Search Results

Search found 181 results on 8 pages for 'austin hyde'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 2/8 | < Previous Page | 1 2 3 4 5 6 7 8  | Next Page >

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

  • Cannot boot computer, help please :(

    - by Austin
    Ok so here is more descriptions, I REALLY NEED HELP! I installed Ubuntu on a disk (unsure of v. I can't check.. Computer is broke :/ ) I then burned the disk I restarted computer pressed f12 blah blah it came up, I pressed enter for English, I plugged an Ethernet card in for better connection, and then started the installation.... I did the basics, and I entered a host name, and a user name and pass all that, when it came to partition page, I presse enter for no and then it went back to the installation page, I pressed install again, and it brought me back, so I selected yes , it loaded an it asked what software to instal I selected sh ( it was first option and I didn't know which to do ) so after everything finished loading, my disk was ejected the process finish, I run my computer and it opens up in log in page on cmd script I didn't know it, so I ran disk again makin a user and pass to remember.... Going back to login thing I logged in, and all it did was say my username... I didn't know what to do from there, I looked online found nothing but grub stuff, so I went to "Advanced Ubuntu options" and then "(Recovery Mode) and went to update grub... In middle o loading it asked to continue (Y/n) I typed Y and it finished, it went back to the options located in (Recovery Mode) and I closed it, and it loaded... And then showed up in another script screen, saying a paragraph on top, and on left side ( where login: would be located etc. ) it says "Grub" and I don't know what to type, if I turn off computer and turn back on it just goes straight to that again... PLEASE HELP:(

    Read the article

  • Join Domain and Dos App

    - by Austin Lamb
    ok, So First off yes i have read all the related topics and those fixs are either out of date or dont work. i am running ubuntu 12.04 and i would like to add it to the win2008 server network, after i get that done i would like to mount the F:\ drive of the server somewhere on my linux machine where it can be identified as Drive F:\ by wine or Dosemu if i can achieve all of that i need to find out how to run a MS-Dos 16-bit Point-of-sales Graphic program in ubuntu whether that be through wine, dosemu, or dosBox. it does not matter it just has to be able to read and write to the servers F: drive, operate the dos app, and support LPt1 (i think) for printing reciepts and loading tickets. i am a decently knowledgeable windows tech, at least thats what my job description says.. but this is my first encounter with linux in a work environment, it could prove to very experience changing if i can just prove it as a practical theory and a reasonable solution, and get it to work.. the first step is to get it joined to the domain. i have likewise-open CLI and GUI versions, samba, and GADMIN-SAMBA installed in attempts to get any of them to work. any help in any area is greatly appreciated, especially with the domain joining since it is the first step and what i thought would be the easiest step..

    Read the article

  • GLSL Shader Texture Performance

    - by Austin
    I currently have a project that renders OpenGL video using a vertex and fragment shader. The shaders work fine as-is, but in trying to add in texturing, I am running into performance issues and can't figure out why. Before adding texturing, my program ran just fine and loaded my CPU between 0%-4%. When adding texturing (specifically textures AND color -- noted by comment below), my CPU is 100% loaded. The only code I have added is the relevant texturing code to the shader, and the "glBindTexture()" calls to the rendering code. Here are my shaders and relevant rending code. Vertex Shader: #version 150 uniform mat4 mvMatrix; uniform mat4 mvpMatrix; uniform mat3 normalMatrix; uniform vec4 lightPosition; uniform float diffuseValue; layout(location = 0) in vec3 vertex; layout(location = 1) in vec3 color; layout(location = 2) in vec3 normal; layout(location = 3) in vec2 texCoord; smooth out VertData { vec3 color; vec3 normal; vec3 toLight; float diffuseValue; vec2 texCoord; } VertOut; void main(void) { gl_Position = mvpMatrix * vec4(vertex, 1.0); VertOut.normal = normalize(normalMatrix * normal); VertOut.toLight = normalize(vec3(mvMatrix * lightPosition - gl_Position)); VertOut.color = color; VertOut.diffuseValue = diffuseValue; VertOut.texCoord = texCoord; } Fragment Shader: #version 150 smooth in VertData { vec3 color; vec3 normal; vec3 toLight; float diffuseValue; vec2 texCoord; } VertIn; uniform sampler2D tex; layout(location = 0) out vec3 colorOut; void main(void) { float diffuseComp = max( dot(normalize(VertIn.normal), normalize(VertIn.toLight)) ), 0.0); vec4 color = texture2D(tex, VertIn.texCoord); colorOut = color.rgb * diffuseComp * VertIn.diffuseValue + color.rgb * (1 - VertIn.diffuseValue); // FOLLOWING LINE CAUSES PERFORMANCE ISSUES colorOut *= VertIn.color; } Relevant Rendering Code: // 3 textures have been successfully pre-loaded, and can be used // texture[0] is a 1x1 white texture to effectively turn off texturing glUseProgram(program); // Draw squares glBindTexture(GL_TEXTURE_2D, texture[1]); // Set attributes, uniforms, etc glDrawArrays(GL_QUADS, 0, 6*4); // Draw triangles glBindTexture(GL_TEXTURE_2D, texture[0]); // Set attributes, uniforms, etc glDrawArrays(GL_TRIANGLES, 0, 3*4); // Draw reference planes glBindTexture(GL_TEXTURE_2D, texture[0]); // Set attributes, uniforms, etc glDrawArrays(GL_LINES, 0, 4*81*2); // Draw terrain glBindTexture(GL_TEXTURE_2D, texture[2]); // Set attributes, uniforms, etc glDrawArrays(GL_TRIANGLES, 0, 501*501*6); // Release glBindTexture(GL_TEXTURE_2D, 0); glUseProgram(0); Any help is greatly appreciated!

    Read the article

  • Load Texture From Image Content In Runtime

    - by Austin Brunkhorst
    Basically I wrote a world editor for a game I'm working on. Looking ahead, I was brainstorming ways to save the created world including the tile-sets (this game will rely on a tile engine). I was hoping to save the image data of each tile-set in the same file containing the tile positions, etc. and load the image data into a Texture with XNA. Is it possible? Something like this is what I'm going for. Texture2D tileset = Content.LoadFromString<Texture2D>("png tileset data");

    Read the article

  • Going from .Net 2.0 to 4.5 [closed]

    - by Austin Henley
    For a lot of my projects I have been using an older code base and also just haven't learned the features from newer .Net/C# versions. It seems I am stuck back in the 2.0 days of the framework and language, so what should I do to make use of all latest features? It is worth pointing out this but rather than just what changes have been made, what small programs could I implement that would teach me a lot of the new features?

    Read the article

  • Designs for outputting to a spreadsheet

    - by Austin Moore
    I'm working on a project where we are tasked to gather and output various data to a spreadsheet. We are having tons of problems with the file that holds the code to write the spreadsheet. The cell that the data belongs to is hardcoded, so anytime you need to add anything to the middle of the spreadsheet, you have to increment the location for all the fields after that in the code. There are random blank rows, to add padding between sections, and subsections within the sections, so there's no real pattern that we can replicate. Essentially, anytime we have to add or change anything to the spreadsheet it requires a many long and tedious hours. The code is all in this one large file, hacked together overtime in Perl. I've come up with a few OO solutions, but I'm not too familiar with OO programming in Perl and all my attempts at it haven't been great, so I've shied away from it so far. I've suggested we handle this section of the program with a more OO friendly language, but we can't apparently. I've also suggested that we scrap the entire spreadsheet idea, and just move to a webpage, but we can't do that either. We've been working on this project for a few months, and every time we have to change that file, we all dread it. I'm thinking it's time to start some refactoring. However, I don't even know what could make this file easier to work with. The way the output is formatted makes it so that it has to be somewhat hardcoded. I'm wondering if anyone has insight on any design patterns or techniques they have used to tackle a similar problem. I'm open to any ideas. Perl specific answers are welcome, but I am also interested in language-agnostic solutions.

    Read the article

  • return unique values from array

    - by Brad
    I have an array that contains cities, I want to return an array of all those cities, but it must be a unique list of the cities. The array below: Array ( [0] => Array ( [eventname] => Wine Tasting [date] => 12/20/2013 [time] => 17:00:00 [location] => Anaheim Convention Center [description] => This is a test description [city] => Anaheim [state] => California ) [1] => Array ( [eventname] => Circus [date] => 12/22/2013 [time] => 18:30:00 [location] => LAX [description] => Description for LAX event [city] => Anaheim [state] => California ) [2] => Array ( [eventname] => Blues Fest [date] => 3/14/2014 [time] => 17:00:00 [location] => Austin Times Center [description] => Blues concert [city] => Austin [state] => Texas ) ) Should return: array('Anaheim', 'Austin'); Any help is appreciated.

    Read the article

  • LINQ-to-SQL: Could not find key member 'x' of key 'x' on type 'y'

    - by Austin Hyde
    I am trying to connect my application to a SQLite database with LINQ-to-SQL, and so far everything has worked fine. The only hitch was that the SQLite provider I am using does not support code generation (unless I was doing something wrong), so I manually coded the 4 tables in the DB. The solution builds properly, but will not run, giving me the error message Could not find key member 'ItemType_Id' of key 'ItemType_Id' on type 'Item'. The key may be wrong or the field or property on 'Item' has changed names. I have checked and double checked spellings and field names on the database and in the attribute mappings, but could not find any problems. The SQL for the table looks like this: CREATE TABLE [Items] ( [Id] integer PRIMARY KEY AUTOINCREMENT NOT NULL, [Name] text NOT NULL, [ItemType_Id] integer NOT NULL ); And my mapping code: [Table(Name="Items")] class Item { // [snip] [Column(Name = "Id", IsPrimaryKey=true, IsDbGenerated=true)] public int Id { get; set; } // [snip] [Column(Name="ItemType_Id")] public int ItemTypeId { get; set; } [Association(Storage = "_itemType", ThisKey = "ItemType_Id")] public ItemType ItemType { get { return _itemType.Entity; } set { _itemType.Entity = value; } } private EntityRef<ItemType> _itemType; // [snip] } This is really my first excursion into LINQ-to-SQL, and am learning as I go, but I cannot seem to get past this seeming simple problem. Why cannot LINQ see my association?

    Read the article

  • Examples of CoffeeScript in NodeJS?

    - by Austin Hyde
    As a pet project, I am trying to get familiar with NodeJS and CoffeeScript, and am finding it hard to get the ball rolling. I've found plenty of examples of single-file super-simple apps like in CoffeeScript's examples folder, however, none of those really show what a full application would look like. I've also scrounged Google to no avail. Do you have any examples of medium-sized, multi-file CoffeeScript/NodeJS apps I could learn from?

    Read the article

  • maps, iterators, and complex structs - STL errors

    - by Austin Hyde
    So, I have two structs: struct coordinate { float x; float y; } struct person { int id; coordinate location; } and a function operating on coordinates: float distance(const coordinate& c1, const coordinate& c2); In my main method, I have the following code: map<int,person> people; // populate people map<int,map<float,int> > distance_map; map<int,person>::iterator it1,it2; for (it1=people.begin(); it1!=people.end(); ++it1) { for (it2=people.begin(); it2!=people.end(); ++it2) { float d = distance(it1->second.location,it2->second.location); distance_map[it1->first][d] = it2->first; } } However, I get the following error upon build: stl_iterator_base_types.h: In instantiation of ‘std::iterator_traits<coordinate>’: stl_iterator_base_types.h:129: error: no type named ‘iterator_category’ in ‘struct coordinate’ stl_iterator_base_types.h:130: error: no type named ‘value_type’ in ‘struct coordinate’ stl_iterator_base_types.h:131: error: no type named ‘difference_type’ in ‘struct coordinate’ stl_iterator_base_types.h:132: error: no type named ‘pointer’ in ‘struct coordinate’ stl_iterator_base_types.h:133: error: no type named ‘reference’ in ‘struct coordinate’ And it blames it on the line: float d = distance(it1->second.location,it2->second.location); Why does the STL complain about my code?

    Read the article

  • Convert "this" to a reference-to-pointer

    - by Austin Hyde
    Just stumbled onto this problem. (title says it all) Let's say I have a struct struct Foo { void bar () { do_baz(this); } void do_baz(Foo*& pFoo) { pFoo->p_sub_foo = new Foo; // for example } Foo* p_sub_foo; } GCC tells me that temp.cpp: In member function ‘void Foo::bar()’: temp.cpp:3: error: no matching function for call to ‘Foo::do_baz(Foo* const)’ temp.cpp:5: note: candidates are: void Foo::do_baz(Foo*&) So, how do I convert what is apparently a const Foo* to a Foo*&?

    Read the article

  • Undefined symbols for C++0x lambdas?

    - by Austin Hyde
    I was just poking around into some new stuff in C++0x, when I hit a stumbling block: #include <list> #include <cstdio> using namespace std; template <typename T,typename F> void ForEach (list<T> l, F f) { for (typename list<T>::iterator it=l.begin();it!=l.end();++it) f(*it); } int main() { int arr[] = {1,2,3,4,5,6}; list<int> l (arr,arr+6); ForEach(l,[](int x){printf("%d\n",x);}); } does not compile. I get a load of undefined symbol errors. Here's make's output: i386-apple-darwin9-gcc-4.5.0 -std=c++0x -I/usr/local/include -o func main.cpp Undefined symbols: "___cxa_rethrow", referenced from: std::_List_node<int>* std::list<int, std::allocator<int> >::_M_create_node<int const&>(int const&&&) in ccPxxPwU.o "operator new(unsigned long)", referenced from: __gnu_cxx::new_allocator<std::_List_node<int> >::allocate(unsigned long, void const*) in ccPxxPwU.o "___gxx_personality_v0", referenced from: ___gxx_personality_v0$non_lazy_ptr in ccPxxPwU.o "___cxa_begin_catch", referenced from: std::_List_node<int>* std::list<int, std::allocator<int> >::_M_create_node<int const&>(int const&&&) in ccPxxPwU.o "operator delete(void*)", referenced from: __gnu_cxx::new_allocator<std::_List_node<int> >::deallocate(std::_List_node<int>*, unsigned long) in ccPxxPwU.o "___cxa_end_catch", referenced from: std::_List_node<int>* std::list<int, std::allocator<int> >::_M_create_node<int const&>(int const&&&) in ccPxxPwU.o "std::__throw_bad_alloc()", referenced from: __gnu_cxx::new_allocator<std::_List_node<int> >::allocate(unsigned long, void const*) in ccPxxPwU.o "std::_List_node_base::_M_hook(std::_List_node_base*)", referenced from: void std::list<int, std::allocator<int> >::_M_insert<int const&>(std::_List_iterator<int>, int const&&&) in ccPxxPwU.o ld: symbol(s) not found collect2: ld returned 1 exit status make: *** [func] Error 1 Why is this not working?

    Read the article

  • Makefiles - Compile all .cpp files in src/ to .o's in obj/, then link to binary in /

    - by Austin Hyde
    So, my project directory looks like this: /project Makefile main /src main.cpp foo.cpp foo.h bar.cpp bar.h /obj main.o foo.o bar.o What I would like my makefile to do would be to compile all .cpp files in the /src folder to .o files in the /obj folder, then link all the .o files in /obj into the output binary in the root folder /project. The problem is, I have next to no experience with Makefiles, and am not really sure what to search for to accomplish this. Also, is this a "good" way to do this, or is there a more standard approach to what I'm trying to do?

    Read the article

  • Regex for finding an unterminated string

    - by Austin Hyde
    I need to search for lines in a CSV file that end in an unterminated, double-quoted string. For example: 1,2,a,b,"dog","rabbit would match whereas 1,2,a,b,"dog","rabbit","cat bird" 1,2,a,b,"dog",rabbit would not. I have very limited experience with regular expressions, and the only thing I could think of is something like "[^"]*$ However, that matches the last quote to the end of the line. How would this be done?

    Read the article

  • Choose a local file w/o uploading the chosen file

    - by Austin Hyde
    I am making a simple development tool for myself using PHP on my local development server. I would like a way to have a simple file-chooser to select a file without uploading it, but just retaining the file path. This is useful, because I will be the only one using the tool, and so PHP will have access to the chosen file without having it uploaded. My first thought is to have a <input type="file"...>, but as far as I know, there's no way to prevent the upload from happening. Is there a way to do this?

    Read the article

  • Scripting Languages vs. Compiled Languages for web development

    - by Austin Hyde
    Though I come from a purely PHP background on the web development side of programming, I have also spent much time with C# and C++ on the desktop. I don't really want to spark any flame wars, but: When should you use scripting languages over compiled languages for website development? (and vice versa) Just to clarify, for the sake of this question, I define a "scripting language" to mean an interpreted language like PHP, Python, or Ruby, and a "compiled language" to mean a strongly typed, compiled language like C#, C++, Java, or VB.

    Read the article

  • "Undefined Symbols" when inheriting from stdexcept classes

    - by Austin Hyde
    Here is an exception defined in <stdexcept>: class length_error : public logic_error { public: explicit length_error(const string& __arg); }; Here is my exception: class rpn_expression_error : public logic_error { public: explicit rpn_expression_error(const string& __arg); }; Why do I get this error when <stdexcept> does not? Undefined symbols: rpn_expression_error::rpn_expression_error(/*string*/ const&), referenced from: ... ld: symbol(s) not found

    Read the article

  • C# style Action<T>, Func<T,T>, etc in C++0x

    - by Austin Hyde
    C# has generic function types such as Action<T> or Func<T,U,V,...> With the advent of C++0x and the ability to have template typedef's and variadic template parameters, it seems this should be possible. The obvious solution to me would be this: template <typename T> using Action<T> = void (*)(T); however, this does not accommodate for functors or C++0x lambdas, and beyond that, does not compile with the error "expected unqualified-id before 'using'" My next attempt was to perhaps use boost::function: template <typename T> using Action<T> = boost::function<void (T)>; This doesn't compile either, for the same reason. My only other idea would be STL style template arguments: template <typename T, typename Action> void foo(T value, Action f) { f(value); } But this doesn't provide a strongly typed solution, and is only relevant inside the templated function. Now, I will be the first to admit that I am not the C++ wiz I prefer to think I am, so it's very possible there is an obvious solution I'm not seeing. Is it possible to have C# style generic function types in C++?

    Read the article

  • CSS doesn't apply to dynamically created elements in IE 7?

    - by Austin Hyde
    In the project I am working on, I dynamically generate (with javascript) filters that look like this: <div class="filter"> <a ... class="filter_delete_link">Delete</a> <div class="filter_field"> ... </div> <div class="filter_compare"> ... </div> <div class="filter_constraint"> ... </div> <div class="filter_logic"> ... </div> </div> And I have CSS that applies to each filter (for example): .filter a.filter_delete_link{ display:block; height:16px; background: url('../images/remove_16.gif') no-repeat; padding-left:20px; } However, it seems in IE 7 (and probably 6 for that matter), these styles don't get applied to the new filters. Everything works perfectly in Firefox/Chrome/IE8. Using the IE8 developer tools, set to IE7 mode, the browser can see the new elements, and can see the CSS, but just isn't applying the CSS. Is there a way to force IE to reload styles, or perhaps is there a better way to fix this?

    Read the article

  • Mercurial: pull changes from unversioned copy

    - by Austin Hyde
    I am currently maintaining a Mercurial repository of the project I am working on. The rest of the team, however, doesn't. There is a "good" (unversioned) copy of the code base that I can access by SSH. What I would like to do is be able to do something like an hg pull from that good copy into my master repository whenever it gets updated. As far as I can tell, there's no obvious way to do this, as hg pull requires you have a source hg repository. I suppose I could use a utility like rsync to update my repository, then commit, but I was wondering: Is there was an easier/less contrived way to do this?

    Read the article

  • Advice on a simple Windows Form

    - by Austin Hyde
    I have a VERY simple windows form that the user uses to manage "Stores". Each store has a name and number, and is kept in a corresponding DB table. The form has a listbox of stores, an add button that creates a new store, a delete button, and an edit button. Beside those I have text boxes for the name and number, and save/cancel buttons. When the user chooses a store from the list box, and clicks 'edit', the textboxes become populated and save/cancel become active. When the user clicks 'add', I create a new Store, add it to the listbox, activate the textboxes and save/cancel buttons, then commit it to the database when the user clicks 'save', or discards it when the user clicks 'cancel'. Right now, my event system looks like this (in psuedo-code. It's just shorter that way.) add->click: store = new Store() listbox.add(store) populateAndEdit(store) delete->click: store = listbox.selectedItem db.deleteOnSubmit(store) listbox.remove(store) db.submit() edit->click: populateAndEdit(listbox.selectedItem) save->click: parseAndSave(listbox.selectedItem) db.submit() disableTexts() cancel->click: disableTexts() The problem is in how I determine if we are inserting a new Store, or updating an existing one. The obvious solution to me would be to make it a "modal" process - that is, when I click edit, I go into edit mode, and the save button does things differently than if I were in add mode. I know I could make this more MVC-like, but I don't really think this simple form merits the added complexity. I'm not very experienced with winforms, so I'm not sure if I even have the right idea for how to tackle this. Is there a better way to do this? I would like to keep it simple, but usable.

    Read the article

  • What is operator<< <> in C++?

    - by Austin Hyde
    I have seen this in a few places, and to confirm I wasn't crazy, I looked for other examples. Apparently this can come in other flavors as well, eg operator+ <>. However, nothing I have seen anywhere mentions what it is, so I thought I'd ask. It's not the easiest thing to google operator<< <>( :-)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8  | Next Page >