Search Results

Search found 127718 results on 5109 pages for 'http status code 401'.

Page 175/5109 | < Previous Page | 171 172 173 174 175 176 177 178 179 180 181 182  | Next Page >

  • How I might think like a hacker so that I can anticipate security vulnerabilities in .NET or Java before a hacker hands me my hat [closed]

    - by Matthew Patrick Cashatt
    Premise I make a living developing web-based applications for all form-factors (mobile, tablet, laptop, etc). I make heavy use of SOA, and send and receive most data as JSON objects. Although most of my work is completed on the .NET or Java stacks, I am also recently delving into Node.js. This new stack has got me thinking that I know reasonably well how to secure applications using known facilities of .NET and Java, but I am woefully ignorant when it comes to best practices or, more importantly, the driving motivation behind the best practices. You see, as I gain more prominent clientele, I need to be able to assure them that their applications are secure and, in order to do that, I feel that I should learn to think like a malevolent hacker. What motivates a malevolent hacker: What is their prime mover? What is it that they are most after? Ultimately, the answer is money or notoriety I am sure, but I think it would be good to understand the nuanced motivators that lead to those ends: credit card numbers, damning information, corporate espionage, shutting down a highly visible site, etc. As an extension of question #1--but more specific--what are the things most likely to be seeked out by a hacker in almost any application? Passwords? Financial info? Profile data that will gain them access to other applications a user has joined? Let me be clear here. This is not judgement for or against the aforementioned motivations because that is not the goal of this post. I simply want to know what motivates a hacker regardless of our individual judgement. What are some heuristics followed to accomplish hacker goals? Ultimately specific processes would be great to know; however, in order to think like a hacker, I would really value your comments on the broader heuristics followed. For example: "A hacker always looks first for the low-hanging fruit such as http spoofing" or "In the absence of a CAPTCHA or other deterrent, a hacker will likely run a cracking script against a login prompt and then go from there." Possibly, "A hacker will try and attack a site via Foo (browser) first as it is known for Bar vulnerability. What are the most common hacks employed when following the common heuristics? Specifics here. Http spoofing, password cracking, SQL injection, etc. Disclaimer I am not a hacker, nor am I judging hackers (Heck--I even respect their ingenuity). I simply want to learn how I might think like a hacker so that I may begin to anticipate vulnerabilities before .NET or Java hands me a way to defend against them after the fact.

    Read the article

  • Default Wordpress site on IIS

    - by Mike
    We have multiple wordpress installations on our IIS7 (Windows Server 2008) Server as follows: http://www.example.com/site_one http://www.example.com/site_two http://www.example.com/site_three These all work properly. However we would like to configure it so that when users visit the root domain (http://www.example.com/) or any page underneath, ie: http://www.example.com/ http://www.example.com/page1 http://www.example.com/page2 They would actually see the corresponding pages for site_two: http://www.example.com/site_two/ http://www.example.com/site_two/page1 http://www.example.com/site_two/page2 How could we achieve this?

    Read the article

  • Behaviour tree code example?

    - by jokoon
    http://altdevblogaday.org/2011/02/24/introduction-to-behavior-trees/ Obviously the most interesting article I found on this website. What do you think about it ? It lacks some code example, don't you know any ? I also read that state machines are not very flexible compared to behaviour trees... On top of that I'm not sure if there is a true link between state machines and the state pattern... is there ?

    Read the article

  • A Code Statistics Utility

    - by TATWORTH
    SourceMonitor Beta Test Version 2.6.2.102 At http://www.campwoodsw.com/smbeta.html there is an excellent utility for producing statistics about your code base. This produces very useful statistics about your such as total lines and percentage of documentation. Recently it was extended with a new complexity metric that counts switch statements as one (all case statements within each switch block are ignored)"

    Read the article

  • Should comments say WHY the program is doing what it is doing? (opinion on a dictum by the inventor of Forth)

    - by AKE
    The often provocative Chuck Moore (inventor of the Forth language) gave the following advice (paraphrasing): "Use comments sparingly. Programs are self-documenting, with a modicum of help from mnemonics. Comments should say WHAT the program is doing, not HOW." My question: Should comments say WHY the program is doing what it is doing? Update: In addition to the answers below, these two provide additional insight. Beginner's guide to writing comments? http://programmers.stackexchange.com/a/98609/62203

    Read the article

  • PHP - Auto Code Formatter?

    - by user1179459
    I am just wonedering is there a tool/software (ideally free) to do a auto code formatting in the PHP for batch of files (not one by one which i can use the IDE for that) Ideally something like this where i can set the settings and it will do the auto formatting for all the files in side that folder ...etc http://beta.phpformatter.com/ this is very useful but issue is i have to do this one by one copy pasting .. thats why i am looking for another tool..

    Read the article

  • Seattle Code Camp 5.0

    - by jerrykross
    I will be attending Seattle Code Camp 5.0 tomorrow at Microsoft Commons. Take a look at http://seattle.codecamp.us/default.aspx for details. It looks like you can still register.

    Read the article

  • What ever happened to the Defense Software Reuse System (DSRS)?

    - by emddudley
    I've been reading some papers from the early 90s about a US Department of Defense software reuse initiative called the Defense Software Reuse System (DSRS). The most recent mention of it I could find was in a paper from 2000 - A Survey of Software Reuse Repositories Defense Software Repository System (DSRS) The DSRS is an automated repository for storing and retrieving Reusable Software Assets (RSAs) [14]. The DSRS software now manages inventories of reusable assets at seven software reuse support centers (SRSCs). The DSRS serves as a central collection point for quality RSAs, and facilitates software reuse by offering developers the opportunity to match their requirements with existing software products. DSRS accounts are available for Government employees and contractor personnel currently supporting Government projects... ...The DoD software community is trying to change its software engineering model from its current software cycle to a process-driven, domain-specific, architecture-based, repository-assisted way of constructing software [15]. In this changing environment, the DSRS has the highest potential to become the DoD standard reuse repository because it is the only existing deployed, operational repository with multiple interoperable locations across DoD. Seven DSRS locations support nearly 1,000 users and list nearly 9,000 reusable assets. The DISA DSRS alone lists 3,880 reusable assets and has 400 user accounts... The far-term strategy of the DSRS is to support a virtual repository. These interconnected repositories will provide the ability to locate and share reusable components across domains and among the services. An effective and evolving DSRS is a central requirement to the success of the DoD software reuse initiative. Evolving DoD repository requirements demand that DISA continue to have an operational DSRS site to support testing in an actual repository operation and to support DoD users. The classification process for the DSRS is a basic technology for providing customer support [16]. This process is the first step in making reusable assets available for implementing the functional and technical migration strategies. ... [14] DSRS - Defense Technology for Adaptable, Reliable Systems URL: http://ssed1.ims.disa.mil/srp/dsrspage.html [15] STARS - Software Technology for Adaptable, Reliable Systems URL: http://www.stars.ballston.paramax.com/index.html [16] D. E. Perry and S. S. Popovitch, “Inquire: Predicate-based use and reuse,'' in Proceedings of the 8th Knowledge-Based Software Engineering Conference, pp. 144-151, September 1993. ... Is DSRS dead, and were there any post-mortem reports on it? Are there other more-recent US government initiatives or reports on software reuse?

    Read the article

  • Programming MVC2 is out with code

    The sample code for my latest book Programming ASP.NET MVC (covers version 2 and 2010) is available via the book's catalog page at Microsoft Press site run by O'Reilly.  You click the Examples link here to get to it: http://oreilly.com/catalog/9780735627147/...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • ???Past Image(pi)

    - by todd.bao(at)oracle.com
    Past Image???RAC??????????,????????????????????????????????,Past Image??????????,?????????????????,?????????????????,??????????????(pi)?????????????????Past Image,????????????:HR.EMPLOYEES??100????101?????5????88???????????????,???????????# ??1: ?????????SYS@RAC1//scripts> select inst_id,status from gv$bh where file#=5 and block#=88;no rows selected# ??1???(???Steve King, ????24000????)SYS@RAC1//scripts> update hr.employees set salary=1 where employee_id=100;1 row updated.# ??2: ????1??xcur????????????,?????????SYS@RAC1//scripts> select inst_id,dirty,status from gv$bh where file#=5 and  block#=88;   INST_ID + D + STATUS---------- + - + -------         1 + Y + xcur1 row selected.# ??2???SYS@RAC2//scripts> update hr.employees set salary=2 where employee_id=101;1 row updated.# ??3: ????2?,?????1??pi??Past Image,???????????????????????SYS@RAC1//scripts> select inst_id,dirty,status from gv$bh where file#=5 and  block#=88;   INST_ID + D + STATUS---------- + - + -------         1 + Y + pi         2 + Y + xcur2 rows selected.# ??1???SYS@RAC1//scripts> update hr.employees set salary=3 where employee_id=100;1 row updated.# ??4: ????1?,?????2???1???????2???????1???????SYS@RAC1//scripts> select inst_id,dirty,status from gv$bh where file#=5 and  block#=88;   INST_ID + D + STATUS---------- + - + -------         1 + Y + pi         1 + Y + xcur         2 + Y + pi3 rows selected.# ??2????SYS@RAC2//scripts> update hr.employees set salary=4 where employee_id=101;1 row updated.# ??5: ????2?,??????????????,DBWR??,??????,??(pi)?????????????(cr)??????????????????????????SYS@RAC1//scripts> select inst_id,dirty,status from gv$bh where file#=5 and  block#=88;   INST_ID + D + STATUS---------- + - + -------         1 + N + cr         1 + N + cr         2 + Y + xcur3 rows selected.# ?????1???SYS@RAC1//scripts> update hr.employees set salary=5 where employee_id=100;1 row updated.# ??6: ????1?,?????2????????????????,?????????SYS@RAC1//scripts> select inst_id,dirty,status from gv$bh where file#=5 and  block#=88;   INST_ID + D + STATUS---------- + - + -------         1 + Y + xcur         1 + N + cr         1 + N + cr         2 + Y + pi4 rows selected.# ??2???SYS@RAC2//scripts> update hr.employees set salary=6 where employee_id=101;1 row updated.# ??7: ????2?,?????1?2????1???????2?????????????4,????????????????SYS@RAC1//scripts> select inst_id,dirty,status from gv$bh where file#=5 and  block#=88;   INST_ID + D + STATUS---------- + - + -------         1 + Y + pi         2 + Y + pi         2 + Y + xcur3 rows selected.# ??1???SYS@RAC1//scripts> update hr.employees set salary=7 where employee_id=100;1 row updated.# ??8: ????1?,?????2?1????2???????1????????????2????????????????????????????????????(????????)????SYS@RAC1//scripts> select inst_id,dirty,status from gv$bh where file#=5 and  block#=88;   INST_ID + D + STATUS---------- + - + -------         1 + Y + pi         1 + Y + xcur         2 + Y + pi         2 + N + cr4 rows selected.??????????, ?xcur??????????:??????xcur????pi?????pi?(?????)???cr?,???cr?????,pi????????????????????????????:?????????????A?B?A:SYS@RAC1//scripts> run  1  begin  2  for i in 1..100000 loop  3  update hr.employees set salary=i where employee_id=100;  4  end loop;  5* end;B:SYS@RAC2//scripts> run  1  begin  2  for i in 1..100000 loop  3  update hr.employees set salary=i where employee_id=101;  4  end loop;  5* end;?????????,???5???88?????buffer cache???????:SYS@RAC2//scripts> select count(*) from gv$bh where file#=5 and block#=88;  COUNT(*)----------       4121 row selected.??409?????????(cur):SYS@RAC2//scripts> select count(*) from gv$bh where file#=5 and block#=88 where status='cr';  COUNT(*)----------       4091 row selected.1????????(xcur):SYS@RAC2//scripts> select count(*) from gv$bh where file#=5 and block#=88 where status='xcur';  COUNT(*)----------           11 row selected.??...2??????--????(pi)??????????SYS@RAC1//scripts> select inst_id,dirty,status from gv$bh where file#=5 and block#=88 and status='pi';   INST_ID + D + STATUS---------- + - + -------         1 + Y + pi         2 + Y + pi2 rows selected.????,???RAC??????????????(cr)?,????????????????????????xcur?pi??cr??????pi?????? ?????????,???????????pi???cr?,?????????cr???,???xcur???????,pi??????xcur?,[email protected]

    Read the article

  • Example WCF XML-RPC client C# code against custom XML-RPC server implementation?

    - by mr.b
    I have built my own little custom XML-RPC server, and since I'd like to keep things simple, on both server and client side (server side PHP runs, by the way), what I would like to accomplish is to create a simplest possible client in C# using WCF. Let's say that Contract for service exposed via XML-RPC is as follows. [ServiceContract] public interface IContract { [OperationContract(Action="Ping")] string Ping(); // server returns back string "Pong" [OperationContract(Action="Echo")] string Echo(string message); // server echoes back whatever message is } So, there are two example methods, one without any arguments, and another with simple string argument, both returning strings (just for sake of example). Service is exposed via http. What's next? Thanks for reading! P.S. I have done my homework of googling around for samples and similar, but all that I could come up with are some blog-related samples that use existing (and very big) classes, which implement correct IContract (or IBlogger) interfaces, so that most of what I am interested is hidden below several layers of abstraction...

    Read the article

  • Streaming to the Android MediaPlayer

    - by Rob Szumlakowski
    Hi. I'm trying to write a light-weight HTTP server in my app to feed dynamically generated MP3 data to the built-in Android MediaPlayer. I am not permitted to store my content on the SD card. My input data is essentially of an infinite length. I tell MediaPlayer that its data source should basically be something like "http://localhost/myfile.mp3". I've a simple server set up that waits for MediaPlayer to make this request. However, MediaPlayer isn't very cooperative. At first, it makes an HTTP GET and tries to grab the whole file. It times out if we try and simply dump data into the socket so we tried using the HTTP Range header to write data in chunks. MediaPlayer doesn't like this and doesn't keep requesting the subsequent chunks. Has anyone had any success streaming data directly into MediaPlayer? Do I need to implement an RTSP or Shoutcast server instead? Am I simply missing a critical HTTP header? What strategy should I use here? Rob Szumlakowski

    Read the article

  • How to use a SOAP API in ASP.NET?

    - by jonhobbs
    Hi, I've trying to use the API for CapsuleCRM... http://capsulecrm.com/help/page/api_gettingstarted I've been reading some articles on SOAP in asp.net and I just don't get it. Most of them seem to be ablut creating a web service, not using it and none of them seem to explain how to use basic HTTP authentication. I have got as far as constructing the XML i want to send to the API but I could really do with seeing some example code which makes an http call using http authentication to a SOAP API. Maybe I'm just searching for the wrong thing but I've drawn a blank so far. Can anybody show me how? Jon

    Read the article

  • How to enable HTTP response caching in Spring Boot

    - by Samuli Kärkkäinen
    I have implemented a REST server using Spring Boot 1.0.2. I'm having trouble preventing Spring from setting HTTP headers that disable HTTP caching. My controller is as following: @Controller public class MyRestController { @RequestMapping(value = "/someUrl", method = RequestMethod.GET) public @ResponseBody ResponseEntity<String> myMethod( HttpServletResponse httpResponse) throws SQLException { return new ResponseEntity<String>("{}", HttpStatus.OK); } } All HTTP responses contain the following headers: Cache-Control: no-cache, no-store, max-age=0, must-revalidate Expires: 0 Pragma: no-cache I've tried the following to remove or change those headers: Call setCacheSeconds(-1) in the controller. Call httpResponse.setHeader("Cache-Control", "max-age=123") in the controller. Define @Bean that returns WebContentInterceptor for which I've called setCacheSeconds(-1). Set property spring.resources.cache-period to -1 or a positive value in application.properties. None of the above have had any effect. How do I disable or change these headers for all or individual requests in Spring Boot?

    Read the article

  • How to stream partial content with ASP.NET MVC FileStreamResult

    - by o_o
    We're using a FileStreamResult to provide video data to a Silverlight MediaElement based video player: public ActionResult Preview(Guid id) { return new FileStreamResult( Services.AssetStore.GetStream(id, ContentType.Preview), "application/octet-stream"); } Unfortunately, the Silverlight video player downloads the entire video file before it starts playing. This behavior is expected as our Preview Action does not support downloading partial content. (side note: if the file is hosted in an IIS virtual directory we can start playback at any location in the video while it is still downloading. however for security and auditing reasons we can't provide a direct download link. so this is not an option.) How can we improve the Controller Action to support partial HTTP content? I assume we first have to inform the client that we support it (adding an "Accept-Ranges:bytes" header to a HEAD request), then we have to evaluate the HTTP "Range" header and stream the requested file range with a response code of 206. Will that work with ASP.NET MVC hosted on IIS6? Is there already some code available? Also see: http://en.wikipedia.org/wiki/List_of_HTTP_headers http://blogs.msdn.com/anilkumargupta/archive/2009/04/29/downloadprogress-downloadprogressoffset-and-bufferprogress-of-the-mediaelement.aspx http://benramsey.com/archives/206-partial-content-and-range-requests/

    Read the article

  • Why would Basic Auth not work with my WCF client to Java SOAP Web Service?

    - by orj
    I have a Java based web service that requires basic authentication to communicate with it. If I type the WSDL url into my browser I'm prompted for Basic Auth. Which I can get by entering the correct credentials. However using my WCF client doesn't work. I construct my WCF client like this: var binding = new BasicHttpBinding { MaxReceivedMessageSize = 2048 * 10240, Security = { Mode = BasicHttpSecurityMode.TransportCredentialOnly, Transport = { ClientCredentialType = HttpClientCredentialType.Basic, Realm = "MYREALM", ProxyCredentialType = HttpProxyCredentialType.None }, Message = { ClientCredentialType = BasicHttpMessageCredentialType.UserName, AlgorithmSuite = SecurityAlgorithmSuite.Default } } }; var client = new WebServiceClient(binding, endpoint); client.ClientCredentials.UserName.UserName = username; client.ClientCredentials.UserName.Password = password; client.DoWebServiceMethod(); I get the following exception. System.Net.WebException: The remote server returned an error: (401) Unauthorized. at System.Net.HttpWebRequest.GetResponse() at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout) System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Basic realm="MYREALM"'. From what I can tell I'm doing things right. Where am I going wrong?

    Read the article

  • empty response body in ajax (or 206 Partial Content)

    - by Nikita Rybak
    Hi guys, I'm feeling completely stupid because I've spent two hours solving task which should be very simple and which I solved many times before. But now I'm not even sure in which direction to dig. I fail to fetch static content using ajax from local servers (Apache and Mongrel). I get responses 200 and 206 (depending on the server), empty response text (although Content-Length header is always correct), firebug shows request in red. Javascript is very generic, I'm getting same results even here: http://www.w3schools.com/ajax/tryit.asp?filename=tryajax_first (just change document location to 'http://localhost:3000/whatever') So, it's probably not the cause. Well, now I'm out of ideas. I can also post http headers, if it'll help. Thanks! Response Headers Connection close Date Sat, 01 May 2010 21:05:23 GMT Last-Modified Sun, 18 Apr 2010 19:33:26 GMT Content-Type text/html Content-Length 7466 Request Headers Host localhost:3000 User-Agent Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Referer http://www.w3schools.com/ajax/tryit_view.asp Origin http://www.w3schools.com Response Headers Date Sat, 01 May 2010 21:54:59 GMT Server Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8l DAV/2 mod_jk/1.2.28 Etag "3d5cbdb-fb4-4819c460d4a40" Accept-Ranges bytes Content-Length 4020 Cache-Control max-age=7200, public, proxy-revalidate Expires Sat, 01 May 2010 23:54:59 GMT Content-Range bytes 0-4019/4020 Keep-Alive timeout=5, max=100 Connection Keep-Alive Content-Type application/javascript Request Headers Host localhost User-Agent Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Origin null

    Read the article

  • Why meta refresh followed by 2 redirects?

    - by twneale
    I have encountered several websites where the initial visit by a user results in a http-equiv refresh to another (usually gibberish) url, which then promptly redirects (302) to another gibberish url, which in turn immediately redirects to yet a fourth url that actually displays the landing page for the site. My question is: what the heck? Why would a server be set up to behave this way? Here is list of a few sites that do this: New York State Library - http://nysl.nysed.gov New York State Regulations provided by Westlaw - http://government.westlaw.com/linkedslice/default.asp?SP=nycrr-1000

    Read the article

  • Does EF 4 Code First's ContextBuilder Dispose its SqlConnection?

    - by Eric J.
    Looking at Code First in ADO.Net EF 4 CTP 3 and wondered how the SqlConnection in their walkthrough is disposed. Is that the responsibility of ContextBuilder? Is it missing from the example? var connection = new SqlConnection(DB_CONN); var builder = new ContextBuilder<BloggingModel>(); var connection = new SqlConnection(DB_CONN); using (var ctx = builder.Create(connection)) { //... }

    Read the article

  • http post with ant for file uploading

    - by paleozogt
    As part of my Ant build process, I'd like to upload files to a webserver via HTTP Post. Ant only comes with an HTTP Get task. However, Ant Contrib seems to have an HTTP Post task. The problem is that it doesn't have any authentication (like get does) or any way to specify a file upload (despite what the docs say, "rawFile" is not part of the distro). My question is: does Ant Contrib's Post task actually support what I want, but in a non-obvious way (perhaps I have to do it by hand)? Or is there some other way to do this?

    Read the article

  • actionscript swf: why the swf is cached in one web server

    - by Bin Chen
    Hi, I have one swf and a program to load this swf. The swf is put in a server. I encounter a weird problem that if I put this swf in serverA, each time my program will issue a http request to that webserver(with 304 response). But when I move the swf from serverA to serverB, some weird things happen, the progrom will only issue the first time http request, and after that, it didn't send any http request, it looks like it uses the cache in the disk. I wonder is how can I configure serverA make the behavior the same as serverB, as I guess the problem may exists in the http response that make the program not retrieving the swf from serverB any more. Bin

    Read the article

  • xcode 3.2 c++: how can i enable a proper code completion?

    - by ufk
    Hiya. I have snow leopard and I'm building a cpp Application with xcode. I would like to be able to get proper code completion with xcode, and by that i mean the following: std::string f; f. just when I type f. i would like to see all the relevant functions to that string class. is it possible in xcode ?

    Read the article

< Previous Page | 171 172 173 174 175 176 177 178 179 180 181 182  | Next Page >