Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 250/3920 | < Previous Page | 246 247 248 249 250 251 252 253 254 255 256 257  | Next Page >

  • My page was attacked via xss, but on ftp all files are not changed?

    - by Dobiatowski
    Hi, yesterday i noticed that sometimes on my webpage shows up javascript errors. when i went to source code, i found that one of .js files was totaly replaced with a ton of porn links. i checked the ftp for this file, but there was just old javascript file without any changes. yet i go back to check source code via browser and indeed there was again original .js today i visited my webpage again and the problem repeated. first visit showed me ton of porn pages cached .js file was hacked but after clearing browser cache js go back to oryginal i checked all files on my ftp against my offilne version, but all files are without any change. in last few years i was attacked by xss few times but in every case it was easy to diagnose and fix. but now i spend 12h and didnt find infection. do you have any idea how to find it? the webpage is: http://robert.frk.pl

    Read the article

  • Good Open Source Code to learn Web Programming

    - by Prabu
    Hi can someone point me to some Good Open Source Code to learn Web Programming (Language doesn't matter). i'm looking for source code of web-applications not frameworks I'm not a beginner, I can code to some extent. I want to know how stuffs are done in real world applications.

    Read the article

  • Reliably detect caller domain over cURL request?

    - by Utkanos
    OK so server-side security is not my forte. Basically, I'm building a service which users may use (via an SDK) only on the domain they stipulated when they signed up. The SDK calls my web service over cURL in PHP. Would I be right in thinking I cannot reliably detect the caller domain, i.e. enforce that it is the same domain they stipulated when signing up? cURL of course sends this over headers, but headers can always (?) be faked. Is there a better course of action to enforce domain for this sort of thing? (NB I'm already using an API key, too - it's just I wanted to restrict domain, too) Thanks in advance

    Read the article

  • Advise guidance on how to form this jQuery script for show/hide fade element

    - by Rick
    Hey guys.. I basically have several links on the left side of the screen and on the right is a preview window. Below the preview window is another box for the affiliate link code. So what I am trying to do is create an affiliate page where you choose the banner size on the left by clicking on the link and on the right you see it dynamically change to the banner size and the code changes accordingly as well. So far I have the following code and it works but it seems very very cumbersome and bloated. Can you see if I can trim this down? jQuery(".banner-style li").click(function() { jQuery(".banner-style li").removeClass("selected"); jQuery(this).addClass("selected"); var $banner = jQuery(this).attr("class"); $banner = $banner.replace(" selected",""); jQuery(".preview img").fadeOut('fast',function() { jQuery(".preview img").attr("src", "http://localhost/site/banners/"+$banner+".jpg") .fadeIn('slow'); }); jQuery(".code p").removeClass('hide').hide(); jQuery(".code p."+$banner).show(); }); Also to note the funny thing is in FF, when you click for the first to on any link, the original image on the right fades out and in real quick and then it loads the "clicked" image. This does not happen in other browsers...

    Read the article

  • Reason to use more cookies than just a session hash for authentication?

    - by dierre
    I usually hang out in a community using vBulletin as its bulletin board. I was looking at what this software saves as cookie in my browser. As you can see it saves 6 cookies. Amongst them, what I consider to be important for authentification are: ngivbsessionhash: hash of the current session ngivbpassword: hash of the password ngivbuserid: user's id Those are my assumptions of course. I don't know for sure if ngilastactivity and ngilastvisit are used for the same reason. My question is: why use all these cookie for authentication? My guess would be that maybe generating a session hash would be to easy so using the hashedpassword and userid adds security but what about cookie spoofing? I'm basically leaving on the client all fundamental informations. What do you think?

    Read the article

  • Securing files on IPhone

    - by clearbrian
    Hi Is there a way to decompile the binary from an IPhone app. I jailbroke my IPhone and was surprised to find other app's dbs wide open to be copied. So I exported my most important table and hardcoded it into code. Instead of loading table into array from a db I just generated code to fill the array and kept only the most basic DB info so relationships still work. Took a while but now works fine. I was just wondering am I safe, could someone decompile the binary for the app easily and extract the data. In Java its easy to decompile *.class files though thats bytecode where I presume iphone apps are more low level. I know IPhone sdk 4 can mark files as secure. Anyone know can this be overridden by jailbreaks or is this an unix lock?

    Read the article

  • Html encoding in MVC input

    - by fearofawhackplanet
    I'm working through NerdDinner and I'm a bit confused about the following section... First they've added a form for creating a new dinner, with a bunch of textboxes delcared like: <%= Html.TextArea("Description") %> They then show two ways of binding form input to the model: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create() { Dinner dinner = new Dinner(); UpdateModel(dinner); ... } or: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create(Dinner dinner) { ... } Ok, great, that all looks really easy so far. Then a bit later on they say: It is important to always be paranoid about security when accepting any user input, and this is also true when binding objects to form input. You should be careful to always HTML encode any user-entered values to avoid HTML and JavaScript injection attacks Huh? MVC is managing the data binding for us. Where/how are you supposed to do the HTML encoding?

    Read the article

  • How to host 50 domains/sites with common Django code base

    - by Off Rhoden
    I have 50 different websites that use the same layout and code base, but mostly non-overlapping data (regional support sites, not link farm). Is there a way to have a single installation of the code and run all 50 at the same time? When I have a bug to fix (or deploy new feature), I want to deploy ONE time + 1 restart and be done with it. Also: Code needs to know what domain the request is coming to so the appropriate data is displayed.

    Read the article

  • How are CD Keys generated?

    - by The Rook
    CD Keys are the defacto-standard as an anti-piracy measure. To be honest this strikes me as Security Though Obscurity, although I really have no idea how CD Keys are generated. What is a good (secure) example of CD Key generation? What cryptographic primitive (if any) are they using? Is it a message digest? If so what data would they be hashing? What methods do developers employ to make it difficult for crackers to build their own key generators?

    Read the article

  • Resources for learning how to better read code

    - by rsteckly
    Hi, I recently inherited a large codebase and am having to read it. The thing is, I've usually been the dev starting a project. As a result, I don't have a lot of experience reading code. My reaction to having to read a lot of code is, well, umm to rewrite it. But I need to bring myself up to speed quickly and build on top of an existing system. Do other people have techniques they've learned to absorb a code base? At this point, I'm just reading through the code. I've tried generating UML diagrams using UModel. They're so big they won't print cleanly and when I zoom in, I really do lose the perspective of seeing all the relationships. How have other people dealt with this problem?

    Read the article

  • OpenID PAM module

    - by Harvey Kwok
    I am looking for a PAM module that can use OpenID to do the authentication. My idea is that I want to logon my Linux box using my gmail account and password. I found there is a open source project in Google Code which seems to be doing the things I want but I don't see any code available for download. I saw there are so many examples or implementations but they are all about web apps. Is there any non-web based OpenID applications in the world? Is it technically possible to make a non-web based OpenID application? I naively think that it should be possible. I can emulate whatever packets the browser send out to the OpenID provider and get back the result. As long as my Linux box is connected to the Internet, I should be able to use my OpenID to login. Appreciate any comments, suggestions or pointers on how to make an OpenID PAM module. Thanks!

    Read the article

  • Dynamic obfuscation by self-modifying code

    - by Fallout2
    Hi all, Here what's i am trying to do: assume you have two fonction void f1(int *v) { *v = 55; } void f2(int *v) { *v = 44; } char *template; template = allocExecutablePages(...); char *allocExecutablePages (int pages) { template = (char *) valloc (getpagesize () * pages); if (mprotect (template, getpagesize (), PROT_READ|PROT_EXEC|PROT_WRITE) == -1) { perror (“mprotect”); } } I would like to do a comparison between f1 and f2 (so tell what is identical and what is not) (so get the assembly lines of those function and make a line by line comparison) And then put those line in my template. Is there a way in C to do that? THanks Update Thank's for all you answers guys but maybe i haven't explained my need correctly. basically I'm trying to write a little obfuscation method. The idea consists in letting two or more functions share the same location in memory. A region of memory (which we will call a template) is set up containing some of the machine code bytes from the functions, more specifically, the ones they all have in common. Before a particular function is executed, an edit script is used to patch the template with the necessary machine code bytes to create a complete version of that function. When another function assigned to the same template is about to be executed, the process repeats, this time with a different edit script. To illustrate this, suppose you want to obfuscate a program that contains two functions f1 and f2. The first one (f1) has the following machine code bytes Address Machine code 0 10 1 5 2 6 3 20 and the second one (f2) has Address Machine code 0 10 1 9 2 3 3 20 At obfuscation time, one will replace f1 and f2 by the template Address Machine code 0 10 1 ? 2 ? 3 20 and by the two edit scripts e1 = {1 becomes 5, 2 becomes 6} and e2 = {1 becomes 9, 2 becomes 3}. #include <stdlib.h> #include <string.h> typedef unsigned int uint32; typedef char * addr_t; typedef struct { uint32 offset; char value; } EDIT; EDIT script1[200], script2[200]; char *template; int template_len, script_len = 0; typedef void(*FUN)(int *); int val, state = 0; void f1_stub () { if (state != 1) { patch (script1, script_len, template); state = 1; } ((FUN)template)(&val); } void f2_stub () { if (state != 2) { patch (script2, script_len, template); state = 2; } ((FUN)template)(&val); } int new_main (int argc, char **argv) { f1_stub (); f2_stub (); return 0; } void f1 (int *v) { *v = 99; } void f2 (int *v) { *v = 42; } int main (int argc, char **argv) { int f1SIZE, f2SIZE; /* makeCodeWritable (...); */ /* template = allocExecutablePages(...); */ /* Computed at obfuscation time */ diff ((addr_t)f1, f1SIZE, (addr_t)f2, f2SIZE, script1, script2, &script_len, template, &template_len); /* We hide the proper code */ memset (f1, 0, f1SIZE); memset (f2, 0, f2SIZE); return new_main (argc, argv); } So i need now to write the diff function. that will take the addresses of my two function and that will generate a template with the associated script. So that is why i would like to compare bytes by bytes my two function Sorry for my first post who was not very understandable! Thank you

    Read the article

  • Is MD5 really that bad?

    - by Col. Shrapnel
    Everyone says that MD5 is "broken". Though I have never seen a code that can show it's weakness. So, I hope someone of local experts can prove it with simple test. I have an MD5 hash c1e877411f5cb44d10ece283a37e1668 And a simple code to produce it $salt="#bh35^&Res%"; $pass="***"; echo $hash=md5($salt.$pass); So, the question is: 1. Is MD% really that bad? 2. If so, what's the pass behind the asterisks?

    Read the article

  • Can phper give me some code snippet to consume the .net wcf service

    - by Vincent
    Hi, I can successfully make a call to wcf from php without WCF message security enabled. I search the whole forum and cannot find any clue. I'd like to know how can I pass the credential ? My WCF service use the basichttpbinding on SSL with Message security enabled. Here is my code snippet to call my wcf from .NET ServiceReference1.TestClient sc = new TestClient(); sc.ClientCredentials.UserName.UserName = "[email protected]"; sc.ClientCredentials.UserName.Password = "ABC123"; Console.WriteLine(sc.GetProfiledSchemas(412));

    Read the article

  • The risk of granting to IUSR* NTFS permissions on a folder on the server

    - by vtortola
    I have two web applications that must share a file in the server file system. Both apps are inside of "Inetpub\wwwroot". The file cannot be accessed freely from outside, so it is in a folder out of "Inetpub". I have granted full NTFS permissions to the user "IUSR_whatever" (is the user that runs IIS in anonymous requests) in that folder. The folder has only that file, and has no other use. It works so far :) But, what is the risk? what should I be afraid of? As I see it, as long the folder is out of the "InetPub" cannot be accessed, and as long the apps don't have any security flaw like "path traversal" or server side code injection, it should be safe enough.... But I'm always keen to be wrong :) What do you think? May the file or even the server itself get compromised because of this? Thanks.

    Read the article

  • WYSIWYG-editor with "add custom html feature" and secure (validated) html output?

    - by Tom
    I've been looking into some of the WYSIWYG editors (TinyMCE, FCKEditor, etc.) and they all seem to offer a lot of options. However, one vital feature that seems to lack is a simple "add custom html" option which would allow the user to input any of these embed-snippets you find all around the web these days, for example a youtube video. This is different than a "edit html/source" feature as that requires actual knowledge of html and there is the risk of the user writing invalid code. Another issue that I couldn't find much about is the output html. How would I make sure that this output causes no security invulnerabilities? Even when the user has the ability to add his own html? So, basically, is there an open source WYSIWYG editor which covers these 2 features?

    Read the article

  • Editing/Modifying a .java file programmatically? (not the .class file)

    - by Jay
    So, here is a piece of code using CodeModel that generates java code: JCodeModel cm = new JCodeModel(); JDefinedClass dc = cm._class("foo.Bar"); JMethod m = dc.method(0, int.class, "foo"); m.body()._return(JExpr.lit(5)); File f = new File("C:/target/classes"); f.mkdirs(); cm.build(f); This code generates a .java file: package foo; public class Bar { int foo() { return 5; } } However, I DO NOT want CodeModel to create a new java file for me. I do have a .java file already and would like to add a few lines of code to a method inside it. So, I would like the API to modify the java file directly/ create a modified copy of it. Is there a way to doing this?

    Read the article

  • does it make sense to send password information during email communication from websites

    - by Samuel
    Most of the online sites on registration do send a link to activate the site and on any further correspondence with the end user they provide information about the site and also provide the login credentials with password in clear text (as given below) Username - [email protected] Password - mysecretpassword What would you do in such a case? From a usability perspective does it make sense to send the password information in clear text or should you just avoid sending this information. I was under the impression that most of the passwords are MD5 hashed before storing in the database and hence the service provider will not have any access to clear text passwords, is this a security violation?

    Read the article

  • Sending passwords over the web

    - by Falmarri
    So I'm working on a mobile platform application that I'd like to have users authenticate over the web. I was wondering the best way to do security. The user is sending a password for HTTP to a php server wich authenticates against a mysql database on the same server. Obviously I don't want to send the password in plain text over the internet, but I also don't want to do 2 SHA hashes. This is what the server looks like (in pseudocode) $pass = $_POST['pass']; if ((get PASSWORD where USERNAME = USERNAME) == SHA($pass)) return PASS; This is pretty standard and I don't think there's any other way to do this. But I was wondering how I should prepare the data before sending it over the internet.

    Read the article

  • writing boot sector code

    - by JGC
    hi I want to write a code which put something in bootsector but when I run the assembly 8086 code which does this purpose, nothing happens. does any one know what can I do or does any one has code (in any language) which answer my need?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 246 247 248 249 250 251 252 253 254 255 256 257  | Next Page >