Search Results

Search found 22139 results on 886 pages for 'security testing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 235/886 | < Previous Page | 231 232 233 234 235 236 237 238 239 240 241 242  | Next Page >

  • Crossdomain file edit

    - by Misiur
    Hi there. I need to know, where from is my script used (it's for sale, and i don't want any thiefs). I want to write on my server in file, IP of user, domain where from script has been runned, date, etc. I've tried fopen, fwrite, but is_file_writable returned that it isn't. File CHmods are 777, it parent catalog has too 777 chmods. Now i'm trying something like that: <?php $file = 'http://www.misiur.com/security/seal.txt'; $data = date("Y-m-d H:i:s"); $ip = $_SERVER['REMOTE_ADDR']; $svr = $_SERVER['SERVER_NAME']; $str = "[$data] Loaded by $ip at $svr\r\n"; $current = file_get_contents($file); $current .= $str; file_put_contents($file, $current); ?> However - nothing happens. What i've got to do?

    Read the article

  • Is Rails default CSRF protection insecure

    - by schickb
    By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

    Read the article

  • Loading SQL dump before running Django tests

    - by knutin
    I have a fairly complex Django project which makes it hard/impossible to use fixtures for loading data. What I would like to do is to load a database dump from the production database server after all tables has bene created by the testrunner and before the actual tests start running. I've tried various "magic" in MyTestCase.setUp(), but with no luck. Any suggestions would be most welcome. Thanks.

    Read the article

  • Is it possible to compile IronRuby code to a .NET assembly (EXE or DLL)

    - by Chris Ammerman
    My scenario consists of the following points. I have a packaged software product I am developing in C# Since it is a packaged product, the public interfaces of the assemblies need to be tightly controlled... All assemblies are strong-named Any classes that don't absolutely have to be "public" are "internal" I want to write unit tests for those "internal" classes, since they are the bulk of the code And finally.... I want to try writing the unit tests in Ruby. Since the unit tests would be external to the assembly containing the code under test, the assemblies under test would each need to have an "InternalsVisibleTo" attribute specifying the name of the unit test assembly. Which of course would mean that the Ruby unit tests would have to compile down to a .NET assembly so they can be given access in this way. Can this be done? If so, how? All I can find on the web about "compiling IronRuby" is about building the actual IronRuby runtime from source.

    Read the article

  • Mocking inter-method dependencies

    - by Zecrates
    I've recently started using mock objects in my tests, but I'm still very inexperienced with them and unsure of how to use them in some cases. At the moment I'm struggling with how to mock inter-method dependencies (calling method A has an effect on the results of method B), and whether it should even be mocked (in the sense of using a mocking framework) at all? Take for example a Java Iterator? It is easy enough to mock the next() call to return the correct values, but how do I mock hasNext(), which depends on how many times next() has been called? Currently I'm using a List.Iterator as I could find no way to properly mock one. Does Martin Fowler's distinction between mocks and stubs come into play here? Should I rather write my own IteratorMock? Also consider the following example. The method to be tested calls mockObject.setX() and later on mockObject.getX(). Is there any way that I can create such a mock (without writing my own) which will allow the returned value of getX to depend on what was passed to setX?

    Read the article

  • Implementing a Stack using Test-Driven Development

    - by devoured elysium
    I am doing my first steps with TDD. The problem is (as probably with everyone starting with TDD), I never know very well what kind of unit tests to do when I start working in my projects. Let's assume I want to write a Stack class with the following methods(I choose it as it's an easy example): Stack<T> - Push(element : T) - Pop() : T - Seek() : T - Count : int - IsEmpty : boolean How would you approch this? I never understood if the idea is to test a few corner cases for each method of the Stack class or start by doing a few "use cases" with the class, like adding 10 elements and removing them. What is the idea? To make code that uses the Stack as close as possible to what I'll use in my real code? Or just make simple "add one element" unit tests where I test if IsEmpty and Count were changed by adding that element? How am I supposed to start with this?

    Read the article

  • Error while creating tests in Visual Studio

    - by Benjol
    When I try to generate a unit test for the following method (in a public static class) private static string[] GetFields(string line, char sep) { char[] totrim = { '"', ' ' }; return line.Split(sep).Select(col => col.Trim(totrim)).ToArray(); } The Tests output says: While trying to generate your tests, the following errors occurred: This method or property cannot be called within an event handler. It works if I make the function public - I've tried running Publicize.exe manually, it doesn't complain, but doesn't make any difference either.

    Read the article

  • Embedded systems code with good unit tests?

    - by rmk
    I am looking at approaches to Unit Test embedded systems code written in C. At the same time, I am also looking for a good UT framework that I can use. The framework should have a reasonably small number of dependencies. Any great Open-source products that have good UTs?

    Read the article

  • How can I test that my hash function is good in terms of max-load?

    - by philcolbourn
    I have read through various papers on the 'Balls and Bins' problem and it seems that if a hash function is working right (ie. it is effectively a random distribution) then the following should/must be true if I hash n values into a hash table with n slots (or bins): Probability that a bin is empty, for large n is 1/e. Expected number of empty bins is n/e. Probability that a bin has k collisions is <= 1/k!. Probability that a bin has at least k collisions is <= (e/k)**k. These look easy to check. But the max-load test (the maximum number of collisions with high probability) is usually stated vaguely. Most texts state that the maximum number of collisions in any bin is O( ln(n) / ln(ln(n)) ). Some say it is 3*ln(n) / ln(ln(n)). Other papers mix ln and log - usually without defining them, or state that log is log base e and then use ln elsewhere. Is ln the log to base e or 2 and is this max-load formula right and how big should n be to run a test? This lecture seems to cover it best, but I am no mathematician. http://pages.cs.wisc.edu/~shuchi/courses/787-F07/scribe-notes/lecture07.pdf BTW, with high probability seems to mean 1 - 1/n.

    Read the article

  • How to configure SQLite to run with NHibernate where assembly resolves System.Data.SQLite?

    - by Michael Hedgpeth
    I am using the latest NHibernate 2.1.0Beta2. I'm trying to unit test with SQLite and have the configuration set up as: Dictionary<string, string> properties = new Dictionary<string, string>(); properties.Add("connection.driver_class", "NHibernate.Driver.SQLite20Driver"); properties.Add("dialect", "NHibernate.Dialect.SQLiteDialect"); properties.Add("connection.provider", "NHibernate.Connection.DriverConnectionProvider"); properties.Add("query.substitutions", "true=1;false=0"); properties.Add("connection.connection_string", "Data Source=test.db;Version=3;New=True;"); properties.Add("proxyfactory.factory_class", "NHibernate.ByteCode.LinFu.ProxyFactoryFactory, NHibernate.ByteCode.LinFu"); configuration = new Configuration(); configuration.SetProperties(properties); When I try to run it, I get the following error: NHibernate.HibernateException: The IDbCommand and IDbConnection implementation in the assembly System.Data.SQLite could not be found. Ensure that the assembly System.Data.SQLite is located in the application directory or in the Global Assembly Cache. If the assembly is in the GAC, use <qualifyAssembly/> element in the application configuration file to specify the full name of the assembly. at NHibernate.Driver.ReflectionBasedDriver..ctor(String driverAssemblyName, String connectionTypeName, String commandTypeName) in c:\CSharp\NH\nhibernate\src\NHibernate\Driver\ReflectionBasedDriver.cs: line 26 at NHibernate.Driver.SQLite20Driver..ctor() in c:\CSharp\NH\nhibernate\src\NHibernate\Driver\SQLite20Driver.cs: line 28 So it looks like I need to reference the assembly directly. How would I do this so I don't get this error anymore? I downloaded the latest assembly from here: http://sourceforge.net/projects/sqlite-dotnet2.

    Read the article

  • How to test an application for correct encoding (e.g. UTF-8)

    - by Olaf
    Encoding issues are among the one topic that have bitten me most often during development. Every platform insists on its own encoding, most likely some non-UTF-8 defaults are in the game. (I'm usually working on Linux, defaulting to UTF-8, my colleagues mostly work on german Windows, defaulting to ISO-8859-1 or some similar windows codepage) I believe, that UTF-8 is a suitable standard for developing an i18nable application. However, in my experience encoding bugs are usually discovered late (even though I'm located in Germany and we have some special characters that along with ISO-8859-1 provide some detectable differences). I believe that those developers with a completely non-ASCII character set (or those that know a language that uses such a character set) are getting a head start in providing test data. But there must be a way to ease this for the rest of us as well. What [technique|tool|incentive] are people here using? How do you get your co-developers to care for these issues? How do you test for compliance? Are those tests conducted manually or automatically? Adding one possible answer upfront: I've recently discovered fliptitle.com (they are providing an easy way to get weird characters written "u?op ?pisdn" *) and I'm planning on using them to provide easily verifiable UTF-8 character strings (as most of the characters used there are at some weird binary encoding position) but there surely must be more systematic tests, patterns or techniques for ensuring UTF-8 compatibility/usage. Note: Even though there's an accepted answer, I'd like to know of more techniques and patterns if there are some. Please add more answers if you have more ideas. And it has not been easy choosing only one answer for acceptance. I've chosen the regexp answer for the least expected angle to tackle the problem although there would be reasons to choose other answers as well. Too bad only one answer can be accepted. Thank you for your input. *) that's "upside down" written "upside down" for those that cannot see those characters due to font problems

    Read the article

  • Nielson's usablity scale

    - by Banderdash
    Just wondering if anyone out there knows of a standard survey (preferably based off Jacob Nielson's work on usability) that web admin's can administer to test groups for usability? I could just make up my own but I feel there as got to be some solid research out there on the sort of judgments on tasks I should be asking. For example Q:: Ask user to find profile page Do I ... A.) Present them with standard likert scale after each question B.) Present them the likert after all the questions .. Then what should that likert be, I know Nielson's usability judgments scale is based on Learnability, Efficiency of Use, Memorability, Error Rate, Satisfaction but I can only imagine a likert I would design that would effectively measure satisfaction...how am I suppose to ask a user to rank the Memorability of a site after one use on a 1-5 scale? Surely someone has devised a good way to pose the question?

    Read the article

  • How test that ASP.NET MVC route redirects to other site?

    - by Matt Lacey
    Due to a prinitng error in some promotional material I have a site that is receiving a lot of requests which should be for one site arriving at another. i.e. The valid sites are http://site1.com/abc & http://site2.com/def but people are being told to go to http://site1.com/def. I have control over site1 but not site2. site1 contains logic for checking that the first part of the route is valid in an actionfilter, like this: public override void OnActionExecuting(ActionExecutingContext filterContext) { base.OnActionExecuting(filterContext); if ((!filterContext.ActionParameters.ContainsKey("id")) || (!manager.WhiteLabelExists(filterContext.ActionParameters["id"].ToString()))) { if (filterContext.ActionParameters["id"].ToString().ToLowerInvariant().Equals("def")) { filterContext.HttpContext.Response.Redirect("http://site2.com/def", true); } filterContext.Result = new ViewResult { ViewName = "NoWhiteLabel" }; filterContext.HttpContext.Response.Clear(); } } I'm not sure how to test the redirection to the other site though. I already have tests for redirecting to "NoWhiteLabel" using the MvcContrib Test Helpers, but these aren't able to handle (as far as I can see) this situation. How do I test the redirection to antoher site?

    Read the article

  • Re-using unit tests for models using STI

    - by TenJack
    I have a number of models that use STI and I would like to use the same unit test to test each model. For example, I have: class RegularList < List class OtherList < List class ListTest < ActiveSupport::TestCase fixtures :lists def test_word_count list = lists(:regular_list) assert_equal(0, list.count) end end How would I go about using the test_word_count test for the OtherList model. The test is much longer so I would rather not have to retype it for each model. Thanks.

    Read the article

  • Unit test with Authlogic on Rails 3

    - by Puru puru rin..
    Hello, I would like to write some unit test with a logged user using Authlogic. To start right, I used some code hosted in http://github.com/binarylogic/authlogic_example. But I get an error after rake test, because of "test_helper.rb" and the following class: class ActionController::TestCase setup :activate_authlogic end Here is my error: NameError: undefined local variable or method `activate_authlogic' for I think this Authlogic example is mapped over Rails 2; maybe it's a little bit different on Rails 3. Is there an other example where I can take example about unit test? Many thanks.

    Read the article

  • How dangerous can javascript be? (is noscript worth the trouble)?

    - by CrazyJugglerDrummer
    I have recently started using noscript (in addition to ABP). It took a little while to get used to it and can occasionally require some clicking when visiting a new site to investigate why the site's not working and where I need to allow javascript from. Is the extra security worth it? Some of the controversy is discussed here. I suppose it boils down to a matter of whether javascript is a genuine threat to your computer or not. Any thoughts on this?

    Read the article

  • MVC UI with Mock Controllers?

    - by Jaimal Chohan
    I'm working with Aspnet MVC 2 (R2) and at the same time playing about with the whole alt.net stack. One of this things I would like to be able todo is basically write my Views, and be able to interact with them without having to write the controller logic. E.g. I have a view that displays a list of orders and I can click on an order which redirects to another view where I can edit it, but I don't want to get into the nitty gritty of writing the code to actually get a list of orders, or update an existing ordes. I want to do so I can write UI tests in WaitN/AOT/Selenium without having to worry about whats happening underneath, and also It would help drive my controller logic on a need basis as opposed to guess work based of of the supplied screenshots How do you guys accomplish this atm? Can you provide links ot useful blog posts/tools/framework/articles with information on how to accomplish this p.s. I primarly use Rhino Mocks & NUnit but can happliy change to other tools if they support the above better.

    Read the article

  • C++ static code analysis tool on Windows

    - by KTC
    What C++ static code analysis tool are there on Microsoft Windows, and which would you recommend? Please state whether a particular tool relies on cygwin, and whether it cost money. One per post as per for voting up & down. Similar Question: http://stackoverflow.com/questions/141498/what-open-source-c-static-analysis-tools-are-available

    Read the article

  • What C# mocking framework to use?

    - by Corin
    I want to start using mock objects on my next C# project. After a quick google I've found there are many: NMock EasyMock.NET TypeMock Isolator Commercial / Paid Rhino Mocks Moq So my question is: what one is your favourite .NET mocking framework and why?

    Read the article

  • Passing custom Python objects to nosetests

    - by Rob
    I am attempting to re-organize our test libraries for automation and nose seems really promising. My question is, what is the best strategy for passing Python objects into nose tests? Our tests are organized in a testlib with a bunch of modules that exercise different types of request operations. Something like this: testlib \-testmoda \-testmodb \-testmodc In some cases the test modules (i.e. testmoda) is nothing but test_something(), test_something2() functions while in some cases we have a TestModB class in testmob with the test_anotherthing1(), test_anotherthing2() functions. The cool thing is that nose easily finds both. Most of those test functions are request factory stuff that can easily share a single connection to our server farm. Thus we do a lot of test_something1(cnn), TestModB.test_anotherthing2(cnn), etc. Currently we don't use nose, instead we have a hodge-podge of homegrown driver scripts with hard-coded lists of tests to execute. Each of those driver scripts creates its own connection object. Maintaining those scripts and the connection minutia is painful. I'd like to take free advantage of nose's beautiful discovery functionality, passing in a connection object of my choosing. Thanks in advance! Rob P.S. The connection objects are not pickle-able. :(

    Read the article

  • Including uncovered files in Devel::Cover reports

    - by Markus
    I have a project setup like this: bin/fizzbuzz-game.pl lib/FizzBuzz.pm test/TestFizzBuzz.pm test/TestFizzBuzz.t When I run coverage on this, using perl -MDevel::Cover=-db,/tmp/cover_db test/*.t ... I get the following output: ----------------------------------- ------ ------ ------ ------ ------ ------ File stmt bran cond sub time total ----------------------------------- ------ ------ ------ ------ ------ ------ lib/FizzBuzz.pm 100.0 100.0 n/a 100.0 1.4 100.0 test/TestFizzBuzz.pm 100.0 n/a n/a 100.0 97.9 100.0 test/TestFizzBuzz.t 100.0 n/a n/a 100.0 0.7 100.0 Total 100.0 100.0 n/a 100.0 100.0 100.0 ----------------------------------- ------ ------ ------ ------ ------ ------ That is: the totally-uncovered file bin/fizzbuzz-game.pl is not included in the results. How do I fix this?

    Read the article

  • Zend_Test_PHPUnit_ControllerTestCase: Test view parameters and not rendered output

    - by erenon
    Hi, I'm using Zend_Test_PHPUnit_ControllerTestCase to test my controllers. This class provides various ways to test the rendered output, but I don't want to get my view scripts involved. I'd like to test my view's vars. Is there a way to access to the controllers view object? Here is an example, what I'm trying to do: <?php class Controller extends Zend_Controller_Action { public function indexAction() { $this-view->foo = 'bar'; } } class ControllerTest extends Zend_Test_PHPUnit_ControllerTestCase { public function testShowCallsServiceFind() { $this->dispatch('/controller'); //doesn't work, there is no such method: $this->assertViewVar('foo', 'bar'); //doesn't work: $this-assertEquals( 'bar', $this->getView()->foo ); } }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 231 232 233 234 235 236 237 238 239 240 241 242  | Next Page >