Search Results

Search found 97980 results on 3920 pages for 'code security'.

Page 249/3920 | < Previous Page | 245 246 247 248 249 250 251 252 253 254 255 256 | Next Page >

different levels in code igniter?

- by ajsie

im all new to framework. so the structure of code igniter looks like: system system/application the system folder is code igniter's base folder right? so if they in the future releases a new version i just put application in the new system folder and its upgraded right? does this mean that i shouldn't put new files and so on in the system folder? cause some code could be used for other applications and i want to put them under the current application im developing, not inside the application folder. i want my application's classes to extend my base system's classes which in turn extend code igniter's base system class. so there are 3 levels. so how could i accomplish this? where to put the system level between CI and my application?

Read the article
Translate from Java to C#: simple code to re-encode a string

- by Dr. Zim

We were sent this formula to encrypt a string written in Java: String myInput = "test1234"; MessageDigest md = MessageDigest.getInstance("SHA"); byte[] myD = md.digest(myInput.getBytes()); BASE64Encoder en64 = new BASE64Encoder(); String myOutput = new String ( Java.net.URLEncoder.encode( en64.encode(myD))); // myOutput becomes "F009U%2Bx99bVTGwS3cQdHf%2BJcpCo%3D" Our attempt at writing this in C# is: System.Security.Cryptography.SHA1 sha1 = new System.Security.Cryptography.SHA1CryptoServiceProvider(); string myOutput = HttpUtility.UrlEncode( Convert.ToBase64String( sha1.ComputeHash( ASCIIEncoding.Default.GetBytes(myInput)))); However the output is no where near the same. It doesn't even have percent signs in it. Any chance anyone would know where we are going wrong?

Read the article
Secure database connection. DAL .net architecture best practice

- by Andrew Florko

We have several applications that are installed in several departments that interact with database via Intranet. Users tend to use weak passwords or store login/password written on a shits of paper where everybody can see them. I'm worried about login/password leakage & want to minimize consequences. Minimizing database-server attack surface by hiding database-server from Intranet access would be a great idea also. I'm thinking about intermediary data access service method-based security. It seems more flexible than table-based or connection-based database-server one. This approach also allows to hide database-server from public Intranet. What kind of .net technologies and best practices would you suggest? Thank in you in advance!

Read the article
NameValueCollection Issue In Proxy Generation

- by N W. annor-adjei

I have a proxy generation problem I am building my own customised XMLMembershipProvider in WCF. The code runs well in ASP.Net and am consuming the same code in WCF for silverlight, My class inherits the Membership provider hence have implemented all the MembershipProvider methods. Now, consumung this methods in WCF requires also the Initialize Method having NameValueCollection as passin parameter, which is the cause of the problem because WCF does not supporteCollection serialization. when the initialize method is marked as OperationContract, Proxy class does not get generated. I could have use Dictionary but that is impossible here bacause the base class's initialize method accepts two parameter one of which should be a NameValueCollection. If i don't mark the Initialize as OperationContract, the proxy class is generated with all the methods but i realized i still need the Initialize marked as Operation contract to start the provider. Has any one got any idea about the use of NameValueCollection in WCF and the work around this problem Thank you. Nicholas

Read the article
Detect IE setting: check for newer versions of stored pages "never"

- by xx

I understand there isn't a way to interrogate a users IE settings directly due to security reasons, but is there a way to derive this answer with some other mechanism? I would like to stop a user from using my site if the setting "Check for newer versions of stored pages" is set to "Never". Any suggestions? Is there a way I could test for this using javascript? An example of what I am trying to accomplish is this: While it is not possible to check IE settings to see if you are running a popup blocker, that is a way to "test" for a popup blocker via javascript. I am looking for something similiar but for the cache setting, not the popup blocker.

Read the article
How to safeguard my code

- by ram

I had posted my question in the below link on how to protect my code using Hg http://stackoverflow.com/questions/173875/how-do-you-protect-code-from-leaking-outside The question is: In a DVCS scenario how can we restrict the code leakages? Is there any way technically to restrict this like when I move our of my work automatically history of codes should not be viewed?

Read the article
gcc and reentrant code

- by S.M

Does GCC generate reentrant code for all scenarios ?

Read the article
Oracle query to select rows with unique code

- by Jasim

I have a table like this C1 C2 C3 Code 1 2 3 33 1 2 3 34 2 4 1 14 1 2 3 14 i want to select only those record whose code is appearing only in single row. ie, in this case rows with code 33 and 34.. as they appear only once in this table. How can i write a query for that

Read the article
Does malloc() allocate a contiguous block of memory?

- by user66854

I have a piece of code written by a very old school programmer :-) . it goes something like this typedef struct ts_request { ts_request_buffer_header_def header; char package[1]; } ts_request_def; ts_request_buffer_def* request_buffer = malloc(sizeof(ts_request_def) + (2 * 1024 * 1024)); the programmer basically is working on a buffer overflow concept. I know the code looks dodgy. so my questions are: Does malloc always allocate contiguous block of memory ?. because in this code if the blocks are not contiguous , the code will fail big time Doing free(request_buffer) , will it free all the bytes allocated by malloc i.e sizeof(ts_request_def) + (2 * 1024 * 1024), or only the bytes of the size of the structure sizeof(ts_request_def) Do you see any evident problems with this approach , i need to discuss this with my boss and would like to point out any loopholes with this approach

Read the article
session is lost after successful login?

- by sword101

greetings all um using spring security 3.0.2,all the application pages are secured to see them you must be authenticated um using https protocol i have a strange problem that after successful login and got to the requested page when try to open any link to other pages in the application the session is invalidated or lost or what happened i don't know and the user become anonymous,and redirected to the login page and i got this from debugging: No HttpSession currently exists No SecurityContext was available from the HttpSession: null. A new one will be created. after reviewing the coe many times,nothing in the code is invalidating the session,any ideas why something like this might happen?

Read the article
How does TopCoder evaluates code?

- by Carlos

If you are familiar with TopCoder you know that your source-code gets a final "grade/points" this depends on time, how many compiles, etc, one of the highest weighted being performance. But how can they test that, is there some sort of simple code (java or c++) to do it that you could share for me to evaluate and hopefully write my own to test the programs I write for University? This is sort of a follow up question to this one where I ask if shorter code results in best performance. P.S: Im interested in both of how topcoders knows performance and writing code to test performance.

Read the article
preg_replace on xss code

- by proyb2

Can this code help to sanitize malicious code in user submit form? function rex($string) { $patterns = array(); $patterns[0] = '/=/i'; $patterns[1] = '/javascript:/i'; $replacements = array(); $replacements[0] = ''; $replacements[1] = ''; return preg_replace($patterns, $replacements, $string); I have included htmlentities() to prevent XSS on client side, is all the code shown is safe enough to prevent attack?

Read the article
see code when cross-posting page with Server.Transfer

- by EduardoMello

When I use Server.Transfer the browser keeps the Previous Page on the URL bar. Also, when I try to view the source code of the page, shows the previous page code. I need to see the current page code. Any help? Thank you

Read the article
tool to auto-format R code

- by Keith

Is there any tool (editor, script, whatever...) available that can automatically reformat R code? It does not need to be customizable but it must be able to recognize statements separated by either semicolons or newlines since this code has both. If it can put all statements on a separate line, consistently indent code blocks and consistently place braces I will be very happy.

Read the article
Sanitizing CSS in Rails

- by Erik

Hello! I want to allow the users of a web app that I'm building to write their own CSS in order to customize their profile page. However I am aware of this opening up for many security risks, i e background: url('javascript:alert("Got your cookies! " + document.cookies'). Hence I am looking for a solution to sanitize the CSS while still allowing as much CSS functionality as possible for my users. So my questions if anyone anyone knows of a gem or a plugin to handles this? I've googled my brains out already so any tips would be really appreciated!

Read the article
Facebook javascript in address bar, possible to replicate?

- by DoMx

This is my first experience with stackoverflow and I'm afraid my question asks of a lot for a first. I was looking at this thread: http://stackoverflow.com/questions/2634159/javascrypt-in-the-adress-bar-is-this-malicious and as you will see SLaks has very kindly deobfuscated the javascript and left us with what appears as the Javascript behind the automatic facebook invite code. As I'm fairly new to javascript, I was wondering, what other components were needed to get this code to work? You of course have the functions there and they are called by the obfuscated javascript but how exactly? Would it be possible to replicate this on a page of my own using the information available or is there more to this script I am missing? I am willing to financially assist somebody who could compile a solution for me. Thank you in advance.

Read the article
Accepting bank account information in a form

- by jeffthink

What security concerns are there when accepting a user's bank account information (account number and routing number) via a form on a page that is using SSL, and posting it back to the server where I then curl off a HTTPS request to send that information to an ACH service like First ACH or ACH Direct via their API? We wouldn't be saving the bank account information in our database. I know another option is to use Paypal's Mass Pay API, but they think it's unprofessional (at least for their business) to require customers to have a paypal account to get paid. Thoughts?

Read the article
Agile Uploader error code 2101?

- by adamwstl

I'm trying to install Agile Uploader, but keep running into an error code 2101 (no other message besides that.) Any idea what error code "2101" means? Whenever I try to submit/upload (when I call agileUploaderSubmit()), nothing seems to happen and with Firebug mode on, all the log prints out is that code. I can't find anything that tells me what it means. Thanks

Read the article
Meteor 0.3.9 on Windows XP exits with code: -1073741819

- by slawpe13

I have installed recently Meteor 0.3.9 on Windows XP (msi installer from: http://win.meteor.com/) and when I try to run (under CMD): meteor create --example leaderboard cd leaderboard meteor I get: [[[[[ C:\temp\leaderboard ]]]]] Running on: http://localhost:3000/ Exited with code: -1073741819 Exited with code: -1073741819 Exited with code: -1073741819 Your application is crashing. Waiting for file change. How can I fix that error?

Read the article
ANTLR - Embedding Java code, evaluate before or after?

- by wvd

Hello all, I'm writing a simple scripting language on top of Java/JVM, where you can also embed Java code using the {} brackets. The problem is, how do I parse this in the grammar? I have two options: 1] Allow everything to be in it, such as: [a-z|a-Z|0-9|_|$], and go on 2] Get an extra java grammar and use that grammar to parse that small code (is it actually possible and efficient?) Since option 2] is basically a double-check since when evaluating java code it's also being checked. Now my last question is -- is way that can dynamically execute java code also with objects which have been created at runtime? Thanks, William van Doorn

Read the article
How to Use Eclipse to Debug JNI code (Java & C/C++)

- by tkryger

While I can debug my application with the Eclipse JDT debugger for Java code and GDB for C code, I would prefer to use a single tool for all my debugging. I found several projects that enable "mixed-mode" debugging in Eclipse and include support for single stepping between Java and native code. Intel's Integrated Debugger for Java/JNI Environments Mariot Chauvin's Summer of Code Project: Support Seamless Debugging between JDT & CDT Unfortunately, one claims to be pre-release quality and the other is currently unmaintained. Are there any plug-ins that bring mixed mode debugging functionality to Eclipse in a reliable way or should I continue to use two separate debuggers?

Read the article
TFS 2008 checks out code automatically on edit

- by Jangwenyi

I am working on a Visual Studio 2008 project that is already added to TFS server. I am not sure which settings and policies have been configured for the TFS (this is done by a separate dept, not developers) Every time I make an edit to a code file , the file is checked out automatically (without explicitly checking out the code file myself) Please help me locate this setting or policy because it is not very useful at the moment. Sometime you want to make a local change to try out something, and not necessarily check out the code....

Read the article
php Form to Email sanitizing

- by Jacob

Hi, im using the following to send a contact us type form, iv looked into security and only found that you need to protect the From: bit of the mail function, as ive hardcoded this does that mean the script is spamproof / un-hijackable $tenantname = $_POST['tenan']; $tenancyaddress = $_POST['tenancy']; $alternativename = $_POST['alternativ //and a few more //then striptags on each variable $to = "[email protected]"; $subject = "hardcoded subject here"; $message = "$tenantname etc rest of posted data"; $from = "[email protected]"; $headers = "From: $from"; mail($to,$subject,$message,$headers);

Read the article
Foolproof way to check for nonzero (error) return code in windows batch file

- by Pat

Intro There's a lot of advice out there for dealing with return codes in batch files (using the ERROLEVEL mechanism), e.g. Get error code from within a batch file ERRORLEVEL inside IF Some of the advice is to do if errorlevel 1 goto somethingbad, while others recommend using the %ERRORLEVEL% variable and using ==, EQU, LSS, etc. There seem to be issues within IF statements and such, so then delayedexpansion is encouraged, but it seems to come with quirks of its own. Question What is a foolproof (i.e. robust, so it will work on nearly any system with nearly any return code) way to know if a bad (nonzero) code has been returned? My attempt For basic usage, the following seems to work ok to catch any nonzero return code: if not errorlevel 0 ( echo error level was nonzero )

Read the article
How do I tell which account is trying to access an ASP.NET web service?

- by Andrew Lewis

I'm getting a 401 (access denied) calling a method on an internal web service. I'm calling it from an ASP.NET page on our company intranet. I've checked all the configuration and it should be using integrated security with an account that has access to that service, but I'm trying to figure out how to confirm which account it's connecting under. Unfortunately I can't debug the code on the production network. In our dev environment everything is working fine. I know there has to be a difference in the settings, but I'm at a loss with where to start. Any recommendations?

Read the article

< Previous Page | 245 246 247 248 249 250 251 252 253 254 255 256 | Next Page >