Search Results

Search found 97980 results on 3920 pages for 'code security'.

Page 252/3920 | < Previous Page | 248 249 250 251 252 253 254 255 256 257 258 259  | Next Page >

• Secure to store an ID in an ASP.NET control ID?

  - by Curtis White

  I'm auto-generating a form in my ASP.NET page. This is already tested and working. I want to know if: If there are any security problems with storing the database ID as part of my controls ID? I can see think of 2 issues: the id will be visible in page source (not really important in this case), and the possibility someone could change the name of the control somehow? This second possibility is more serious. Is this a potential problem and how to void it? If there would be a better preferred way to associate a unique data with any type of control? Is it possible to store a custom item in the viewstate for the control?

  Read the article

• Can Spring access-denied-handler refer to popup?

  - by Rens Groenveld

  I am working with Spring Security 3.1.x and have implemented method annotation securities. As I want, when I perform a certain action while being logged in as a used that doesn't have the rights, I get a 403 acces is denied in my console! Perfect! Now I would like to catch this 403, and give the user a popup with a custom message. I don't want to redirect users to a page saying that they have no rights. Is there any way the access-denied-handler of Spring can take care of a popup? Or can it only redirect to another page? Maybe there are other options for me? Thanks in advance!

  Read the article

• Redundant code constructs

  - by Diomidis Spinellis

  The most egregiously redundant code construct I often see involves using the code sequence if (condition) return true; else return false; instead of simply writing return (condition); I've seen this beginner error in all sorts of languages: from Pascal and C to PHP and Java. What other such constructs would you flag in a code review?

  Read the article

• Web Application - Authentication / Login Framework

  - by user456563

  This is a very simple, probably a most asked question and frequently developed as part of any web application. Say I'm planning to build a web application and some of the functional requirements include (apart from the usual hard hitting security reqs), - Need to have users sign up for a new account profile - Authenticate user using the native app authentication / Facebook or Google or Yahoo or OpenId login - Allow lost password retrieval - Session handling needs Is there an out of the box frameworks (Drupal, Liferay??) that I can use to wrap my application which can be a bunch of JSP's or HTML's with JS? I know I'm asking a very simple and maybe a naive question. But this is a topic every web developer guru will go thru. Any help, advise and pointers much appreciated.

  Read the article

• Leaving SQL Management open on the internet

  - by Tim Fraud

  I am a developer, but every so often need access to our production database -- yeah, poor practice, but anyway... My boss doesn't want me directly on the box using RDP, and so we decided to just permit MS SQL Management Console access so that I can do my tasks. So right now we have the SQL box somewhat accessible on the internet (on port 1433 if I am not mistaken), which opens a security hole. But I am wondering, how much of an uncommon practice is this, and what defaults should I be concerned about? We use MSSQL2008 and I created an account that has Read-Only access, because my production tasks only need that. I didn't see any unusual default accounts with default passwords on the system, so I would be interested to hear your take. (And of-course, is there a better way?)

  Read the article

• Best way to Store Passwords, User information/Profile data and Photo/Video albums for a social websi

  - by Nick

  Need some help figuring out how to best Store Passwords, User information/Profile data and Photo/Video albums for a social website? For photos/videos the actual photo/video + even encrypting the URL with the IDs to the photo/videos so other users cannot figure it out. Creating a site like myspace and designing retirement documents but i am unsure how to specify the security requirements for the database. Two things: 1) Protect from outside users 2) Protect all these from employees being able to access this info For #2, the additional question is: If we encrypt the user info and password so even the system admins cannot get in, how can we retrieve the user data tomorrow if someone flags the user's account as spam and admin needs to check it out or if law enforcement wants info on a user? Thanks.

  Read the article

• Established javascript solution for secure registration & authentication without SSL

  - by Tomas

  Is there any solution for secure user registration and authentication without SSL? With "secure" I mean safe from passive eavesdropping, not from man-in-the-middle (I'm aware that only SSL with signed certificate will reach this degree of security). The registration (password setup, i.e. exchanging of pre-shared keys) must be also secured without SSL (this will be the hardest part I guess). I prefer established and well tested solution. If possible, I don't want to reinvent the wheel and make up my own cryptographic protocols. Thanks in advance.

  Read the article

• On Linux do people chroot a Java Web Application or use IPTables and run as non-root?

  - by Adam Gent

  When you run a Java Servlet Container that you would like to serve both static and dynamic content on port 80 you have the classic question of whether to run the server as: As root in hopefully a chroot jail if you can (haven't gotten this working yet) As a non root user and then use IPTables to forward port 80 to some other port (1024) that the container is running on Both: As a non root user, IPTables, and chroot jail. The problem with opt. 1 is the complexity of chrooting and still the security problems of running root.The problem with opt. 2 is that each Linux distro has a different way of persisting IPTables. Option 3 of course is probably idea but very hard to setup. Finally every distro has the annoying differences in daemon scripts. What do people find as the best distro agnostic solution and are there resources to show how to do this?

  Read the article

• Adding code to the beginning / end of methods in runtime dynamically

  - by Irchi

  I know instrumentation is a technique to add trace code dynamically into the methods to enable tracing and debugging. I was wondering if this is only a "Trace" option, hard coded into the CLR to add only trace code, or is there the ability to add any code to the methods? For example, I want to check for a condition in the beginning of every single method call in a certain class (say for permissions). Can I do this via adding dynamic code to the beginning of the methods in execution time? I'm not sure how this trace "instrumentation" thing works, but I'm wondering if this can be used for other goals too, or not.

  Read the article

• show case creater code implementation in magento

  - by Test

  Hai how to implement dynamic show case creater code in magento( i got that code from another site, i want to put that code in my magento site, so that it shows the products from that site) Does any one help me?

  Read the article

• Methods to see result fo a code change faster

  - by Can't Tell

  This question came to me when developing using Eclipse. I use JBoss Application Server and use hot code replacement. But this option requires that the 'build automatically' option to be enabled. This makes Eclipse build the workspace automatically (periodically or when a file is saved?) and for a large code base this takes too much time and processing which makes the machine freeze for a while. Also sometimes an error message is shown saying that hot code replacement failed. The question that I have is: is there a better way to see the result of a code change? Currently I have the following two suggestions: Have unit tests - this will allow to run a single test and see the result of a code change. ( But for a JavaEE application that uses EJBs is it easy to setup unit tests?) Use OSGi - which allows to add jars to the running system without bringing down the JVM. Any ideas on above suggestions or any other suggestion or a framework that allows to do this is welcome.

  Read the article

• Sitemap Links don't work on live site, Windows Authentication

  - by Chris

  I have a intranet site with Windows Authentication. I have 'Administrator' pages in an 'Administrator' folder that will only show for those in the admin group (windows security group) These pages work I have a folder with sub folders containing reports. These permissions are broken down for each type of report. They have similar role priveleges. When I test the application, I can navigate to the pages. When I deploy the site live on the intranet the links don't return a page. Error missing link 404. Do I need to set something in IIS?

  Read the article

• Retrieve web user's Identity outside of request scope

  - by Kendrick

  I have an ASP.NET app that logs Audit reports using nHibernate's IPreUpdateListener. In order to set the current user in the Listener events, I was using System.Security.Principal.WindowsIdentity.GetCurrent(). This works fine when debugging on my machine, but when I move it to the staging server, I'm getting the ASP.NET process credentials, not the requesting user. In the ASP.NET page, I can use Request.LogonUserIdentity (which works fine since I'm using integrated authentication), but how do I reference this user directly without having to pass it directly to my event? I don't want to have to pass this info through the pipeline because it really doesn't belong in the intermediate events/calls.

  Read the article

• Wordpress Admin Panel Code Input

  - by Wes

  I've got a wordpress admin panel for one of my themes and one of the boxes has an input for some code to drive google adsense. when I put the code into the box and call it with my php tags the code comes out like this: <script type="\&quot;text/javascript\&quot;"><!-- google_ad_client = \"pub-9295546347478163\"; /* Leaderboard 5/17/2010 */ google_ad_slot = \"7593465074\"; google_ad_width = 728; google_ad_height = 90; //--> </script> <script type="\&quot;text/javascript\&quot;" src="%5C%22http://pagead2.googlesyndication.com/pagead/show_ads.js%5C%22"> </script> Which I assume is a feature to stop SQL injections. How can I call pure code form a box? This is how I currently have that textbox setup. array( "name" => "Code for Top ad", "desc" => "Enter the HTML that will drive the banner ad for the page header", "id" => $shortname."_headerAd", "type" => "textarea"), and then echo it out with this: <?php echo get_option('lifestyle_headerAd'); ?>

  Read the article

• PHP - How to determine if request is coming from a specific file.

  - by John

  I have fileA.php on SERVER_A and fileB.php on SERVER_B fileB.php makes a curl request to fileA.php for it's contents How can fileA.php determine that the request is coming specifically from fileB.php? -- I was thinking about sending the $_SERVER['SCRIPT_NAME'] in fileB.php to fileA.php but since someone can go into fileB.php or any file in general and just do $_SERVER['SCRIPT_NAME'] = 'fileB.php'; it's not really that secure. So how can I determine, for security reasons, that the request is coming from a specific file on a different server?

  Read the article

• How to detect that code is running inside eclipse IDE

  - by DD

  How to detect that code is running inside eclipse IDE

  Read the article

• Easy way to convert c code to assembly?

  - by Bob

  Is there an easy way (like a free program) that can covert c/c++ code to x86 assembly? I know that any c compiler does something very similar and that I can just compile the c code and then disassemble the complied executable, but that's kind of an overkill, all I want is to convert a few lines of code. Does anyone know of some program that can do that?

  Read the article

• How to check whether your code environment on Windows or on Linux or other OS

  - by justjoe

  hi, right now, i code custom wordpress theme and testing it in xampp windows XP on apache server. But as long as i concern, there's no wp build-in function to identify the code environment. Is there's any PHP build-in function to identify such thing ? for the record, what i want to code need to read a directory. in my apache (in windows), the path will be c:/xampp/htdocs where apache on linux will be \somepath\somepath\ so, is there any code solution to know what is the OS environment without i have to compare the path ? i hope it will also work on other OS with other webserver then APACHE such as IIS

  Read the article

• Rate my C# code (~300 SLOC) using GDI+/Backgroundworker

  - by sebastianlarsson

  Hi, I want to get some feedback on my code! Below is some background info. I am taking a pre-certification course in C# (Sweden, 15 ECTS). The focus of the course is theoretical and only limited practical work. I dont find the assignments very hard at all to tell you the truth, but since I only have very limited work experience as a developer (I have worked 15h/week at Ericsson since November) I think I would benefit from having the certificate (70-536 and more probably). I am currently reading Martin Fowler's "Refactoring: Improving the design of existing code" and I tried to apply his techniques to my latest lab in the course. I have been on the lookout for a website which have the idea of providing feedback on code, but so far I have yet to discover any. Please take a look on my code and tell me what you think. It is only roughly 300 lines of code divided into a couple of classes. GDI+, backgroundworker and user controls are what the lab is about. I reckon you may have to spend as little as a couple of minutes on looking on the solution. Link to solution: http://www.filefactory.com/file/b18h7d5/n/Lab4_Lab5_SebastianLarsson.zip Regards and thank you, Sebastian

  Read the article

• Secure xml messages being read from database into app.

  - by scope-creep

  I have an app that reads xml from a database using NHibernate Dal. The dal calls stored procedures to read and encapsulate the data from the schema into an xml message, wrap it up to a message and enqueue it on an internal queue for processing. I would to secure the channel from the database reads to the dequeue action. What would be the best way to do it. I was thinking of signing the xml using System.Security.Cryptography.Xml namespace, but is their any other techniques or approaches I need to know about? Any help would be appreciated. Bob.

  Read the article

• Understanding c++ block of code

  - by kotoko

  I was given a c++ main and have to code it so it works. I am having some trouble understanding the code as I am a bit new to cpp. Here is the code int main(int argc, char *argv[]) { Class::setAtribute("string"); Class(Class::CONSTANT) << "starting up..."; } Some questions: How can the first line work with no variables? Is it static? The second line is really strange for me, what I can make out is a Constructor that takes in a class constante and then prints it out somehow? If someone could explain me this bit of code it would be great! Thanks in advance.

  Read the article

• c# code for load the data from txt file or SQL 2000 to AS400(DB2/400

  - by deepak1979

  c# code for load the data from txt file or SQL 2000 to AS400(DB2/400)

  Read the article

• Javascript Code For HTML5 Form Validation Not Working

  - by MistUnleashed

  I'm new to JavaScript so I have no idea why this code does not work and validate my HTML5 Form like it should. The JavaScript code which can be found below is supposed to check if the browser supports the required attribute and if it doesn't then it will validate the form and check for any empty spaces. I got the code from this website. In the body of the webpage containing my form I have this: Below is the contactvalidate.js file: $('#formTemplate').submit(function() { if (!attributeSupported("required") || ($.browser.safari)) { $("#formTemplate [required]").each(function(index) { if (!$(this).val()) { alert("Please fill all required fields."); return false; } }); } return false; }); Do I need to change anything in this code or should it work? As I've said I'm new to JavaScript so any help you guys could give me is greatly appreciated.

  Read the article

• EJB3.1 logout doesn't work

  - by Kevin

  Hello, I've got a problem with the authentication features of EJB3.1: With this code in a Servlet v3: log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); log.info("===^==="); request.logout() ; log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); request.authenticate(response) ; log.info("===v==="); log.info(""+request.getUserPrincipal()); log.info(""+request.getAuthType()); I would always expect to see the Username/login windows, because of the logout() function. Instead, it seems to be a 'cache' mechanism which repopulate the credential and cancel my logout ... Admin BASIC ===^=== null null ===v=== Admin BASIC is it a problem with my firefox, or something I'm missing in the Servlet code? Thanks

  Read the article

• How to insert image into word document using java code

  - by sukhada garud

  How to insert image into word document using java code

  Read the article

< Previous Page | 248 249 250 251 252 253 254 255 256 257 258 259  | Next Page >