Search Results

Search found 24229 results on 970 pages for 'users rights'.

Page 288/970 | < Previous Page | 284 285 286 287 288 289 290 291 292 293 294 295  | Next Page >

• What XSS/CSRF attacks (if any) to be aware of when allowing video embeds?

  - by fireeyedboy

  I've been assigned a project for a website where users will be allowed to upload video's (using a YouTube API) but more importantly (for me) they will also be allowed to submit video embed codes (from numerous video sites, YouTube, Vimeo, etc. etc.). Having no experience with allowing users to embed video: How can I best protect against cross site scripting and/or cross site request forgery attacks specifically for video embedding? What are some of the common pitfalls to watch for? At a minumum I would think to strip all tags except <object> and <embed>. But I have a feeling this will not be enough, will it? If it is of importance, the environment will be: PHP/Zend Framework MySQL Bonuspoints: Is there a common minimum golden rule/code template for video embed codes that are valid across all video sites that I could use to filter the input?

  Read the article

• Vbscript - Object Required for DateLastModified

  - by Kenny Bones

  I don't really know what's wrong right here. I'm trying to create a vbscript that basically checks two Folders for their files and compare the DateLastModified attribute of each and then copies the source files to the destination folder if the DateLastModified of the source file is newer than the existing one. I have this code: Dim strSourceFolder, strDestFolder Dim fso, objFolder, colFiles strSourceFolder = "c:\users\user\desktop\Source\" strDestFolder = "c:\users\user\desktop\Dest\" Set fso = CreateObject("Scripting.FileSystemObject") Set objFolder = fso.GetFolder(strSourceFolder) Set colFiles = objFolder.Files For each objFile in colFiles Dim DateModified DateModified = objFile.DateLastModified ReplaceIfNewer objFile, DateModified, strSourceFolder, strDestFolder Next Sub ReplaceIfNewer (sourceFile, DateModified, SourceFolder, DestFolder) Const OVERWRITE_EXISTING = True Dim fso, objFolder, colFiles, sourceFileName, destFileName Dim DestDateModified, objDestFile Set fso = CreateObject("Scripting.FileSystemObject") sourceFileName = fso.GetFileName(sourceFile) destFileName = DestFolder & sourceFileName if fso.FileExists(destFileName) Then objDestFile = fso.GetFile(destFileName) DestDateModified = objDestFile.DateLastModified msgbox "File last modified: " & DateModified msgbox "New file last modified: " & DestDateModified End if End Sub And I get the error: On line 34, Char 3 "Object required: 'objDestFile' But objDestFile IS created?

  Read the article

• How to Integrate SharePoint 2007/2010 and Google Apps?

  - by goober

  Hello All, My (smaller) company has an existing Google Apps Deployment, used for E-Mail / Calendar, etc. I'm looking into a SharePoint setup (2010 most likely). One of the best features is that new events are added to one's Outlook Calendar, e-mails can be sent automatically, etc. Naturally, this works best out-of-the-box with Exchange. I know I can add my own OpenID login system via an OpenID provider for SharePoint and get my users into the system. My question is, can anyone recommend the best way to go about making sure that events automatically find their way into users' calendars and e-mails on the Google Apps system? This would enable us to deploy SharePoint without worrying about migrating our e-mail system to Exchange first (Google Apps is more cost-effective for our needs and I'm required to keep it.) Thanks in advance for any help!

  Read the article

• Unable to relate two MySQL tables (foreign keys)

  - by KPL

  Hello people, Here's my USER table CREATE TABLE IF NOT EXISTS `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `username` varchar(100) NOT NULL, `expiry` varchar(6) NOT NULL, `contact_id` int(11) NOT NULL, `email` varchar(255) NOT NULL, `password` varchar(100) NOT NULL, `level` int(3) NOT NULL, `active` tinyint(4) NOT NULL DEFAULT '1', PRIMARY KEY (`id`,`email`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; And here's my contact_info table CREATE TABLE IF NOT EXISTS `contact_info` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(255) NOT NULL, `email_address` varchar(255) NOT NULL, `company_name` varchar(255) NOT NULL, `license_number` varchar(255) NOT NULL, `phone` varchar(30) NOT NULL, `fax` varchar(30) NOT NULL, `mobile` varchar(30) NOT NULL, `category` varchar(100) NOT NULL, `country` varchar(20) NOT NULL, `state` varchar(20) NOT NULL, `city` varchar(100) NOT NULL, `postcode` varchar(50) NOT NULL, PRIMARY KEY (`id`,`email_address`), ) ENGINE=InnoDB DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ; The system uses username to login users.I want to modify it in such a way that it uses email for login. But there's no email_address in users table. I have added foreign key - email in user table(which is email_address in contact_info). How should I query database?

  Read the article

• Is a "Confirm Email" input good practice when user changes email address?

  - by dibson

  My organization has a form to allow users to update their email address with us. It's suggested that we have two input boxes for email: the second as an email confirmation. I always copy/paste my email address when faced with the confirmation. I'm assuming most of our users are not so savvy. Regardless, is this considered a good practice? I can't stand it personally, but I also realize it probably isn't meant for me. If someone screws up their email, they can't login, and they must call to sort things out.

  Read the article

• Problem deriving a user control from an abstract base class in website project

  - by Sprintstar

  In a Visual Studio website, I have created a user control. This control is derived from a class (in App_Code) that is itself derived from System.Web.UI.UserControl. This is an abstract class with an abstract method. I then try to implement that method in the user control, but I get the following errors from Visual Studio: Error 1 'WebUserControl.AbstractMethod()': no suitable method found to override C:\Users\User\Documents\Visual Studio 2010\WebSites\Delme\WebUserControl.ascx.cs 10 28 C:\...\Delme\ Error 2 'WebUserControl' does not implement inherited abstract member 'AbstractBaseClass.AbstractMethod()' c:\Users\User\AppData\Local\Temp\Temporary ASP.NET Files\delme\0eebaa86\f1a48678\App_Web_nrsbzxex.0.cs 14 Error 1 says that my override of the abstract method is invalid, it doesn't recognise the abstract method in the base class. Error 2 says that the partial class automatically built by asp.net doesn't implement the abstract method! Note that this works fine when the code is used in a Web Application project. Why is this happening?

  Read the article

• Retreive list of students registered for a particular course

  - by Pankaj Khurana

  Hi, I have moodle1.9 installed on my system and writing some custom reports. I want to retrieve list of students registered for a particular course. I have user profile field usercategoryid through which i figure out for which category he has enrolled. Course belongs to a particular category. Through mdl_user_info_data table i retrieve the category for a particular user. I have written a query to retrieve the users who have registered for a particular category for e.g. Financial Planning 2010. But the issue is that i now want users who have registered for a particular course for e.g. Insurance Planning. There is a relation between course and course category but i am unable to find out the table where course and user information is linked. Please help me on this Thanks

  Read the article

• Copy 2 databases without detach in SQL 2005

  - by molgan

  Hello I have a server with live databases, and I have a test-server where I sometimes restore databases from the live one, to get fresh data. But this way I have to set up all the users again, I have about 4 different users with different permissions that need set again. Is there some way to do this a better way without using detach and attach, since I cant take the databases offline on the live-server? Prefered some thing I could run that "re-fills" the tables with fresh data. No need to redo stored procedures and rights. /M

  Read the article

• Membership.ValidateUser always returns false after upgrade to VS 2010 / .NET 4.0

  - by nw

  Not sure whether this pertains to VS 2010 or to the upgraded framework, but... we are using the Oracle membership provider to authenticate users. Prior to the upgrade everything worked fine, but now Membership.ValidateUser(user, password) returns false despite valid credentials. There is no exception thrown, so it's hard to determine what the problem might be. The website administration tool in VS 2010 is still able to manage users and roles (more or less), so I have no reason to question connectivity. What might the problem be?

  Read the article

• Station ID - more than IP

  - by bensiu

  Hello I am working on internal PHP application where users login only from our network (we are on dedicated IP and application is checking $_SERVER['REMOTE_ADDR'] and if is match our IP go thru if not - Bye However how I can identify from which station user is login ? Using cookie not gonna work - those are windows station working under control MS StedyState and all cookies are deleted every login I don't need nothing fancy like full MAC address just any unique ID (can not be application username - because users use different stations) Any ideas ? Maybe Javascript is able to grab some Unique detail from station's browser (IE 8) and pass this as hidden input? bensiu

  Read the article

• Prolog for beginners about logic and syntax

  - by lnotik

  Hello everybody. I have this question : I need to create a paradict "rightGuesses" which will get 3 arguments , each one of them is a list of letters : 1) The list of guessed letters 2) The word i have to guess 3) The letters that where guessed so far . for example : rightGuesses([n,o,p,q], [p,r,o,l,o,g], Ans). will give us Ans = [p, -, o, -, o, -]. i made: rightGuesses([],T2,[ANS]) rightGuesses([A|T1],T2,[ANS]):- (member(A,T2))=\=true , rightGuesses(T1,T2,[ _ |'-']). rightGuesses([A|T1],T2,[ANS]):- member(A,T2), rightGuesses(T1,T2,[ _ |A]). but i get : ERROR: c:/users/leonid/desktop/file3.pl:5:0: Syntax error: Operator expected Warning: c:/users/leonid/desktop/file3.pl:6: when i trying to compile it what is my problem , and is there is a better way to do it ? thanks in advance.

  Read the article

• Django User "per project" group assignation

  - by Ben G

  Hi, Here's my problem : my site has users, which can create projects, and access other user's projects. Each project can assign different rights to users. So, i could have Project A : user "John" is in group "manager" , and Project "B" user "John" is in group "worker". How could I use the Django User authentication model to do that ? From a SQL point a view, what i would like is to be able to add "project_id" in the primary key for the "auth_user_groups" table. I don't think profile is of any help here. Any advice ? UPDATE : "worker" and "manager" are just two examples of the permission group (or "roles") that my application defines. There will be more in the future. Eg : i will probably also have "admin", "reporting", etc...

  Read the article

• Validation errors from Google App Engine Logout link

  - by goggin13

  I am making a web page using the Google App Engine. I am validating my pages, and found that the logout link that is generated by the call to the users api (in python) users.create_logout_url(request.uri) does not validate as XHTML 1.0 Strict. The href in the anchor tag looks like this: /_ah/login?continue=http%3A//localhost%3A8080/&action=Logout Including a link with this anchor text throws three different validation errors: *general entity "action" not defined and no default entity *reference to entity "action" for which no system identifier could be generated *EntityRef: expecting ';' Here is a dummy page with the anchor tag in it, if you want to try it on w3c validator.Dummy Page. The logout link wont work, but you can see how the page is valid without it, but the actual text inside the href tag breaks the validation. Any thoughts on whats going on? Thank you!

  Read the article

• What choices to make for an application backend

  - by Saif Bechan

  I am creating an web application and I at the point that i am starting to make backend choices. Now there are a lot of ways to go with this, so I am looking for some good points and back practices. Some of the question i have involve: Should i make a seperate table in the db for admin users Should i extend make some classes to load the admin data and the normal data, or make seperate classes for the admin section Where can i get some information on making different types of users Just some best practices for a backend My application is written in PHP with an MySQL database.

  Read the article

• Whats the best method for queuing time-sensitive messages with PHP/MySQL?

  - by Mike Diena

  I'm building an SMS call and response system in a new app that receives a message via an aggregator gateway, checks it for functional keywords (run, stop, ask, etc), then processes it appropriately (save to the database, return an answer, or execute a task based on the users authorization). It's running fine at the moment as there are only a few users, but I figure its going to have more issues as we scale it up. We're currently running it on a single DV machine (mediatemple base dv). My question is this: does it make more sense to set something up like Memcached to run a queue, or a simple database with a daemon running to process each message one by one? I don't have much experience with either, so any advice would be helpful. Since the messaging is somewhat time-sensitive, what would be the fastest and most reliable way to handle this? Also, since we're sending responses, I'll probably need to set up and outbound message queue as well. Would it make sense to use the same concept for both?

  Read the article

• Windows 2008 unable to execute c# powershell app. Returning access exception.

  - by scope-creep

  Hi, Does anybody know why I can't access the folder where my powershell scripts are in windows 2008 Ent. When I try to create a script with textpad it craps out. When I try and execute a c# powershell app, which is stored on another win 2003 drive, it craps out with an access exception as well. I've set powershell execution policy to unrestricted for both normal users and admin users with 'run as admin' on powershell, but it doesn't seem to make a difference. There must be a policy setting, doesn't allow scripts access to a directory, but where, and how to set it. Any help would be appreciated. scope_creep

  Read the article

• VMWare Tools StartUp Script

  - by Horst Walter

  I am on the latest version of VMWare Workstation. In my VMWareTools I have configrued an individual script file (start.bat) to be started when the (guest) OS is booted. Unfortuantely it does not run when starting the guest system as intended. When pressing "run now" it works Running the script from CMD works as well I have changed the service (VMWareTools service) to run under different users - no success All Users (of the service) have had Administrator privileges I have no idea what is going wrong. Maybe someone is having an idea ....

  Read the article

• Detecting if a browser's cache is full

  - by abitgone

  We've identified that full browser caches are the cause of a problem on our extranet. It only affects a small number of our users, but we'd like to alert them to the problem and give them some guidance on how to fix the problem for themselves. We'd like to use a similar system to the one which GMail uses. When it detects that your browser's cache is full, it shows a warning message telling users that their cache is full and that it may cause problems with GMail, along with a link to a Gmail Help page on clearing your browser's cache. Does anyone know if there any resources out there, or examples of how to use JavaScript to detect that the browser's cache is full? Thanks.

  Read the article

• Sharepoint 2010, get the Distinct Values of a User Profile Property?

  - by Michael Stum

  Is there any way in SharePoint 2010 to get the Distinct values of a property accross all users? For example, I want a list of all Departments in the Profile Store. In SQL I can do SELECT DISTINCT(PropertyVal) FROM [ProfileDB].[dbo].[UserProfileValue] WHERE PropertyID = 14 but accessing the SQL Database is a big no-no of course, so I wonder if there is something in the object model? Note that accessing the User Information List on an SPSite is not good enough, as only a fraction of all users is in that list. I want to get it directly from the Profile Store.

  Read the article

• Kentico - Using punctuation with AuthenticateUser

  - by Big Friendly Giant

  We are currently using version 7.0 of the kentico API to authenticate users into our system. The following code is used to gain user details from the database and authenticate users. UserInfo objUserInfo = AuthenticationHelper.AuthenticateUser(username.ToLower(), password.ToLower(), CMSContext.CurrentSiteName); This has primarily been working correctly, but we are having issues with usernames and passwords that contain any of the following characters. " ! @ ' / \ < * - Is there any settings that I need to be aware of (web.config or otherwise) that would stop the API from accessing an account where a username or password contained special characters?

  Read the article

• PHP & MySQL form question.

  - by peakUC

  How do I allow all users to have there username field empty without having them to enter a username when they submit the form using PHP and MySQL? Here is part my PHP and MySQL code. $username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username'])))); if(isset($_POST['username'])) { // Make sure the username address is available: $u = "SELECT * FROM users WHERE username = '$username' AND user_id <> '$user_id'"; $r = mysqli_query ($mysqli, $u) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($mysqli)); if (mysqli_num_rows($r) == TRUE) { // Unavailable. echo '<p class="error">Your username is unavailable!</p>'; $username = NULL; } else if(mysqli_num_rows($r) == 0) { // Available. $username = mysqli_real_escape_string($mysqli, $purifier->purify(htmlentities(strip_tags($_POST['username'])))); } }

  Read the article

• Sanitizing CSS in Rails

  - by Erik

  Hello! I want to allow the users of a web app that I'm building to write their own CSS in order to customize their profile page. However I am aware of this opening up for many security risks, i e background: url('javascript:alert("Got your cookies! " + document.cookies'). Hence I am looking for a solution to sanitize the CSS while still allowing as much CSS functionality as possible for my users. So my questions if anyone anyone knows of a gem or a plugin to handles this? I've googled my brains out already so any tips would be really appreciated!

  Read the article

• Table-per-type inheritance insert problem

  - by gzak

  I followed this article on making a table-per-type inheritance model for my entities, but I get the following error when I try to add an instance of a subclass to the database. Here is how I create the subtype: var cust = db.Users.CreateObject<Customer>(); // Customer inherits User db.Users.AddObject(cust); db.SaveChanges(); I get the following error when I make that last call: "A value shared across entities or associations is generated in more than one location. Check that mapping does not split an EntityKey to multiple store-generated columns." With the following inner exception: "An item with the same key has already been added." Any ideas on what I could be missing?

  Read the article

• Entity data field validation and part data submission

  - by pradeeptp

  I have an entity class that has 10 fields. I am using MS Validation Application block to mark all fields as mandatory (IsRequired). I am implementing a securiy feature in which during updation of the data, not all the fields in the entity class will have data. For example a few users can only view 5 fileds while others all 10 fields during updation on GUI I have the following options 1) Bring all the data for all the fields from the DB table and hide the ones not accessible to the users in GUI. I am concerned about the performance because everytime GUI will pull unncessary data. 2) Bring the data (e.g. only 5 fields) that are permissible for access/view by the user on GUI. During submit, validation block will throw exception because all fields are marked as IsRequired and only data for 5 fields are sent back to the server. I want to know if there are any other good approaches to solve problems like this. I am using .NET 3.5 Thanks.

  Read the article

• How bad is opening and closing a SQL connection for several times? What is the exact effect?

  - by Eren

  For example, I need to fill lots of DataTables with SQLDataAdapter's Fill() method: DataAdapter1.Fill(DataTable1); DataAdapter2.Fill(DataTable2); DataAdapter3.Fill(DataTable3); DataAdapter4.Fill(DataTable4); DataAdapter5.Fill(DataTable5); .... .... Even all the dataadapter objects use the same SQLConnection, each Fill method will open and close the connection unless the connection state is already open before the method call. What I want to know is how does unnecessarily opening and closing SQLConnections affect the performance of the application. How much does it need to scale to see the bad effects of this problem (100,000s of concurrent users?). In a mid-size website (daily 50000 users) does it worth bothering and searching for all the Fill() calls, keeping them together in the code and opening the connection before any Fill() call and closing afterwards?

  Read the article

< Previous Page | 284 285 286 287 288 289 290 291 292 293 294 295  | Next Page >