Search Results

Search found 43347 results on 1734 pages for 'php security'.

Page 134/1734 | < Previous Page | 130 131 132 133 134 135 136 137 138 139 140 141  | Next Page >

• How can I add color highlighting for PHP functions?

  - by Jeff Gortmaker

  I've recently begun using Notepad++, and have found a part of its styling functionality that confuses me. I'm currently attempting to color all of PHP's defined functions (such as count(), strlen(), etc.). In the Settings-Style Configurator, you cannot add a new style for such a function list. Instead, I have begun editing the stylers.xml and langs.xml. To add the new coloring, in langs.xml, I've modified the php section to the following: <Language name="php" ext="php php3 phtml" commentLine="//" commentStart="/*" commentEnd="*/"> <Keywords name="instre1">[default keywords]</Keywords> <Keywords name="instre2">[my function list]</Keywords> </Language> The [default keywords] and [my function list] are replaced with wordlists. I've also edited the php section in stylers.xml to look like the following: <LexerType name="php" desc="php" ext=""> <WordsStyle name="QUESTION MARK" styleID="18" fgColor="FF0000" bgColor="FDF8E3" fontName="" fontStyle="0" fontSize="" /> <WordsStyle name="DEFAULT" styleID="118" fgColor="000000" bgColor="FEFCF5" fontName="" fontStyle="0" fontSize="" /> <WordsStyle name="STRING" styleID="119" fgColor="FF0000" bgColor="FEFCF5" fontName="" fontStyle="0" fontSize="" /> <WordsStyle name="STRING VARIABLE" styleID="126" fgColor="FF0000" bgColor="FEFCF5" fontName="" fontStyle="1" fontSize="" /> <WordsStyle name="SIMPLESTRING" styleID="120" fgColor="FF0000" bgColor="FEFCF5" fontName="" fontStyle="0" fontSize="" /> <WordsStyle name="WORD" styleID="121" fgColor="008040" bgColor="FEFCF5" fontName="" fontStyle="1" fontSize="" keywordClass="instre1">True False</WordsStyle> <WordsStyle name="NUMBER" styleID="122" fgColor="FF0000" bgColor="FEFCF5" fontName="" fontStyle="0" fontSize="" /> <WordsStyle name="VARIABLE" styleID="123" fgColor="0080FF" bgColor="FEFCF5" fontName="" fontStyle="0" fontSize="" /> <WordsStyle name="COMMENT" styleID="124" fgColor="FF8040" bgColor="FEFCF5" fontName="" fontStyle="0" fontSize="" /> <WordsStyle name="COMMENTLINE" styleID="125" fgColor="FF8040" bgColor="FEFCF5" fontName="" fontStyle="0" fontSize="" /> <WordsStyle name="OPERATOR" styleID="127" fgColor="8000FF" bgColor="FEFCF5" fontName="" fontStyle="0" fontSize="" /> <WordsStyle name="FUNCTIONS" styleID="128" fgColor="000080" bgColor="FEFCF5" fontName="" fontStyle="1" fontSize="" keywordClass="instre2"></WordsStyle> </LexerType> The changed part is the last "FUNCTIONS" line. When I restart Notepad++ and go into the Settings-Style Configurator section, under the php language, the FUNCTIONS style exists. I can change the style's color, and can see the entire keyword list under 'Default Keywords'. However, it is not changing the coloring of the words in my code. When I edit the WORD style, which contains stuff like 'if', 'and', and 'true', things change accordingly in my code. Any ideas on how to make this work?

  Read the article

• How do I upgrade to PHP 5.4 in CentOS 6.3 with yum?

  - by Vicary

  I found some blog posts about this, but it's rather lack of descriptions on possible side effects. I could really use some detailed on these steps: How to add a repo that provides PHP 5.4 into yum Can this seamlessly replaces the current PHP version in CentOS? How can I switch back to the official repo when it supports PHP 5.4? (current 5.3.3 in my system) Will there be any potential to break PHP modules I currently using?

  Read the article

• [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error.

  - by ryw

  Our ASP/IIS web server talks to a SQL 2005 db server. Eventually, without a pattern, some pages start showing error instead of the page content: [DBNETLIB][ConnectionOpen (SECDoClientHandshake()).]SSL Security error. Rebooting web server resolves it. Anyone know about it?

  Read the article

• Web Security: Worst-Case Situation

  - by Yongho

  I currently have built a system that checks user IP, browser, and a random-string cookie to determine if he is an admin. In the worst case, someone steals my cookie, uses the same browser I do, and masks his IP to appear as mine. Is there another layer of security I should add onto my script to make it more secure?

  Read the article

• MySQL - connection and security

  - by Phil Jackson

  Hi, I was wondering if someone could tell me if there is any potential security breeches that could occur by connecting to a sql database that does not reside at 'localhost' i.e. via ip address? Regards, Phil

  Read the article

• How to set up Mercurial with ssl/security

  - by Sam Lee

  I've been following the hginit.com tutorial on how to use mercurial. Everything is going fine except it uses push_ssl=False. This does not work for my situation because I want pushes (and pulls if possible) to be secure. All the tutorials I've been able to find also use push_ssl=False. Can anyone give me pointers on how to set up ssl/security for Mercurial? Thanks.

  Read the article

• Relative connection string to AzMan XML store when using security application block

  - by David Hall

  Is it possible to specify a relative connection string for an AzMan XML store? My current connection string is connectionString="msxml://c:/azman.xml" but I really need to make that relative so other developers and automated builds can get the latest authorization store. MS documentation seems to suggest that connectionString="msxml://azman.xml" should work but that throws a The request is not supported error. EDIT: I realised that the fact I'm using AzMan through the Enterprise Library Security Application Block was important to the question.

  Read the article

• Error: java.security.AccessControlException: Access denied

  - by RMD

  Hi, I have to connect to a https url with username and password to read a file. I am not able to connect to the server (see the error log below). I do not have much java experience so I need help with this code. I would really appreciate some help to solve this! Thank you. Raquel CODE: import lotus.domino.; import java.net.; import java.io.*; import javax.net.ssl.HttpsURLConnection; public class JavaAgent extends AgentBase { public void NotesMain() { try { String username = "123"; String password = "456"; String input = username + ":" + password; String encoding = new sun.misc.BASE64Encoder().encode (input.getBytes()); //Open the URL and read the text into a Buffer String urlName = "https://server.org/Export.mvc/GetMeetings?modifiedSince=4/9/2010"; URL url = new URL(urlName); HttpsURLConnection connection = (HttpsURLConnection)url.openConnection(); connection.setRequestMethod("POST"); connection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded"); connection.setRequestProperty("Content-Length", String.valueOf (encoding.length())); connection.setUseCaches(false); connection.setDoInput(true); connection.setDoOutput(true); connection.setAllowUserInteraction(true); connection.setRequestProperty("Authorization", "Basic " + encoding); connection.setRequestProperty("Cookie", "LocationCode=Geneva"); connection.connect(); BufferedReader rd = null; try{ rd = new BufferedReader(new InputStreamReader(connection.getInputStream())); } catch (IOException e) { System.out.println("Read failed"); System.exit(-1); } String line; while((line = rd.readLine()) != null) { System.out.println(line.toString()); } rd.close(); connection.disconnect(); } catch(Exception e) { e.printStackTrace(); } } } LOG: java.security.AccessControlException: Access denied (java.lang.RuntimePermission exitVM.-1) at java.security.AccessController.checkPermission(AccessController.java:108) at java.lang.SecurityManager.checkPermission(SecurityManager.java:532) at COM.ibm.JEmpower.applet.AppletSecurity.superDotCheckPermission(AppletSecurity.java:1449) at COM.ibm.JEmpower.applet.AppletSecurity.checkRuntimePermission(AppletSecurity.java:1311) at COM.ibm.JEmpower.applet.AppletSecurity.checkPermission(AppletSecurity.java:1611) at COM.ibm.JEmpower.applet.AppletSecurity.checkPermission(AppletSecurity.java:1464) at java.lang.SecurityManager.checkExit(SecurityManager.java:744) at java.lang.Runtime.exit(Runtime.java:99) at java.lang.System.exit(System.java:275) at JavaAgent.NotesMain(Unknown Source) at lotus.domino.AgentBase.runNotes(Unknown Source) at lotus.domino.NotesThread.run(Unknown Source)

  Read the article

• Configuring security in ASP.NET MVC at runtime

  - by Andrew

  Is it possible to have security in ASP.NET MVC configurable at runtime? For example, if I have a controller that has been marked as [Authorize(Roles="Admin")] Is there a way to add/remove roles at runtime? Or, do you have to change it in code and re-compile?

  Read the article

• Handling form security

  - by Harun Baris Bulut

  So how do you maintain the form security about posting data to different page problem? For instance you have a member and he/she tries to change the personal settings and you redirected member to www.domain.com/member/change/member_id member changed the values and post the data to another page by changing the action with firebug or something else. For instance www.domain.com/member/change/member_id_2 How do you handle this problem without using sessions?

  Read the article

• Which Secure Software Development Practices do you Employ?

  - by Michael Howard-MSFT

  I work on a project known as the Security Development Lifecycle (SDL) project at Microsoft (http://microsoft.com/sdl) - in short it's a set of practices that must be used by product groups before they ship products to help improve security. Over the last couple of years, we have published a great deal of SDL documentation, as customers ask for more information about what we're doing. But what I'd like to know is: 1) What are you doing within your organization to help improve the security of your product? 2) What works? What doesn't work? 3) How did you get management to agree to this work? Thanks.

  Read the article

• How To Save Spring Security Logged In User In Session

  - by Brad Rhoads

  This code get's the currently logged in user, using the Spring Security Plugin (acegi): def principalInfo = authenticateService.principal() def person = null if (principalInfo != "anonymousUser" && principalInfo.username) { person = Person.findByUsername(principalInfo.username) } I would like then do: session.user = person This needs to be done after the user logs in. I can't figure out where to put my code to do this. It seem like it should be some place in the Login Controller, but I can't see where.

  Read the article

• Mobile security solutions

  - by techzen

  What are the mobile security solutions used by you / your organization. What are the pro's and cons of usage of these solution - and how far have you been successful in implementing these - were there any loopholes / issues faced in using them?. In general, can you suggest a set of guidelines to watch for when going for going for selecting a specific solution in this context.

  Read the article

• PHP Form Sending Information to Limbo!

  - by drew

  I was told my client's quote form has not been generating very many emails. I have learned that although the form brings you to a confirmation page, the information never reaches the recipient. I have altered the code so it goes to my office email for testing purposes. If I post code for the form elements below, would someone be able to spot what the problem might be? Thank you very much! Link to the quote page is http://autoglass-plus.com/quote.php First is the form itself: <form id="quoteForm" name="form" action="form/index.php" method="post"> <fieldset> <p> <strong>Contact Information:</strong><br /> </p> <div> <label for="firstname">First Name:<br /> </label> <input type="text" size="30" name="firstname" class="txt" id="firstname" /> </div> <div> <label for="lastname">Last Name:<br /> </label> <input type="text" size="30" name="lastname" class="txt" id="lastname" /> </div> <div> <label for="address">Address:<br /> </label> <input type="text" size="30" name="address" class="txt" id="address" /> </div> <div> <label for="city">City:<br /> </label> <input type="text" size="30" name="city" class="txt" id="city" /> </div> <div> <label for="state">State:<br /> </label> <input type="text" size="30" name="state" class="txt" id="state" /> </div> <div> <label for="zip">Zip:<br /> </label> <input type="text" size="30" name="zip" class="txt" id="zip" /> </div> <div> <label for="label">Phone:<br /> </label> <input type="text" size="30" name="phone" class="txt" id="label" /> </div> <div> <label for="email">Email:<br /> </label> <input type="text" size="30" name="email" class="txt" id="email" /> </div> <p><br /> <b>Insurace Information</b></p> <p><i>Auto Glass Plus in an Approved Insurance Vendor. Insurance claims require additional information that we will request when we contact you for your quote.</i></p> <br /> <div> <input type="checkbox" name="insurance" value="yes" /> Check here if this is an insurance claim.<br /> <label for="year">Insurance Provider:<br /> </label> <input type="text" size="30" name="provider" class="txt" id="provider" /> </div> <p><br /> <b>Vehicle Information:</b><br /> </p> <div> <label for="year">Vehicle Year :<br /> </label> <input type="text" size="30" name="year" class="txt" id="year" /> </div> <div> <label for="make">Make: </label> <br /> <input type="text" size="30" name="make" class="txt" id="make" /> </div> <div> <label for="model">Model:</label> <br /> <input type="text" size="30" name="model" class="txt" id="model" /> </div> <div> <label for="body">Body Type:<br /> </label> <select name="body" id="body"> <option>Select One</option> <option value="2 Door Hatchback">2 Door Hatchback</option> <option value="4 Door Hatchback">4 Door Hatchback</option> <option value="2 Door Sedan">2 Door Sedan</option> <option value="4 Door Sedan">4 Door Sedan</option> <option value="Station Wagon">Station Wagon</option> <option value="Van">Van</option> <option value="Sport Utility">Sport Utility</option> <option value="Pickup Truck">Pickup Truck</option> <option value="Other Truck">Other Truck</option> <option value="Recreational Vehicle">Recreational Vehicle</option> <option value="Other">Other</option> </select> </div> <p><b><br /> Glass in Need of Repair:</b><br /> </p> <div> <input type="checkbox" name="repairs" value="Windshield" /> Windshield<br /> <input type="checkbox" name="repairs" value="Back Glass" /> Back Glass<br /> <input type="checkbox" name="repairs" value="Driver&rsquo;s Side Window" /> Side Window*<br /> <input type="checkbox" name="repairs" value="Chip Repair" /> Chip Repair<br /> <input type="checkbox" name="repairs" value="Other" /> Other </div> <p><strong>*Important:</strong> For side glass, please indicate the specific window that needs replacement <i>(e.g. passenger side rear door or driver side vent glass)</i>, and any tinting color preference in the <strong>Describe Damage </strong> field.</p> <p><br /> <b>Describe Damage</b></p> <div> <textarea rows="6" name="damage" id="damage" cols="37" class="txt"></textarea> </div> <input type="hidden" name="thanks" value="../thanks.php" /> <input type="hidden" name="required_fields" value="firstname, lastname, email, phone" /> <input type="hidden" name="html_template" value="testform.tpl.html" /> <input type="hidden" name="mail_template" value="testmail.tpl.txt" /> <div class="submit"> <center> <input type="submit" value="Submit Form" name="Submit" id="Submit" /> </center> </div> </fieldset> </form> Then it sends to a file named index.php inside the "form" folder: <?php $script_root = './'; $referring_server = 'www.wmsgroup.com, wmsgroup.com, scripts'; $allow_empty_referer = 'yes'; // (yes, no) $language = 'en'; // (see folder 'languages') $ip_banlist = ''; $ip_address_count = '0'; $ip_address_duration = '48'; $show_limit_errors = 'yes'; // (yes, no) $log_messages = 'no'; // (yes, no) $text_wrap = '65'; $show_error_messages = 'yes'; $attachment = 'no'; // (yes, no) $attachment_files = 'jpg, gif,png, zip, txt, pdf, doc, ppt, tif, bmp, mdb, xls, txt'; $attachment_size = 100000; $path['logfile'] = $script_root . 'logfile/logfile.txt'; $path['upload'] = $script_root . 'upload/'; // chmod 777 upload $path['templates'] = $script_root . 'templates/'; $file['default_html'] = 'testform.tpl.html'; $file['default_mail'] = 'testmail.tpl.txt'; /***************************************************** ** Add further words, text, variables and stuff ** that you want to appear in the templates here. ** The values are displayed in the HTML output and ** the e-mail. *****************************************************/ $add_text = array( 'txt_additional' => 'Additional', // {txt_additional} 'txt_more' => 'More' // {txt_more} ); /***************************************************** ** Do not edit below this line - Ende der Einstellungen *****************************************************/ /***************************************************** ** Send safety signal to included files *****************************************************/ define('IN_SCRIPT', 'true'); /***************************************************** ** Load formmail script code *****************************************************/ include($script_root . 'inc/formmail.inc.php') ?> There is also formail.inc.php, testform.tpl.php, testform.tpl.text and then the confirmation page, thanks.php I want to know how these all work together and what the problem could be.

  Read the article

• Grails + Spring Security one field login

  - by Miguel

  Hi all Is it possible, using spring security plugin 0.5.3 with Grails 1.2.1, to authenticate a user using only one field? I mean, for example, making j_username and j_password fields in the authentication form equal previous to the authentication. I read it was possible to define j_username field in Config.groovy with acegi plugin, in older versions of the plugin. Now it uses SecurityConfig.groovy but the possibility of defining the field exists no more. Any ideas?? Thanks a lot, Miguel

  Read the article

• Accessing Spring Security User Details from within Mule Services

  - by user299222

  We're securing Mule services using the Spring Security Framework, and some of the services need to access some information in the UserDetails object. Is there a way to access this object from within a Mule service? Thanks, Dennis

  Read the article

• HTML/JavaScript compation for security.

  - by BCS

  I just ran across this point that references a security vulnerability in Web Apps that depends on looking at the size of encrypted web pages to deduce what the uses is doing. The simplest solution to this I can think of would be to use a tool to minify all static content so that (after encryption) only a small number of result sizes exist so as to minimize the information available to an eavesdropper. Are there any tools for doing this?

  Read the article

• WCF Message Security implementation with custom attributes

  - by parag

  How can i implement message security in WCF with custom attributes, One way of doing this by UserNamePasswordValidator which accepts user name and password but in my case I have to pass 2 more attribute that is company and region to authenticate the user. Please suggest the solution for achieving this.

  Read the article

• Why NOT use POST method here?

  - by Camran

  I have a classifieds website. In the main page (index) I have several form fields which the user may or may not fill in, in order to specify a detailed search of classifieds. Ex: Category: Cars Price from: 3000 Price to: 10000 Color: Red Area: California The forms' action is set to a php page: <form action='query_sql.php' method='post'> In query_sql.php I fetch the variables like this: category=$_POST['category']; etc etc... Then query MySql: $query="SELECT........WHERE category='$category' etc etc.... $results = mysql_query($query); Then I simply display the results of the query to the user by creating a table which is filled in dynamically depending on the results set. However, according to an answer by Col. Shrapnel in my previous Q I shouldn't use POST here: http://stackoverflow.com/questions/3004754/how-to-hide-url-from-users-when-submitting-this-form The reason I use post is simply to hide the "one-page-word-document" long URL in the browsers adress bar. I am very confused, is it okay to use POST or not? It is working fine both when I use GET or POST now... And it is already on a production server... Btw, in the linked question, I wasn't referring to make URL invisible (or hide it) I just wanted it too look better (which I have accomplished with mod_rewrite). UPDATE: If I use GET, then how should I make the url better looking (beautiful)? Check this previous Q out: http://stackoverflow.com/questions/3000524/how-to-make-this-very-long-url-appear-short

  Read the article

• drop down and post data to data base

  - by DAFFODIL

  This is a form which retrieves data from db and displays them in table. At the beginning of each row there will be a check box. If there are 10 rows fetched, I ii check 5 rows and insert them in to diff db but here when, I click drop down box data is getting in to db automatically,bcoz I use onchange event. Any alternative to prevent this to happen. Data should be inserted only when, I click submit button. Any help will be appreciated <?php $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("form1", $con); error_reporting(E_ALL ^ E_NOTICE); $nam=$_REQUEST['select1']; $row=mysql_query("select * from inv where name='$nam'"); while($row1=mysql_fetch_array($row)) { $Name=$row1['Name']; $Address =$row1['Address']; $City=$row1['City']; $Pincode=$row1['Pincode']; $No=$row1['No']; $Date=$row1['Date']; $DCNo=$row1['DCNo']; $DcDate=$row1['DcDate']; $YourOrderNo=$row1['YourOrderNo']; $OrderDate=$row1['OrderDate']; $VendorCode=$row1['VendorCode']; $SNo=$row1['SNo']; $descofgoods=$row1['descofgoods']; $Qty=$row1['Qty']; $Rate=$row1['Rate']; $Amount=$row1['Amount']; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Untitled Document</title> <script type="text/javascript"> function ram(id) { var q=document.getElementById('qty_'+id).value; var r=document.getElementById('rate_'+id).value; document.getElementById('amt_'+id).value=q*r; } </script> </head> <body> <form id="form1" name="form1" method="post" action=""> <table width="1315" border="0"> <script type="text/javascript"> function g() { form1.submit(); } </script> <tr> <th>Name</th> <th align="left"><select name="select1" onchange="g();"> <option value="" selected="selected">select</option> <?php $row=mysql_query("select Name from inv "); while($row1=mysql_fetch_array($row)) { ?> <option value="<?php echo $row1['Name'];?>"><?php echo $row1['Name'];?></option> <?php } ?> </select></th> </tr> <tr> <th>Address</th> <th align="left"><textarea name="Address"><?php echo $Address;?></textarea></th> </tr> <tr> <th>City</th> <th align="left"><input type="text" name="City" value='<?php echo $City;?>' /></th> </tr> <tr> <th>Pincode</th> <th align="left"><input type="text" name="Pincode" value='<?php echo $Pincode;?>'></th> </tr> <tr> <th>No</th> <th align="left"><input type="text" name="No2" value='<?php echo $No;?>' readonly="" /></th> </tr> <tr> <th>Date</th> <th align="left"><input type="text" name="Date" value='<?php echo $Date;?>' /></th> </tr> <tr> <th>DCNo</th> <th align="left"><input type="text" name="DCNo" value='<?php echo $DCNo;?>' readonly="" /></th> </tr> <tr> <th>DcDate:</th> <th align="left"><input type="text" name="DcDate" value='<?php echo $DcDate;?>' /></th> </tr> <tr> <th>YourOrderNo</th> <th align="left"><input type="text" name="YourOrderNo" value='<?php echo $YourOrderNo;?>' readonly="" /></th> </tr> <tr> <th>OrderDate</th> <th align="left"><input type="text" name="OrderDate" value='<?php echo $OrderDate;?>' /></th> </tr> <tr> <th width="80">VendorCode</th> <th width="1225" align="left"><input type="text" name="VendorCode" value='<?php echo $VendorCode;?>' readonly="" /></th> </tr> </table> <table width="1313" border="0"> <tr> <td width="44">&nbsp;</td> <td width="71">SNO</td> <td width="527">DESCRIPTION</td> <td width="214">QUANTITY</td> <td width="214">RATE/UNIT</td> <td width="217">AMOUNT</td> </tr> <?php $i=1; $row=mysql_query("select * from inv where Name='$nam'"); while($row1=mysql_fetch_array($row)) { $SNo=$row1['SNo']; $descofgoods=$row1['descofgoods']; $Qty=$row1['Qty']; $Rate=$row1['Rate']; $Amount=$row1['Amount']; ?> <tr> <td><input type="checkbox" name="checkbox" value="checkbox" checked="checked"/></td> <td><input type="text" name="No[<?php echo $i?>]" value='<?php echo $SNo;?>' readonly=""/></td> <td><input type="text" name="descofgoods[<?php echo $i?>]" value='<?php echo $descofgoods;?>' /></td> <td><input type="text" name="qty[<?php echo $i?>]" maxlength="50000000" id="qty_<?PHP echo($i) ?>"/></td> <td><input type="text" name="Rate[<?php echo $i?>]" value='<?php echo $Rate;?>' id="rate_<?PHP echo($i) ?>" onclick="ram('<?PHP echo($i) ?>')";></td> <td><input type="text" name="Amount[<?php echo $i?>]" id="amt_<?PHP echo($i) ?>"/></td> </tr> <?php $i++;} ?> <tr> <td><input type="submit" value="submit" header("location:values to be brought for print page.php");/></td> </tr> </table> <label></label> </form> </body> </html> <?php /*error_reporting(E_ALL ^ E_NOTICE); $con = mysql_connect("localhost","root",""); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("form1", $con); /*if(checked=checkbox) { mysql_query="INSERT INTO invo (Name, Address, City, Pincode, No, Date, DCNo, DcDate, YourOrderNo, OrderDate, VendorCode, SNo, descofgoods, Qty, Rate, Amount) VALUES ('$_POST[Name]','$_POST[Address]','$_POST[City]','$_POST[Pincode]','$_POST[No]','$_POST[Date]','$_POST[DCNo]','$_POST[DcDate]','$_POST[YourOrderNo]','$_POST[OrderDate]','$_POST[VendorCode]','$_POST[SNo]','$_POST[descofgoods]','$_POST[qty]','$_POST[Rate]','$_POST[Amount]')"; } else { header("location:values to be brought for print page.php"); }*/ header("ins.php"); ?>

  Read the article

• What are the weaknesses of this user authentication method?

  - by byronh

  I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

  Read the article

• Still don't understand file upload-folder permissions

  - by Camran

  I have checked out articles and tutorials. I don't know what to do about the security of my picture upload-folder. It is pictures for classifieds which should be uploaded to the folder. This is what I want: Anybody may upload images to the folder. The images will be moved to another folder, by another php-code later on (automatic). Only I may manually remove them, as well as another php file on the server which automatically empties the folder after x-days. What should I do here? The images are uploaded via a php-upload script. This script checks to see if the extension of the file is actually a valid image-file. When I try this: chmod 755 images the images wont be uploaded. But like this it works: chmod 777 images But 777 is a security risk right? Please give me detailed information... The Q is, what to do to solve this problem, not info about what permissions there are etc etc... Thanks If you need more info let me know...

  Read the article

• Spring Security User

  - by DD

  What is best practise in Spring when creating a new user with custom attributes...to extend org.springframework.security.core.userdetails.User or to create the User in the UserDetailsService (this is the approach taken in the IceFaces tutorial). public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { AppUser user = userDAO.findUser(username); if (user == null) throw new UsernameNotFoundException("User not found: " + username); else { return makeUser(user); } } private User makeUser(AppUser user) { return new User(user.getLogin(), user .getPassword(), true, true, true, true, makeGrantedAuthorities(user)); }

  Read the article

• Security concerns when bridging programming languages.

  - by The Rook

  What security concerns are there when you create a hybrid of languages? For instance using python and java code together with jython, or creating a python module from a C++ library. There are other ways of mixing 2 or more languages. Do you know of an example where this creates a vulnerability?

  Read the article

• Security Suggestions

  - by Kumar

  I am currently working on an ASP.NET 3.5 and C# web application which deals with users secure information like credit card numbers. What are some of the security measures which I need to take from an application development stand point so that I can sleep peacefully at night :)

  Read the article

< Previous Page | 130 131 132 133 134 135 136 137 138 139 140 141  | Next Page >