Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 307/3920 | < Previous Page | 303 304 305 306 307 308 309 310 311 312 313 314  | Next Page >

  • Password reset by email without a database table

    - by jpatokal
    The normal flow for resetting a user's password by mail is this: Generate a random string and store it in a database table Email string to user User clicks on link containing string String is validated against database; if it matches, user's pw is reset However, maintaining a table and expiring old strings etc seems like a bit of an unnecessary hassle. Are there any obvious flaws in this alternative approach? Generate a MD5 hash of the user's existing password Email hash string to user User clicks on link containing string String is validated by hashing existing pw again; if it matches, user's pw is reset Note that the user's password is already stored in a hashed and salted form, and I'm just hashing it once more to get a unique but repeatable string. And yes, there is one obvious "flaw": the reset link thus generated will not expire until the user changes their password (clicks the link). I don't really see why this would be a problem though -- if the mailbox is compromised, the user is screwed anyway.

    Read the article

  • Prevent query string manipulation by adding a hash?

    - by saille
    To protect a web application from query string manipulation, I was considering adding a query string parameter to every url which stores a SHA1 hash of all the other query string parameters & values, then validating against the hash on every request. Does this method provide strong protection against user manipulation of query string values? Are there any other downsides/side-effects to doing this? I am not particularly concerned about the 'ugly' urls for this private web application. Url's will still be 'bookmarkable' as the hash will always be the same for the same query string arguments. This is an ASP.NET application.

    Read the article

  • help merging perl code routines together for file processing

    - by jdamae
    I need some perl help in putting these (2) processes/code to work together. I was able to get them working individually to test, but I need help bringing them together especially with using the loop constructs. I'm not sure if I should go with foreach..anyways the code is below. Also, any best practices would be great too as I'm learning this language. Thanks for your help. Here's the process flow I am looking for: -read a directory -look for a particular file -use the file name to strip out some key information to create a newly processed file -process the input file -create the newly processed file for each input file read (if i read in 10, I create 10 new files) Sample Recs: col1,col2,col3,col4,col5 [email protected],[email protected],8,2009-09-24 21:00:46,1 [email protected],[email protected],16,2007-08-18 22:53:12,33 [email protected],[email protected],16,2007-08-18 23:41:23,33 Here's my test code: Target Filetype: `/backups/test/foo101.name.aue-foo_p002.20110124.csv` Part 1: my $target_dir = "/backups/test/"; opendir my $dh, $target_dir or die "can't opendir $target_dir: $!"; while (defined(my $file = readdir($dh))) { next if ($file =~ /^\.+$/); #Get filename attributes if ($file =~ /^foo(\d{3})\.name\.(\w{3})-foo_p(\d{1,4})\.\d+.csv$/) { print "$1\n"; print "$2\n"; print "$3\n"; } print "$file\n"; } Part 2: use strict; use Digest::MD5 qw(md5_hex); #Create new file open (NEWFILE, ">/backups/processed/foo$1.name.$2-foo_p$3.out") || die "cannot create file"; my $data = ''; my $line1 = <>; chomp $line1; my @heading = split /,/, $line1; my ($sep1, $sep2, $eorec) = ( "^A", "^E", "^D"); while (<>) { my $digest = md5_hex($data); chomp; my (@values) = split /,/; my $extra = "__mykey__$sep1$digest$sep2" ; $extra .= "$heading[$_]$sep1$values[$_]$sep2" for (0..scalar(@values)); $data .= "$extra$eorec"; print NEWFILE "$data"; } #print $data; close (NEWFILE);

    Read the article

  • Eclipse CDT printing selected C code snippets/functions

    - by Sint
    Is there a quick and dirty way to print(to dead trees) selected code (C in this case) snippets? In particular, I wanted to print about 200 lines worth of code, but print dialog only offers printing of particular pages or all pages, but not selected text! Of course, one can copy and paste into another editor, but that seems rather harsh. Also, one can output the whole shebang to .pdf but that again seems a way of doing things wrong. Perhaps there is a better way? System: Ubuntu 10.04, Eclipse 3.5 with CDT, Subversive plugin

    Read the article

  • Running a JavaScript code when a browser bookmark is clicked

    - by Arjun Vasudevan
    I've written a code that has successfully created a bookmark for any of the following browsers - IE, Firefox and Opera. function bookmark() { var title = 'Google'; var url = 'http://google.com'; if (document.all)// Check if the browser is Internet Explorer window.external.AddFavorite(url, title); else if (window.sidebar) //If the given browser is Mozilla Firefox window.sidebar.addPanel(title, url, ""); else if (window.opera && window.print) //If the given browser is Opera { var bookmark_element = document.createElement('a'); bookmark_element.setAttribute('href', url); bookmark_element.setAttribute('title', title); bookmark_element.setAttribute('rel', 'sidebar'); bookmark_element.click(); } } Now I want my bookmark to run a piece of JavaScript code instead of surfing to Google, when the user clicks on it.

    Read the article

  • eclipse gcov plugin

    - by Taani
    I am using gcov plugin in Eclipse CDT + cygwin compiler & linker to find code coverage. I installed gcov plugin from http://svn.sourceforge.jp/svnroot/ginkgo/trunk/org.ginko.gcov.update/ location and follow the below link to get coverage of my .c file. I was able to create .gcno and .gcda files. But double clicking on those files, opens the files in eclipse editor. I could not find the gcov editor. Also I couldn't see any code coverage results in my .c file. What is the wrong with my procedure?

    Read the article

  • Simple ADO.NET C# Stored Procedure Generator

    - by Ron
    I am using Visual Studio 2005, Sql Server 2005, C#, ADO.NET. We have a very large database and routinely adding new stored procedures. I am tired of writing the C# wrapper code for these stored procedures, seems like there should be some simple utility or Add In that would allow me to simply point to a stored procedure and generate some generic C# code. I am not looking for some big ORM or data access layer framework. The company I am doing this for is not interested in moving to something like that right now. Just wanting something to take the grunt work out of writing the C# wrappers around stored procedures. Again, prefer that we do not have to include in other 3rd party libraries, etc. Any ideas?

    Read the article

  • Dealing with uncertainty in ORM - Entity Framework CodeOnly

    - by Simon Fox
    This is a bit of a strange one but I've just seen something on twitter which kind of baffled me and I'm interested to know more. Rob Conery tweeted the following a couple of hours ago: Class name of the day: "Maybe<T>". Method of the day: "ToMaybe<T>()". He then went on to offer a Tekpub coupon to anyone who could guess where it came from. He linked to a further tweet which had a clue and from that I worked out that it was Entity Framework Code-Only but while trying to determine the usage someone else answered to which Rob replied ...EF CodeOnly - dealing with uncertainty.... So my question boils down to what exactly is he referring to with uncertainty and how does this fit in to Entity Framework Code-Only?

    Read the article

  • Framework for adding users/groups/permissions functionality to an application (possibly integrating

    - by vfilby
    I am looking to see if there is a good library or framework that I can use to simplify adding user/group/permission management to a .Net application (4.0 VS2010). If the framework can work on it's own or integrate with Active Directory that would be a huge bonus. So far I have found Visual Guard, if you have any experience using Visual Guard to provide user/group/permission functionality I definitely want to hear your feedback on how you liked working with it, pitfalls and benefits

    Read the article

  • From interpeted to native code: "dynamic" languages compiler support

    - by Daniel
    First, I am aware that dynamic languages is a term used mainly by a vendor; I am using it just to have a container word to include languages like Perl (a favorite of mine), Python, Tcl, Ruby, PHP and so on. They are interpreted but I am interested here to refer to languages featuring strong capability to support the programmer efficiency and the support for typical constructs of modern interpreted languages My question is: there are dynamic languages can be compiled efficiently in native executable code - typically for Windows platforms? Which ones? Maybe using some third part ad-hoc tools? I am not talking about huge executables carrying with them a full interpreter or some similar tricks nor some smart module able to include its own dependances or some required modules, but a honest, straight, standard, solid executable code. If not, there is some technical reason inhibiting the availability of such a best-of-both-world feature? Thanks! Daniel

    Read the article

  • Is this code well-defined?

    - by Nawaz
    This code is taken from a discussion going on here. someInstance.Fun(++k).Gun(10).Sun(k).Tun(); Is this code well-defined? Is ++k Fun() evaluated before k in Sun()? What if k is user-defined type, not built-in type? And in what ways the above function calls order is different from this: eat(++k);drink(10);sleep(k); As far as I can say, in both situations, there exists a sequence point after each function call. If so, then why can't the first case is also well-defined like the second one? Section 1.9.17 of the C++ ISO standard says this about sequence points and function evaluation: When calling a function (whether or not the function is inline), there is a sequence point after the evaluation of all function arguments (if any) which takes place before execution of any expressions or statements in the function body. There is also a sequence point after the copying of a returned value and before the execution of any expressions outside the function.

    Read the article

  • How does XmlSiteMapProvider check user to be in specific role?

    - by abatishchev
    I roll my own SiteMapProvider inheriting System.Web.XmlSiteMapProvider. I want to override logic of checking user to be in a role specified in siteMapNode's property roles: <siteMapNode url="Add.aspx?type=user" title="Add user" roles="admin" /> How can I do that? Which class's member does XmlSiteMapProvider call to check that if securityTrimmingEnabled="true"?

    Read the article

  • Factor Clojure code setting many different fields in a Java object

    - by chris
    How do I factor code setting many different fields in a Java object? I would like to factor (set! (. employee name) "Chris") (set! (. employee age) 100) (set! (. employee salary) 5000) to (doseq [field '((name "Chris") (age 100) (salary 5000))] (set! (. employee (first field)) (second field))) However this won't work because the period is a macro, and tries to evaluate (first field) literally. By the way, I understand that setting fields is not good practice. I need to inter-operate with legacy code.

    Read the article

  • Auto-Complete Suggestions in Source Code Editor

    - by Jim
    Hello, Most IDEs (Eclipse, Netbeans, Intelij) provide contextually smart suggestions about the current statement you're writing. We would like to do the same thing (In Java for Java). We considered tokenizing the input and building our own abstract syntax trees, but quickly realized that could be a month long project in and of its self. We also started digging through the source code for the above mentioned IDEs, but it appears (correct me if I'm wrong) that the auto-complete code is pretty tightly woven with the rest of the IDE. We're wondering if anyone knows of a relatively isolated package that we could pull into our project to provide this auto-complete functionality. Thanks!

    Read the article

  • Visual Editor vs Manual code

    - by Albinoswordfish
    I'm not sure how it is using other frameworks but this questions is strictly regarding Java swing. Is it better to use a Visual Editor to place objects or to manually code the placement of the objects onto the frame (Layout managers or null layouts)? From my experience I've had a lot of trouble using Visual editors when it comes to different screen resolutions or changing the window size. Using manual code to place objects I've found that my GUIs behave a lot better with regard to the screen size issue. However when I want to change a small part of my GUI it takes a lot more work compared to using a visual editor Just wondering what people's thoughts were on this?

    Read the article

  • How to optimize this code

    - by phenevo
    Hi I class Car it has a property: string Code and 10 other. common codes is list of strings(string[] ) cars a list of cars(Car[]) filteredListOfCars is List. for (int index = 0; index < cars.Length; index++) { Car car = cars[index]; if (commonCodes.Contains(car.Code)) { filteredListOfCars.Add(car); } } Unfortunately this piece of methodexecutes too long. I have about 50k records How can I lower execution time??

    Read the article

  • setting url in yaml file for google app engin (page not found) problem

    - by mswallace
    I am new to python and I am super excited to learn. I am building my first app on app engin and I am not totally understanding why my yaml file is not resolving to the url that I set up. here is the code handlers: - url: .* script: main.py - url: /letmein/.* script: letmein.py so if I go to http://localhost:8080/letmein/ I get a link is brooken or page not found error. here is the python code that I have in letmein.py from google.appengine.ext import webapp from google.appengine.ext.webapp import util class LetMeInHandler(webapp.RequestHandler): def get(self): self.response.out.write('letmein!') def main(): application = webapp.WSGIApplication([('/letmein/', LetMeInHandler)], debug=True) util.run_wsgi_app(application) if __name__ == '__main__': main() thanks in advance for the help!

    Read the article

  • Code crashing compiler...

    - by AndrejaKo
    Hi! I'm experimenting with a piece of C code. Can anyone tell me why is VC 9.0 with SP1 crashing for me? Oh, and the code is meant to be an example used in a discussion why something like void main (void) is evil. struct foo { int i; double d; } main (double argc, struct foo argv) { struct foo a; a.d=0; a.i=0; return a.i; } If I put return a; compiler doesn't crash.

    Read the article

  • How to securely communicate with a database using a java applet

    - by WarmWaffles
    I have been writing web applications for quite sometime in PHP with MySQL. I always stored my database connection information into a configuration variable and connected to the database that way. A client wants a java applet for their website to communicate with their database. I'm very hesitant on this because the applet is going to be public and I am not sure how I would go about storing the database connection information. I'm paranoid that someone would decompile my application or find some way to extract my database connection information and use it maliciously. Any suggestions on how to do this securely?

    Read the article

  • Multiple login locations for an online app.

    - by Goro
    Hello, I am working on a browser based application that will have many users. The catch is that every user should have their own customized login page, but the actual application is the same for everyone, and needs to be in a central location. What is the most secure way of doing this? Would it make more sense to have a copy of the application for each user, and keep the database centralized? The projected number of users is not very high, probably around 20-80. Thank you,

    Read the article

  • ASP.NET data bind two-way, bi-directional from code behind

    - by Konrad
    Hello, so for two-way (bi-directional) databinding in ASP, we do this... <asp:textbox id="txtField" runat="server" text='<%# Bind("SomeField") %>'> </asp:textbox> SomeField is located on the DataSource of the DetailsView that serves as the container for the textbox. Alternatively I could do this from code-behind (using the textbox's OnDataBinding event): protected void SomeField_OnDataBinding(object sender, EventArgs e) { ((TextBox)sender).Text = Eval("SomeField").ToString(); } However, EVAL is read-only...how can I specify Bind (two-way) from code-behind?

    Read the article

  • What are the pros and cons to keeping SQL in Stored Procs versus Code

    - by Guy
    What are the advantages/disadvantages of keeping SQL in your C# source code or in Stored Procs? I've been discussing this with a friend on an open source project that we're working on (C# ASP.NET Forum). At the moment, most of the database access is done by building the SQL inline in C# and calling to the SQL Server DB. So I'm trying to establish which, for this particular project, would be best. So far I have: Advantages for in Code: Easier to maintain - don't need to run a SQL script to update queries Easier to port to another DB - no procs to port Advantages for Stored Procs: Performance Security

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 303 304 305 306 307 308 309 310 311 312 313 314  | Next Page >