Search Results

Search found 108419 results on 4337 pages for 'app code'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 171/4337 | < Previous Page | 167 168 169 170 171 172 173 174 175 176 177 178  | Next Page >

  • How I might think like a hacker so that I can anticipate security vulnerabilities in .NET or Java before a hacker hands me my hat [closed]

    - by Matthew Patrick Cashatt
    Premise I make a living developing web-based applications for all form-factors (mobile, tablet, laptop, etc). I make heavy use of SOA, and send and receive most data as JSON objects. Although most of my work is completed on the .NET or Java stacks, I am also recently delving into Node.js. This new stack has got me thinking that I know reasonably well how to secure applications using known facilities of .NET and Java, but I am woefully ignorant when it comes to best practices or, more importantly, the driving motivation behind the best practices. You see, as I gain more prominent clientele, I need to be able to assure them that their applications are secure and, in order to do that, I feel that I should learn to think like a malevolent hacker. What motivates a malevolent hacker: What is their prime mover? What is it that they are most after? Ultimately, the answer is money or notoriety I am sure, but I think it would be good to understand the nuanced motivators that lead to those ends: credit card numbers, damning information, corporate espionage, shutting down a highly visible site, etc. As an extension of question #1--but more specific--what are the things most likely to be seeked out by a hacker in almost any application? Passwords? Financial info? Profile data that will gain them access to other applications a user has joined? Let me be clear here. This is not judgement for or against the aforementioned motivations because that is not the goal of this post. I simply want to know what motivates a hacker regardless of our individual judgement. What are some heuristics followed to accomplish hacker goals? Ultimately specific processes would be great to know; however, in order to think like a hacker, I would really value your comments on the broader heuristics followed. For example: "A hacker always looks first for the low-hanging fruit such as http spoofing" or "In the absence of a CAPTCHA or other deterrent, a hacker will likely run a cracking script against a login prompt and then go from there." Possibly, "A hacker will try and attack a site via Foo (browser) first as it is known for Bar vulnerability. What are the most common hacks employed when following the common heuristics? Specifics here. Http spoofing, password cracking, SQL injection, etc. Disclaimer I am not a hacker, nor am I judging hackers (Heck--I even respect their ingenuity). I simply want to learn how I might think like a hacker so that I may begin to anticipate vulnerabilities before .NET or Java hands me a way to defend against them after the fact.

    Read the article

  • Config file (App.config) does not update on new installation

    - by Muhammad Kashif Nadeem
    I am creating setup of my project using Visula Studio 2008. I am facing problem in setup installation. If I uninstall old setup (application) and install the new one then config file (App.config) updates the attributes (surely it is new file) of config file but if I install new setup without uninstalling the old one then config file does not update. from config file I mean MyProject.exe.config Why is this behavior of config file. Should it not be updated on installation of the new setup Is this possible to delete and copy the config file of new setup? Is there a way to update only config file forcefully during installation. Thanks for your help!

    Read the article

  • Big project layout : adding new feature on multiple sub-projects

    - by Shiplu
    I want to know how to manage a big project with many components with version control management system. In my current project there are 4 major parts. Web Server Admin console Platform. The web and server part uses 2 libraries that I wrote. In total there are 5 git repositories and 1 mercurial repository. The project build script is in Platform repository. It automates the whole building process. The problem is when I add a new feature that affects multiple components I have to create branch for each of the affected repo. Implement the feature. Merge it back. My gut feeling is "something is wrong". So should I create a single repo and put all the components there? I think branching will be easier in that case. Or I just do what I am doing right now. In that case how do I solve this problem of creating branch on each repository?

    Read the article

  • Rails web app authenticated with windows

    - by deostroll
    Is it possible for a rails web application to make use of the windows authentication features in its code. I am looking at being able to obtain the user's login name and domain in the application. But there is a catch. This particular web application runs off an apache web server hosted on a linux machine which is kind of networked to other windows machines. Is all of this possible?

    Read the article

  • Apache proxy is modifying the HTTP status code

    - by jarnbjo
    I am using Apache as a proxy frontend for a Java web application, which is deployed on WebSphere. The web application is using custom status codes (55x) to signal specific errors to the clients. When accessing the web application directly through the WebSphere HTTP listener, everything works as expected, but when these requests are proxied through an Apache load balancer, the status codes are modified by Apache and replaced with a generic 500 error code (internal server error). In Apache's access.log, the correct status code is logged: <IP> - - [11/Nov/2011:17:24:53 +0100] "POST <URL> HTTP/1.1" 551 36 But the actual response received by the client starts like this (logged with tcpdump): HTTP/1.1 500 Internal Server Error ... Followed by the real status code in the response content: ... Error 551: Berichteter Fehler: 551 ... Is there an obvious reason for this behaviour or does someone have a suggestion on how to modify the Apache configuration to forward the "real" status code instead of 500?

    Read the article

  • MSSQL Replace Database in Live Web App

    - by casoninabox
    I have a web app that is currently live. I had the need to make major modifications to the database and now I need to replace the current one. My dev SQL instance is not the live one. I usually just make a backup of the new DB, blow the old one away and Restore my updated one. But now I have data I need to preserve. Most of the current tables have changed, in that extra columns have been added, all existing columns are still there and unchanged. I have access to Management Studio. What is the right way to do this?

    Read the article

  • Kerberos: connection from win app running from IIS to SQL failed

    - by Mikhail Kislitsyn
    I have an IIS web-application with Windows authentication and impersonation. This application connects to SQL server. In this case Kerberos works fine. But there is a problem. Web-application runs windows application (not .NET), which also connects to the SQL server. Windows application runs with IIS app user credentials and impersonates current site user to connect to SQL server. scheme: http://i.stack.imgur.com/2cgv7.png When delegation for IIS user is set to "Trust this computer for delegation to any service" everything works fine. But I can't use this type of delegation according to security requirements. When I set delegation to "Specific services" and choose MSSQLSvc SPN, connection from windows application fails with "ANONIMOUS" fault. WireShark shows "KRB5KDC_ERR_BADOPTION" packet. What I'm doing wrong?

    Read the article

  • Is there a variable width font that does not change width when adding effects like bold, italic?

    - by George Bailey
    NetBeans has a word wrap feature now - but if the font changes width when bold then it gets all jumpy and sometimes hard to work with. Edit: It turns out that even with Courier New that NetBeans word wrap still jumps up and down lines at a time at random. I guess that this question no longer cares for an answer. However,, it seems that there is no answer. (at least nobody has brought one up yet) I am currently using Comic Sans MS which gets wider when bold.

    Read the article

  • Simple vs Complex (but performance efficient) solution - which one to choose and when?

    - by ManojGumber
    I have been programming for a couple of years and have often found myself at a dilemma. There are two solutions - one is simple one i.e. simple approach, easier to understand and maintain. It involves some redundancy, some extra work (extra IO, extra processing) and therefore is not the most optimal solution. but other uses a complex approach,difficult to implement, often involving interaction between lot of modules and is a performance efficient solution. Which solution should I strive for when I do not have hard performance SLA to meet and even the simple solution can meet the performance SLA? I have felt disdain among my fellow developers for simple solution. Is it good practice to come up with most optimal complex solution if your performance SLA can be met by a simple solution?

    Read the article

  • Unit testing time-bound code

    - by maasg
    I'm currently working on an application that does a lot of time-bound operations. That is, based on long now = System.currentTimeMillis();, and combined with an scheduler, it will calculate periods of time that parametrize the execution of some operations. e.g.: public void execute(...) { // executed by an scheduler each x minutes final int now = (int) TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()); final int alignedTime = now - now % getFrequency() ; final int startTime = alignedTime - 2 * getFrequency(); final int endTimeSecs = alignedTime - getFrequency(); uploadData(target, startTime, endTimeSecs); } Most parts of the application are unit-tested independently of time (in this case, uploadData has a natural unit test), but I was wondering about best practices for testing time-bound parts that rely on System.currentTimeMillis() ?

    Read the article

  • Inspection, code review - is it really testing?

    - by user970696
    ISTQB, Wikipedia or other sources classify verification acitivities (reviews etc.) as a static testing, yet other do not. If we can say that peer reviews and inspections are actually a kind of a testing, then a lot of standards do not make sense (consider e.g. ISO which say that validation is done by testing, while verification by checking of work products) - it should at least say dynamic testing for validation, shouldn't it? I am completing master thesis dealing with QA and I must admit that I have never seen worse and more ambiguous and contradicting literature than in this field :/ Do you think (and if so, why) that static testing is a good and justifiable term or should we stick to testing and static checks/analysis?

    Read the article

  • Download ASP.NET MVC Source Code

    - by Editor
    From Scott Guthrie’s blog: Last month I blogged about our ASP.NET MVC Roadmap. Two weeks ago we shipped the ASP.NET Preview 2 Release. Phil Haack from the ASP.NET team published a good blog post about the release here. Scott Hanselman has created a bunch of great ASP.NET MVC tutorial videos [...]

    Read the article

  • CodeGolf : Find the Unique Paths

    - by st0le
    Here's a pretty simple idea, in this pastebin I've posted some pair of numbers. These represent Nodes of a unidirected connected graph. The input to stdin will be of the form, (they'll be numbers, i'll be using an example here) c d q r a b d e p q so x y means x is connected to y (not viceversa) There are 2 paths in that example. a->b->c->d->e and p->q->r. You need to print all the unique paths from that graph The output should be of the format a->b->c->d->e p->q->r Notes You can assume the numbers are chosen such that one path doesn't intersect the other (one node belongs to one path) The pairs are in random order. They are more than 1 paths, they can be of different lengths. All numbers are less than 1000. If you need more details, please leave a comment. I'll amend as required. Shameless-Plug For those who enjoy Codegolf, please Commit at Area51 for its very own site:) (for those who don't enjoy it, please support it as well, so we'll stay out of your way...)

    Read the article

  • Aptana Ext code completion in .php files

    - by Frederik Wordenskjold
    I'm having problems getting the code-completion for the Ext 3.2 plugin to work, when working with .php files. I've also installed the php plugin for Aptana, and the same thing applies for php - I cannot access php code-completion when working with a html-file, so it seems like a general issue... It's also not possible to write Ext in .js files, which is weird... The latter case does make sense of course. But I should be able to write both php and Ext in .php files! Is this possible in any way? I have of course tested the code-completion for php in a .php file, which works. The same applies for Ext code in .html documents!

    Read the article

  • OS/X Mavericks won't download in App Store

    - by Mike Christensen
    I tried to download OS/X Mavericks through the App Store yesterday. However, I had to leave work before it was done downloading and shut down the machine while it was downloading. I assumed I'd be able to resume the download, or start over again later. However, now there's no way to get it to download again. When I find OS/X Mavericks in the store, I click on the "Download" link. It asks for my Apple ID which I enter, and it does absolutely nothing. It doesn't begin downloading, and it just still shows the "Download" button. Clicking on it again does nothing. I'm thinking there's something stuck somewhere, like some flag that says this download is in progress or it has already been downloaded. Is there some way to clear that out so I can start downloading it again?

    Read the article

  • Matching the superclass's constructor's parameter list, is treating a null default value as a non-null value within a constructor a violation of LSP?

    - by Panzercrisis
    I kind of ran into this when messing around with FlashPunk, and I'm going to use it as an example. Essentially the main sprite class is pretty much class Entity. Entity's constructor has four parameters, each with a default value. One of them is graphic, whose default value is null. Entity is designed to be inherited from, with many such subclasses providing their own graphic within their own internal workings. Normally these subclasses would not have graphic in their constructor's parameter lists, but would simply pick something internally and go with it. However I was looking into possibly still adhering to the Liskov Substitution Principal. Which led me to the following example: package com.blank.graphics { import net.flashpunk.*; import net.flashpunk.graphics.Image; public class SpaceGraphic extends Entity { [Embed(source = "../../../../../../assets/spaces/blank.png")] private const BLANK_SPACE:Class; public function SpaceGraphic(x:Number = 0, y:Number = 0, graphic:Graphic = null, mask:Mask = null) { super(x, y, graphic, mask); if (!graphic) { this.graphic = new Image(BLANK_SPACE); } } } } Alright, so now there's a parameter list in the constructor that perfectly matches the one in the super class's constructor. But if the default value for graphic is used, it'll exhibit two different behaviors, depending on whether you're using the subclass or the superclass. In the superclass, there won't be a graphic, but in the subclass, it'll choose the default graphic. Is this a violation of the Liskov Substitution Principal? Does the fact that subclasses are almost intended to use different parameter lists have any bearing on this? Would minimizing the parameter list violate it in a case like this? Thanks.

    Read the article

  • What to do when a project is too difficult to continue developing?

    - by MaxWell
    As a developer, can you tell your project manager that an application is unworkable? Or, if you're a project manager, how would you need this presented to you in order to be compelled? This isn't about "how to work on a poor project", it's assuming you cannot. I can provide an example of the situation if anyone thinks it's important, but I'm trying to avoid proposed solutions to "plodding through".

    Read the article

  • Why is it java code indented as BSD KNF Style and C C++ code indented as Allman or BSD style?

    - by Caffeine
    I do understand that coding convention is a matter of preference, and that different coding conventions have different subtle advantages or shortcomings, and depending on what one wants, one should choose his/her style. But why is usually Java written where the opening brace is on the same line as the function definition of control statement, and in C or C++ the curly braces have a line of their own? BSD KNF style if (data != NULL && res > 0) { if (JS_DefineProperty(cx, o, "data", STRING_TO_JSVAL(JS_NewStringCopyN(cx, data, res)), NULL, NULL, JSPROP_ENUMERATE) != 0) { QUEUE_EXCEPTION("Internal error!"); goto err; } PQfreemem(data); } else { if (JS_DefineProperty(cx, o, "data", OBJECT_TO_JSVAL(NULL), NULL, NULL, JSPROP_ENUMERATE) != 0) { QUEUE_EXCEPTION("Internal error!"); goto err; } } Allman or BSD Style if (x == y) { something(); somethingelse(); } Courtesy: http://en.wikipedia.org/wiki/Indent_style

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 167 168 169 170 171 172 173 174 175 176 177 178  | Next Page >