Search Results

Search found 26207 results on 1049 pages for 'django users'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 207/1049 | < Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >

  • How do I keep users from spoofing data through a form?

    - by Jonathan
    I have a site which has been running for some time now that uses a great deal of user input to build the site. Naturally there are dozens of forms on the site. When building the site, I often used hidden form fields to pass data back to the server so that I know which record to update. an example might be: <input type="hidden" name="id" value="132" /> <input type="text" name="total_price" value="15.02" /> When the form is submitted, these values get passed to the server and I update the records based on the data passed (i.e. the price of record 132 would get changed to 15.02). I recently found out that you can change the attributes and values via something as simple as firebug. So...I open firebug and change the id value to "155" and the price value to "0.00" and then submit the form. Viola! I view product number 155 on the site and it now says that it's $0.00. This concerns me. How can I know which record to update without either a query string (easily modified) or a hidden input element passing the id to the server? And if there's no better way (I've seen literally thousands of websites that pass the data this way), then how would I make it so that if a user changes these values, the data on the server side is not executed (or something similar to solve the issue)? I've thought about encrypting the id and then decrypting it on the other side, but that still doesn't protect me from someone changing it and just happening to get something that matches another id in the database. I've also thought about cookies, but I've heard that those can be manipulated as well. Any ideas? This seems like a HUGE security risk to me.

    Read the article

  • Setting up Mac OSX build server for multiple users?

    - by MGA
    Hello, I need to set up a OS X build server (Xcode for iOS development). Now the tricky part is, this server will be used in a university environment and many students will have access to it for different projects. How can I set it up so that each student's project is private to them only, keep the server itself protected from students and enable students to access and build remotely. I am not very familiar with the Mac OS X environment so any help would be greatly appreciated! Thank you

    Read the article

  • Mysql query in drupal database - groupwise maximum with duplicate data

    - by nselikoff
    I'm working on a mysql query in a Drupal database that pulls together users and two different cck content types. I know people ask for help with groupwise maximum queries all the time... I've done my best but I need help. This is what I have so far: # the artists SELECT users.uid, users.name AS username, n1.title AS artist_name FROM users LEFT JOIN users_roles ur ON users.uid=ur.uid INNER JOIN role r ON ur.rid=r.rid AND r.name='artist' LEFT JOIN node n1 ON n1.uid = users.uid AND n1.type = 'submission' WHERE users.status = 1 ORDER BY users.name; This gives me data that looks like: uid username artist_name 1 foo Joe the Plumber 2 bar Jane Doe 3 baz The Tooth Fairy Also, I've got this query: # artwork SELECT n.nid, n.uid, a.field_order_value FROM node n LEFT JOIN content_type_artwork a ON n.nid = a.nid WHERE n.type = 'artwork' ORDER BY n.uid, a.field_order_value; Which gives me data like this: nid uid field_order_value 1 1 1 2 1 3 3 1 2 4 2 NULL 5 3 1 6 3 1 Additional relevant info: nid is the primary key for an Artwork every Artist has one or more Artworks valid data for field_order_value is NULL, 1, 2, 3, or 4 field_order_value is not necessarily unique per Artist - an Artist could have 4 Artworks all with field_order_value = 1. What I want is the row with the minimum field_order_value from my second query joined with the artist information from the first query. In cases where the field_order_value is not valuable information (either because the Artist has used duplicate values among their Artworks or left that field NULL), I would like the row with the minimum nid from the second query.

    Read the article

  • How to create a Windows GUI with a file explorer window, allowing users to choose files?

    - by Badri
    Here's what I want to do. I want to present a file explorer, and allow the user to select files, and list the selected files below. (I then want to process those files but that's the next part) For example, the way CD Burning softwares work. I have created a mock up here http://dl.dropbox.com/u/113967/Mockup.png As you can see, the left frame has a directory structure, the right frame has a file selected, and the bottom frame shows the selected file. What framework can I go about creating this? I am familiar with command line C++ stuff, but I haven't ventured into any GUI programming, and figured this idea would be a good place to start. Any suggestions on where to start?

    Read the article

  • MVC3 View For Loop values initialization

    - by Ryan
    So I have a for loop in my View that is supposed to render out the input boxes. Now inside these input boxes I want to put lables that disappear when you click on them. This is all simple. Now it's probably because my brain was wired for php first, and it has been difficult to get it to think in lambdas and object orientation, but I can't figure out how to do this: @{ for (int i = 0; i < 3; i++) { <div class="editor-label grid_2">User</div> Model.Users[i].UserFirstName = "First Name"; Model.Users[i].UserLastName = "Last Name"; Model.Users[i].UserEmailAddress = "Email Address"; <div class="grid_10"> @Html.TextBoxFor(m => Model.Users[i].UserFirstName, new { @class = "user-input" }) @Html.TextBoxFor(m => Model.Users[i].UserLastName, new { @class = "user-input" }) @Html.TextBoxFor(m => Model.Users[i].UserEmailAddress, new { @class = "user-input-long" }) @Html.CheckBoxFor(m => Model.Users[i].IsUserAdmin) <span>&nbsp;admin?</span> </div> <div class="clear"> </div> } } And initialize the values for the users. And you're probably thinking "Of course that won't work. You're going to get a Null Reference Exception", and you would be correct. I might need to initialize them somewhere else and I don't realize it but I'm just not sure. I've tried the [DefaultValue("First Name")] route and that doesn't work. I'm probably thinking about this wrong, but my brain is already shot from trying to figure out how to wire up these events to the controller, so any help would be appreciated!

    Read the article

  • How to safely let users run arbitrary Ruby code?

    - by igul222
    I realize this sounds a little crazy, but I'm working on a project for which I need a server to run user-provided Ruby code and return the result. I'm looking to prevent something like this: system("rm -rf /") eval("something_evil") # etc... I'm sure there must be some reasonably safe way to do this, as it already exists at places like tryruby.org. Any help is greatly appreciated, thanks!

    Read the article

  • How can I deny users to add/modify/remove printers to cups ?

    - by ajcaruana
    Hi, I am using Mac OS X 10.6. I wrote a program which will add and remove printers to a CUPS server using libcups. It works, but now I am considering the security aspects. This program takes a user name and password to authenticate on the CUPS server. Whatever user name and password I use, it works as long as it is valid on the system. How do I restrict access to only a specific user ? Regards Alan

    Read the article

  • How do I list all cron jobs for all users?

    - by yukondude
    Is there a command or an existing script that will let me view all of a *NIX system's scheduled cron jobs at once? I'd like it to include all of the user crontabs, as well as /etc/crontab, and whatever's in /etc/cron.d. It would also be nice to see the specific commands run by run-parts in /etc/crontab. Ideally, I'd like the output in a nice column form and ordered in some meaningful way. I could then merge these listings from multiple servers to view the overall "schedule of events." I was about to write such a script myself, but if someone's already gone to the trouble...

    Read the article

  • Looking for an email template engine for end-users ...

    - by RizwanK
    We have a number of customers that we have to send monthly invoices too. Right now, I'm managing a codebase that does SQL queries against our customer database and billing database and places that data into emails - and sends it. I grow weary of maintaining this every time we want to include a new promotion or change our customer service phone numbers. So, I'm looking for a replacement to move more of this into the hands of those requesting the changes. In my ideal world, I need : A WYSIWYG (man, does anyone even say that anymore?) email editor that generates templates based upon the output from a Database Query. The ability to drag and drop various fields from the database query into the email template. Display of sample email results with the database query. Web application, preferably not requiring IIS. Involve as little code as possible for the end-user, but allow basic functionality (i.e. arrays/for loops) Either comes with it's own email delivery engine, or writes output in a way that I can easily write a Python script to deliver the email. Support for generic Database Connectors. (I need MSSQL and MySQL) F/OSS So ... can anyone suggest a project like this, or some tools that'd be useful for rolling my own? (My current alternative idea is using something like ERB or Tenjin, having them write the code, but not having live-preview for the editor would suck...)

    Read the article

  • How would I change the DocumenRoot on the version of Apache that came pre-installed on my Mac OS X s

    - by racl101
    OK, so I want to take advantage of the Apache server that comes installed on my Mac OS X system (which means, I would like not to have to install my own version of Apache since I might as well tryto use what comes bundled), and as such, I went to change some settings in the configuration file: /etc/apache2/httpd.conf Namely, I changed the these two lines: DocumentRoot "/Users/myusername/Sites" <Directory "/Users/myusername/Sites"> So that they initially pointed to a folder in my Dropbox folder (so I could have my docs sync to my Dropbox): DocumentRoot "/Users/myusername/Dropbox/public_html" <Directory "/Users/myusername/Dropbox/public_html"> That didn't work. So then I figured, ok maybe it was too much to ask to make folder in my Dropbox be my document root. So then I thought, what if I make the Document root another folder of my choosing like so: DocumentRoot "/Users/myusername/dev-sites/public_html" <Directory "/Users/myusername/dev-sites/public_html"> and that didn't work either. After looking within the httpd.conf file for clues it seems that only two directories appear to work as Document root paths for the Apache that comes bundled with Mac OS X: /Users/myusername/Sites (or ~/Sites) and /Library/WebServer/Documents/ But trying to use any other directories didn't seem to work. I would get 403 errors on my browser. I was wondering if there was some other settings to change on the httpd.conf file or any permissions to set to make this work. Any help would be appreciated and many thanks in advance.

    Read the article

  • Best directory to store application data with read\write rights for all users?

    - by Wodzu
    Hi guys. Until Windows Vista I was saving my application data into the directory where the program was located. The most common place was "C:\Program Files\MyApplication". As we know, under Vista and later the common user does't have rights to write under "Program Files" folder. So my first idea was to save the application data under "All Useres\Application Data" folder. But it seams that this folder has writing restrictions too! So to sum up, my requirements are: Folder should exist under Windows XP and above Microsoft's systems. All useres of the system should read\write\creation rights to this folder and it subfolders and files. I want to have only one copy of file\files for all useres. Thanks for your time.

    Read the article

  • Linux shell to restrict sftp users to their home directories?

    - by hfidgen
    I need to give SFTP access to a directory within my webroot on my server. I've set up ben_files as a user and have set his/her home directory to /var/www/vhosts/mydomain.com/files That's all fine if he/she connects with plain old FTP - he's/she's restricted just to that directory, but to enable SFTP I had to add him/her to bin/bash shell, which suddenly opens up my entire server... Is there a way of giving him/her SFTP access but without opening up all my directories? I'd really like him restricted to only his/her home ;)

    Read the article

  • How to use urllib2 when users only have a API token?

    - by jorrebor
    how would i tranfoms this curl command: curl -v -u 82xxxxxxxxxxxx63e6:api_token -X GET https://www.toggl.com/api/v6/time_entries.json into urlib2? I found this tutorial: http://www.voidspace.org.uk/python/articles/authentication.shtml but they use a password and username. I can only use an API token. Thank you. see also this question: Urllib2 raises 403 error while the same request in curl works fine

    Read the article

  • How can I allow only privledged users to download a pdf with php?

    - by ThinkingInBits
    Lets say I have some pdf files stored on my server and I only want to allow a person who's paid have access to download a particular pdf. So for an example, let's say I have a bunch of e-books. The only way a user would be able to download e-book A is if his account contains the right credentials for that particular book. What's the best way to accomplish this? Any ideas/advice on how to improve my idea are greatly appreciated! My current idea: A user places an order Upon success, a new folder would be created by their /account_num/order_id/ A copy of the particular file would be stored in this directory Have php generate an .htaccess that would only allow access from a url that contains a random hash embedded into it. The only way a user would be able to access this random hashed page is if they are signed in as the right user, and the hash matches up with the hash stored in the database, otherwise they are redirected to home page.

    Read the article

  • Who owns forum users or are user grabbers legal?

    - by Eugene
    Hi, I am not very strong in "legal or not" questions so I hope someone can help me here. How legal is the following: I create my forum, then choose a random existing forum (not mine), take a user from that forum (username, avatar, etc) and create an identical account at my forum. I know that this is extremely hard to prove and everything but anyway: how legal are the described actions? Thanks!

    Read the article

  • ASP.Net - How do I allow users to enter html tags in textbox without runtime errors?

    - by Coder
    I have an input textbox on an asp.net page and when a user inputs any tags like break tags or bold an error occurs. I currently am using the following to encode the input: Server.HtmlEncode(mytextbox.Text) However this only encodes characters when they aren't phrased as an html tag, like if the input is "<<<" is there a way for me to allow the user to put the tags in without it leading to a runtime error? Thanks.

    Read the article

  • how can cookies track users despite same origin policy?

    - by user1763930
    Article here discusses tactics used by political campaigns. http://www.nytimes.com/2012/10/14/us/politics/campaigns-mine-personal-lives-to-get-out-vote.html The part in question is quoted: The campaigns have planted software known as cookies on voters’ computers to see if they frequent evangelical or erotic Web sites for clues to their moral perspectives. Voters who visit religious Web sites might be greeted with religion-friendly messages when they return to mittromney.com or barackobama.com. How is that possible? I thought all modern browsers have same origin policy security where website A doesn't have access to any information about other website B, website C, etc. The article makes it sound like a user browses: 1. presidentialcandidate.com 2. website2.com 3. website3.com 4. website4.com 5. presidentialcandidate.com How can a cookie from visit #1 know track user history and be revealed in visit #5?

    Read the article

  • Does RAID negatively affect non-RAID devices?

    - by Django Reinhardt
    I am running Windows 8 on an SSD, and it's all running swimmingly, but I want to store documents on two HHDs (not SDDs) running under RAID 1. My motherboard has two SATA controllers, both set to AHCI. On the 3GB/s controller, all four ports are used (1 Bluray Optical Drive, 1 Spare HD, and the 2 I wish to turn into a RAID 1 drive). Windows is on the 6GB/s controller. Like so: So my question is: If I turn these four ports (on the 3GB/s controller) into a RAID controller, will that negatively affect the non-RAID hardware plugged into it? I.e. Will the HDD or Bluray drive be slower/incompatible with being plugged into a non-AHCI controller? Thanks.

    Read the article

  • Allow users to pull temporary data then delete table?

    - by JM4
    I don't know the best way to title this question but am trying to accomplish the following goal: When a client logs into their profile, they are presented with a link to download data from an existing database in CSV format. The process works, however, I would like for this data to be 'fresh' each time they click the link so my plan was - once a user has clicked the link and downloaded the CSV file, the database table would 'erase' all of its data and start fresh (be empty) until the next set of data populated it. My EXISTING CSV creation code: <?php $host = 'localhost'; $user = 'username'; $pass = 'password'; $db = 'database'; $table = 'tablename'; $file = 'export'; $link = mysql_connect($host, $user, $pass) or die("Can not connect." . mysql_error()); mysql_select_db($db) or die("Can not connect."); $result = mysql_query("SHOW COLUMNS FROM ".$table.""); $i = 0; if (mysql_num_rows($result) > 0) { while ($row = mysql_fetch_assoc($result)) { $csv_output .= $row['Field'].", "; $i++; } } $csv_output .= "\n"; $values = mysql_query("SELECT * FROM ".$table.""); while ($rowr = mysql_fetch_row($values)) { for ($j=0;$j<$i;$j++) { $csv_output .= '"'.$rowr[$j].'",'; } $csv_output .= "\n"; } $filename = $file."_".date("Y-m-d",time()); header("Content-type: application/vnd.ms-excel"); header("Content-disposition: csv" . date("Y-m-d") . ".csv"); header( "Content-disposition: filename=".$filename.".csv"); print $csv_output; exit; ?> any ideas?

    Read the article

  • How to let users with required permission download a file via php?

    - by Yegor
    I have a php file that acts as a gatekeeper for all the files I want people to download, who ahve sufficient privilages. The code I use throw the file to the user is header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header("Content-disposition: attachment; filename=\"".$public_filename."\""); header("Content-Transfer-Encoding: Binary"); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header("Content-length: ".$f_filesize); readfile($file_path); Most files are fairly large.... 400mb-10GB. What would be a good way to do this, and keep the true locations + filenames secret, so people cant just link to the files directly, but HAVE to link thru my download.php?file=ID gatekeeper? Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 203 204 205 206 207 208 209 210 211 212 213 214  | Next Page >