Search Results

Search found 97980 results on 3920 pages for 'code security'.

Page 301/3920 | < Previous Page | 297 298 299 300 301 302 303 304 305 306 307 308  | Next Page >

• Looking for a good WTF story involving SSL

  - by lindelof

  I'm preparing a talk on SSL to our local Java user group, and I would like to introduce it with some story on how NOT to use it. I've searched through the DailyWTF archives but couldn't find anything really good. Do you know such a story, or do you have some pointers where I could go looking for one?

  Read the article

• Office documents prompt for login in anonymous SharePoint site

  - by xmt15

  I have a MOSS 07 site that is configured for anonymous access. There is a document library within this site that also has anonymous access enabled. When an anonymous user clicks on a PDF file in this library, he or she can read or download it with no problem. When a user clicks on an Office document, he or she is prompted with a login box. The user can cancel out of this box without entering a log in, and will be taken to the document. This happens in IE but not FireFox. I see some references to this question on the web but no clear solutions: http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.sharepoint.windowsservices.development&tid=5452e093-a0d7-45c5-8ed0-96551e854cec&cat=en_US_CC8402B4-DC5E-652D-7DB2-0119AFB7C906&lang=en&cr=US&sloc=&p=1 http://www.sharepointu.com/forums/t/5779.aspx http://www.eggheadcafe.com/software/aspnet/30817418/anonymous-users-getting-p.aspx

  Read the article

• Debugging dynamically added Javascript code

  - by gilm

  One of the programmers I worked with has something similar in code: var head = document.getElementsByTagName("head")[0]; var e = document.createElement("script"); e.type = "text/javascript"; var b = "function moo() { alert('hello'); }"; e.appendChild(document.createTextNode(b)); head.appendChild(e); moo(); This is all good and dandy, but I would like to step into moo(), and firebug just can't do that. I know I can rip the whole thing apart, but I reallllly don't want to touch it and his code works :) Any ideas how I can debug this with Firebug? Cheers

  Read the article

• Do I only have to worry about XSS and Sql injection?

  - by Pranali Desai

  Hi All, I am writing an application and for this to make it safe I have decided to HtmlEncode and HtmlDecode the data to avoid Javascript Injection and Paramaterised queries to avoid Sql injection. But I want to know whether these are the best ways to avoid these attacks and what are the other ways to damage the application that I should take into consideration.

  Read the article

• Add client side javascript code and ASP.Net validation on a asp.net button

  - by Vinni

  Hello guys, I wanted to write javascript code on "OnClientClick" of the asp.net button and also I want the asp.net validation to be run for that button. but when i mix these both validation is not working. please help me out. Below is my code ASPX <asp:Button ID="btnAddToFeatureOffers" runat="server" Text="Add to Feature Offers" OnClick="btnAddToFeatureOffers_Click" ValidationGroup="vgAddOffer" OnClientClick="add();" /> javascript function add() { var selectedOrder = $('#ctl00_MainContent_ddlFeaturedHostingType option:selected')[0].index; var offer = $('#<%=txtOrder.ClientID%>').val(); var a = $("<a>").attr("href", "#").addClass("offer").text("X"); $("<div>").text(offer).append(a).appendTo($('#resultTable #resultRow td')[selectedOrder - 1]); }

  Read the article

• Windows Login Integration

  - by Dusty Roberts

  Hi Peeps. I am building facial recognition software for a certain purpose, however, as a spin-off i would like to use that same software / concept, to automatically recognize me when i sit in front of the PC, and log me in. recognition is handled.. however, i need to incorporate this into windows, the same way fingerprint logins work. where can i go to get some more info on the doing this?

  Read the article

• Distributed transactions

  - by javi

  Hello! I've a question regarding distributed transactions. Let's assume I have 3 transaction programs: Transaction A begin a=read(A) b=read(B) c=a+b write(C,c) commit Transaction B begin a=read(A) a=a+1 write(A,a) commit Transaction C begin c=read(C) c=c*2 write(A,c) commit So there are 5 pairs of critical operations: C2-A5, A2-B4, B4-C4, B2-C4, A2-C4. I should ensure integrity and confidentiality, do you have any idea of how to achieve it? Thank you in advance!

  Read the article

• Process.Start - Pass html code to exe as argument

  - by dkirk

  Hello, I am using the code below to start a executable file from a windows service and I need to pass html code (stored in a variable) as an argument. I am escaping with double quotes but this is not working. What do I need to do in order to pass this correctly? Thanks in advance for any guidance that is offered. Inside the service: Process.Start(@"E:\Program Files\MyApp.exe", dr["rec"].ToString() + " \"" + subject + "\" \"" + htmlVar); and then within MyApp.exe: static void Main(string[] args) { Program MyProg = new Program(); MyProg.MyMeth(args[0].ToString(), args[1].ToString(), args[2].ToString()); }

  Read the article

• Securing Elmah RSS Feeds in ASP.NET website

  - by olivehour

  I followed the answer to this question http://stackoverflow.com/questions/1245364/securing-elmah-in-asp-net-website to restrict access to the elmah handler. However, it seems that adding an RSS feed to Outlook for the URL elmah.axd/rss or elmah.axd/digestrss bypasses the authentication. What's the point of securing the handler if someone can guess the RSS URL and subscribe to a feed of the error log?

  Read the article

• Need an encrypted online source code backup service.

  - by camelCase

  Please note this is not a question about online/hosted SVN services. I am working on a home based, solo developer, project that now has commercial significance and it is time to think about remote source code backup. There is no need for file level check in/out, all I need is once a day or once a week directory level snapshot to remote storage. Automatic encryption would be a bonus to protect my IP. What I have in mind is some sort of GUI interface app that will squirt a source code snapshot off to an Amazon S3 bucket on an automatic schedule. (My development PC runs on MS Windows.)

  Read the article

• Hy, problem mantaining big javascript code.

  - by Totty

  I have more than 1000 lines in a big jquery plugin, that is actually a big class, that inludes some others classes, but they have to be in the same file. I inlcude a piece of code. If you have another way to simplify the code.. The actual problem is that i have a gallery with a lot of things, is dynamic with smart ajax data loading so it requires a lot of classes to use it properly and to cache the data. (function($){ var TottysGallery = function(element, options, data){ var Core = new function(){...}; var Core2 = new function(){...}; var Core3 = new function(){...}; var Core = function(){...}; };

  Read the article

• What should a developer know before building a public web site?

  - by Joel Coehoorn

  What things should a programmer implementing the technical details of a web site address before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what important thing could I be forgetting as well? I'm thinking about this from a web developer's perspective, such that someone else is creating the actual design and content for the site. So while usability and content may be more important than the platform, you the programmer have little say in that. What you do need to worry about is that your implementation of the platform is stable, performs well, is secure, and meets any other business goals (like not cost too much, take too long to build, and rank as well with Google as the content supports). Think of this from the perspective of a developer who's done some work for intranet-type applications in a fairly trusted environment, and is about to have his first shot and putting out a potentially popular site for the entire big bad world wide web. Also: I'm looking for something more specific than just a vague "web standards" response. I mean, HTML, JavaScript, and CSS over HTTP are pretty much a given, especially when I've already specified that you're a professional web developer. So going beyond that, Which standards? In what circumstances, and why? Provide a link to the standard's specification. This question is community wiki, so please feel free to edit that answer to add links to good articles that will help explain or teach each particular point.

  Read the article

• IFrame causing javascript code to not execute

  - by Claudio Redi

  Does anyone know why this code doesn't work. This means, the alert is NOT fired <iframe/> <script type="text/javascript">alert('hello');</script> While this code with the alert BEFORE the Iframe works perfeclty. This means the alert is fired <script type="text/javascript">alert('hello');</script> <iframe/> Seems that no javascript placed after the iframe is executed, I don't find any logic to this.

  Read the article

• best way to switch between secure and unsecure connection without bugging the user

  - by Brian Lang

  The problem I am trying to tackle is simple. I have two pages - the first is a registration page, I take in a few fields from the user, once they submit it takes them to another page that processes the data, stores it to a database, and if successful, gives a confirmation message. Here is my issue - the data from the user is sensitive - as in, I'm using an https connection to ensure no eavesdropping. After that is sent to the database, I'd like on the confirmation page to do some nifty things like Google Maps navigation (this is for a time reservation application). The problem is by using the Google Maps api, I'd be linking to items through a unsecure source, which in turn prompts the user with a nasty warning message. I've browsed around, Google has an alternative to enterprise clients, but it costs $10,000 a year. What I am hoping is to find a workaround - use a secure connection to take in the data, and after it is processed, bring them to a page that isn't secure and allows me to utilize the Google Maps API. If any of you have a Netflix account you can see exactly what I would like to do when you sign-in, it is a secure page, which then takes you to your account / queue, on an unsecure page. Any suggestions? Thanks!

  Read the article

• How do I copy new binaries to C:\Program Files?

  - by Michael L Perry

  I'm creating a Windows app that automatically updates itself. I'm not using ClickOnce for a variety of reasons. When I try to File.Move() my updated files to C:\Program Files on Windows 7, I get the following error: Access to the path 'C:\Program Files\<company>\<app>\<app.exe>' is denied. I am not given a UAC prompt. The exe that I am trying to update is not currently running.

  Read the article

• Can per-user randomized salts be replaced with iterative hashing?

  - by Chas Emerick

  In the process of building what I'd like to hope is a properly-architected authentication mechanism, I've come across a lot of materials that specify that: user passwords must be salted the salt used should be sufficiently random and generated per-user ...therefore, the salt must be stored with the user record in order to support verification of the user password I wholeheartedly agree with the first and second points, but it seems like there's an easy workaround for the latter. Instead of doing the equivalent of (pseudocode here): salt = random(); hashedPassword = hash(salt . password); storeUserRecord(username, hashedPassword, salt); Why not use the hash of the username as the salt? This yields a domain of salts that is well-distributed, (roughly) random, and each individual salt is as complex as your salt function provides for. Even better, you don't have to store the salt in the database -- just regenerate it at authentication-time. More pseudocode: salt = hash(username); hashedPassword = hash(salt . password); storeUserRecord(username, hashedPassword); (Of course, hash in the examples above should be something reasonable, like SHA-512, or some other strong hash.) This seems reasonable to me given what (little) I know of crypto, but the fact that it's a simplification over widely-recommended practice makes me wonder whether there's some obvious reason I've gone astray that I'm not aware of.

  Read the article

• Windows Store App Visual Basic Rotate Object with code

  - by Ajay Raghav

  How to rotate an ellipse (or any other object) with VB code? In XAML, I designed an ellipse and easily rotated it from the properties (Transform - Rotate - Angle). When I am trying to do it with VB code, I cannot locate the rotate/angle property of that ellipse. So, I tried this: Dim Rotator As RotateTransform Rotator.Angle = 90 Ellipse1.RenderTransform = Rotator It didn’t work. It says: Unable to cast object of type 'Windows.UI.Xaml.Media.MatrixTransform' to type 'Windows.UI.Xaml.Media.RotateTransform'. I think I’m close to the right way. Please give me a push. Thanks

  Read the article

• I have to implement Encryption using 3DES in java . I am new to it. Please suggest

  - by Erick

  I have to implement 3DES encryption using 3DES in java. As I am new to this. Could you please suggest and provide good samples to proceed.

  Read the article

• Problem exporting RSA key -'key not valid for use in specified state'

  - by asp316

  I'm encrypting the web.config in our web sites using aspnet_regiis. However, I want the ability to export the encryption key so if we need to move from Machine A to Machine B, asp.net will be able to decrypt it. When I run aspnetregiis -px "NetFrameworkConfigurationKey" c:\keys.xml -pri, I get the following : 'Key not valid for use in specified state'. I've seen all kinds of responses online but they don't seem to apply. It's not an invalid key because when I use aspnet_regiis to encrypt sections of the web.config, they encrypt fine. Ideas?

  Read the article

• Anything wrong with this php code?

  - by Hwang

  1st I have to say I know nothing bout php. I was actually doing my AS3 guest-book and through parts of tutorials from Activetut, I managed to come out a flash guest-book. So the problem now I'm facing is the guest-book could only inject 1 XML data and it will always clear off the old 1, while the flash is still caching on the old XML files. I'd found some other tutorials(which I think its quite hard since i dunno anything about php) and comparing to the php code I'm using, it seems to be extremely short. I have no idea what the code does, so currently I'm not sure whether the problems came from the php or my AS3. <?php if (isset($GLOBALS["HTTP_RAW_POST_DATA"])){ $xml = $GLOBALS["HTTP_RAW_POST_DATA"]; $file = fopen("wish.xml","wb"); fwrite($file, $xml); fclose($file); } ?> and below is my correct XML format: <WISHES> <WISH> <NAME>Test</NAME> <EMAIL>[email protected]</EMAIL> <DATENTIME>2/3/10</DATENTIME> <MESSAGE>Dummy Message</MESSAGE> </WISH> <WISH> <NAME>Test</NAME> <EMAIL>[email protected]</EMAIL> <DATENTIME>2/3/10</DATENTIME> <MESSAGE>Dummy Message</MESSAGE> </WISH> </WISHES> So anyone kind to explain what that php code does? cause it replace my XML with: <WISH> <NAME>Test</NAME> <EMAIL>[email protected]</EMAIL> <DATENTIME>2/3/10</DATENTIME> <MESSAGE>Dummy Message</MESSAGE> </WISH>

  Read the article

• Simple code implementation of some architectural patterns

  - by zSysop

  Hi all, I was wondering if anyone knew of any simple code implementations of the following architectural patterns (in Java or C#): * Blackboard * Presentation Abstraction Control (PAC) * MVC Thanks in advance

  Read the article

• Is it possible to compile IronRuby code to a .NET assembly (EXE or DLL)

  - by Chris Ammerman

  My scenario consists of the following points. I have a packaged software product I am developing in C# Since it is a packaged product, the public interfaces of the assemblies need to be tightly controlled... All assemblies are strong-named Any classes that don't absolutely have to be "public" are "internal" I want to write unit tests for those "internal" classes, since they are the bulk of the code And finally.... I want to try writing the unit tests in Ruby. Since the unit tests would be external to the assembly containing the code under test, the assemblies under test would each need to have an "InternalsVisibleTo" attribute specifying the name of the unit test assembly. Which of course would mean that the Ruby unit tests would have to compile down to a .NET assembly so they can be given access in this way. Can this be done? If so, how? All I can find on the web about "compiling IronRuby" is about building the actual IronRuby runtime from source.

  Read the article

• Cleaning all inline events from HTML tags

  - by Itay Moav

  For HTML input, I want to neutralize all HTML elements that have inline js (onclick="..", onmouseout=".." etc). I am thinking, isn't it enough to encode the following chars? =,(,) So onclick="location.href='ggg.com'" will become onclick%3D"location.href%3D'ggg.com'" What am I missing here? Edit: I do need to accept active HTML (I can't escape it all or entities is it).

  Read the article

• How do i sign variables?

  - by acidzombie24

  I have a few variables that must be stored on the client side. As usual anything on client side can be tampered. I would like to sign a few variables and verified them when the data is sent back to the server. At the moment i think they are 5 64bit vars. On the server i would like to sign those 5 variables, then ensure the signature is valid when the client sends it back. How do i do this using C# .NET?

  Read the article

• Downloading Eclipse's Source Code

  - by digiarnie

  I'm doing a study on large Java projects and would like to view the source code for Eclipse. I have gone to this url (http://wiki.eclipse.org/index.php/CVS_Howto) and figured that the most useful cvs repository for me to look at would be this one: :pserver:[email protected]:/cvsroot/eclipse (The Eclipse platform project) However, when looking at this repository, it has so many modules! Which modules should I be trying to check out? I don't necessarily want to build the IDE from source, however, I just want to get the core Eclipse code base to perform some analysis. Would I just check out any modules starting with "org.eclipse..."? Should I be checking out any of the others? Or is there an easier way to get the source? I read somewhere that you can get the source from the binary version of Eclipse but I am unsure where to find the source.

  Read the article

< Previous Page | 297 298 299 300 301 302 303 304 305 306 307 308  | Next Page >