Search Results

Search found 90601 results on 3625 pages for 'user friendly'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 310/3625 | < Previous Page | 306 307 308 309 310 311 312 313 314 315 316 317  | Next Page >

  • Am I under risk of CSRF attacks in a POST form that doesn't require the user to be logged in?

    - by Monika Sulik
    I'm probably being a total noob here, but I'm still uncertain about what a CSRF (Cross-Site Request Forgery) attack is exactly. So lets look at three situations... 1) I have a POST form that I use to edit data on my site. I want this data to be edited only by users that are logged in. 2) I have a site, which can be used by both users who are logged in as well as guests. Parts of the site are for logged in users only, but there are also POST forms that can be used by all users - anonymous and not (for example a standard contact form). Should the contact form be safeguarded against CSRF attacks? 3) I have a site which doesn't have an authentication system at all (well, perhaps that's unrealistic, so lets say it has an admin site which is separate from the rest of it and the admin part is properly safeguarded). The main part of the site is only used by anonymous users. Do the POST forms on it need to be safeguarded? In the case of 1) the answer is clearly yes. But in the case of 2 and 3 I don't know (and is the difference between 2 and 3 even significant?).

    Read the article

  • In TFS, is there a maximum amount of workspaces which can be used for a user?

    - by Gerrie Schenck
    I'm currently in the process of creating a bunch of new build scripts for our platform. Things went okay until I encountered the following error: D:\TFS\WorkingDir\BuildType\TFSBuild.proj(173,5): error MSB4018: Microsoft.TeamFoundation.VersionControl.Client.WorkspaceNotFoundException: TF14061: The workspace BUILDMACHINENAME_9;BUILDMACHINENAME\TFSService does not exist. When I take a look at the list of workspaces (with Team Foundation Sidekicks) I see there are a bunch of BUILDMACHINENAME_xxx workspaces, where xxx is a number ranging from 1 to 8. What I'm thinking is that TFS reaches some kind of limit (10 probably) of the amount of workspaces it can create for a certain owner, and thus fails to create a workspace for the build automatically. Can this be the case? Anyone else encountered this?

    Read the article

  • Apps management dashboard: what features should be in it?

    - by Christophe
    On a dashboard to manage business web apps (CRM, email marketing, collaboration, accounting...) from a single place which features should be a must have and nice to have? Those that come to mind are SSO, unified billing, users provisioning. What else? What should be available to the super user (admin) vs the business user? Do you know any products of this kind in the market today? Thanks Christophe GetApp.com

    Read the article

  • Not sure about ACL permissions

    - by Darko Miletic
    I'm writing up something about ACL usage on CentOS but since I still do not have a box ready I would like to ask something. Let us assume we have a folder /var/www/test If I do this in terms of permissions: /bin/chown -R root:root /var/www/test/ /bin/chmod -R u=rwx,go= /var/www/test/ /usr/bin/setfacl -R -m u:apache:rwx /var/www/test/ Will user apache be able to change owner of folder test or of any particular file within that folder? If answer is yes shall I than use group instead of user?

    Read the article

  • A method to change effective user id of a running program?

    - by Brendan Long
    I'm writing a simple package manager and I'd like to automatically try sudo if the program isn't run as root. I found a function called seteuid, which looks likes it's exactly what I need, but I don't have the permissions to run it. So far all I can think of is a bash script to check before they get to the actual binary, but I'd like to do this all as C++ if possible. Is there any method of changing a processes's euid after it starts executing? Or a way to call sudo?

    Read the article

  • Using Office 2003 normal.dot in Office 2010?

    - by TJ
    I have a user who I have upgraded from office 2003 to Office 2010. This user relies on his custom auto correct that he built into his normal.dot file for Word 2003. He would not like to have to reenter all 200 of his auto corrects. How can I convert his old Normal.dot file with auto corrects to the new Normal.dot for Office 2010?

    Read the article

  • What's the most accurate way to determine user geolocation in the browser?

    - by Crashalot
    I found a few examples suggesting Google AJAX APIs. This link typifies the advice I have found so far: http://briancray.com/2009/05/29/find-web-visitors-location-javascript-google-api/ However, the location is often wrong with the Google APIs. Other sites seem to know exactly which city I'm in, though, without me entering any information. Suggestions? Is there something cross-browser (ignoring IE6) and reliable?

    Read the article

  • Insert record in Linq to Sql

    - by Anders Svensson
    Is this the easiest way to insert a record with Linq to Sql when there's a many-to-many relationship, or is there a better/cleaner way? I wasn't sure why things weren't working at first, but when I added a second SubmitChanges() it worked. Why was this necessary? Would be grateful if someone could clarify this a bit! private void InsertNew() { UserPageDBDataContext context = new UserPageDBDataContext(); User user = new User(); ManyToMany.Model.Page page = new ManyToMany.Model.Page(); user.Name = "Madde Andersson"; page.Url = "anderscom/references"; context.Users.InsertOnSubmit(user); context.Pages.InsertOnSubmit(page); context.SubmitChanges(); UserPage userPage = new UserPage(); userPage.UserID = user.UserID; userPage.PageID = page.PageID; user.UserPages.Add(userPage); context.SubmitChanges(); }

    Read the article

  • How to save http referer in rails

    - by TenJack
    I'm trying to save the site that a user came from when they sign up. Right now I have a before_filter in my ApplicationController: before_filter :save_referer def save_referer unless is_logged_in? session['referer'] = request.env["HTTP_REFERER"] unless session['referer'] end end Then when a user is created, it checks this session variable and sets it to nil. Sometimes this does not work and I'm worried there might be some unintended things happening with using session like this. Does anyone have a better way? Or some input perhaps? EDIT: This is the logic I am using to save the referer: def create @user = User.new(params[:user]) if @user.save_with(session[:referer]) .... end User def save_with(referer) self.referer = referer unless referer == "null" self.save end Is there any reason why this should not work?

    Read the article

  • Access current_user in model

    - by LearnRails
    I have 3 tables items (columns are: name , type) history(columns are: date, username, item_id) user(username, password) When a user say "ABC" logs in and creates a new item, a history record gets created with the following after_create filter. How to assign this username ‘ABC’ to the username field in history table through this filter. class Item < ActiveRecord::Base has_many :histories after_create :update_history def update_history histories.create(:date=Time.now, username= ?) end My login method in session_controller def login if request.post? user=User.authenticate(params[:username]) if user session[:user_id] =user.id redirect_to( :action='home') flash[:message] = "Successfully logged in " else flash[:notice] = "Incorrect user/password combination" redirect_to(:action="login") end end end I am not using any authentication plugin. I would appreciate if someone could tell me how to achieve this without using plugin(like userstamp etc.) if possible.

    Read the article

  • Is it possible to pop open the upload file dialog without requiring the user to press Browse?

    - by superjoe30
    I think I've seen Gmail do it in Chrome or Internet Explorer, but I've never seen it in Firefox. I thought I'd ask anyways. Is it possible to do a file upload without requiring an <input type="file" />? I see that you can use iframes to automatically submit the file input, so my question is Can you programmatically pop up a file upload dialog? If so, what browsers is it supported on?

    Read the article

  • can some hacker steal the cookie from a user and login with that name on the web site ?

    - by Aristos
    Reading this question different users get the same cookie value in aspxanonymous and search for a solution, I start thinking, if it is possible for some one to really steal the cookie with some way, and then place it on his browser and login lets say as administrator. Do you know how form authentication can ensure that even if the cookie is stoled, the hacker not actual login using it ? Or do you know any other automatic defense mechanism ? Thank you in advanced.

    Read the article

  • How can I run a user script before any inline scripts run on a webpage?

    - by Telanor
    I want to make a greasemonkey type script for firefox that runs before the scripts on the page. Greasemonkey scripts run after scripts on the page, so that won't work. The reason I need this is because I want to edit one of the scripts on the page. Specifically, I want to delete a script that forces the page to load inside a frame since having the page inside a frame breaks F5 (Pressing F5 makes the page jump back to the front page instead of reloading the current page). Also, I don't want to load the page through a proxy with AJAX and switching to chrome/opera is not an option either. I was thinking maybe the Jetpack add-on would work but it seems to only have the same event that greasemonkey uses, DOMContentLoaded. Any ideas?

    Read the article

  • using the window object for accessing global user defined objects and using text within html for cre

    - by timpone
    I don't do very much jquery / javascript but wanted to ask for some advice on the following piece. I have tried to cut out as much as possible. Most of this was semi-inherited code with catching a bunch of events just hardcoded in. I'd like to generalized them more by putting the object name in the html and accessing via jquery on processing (by_date, by_popularity). I retriev as string and access the object via window[current_obj]. Is this a good way to do this or am I missing something? Are there preferable ways to introduce specificity. thanks for any advice. <script> var by_date={}; by_date.current_page=1; by_date.per_page=4; var by_popularity={}; by_popularity.current_page=1; by_popularity.per_page=4; $(function(){ $('.previous.active').live('click',function(){ window[current_obj].current_page--; process(window[current_obj]); }); }); function process(game_obj){ //will process and output new items here } </script> <div class="otherContainer"> <a class='previous active'>Prev</a><div style="display:none;">by_date</div> | <a class='next'>Next</a><div style="display:none;">by_date</div> </div> <div class="topPrevNextContainer"> <a class='previous active'>Prev</a><div style="display:none;">by_popularity</div> | <a class='next'>Next</a><div style="display:none;">by_popularity</div> </div>

    Read the article

  • May I open my own device driver twice simultanoiusly from a user program under Linux?

    - by Viktor Gyuris
    Somewhere I read that opening the same file twice has an undefined semantics and should be avoided. In my situation I would like to open my own device multiple times associating multiple file descriptors to it. The file operations of my device are all safe. Is there some part of Linux between the sys call open() and the point it calls the registered file operation .open() that is unsafe?

    Read the article

  • Drupal, mysql server settings

    - by Patrick
    hi, I've a problem to configure database settings in Drupal. I will propose here some sample data: Database Mysql: Database: databaseName User: user Password: password Server: server.com Server Choice: mysqldb2 (in phpmyadmin I have this option and I can choose between mysqldb1 and mysqldb2 to access to the mysql server) The error message I get is: The mysql error was: Access denied for user: 'user@localhost' (Using password: YES). I've tried the following lines in settings.php but I always get the same error message: $db_url = 'mysql://user:password@localhost/databaseName'; $db_url = 'mysql://user:password@localhost/databaseName/mysqldb2'; The user and password work in phpmyadmin so I'm sure they are correct. thanks

    Read the article

  • Is Rails default CSRF protection insecure

    - by schickb
    By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

    Read the article

  • What is the best practices for checking if the user of a Python script has root-like privileges?

    - by Paul Hoffman
    I have a Python script that will be doing a lot of things that would require root-level privileges, such as moving files in /etc, installing with apt-get, and so on. I currently have: if os.geteuid() != 0: exit("You need to have root privileges to run this script.\nPlease try again, this time using 'sudo'. Exiting.") Is this the best way to do the check? Are there other best practices?

    Read the article

  • How to free member (i.e BSTR, SAFEARRAY, VARIANT) of an IDL User Defined Structure which is encapsul

    - by Picaro De Vosio
    Hi, I have a structure defined in IDL. This structure has following members: { BSTR m_sFirst; BSTR m_sSecond; VARIANT m_vChildStruct; //This member encapsulate a sub structure SAFEARRAY __RPC_FAR * m_saArray; }CustomINFO; I am allocating the memory for the structs using CoTaskMemAlloc and encapsulating it in Variant as follows: vV-vt = VT_RECORD; vV-pvRecord = pStruct; //Pointer of sturct vV-pRecInfo = pRI; //RecordInfo Interface Is it enough to call VariantClear to deallocate the memory of struct and its members? Will it also release the IRecordInfo interface? Or i have to manually get the encapsulated struct and deallocate each member myself and then use CoTaskMemFree to deallocate sturct. Thanks Picaro De Vosio

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 306 307 308 309 310 311 312 313 314 315 316 317  | Next Page >