Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 304/3920 | < Previous Page | 300 301 302 303 304 305 306 307 308 309 310 311  | Next Page >

  • Are these two functions overkill for sanitization?

    - by jpjp
    function sanitizeString($var) { $var = stripslashes($var); $var = htmlentities($var); $var = strip_tags($var); return $var; } function sanitizeMySQL($var) { $var = mysql_real_escape_string($var); $var = sanitizeString($var); return $var; } I got these two functions from a book and the author says that by using these two, I can be extra safe against XSS(the first function) and sql injections(2nd func). Are all those necessary? Also for sanitizing, I use prepared statements to prevent sql injections. I would use it like this: $variable = sanitizeString($_POST['user_input']); $variable = sanitizeMySQL($_POST['user_input']);

    Read the article

  • How to prevent multiple registrations?

    - by GG.
    I develop a political survey website where anyone can vote once. Obviously I have to prevent multiple registrations for the survey remains relevant. Already I force every user to login with their Google, Facebook or Twitter account. But they can authenticate 3 times if they have an account on each, or authenticate with multiple accounts of the same platform (I have 3 accounts on Google). So I thought also store the IP address, but they can still go through a proxy... I thought also keep the HTTP User Agent with PHP's get_browser(), although they can still change browsers. I can extract the OS with a regex, to change OS is less easier than browsers. And there is also geolocation, for example with the Google Map API. So to summarize, several ideas: 1 / SSO Authentication (I keep the email) 2 / IP Address 3 / HTTP User Agent 4 / Geolocation with an API Have you any other ideas that I did not think? How to embed these tests? Execute in what order? Have you already deploy this kind of solution?

    Read the article

  • Good articles to read on SSL and HTTPS?

    - by Igor Romanov
    I had a problem with accepting invalid SSL certificate in my iPhone program. That problem is solved now, however I came to understanding that I have very abstract idea on how exactly the whole thing is working: how web browser is verifying that received certificate is really for host it communicates to and not faked by same party in the middle? if browser talks to some 3rd party (CA?) to do certificate check? and many other questions... Would someone please recommend good source of information with in-depth enough description of how all parts click together?

    Read the article

  • PHP: Is mysql_real_escape_string sufficient for cleaning user input?

    - by Thomas
    Is mysql_real_escape_string sufficient for cleaning user input in most situations? ::EDIT:: I'm thinking mostly in terms of preventing SQL injection but I ultimately want to know if I can trust user data after I apply mysql_real_escape_string or if I should take extra measures to clean the data before I pass it around the application and databases. I see where cleaning for HTML chars is important but I wouldn't consider it necessary for trusting user input. T

    Read the article

  • Visual Studio confused by server code inside javascript

    - by Felix
    I ran into an annoying problem: the following code gives a warning in Visual Studio. <script type="text/javascript"> var x = <%: ViewData["param"] %>; </script> The warning is "Expected expression". Visual Studion gets confused, and all the javascript code after that is giving tons of warnings. Granted, it's all warnings, and it works perfectly fine in runtime - but it is very easy to miss real warnings among dozen of false positives. It was working the same way in VS2008, and it wasn't fixed in VS2010. Does anybody know if there is a workaround, or a patch?

    Read the article

  • Default taglibs used within included JSPs for editing

    - by lostiniceland
    Hello everyone Within Eclipse's jsp-editor, as you all know, I get code-assistance for external taglibs once I defined them. In the project I am working on now a lot of jsps are just included and have no taglib definition in the top which gives me a lot of editor warnings. In the deployment this doesnt matter because the taglibs are defined in the head-jsp. Is there a way that I can define default taglibs within a project so the eclipse editor will give me code-assist even though I dont include the taglib in each file again?

    Read the article

  • Javascript code inside updatepanel usercontrol.

    - by Ed Woodcock
    Ok: I've got an updatepanel on an aspx page that contains a single Placeholder. Inside this placeholder I'm appending one of a selection of usercontrols depending on certain external conditions (this is a configuration page). In each of these usercontrols there is a bindUcEvents() javascript function that binds the various jQuery and javascript events to buttons and validators inside the usercontrol. The issue I'm having is that the usercontrol's javascript is not being recognised. Normally, javascript inside an updatepanel is executed when the updatepanel posts back, however none of this code can be found by the page (I've tried running the function manually via firebug's console, but it tells me it cannot find the function). Does anyone have any suggestions? Cheers, Ed. EDIT: cut down (but functional) example: Markup: <script src="/js/jquery-1.3.2.min.js"></script> <form id="form1" runat="server"> <div> <asp:ScriptManager ID="Script" runat="server" /> <asp:Button ID="Postback" runat="server" Text="Populate" OnClick="PopulatePlaceholder" /> <asp:UpdatePanel ID="UpdateMe" runat="server"> <Triggers> <asp:AsyncPostBackTrigger ControlID="Postback" EventName="Click" /> </Triggers> <ContentTemplate> <asp:Literal ID="Code" runat="server" /> <asp:PlaceHolder ID="PlaceMe" runat="server" /> </ContentTemplate> </asp:UpdatePanel> </div> </form> C#: protected void PopulatePlaceholder(object sender, EventArgs e) { Button button = new Button(); button.ID = "Push"; button.Text = "push"; button.OnClientClick = "javascript:return false;"; Code.Text = "<script type=\"text/javascript\"> function bindEvents() { $('#" + button.ClientID + "').click(function() { alert('hello'); }); } bindEvents(); </script>"; PlaceMe.Controls.Add(button); }

    Read the article

  • Simulating O_NOFOLLOW (2): Is this other approach safe?

    - by Daniel Trebbien
    As a follow-up question to this one, I thought of another approach which builds off of @caf's answer for the case where I want to append to file name and create it if it does not exist. Here is what I came up with: Create a temporary directory with mode 0700 in a system temporary directory on the same filesystem as file name. Create an empty, temporary, regular file (temp_name) in the temporary directory (only serves as placeholder). Open file name for reading only, just to create it if it does not exist. The OS may follow name if it is a symbolic link; I don't care at this point. Make a hard link to name at temp_name (overwriting the placeholder file). If the link call fails, then exit. (Maybe someone has come along and removed the file at name, who knows?) Use lstat on temp_name (now a hard link). If S_ISLNK(lst.st_mode), then exit. open temp_name for writing, append (O_WRONLY | O_APPEND). Write everything out. Close the file descriptor. unlink the hard link. Remove the temporary directory. (All of this, by the way, is for an open source project that I am working on. You can view the source of my implementation of this approach here.) Is this procedure safe against symbolic link attacks? For example, is it possible for a malicious process to ensure that the inode for name represents a regular file for the duration of the lstat check, then make the inode a symbolic link with the temp_name hard link now pointing to the new, symbolic link? I am assuming that a malicious process cannot affect temp_name.

    Read the article

  • Optimize code performance when odd/even threads are doing different things in CUDA

    - by Orion Nebula
    Hi all! I have two large vectors, I am trying to do some sort of element multiplication, where an even-numbered element in the first vector is multiplied by the next odd-numbered element in the second vector .... and where the odd-numbered element in the first vector is multiplied by the preceding even-numbered element in the second vector Ex. vector 1 is V1(1) V1(2) V1(3) V1(4) vector 2 is V2(1) V2(2) V2(3) V2(4) V1(1) * V2(2) V1(3) * V2(4) V1(2) * V2(1) V1(4) * V2(3) I have written a Cuda code to do this: (Pds has the elements of the first vector in shared memory, Nds the second Vector) //instead of using %2 .. i check for the first bit to decide if number is odd/even -- faster if ((tx & 0x0001) == 0x0000) Nds[tx+1] = Pds[tx] * Nds[tx+1]; else Nds[tx-1] = Pds[tx] * Nds[tx-1]; __syncthreads(); Is there anyway to further accelerate this code or avoid divergence ? Thanks

    Read the article

  • Simple User Access Control with CodeIgniter framework Code (ACL) Library

    - by Hafiz Arslan Akbar
    Friends, I am new User of PHP n CodeIgniter. I just want do a simple task, user access control. there are 5 different user in a class,, I have to write a code which gives just one line output for one user. for example,, by using ACL library, just pick one out put. deal with basic level... Manager , Teacher , Student , Chairperson PHP page contain one text box and button. by using ACL library we just put one code or string in textbox and get related output... some thing like this... text box contain 1, Now Manager access Control,, text box contain 2, Now Teacher Access Control,, text box contain 3, Chairperson access control.. Plz guide step by step. Thanx in advance dear.......

    Read the article

  • Call Babel .Net Obfuscator from C# Code

    - by aron
    Hello, I have a C# WinForms app that I use to create software patches for my app. In noticed that Babel .Net includes Babel.Build.dll and Babel.Code.dll Is there a way, in my C# code, I can call Babel .Net something like: ExecuteCommand(C:\Program Files\Babel\babel.exe "C:\Patch\v6\Demo\Bin\Lib.dll" --rules "C:\Patch\babelRules.xml", 600) Here's a common script to execute a CMD prompt in C#. However if I just include the Babel.Build.dll in my winform I may be able to do it seamlessly. public static int ExecuteCommand(string Command, int Timeout) { int ExitCode; ProcessStartInfo ProcessInfo; Process Process; ProcessInfo = new ProcessStartInfo("cmd.exe", "/C " + Command); ProcessInfo.CreateNoWindow = true; ProcessInfo.UseShellExecute = false; Process = Process.Start(ProcessInfo); Process.WaitForExit(Timeout); ExitCode = Process.ExitCode; Process.Close(); return ExitCode; }

    Read the article

  • .NET library for generating javascript?

    - by Rune
    Do you know of a .NET library for generating javascript code? I want to generate javascript code based on information in my .NET application. I would like to be able to create an AST-like datastructure (using C#) and have it turned into valid javascript. I need to be able to create functions, statements, expressions etc., so I need something more than a JSON serializer - but I guess you could think of this as a (very) generalized JSON serializer. Do such libraries exist and if so, could you recommend any? Thank you.

    Read the article

  • Getting a screenshot of a page using .NET - Need help with code

    - by Ender
    I'm writing a specialized crawler and parser for internal use and I require the ability to take a screenshot of a web page in order to check what colours are being used throughout. The program will take in around ten web addresses and will save them as a bitmap image, from there I plan to use LockBits in order to create a list of the five most used colours within the image. To my knowledge it's the easiest way to get the colours used within a web page but if there is an easier way to do it please chime in with your suggestions. Anyway, I was going to use this program until I saw the price tag. I'm also fairly new to C#, having only used it for a few months. Can anyone provide me with a solution to my problem of taking a screenshot of a web page in order to extract the colour scheme? EDIT: Sorry for not getting back to this sooner, but I've been busy with some other things. Anyway, the code seems to work well, but the problem I am having right now is that I am running it within a form, and naturally with Application.Run() being called I cannot run two instances of the same form at once. It recommended Form.showDialog() but that broke everything. Can anyone give me a hand with this code? public static void buildScreenshotFromURL(string url) { int width = 800; int height = 600; using (WebBrowser browser = new WebBrowser()) { browser.Width = width; browser.Height = height; browser.ScrollBarsEnabled = true; // This will be called when the page finishes loading browser.DocumentCompleted += new System.Windows.Forms.WebBrowserDocumentCompletedEventHandler(OnDocumentCompleted); //browser.DocumentCompleted += OnDocumentCompleted; browser.Navigate(url); // This prevents the application from exiting until // Application.Exit is called // Application.Run() does not work as it cannot be called twice, recommended form.showDialog() // but still issues Application.Run(); } } public static void OnDocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e) { // Define size of thumbnail neded int thumbSize = 50; // Now that the page is loaded, save it to a bitmap WebBrowser browser = (WebBrowser)sender; // Code edited from example below to make smaller bitmap and save as PNG using (Graphics graphics = browser.CreateGraphics()) { using (Bitmap bitmap = new Bitmap(browser.Width, browser.Height, graphics)) { Rectangle bounds = new Rectangle(0, 0, bitmap.Width, bitmap.Height); browser.DrawToBitmap(bitmap, bounds); Bitmap thumbBitmap = new Bitmap(bitmap.GetThumbnailImage(thumbSize, thumbSize, thumbCall, IntPtr.Zero)); thumbBitmap.Save("screenshot.png", ImageFormat.Png); handleImage(thumbBitmap); } }

    Read the article

  • Prevent change of hidden field

    - by er-v
    What if I have ChangePassword form with hidden ID field of the user. BadPerson knows id of GoodPerson. He opens Change Password form with FireBug, changes his Id to GoodPerson's Id, so password changes for GoodPerson. Of course I can create some server logic that will prevent this, but I think there should be some out of the box solution, wich throws if hidden field been changed, wich I don't know. Thank's in advance.

    Read the article

  • Post login execution

    - by Javi
    Hello, I need to do some processing only after the user has successfully logged in the system. I have thought that I can do a RESTful method and setting it as the default-target-url so when the login is successful it goes to this url and then I can redirect to the real index of my web application. <form-login login-page='/login.htm' default-target-url='/home.htm' always-use-default-target='true' /> The problem is that this processing can be executed by calling its URL so it could be executed by any user at any time. I want to make sure it is only executed after login. Is there any way to do this? Thank you very much.

    Read the article

  • How Easy Is It to Hijack Session Vars on GoDaddy (PHP)

    - by yar
    This article states that If your site is run on a shared Web server, be aware that any session variables can easily be viewed by any other users on the same server. On a larger host like GoDaddy, are there really no protections in place against this? Could it really be that easy? If it is that easy, where are the session vars of the other users on my host so I can check them out? Edit: I didn't believe it, but here's my little program which shows that this is true! I wonder if those are really the same as the value stored in the cookies on the users' machine?

    Read the article

  • OpenGL Vertex Buffer Object code giving bad output.

    - by Matthew Mitchell
    Hello. My Vertex Buffer Object code is supposed to render textures nicely but instead the textures are being rendered oddly with some triangle shapes. What happens - http://godofgod.co.uk/my_files/wrong.png What is supposed to happen - http://godofgod.co.uk/my_files/right.png This function creates the VBO and sets the vertex and texture coordinate data: extern "C" GLuint create_box_vbo(GLdouble size[2]){ GLuint vbo; glGenBuffers(1,&vbo); glBindBuffer(GL_ARRAY_BUFFER, vbo); GLsizeiptr data_size = 8*sizeof(GLdouble); GLdouble vertices[] = {0,0, 0,size[1], size[0],0, size[0],size[1]}; glBufferData(GL_ARRAY_BUFFER, data_size, vertices, GL_STATIC_DRAW); data_size = 8*sizeof(GLint); GLint textcoords[] = {0,0, 0,1, 1,0, 1,1}; glBufferData(GL_ARRAY_BUFFER, data_size, textcoords, GL_STATIC_DRAW); return vbo; } Here is some relavant code from another function which is supposed to draw the textures with the VBO. glTexParameteri(GL_TEXTURE_2D,GL_TEXTURE_WRAP_S,GL_CLAMP_TO_EDGE); glTexParameteri(GL_TEXTURE_2D,GL_TEXTURE_WRAP_T,GL_CLAMP_TO_EDGE); glMatrixMode(GL_MODELVIEW); glLoadIdentity(); glColor4d(1,1,1,a/255); glBindTexture(GL_TEXTURE_2D, texture); glTranslated(offset[0],offset[1],0); glBindBuffer(GL_ARRAY_BUFFER, vbo); glVertexPointer(2, GL_DOUBLE, 0, 0); glEnableClientState(GL_VERTEX_ARRAY); glTexCoordPointer (2, GL_INT, 0, 0); glEnableClientState(GL_TEXTURE_COORD_ARRAY); glDrawArrays(GL_TRIANGLES, 0, 3); glDrawArrays(GL_TRIANGLES, 1, 3); glDisableClientState(GL_TEXTURE_COORD_ARRAY); glDisableClientState(GL_VERTEX_ARRAY); glBindBuffer(GL_ARRAY_BUFFER, 0); I would have hoped for the code to use the first three coordinates (top-left,bottom-left,top-right) and the last three (bottom-left,top-right,bottom-right) to draw the triangles with the texture data correctly in the most efficient way. I don't see why triangles should make it more efficient but apparently that's the way to go. It, of-course, fails for some reason. I am asking what is broken but also am I going about it in the right way generally? Thank you.

    Read the article

  • Optimize code perfromance when odd/even threads are doing different things in CUDA

    - by Ashraf
    Hi all! I have two large vectors, I am trying to do some sort of element multiplication, where an even-numbered element in the first vector is multiplied by the next odd-numbered element in the second vector .... and where the odd-numbered element in the first vector is multiplied by the preceding even-numbered element in the second vector Ex. vector 1 is V1(1) V1(2) V1(3) V1(4) vector 2 is V2(1) V2(2) V2(3) V2(4) V1(1) * V2(2) V1(3) * V2(4) V1(2) * V2(1) V1(4) * V2(3) I have written a Cuda code to do this: (Pds has the elements of the first vector in shared memory, Nds the second Vector) //instead of using %2 .. i check for the first bit to decide if number is odd/even -- faster if ((tx & 0x0001) == 0x0000) Nds[tx+1] = Pds[tx] * Nds[tx+1]; else Nds[tx-1] = Pds[tx] * Nds[tx-1]; __syncthreads(); Is there anyway to further accelerate this code or avoid divergence .. Thanks

    Read the article

  • SQL Server authentication - limit access to database to only connect through application

    - by Mauro
    I have a database which users should not be able to alter data in unless they use the specific app. I know best practice is to use windows authentication however that would mean that users could then connect to the database using any other data enabled app and change values which would then not be audited. Unfortunately SQL 2008 with its inbuilt auditing is not available. Any ideas how to ensure that users cannot change anything unless its through the controlling app?

    Read the article

  • Optimal UI For Single Zip Code Entry on iPhone

    - by sylvanaar
    I need to prompt the user to enter his/her zip code at certain times in my iPhone application. I cannot store it or get it from the user's current location. What is the optimal input method? I started with a 5 wheel picker. This seemed like a bad direction, so I opted for a PIN-like entry screen. My implepentation is about the same as the 'enter passcode' screen you see when unlocking the iphone - including automatically ending input on the 5th digit instead of providing a return/enter button. Does this seem optimal? Or is there a better way? Note: I only need to accept a 5 digit US zip code.

    Read the article

  • How do I send email over SMTP with SSL using Java client?

    - by Ido
    I need to send email over smtp with ssl using java client. I'm not sure how to do that. If I have my server certificate installed on my Windows machine, how do I use it? If I want it to work on a non-Windows machine, do I need to get the certificates in a different way? BTW: If the SMTP server that I use is using SSL, can I be sure that it will send the mail to the recipient using SSL?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 300 301 302 303 304 305 306 307 308 309 310 311  | Next Page >