now I am trying ...
On a website I am building I need to allow users to edit their orders. Easy enough. But how do I ensure that a user cannot edit other users' orders? Do I perform checks in the model or in the controller to verify that the order belongs to the authenticated user? ...
I am interesting in using a Discretionary Access Control List with Membership provided by .Net Security. Are there any implementations of this that exist in .Net or open source? Is there a way to use .Net security as a DACL? Does a custom solution have to be built? Thanks. ...
Hello All, I must admit that I have been a manual tester and have just begun swimming through java (for selenium tool) I got to know that protected members of a class would be accessible in derived class. Despite this I created instance of base class in derived class and tried to access protected members (I agree that it sounds foolish...
I'm working on a project that requires one user to have many, say, posts. But, each user can only access his or her own posts. How can I accomplish this type of behavior with CakePHP's ACL component? Currently, it seems that Cake's ACL is focused on actions and controllers rather than objects. Any ideas (even switching to a different f...
Matthieu M. brought up a pattern for access-protection in this answer that i'd seen before, but never conciously considered a pattern: class SomeKey { friend class Foo; SomeKey() {} // possibly make it non-copyable too }; class Bar { public: void protectedMethod(SomeKey); }; Here only a friend of the key class has a...
I'm designing a hypermedia API, yes, a RESTful API, with the hypertext constraint. Each user of the system will access the system using their own credentials, so every request we process is authenticated and authorized. Each user will typically have specific credentials so that they may have different permissione (e.g. none, read, read...
Hi folks, I'm trying to work out the best way to assemble the navigation menu of my admin application dynamically, based on the result of going through each of the objects on each of the pages, such that only pages with objects that are available to the user are displayed in the menu! As a simple example, say I have two user types; SEC...
I'm currently working on an access control program in C# and I've come across the problem of blocking windows. The original idea I've come up with is rendering a plain black form over the position given by the IntPtr window handle of the process. The problem within that is updating the form's position smoothly and z-index of the position...
In real-world enterprise web applications for enterprise businesses, we always need to limit the access to the data by the user's unit and role. Consider that we have an enterprise company with many shopping stores in a country. So the company has headquarter which has view access to all invoices and statistics for all branches. ...
Hi. Did you now some class for pylons to controll access for each view? Thanks, for the info! :) ...
This is a tricky question, we've been talking about this for a while (days) and haven't found a convincingly good solution. This is the situation: We have users and groups. A user can belong to many groups (many to many relation) There are certain parts of the site that need access control, but: There are certain ROWS of certain tables...
Any better way to prevent stop top level directory creation by users may be while on push or direct file creation Thanks in Advance Dhandu ...
Let's say I have these kind of requirements: User A in Role AA needs to be able to update all entities of type A1. User B in Role BB needs to be able to update only the entities of type A1 with the primary identifier of "2", which I'll call A1("2"), and can not update any other entities of type A1, but can add or delete any number of c...
I have mp3 files on my server that I want to be accessed via a flash player on my site. Is it possible to use http_refer to do this as suggested by a close colleage? Based on my research, I kept coming across the code below but that blocks everything including my flash player. How do I only allow my flash player to access the files wit...
Hi, imagine something like this: import class B.*; interface A supports A.testSum { int sum( int a , int b ) access from B.calculator; testSum() { Assert(sum(1,1)==2); } ........ class B ... { void calculator() { A.sum(3,5); //ok } void someOtherMethod() { A.sum(0,3); //compile error } the idea of the "supports" is s...
I run the technical side of a discussion forum, which is plagued by a troll (a single physical person, as far as I can tell). It seems that the community has exhausted all means of communication (it is, beyond reasonable doubt, a net.troll, not a clueless user), including face-to-face. I may need to block that person from visiting the s...
Below is my VHost (which is slightly modified to obscure some URLS): 1 NameVirtualHost 192.168.1.49:80 2 3 <VirtualHost 192.168.1.49:80> 4 ServerName internal-name.local 5 ServerAlias *.internal-name.local external-domain.co.uk *.external-domain.co.uk 6 7 <Directory "/var/www/html"> 8 AllowOverride All 9 10...
I have used the following rule to allow our static domain to host fonts, but I've run into a problem font's not being used by the browser (firefox, safari) when the browser cache is enabled. <Directory "/site/http/web/assets/fonts"> <FilesMatch "\.(eot|otf|woff|ttf)$"> SetEnvIf Origin "^http://(.*)?main-domain.co...