Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 302/3920 | < Previous Page | 298 299 300 301 302 303 304 305 306 307 308 309  | Next Page >

  • best way to switch between secure and unsecure connection without bugging the user

    - by Brian Lang
    The problem I am trying to tackle is simple. I have two pages - the first is a registration page, I take in a few fields from the user, once they submit it takes them to another page that processes the data, stores it to a database, and if successful, gives a confirmation message. Here is my issue - the data from the user is sensitive - as in, I'm using an https connection to ensure no eavesdropping. After that is sent to the database, I'd like on the confirmation page to do some nifty things like Google Maps navigation (this is for a time reservation application). The problem is by using the Google Maps api, I'd be linking to items through a unsecure source, which in turn prompts the user with a nasty warning message. I've browsed around, Google has an alternative to enterprise clients, but it costs $10,000 a year. What I am hoping is to find a workaround - use a secure connection to take in the data, and after it is processed, bring them to a page that isn't secure and allows me to utilize the Google Maps API. If any of you have a Netflix account you can see exactly what I would like to do when you sign-in, it is a secure page, which then takes you to your account / queue, on an unsecure page. Any suggestions? Thanks!

    Read the article

  • Convert the ada code to its C .

    - by maddy
    HI All, I have a piece of ada code shown below which is a simple switch case statements.Is there any better way to convert this into C. for I in 1..100 loop case I is when 100 => Dollars := Dollars + 1; when 25|50|75 => Quarters := Quarters + 1; when 10|20|30|40|60|70|80|90 => Dimes := Dimes + 1; when 5|15|35|45|55|65|85|95 => Nickles := Nickles + 1; when others => Pennies := Pennies + 1; end case; end loop; Now by adding the switch and the case for each values in the case,i can do that conversion,But it seems tyo make the code too big.Is there anywa other simple and compact way.Please get back to me if the question is not clear? Regards maddy

    Read the article

  • WCF REST based services authentication schemes

    - by FlySwat
    I have a simple authentication scheme for a set of semi-public REST API's we are building: /-----------------------\ | Client POST's ID/Pass | | to an Auth Service | \-----------------------/ [Client] ------------POST----------------------> [Service/Authenticate] | /-------------------------------\ | Service checks credentials | [Client] <---------Session Cookie------- | and generates a session token | | | in a cookie. | | \-------------------------------/ | [Client] -----------GET /w Cookie -------------> [Service/Something] | /----------------------------------\ | Client must pass session cookie | | with each API request | | or will get a 401. | \----------------------------------/ This works well, because the client never needs to do anything except receive a cookie, and then pass it along. For browser applications, this happens automatically by the browser, for non browser applications, it is pretty trivial to save the cookie and send it with each request. However, I have not figured out a good approach for doing the initial handshake from browser applications. For example, if this is all happening using a AJAX technique, what prevents the user from being able to access the ID/Pass the client is using to handshake with the service? It seem's like this is the only stumbling block to this approach and I'm stumped.

    Read the article

  • Account sharing among Ubuntu machines

    - by muckabout
    I'd like a simple and secure system to have allow users in our network to have their account (e.g., 'myname') work on every machine in the network (e.g., such that they could ssh to any machine and have the same userid, mounted smb share). Any suggestions?

    Read the article

  • Flash: Adjust this code to keep the duplicated movie clip

    - by Luke Evans
    OK, so here is my code ham_mc.onPress=function(){ startDrag(this); } ham_mc.onRelease=ham_mc.onReleaseOutside=function(){ stopDrag(); _root.ham_mc.duplicateMovieClip("ham_mc" + "x",2); x++; } The user can at first drag the movie clip. When released, the duplicateMovieClip command runs, leaving a new ham movie clip in the position the first is dragged to. PROBLEM: When I click and drag the first ham movie click again, the duplicateMovieClip runs again but REPLACES the previous generated movie clip. I added x and x++ in an attempt to give the movie clip duplication a different name every time, but this doesn't solve it. How do I change this code so that a NEW ham_mc is created every time, rather than overwriting the old one. I'm tired, sorry for the poor explaination!

    Read the article

  • Ruby - encrypted_strings

    - by Tom Andersen
    A bit of a Ruby newbie here - should be an easy question: I want to use the encrypted_strings gem to create a password encrypted string: (from http://rdoc.info/projects/pluginaweek/encrypted_strings) Question is: Everything works fine, but how come I don't need the password to decrypt the string? Say I want to store the string somewhere for a while,like the session. Is the password also stored with it? (which would seem very strange?). And no, I'm not planning on using 'secret-key' or any similar hack as a password. I am planning on dynamically generating a class variable @@password using a uuid, which I don't store other than in memory, and can change from one running of the program to the next. Symmetric: >> password = 'shhhh' => "shhhh" >> crypted_password = password.encrypt(:symmetric, :password => 'secret_key') => "qSg8vOo6QfU=\n" >> crypted_password.class => String >> crypted_password == 'shhhh' => true >> password = crypted_password.decrypt => "shhhh"

    Read the article

  • How do I ensure that SOAP requests from a flash client to my ASP server are coming from the flash cl

    - by Gary Benade
    I have a flash based game that has a high score system implemented with a SOAP service. There are prizes involved and I want to prevent someone from using FireBug or similar to discover the webservice path and submit fake scores. I considered using some kind of encryption on the data but am aware that someone could decompile the swf and work out how I did it. I also considered using an IP whitelist but since the incoming data will come from the users IP and not the servers that won't work. (I'm sure I'm missing something obvious here...) I know that there is a tried and tested solution for this, but I don't seem to be asking google the right questions to get to it. Any help and suggestions will be appreciated, thank you

    Read the article

  • Apache attack on compromised server, iframe injected by string replace

    - by Quang-Tuan Luong
    My server has been compromised recently. This morning, I have discovered that the intruder is injecting an iframe into each of my HTML pages. After testing, I have found out that the way he does that is by getting Apache (?) to replace every instance of <body> by <iframe link to malware></iframe></body> For example if I browse a file residing on the server consisting of: </body> </body> Then my browser sees a file consisting of: <iframe link to malware></iframe></body> <iframe link to malware></iframe></body> I have immediately stopped Apache to protect my visitors, but so far I have not been able to find what the intruder has changed on the server to perform the attack. I presume he has modified an Apache config file, but I have no idea which one. In particular, I have looked for recently modified files by time-stamp, but did not find anything noteworthy. Thanks for any help. Tuan. PS: I am in the process of rebuilding a new server from scratch, but in the while, I would like to keep the old one running, since this is a business site.

    Read the article

  • java keytool question

    - by user384706
    Hi, I created a java keystore programmatically of type jks (i.e. default type). It is initially empty so I created a DSA certificate. keytool -genkey -alias myCert -v -keystore trivial.keystore How can I see the public and private keys? I.e. is there a command that prints the private key of my certificate? I could only find keytool -certreq which in my understanding prints the certificate as a whole: -----BEGIN NEW CERTIFICATE REQUEST----- MIICaTCCAicCAQAwZTELMAkGA1UEBhMCR1IxDzANBgNVBAgTBkdyZWVjZTEPMA0GA1UEBxMGQXRo BQADLwAwLAIUQZbY/3Qq0G26fsBbWiHMbuVd3VICFE+gwtUauYiRbHh0caAtRj3qRTwl -----END NEW CERTIFICATE REQUEST----- I assume this is the whole certificate. How can I see private (or public key) via keytool? Thank you

    Read the article

  • Any way to get TStringList.CommaText to not escape commas with quotes?

    - by Mason Wheeler
    I'm doing some work with code generation, and one of the things I need to do is create a function call where one of the parameters is a function call, like so: result := Func1(x, y, Func2(a, b, c)); TStringList.CommaText is very useful for generating the parameter lists, but when I traverse the tree to build the outer function call, what I end up with looks like this: result := Func1(x, y, "Func2(a, b, c)"); It's quoting the third argument because it contains commas, and that produced invalid code. But I can't do something simplistic like StringReplace all double quotes with empty strings, because it's quite possible that a function argument could be a string with double quotes inside. Is there any way to make it just not escape the lines that contain commas?

    Read the article

  • Rhino - Set FEATURE_LOCATION_INFORMATION_IN_ERROR in code?

    - by Scott
    I'd like fileName, lineNumber and stack traces to automatically be provided by Rhino for any errors. I've been told that I need to set FEATURE_LOCATION_INFORMATION_IN_ERROR on the current context, but I'm not sure how to do this in code. Does anybody have an example of turning this feature on so that I can see stacktrace dumps on crashes? I'm using Rhino as part of Narwhal/Jack, and so that complicates things a bit, and I think the easiest way to at least get moving forward is if I can set it through code. Thanks.

    Read the article

  • Can per-user randomized salts be replaced with iterative hashing?

    - by Chas Emerick
    In the process of building what I'd like to hope is a properly-architected authentication mechanism, I've come across a lot of materials that specify that: user passwords must be salted the salt used should be sufficiently random and generated per-user ...therefore, the salt must be stored with the user record in order to support verification of the user password I wholeheartedly agree with the first and second points, but it seems like there's an easy workaround for the latter. Instead of doing the equivalent of (pseudocode here): salt = random(); hashedPassword = hash(salt . password); storeUserRecord(username, hashedPassword, salt); Why not use the hash of the username as the salt? This yields a domain of salts that is well-distributed, (roughly) random, and each individual salt is as complex as your salt function provides for. Even better, you don't have to store the salt in the database -- just regenerate it at authentication-time. More pseudocode: salt = hash(username); hashedPassword = hash(salt . password); storeUserRecord(username, hashedPassword); (Of course, hash in the examples above should be something reasonable, like SHA-512, or some other strong hash.) This seems reasonable to me given what (little) I know of crypto, but the fact that it's a simplification over widely-recommended practice makes me wonder whether there's some obvious reason I've gone astray that I'm not aware of.

    Read the article

  • Looking for a good WTF story involving SSL

    - by lindelof
    I'm preparing a talk on SSL to our local Java user group, and I would like to introduce it with some story on how NOT to use it. I've searched through the DailyWTF archives but couldn't find anything really good. Do you know such a story, or do you have some pointers where I could go looking for one?

    Read the article

  • Setting WPF image source in code

    - by Torbjørn
    I'm trying to set a WPF image's source in code. The image is embedded as a resource in the project. By looking at examples I've come up with the below code. For some reason it doesn't work - the image does not show up. By debugging I can see that the stream contains the image data. So what's wrong? Assembly asm = Assembly.GetExecutingAssembly(); Stream iconStream = asm.GetManifestResourceStream("SomeImage.png"); PngBitmapDecoder iconDecoder = new PngBitmapDecoder(iconStream, BitmapCreateOptions.PreservePixelFormat, BitmapCacheOption.Default); ImageSource iconSource = iconDecoder.Frames[0]; _icon.Source = iconSource; The icon is defined something like this: <Image x:Name="_icon" Width="16" Height="16" />

    Read the article

  • Is there a /users/www-data type directory in RedHat/Fedora?

    - by Yarin
    I'm trying to setup web2py on my Fedora server, and the instructions, written for Debian, are telling me to install it in the /users/www-data directory. I realize that Fedora uses a default 'apache' user for running Apache, and Debian uses a 'www-data' user, but there's no corresponding /users/apache directory on my machine... Here are the instructions http://web2py.com/book/default/section/11/2

    Read the article

  • XSLT: Disable output escaping in an entire document.

    - by Kragen
    I'm trying to generate some C# code using xslt - its working great until I get to generics and need to output some text like this: MyClass<Type> In this case I've found that the only way to emit this is to do the following: MyClass<xsl:text disable-output-escaping="yes">&lt;</xsl:text>Type<xsl:text disable-output-escaping="yes">&gt;</xsl:text> Where: Often it all needs to go on one line, otherwise you end up with line breaks in the generated code In the above example I technically could have used only 1 <xsl:text />, however usually the type Type is given by some other template, e.g: <xsl:value-of select="@type" /> I don't mind having to write &lt; a lot, but I would like to avoid writing <xsl:text disable-output-escaping="yes">&lt;</xsl:text> for just a single character! Is there any way of doing disable-output-escaping="yes" for the entire document?

    Read the article

  • Abstract out repeated code

    - by CookieMonster
    The code in this event is repeated exactly in two other event handlers. How do I put the repeated code into a method and call that method from the event handlers so I only have to maintain it in one place? I'm not sure how to pass the event args to the calling method. protected void gvDocAssoc_RowDataBound(object sender, GridViewRowEventArgs e) { if (e.Row.RowType == DataControlRowType.DataRow) { if ((Convert.ToString(DataBinder.Eval(e.Row.DataItem, "DETAIL_TYPE_DESC")) == "Transcript") && (Convert.ToString(DataBinder.Eval(e.Row.DataItem, "INSTITUTION_CODE")) == "")) { e.Row.BackColor = System.Drawing.Color.Red; } if ((Convert.ToString(DataBinder.Eval(e.Row.DataItem, "DETAIL_TYPE_DESC")) == "Certified Diploma") && (Convert.ToString(DataBinder.Eval(e.Row.DataItem, "INSTITUTION_CODE")) == "")) { e.Row.BackColor = System.Drawing.Color.Red; } if ((Convert.ToString(DataBinder.Eval(e.Row.DataItem, "DOC_TYPE_DESC")) == "Post Graduate conditions") && (Convert.ToString(DataBinder.Eval(e.Row.DataItem, "INSTITUTION_CODE")) == "")) { e.Row.BackColor = System.Drawing.Color.Red; } } }

    Read the article

  • Securing Elmah RSS Feeds in ASP.NET website

    - by olivehour
    I followed the answer to this question http://stackoverflow.com/questions/1245364/securing-elmah-in-asp-net-website to restrict access to the elmah handler. However, it seems that adding an RSS feed to Outlook for the URL elmah.axd/rss or elmah.axd/digestrss bypasses the authentication. What's the point of securing the handler if someone can guess the RSS URL and subscribe to a feed of the error log?

    Read the article

  • Rewriting Live TCP Streams

    - by user213060
    I want to rewrite TCP/IP streams. Ettercap's etterfilter command lets you perform simple live replacements of TCP/IP data based on fixed strings or regexes. Example: http://ettercap.sourceforge.net/forum/viewtopic.php?t=2833 I would like to rewrite streams based on my own filter program instead of just simple string replacements. Anyone have an idea of how to do this? Is there anything other than Ettercap that can do live replacement like this, maybe as a plugin to a VPN software or something? Thanks!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 298 299 300 301 302 303 304 305 306 307 308 309  | Next Page >