Search Results

Search found 97980 results on 3920 pages for 'code security'.

Page 310/3920 | < Previous Page | 306 307 308 309 310 311 312 313 314 315 316 317  | Next Page >

• svn track brand new code base

  - by Fire Crow

  I'm at a company, we keep recieviing new codebases from a third party vendor. we'd like to track the changes in subversion. is there a way to replace a branch with the new code and track the changes? currently we just delete all files in the branch, and then add the new files and commit. we'd like to track the files, but I havn't found a tool that will easily deal with all the .svn directories found in subfolders. does anyone know a tool that will replace an svn directory with a new branch and create the respective modify add and delete records as if the code base was organically modified?

  Read the article

• Asp.net membership salt?

  - by chobo2

  Hi Does anyone know how Asp.net membership generates their salt key and then how they encode it(ie is it salt + password or password + salt)? I am using sha1 with my membership but I would like to recreate the same salts so the built in membership stuff could hash the stuff the same way as my stuff can. Thanks Edit 2 Never Mind I mis read it and was thinking it said bytes not bit. So I was passing in 128 bytes not 128bits. Edit I been trying to make it so this is what I have public string EncodePassword(string password, string salt) { byte[] bytes = Encoding.Unicode.GetBytes(password); byte[] src = Encoding.Unicode.GetBytes(salt); byte[] dst = new byte[src.Length + bytes.Length]; Buffer.BlockCopy(src, 0, dst, 0, src.Length); Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length); HashAlgorithm algorithm = HashAlgorithm.Create("SHA1"); byte[] inArray = algorithm.ComputeHash(dst); return Convert.ToBase64String(inArray); } private byte[] createSalt(byte[] saltSize) { byte[] saltBytes = saltSize; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetNonZeroBytes(saltBytes); return saltBytes; } So I have not tried to see if the asp.net membership will recognize this yet the hashed password looks close. I just don't know how to convert it to base64 for the salt. I did this byte[] storeSalt = createSalt(new byte[128]); string salt = Encoding.Unicode.GetString(storeSalt); string base64Salt = Convert.ToBase64String(storeSalt); int test = base64Salt.Length; Test length is 172 what is well over the 128bits so what am I doing wrong? This is what their salt looks like vkNj4EvbEPbk1HHW+K8y/A== This is what my salt looks like E9oEtqo0livLke9+csUkf2AOLzFsOvhkB/NocSQm33aySyNOphplx9yH2bgsHoEeR/aw/pMe4SkeDvNVfnemoB4PDNRUB9drFhzXOW5jypF9NQmBZaJDvJ+uK3mPXsWkEcxANn9mdRzYCEYCaVhgAZ5oQRnnT721mbFKpfc4kpI=

  Read the article

• Restrict access to a specific URL, running on IIS7 / ASP.NET

  - by frankadelic

  I am deploying a public ASP.NET website on an IIS7 web farm. The application runs on 3 web servers and is behind a firewall. We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc. /admin/somepage.aspx What is the best way to control access to this page? We need to: Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks. Should this access control be done at the (a) network level, (b) application level, etc.?

  Read the article

• Forbid developer to commit code because of making weekly build

  - by Xinwang

  Our development team (about 40 developers) has a formal build every two weeks. We have a process that in the "build day", every developers are forbiden to commit code into SVN. I don't think this is a good idea because: Build will take days (even weeks in bad time) to make and BVT. People couldn't comit code as they will, they will not work. People will comit all codes in a hurge pack, so the common is hard to write. I want know if your team has same policy, and if not how do you take this situation. Thanks

  Read the article

• My site was recently attacked. What do I do?

  - by ChrisH

  This is a first for me. One of the sites I run was recently attacked. Not at all an intelligent attack - pure brute force - hit every page and every non-page with every extension possible. Posted with garbage data to every form and tried to post to some random urls too. All tod, 16000 requests in one hour. What should I do to prevent/alert this kind of behavior? Is there a way to limit the request/hr for a given ip/client? Is there a place I should be reporting the user to? They appear to be from China and did leave what seems like a valid e-mail.

  Read the article

• Swapping data binding in code

  - by Phil J Pearson

  I have two data-bound text boxes. One is bound to a string and the other to a number. The 'default' binding is set in XAML. Under some circumstances I need to reverse the bindings at runtime (the string is usually a prefix but sometimes it's a suffix). I have the following code in my view model, called when the window is loaded: Binding stringBinding = BindingOperations.GetBinding(view.seqLeft, TextBox.TextProperty); Binding numberBinding = BindingOperations.GetBinding(view.seqRight, TextBox.TextProperty); view.seqLeft.SetBinding(TextBlock.TextProperty, numberBinding); view.seqRight.SetBinding(TextBlock.TextProperty, stringBinding); After that the code loads the properties to which the binding refers. The problem is that the 'new' binding doesn't seem to work. What have I missed? Is there a better way?

  Read the article

• 2008 Datacenter Word Automation issue

  - by Brad

  We have an application that uses word automation. It works fine under Windows XP, but does not work on our Windows Server 2008 64-bit virtual machine running on VMware ESX unless it is running as the domain administrator. Under any other account (including a local admin), Word starts, uses a lot of CPU for 40 seconds when opening a document, and then just hangs. Our application does not access anything not on the local machine, and this machine is not being used for anything else (not a domain controller, etc). I know others have posted similar issues, with the solution of creating a Desktop folder somewhere under the windows directory. We did this, and it did not solve the problem (Word did not get as far as it did before we did this though). Please don't turn this into a thread about why I am trying to do this, whether I should do this, or whether I need to. For argument sake, I don't need to do this, but understanding what privilege a local admin does not have that is needed to do this is a legitimate concern.

  Read the article

• proper Django ORM syntax to make this code work in MySQL

  - by gtujan

  I have the following django code working on an sqlite database but for some unknown reason I get a syntax error if I change the backend to MySQL...does django's ORM treat filtering differently in MySQL? def wsjson(request,imei): wstations = WS.objects.annotate(latest_wslog_date=Max('wslog__date'),latest_wslog_time=Max('wslog__time')) logs = WSLog.objects.filter(date__in=[b.latest_wslog_date for b in wstations],time__in=[b.latest_wslog_time for b in wstations],imei__exact=imei) data = serializers.serialize('json',logs) return HttpResponse(data,'application/javascript') The code basically gets the latest logs from WSlog corresponding to each record in WS and serializes it to json. Models are defined as: class WS(models.Model): name = models.CharField(max_length=20) imei = models.CharField(max_length=15) description = models.TextField() def __unicode__(self): return self.name class WSLog(models.Model): imei = models.CharField(max_length=15) date = models.DateField() time = models.TimeField() data1 = models.DecimalField(max_digits=8,decimal_places=3) data2 = models.DecimalField(max_digits=8,decimal_places=3) WS = models.ForeignKey(WS) def __unicode__(self): return self.imei

  Read the article

• Directory.CreateDirectory with permissions

  - by strakastroukas

  I would like to SET ALL permissions to True for all users of a computer, while using Directory.CreateDirectory Could you point me a point to start?

  Read the article

• How secure is my website?

  - by Doug

  As a beginning web developer, I try my best to clean up all the user inputs through checks and what not. However, today, I found out my website was hacked (I'll share their website on request) and it really made my wonder how did they do it. I'm in the process of getting my website back together. What should I do to prevent these things? Is there people I should talk to and ask how secure my website is? What can I do to to keep my website safe?

  Read the article

• Letterspacing in Eclipse code editor

  - by 1ndivisible

  Is there any way to change the letter-spacing of text in Eclipse's code editor?

  Read the article

• How should I protect against hard link attacks?

  - by Thomas

  I want to append data to a file in /tmp. If the file doesn't exist I want to create it I don't care if someone else owns the file. The data is not secret. I do not want someone to be able to race-condition this into writing somewhere else, or to another file. What is the best way to do this? Here's my thought: fd = open("/tmp/some-benchmark-data.txt", O_APPEND | O_CREAT | O_NOFOLLOW | O_WRONLY, 0644); fstat(fd, &st); if (st.st_nlink != 1) { HARD LINK ATTACK! } What's the right way? Besides not using a world-writable directory.

  Read the article

• What are some general best practices for input validation?

  - by austin cheney

  What are some best pratices associated with use of IRIs to prevent character missrepresentation, spoofing, or character injection?

  Read the article

• Sharing code between sqlite-net and servicestack ormlite?

  - by lanks

  I am using sqlite-net to store data on my MonoDroid mobile application. I am wanting to sync this data with a server side service as well. Would it be possible to share the code for my Entity objects between sqlite-net and Servicestacks ormlite? The main difference between the two that I can see is declaring the "using namespace" statements at the top of the class for the object. Is it possible to detect the platform and set the using statements based on the platform? The other difference would be referencing the different dlls for servicestack so I suppose on the mobile app it would not compile if there are references to the servicestack namespaces... What would a good approach be to achieve sharing of this code?

  Read the article

• How to block non-browser clients from submitting a request?

  - by Thomas Kohl

  I want to block non-browser clients from accessing certain pages / successfully making a request. The website content is served to authenticated users. What happens is that our user gives his credentials to our website to 3rd party - it can be another website or a mobile application - that performs requests on his behalf. Say there is a form that the user fills out and sends a message. Can I protect this form so that the server processing the submission can tell whether the user has submitted it directly from the browser or not? I don't want to use CAPTCHA for usability reasons. Can I do it with some javascript?

  Read the article

• anyone know of a custom membership provider implementation that check password strength against in-b

  - by ronaldwidha

  I've got an Asp.net MVC app and before being able to go live, the IT have requested for us to comply with their password policy. The flexibility of AspnetSqlMembershipProvider doesn’t quite satisfy the requirement. The password strength and length rules are as follows: one lowercase one Uppercase one number and or special character 8 characters in length so far, aspnetsqlmembershipprovider is good... Not allowed to use: Dictionary words Names, real or fictional Plain language phrases Dates Telephone numbers Car registration numbers User IDs Postal codes Organization name Only the first 4 criteria are satisfied by the aspnetsqlmembershipprovider. Do you know of any third party products that offers this functionality (preferably in the form of a custom membership provider)?

  Read the article

• Is it dangerous to store user-enterable text into a hidden form via javascript?

  - by KallDrexx

  In my asp.net MVC application I am using in place editors to allow users to edit fields without having a standard form view. Unfortunately, since I am using Linq to Sql combined with my data mapping layer I cannot just update one field at a time and instead need to send all fields over at once. So the solution I came up with was to store all my model fields into hidden fields, and provide span tags that contain the visible data (these span tags become editable due to my jquery plugin). When a user triggers a save of their edits of a field, jquery then takes their value and places it in the hidden form, and sends the whole form to the server to commit via ajax. When the data goes into the hidden field originally (page load) and into the span tags the data is properly encoded, but upon the user changing the data in the contenteditable span field, I just run $("#hiddenfield").val($("#spanfield").html(); Am I opening any holes this method? Obviously the server also properly encodes stuff prior to database entry.

  Read the article

• CSRF protection and cross site form access

  - by fl00r

  Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?

  Read the article

• how to speed up the code??

  - by kaushik

  in my program i have a method which requires about 4 files to be open each time it is called,as i require to take some data.all this data from the file i have been storing in list for manupalation. I approximatily need to call this method about 10,000 times.which is making my program very slow? any method for handling this files in a better ways and is storing the whole data in list time consuming what is better alternatives for list? I can give some code,but my previous question was closed as that only confused everyone as it is a part of big program and need to be explained completely to understand,so i am not giving any code,please suggest ways thinking this as a general question... thanks in advance

  Read the article

• Encrypt URL in asp.net

  - by Zerotoinfinite

  Hi All, My site is in asp.net 3.5 and C#. I am sending link to my user through mail, now I want to send each user a specific URL. so instead of sending the clear text I want to send link with encrypted string URL, which I will decrypt on my home page. Like instead of www.mysite.aspx\mypage?userId=12 i'll send www.mysite.aspx\mypage?UserId=)@kasd12 and the same i'll decrypt on my page so that I'll get the userId = 12. Please let me know if my approach is correct and not and how can I encrypt & decrypt the string in simplest and easier manner. Thanks in advance.

  Read the article

• NSImage different size in code different shown by Finder/Preview

  - by krasnyk

  I have a couple of images that i use in my application(one of them is attached). The strange thing is that the real image size(shown by finder and preview) is 1200x701 px. When I access image from the code and as for its size, I get 360x210px. What is going on? Code I'm using to get the size of the image: NSImage *newImg = [[NSImage alloc] initWithContentsOfURL: [NSURL URLFromPasteboard:[sender draggingPasteboard]]]; float h = [newImg size].height; //height is 210px - should be 701px float w = [newImg size].width; //width is 320px - should be 1200px The content of the newImg is the same image that has been pointed and loaded - I display it in the NSImageView anyway so I see. Just the size taken with -size is wrong. This is the image:

  Read the article

• How do API Keys and Secret Keys work?

  - by viatropos

  I am just starting to think about how api keys and secret keys work. Just 2 days ago I signed up for Amazon S3 and installed the S3Fox Plugin. They asked me for both my Access Key and Secret Access Key, both of which require me to login to access. So I'm wondering, if they're asking me for my secret key, they must be storing it somewhere right? Isn't that basically the same thing as asking me for my credit card numbers or password and storing that in their own database? How are secret keys and api keys supposed to work? How secret do they need to be? Are these applications that use the secret keys storing it somehow? Thanks for the insight.

  Read the article

• Integrating 3rd-party forum software to member-based website

  - by john

  When using some existing forum software in a larger web-site, how easy is it to: 1)Make your site's login functionality log the user into the forum 2)Make your site's registration functionality create forum login data I suppose in a way it might be easier to ONLY use the forum's database for maintaining users, but that means trusting it with sensitive data. I'm planning an integration between an existing bespoke desktop app and a new bespoke web-site which should include forums. I don't know which forums will be used but I know the new web functionality won't be PHP-based. I figure that's not a big deal but I'm wondering if forums typically allow configuration of where they look for login data, to avoid duplicating this data into my DB and the forum DB.

  Read the article

• Placement of a call to the parent method

  - by Alejandro

  I have a class that has a method. That class has a child class that overrides that method. The child's method has to call the parent's method. In all OO that I've seen or written calls to the parent's version of the same method were on the first line of the method. On a project that I am working on circumstances call for placing that method call at the end of a method. Should I be worried? Is that a code smell? Is this code inherently bad? class Parent { function work() { // stuff } } class Child { function work() { // do thing 1 // do thing 2 parent::work(); // is this a bad practice? // should I call the parent's work() method before // I do anything in this method? } }

  Read the article

• Newbie PHP coding problem: header function (maybe, I need someone to check my code)

  - by Haskella

  Hi, consider the following PHP code: <?php $searchsport = $_REQUEST['sport']; $sportarray = array( "Football" => "Fb01", "Cricket" => "ck32", "Tennis" => "Tn43", ); header("Location: ".$sportarray[$searchsport].".html"); //directs user to the corresponding page they searched if ($searchsport == NULL) { header("Location: youtypednothing.html"); //directs user to a page I've set up to warn them if they've entered nothing } else { header("Location: sportdoesnotexist.html"); //if sport isn't in my root, a warning will appear } ?> I think the code comments are self-explanatory, basically when I type Tennis on my form.html it will send data to this php file and process and direct me to Tn43.html which is my tennis page. Unfortunately, it doesn't work and I really want to know why... (I know I've made some huge silly mistake). PS: Is header the right function to use when doing some redirecting?

  Read the article

< Previous Page | 306 307 308 309 310 311 312 313 314 315 316 317  | Next Page >