Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 309/3920 | < Previous Page | 305 306 307 308 309 310 311 312 313 314 315 316  | Next Page >

  • How to lock non-browser clients from submitting a request?

    - by Thomas Kohl
    I want to block non-browser clients from accessing certain pages / successfully making a request. The website content is served to authenticated users. What happens is that our user gives his credentials to our website to 3rd party - it can be another website or a mobile application - that performs requests on his behalf. Say there is a form that the user fills out and sends a message. Can I protect this form so that the server processing the submission can tell whether the user has submitted it directly from the browser or not? I don't want to use CAPTCHA for usability reasons. Can I do it with some javascript?

    Read the article

  • Can this be improved? Scrubbing of dangerous html tags.

    - by chobo2
    I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); } Edit 2 people have suggested whitelisting. I actually like the idea of whitelisting but never actually did it because no one can actually tell me how to do it in C# and I can't even really find tutorials for how to do it in c#(the last time I looked. I will check it out again). How do you make a white list? Is it just a list collection? How do you actual parse out all html tags, script tags and every other tag? Once you have the tags how do you determine which ones are allowed? Compare them to you list collection? But what happens if the content is coming in and has like 100 tags and you have 50 allowed. You got to compare each of those 100 tag by 50 allowed tags. Thats quite a bit to go through and could be slow. Once you found a invalid tag how do you remove it? I don't really want to reject a whole set of text if one tag was found to be invalid. I rather remove and insert the rest. Should I be using html agility pack?

    Read the article

  • standard encryption decryption across different platforms

    - by Raj
    hey guys i need to implement a standard encryption decryption logic across an entire project platform which has different clients implemented using different platforms as follows: 1) iphone app (objectiv c) 2) website (classic asp) 3) webservice (asp.net) the iphone app as well as the website need to send info to webservice using encrypted query strings the web service then decrypts this and processes the info further wanted to know the simplest way to achieve this. is there some free and ready to use binary available with an easy to use api to achieve this? encryption needs to be as secure as possible thnx in advance

    Read the article

  • Optimal password salt length

    - by Juliusz Gonera
    I tried to find the answer to this question on Stack Overflow without any success. Let's say I store passwords using SHA-1 hash (so it's 160 bits) and let's assume that SHA-1 is enough for my application. How long should be the salt used to generated password's hash? The only answer I found was that there's no point in making it longer than the hash itself (160 bits in this case) which sounds logical, but should I make it that long? E.g. Ubuntu uses 8-byte salt with SHA-512 (I guess), so would 8 bytes be enough for SHA-1 too or maybe it would be too much?

    Read the article

  • Pros and Cons of Java HTML to XML cleaners

    - by cjavapro
    I am looking to allow HTML emails (and other HTML uploads) without letting in scripts and stuff. I plan to have a white list of safe tags and attributes as well as a whitelist of CSS tags and value regexes (to prevent automatic return receipt). I asked a question: Parse a badly formatted XML document (like an HTML file) I found there are many many ways to do this. Some systems have built in sanitizers (which I don't care so much about). I will post some answers and say Community Wiki. Please post any other options you like and say Community Wiki so they can be voted on. Also any comments or wiki edits on what part of a certain product is better and what is not would be greatly appreciated. This page is a very nice listing page but I get kinda lost http://java-source.net/open-source/html-parsers

    Read the article

  • "Dealing with uncertainty" - Entity Framework CodeOnly

    - by Simon Fox
    This is a bit of a strange one but I've just seen something on twitter which kind of baffled me and I'm interested to know more. Rob Conery tweeted the following a couple of hours ago: Class name of the day: "Maybe<T>". Method of the day: "ToMaybe<T>()". He then went on to offer a Tekpub coupon to anyone who could guess where it came from. He linked to a further tweet which had a clue and from that I worked out that it was Entity Framework Code-Only but while trying to determine the usage someone else answered to which Rob replied ...EF CodeOnly - dealing with uncertainty.... So my question boils down to what exactly is he referring to with uncertainty and how does this fit in to Entity Framework Code-Only?

    Read the article

  • Asp.net membership salt?

    - by chobo2
    Hi Does anyone know how Asp.net membership generates their salt key and then how they encode it(ie is it salt + password or password + salt)? I am using sha1 with my membership but I would like to recreate the same salts so the built in membership stuff could hash the stuff the same way as my stuff can. Thanks Edit 2 Never Mind I mis read it and was thinking it said bytes not bit. So I was passing in 128 bytes not 128bits. Edit I been trying to make it so this is what I have public string EncodePassword(string password, string salt) { byte[] bytes = Encoding.Unicode.GetBytes(password); byte[] src = Encoding.Unicode.GetBytes(salt); byte[] dst = new byte[src.Length + bytes.Length]; Buffer.BlockCopy(src, 0, dst, 0, src.Length); Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length); HashAlgorithm algorithm = HashAlgorithm.Create("SHA1"); byte[] inArray = algorithm.ComputeHash(dst); return Convert.ToBase64String(inArray); } private byte[] createSalt(byte[] saltSize) { byte[] saltBytes = saltSize; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetNonZeroBytes(saltBytes); return saltBytes; } So I have not tried to see if the asp.net membership will recognize this yet the hashed password looks close. I just don't know how to convert it to base64 for the salt. I did this byte[] storeSalt = createSalt(new byte[128]); string salt = Encoding.Unicode.GetString(storeSalt); string base64Salt = Convert.ToBase64String(storeSalt); int test = base64Salt.Length; Test length is 172 what is well over the 128bits so what am I doing wrong? This is what their salt looks like vkNj4EvbEPbk1HHW+K8y/A== This is what my salt looks like E9oEtqo0livLke9+csUkf2AOLzFsOvhkB/NocSQm33aySyNOphplx9yH2bgsHoEeR/aw/pMe4SkeDvNVfnemoB4PDNRUB9drFhzXOW5jypF9NQmBZaJDvJ+uK3mPXsWkEcxANn9mdRzYCEYCaVhgAZ5oQRnnT721mbFKpfc4kpI=

    Read the article

  • Conversion of VB Code to Delphi

    - by Bharat
    Hi, While searching in the net i got few lines of code in VB for extracting an image from EMF File. I tried to convert that into Delphi but doesnt work. Help me in converting this code to delphi. Public Function CallBack_ENumMetafile(ByVal hdc As Long, _ ByVal lpHtable As Long, _ ByVal lpMFR As Long, _ ByVal nObj As Long, _ ByVal lpClientData As Long) As Long Dim PEnhEMR As EMR Dim PEnhStrecthDiBits As EMRSTRETCHDIBITS Dim tmpDc As Long Dim hBitmap As Long Dim lRet As Long Dim BITMAPINFO As BITMAPINFO Dim pBitsMem As Long Dim pBitmapInfo As Long Static RecordCount As Long lRet = PlayEnhMetaFileRecord(hdc, ByVal lpHtable, ByVal lpMFR, ByVal nObj) RecordCount = RecordCount + 1 CopyMemory PEnhEMR, ByVal lpMFR, Len(PEnhEMR) Select Case PEnhEMR.iType Case 1 'header RecordCount = 1 Case EMR_STRETCHDIBITS CopyMemory PEnhStrecthDiBits, ByVal lpMFR, Len(PEnhStrecthDiBits) pBitmapInfo = lpMFR + PEnhStrecthDiBits.offBmiSrc CopyMemory BITMAPINFO, ByVal pBitmapInfo, Len(BITMAPINFO) pBitsMem = lpMFR + PEnhStrecthDiBits.offBitsSrc tmpDc = CreateDC("DISPLAY", vbNullString, vbNullString, ByVal 0&) hBitmap = CreateDIBitmap(tmpDc, _ BITMAPINFO.bmiHeader, _ CBM_INIT, _ ByVal pBitsMem, _ BITMAPINFO, _ DIB_RGB_COLORS) lRet = DeleteDC(tmpDc) End Select CallBack_ENumMetafile = True End Function

    Read the article

  • How to securely pass credit card information between pages in PHP

    - by Alex
    How do you securely pass credit card information between pages in PHP? I am building an ecommerce application and I would like to have the users to go through the checkout like this: Enter Information - Review - Finalize Order Problem is that I am not sure on how to safely pass credit information from when the user inputs them to when I process it (at the Finalize Order step). I heard using sessions is insecure, even with encryption. Any help would be appreciated!

    Read the article

  • How to write a Compiler in C for C

    - by Kerb_z
    I want to write a Compiler for C. This is a Project for my College i am doing as per my University. I am an intermediate programmer in C, with understanding of Data Structures. Now i know a Compiler has the following parts: 1. Lexer 2. Parser 3. Intermediate Code Generator 4. Optimizer 5. Code Generator I want to begin with the Lexer part and move on to Parser. I am consulting the following book: Compilers: Principles, Techniques, and Tools by Alfred V. Aho, Ravi Sethi, Jeffrey D. Ullman. The thing is that this book is highly theoretical and perplexing to me. I really appreciate the authors. But the point is i am not able to begin my project, as if i am blinded where to go. Need guidance please help.

    Read the article

  • Will client JVM for a web service(https) throw an SSL Exception when the server is having a valid ce

    - by ring bearer
    I have a web service deployed on tomcat hosted on a remote server. I have set it up such that it can be accessed only via HTTPS. For this, I generated a Certificate Signing Request (CSR) and used it to get a temporary certificate from VeriSign. My web service client is on my local machine. If I try to access the service it will throw a javax.net.ssl.SSLHandshakeException:unable to find valid certification path to requested target If I install the certificate in to local Java's keystore, the issue will be resolved. My question is if I install a valid SSL certificate from a CA in to my tomcat server, will I get this client-side error even if I do not import the certificate to local key store?

    Read the article

  • The difference between the 'Local System' account and the 'Network Service' account?

    - by jmatthias
    I have written a Windows service that spawns a separate process. This process creates a COM object. If the service runs under the 'Local System' account everything works fine, but if the service runs under the 'Network Service' account, the external process starts up but it fails to create the COM object. The error returned from the COM object creation is not a standard COM error (I think it's specific to the COM object being created). So, how do I determine how the two accounts, 'Local System' and 'Network Service' differ? These built-in accounts seem very mysterious and nobody seems to know much about them.

    Read the article

  • IntelliJ doesn't seem to pickup certain sbt libraries, no code completion

    - by Blankman
    I am using sbt console in my terminal to compile my scala/play project. I am using intellij to edit my source code, basically using it just for getting some code completion and navigation etc. For some reason certain libraries don't seem to load correctly. For example, I added elastic search to my Dependancies.scala file, reloaded sbt and everything compiles fine but for some reason IntelliJ doesn't pickup the jars correctly i.e. they are in red and there is no syntax completion. How can I fix this? I tried shutting intellij down and restarting it but the problem remains. I am using Intelli 13.1.3 (ultimate)

    Read the article

  • IIS7 integrated mode closing token between requests

    - by user607287
    We are migrating to IIS7 integrated mode and have come across an issue. We authenticate using WindowsAuthentication but then store a reference to the WindowsPrincipal so that on future requests we can authorize as needed against AD. In IIS 7 Integrated mode, the token is being closed (between requests) so that when we try to run IsInRole it generates a disposed exception. Is there a way to cache this token or change our use of WindowsPrincipal so that we don't need to make successive AD requests to get it for each authorization request? Here is the exception being thrown from WindowsPrincipal.IsInRole("") - System.ObjectDisposedException: {"Safe handle has been closed"} Thanks.

    Read the article

  • MSIL code problem

    - by Thomas
    Hi all, I am trying to modiate an assembly (mine) just by ildassembling it and by modifying the MSIL code. I just want to pop a MessageBox. Here is my code : .module extern Fusion.dll .module extern kernel32.dll .module extern advapi32.dll .module extern aspnet_state.exe .module extern webengine.dll .module extern aspnet_wp.exe .module extern mscorwks.dll .module extern ole32.dll .module extern mscoree.dll .module extern Netapi32.dll .assembly extern mscorlib { ... ... IL_0052: ldstr "ahahahahahah" IL_0057: callvirt instance [mscorlib]System.Windows.Forms.MessageBox::Show(string) IL_005c: ldloc.0 IL_005d: ret } // end of method ... I have no error, but the MessageBox does not appear :\ Thanks for helping !

    Read the article

  • Safe executing shell scripts; escaping vars before execution.

    - by Kirzilla
    Hello, Let's imagine that we have a simple php script that should get ssh_host, ssh_username, ssh_port from $_GET array and try to connect using this parameters to SSH. $port = escapeshellcmd($_GET['ssh_port']); $host = escapeshellcmd($_GET['ssh_host']); $username = escapeshellcmd($_GET['ssh_username']); $answer = shell_exec("ssh -p " . $port . " " . $user . "@" . $host); Is escapeshellcmd() enough or I need something more tricky? Or maybe I should use escapeshellarg() in this example? Thank you.

    Read the article

  • proper Django ORM syntax to make this code work in MySQL

    - by gtujan
    I have the following django code working on an sqlite database but for some unknown reason I get a syntax error if I change the backend to MySQL...does django's ORM treat filtering differently in MySQL? def wsjson(request,imei): wstations = WS.objects.annotate(latest_wslog_date=Max('wslog__date'),latest_wslog_time=Max('wslog__time')) logs = WSLog.objects.filter(date__in=[b.latest_wslog_date for b in wstations],time__in=[b.latest_wslog_time for b in wstations],imei__exact=imei) data = serializers.serialize('json',logs) return HttpResponse(data,'application/javascript') The code basically gets the latest logs from WSlog corresponding to each record in WS and serializes it to json. Models are defined as: class WS(models.Model): name = models.CharField(max_length=20) imei = models.CharField(max_length=15) description = models.TextField() def __unicode__(self): return self.name class WSLog(models.Model): imei = models.CharField(max_length=15) date = models.DateField() time = models.TimeField() data1 = models.DecimalField(max_digits=8,decimal_places=3) data2 = models.DecimalField(max_digits=8,decimal_places=3) WS = models.ForeignKey(WS) def __unicode__(self): return self.imei

    Read the article

  • Sharing code between sqlite-net and servicestack ormlite?

    - by lanks
    I am using sqlite-net to store data on my MonoDroid mobile application. I am wanting to sync this data with a server side service as well. Would it be possible to share the code for my Entity objects between sqlite-net and Servicestacks ormlite? The main difference between the two that I can see is declaring the "using namespace" statements at the top of the class for the object. Is it possible to detect the platform and set the using statements based on the platform? The other difference would be referencing the different dlls for servicestack so I suppose on the mobile app it would not compile if there are references to the servicestack namespaces... What would a good approach be to achieve sharing of this code?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 305 306 307 308 309 310 311 312 313 314 315 316  | Next Page >