Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 253/3920 | < Previous Page | 249 250 251 252 253 254 255 256 257 258 259 260  | Next Page >

  • How to ensure the HTTP_REQUEST Is coming from the right place?

    - by seatoskyhk
    I learn that HTTP_REFERER or any HTTP request header can be fake and not reliable. REMOTE_ADDR is reliable though. so, how can I ensure the incoming HTTP_REQUEST call is coming from a website that I white-list? For example, I have a js code that will send from client site to server. (something like a sniper, cross platform). however, I only allow this happen from several websites. Not others. so, even other people copy the code and put onto their website, it won't work.

    Read the article

  • Securing Web Services approach valid?

    - by NBrowne
    Hi , Currently I am looking at securing our web services. At the moment we are not using WCF so this is not an option. One approach I have seen and implemented locally fairly easily was the approach described in article: http://www.codeproject.com/KB/aspnet/wsFormsAuthentication.aspx Which describes adding a HttpModule which prompts for user credentials if the user browses to any pages (web services) which are contained in a services folder. Does anyone see any way that this security could fall down and could be bypassed etc. I'm really just trying to decide whether this is a valid approach to take or not? thanks

    Read the article

  • Images with unknown content: Dangerous for a browser?

    - by chris_l
    Let's say I allow users to link to any images they like. The link would be checked for syntactical correctness, escaping etc., and then inserted in an <img src="..."/> tag. Are there any known security vulnerabilities, e.g. by someone linking to "evil.example.com/evil.jpg", and evil.jpg contains some code that will be executed due to a browser bug or something like that? (Let's ignore CSRF attacks - it must suffice that I will only allow URLs with typical image file suffixes.)

    Read the article

  • Using macro to check null values

    - by poliron
    My C code contains many functions with pointers to different structs as parameters which shouldn't be NULL pointers. To make my code more readable, I decided to replace this code: if(arg1==NULL || arg2==NULL || arg3==NULL...) { return SOME_ERROR; } With that macro: NULL_CHECK(arg1,arg2,...) How should I write it, if the number of args is unknown and they can point to different structs?(I work in C99)

    Read the article

  • Is there any simple C++ code to grab video from UVC webcam and display it simultaneously?

    - by mShero
    I'm very very new to Linux and programming! I'm using ubuntu 11.10 - 64 bits with gcc 4.6.1 I've been searching online for an example C++ code that simply grabs video from a compliant UVC webcam and displays it simultaneously.. I need to compile it on gcc. In OpenCV, it's a very simple code less than 20 lines as I remember! I found this: http://v4l2spec.bytesex.org/spec/capture-example.html But it's very huge code relative to OpenCV code ?! and even when I tried to compile it using gcc.. I got many errors! I copied the code into a cpp file: cap.cpp then wrote in the terminal: gcc cap.cpp -o cap and the errors showed up... same errors with g++ I hope if someone can help me and tell me where can I find another simpler code? and how can I test it ? Thank you :)

    Read the article

  • WCF: What happens if a channel is established but no method is called?

    - by mafutrct
    In my specific case: A WCF connection is established, but the only method with "IsInitiating=true" (the login method) is never called. What happens? In case the connection is closed due to inactivity after some time: Which setting configures this timeout? Is there still a way for a client to keep the connection alive? Reason for this question: I'm considering the above case as a possible security hole. Imagine many clients connecting to a server without logging in thus preventing other clients from connecting due to bandwidth problems or port shortage or lack of processing power or ... Am I dreaming, or is this an actual issue?

    Read the article

  • How to organize Windows Phone code base to target both 7.x and 8 platforms

    - by ljubomir
    I took over a Windows Phone project which was previously targeting WP 7.1 platform, and with the recent announcement of the new platform it should target WP 8 as well. My VS 2010 solution consists on several projects (Data access, Model, Tests and WP7 client app) and i am wandering on how to include support for WP8. I have to note that the code-base is not compatible with WP8, due to usage of Toolkit controls and other 3rd party libraries targeted for WP7.1 specifically. Also there is another problem with the Visual Studio versions - WP7.1 can work with VS 2010, but WP8 requires VS 2012. Should i move the whole code-base to VS 2012? Any good advice on how to organize code-base in a most meaningful way in order to avoid duplication and possible painful maintenance? I am thinking between one solution - multiple projects vs. multiple solutions - reusable projects approach. Code duplication (like two separate folders/solutions) should be the least possible approach (fallback).

    Read the article

  • asp.net impersonation identity: Where does it come from?

    - by Rising Star
    Here's a simple question I've been stuck on for a while. When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from? This document: http://msdn.microsoft.com/en-us/library/ff649264.aspx shows three places you can retrieve information about the logged on user: Httpcontext.Current.user System.Threading.Thread.Current System.Security.Principal.WindowsIdentity.GetCurrent It seems that none of these locations consistently match the identity that gets impersonated when I set < identity impersonate=true > in web.config. I would like to know where the impersonated identity comes from.

    Read the article

  • Why is using a Non-Random IV with CBC Mode a vulnerability?

    - by The Rook
    I understand the purpose of an IV. Specifically in CBC mode this insures that the first block of of 2 messages encrypted with the same key will never be identical. But why is it a vulnerability if the IV's are sequential? According to CWE-329 NON-Random IV's allow for the possibility of a dictionary attack. I know that in practice protocols like WEP make no effort to hide the IV. If the attacker has the IV and a cipher text message then this opens the door for a dictionary attack against the key. I don't see how a random iv changes this. (I know the attacks against wep are more complex than this.) What security advantage does a randomized iv have? Is this still a problem with an "Ideal Block Cipher"? (A perfectly secure block cipher with no possible weaknesses.)

    Read the article

  • Creating a Simple C# Wrapper to clean up code

    - by Tangopop
    I have this code: public void Contacts(string domainToBeTested, string[] browserList, string timeOut, int numberOfBrowsers) { verificationErrors = new StringBuilder(); for (int i = 0; i < numberOfBrowsers; i++) { ISelenium selenium = new DefaultSelenium("LMTS10", 4444, browserList[i], domainToBeTested); try { selenium.Start(); selenium.Open(domainToBeTested); selenium.Click("link=Email"); Assert.IsTrue(selenium.IsElementPresent("//div[@id='tabs-2']/p/a/strong")); selenium.Click("link=Address"); Assert.IsTrue(selenium.IsElementPresent("//div[@id='tabs-3']/p/strong")); selenium.Click("link=Telephone"); Assert.IsTrue(selenium.IsElementPresent("//div[@id='tabs-1']/ul/li/strong")); } catch (AssertionException e) { verificationErrors.AppendLine(browserList[i] + " :: " + e.Message); } finally { selenium.Stop(); } } Assert.AreEqual("", verificationErrors.ToString(), verificationErrors.ToString()); } My problem is i would like to make it so that i can use the code surrounding the 'try' many many times in the rest of the code. I think it has something to do with wrappers, but i can't get a simple answer for this from the web. So in simple terms the only piece of this code which changes is the bit between the try {} the rest is standard code that i have currently used over 100 times and is turning out to be a pain to maintain. Hope this is clear, many thanks.

    Read the article

  • How do I make non-framework code to framework code? (PHP)

    - by ggfan
    I just started using CakePHP and it's very different from just normal procedural or basic OOP PHP. I am still learning PHP and still read "beginning PHP/mysql" books that teaches you basic PHP. Also lots of sites online provide code that isn't for a framework. Is the only way to make non-framework code to say a framework, say cakePHP, by learning cakePHP thoroughly than rewriting the code yourself to fit the MVC model?

    Read the article

  • How do I simplify my code?

    - by Mitchell Skurnik
    I just finished creating my first major application in C#/Silverlight. In the end the total line count came out to over 12,000 lines of code. Considering this was a rewrite of a php/javascript application I created 2 years that was over 28,000 lines I am actually quite proud of my accomplishment. After reading many questions and answers here on stackoverflow and other sites online, I followed many posters advice: I created classes, procedures, and such for things that I would have a year ago copied and pasted; I created logic charts to figure out complex functions; making sure there are no crazy hidden characters (used tabs instead of spaces); and a few others things; place comments where necessary (I have lots of comments). My application consists of 4 tiles laid out horizontally that have user controls loaded into each slice. You can have between one and four slices loaded at anytime. If you have once slice loaded, the slice takes up the entire artboard...if you have 2 loaded, each take up half, 3 a third, 4 a quarter. Each one of these slices represent (for the sake of this example) a light control. Each slice has 3 slider controls in it. Now when I coded the functionality of the sliders, I used a switch/case statement inside of a public function that would run the command on the specified slice/slider. The made for some duplicate code but I saw no way around it as each slice was named differently. So I would do slice1.my.commands(); slice2.my.commands(); etc. My question to you is how do I clean up my code even futher? (Sadly I cannot post any of my code). Is there any way to take this repetion out of my code?

    Read the article

  • Which IDE / code editor was the first to introduce a code completion feature?

    - by Uri
    I am trying to identify the point in time where code completion (autocomplete/intellisense/whatever) was first introduced in IDEs and would appreciate any pointers. By code completion here I mean a feature within the editor that offers methods or suggestions based on the code that was already typed, and I am interested in programming language related completions (not word processor style completion).

    Read the article

  • Code Highligh with javascript ?

    - by BrunoLM
    Is there any API or a jQuery plugin that allow me to highlight a code on my website? For example <pre code="c#"> var x = new StringBuilder(); var complex = new Complex(); </pre> <script type="text/javascript"> $("pre[code]").codehighlight({ language: "c#" }); </script> Something like that?

    Read the article

  • Cross domain secure cookie usage?

    - by asdasda
    I have a website that came with a SSL site for HTTPS but its on a different server. Example being my website: http://example.com my SSL site: http://myhostingcompany.com/~myuseraccount/ So I can do transactions over HTTPS and we have user accounts and everything but it is located on a different domain. The cookie domain is set for that one. Is there a way I can check on my actual site to see if a cookie is set for the other one? And possibly grab its data and auth a user? I think this violates a major principle of security and can't be done for good reasons, but am i wrong? is this possible?

    Read the article

  • JQuery: After adding some AJAX, some of the jquery code no longer works

    - by fwaokda
    Here's a pastebin link to my entire jQuery code. [ http://pastebin.com/w57ma5Gx ] The "Thumbnails" section was working fine before I added the ajax sections. Anyone can help me with why it quit working? And if I need to I can post another question but figured I'd try it here first. Whats a better way of writing the ajax code where it executes once upon loading the page and then every time I click the $("a#next") link afterwards? Right now I just repasted the code outside of the next link and that works, but seems silly to have the same code in two different places like that. Thanks!

    Read the article

  • How secure is encryption?

    - by Stomped
    Let me preface this by saying I know nothing about encryption. I understand the basic concept of public key / private key encryption but I don't how easily it can be broken, if at all. If one were to believe the movies, encrypted data can be broken by a teenager with a decent computer in a few hours. I have a client who wants credit card information sent via email - encrypted of course, but I'm still not feeling terribly good about the idea. I feel it would be safer to store the info on the VPS, but even then its an unmanaged server and there's nobody watching it who knows much about security. So can anyone tell me if there's a safe way to store and/or send this data out? Thanks

    Read the article

  • Code Highlight with javascript ?

    - by BrunoLM
    Is there any API or a jQuery plugin that allow me to highlight a code on my website? For example <pre code="c#"> var x = new StringBuilder(); var complex = new Complex(); </pre> <script type="text/javascript"> $("pre[code]").codehighlight({ language: "c#" }); </script> Something like that?

    Read the article

  • Application Role and access second database

    - by lszk
    I have written a script to create an audit trails to my database in a second one db. So far I had no problems during tests on my dev machine from SQL Server Management Studio. Problems started to occurs when I first tried to test my triggers from my application by modyfing data in it. Using profiler I found out, that my audit trails db is not visible in sys.databases, so here lies the problem. The application using an Application Role, so as I found on MSDN, that's why I can't get access to other db on the server. I'm not a DBA. I have no experience with properly settings the security stuff, so please guide me, how can I set the setting for guest account (according to MSDN) to get access to this db? I need to have a record for this database in sys.databases and I need to be able to insert data in this database in all tables. No select, update or delete I need.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 249 250 251 252 253 254 255 256 257 258 259 260  | Next Page >