Search Results

Search found 8253 results on 331 pages for 'secure coding'.

Page 231/331 | < Previous Page | 227 228 229 230 231 232 233 234 235 236 237 238 | Next Page >

Are SqlCipher open cursors a security concern?

- by user1178479

I'm using SqlCipher with content providers. Right now, when I want to lock the app I just clear out the cached password. However, the app can continue to work with any open cursors. This means that re-opening the app grants access to the sensitive data. I fix this issue on the surface by redirecting to a login screen if the app doesn't have passwords. However, I'm concerned if there are any security issues with these open cursors or if I should just continue to block UI access and not worry? SqlCipher's docs say that it reads/writes encrypted pages on the fly, as opposed to decrypting the entire DB, this makes me think that open cursors are still secure. The main concern here is that someone loses their phone and then a knowledgeable individual can use these open cursors to extract sensitive data.

Read the article
using a test account for in app purchases??

- by hemant

i created in app purchases in my application.But still my test account doesn’t work fine. When i test my application using test account the sandbox environment asks me to buy the product and after buying it asks me to buy the product again straightaway. Is it some problem while using test accounts or is there a problem in my coding?? this is my first application and figuring out in app purchases for your application can be really hard at times. i have 4 products and this happens only with 1 or 2 products and rest work fine. So i am sure the in app purchases is fine but cant figure out what could be wrong??

Read the article
Creating An Utilities Class?

- by Soo

Hello SO, I'm very new to OOP and am trying my hardest to keep things strictly class based, while using good coding priciples. I'm a fair ways into my project now and I have a lot of general use methods I want to put into an utilities class. Is there a best way to create an utilities class? public class Utilities { int test; public Utilites() { } public int sum(int number1, int number2) { test = number1+number2; } return test; } After creating this Utilities class, do I just create an Utilities object, and run the methods of my choosing? Do I have this Utilities class idea correct?

Read the article
RequireHttpsAttribute and Encrypted Request Data

- by goatshepard

I have a controller action that is accepting sensitive data. public ActionResult TakeSensitiveData(SensitiveData data){ data.SaveSomewhere(); } To ensure the data is secure I want to be certain requests are made using HTTPS (SSLv3, TLS 1). One of the approaches I've considered using was the RequireHttpsAttribute on my action: [RequireHttps] public ActionResult TakeSensitiveData(SensitiveData data){ data.SaveSomewhere(); } However, upon testing this I fiddler revealed that an HTTP request made to the action is 302 redirected to HTTPS. My question is this: If I've made a request that is 302 redirected to HTTPS haven't I already sent the sensitive data over HTTP before the redirect?

Read the article
Prevent PHP sesison hijack, are these good ideas?

- by matthew Rhodes

I'm doing a simple shopping cart for a small site. I plan to store cart items as well as logged in user_id in session variables. to make things a little more secure, I thought I'd do this: sha1() the user_id before storing it in the session. Also sha1() and store the http_user_agent var with some salt, and check this along with the user_id. I know there is more one can do, but I thought this at least helps quite a bit right? and is easy for me to implement.

Read the article
analyzing hashes

- by calccrypto

Is anyone willing to devote some time to helping me analyze a (hopefully cryptographically secure) hash? I honestly have no idea what im doing, so i need someone to show me how to, to teach me. almost all of the stuff ive found online have been really long, tedious, and vague the code is in python because for some reason i dont know c/c++. all i know about the hash: 1. there are no collisions (so far) and 2. differences between two similar inputs results in wildly different differences and please dont tell me that if i dont know what im doing, i shouldnt be doing it.

Read the article
Android programming: Authentication and data exchange with Java EE

- by Konsumierer

I am having a Java application running in a Tomcat server using Spring, Hibernate, etc. and a two web interfaces, one implemented in Tapestry 5 and the other one using Flex with BlazeDS and Spring-BlazeDS. In my first android application I would now like to log in to the server and retrieve some data. I´m wondering how I could achieve this in a secure way. First of all I need to know which technology is the best to retrieve data from the server and how can I restrict the access to users only that have been successfully authenticated. With what I read until now I would try to implement a HTTPServlet on the server and make server calls via HTTP Client. In the servlet I could probably use the HTTPSession to check if the request comes from an authenticated user. And the data I would try to send serialized (JSON). Unfortunately, I´ve never done those things and maybe I´m on the wrong way and there are more comfortable solutions.

Read the article
How to get back to auto-completion after misspelling of a methodname in Eclipse?

- by Jonas

When I am coding Java in Eclipse I like the auto-completion feature. With that I mean the popup with method-names that comes when you start typing in a method name for an object. Or maybe it's called something different, i.e. method-suggestions? But the popup is hidden if I misspells a method name, and it doesn't come back if I delete the misspelled part of the method name. Is there any way to get back the popup after a misspelling without starting to type in the hole methodname again?

Read the article
Blackbery Axis IP camera Suggestions

- by user440541

hello Everyone well i am making an application of IP camera for Blackberry all models. i have gathered all the information regarding coding. now i just wanted a bit of ur help. please guide me through some of the APIs for java through which i could implement live Ip camera video streaming in blackberry. and also some of the references through which i could get help . m new in here pleae guide me thru this everyone. i will be v thankful to u . regards. Thanks a bunch in advance.....

Read the article
How to handle User Authentication for program in client’s local machine?

- by Daniel

Which user authentication scheme could be used at following scenario? 1.Application A developed by my company is installed at user's local computer. 2.Users login at my company's website. 3.If login is successful, access to the application A in user's local machine is granted. The development environment is .NET. Is there a secure way to authenticate the user to access the application? I've thought about encrypting the login information entered at the website, and then sending that information to the program at user's local machine for authentication. but I think as long as the client program has the decrypting ability, it is vulnerabe to decompiling,etc. Thanks in advance!

Read the article
How do I display the current value of an Android Preference in the Preference summary?

- by nyenyec

This must come up very often. When the user is editing preferences in an Android app, I'd like them to be able to see the currently set value of the preference in the Preference summary. Example: if I have a Preference setting for "Discard old messages" that specifies the number of days after which messages need to be cleaned up. In the PreferenceActivity I'd like the user to see: "Discard old messages" <- title "Clean up messages after x days" <- summary where x is the current Preference value Extra credit: make this reusable, so I can easily apply it to all my preferences regardless of their type (so that it work with EditTextPreference, ListPreference etc. with minimal amount of coding).

Read the article
Sending object C from class A to class B

- by user278618

Hi, I can't figure out how to design classes in my system. In classA I create object selenium (it simulates user actions at website). In this ClassA I create another objects like SearchScreen, Payment_Screen and Summary_Screen. # -*- coding: utf-8 -*- from selenium import selenium import unittest, time, re class OurSiteTestCases(unittest.TestCase): def setUp(self): self.verificationErrors = [] self.selenium = selenium("localhost", 5555, "*chrome", "http://www.someaddress.com/") time.sleep(5) self.selenium.start() def test_buy_coffee(self): sel = self.selenium sel.open('/') sel.window_maximize() search_screen=SearchScreen(self.selenium) search_screen.choose('lavazza') payment_screen=PaymentScreen(self.selenium) payment_screen.fill_test_data() summary_screen=SummaryScreen(selenium) summary_screen.accept() def tearDown(self): self.selenium.stop() self.assertEqual([], self.verificationErrors) if __name__ == "__main__": unittest.main() It's example SearchScreen module: class SearchScreen: def __init__(self,selenium): self.selenium=selenium def search(self): self.selenium.click('css=button.search') I want to know if there is anything ok with a design of those classes?

Read the article
Collectable<T> serialization, Root Namespaces on T in .xml files.

- by Stacey

I have a Repository Class with the following method... public T Single<T>(Predicate<T> expression) { using (var list = (Models.Collectable<T>)System.Xml.Serializer.Deserialize(typeof(Models.Collectable<T>), FileName)) { return list.Find(expression); } } Where Collectable is defined.. [Serializable] public class Collectable<T> : List<T>, IDisposable { public Collectable() { } public void Dispose() { } } And an Item that uses it is defined.. [Serializable] [System.Xml.Serialization.XmlRoot("Titles")] public partial class Titles : Collectable<Title> { } The problem is when I call the method, it expects "Collectable" to be the XmlRoot, but the XmlRoot is "Titles" (all of object Title). I have several classes that are collected in .xml files like this, but it seems pointless to rewrite the basic methods for loading each up when the generic accessors do it - but how can I enforce the proper root name for each file without hard coding methods for each one? The [System.Xml.Serialization.XmlRoot] seems to be ignored.

Read the article
Run java with highest security setting

- by Ankiov Spetsnaz

I'm currently writing an in house coding challenge web application and I am wondering if there is any other security precaution I would need to have other than below java option at runtime. java -Djava.security.manager=default Basically, challenges would be more of single threaded math and algorithm focused. So I would need to enable basic data structure objects and disable any file, sockets, threading or any thing that might be not so important. Based on my quick search turning on security manager as above seems to be a solution but since this is a security related I would like to be sure before it goes alive. Is there anything else I could do more?

Read the article
Object-oriented Programming - need your help

- by wanderameise

hey folks, I try to realize a little game project to dive deeper into OO programming (winforms c++/cli). I already started coding but now I´d like to make a re-design. For the beginning the game should consist of four parts like game-engine, user interface, highscore and playground. Heres a little (non-UML-conform) class diagramm to visualize my purposes http://i.imgur.com/lmpwj.png Would this be the right way? In my eyes the game engine is responsible to control the game sequences (state machine?) and exchanges information betweens all other classes. I appreciate any help!

Read the article
new with exception with Microsoft

- by wsd

As I'm coding for both Windows and Linux, I have a whole host of problems. Microsoft Visual C++ has no stdint header, but for that I wrote my own. Now I found out that MS C++'s new operator does not throw an exception, so I want to fix this a quickly as possible. I know I can define a Macro with Parameters in Parenthesis, can I define a macro that replaces MyClass x = new MyClass(); with #ifdef MSC_VER if(!(MyClass x = new MyClass()) { throw new std::bad_alloc(); } #else MyClass x = new MyClass(); #endif (or something equivalent), AND works in BOTH MS C++ and G++ ? Or alternatively if that is not possible, a batch file to run over the Code to do this? I have become rather dependent on this exception being thrown.

Read the article
Two collections manyToOne to same primary key

- by Ethiel

Hi, guys, I'm coding a web page in Hibernate-JPA and Oracle. I need the following: I have two classes: Place and Home. I need two collections of type Place in every Home: I do the following: Home: @ManyToOne @JoinColumn(name="ID_PLACES") private List<Places>places1; @ManyToOne @JoinColumn(name="ID_PLACES") private List<Places>Places2; However, hibernate got an exception (repeated column) and forces to me to mapping with insert and update to false. How Can I get Two ManyToOne relationship to same primary key with insert a true?.

Read the article
BlackBerry Technical Specification

- by Sam

I'm having trouble locating BlackBerry techical specifications and their website is a mess. They also don't have a number that I can use to easily contact them. This isn't exactly a coding question, but what does the BlackBerry audio API look like, and where can I get technical specifications on audio? Specifically, I'm trying to find out more information on Audio-In, specifically, through the Mic-In on the 3.5 mm jack. Unfortunately, before I can proceed, I need to know such things like sampling rate, data width, etc. Direction to the right resource or if you know off of the top of your head is appreciated.

Read the article
Where does one enter the JavaScript code in CRM Dynamics?

- by Konrad Viltersten

I've started to play with CRM Dynamics yesterday so this question should be seen as a very basic one. I've been coding for many years but CRM D is news to me. Apparently, one is supposed to be able to enter JavaScript code to customize the behavior of the application. I've understood that there's an API for that and that touching DOM directly or playing with jQuery is a no-no. Question: Where is the JS-code supposed to be entered? I've gone through all the menus but as far I can see, there's no spot where I could plug-in my custom code. E.g.: Where do I get to define a validation for the last name of a contact currently being defined?

Read the article
bulk update/delete entities of different kind in db.run_in_transaction

- by Ray Yun

Here goes pseudo code of bulk update/delete entities of different kind in single transaction. Note that Album and Song entities have AlbumGroup as root entity. class AlbumGroup: pass class Album: group = db.ReferenceProperty(reference_class=AlbumGroup,collection_name="albums") class Song: album = db.ReferenceProperty(reference_class=Album,collection_name="songs") def bulk_update_album_group(album_group): updated = [album_group] deleted = [] for album in album_group.albums: updated.append(album) for song in album.songs: if song.is_updated: updated.append(song) if song.is_deleted: deleted.append(song) db.put(updated) db.delete(deleted) a = AlbumGroup.all().filter("...").get() # bulk update/delete album group. for simplicity, album cannot be deleted. db.run_in_transaction(bulk_update_album_group,a) But I met a famous "Only Ancestor Queries in Transactions" error at the iterating reference properties like album.songs or album_group.albums. I guess ancestor() filter does not help because those entities are modified in memory. Should I not to iterate reference property in transaction function and always provide them as function parameters like def bulk_update_album_group(updated,deleted): ??? Is there any good coding pattern for this situation?

Read the article
What is a good practice for handling SQL connections within a WCF call?

- by Rising Star

Suppose I want to create a (stateless) WCF service with three methods exposed on an endpoint: performSqlOperationA(), performSqlOperationB(), and performSqlOperationC(). Each method inserts data into a SQL database. The way I've seen things done at my office, each method would begin with code to initialize a SqlConnection object. Each method would end with code to safely dispose it. What is a good practice for coding these WCF methods so that the SqlConnection object is initialized and disposed in each method without having to do these things in each method? I know that I can have the connection initialized in the constructor for the class for the WCF methods, but I don't know about disposing it... The calls cannot be wrapped in a using block. One solution I'm familiar with is PostSharp, which allows me to set an attribute which causes specific code to automatically run at the beginning and end of each method call, but it would be greatly preferable to do this with only the .net framework.

Read the article
Managed C++ prospects

- by Srikanth

Has anyone tried coding in managed C++? I have a few questions : How productive is the language compared to C#? Is there any restriction on type of projects that can be written? Can we write a web application in managed C++? Is it possible to mix managed and unmanaged C++ code in one application? Is MFC still valid in managed C++? Will it be the best option when considering migration of a VC++ application?

Read the article
How to debug this?

- by LeonixSolutions

I have an application which takes measurements every second (I am running it in demo mode & generating random data, so the problem is not to do with reading from devices attached to the serial port). After 5 or 6 minutes it hangs. I have added try // entire body of procedure/function goes here except on E: Exception do begin MessageDlg('Internal coding error in <function name>()', mtError, [mbOK], 0); end; end; to every single function (and Application.Run() in the project file), but I don't see any message dialogs. Any idea how I can test this?

Read the article
Implementation Details as a "Document" ( In generic terms) - Python, C++

- by mgj

Hi..:) For documentation and presentation purposes, we often find professionals/students creating SRS, coding guidelines etc. for these things there is some kind of a checklist which one could use to appropriately match what could relate to a specific case and accordingly one does a documentation for each. On those grounds could you please give me some sort of a checklist( any points/guidelines) one could use for going about Implementation( in the form of Implementation Details) in Python and C++ . Although this might sound specific as the query is "Implementation Details" and is different for different cases as one goes about the REAL implementation, I just want a SET of guidelines one should follow ( Preferably In Python, C++ specific, even for any other language is Welcome) if this( Implementation Details ) has to also be documented or presented. Hope the question is clear, I am sorry if it still sounds ambiguous, I guess this is the best I could do to frame my query. Thank you for your time...:)

Read the article
Validating/Allowing YouTube Embed Code

- by mellowsoon

Hi, hopefully this is a simple question. I have a simple custom forum on my site written in PHP. For security reasons I don't allow any HTML in the forum posts. I only allow certain BBCode tags. I would however like to allow embedded YouTube videos. So my question is this: What's the best (most secure) way to validate the YouTube embed code? YouTube is currently using iframes to embed videos, but obviously I can't just allow the iframe tag. I also need to ensure the src of the iframe is a YouTube URL, and ensure there's no other malicious bits of code in the iframe code.

Read the article

< Previous Page | 227 228 229 230 231 232 233 234 235 236 237 238 | Next Page >