Search Results

Search found 120608 results on 4825 pages for 'code access security'.

Page 215/4825 | < Previous Page | 211 212 213 214 215 216 217 218 219 220 221 222  | Next Page >

• Is hashing of just "username + password" as safe as salted hashing

  - by randomA

  I want to hash "user + password". EDIT: prehashing "user" would be an improvement, so my question is also for hashing "hash(user) + password". If cross-site same user is a problem then the hashing changed to hashing "hash(serviceName + user) + password" From what I read about salted hash, using "user + password" as input to hash function will help us avoid problem with reverse hash table hacking. The same thing can be said about rainbow table. Any reason why this is not as good as salted hashing?

  Read the article

• Does TDD lead to the good design?

  - by Eugen Martynov

  I'm in transition from "writing unit tests" state to TDD. I saw as Johannes Brodwall creates quite acceptable design from avoiding any of architecture phase before. I'll ask him soon if it was real improvisation or he had some thoughts upfront. I also clearly understand that everyone has experience that prevents to write explicit design bad patterns. But after participating in code retreat I hardly believe that writing test first could save us from mistakes. But I also believe that tests after code will lead to mistakes much faster. So this night question is asking for people who is using TDD for a long time share their experience about results of design without upfront thinking. If they really practice it and get mostly suitable design. Or it's my small understanding about TDD and probably agile.

  Read the article

• Does the deprecation of mysql_* functions in PHP carry over to other Databases(MSSQL)?

  - by MobyD

  I'm not talking about MySQL, I'm talking about Microsoft SQL Server I've been aware of PDO for quite some time now, standard mysql functions are dangerous and should be avoided. http://php.net/manual/en/function.mysql-connect.php But what about the MSSQL function in PHP? They are, for most purposes, identical sets of functions, but the PHP page describing mssql_* carries no warning of deprecation. http://us.php.net/manual/en/function.mssql-connect.php There are PDO drivers available for MSSQL, but they aren't quite as readily available or used as the MySQL drivers. Ideally, it looks to me like I should get them working and move from mssql_* to PDO like I have with MySQL, but is it as big of a priority? Is there some hidden safety to MSSQL that means it's exempt from all of the mysql_* hatred as of late? Or is its obscurity as a backend the only reason there hasn't been more PDO encouragement?

  Read the article

• Website still blocked after hack

  - by dotman14

  I manage a website that was hacked a few months ago (I wasn't the webmaster then), it was running on Joomla. I have manages to redo the website with custom codes (php/mysql), but it still some visitors still complain that their AV blocks them from viewing the website. I have also cleared the former database and anything related to it, contents and the likes. My website is here I have looked for malwares in Google Webmaster but it says there are non Also I checked with Google Safe Browsing Please what could the problem be.

  Read the article

• Anti-cheat Javascript for browser/HTML5 game

  - by Billy Ninja

  I'm planning on venturing on making a single player action rpg in js/html5, and I'd like to prevent cheating. I don't need 100% protection, since it's not going to be a multiplayer game, but I want some level of protection. So what strategies you suggest beyond minify and obfuscation? I wouldn't bother to make some server side simple checking, but I don't want to go the Diablo 3 path keeping all my game state changes on the server side. Since it's going to be a rpg of sorts I came up with the idea of making a stats inspector that checks abrupt changes in their values, but I'm not sure how it consistent and trusty it can be. What about variables and functions escopes? Working on smaller escopes whenever possible is safer, but it's worth the effort? Is there anyway for the javascript to self inspect it's text, like in a checksum? There are browser specific solutions? I wouldn't bother to restrain it for Chrome only in the early builds.

  Read the article

• How to protect a peer-to-peer network from inappropriate content?

  - by Mike

  I’m developing a simple peer-to-peer app in .Net which should enable users to share specific content (text and picture files). As I've learned with my last question, inappropriate content can “relatively” easily be identified / controlled in a centralized environment. But what about a peer-to-peer network, what are the best methods to protect a decentralized system from unwanted (illegal) content? At the moment I only see the following two methods: A protocol (a set of rules) defines what kind of data (e.g. only .txt and jpg-files, not bigger than 20KB etc.) can be shared over the p2p-network and all clients (peers) must implement this protocol. If a peer doesn’t, it gets blocked by other peers. Pro: easy to implement. Con: It’s not possible to define the perfect protocol (I think eMail-Spam filters have the same problem) Some kind of rating/reputation system must be implemented (similar to stackoverflow), so “bad guys” and inappropriate content can be identified / blocked by other users. Pro: Would be very accurate. Con: Would be slow and in my view technically very hard to implement. Are there other/better solutions? Any answer or comment is highly appreciated.

  Read the article

• How do you dive into large code bases?

  - by miku

  What tools and techniques do you use for exploring and learning an unknown code base? I am thinking of tools like grep, ctags, unit-tests, functional test, class-diagram generators, call graphs, code metrics like sloccount and so on. I'd be interested in your experiences, the helpers you used or wrote yourself and the size of the codebase, with which you worked with. I realize, that this is also a process (happening over time) and that learning can mean "can give a ten minute intro" to "can refactor and shrink this to 30% of the size". Let's leave that open for now.

  Read the article

• Hostapd - WLAN as AP

  - by BBK

  I'm trying to start hostapd but without success. I'm using Headless Ubuntu 11.10 oneiric 3.0.0-16-server x86_64. WLAN driver is rt2800usb and my wireless nic card TP-Link TL-WN727N supports AP mode as shows below: us0# ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:27:19:be:cd:b6 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) us0# lsusb Bus 003 Device 003: ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter us0# lshw -C network *-network:3 description: Wireless interface physical id: 4 bus info: usb@3:2 logical name: wlan0 serial: 00:27:19:be:cd:b6 capabilities: ethernet physical wireless configuration: broadcast=yes driver=rt2800usb driverversion=3.0.0-16-server firmware=0.29 link=no multicast=yes wireless=IEEE 802.11bgn us0# hostapd /etc/hostapd/hostapd.conf Configuration file: /etc/hostapd/hostapd.conf Could not read interface wlan0 # The int flags: No such device nl80211 driver initialization failed. ELOOP: remaining socket: sock=4 eloop_data=0xd3e4a0 user_data=0xd3ecc0 handler=0x433880 ELOOP: remaining socket: sock=6 eloop_data=0xd411f0 user_data=(nil) handler=0x43cc10 us0# cat /etc/hostapd/hostapd.conf ssid=Home interface=wlan0 # The interface name of the card #driver=rt2800usb driver=nl80211 macaddr_acl=0 ieee80211n=1 channel=1 hw_mode=g auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=88888888 wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP us0# iw list Wiphy phy0 Band 1: Capabilities: 0x172 HT20/HT40 Static SM Power Save RX Greenfield RX HT20 SGI RX HT40 SGI RX STBC 1-stream Max AMSDU length: 7935 bytes No DSSS/CCK HT40 Maximum RX AMPDU length 65535 bytes (exponent: 0x003) Minimum RX AMPDU time spacing: 2 usec (0x04) HT RX MCS rate indexes supported: 0-7, 32 TX unequal modulation not supported HT TX Max spatial streams: 1 HT TX MCS rate indexes supported may differ Frequencies: * 2412 MHz [1] (20.0 dBm) * 2417 MHz [2] (20.0 dBm) * 2422 MHz [3] (20.0 dBm) * 2427 MHz [4] (20.0 dBm) * 2432 MHz [5] (20.0 dBm) * 2437 MHz [6] (20.0 dBm) * 2442 MHz [7] (20.0 dBm) * 2447 MHz [8] (20.0 dBm) * 2452 MHz [9] (20.0 dBm) * 2457 MHz [10] (20.0 dBm) * 2462 MHz [11] (20.0 dBm) * 2467 MHz [12] (20.0 dBm) (passive scanning, no IBSS) * 2472 MHz [13] (20.0 dBm) (passive scanning, no IBSS) * 2484 MHz [14] (20.0 dBm) (passive scanning, no IBSS) Bitrates (non-HT): * 1.0 Mbps * 2.0 Mbps (short preamble supported) * 5.5 Mbps (short preamble supported) * 11.0 Mbps (short preamble supported) * 6.0 Mbps * 9.0 Mbps * 12.0 Mbps * 18.0 Mbps * 24.0 Mbps * 36.0 Mbps * 48.0 Mbps * 54.0 Mbps max # scan SSIDs: 4 Supported interface modes: * IBSS * managed * AP * AP/VLAN * WDS * monitor * mesh point Supported commands: * new_interface * set_interface * new_key * new_beacon * new_station * new_mpath * set_mesh_params * set_bss * authenticate * associate * deauthenticate * disassociate * join_ibss * Unknown command (68) * Unknown command (55) * Unknown command (57) * Unknown command (59) * Unknown command (67) * set_wiphy_netns * Unknown command (65) * Unknown command (66) * connect * disconnect The question is: Why the hostapd not starting?

  Read the article

• If Expression True in Immediate Window But Code In if Block Never Runs

  - by Julian

  I set a break point in my code in MonoDevelop to break whenever I click on a surface. I then enter the immediate window and test to see if the the if statement will return true in comparing two Vector3's. It does return true. However, when I step over, the code is never run as though the statement evaluated false. Does anyone know how this could be possible? I've attached a screenshot. Here is the picture of my debug window and immediate window. You can see where the immediate window evaluates to true. The second breakpoint is not hit. Here are the details of the two Vector3's I am comparing. Does anyone know why I am experiencing this? It really seems like an anomaly to me :/ Does it have something to do with threading?

  Read the article

• Handling permissions in a MVP application

  - by Chathuranga

  In a windows forms payroll application employing MVP pattern (for a small scale client) I'm planing user permission handling as follows (permission based) as basically its implementation should be less complicated and straight forward. NOTE : System could be simultaneously used by few users (maximum 3) and the database is at the server side. This is my UserModel. Each user has a list of permissions given for them. class User { string UserID { get; set; } string Name { get; set; } string NIC {get;set;} string Designation { get; set; } string PassWord { get; set; } List <string> PermissionList = new List<string>(); bool status { get; set; } DateTime EnteredDate { get; set; } } When user login to the system it will keep the current user in memory. For example in BankAccountDetailEntering view I control the controller permission as follows. public partial class BankAccountDetailEntering : Form { bool AccountEditable {get; set;} private void BankAccountDetailEntering_Load(object sender, EventArgs e) { cmdEditAccount.enabled = false; OnLoadForm (sender, e); // Event fires... If (AccountEditable ) { cmdEditAccount.enabled=true; } } } In this purpose my all relevant presenters (like BankAccountDetailPresenter) should aware of UserModel as well in addition to the corresponding business Model it is presenting to the View. class BankAccountDetailPresenter { BankAccountDetailEntering _View; BankAccount _Model; User _UserModel; DataService _DataService; BankAccountDetailPresenter( BankAccountDetailEntering view, BankAccount model, User userModel, DataService dataService ) { _View=view; _Model = model; _UserModel = userModel; _DataService = dataService; WireUpEvents(); } private void WireUpEvents() { _View.OnLoadForm += new EventHandler(_View_OnLoadForm); } private void _View_OnLoadForm(Object sender, EventArgs e) { foreach(string s in _UserModel.PermissionList) { If( s =="CanEditAccount") { _View.AccountEditable =true; return; } } } public Show() { _View.ShowDialog(); } } So I'm handling the user permissions in the presenter iterating through the list. Should this be performed in the Presenter or View? Any other more promising ways to do this? Thanks.

  Read the article

• HTG Explains: What Is Two-Factor Authentication and Should I Be Using It?

  - by Jason Fitzpatrick

  More and more banks, credit card companies, and even social media networks and gaming sites are starting to use two-factor authentication. If you’re a little unclear on what it is or on why you’d want to start using it, read on to learn how two-factor authentication can keep your data secure. HTG Explains: What Is Two-Factor Authentication and Should I Be Using It? HTG Explains: What Is Windows RT and What Does It Mean To Me? HTG Explains: How Windows 8′s Secure Boot Feature Works & What It Means for Linux

  Read the article

• Google Code Celebrates 5th Anniversary of Open Source Project Hosting

  Storage capacity at Google Code's hosting service is doubled for open source projects in celebration of the service's phenomenal growth.

  Read the article

• How and where do you store your private work/sourcecode?

  - by Amir Rezaei

  I have worked as a developer for over 10 years now. During that time I have had my own small projects where I have developed tools, applications and games. I have not found any robust solution to store my work. It’s always fun to get back to your code and see how you did before and how you would do it now. It’s just work that is unfortunate to lose. There are SVN solution such as Google’s Project Hosting. However I’m not interested in sharing my code or making it open source. Currently I’m hosting my own SVN server. So here comes my question: How and where do you store your private work/sourcecode? Requirements: Sourcecode versioning Backup Prefers free Edit: Remote access Edit: I have used Dropbox + TrueCrypt + SVN. Unfortunately you are limited to 5gb.

  Read the article

• Colleague unwilling to use unit tests "as it's more to code"

  - by m.edmondson

  A colleague is unwilling to use unit tests and instead opting for a quick test, pass it to the users, and if all is well it is published live. Needless to say some bugs do get through. I mentioned we should think about using unit tests - but she was all against it once it was realised more code would have to be written. This leaves me in the position of modifying something and not being sure the output is the same, especially as her code is spaghetti and I try to refactor it when I get a chance. So whats the best way forward for me?

  Read the article

• Switch encoding of terminal with a command

  - by Tomas Lycken

  One of the servers I quite often ssh to uses western encoding instead of utf-8 (and there's no way I can change that). I've started writing a bash script to connect to this server, so I won't have to type out the entire address every time, but I would like to improve this script so it also changes the encoding of the terminal window correctly. The change I need to do can be performed using the mouse by navigating to "Terminal"-"Set Character Encoding..."-"Western (ISO-8859-1)". Is there a terminal command that does the same thing, for the current terminal window/screen? To clarify: I'm not interested in ways of switching the locale of the system on the remote site - that system is administered by someone else, and I have no idea what stuff might depend on the latin-1 encoding there. What I want to do is to let this terminal window on my side switch character encoding to the above mentioned, in the same way I can do with my mouse and the menus.

  Read the article

• .NET - refactoring code

  - by w0051977

  I have inherited and now further develop a large application consisting of an ASP.NET application, VB6 and VB.NET application. The software was poorly written. I am trying to refactor the code as I go along. The changes I am making are not live (they are contained in a folder on my development machine). This is proving to be time consuming and I am doing this along side other work which is the prioritiy. My question is: is this a practical approach or is there a better methodology for refactoring code? I don't have any experience with version control software or source control software and I am wandering if this is what I am missing. I am a sole developer.

  Read the article

• Which tool to use for "home banking"?

  - by Huygens

  I would like to manage my bank accounts in a secure manner on Ubuntu. I saw several applications in the Software Centre, but I don't know which one to choose. I don't need fancy features like stock options. I just have regular accounts which I want to follow, I don't want complicated stuff. As bank data are quite sensitive, I would highly prefer an application that does encryption of the data. Though, if you have a really cool app but it does not have this feature, as long as it offers to store the data in one dedicated place, I could do with encrypting that place. So what tool do you use that could fit my needs?

  Read the article

• How do you dive into large code bases?

  - by miku

  What tools and techniques do you use for exploring and learning an unknown code base? I am thinking of tools like grep, ctags, unit-tests, functional test, class-diagram generators, call graphs, code metrics like sloccount and so on. I'd be interested in your experiences, the helpers you used or wrote yourself and the size of the codebase, with which you worked with. I realize, that this is also a process (happening over time) and that learning can mean "can give a ten minute intro" to "can refactor and shrink this to 30% of the size". Let's leave that open for now.

  Read the article

• After Installation Whole Disk Encryption? 12.04

  - by Luke

  I know some fragments of this question have been asked in previous posts and I have reviewed them - however I have a more thorough question... I did not choose to do whole disk encryption when I used the alternative installer to install my 12.04 distro. I thought that truecypt worked with linux on system drive (whole disk) encryption - but sadly found out it did not. I have totally tweaked and pimped out my installation and I do not want to have to go back and "install" to just get whole disk encryption. Any alternatives that anyone knows of? I don't want just /home... I want the whole system installation protected and made secure so that when I boot I get a password to unencrypt.

  Read the article

• A good tool for browser automation/client-side Web scripting

  - by hardmath

  I'm interested in adopting a tool/scripting language to automate some daily tasks connected with fighting forum spammers. A brief overview of these tasks: analyze new registrations and posts on a phpBB forum, and delete or deactivate spammers using a website/community that collects such spam reports. Typically such automation is integrated into the phpBB installation itself, which certainly has its advantages. My approach has the advantage of independent operation, etc. One way to think about this is in terms of browser automation. I've used iOpus iMacros for Firefox (the free version) in the past to respond to individual spammers, but current attacks are highly distributed. My "logic" for pigeonholing spammers vs. nonspammers seems beyond the easy reach of the free version of iMacros. From a more technical perspective one can think about dispensing with the browser altogether and programming GET/POST requests directed to my forum and other Web-based resources. I'm familiar with some scripting languages like Ruby and Lua, but I could be persuaded that a compiled application is better suited for these tasks. However in my experience the dynamic flexibility of interpreted environments is very useful in prototyping and debugging the application logic. So I'm leaning in the direction of scripting languages. Among browsers I favor Firefox and Chrome. I use both Windows and Linux platforms, and if the tool can adapt to an Android platform, it would make a neat demonstration of skills, yes? Thanks in advance for your suggestions!

  Read the article

• Difference between jquery.clone() and simple concatenation of string [closed]

  - by Francis Cebu

  Which of the following code samples is faster in generating HTML code using jQuery? Sample 1: var div = $("<div>"); $.each(data,function(count,item){ var Elem = div.clone().addClass("message").html(item.Firstname); $(".container").append(Elem); }); Sample 2: $.each(data,function(count,item){ var Elem = "<div class = 'Elem'>" + item.Firstname + "</div>"; $(".container").append(Elem); });

  Read the article

• Can a programmer get too smart for their own good?

  - by P.Brian.Mackey

  The more I learn about programming, the more things I see that could be improved by a great deal. Often, a companies process management is total SWAG or they have Frames based websites written recently, .NET 1.1 based code, no separation of concerns, poor quality control...I could go on and on and on... Projects can succeed, but there tends to be so much waste I am amazed at how much time and money a company can throw away. I've seen it happen at several companies. So is it that ignorance truly is bliss? UPDATE Question "How is it that top developers (I don't mean like Jon Skeet level, I mean guys who are dedicated enough to hit a forum and try for self-improvement) even want to code anymore after they see the often insurmountable sociological and technical problems they are told to fix, but then scolded for doing so? "

  Read the article

• Imitating Exchange Server's "RBAC AuthZ" in my own application... (is there something similar?)

  - by makerofthings7

  Exchange 2010 has a delegation model where groups of winrm cmdlets are essentally grouped into roles, and the roles assigned to a user. (Image source) This is a great & flexible model considering how I can leverage all the benefits of PowerShell, while using the right low level technologies (WCF, SOAP etc), and requiring no additional software on the client side. (Image source) Question(s) Is there a way for me to leverage Exchange's delegation model in my .NET application? Has anyone attempted to imitate this model? If I must start from scratch, how would I go about imitating this approach?

  Read the article

• Hide admin menu if no admin option is available

  - by Jorge

  If you have a menu "Admin tasks" and different admin tasks (like 10) that you could separately assign to each user, but there are users who don't have any admin tasks, how would you deal with "Hiding admin menu" for those users? I was thinking of 3 ways: 1) Javascript, check if Admin menu is empty and then hide it. 2) Check for all permissions in Admin menu, with a counter, and show it if counter 0. And then also re-check the permissions for each item to show. 3) Save all permissions in associative array. Test all and assign ' true' to granted items. When building the menu, have a function that tests if there is at least one permission granted. I wouldn't need to re-check permissions against DB, just against the array for each item. Is there any better way?

  Read the article

• managing information/functionality on shared common project classes

  - by ilansch

  In my company, we have a common solution the contains common projects (2 projects so far, one for .net 3.5 and one for .net 4.5). My main problem is that during time, a lot of code is added, for example hosting a process as windows service is a class called ServiceManagement, But no one but the developer knows it, and if someone wants to use this shared class, he does not know it exist. So i am looking for a way to document and manage all the classes with tags, a 3rd party util/web util, that i can search for tags and maybe find common classes that i can use (if we keep all our code well-documented). Does anyone familiar with sort of tools ?

  Read the article

< Previous Page | 211 212 213 214 215 216 217 218 219 220 221 222  | Next Page >