Search Results

Search found 5998 results on 240 pages for 'rise against'.

Page 138/240 | < Previous Page | 134 135 136 137 138 139 140 141 142 143 144 145  | Next Page >

• What XSS/CSRF attacks (if any) to be aware of when allowing video embeds?

  - by fireeyedboy

  I've been assigned a project for a website where users will be allowed to upload video's (using a YouTube API) but more importantly (for me) they will also be allowed to submit video embed codes (from numerous video sites, YouTube, Vimeo, etc. etc.). Having no experience with allowing users to embed video: How can I best protect against cross site scripting and/or cross site request forgery attacks specifically for video embedding? What are some of the common pitfalls to watch for? At a minumum I would think to strip all tags except <object> and <embed>. But I have a feeling this will not be enough, will it? If it is of importance, the environment will be: PHP/Zend Framework MySQL Bonuspoints: Is there a common minimum golden rule/code template for video embed codes that are valid across all video sites that I could use to filter the input?

  Read the article

• Can I embed video on external sites while still using tokens to protect the content?

  - by JKS

  On our own website, it's easy to protect against direct links to our video content by grabbing a token through AJAX and verifying the token through PHP before the file download is started. However I'm also researching how I could provide an embed feature, like YouTube or vimeo etc., without compromising this security feature. The problem is that the embed code I want to provide should look something like <object>...<embed>...</embed></object> -- but I don't know how to grab and append the token to the filename. I mean, I guess I could attach a script that did some gnarly JNOP business, but that's too dirty. I'm using JW Player for the actual video container. Huge thanks to anyone who can help...

  Read the article

• Testing a (big) collection retrieved from a db

  - by Bas

  I'm currently doing integration testing on a live database and I have the following sql statement: var date = DateTime.Parse("01-01-2010 20:30:00"); var result = datacontext.Repository<IObject>().Where(r => r.DateTime > date).First(); Assert.IsFalse(result.Finished); I need to test if the results retrieved from the statement, where the given date is less then the date of the object, have Finished set to False. I do not know how many results I get back and currently I'm getting the first object of the list and check if that object has Finished set to false. I know testing only the first item of the list is not valid testing, as a solution for that I could iterate through the list and check all items on Finished, but putting logic in a Test is kinda going against the concept of writing 'good' tests. So my question is: Does anyone have a good solution of how to properly test the results of this list?

  Read the article

• regex pattern to match only strings that don't contain spaces PHP

  - by Jamex

  Hi, I want to match the word/pattern that is contained in the variable, but only match against the words that don't have white spaces. Please give suggestions. $var = 'look'; $array = ('look', 'greatlook', 'lookgreat', 'look great', 'badlook', 'look bad', 'look ', ' look'); matches words: look, greatlook, lookgreat, badlook non matches: look great, bad look, look (trailing space(s)), (space(s)) look. The syntax of the below functions are OK, but it matches everything $match = preg_grep ("/$var/", $array); $match = preg_grep ("/^$var/", $array); (match words with 'look' at the start) but when I include the [^\s], it gives an error $match = preg_grep ("/$var[^\s]/", $array); Parse error: syntax error, unexpected '^', expecting T_STRING or T_VARIABLE TIA

  Read the article

• SQL Filter Multiple Tables Data

  - by Brad

  If it matters, I'm using Firebird 2.1 database. I have three tables, one with keywords, one with negative keywords, and the other with required keywords. I need to be able to filter the data so the output has just the keywords that meat the stipulation of not being in the negative keyword list, and IF there are any required words, then it will require the results to have those keywords in the end result. The tables are very similar, the field in the tables that I would be matching against are all called keyword. I don't know SQL very well at all. I'm guessing it would be something like SELECT keyword from keywordstable where keyword in requiredkeywordstable and where NOT in negativekeywordstable Just a side note, The required keywords table could be empty which would mean there are no required keywords. Any help would be appreciated. -Brad

  Read the article

• Is it okay to truncate a SHA256 hash to 128 bits?

  - by Sunny Hirai

  MD5 and SHA-1 hashes have weaknesses against collision attacks. SHA256 does not but it outputs 256 bits. Can I safely take the first or last 128 bits and use that as the hash? I know it will be weaker (because it has less bits) but otherwise will it work? Basically I want to use this to uniquely identify files in a file system that might one day contain a trillion files. I'm aware of the birthday problem and a 128 bit hash should yield about a 1 in a trillion chance on a trillion files that there would be two different files with the same hash. I can live with those odds. What I can't live with is if somebody could easily, deliberately, insert a new file with the same hash and the same beginning characters of the file. I believe in MD5 and SHA1 this is possible.

  Read the article

• precise geolocalization via IP

  - by meo

  I tied the iPad the other day, and was amazed about the precision of the geolocalization by ip. Actually there is this action against hunger in the world that shows you very precisely where the persons are located that have took part to this petition: http://www.1billionhungry.org/meodai/impact/ I would like to integrate that in one of my projects. I took a look at the source but i could not figure out how they did it. Can someone help me out? is there a web service for that? Is the google map api doing this or are they using an other service? PS: Its not just the country/region of your IP/ISP IP that the service gives back, its a pretty precise positioning.

  Read the article

• An appropriate C API for inspecting attribute values

  - by uk82

  There are two obvious ways in C to provide outside access to internal attribute values (A) provide a generic interface that accepts a list of attributes that changes over time (some added / some die) or (B) a specific interface for each and every attribute. Example A: int x_get_attribute_value(ATT att) { if (a) return a_val; if (b) return b_val; } Example B: A_Enum x_get_a_type_attribute() {} B_Enum x_get_b_type_attribute() {} I recall that Eclipse's API is very much like A (I could be wrong). What I can't do is come up with a compelling argument against either. A is clean - any user will no where to go to find out a property value. It can evolve cleanly without leaving dead interfaces around. B has type checking to a degree - this is C enums! Is there a big hitter argument that pushes the balance away from opinion?

  Read the article

• Is re-using a Command and Connection object in ado.net a legitimate way of reducing new object creat

  - by Neil Trodden

  The current way our application is written, involves creating a new connection and command object in every method that access our sqlite db. Considering we need it to run on a WM5 device, that is leading to hideous performance. Our plan is to use just one connection object per-thread but it's also occurred to us to use one global command object per-thread too. The benefit of this is it reduces the overhead on the garbage collector created by instantiating objects all over the place. I can't find any advice against doing this but wondered if anyone can answer definitively if this is a good or bad thing to do, and why?

  Read the article

• Call function in query in Entity framework 3.5

  - by Ashwani K

  Hello All: I am trying to run following query in entity framework 3.5 var test = from e in customers where IsValid(e) select e; Here IsValid function takes current customer and validate against some conditions and returns false or true. But when I am trying to run the query it is giving error "LINQ Method cannot be translated into a store expression." Can any body tell me any other approach? One approach I can think of is to write all validation conditions here, but that will make the code difficult to read. Thanks Ashwani

  Read the article

• Does CAS Support Application Level Impersonation?

  - by Rob Wilkerson

  I have a PHP application that is successfully authenticating against a CAS server. One of the features supported by the application is impersonation; a user with the appropriate privileges can impersonate another of the application. Generally, this isn't a problem because the app itself can keep track of who the user is impersonating and manage privileges (which are based on username). A new requirement has come up, though, that requires the original app to include, via an iframe, content from a second PHP app that is also CAS-enabled. Somehow, I need for the second app to know whether impersonation is happening in the first. I don't want to pass usernames around for security reasons, so I'm wondering whether I can offload the responsibility for handling impersonation to the CAS server which is shared by both apps. Thanks.

  Read the article

• Is there a security issue with using javascript to manipulate cookies?

  - by Scarface

  Hey guys, another quick question for the experts. I have an alert box that displays updates processed in php to the user just like this site. I want to make it so that if the user closes the box, then it will not pop up for another 5 minutes (unless they check the messages then it will not pop up because the entries that cause the pop up are deleted in the database). On the close of the box I was thinking of giving the user a javascript cookie, since the alert box is done in javascript. I was wondering if this was a bad coding practice, since I am kind of unfamiliar with cookies and was warned against them before. If anyone has any advice or can recommend a better way, I would really appreciate it.

  Read the article

• Calculating terrain height in 3d-space

  - by Jonas B

  Hi I'm diving into 3d programming a bit and am currently learning by writing a procedural terrain generator that generates terrain based on a heightmap. I would also want to implement some physics and my first attempt at terrain collision was by simply checking the current position vs the heightmap. This however wont work well against small objects as you'd have to calculate the height by taking the heightdifference of the nearest vertices of the object and doing this every colision check is pretty slow. Beleive me I tried googling for it but there's simply so much crap and millions of blogs posting ripped-of newbie tutorials everywhere with basically no real information on the subject, I can't find anything that explains it or even names any generally used techniques. I'm not asking for code or a complete solution, but if anyone knows a particular technique good for calculating a high-res heightmap out of the already generated and smoothed terrain I would be very happy as I could look into it further when I know what I'm looking for. Thanks

  Read the article

• how to modify a json array with jQuery

  - by Emin

  I have the following json array of objects in my code var groups = [ { "gid": 28, "name": "Group 1", "ishidden": false, "isprivate": false }, { "gid": 16, "name": "Group 2", "ishidden": true, "isprivate": false }, { "gid": 31, "name": "Group 3", "ishidden": true, "isprivate": false }, { "gid": 11, "name": "Group 4", "ishidden": false, "isprivate": false }, { "gid": 23, "name": "Group 5", "ishidden": false, "isprivate": false } ]; I can access or iterate through this with no problm using jQuery. However a situation arose where I need to change a value of one of the items (e.g. change the ishidden property to true for gid: 28) and then run some other jQuery function against it. Is this possible? or do I have to re-build the whole object ? If possible, how can I achieve this? any help would be appreciated!

  Read the article

• How to optimize an SQL query with many thousands of WHERE clauses

  - by bugaboo

  I have a series of queries against a very mega large database, and I have hundreds-of-thousands of ORs in WHERE clauses. What is the best and easiest way to optimize such SQL queries? I found some articles about creating temporary tables and using joins, but I am unsure. I'm new to serious SQL, and have been cutting and pasting results from one into the next. SELECT doc_id, language, author, title FROM doc_text WHERE language='fr' OR language='es' SELECT doc_id, ref_id FROM doc_ref WHERE doc_id=1234567 OR doc_id=1234570 OR doc_id=1234572 OR doc_id=1234596 OR OR OR ... SELECT ref_id, location_id FROM ref_master WHERE ref_id=098765 OR ref_id=987654 OR ref_id=876543 OR OR OR ... SELECT location_id, location_display_name FROM location SELECT doc_id, index_code, FROM doc_index WHERE doc_id=1234567 OR doc_id=1234570 OR doc_id=1234572 OR doc_id=1234596 OR OR OR x100,000 These unoptimized query can take over 24 hours each. Cheers.

  Read the article

• How do you validate a URL with a regular expression in Python?

  - by Zachary Spencer

  I'm building a Google App Engine app, and I have a class to represent an RSS Feed. I have a method called setUrl which is part of the feed class. It accepts a url as an input. I'm trying to use the re python module to validate off of the RFC 3986 Reg-ex (http://www.ietf.org/rfc/rfc3986.txt) Below is a snipped which should work, right? I'm incredibly new to Python and have been beating my head against this for the past 3 days. p = re.compile('^(([^:/?#]+):)?(//([^/?#]*))?([^?#]*)(\?([^#]*))?(#(.*))?') m = p.match(url) if m: self.url = url return url

  Read the article

• Export products and variants from SQL Server

  - by mickyjtwin

  I have a SQL Server DB that has a table of products, and another table which contains a list of the sku variants of each product if it has one. I want to export all the products and their SKU's into excel. At the moment, I have a helper SQL function which performs the subquery against a product_id and concatenates all the SKU's into a comma-delimited string, e.g: Product Code, Name, SKUs 111 P1 77, 22, 11 Is there an easier way to do this, so that each SKU is a row which the associated product code as well, i.e: Product Code, Name, SKUs 111 P1 77 111 P1 22 111 P1 11

  Read the article

• Get ANSI-colored output from external command

  - by German Rumm

  I am writing a small script for watchr that runs my PHP unit tests. Current script runs tests using system() and displays them colored. I am trying to add libnotify functionality, but for that I need to parse the output and match against regexp, so that notification will either display green or red. system() doesn't return output, %x does return, but puts p doesn't display colors, which I need to quickly see which test failed. One option would be to run tests twice - once for display in terminal window, and second time for checking which notification to show, but I would rather avoid it.

  Read the article

• Connect 4 with neural network: evaluation of draft + further steps

  - by user89818

  I would like to build a Connect 4 engine which works using an artificial neural network - just because I'm fascinated by ANNs. I'be created the following draft of the ANN structure. Would it work? And are these connections right (even the cross ones)? Could you help me to draft up an UML class diagram for this ANN? I want to give the board representation to the ANN as its input. And the output should be the move to chose. The learning should later be done using backpropagation and the sigmoid function should be applied. The engine will play against human players. And depending on the result of the game, the weights should be adjusted then.

  Read the article

• fluent nhibernate not caching queries in asp.net mvc

  - by AWC

  I'm using a fluent nhibernate with asp.net mvc and I not seeing anything been cached when making queries against the database. I'm not currently using an L2 cache implementation. Should I see queries being cached without configuring an out of process L2 cache? Mapping are like this: Table("ApplicationCategories"); Not.LazyLoad(); Cache.ReadWrite().IncludeAll(); Id(x => x.Id); Map(x => x.Name).Not.Nullable(); Map(x => x.Description).Nullable(); Example Criteria: return session .CreateCriteria<ApplicationCategory>() .Add(Restrictions.Eq("Name", _name)) .SetCacheable(true); Everytime I make a request for an application cateogry by name it is hitting the database is this expected behaviour?

  Read the article

• ASP.Net Roles: Page-Level Security Question

  - by jlrolin

  We're currently in the process of re-creating a brand new security model that dwarfs our existing process. Right now, we plan on grabbing a user's roles during the login process and then using a Base Page class to check if the user has the role of the corresponding page the user is navigating to. We can limit the menu's options by the user's roles as well, but we have had problems with users navigating to pages in our system by typing them in or having old bookmarks. Obviously, we need some sort of page level access. A simple function in our Base Page class that checks the role in the Arraylist against the page's assigned role would work, but I was wondering if there was any built-in functionality to support this or a cleaner solution possibly.

  Read the article

• How to wrap Plone authentication around a third-party servlet?

  - by smocking

  We're using Plone to serve up some third-party middle-ware. Unfortunately the middle-ware has a particular servlet that gets invoked from a Java applet and doesn't do any kind of authentication. I would like to firewall this off and somehow wrap authentication around it, preferably using the existing session that users will have on Plone. My first idea was to configure nginx (which we're using as the reverse proxy) to check the cookie and only proxy if the user has a valid session (along the lines of this example). However, how to check the session ID against Plone, since it's all stored in the Zope database? Alternatively we could have a Plone python script that basically passes everything along to the back-end after authenticating, but I'm not sure how to do that. Any suggestions? Or alternative ideas?

  Read the article

• How do I digitally sign an HTTPS request in .net?

  - by Endy Tjahjono

  Is there a built in procedure to digitally sign an HTTPS request with client's SSL private key in .net? Also, is there a built in procedure to verify the digital signature against an SSL certificate? Or do I have to roll my own? Or is there a third party library? I need the request to be digitally signed because the client manipulates money, so I want to be sure that the request really comes from the client and that nobody tampers with the content of the request. I'm also considering using SSL client certificate, but it can only provide confidentiality and authentication, but not data integrity.

  Read the article

• How do I implement a Google Latitude check-in feature on Windows Mobile?

  - by Carnotaurus

  I hope this is the correct forum. I wish to write a mobile application (MVC 4 mobile app) that extends Google Latitude for Windows Mobile 7 (or version 8 when launched in November). However, according to Google's own website (see http://www.google.com/mobile/latitude/), the check-in feature is not supported on Windows Mobile. So, how would I implement such a feature (not so interested in the UI here) using the technologies that I have mentioned? EDIT The implementation needs to store check-in data against a Google Latitude account.

  Read the article

• WPF - Correct Syntax for Using Coverter with Current Binding

  - by Andy T

  Hi, I have a collection of hex strings that represent colours and I am binding a combobox's ItemsSource to that collection. The combobox items are templated to have a filled rectangle with the relevant colour. I therefore need to use a converter to convert the hex value to a string. Easy enough. However, Blend is telling me that this syntax is incorrect in my XAML: Fill="{Binding, Converter={StaticResource StringToBrush}}" Apparently, I can't use a converter against plain old 'Binding'. Blend says that something like this is syntactically correct: Fill="{Binding Value, Converter={StaticResource StringToBrush}}" ...However that obviously doesn't work. I'm not quite au fait with binding syntax yet, so obviously I'm getting it wrong. Can anyone advise the correct syntax to achieve what I'm trying to do (convert my bound String using the coverter StringToBrush)? Thanks in advance! AT

  Read the article

< Previous Page | 134 135 136 137 138 139 140 141 142 143 144 145  | Next Page >