Tag Archive for 'security'

System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

One of my applications was supposed to use image having its URL. The Image was instantiated with the stream the server that stored the image file responded with after being requested as below:

// create a request for image
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(IMAGE_URL);
request.Method = "GET";
request.ContentType = "multipart/form-data";
request.UserAgent = "Mozilla/4.0+(compatible;+MSIE+5.01;+Windows+NT+5.0";
request.Proxy.Credentials = CredentialCache.DefaultCredentials;
request.Credentials = CredentialCache.DefaultCredentials;

// get response from the server
HttpWebResponse response = (HttpWebResponse)request.GetResponse();
Stream resStream = response.GetResponseStream();

// create image from stream
Image image = Image.FromStream(resStream);

It worked like a charm when TCP port was used (regular, non-decure connection) but whenever the image was available at a URL that was secured (https://xxx.xx) I was getting the following stack trace:

Continue reading ‘System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.’

NVelocity and XSS

NVelocity is a view engine for MonoRail. It’s quite handy and it’s not difficult to deliver such views.

One of the flows I can name can be the security issues. By default there’s not much support for security. For instance it’s possible to perform XSS (Cross-site scripting) attacks by providing XHTML or JavaScript code.

I spent some time googleing for existing solutions for that MAJOR issue but I failed to find anything interesting. The most usefult information I’ve found was the article called Cross Site Scripting and letting the framework deal with it. Accordint to its author, Oren Eini, some support for HTML encoding has been implemented for Brail, which is another MonoRail view engine. But… I’m interested in NVelocity, not Brail!

Should you discover anything interesting on that topic, please post a link as a comment for this post. I’d be grateful icon smile NVelocity and XSS

 NVelocity and XSS

Windows 2003: problem with running exe files

Today I couldn’t install some tool on Windows 2003 SE despite being assigned to the Admisnitrators group. Whenever I tried I get the following message:

Windows cannot access the specified device, path, or file. You may not have the appropraiate permissions to access the item.

If you face such problem, first of all check what permissions you have. To do that, right click on My Computer and choose Manage; then System Tools\Local Users and Groups\Groups; double click Administrators on the right part of the window and check if you are on the list of users with that persmissions.

As I said, I was the Admisnitrator of that machine so that was really strange. So I righ clicked the exe file I needed to run and chose Properties. In the Security tab I found out I have the appropriate rights on that file. I went to General tab of that window; at the bottom, in Security section there was the infromation:

This file came from another computer and might be blocked to help protect this computer.

That was it! You just need to click Unblock button which is next to the above information.

FYI: The whole security section is only visible for ‘unsecure’ files. Once you enable a file’s execution and click OK, you will no longer see it.