Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 301/3920 | < Previous Page | 297 298 299 300 301 302 303 304 305 306 307 308  | Next Page >

  • Anything wrong with this php code?

    - by Hwang
    1st I have to say I know nothing bout php. I was actually doing my AS3 guest-book and through parts of tutorials from Activetut, I managed to come out a flash guest-book. So the problem now I'm facing is the guest-book could only inject 1 XML data and it will always clear off the old 1, while the flash is still caching on the old XML files. I'd found some other tutorials(which I think its quite hard since i dunno anything about php) and comparing to the php code I'm using, it seems to be extremely short. I have no idea what the code does, so currently I'm not sure whether the problems came from the php or my AS3. <?php if (isset($GLOBALS["HTTP_RAW_POST_DATA"])){ $xml = $GLOBALS["HTTP_RAW_POST_DATA"]; $file = fopen("wish.xml","wb"); fwrite($file, $xml); fclose($file); } ?> and below is my correct XML format: <WISHES> <WISH> <NAME>Test</NAME> <EMAIL>[email protected]</EMAIL> <DATENTIME>2/3/10</DATENTIME> <MESSAGE>Dummy Message</MESSAGE> </WISH> <WISH> <NAME>Test</NAME> <EMAIL>[email protected]</EMAIL> <DATENTIME>2/3/10</DATENTIME> <MESSAGE>Dummy Message</MESSAGE> </WISH> </WISHES> So anyone kind to explain what that php code does? cause it replace my XML with: <WISH> <NAME>Test</NAME> <EMAIL>[email protected]</EMAIL> <DATENTIME>2/3/10</DATENTIME> <MESSAGE>Dummy Message</MESSAGE> </WISH>

    Read the article

  • Fail2Ban - Log to mysql

    - by user319660
    Hi! We have a few servers with SSH public (using sFTP). Obviously, the attacks ar too many. We want put the banned logs into a MySQL DB for make stats and etc. Have anyone tryied this? Thanks

    Read the article

  • Custom fine-grained claims based authorization system in ASP.NET MVC - wheres and hows

    - by BuzzBubba
    So, I'd like to implement my own custom authorization system in MVC2. If I'd have to create a global class, where do I instantiate it? Can HttpContext be extended with my own additions and where do I do that? Should I use Authorization filters for rights validation or ActionFilters or do it within an action? Can ActionFilter pass any data to the action itself? Previously (in WebForms) I was using a Session object where I would put a serialized object containing essential user data (account id and a list of roles and rights) and I'd extend my own Page class.

    Read the article

  • A question in java.lang.Integer internal code

    - by Daziplqa
    Hi folks, While looking in the code of the method: Integer.toHexString I found the following code : public static String toHexString(int i) { return toUnsignedString(i, 4); } private static String toUnsignedString(int i, int shift) { char[] buf = new char[32]; int charPos = 32; int radix = 1 << shift; int mask = radix - 1; do { buf[--charPos] = digits[i & mask]; i >>>= shift; } while (i != 0); return new String(buf, charPos, (32 - charPos)); } The question is, in toUnsignedString, why we create a char arr of 32 chars?

    Read the article

  • Choosing http status code for unknown command reply

    - by w0rldart
    So, I'm writing a small test that I have been required to complete and I just want to give it some final touches by adding some header status code responses and some other stuff. Right now, my dilemma is what HTTP status code to choose for my "Unknown command" response after the $_GET['cmd'] has been compared to the existing commands list. case 404: $text = 'Not Found'; break; case 405: $text = 'Method Not Allowed'; break; case 406: $text = 'Not Acceptable'; break; For which one of the above should I go? And if none, which other?

    Read the article

  • Add client side javascript code and ASP.Net validation on a asp.net button

    - by Vinni
    Hello guys, I wanted to write javascript code on "OnClientClick" of the asp.net button and also I want the asp.net validation to be run for that button. but when i mix these both validation is not working. please help me out. Below is my code ASPX <asp:Button ID="btnAddToFeatureOffers" runat="server" Text="Add to Feature Offers" OnClick="btnAddToFeatureOffers_Click" ValidationGroup="vgAddOffer" OnClientClick="add();" /> javascript function add() { var selectedOrder = $('#ctl00_MainContent_ddlFeaturedHostingType option:selected')[0].index; var offer = $('#<%=txtOrder.ClientID%>').val(); var a = $("<a>").attr("href", "#").addClass("offer").text("X"); $("<div>").text(offer).append(a).appendTo($('#resultTable #resultRow td')[selectedOrder - 1]); }

    Read the article

  • How do I copy new binaries to C:\Program Files?

    - by Michael L Perry
    I'm creating a Windows app that automatically updates itself. I'm not using ClickOnce for a variety of reasons. When I try to File.Move() my updated files to C:\Program Files on Windows 7, I get the following error: Access to the path 'C:\Program Files\<company>\<app>\<app.exe>' is denied. I am not given a UAC prompt. The exe that I am trying to update is not currently running.

    Read the article

  • code sign error : doesnt match key pair in default keychain

    - by abhiTouchmagic
    *Code Sign error: The identity 'iPhone Developer: XXXXXXXXXX' doesn't match any valid certificate/private key pair in the default keychain.* i am a member in developer profile... i am having theprovisioning profile... what must be the problem sir? Code Sign error: The identity 'iPhone Developer: BD9A19AA-EFEF-41CC-9560-2D97E157380C' doesn't match any valid certificate/private key pair in the default keychain what abt this? what am i supposed to do? i earched a lot but may be i am getting wrong somewhere? help me with this

    Read the article

  • Using Active Directory to authenticate users in a WWW facing website

    - by Basiclife
    Hi, I'm looking at starting a new web app which needs to be secure (if for no other reason than that we'll need PCI accreditation at some point). From previous experience working with PCI (on a domain), the preferred method is to use integrated windows authentication which is then passed all the way through the app to the database. This allows for better auditing as well as object-level permissions (ie an end user can't read the credit card table). There are advantages in that even if someone compromises the webserver, they won't be able to glean any additional information from the database. Also, the webserver isn't storing any database credentials (beyond perhaps a simple anonymous user with very few permissions) So, now I'm looking at the new web app which will be on the public internet. One suggestion is to have a Active Directory server and create windows accounts on the AD for each user of the site. These users will then be placed into the appropriate NT groups to decide which DB permissions they should have (and which pages they can access). ASP already provides the AD membership provider and role provider so this should be fairly simple to implement. There are a number of questions around this - Scalability, reliability, etc... and I was wondering if there is anyone out there with experience of this approach or, even better, some good reasons why to do it / not to do it. Any input appreciated Regards Basiclife

    Read the article

  • Understanding CSRF - Simple Question

    - by byronh
    I know this might make me seem like an idiot, I've read everything there is to read about CSRF and I still don't understand how using a 'challenge token' would add any sort of prevention. Please help me clarify the basic concept, none of the articles and posts here on SO I read seemed to really explicitly state what value you're comparing with what. From OWASP: In general, developers need only generate this token once for the current session. After initial generation of this token, the value is stored in the session and is utilized for each subsequent request until the session expires. If I understand the process correctly, this is what happens. I log in at http://example.com and a session/cookie is created containing this random token. Then, every form includes a hidden input also containing this random value from the session which is compared with the session/cookie upon form submission. But what does that accomplish? Aren't you just taking session data, putting it in the page, and then comparing it with the exact same session data? Seems like circular reasoning. These articles keep talking about following the "same-origin policy" but that makes no sense, because all CSRF attacks ARE of the same origin as the user, just tricking the user into doing actions he/she didn't intend. Is there any alternative other than appending the token to every single URL as a query string? Seems very ugly and impractical, and makes bookmarking harder for the user.

    Read the article

  • Using MS Anti XSS library for sanitizing HTML

    - by user102533
    In the intent of preventing XSS attacks, I am updating a page in which we have a textbox that accepts HTML, stores it in a database and retrieves and renders it at a later time. My understanding is that I can sanitize the HTML using AntiXSS.GetSafeHtmlFragment() method. As long as I do this before storing the HTML in the database, am I covered? Do I need to do anything when the HTML is outputted on a web page? Also, it appears that the white list is kind of a black box. Is there a way to update this based on our requirements?

    Read the article

  • Need an encrypted online source code backup service.

    - by camelCase
    Please note this is not a question about online/hosted SVN services. I am working on a home based, solo developer, project that now has commercial significance and it is time to think about remote source code backup. There is no need for file level check in/out, all I need is once a day or once a week directory level snapshot to remote storage. Automatic encryption would be a bonus to protect my IP. What I have in mind is some sort of GUI interface app that will squirt a source code snapshot off to an Amazon S3 bucket on an automatic schedule. (My development PC runs on MS Windows.)

    Read the article

  • IFrame causing javascript code to not execute

    - by Claudio Redi
    Does anyone know why this code doesn't work. This means, the alert is NOT fired <iframe/> <script type="text/javascript">alert('hello');</script> While this code with the alert BEFORE the Iframe works perfeclty. This means the alert is fired <script type="text/javascript">alert('hello');</script> <iframe/> Seems that no javascript placed after the iframe is executed, I don't find any logic to this.

    Read the article

  • How to give you website customers a secure feeling

    - by Saif Bechan
    I was wondering how you can give your website customers the confidence that you are not tinkering with the database values. I am planning on running a website which falls in the realm of an online game. There is some kind of credit system involved that people have to pay for. Now I was wondering how sites like this ensure there customers that there is no foul play in the database itself. As I am the database admin i can pretty much change all the values from within without anyone knowing i did. Hence letting someone win that does not rightfully is the winner. Is it maybe an option to decrypt en encrypt the credits people have so i can't change them. Or is there maybe a company i can hire that checks my company for foul play.

    Read the article

  • Is there an Unobtrusive Captcha for web forms?

    - by KP
    What is the best unobtrusive CAPTCHA for web forms? One that does not involve a UI, rather a non-UI Turing test. I have seen a simple example of a non UI CAPTCHA like the Nobot control from Microsoft. I am looking for a CAPTCHA that does not ask the user any question in any form. No riddles, no what's in this image.

    Read the article

  • Swing code in sockets

    - by asb
    I am learning swings for making GUI. I was thinking which is the best possible way in case of socket with swings. 1. The whole swing code goes in the server file. All the handlers and logic in on server side. Client only create socket. 2. The server have logic part. The code for the swing to display interface goes on client side. Client Creates stream to send / rec. data from server. Whch is the good way out of 2 ?

    Read the article

  • How to improve IntelliJ code editor speed?

    - by Hoàng Long
    I am using IntelliJ (Community Edition) for several months, and at first I'm pleased about its speed & simplicity. But now, after upgrading to version 10, it's extremely slow. Sometimes I click a file then it takes 5 - 15 seconds to open that file (it freeze for that time). I don't know if I have done anything which cause that: I have installed 2 plugins(regex, sql), and have 2 versions of IntelliJ on my machine (now the version 9 removed, only version 10 remains). Is there any tips to improve speed of code editor, in general, or specifically IntelliJ? I have some experience when using IntelliJ: 1. Should open IntelliJ a while before working, cause it needs time for indexing. Don't open too many code tabs Open as less other program as possible. I'm using 2 GB RAM WinXP, and it just seems fairly enough for Java, IntelliJ & Chrome at the same time.

    Read the article

  • What should a developer know before building a public web site?

    - by Joel Coehoorn
    What things should a programmer implementing the technical details of a web site address before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what important thing could I be forgetting as well? I'm thinking about this from a web developer's perspective, such that someone else is creating the actual design and content for the site. So while usability and content may be more important than the platform, you the programmer have little say in that. What you do need to worry about is that your implementation of the platform is stable, performs well, is secure, and meets any other business goals (like not cost too much, take too long to build, and rank as well with Google as the content supports). Think of this from the perspective of a developer who's done some work for intranet-type applications in a fairly trusted environment, and is about to have his first shot and putting out a potentially popular site for the entire big bad world wide web. Also: I'm looking for something more specific than just a vague "web standards" response. I mean, HTML, JavaScript, and CSS over HTTP are pretty much a given, especially when I've already specified that you're a professional web developer. So going beyond that, Which standards? In what circumstances, and why? Provide a link to the standard's specification. This question is community wiki, so please feel free to edit that answer to add links to good articles that will help explain or teach each particular point.

    Read the article

  • Are there any differences between MSSQL and MySQL when it comes to preventing SQL injection?

    - by Derek Adair
    I am used to developing in PHP/MySQL and have no experience developing with MSSQL. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about. For example, with MySQL I utilize the function mysql_real_excape_string(). Is there a similar function with PHP/MSSQL? What steps do I need to take in order to protect against SQL injection with MSSQL? What are the differences between MSSQL and MySQL pertaining to SQL injection prevention?

    Read the article

  • Optimizing Haskell code

    - by Masse
    I'm trying to learn Haskell and after an article in reddit about Markov text chains, I decided to implement Markov text generation first in Python and now in Haskell. However I noticed that my python implementation is way faster than the Haskell version, even Haskell is compiled to native code. I am wondering what I should do to make the Haskell code run faster and for now I believe it's so much slower because of using Data.Map instead of hashmaps, but I'm not sure I'll post the Python code and Haskell as well. With the same data, Python takes around 3 seconds and Haskell is closer to 16 seconds. It comes without saying that I'll take any constructive criticism :). import random import re import cPickle class Markov: def __init__(self, filenames): self.filenames = filenames self.cache = self.train(self.readfiles()) picklefd = open("dump", "w") cPickle.dump(self.cache, picklefd) picklefd.close() def train(self, text): splitted = re.findall(r"(\w+|[.!?',])", text) print "Total of %d splitted words" % (len(splitted)) cache = {} for i in xrange(len(splitted)-2): pair = (splitted[i], splitted[i+1]) followup = splitted[i+2] if pair in cache: if followup not in cache[pair]: cache[pair][followup] = 1 else: cache[pair][followup] += 1 else: cache[pair] = {followup: 1} return cache def readfiles(self): data = "" for filename in self.filenames: fd = open(filename) data += fd.read() fd.close() return data def concat(self, words): sentence = "" for word in words: if word in "'\",?!:;.": sentence = sentence[0:-1] + word + " " else: sentence += word + " " return sentence def pickword(self, words): temp = [(k, words[k]) for k in words] results = [] for (word, n) in temp: results.append(word) if n > 1: for i in xrange(n-1): results.append(word) return random.choice(results) def gentext(self, words): allwords = [k for k in self.cache] (first, second) = random.choice(filter(lambda (a,b): a.istitle(), [k for k in self.cache])) sentence = [first, second] while len(sentence) < words or sentence[-1] is not ".": current = (sentence[-2], sentence[-1]) if current in self.cache: followup = self.pickword(self.cache[current]) sentence.append(followup) else: print "Wasn't able to. Breaking" break print self.concat(sentence) Markov(["76.txt"]) -- module Markov ( train , fox ) where import Debug.Trace import qualified Data.Map as M import qualified System.Random as R import qualified Data.ByteString.Char8 as B type Database = M.Map (B.ByteString, B.ByteString) (M.Map B.ByteString Int) train :: [B.ByteString] -> Database train (x:y:[]) = M.empty train (x:y:z:xs) = let l = train (y:z:xs) in M.insertWith' (\new old -> M.insertWith' (+) z 1 old) (x, y) (M.singleton z 1) `seq` l main = do contents <- B.readFile "76.txt" print $ train $ B.words contents fox="The quick brown fox jumps over the brown fox who is slow jumps over the brown fox who is dead."

    Read the article

  • Process.Start - Pass html code to exe as argument

    - by dkirk
    Hello, I am using the code below to start a executable file from a windows service and I need to pass html code (stored in a variable) as an argument. I am escaping with double quotes but this is not working. What do I need to do in order to pass this correctly? Thanks in advance for any guidance that is offered. Inside the service: Process.Start(@"E:\Program Files\MyApp.exe", dr["rec"].ToString() + " \"" + subject + "\" \"" + htmlVar); and then within MyApp.exe: static void Main(string[] args) { Program MyProg = new Program(); MyProg.MyMeth(args[0].ToString(), args[1].ToString(), args[2].ToString()); }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 297 298 299 300 301 302 303 304 305 306 307 308  | Next Page >