Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 308/3920 | < Previous Page | 304 305 306 307 308 309 310 311 312 313 314 315  | Next Page >

  • How to process AJAX requests more securely in PHP?

    - by animuson
    Ok, so I want to send AJAX requests to my website from my Flash games to process data, but I don't want people downloading them, decompiling them, then sending fake requests to be processed, so I'm trying to figure out the most secure way to process in the PHP files. My first idea was to use Apache's built in Authorization module to require a username and password to access the pages on a separate subdomain of my website, but then you'd have to include that username and password in the AJAX request anyway so that seems kind of pointless to even try. My current option looks pretty promising but I want to make sure it will work. Basically it just checks the IP address being sent using REMOTE_ADDR to make sure it's the IP address that my server runs on. <? $allowed = new Array("64.120.211.89", "64.120.211.90"); if (!in_array($_SERVER['REMOTE_ADDR'], $allowed)) header("HTTP/1.1 403 Forbidden"); ?> Both of those IP addresses point to my server. Things I'm worried about: 1) If I send a request from Flash/ActionScript, will that affect the IP address in any way? 2) Is it possible for malicious users to change the IP address that is being sent with REMOTE_ADDR to one of my IP addresses? Any other ways you would suggest that might be more secure?

    Read the article

  • MySQL Procedures : Standard/Best Place For Code Documentation?

    - by rlb.usa
    I'd like to put a paragraph or so for documentation on each of my MySQL procedures: date, author, purpose, etc. Is there a standard, accepted, or best place to put this kind of documentation? For example, In MSSQL, some IDE's will generate a template for you to start coding your procedure; it comes with a little place for code documentation. USE [MyDatabase] GO /****** Object: StoredProcedure [dbo].[StoreRecord] Script Date: 04/29/2010 09:21:57 ******/ SET ANSI_NULLS ON GO SET QUOTED_IDENTIFIER ON GO -- ============================================= -- Author: -- Create date: -- Description: -- ============================================= ALTER PROCEDURE [dbo].[StoreRecord] -- ... more code ...

    Read the article

  • How to document object-oriented MATLAB code?

    - by jjkparker
    I'm writing a sizable application using object-oriented MATLAB, and this has gotten me thinking about how to document the code. If this was C, I would use Doxygen. For Java, I'd use JavaDoc. Both have mostly agreed-upon standards for how class and method documentation should look and what it should contain. But what about MATLAB code? The most I've seen in TMW's own classes is a short sentence or two at the top of the class, and I can't find any topics devoted to documenting sizable MATLAB applications. So how do you document your MATLAB classes? Any particular style issues or additional tools?

    Read the article

  • Xcode: code loses syntax coloring

    - by ColorMeFamous
    I find that in various situations Objective-C code in Xcode 3.1 (Leopard) can fail to get appropriate syntax coloring after typing or lose coloring that it had. This isn't just a "refresh" issue with new custom symbols -- but affects Cocoa framework symbols as well. Sometimes CMD-a to select all text on the code page will make the coloring (re)appear, sometimes double-clicking on a line to select it will work, sometimes I have to add/delete a space in a symbol to get that symbol to (re)color. Rebuilding, or closing/reopening the project may or may not work. Is this a known issue with Xcode? For something so annoying to me, I'm not finding the plentiful discussions of it on SO and elsewhere I'd expect. And is there any command to force global syntax recoloring?

    Read the article

  • code for find out nth larget number in an array by using perl

    - by user136104
    I have written following code in perl #!/usr/bin/perl @array =(3,6,8,1,2); my $second_largest =0; my $largest = 0; for (@array) { if($_ > $largest) { $second_largest = $largest; $largest = $_; } if($_ > $second_largest && $_ < $largest) { $second_largest = $_; } } print "Second largest::".$second_largest; print "largest::".$largest; But I need a general code to find out "Nth" largest and smallest number of an array Plz help me

    Read the article

  • How can one make a web-site accessible only when someone has a dongle?

    - by Brian M. Hunt
    Suppose you want to add an extra layer of credentials on top of a SSL-encrypted login/password, but you don't want to increase complexity to the user. Is there a way to add the requirement of the possession of a dongle to web-server authentication schemes with existing cross-platform browser capabilities? In other words, to get access to the web-site, you would need a username, password, and a USB dongle that has been plugged into the client computer. The dongle would presumably do some sort of challenge/response. It'd be ideal if this dongle solution worked with Firefox automatically or with the simple addition of a plugin. Thoughts and suggestions are appreciated.

    Read the article

  • Invoke an action that is using ASP.NET MVC [Authorize] from outside the application

    - by Nate Bross
    Is this possible? I'd like to expose a URL (action) such as http://mysever/myapp/UpdateHeartbeat/. In my MVC application it looks like [Authorize] [AcceptsVerbs(HttpVerbs.Post)] public ActionResult UpdateHeartbeat() { // update date in DB to DateTime.Now } Now, in my MVC application the user has logged in via FORMS authentication and they can execute that action to their hearts content. What I want to do, is hit that URL progromatically (as part of an API that I wouldl like to build) -- is there a way I can do that without removing the [Authorize] attribute and adding username/password as parameters to the POST?

    Read the article

  • Sanitize json input to a java server

    - by morgancodes
    I'm using json to pass data between the browser and a java server. I'm using Json-lib to convert between java objects and json. I'd like to strip out susupicious looking stuff (i.e "doSomethingNasty().) from the user input while converting from json to java. I can imagine several points at which I could do this: I could examine the raw json string and strip out funny-looking stuff I could look for a way to intercept every json value on its way into the java object, and look for funny stuff there. I could traverse my new java objects immediately after reconstitution from json, look for any fields that are Strings, and stripp stuff out there. What's the best approach? Are there any technologies built for this this task that I tack tack on to what I have already?

    Read the article

  • How do you protect your software from illegal distribution?

    - by petr k.
    I am curious about how do you protect your software against cracking, hacking etc. Do you employ some kind of serial number check? Hardware keys? Do you use any third-party solutions? How do you go about solving licensing issues? (e.g. managing floating licenses) EDIT: I'm not talking any open source, but strictly commercial software distribution...

    Read the article

  • Debate: Can a HTTPS connection be hijacked with a man-in-the-middle kind of attack?

    - by Iulian Serbanoiu
    Hi, I'm wondering if the company I work for can see what I'm doing when I'm using a HTTPS connection - gmail for example. My case: I'm using gmail from work but I need to enter a password for a proxy when accesing the first web page - the password is asked inside the browser. I receive from the proxy a certificate which I must accept in order to make the Internet connection work. So the question is: Can https data exchange, between gmail and browser, be tracked? Thanks, Iulian

    Read the article

  • How did Perl gain a reputation for being a write-only language?

    - by Andrew Grimm
    How did Perl gain a reputation (deserved, undeserved, or used to be deserved, no longer so) of being a "write only language"? Was it The syntax of the language Specific features that were available in the language Specific features not being available in the language (or at least old versions of it) The kind of tasks Perl was being used for The kind of people who use Perl (people who aren't full-time programmers) Criticism from people committed to another language Something else? Background: I'd like to know if some aspects that gave Perl the reputation of being write-only also apply to other languages (specifically ruby). Disclaimer: I recognise that Perl doesn't force people to do write-only code (can any language?), and that you can write bad code in any language.

    Read the article

  • Help in debugging the string concatenation code

    - by mithun1538
    I have a code to concatenate strings. However, for some reason, the final string is not a combination of the required strings. Consider the following code : //cusEmail is of type String[] String toList = ""; for(i=0; i < cusEmail.length - 1; i++) { toList.concat(cusEmail[i]); toList.concat("; "); System.out.println(cusEmail[i]); } toList.concat(cusEmail[i]); System.out.println(toList); The first sout statement displays the strings in cusEmail[i] correctly. However, once concatenated, the second sout displays a blank / empty. Any reason for this? Am i concatenating it correctly?

    Read the article

  • Which parts of the client certificate to use when uniquely identifying users?

    - by miha
    I'm designing a system where users will be able to register and afterward authenticate with client certificates in addition to username/password authentication. The client certificates will have to be valid certificates issued by a configured list of certificate authorities and will be checked (validated) when presented. In the registration phase, I need to store part(s) of the client certificate in a user repository (DB, LDAP, whatever) so that I can map the user who authenticates with client certificate to an internal "user". One fairly obvious choice would be to use certificate fingerprint; But fingerprint itself is not enough, since collisions may occur (even though they're not probable), so we need to store additional information from the certificate. This SO question is also informative in this regard. RFC 2459 defines (4.1.2.2) that certificate serial number must be unique within a given CA. With all of this combined, I'm thinking of storing certificate serial number and certificate issuer for each registered user. Given that client certificates will be verified and valid, this should uniquely identify each client certificate. That way, even when client certificate is renewed, it would still be valid (serial number stays the same, and so does the issuer). Did I miss something?

    Read the article

  • Why doesn't this code work correctly?

    - by MisterSir
    I'm working on a website that displays galleries, using jCarousel. But no matter what I try, I can't get it to work, and I need to finish this by today. I have a very urgent schedule. My code basically takes image URLs from a database and sends them to AJAX, which passes it to jCarousel which makes the gallery. But there are a few problems: It doesn't display correctly! I can only get the last item pulled from the database, and it displays on the bottom-most row. After the item pulled from the database is displayed, the first time I click on "prev" there's no scroll effect, and the item just disappears! Only if I click on "next" 2-3 times there's a scroll effect and the item remains visible. My items are always displayed at the end of the carousel! This is urgent.. Please help me fix this. about.html: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us"> <head> <script type="text/javascript" src="jquery-1.4.4.min.js"></script> <script type="text/javascript" src="/lib/jquery.jcarousel.min.js"></script> <link rel="stylesheet" type="text/css" href="/skins/tango/skin.css" /> <!--<style type="text/css"> #wrapper { width: 700px; margin-left: auto; margin-right: auto; } #carousel { margin-top: 120px; padding-left: 120px; } #side { padding-left: 550px; position: absolute; padding-top: 120px; } #hidden { color: #FFFFFF; } </style>--> <script type="text/javascript"> jQuery.easing['BounceEaseOut'] = function(p, t, b, c, d) { if ((t/=d) < (1/2.75)) { return c*(7.5625*t*t) + b; } else if (t < (2/2.75)) { return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }; function mycarousel_initCallback(carousel) { jQuery('#mycarousel-next').bind('click', function() { carousel.next(); return false; }); jQuery('#mycarousel-prev').bind('click', function() { carousel.prev(); return false; }); }; jQuery(document).ready(function() { jQuery('#mycarousel').jcarousel({ easing: 'BounceEaseOut', wrap: "first", initCallback: mycarousel_initCallback, animation: 1000, scroll: 3, visible: 3, buttonNextHTML: null, buttonPrevHTML: null }); jQuery('#mycarousel2').jcarousel({ easing: 'BounceEaseOut', animation: 1000, wrap: "first", initCallback: mycarousel_initCallback, scroll: 3, visible: 3, buttonNextHTML: null, buttonPrevHTML: null }); jQuery('#mycarousel3').jcarousel({ easing: 'BounceEaseOut', animation: 1000, scroll: 3, wrap: "first", initCallback: mycarousel_initCallback, visible: 3, buttonNextHTML: null, buttonPrevHTML: null }); }); var prevButton = null; function getObject(b, el) { var currbutton = b; var http; var url = "about.php"; var parameters = "d=carousel&cat=" + currbutton; try { http = new XMLHttpRequest(); } catch(e) { try { http = new ActiveXObject("Msxml2.XMLHTTP"); } catch(e) { http = new ActiveXObject("Microsoft.XMLHTTP"); } } function getServer() { if (http.readyState == 4) { var i = 0; var liArr = http.responseText; var built = liArr.split(", "); var li = document.createElement("li"); var ul1 = document.getElementById("mycarousel"); var ul2 = document.getElementById("mycarousel2"); var ul3 = document.getElementById("mycarousel3"); if (el != prevButton) { prevButton = el; while (ul1.hasChildNodes() ) {ul1.removeChild(ul1.lastChild);} while (ul2.hasChildNodes() ) {ul2.removeChild(ul2.lastChild);} while (ul3.hasChildNodes() ) {ul3.removeChild(ul3.lastChild);} } else return 0; while (i < (built.length) / 3) { li.innerHTML = built[i]; ul1.appendChild(li); i++; } while (i < ((built.length) / 3)*2) { li.innerHTML = built[i]; ul2.appendChild(li); i++; } while (i < (built.length)) { li.innerHTML = built[i]; ul3.appendChild(li); i++; } } } http.open("POST", url, true); http.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); http.setRequestHeader("Content-length", parameters.length); http.setRequestHeader("Connection", "close"); http.onreadystatechange = getServer; http.send(parameters); } </script> </head> <body> <span id="hidden"> </span> <div id="wrapper"> <div id="side"> <form name="cats"> <input type="button" value="Hats" onclick="getObject('hats', this);"/><br /> <input type="button" value="Pants" onclick="getObject('pants', this);"/><br /> <input type="button" value="Shirts" onclick="getObject('shirts', this);"/><br /> </form> </div> <div id="carousel"> <ul id="mycarousel" class="jcarousel-skin-tango"> </ul> <ul id="mycarousel2" class="jcarousel-skin-tango"> </ul> <ul id="mycarousel3" class="jcarousel-skin-tango"> </ul> <input type="button" id="mycarousel-prev" value="prev" /> <input type="button" id="mycarousel-next" value="next" /> </div> </div> </body> </html> I commented the CSS because I thought it was giving me trouble, but honestly I have no idea what the hell's going on with jCarousel. about.php: <?php echo "<img width='75' height='75' src='http://static.flickr.com/66/199481236_dc98b5abb3_s.jpg' />, hi, hi, hi, hi, hi, hi, hi, hi"; ?> Also, even if there are no other items than what is displayed, I'm still able to scroll back, but not forward, assumingly because my item is always placed at the end of the carousel. I know it looks like a lot of code but it's really not! My formatting takes a lot of lines, the commented CSS takes a lot, and a lot of the code is HTML and jCarousel configuration, and there's also the BounceEasing effect which takes a few lines. There's not much actual code! So as I said, this is urgent and I need this fixed. But I can't get it to work. Please help me! Thanks for your time! EDIT: I changed the code a bit, but it still does not work. I really need help on this one!! EDIT: I added document.createElement("li"); to each while loop. Now all my items are displayed, but they are displayed vertically and not horizontally on each row. Other than that all other problems are the same. EDIT: Oh and also, in the row my image displays, only the image is there. Maybe jCarousel doesn't accept img and text, I don't know.

    Read the article

  • Is the Keychain suitable for storing general data, such as strings?

    - by cannyboy
    The Keychain seems to be used a lot for usernames and passwords, but is it a good idea to use it for other sensitive stuff (bank details, ID numbers etc), but with no password? What kind of encryption does the keychain use? The scenario I'm concerned about is a thief acquiring an iPhone (which is screen-locked) and being able to access the file system to get this info. Also, would using the Keychain involve export restrictions due to the use of encryption?

    Read the article

  • How can I prevent users from overriding the total cost in a shopping cart, when submitted as a hidde

    - by Gobi
    I'm having serious problems with accepting payments. I'm passing the total amount in a hidden field <input type="hidden" name="checkout-flow-support.merchant-checkout-flow-support.shipping-methods.flat-rate-shipping-1.price" value="129.00"/> Some of the users changed this value to 2 using firebug and submitted the form. Instead of getting $129, we only received $2. I have no idea how to proceed this anyone help me quick .

    Read the article

  • Double Negation in C++ code.

    - by Brian Gianforcaro
    I just came onto a project with a pretty huge code base. I'm mostly dealing with C++ and a lot of the code they write uses double negation for their boolean logic. if (!!variable && (!!api.lookup("some-string"))) { do_some_stuff(); } I know these guys are intelligent programmers, it's obvious they aren't doing this by accident. I'm no seasoned C++ expert, my only guess at why they are doing this is that they want to make absolutely positive that the value being evaluated is the actual boolean representation. So they negate it, then negate that again to get it back to its actual boolean value. Is this a correct? or am I missing something else? Thanks, Brian Gianforcaro

    Read the article

  • (php) how to properly 'save' info in forms completed thus far

    - by hatorade
    So i have a form that on paper is 40 pages long. I was going to take the natural sections of this form, and make separate html forms for each section, with the idea that on the first page there would be a first form, then you hit 'Continue to next section' which essentially is the 'submit' button, which moves the user to section two, etc, until they hit the last section. i am not actually storing the results of the form in a database, but rather sending an email. the idea then is to store the separate form answers (one html form per section in the real form) as arrays or objects in the session, so that if they go back to a section in the form, it repopulates the values they entered since they are stored in the session. the result would be an array in the session storing the results for each of my forms, and i have one form for each section. my question is: is it secure to temporarily store things like SSNs or driver's license numbers as session variables? why or why not?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 304 305 306 307 308 309 310 311 312 313 314 315  | Next Page >