Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 312/3920 | < Previous Page | 308 309 310 311 312 313 314 315 316 317 318 319  | Next Page >

  • How to make a secure login using UDID or device token?

    - by Erik B
    So I'm making an app where I want the users to be able add, edit and rate content, but I do not want to force them to register. Instead I was planning on just using their device id or device token to identify them. I'm planning on making both an iPhone and Android version, so I'm looking for a general solution, but the iPhone version has higher priority, so an iPhone specific solution would also be welcome. The problem is that I don't want just anyone to be able to use my web service by sending a phony device id or someone else's device id. How would the client prove to the server that it is providing the correct device id?

    Read the article

  • How can I ensure that a Java object (containing cryptographic material) is zeroized?

    - by Jeremy Powell
    My concern is that cryptographic keys and secrets that are managed by the garbage collector may be copied and moved around in memory without zeroization. As a possible solution, is it enough to: public class Key { private char[] key; // ... protected void finalize() throws Throwable { try { for(int k = 0; k < key.length; k++) { key[k] = '\0'; } } catch (Exception e) { //... } finally { super.finalize(); } } // ... }

    Read the article

  • Code snippets in interview

    - by Maddy
    Hi All, Recently I went to an interview for a C development position. Instead of asking me questions, they just gave me 20 code snippets to find out two logical errors on each one. I just couldn't complete all of the 20 since it took me time to go through each of these code snippets. My question is: Is this the right way to judge a candidate? If yes, how can I improve over my error detection skills so that I don't need to waste a lot of time in the next interview? If possible, please, suggest me some links where I could find lots of samples of such questions (mainly in C). Thanks and regards, Maddy

    Read the article

  • Smart Client App: How to give Different Settings for Different Users

    - by Daniel
    Hi! I have a smart client application being deployed with a CickOnce webpage. here's the current scenario. User runs the application, and the application shows a login form. User enters ID/Password in the login form, and the application sends that information to the server. The server authenticates the user and sends configuration and data to the application. Different users have different configuration and data for their application. I was concerned that anyone can download the application from the webpage if they know the URL. So I'm trying to change the authentication scheme, so that users can login at the webpage to download the application. I want to send the authentication info from the webpage(Program running at the server) to the smart client app, so that application can download the configuration information from the server, without prompting users to make a login again. How can the webpage send the ID/Passoword to the application securely?

    Read the article

  • Use of LOC to determine project size

    - by acidzombie24
    How many lines of code (LOC) does it take to be considered a large project? How about for just one person writing it? I know this metric is questionable, but there is a significant difference, for a single developer, between 1k and 10k LOC. I typically use space for readability, especially for SQL statements, and I try to reduce the amount of LOC for maintenance purpose to follow as many best practice as i can. For example, I created a unified diff of the code I modified today, and it was over 1k LOC (including comments and blank lines). Is "modified LOC" a better metric? I have ~2k LOC, so it's surprising I modified 1k. I guess rewriting counts as both a deletion and addition which doubles the stats.

    Read the article

  • Documents/links on preventing HTML form fiddling?

    - by larryq
    Hi everyone, I'm using ASP.Net but my question is a little more general than that. I'm interested in reading about strategies to prevent users from fooling with their HTML form values and links in an attempt to update records that don't belong to them. For instance, if my application dealt with used cars and had links to add/remove inventory, which included as part of the URL the userid, what can I do to intercept attempts to munge the link and put someone else's ID in there? In this limited instance I can always run a check at the server to ensure that userid XYZ actually has rights to car ABC, but I was curious what other strategies are out there to keep the clever at bay. (Doing a checksum of the page, perhaps? Not sure.) Thanks for your input.

    Read the article

  • Passing an array for setting variable

    - by mathk
    Hi, I often see this idiom when reading php code: public function __construct($config) { if (array_key_exists('options', $config)) { ... } if (array_key_exists('driver_options', $config)) { ... } } Here I am concern with the way the parameter is used. If I were in lisp I would do: (defun ct (&key options driver_options) (do-something-with-option-and-driver_option)) But since I am in PHP I would rather have a constructor that take a list of parameter and let them be null if there a not require. So what do you guys think about having an array as parameter in other to do some initialization-or-whatever? In other to answer you have to take in account the point of view of the user of the function and the designer of the API. Also have you ever heard this has a code-smell? thanks

    Read the article

  • How to secure phpMyAdmin

    - by Andrei
    Hi, I have noticed that there are strange requests to my website trying to find phpmyadmin, like /phpmyadmin/ /pma/ etc. Now I have installed PMA on Ubuntu via apt and would like to access it via webaddress different from /phpmyadmin/. What can I do to change it? Thanks

    Read the article

  • Use Apache authentication in Django without popup

    - by chernevik
    I am using Apache to authenticate users for Django, but I would like to do so without the popup form that Apache uses in its basic configuration. How do I embed the login form within a page while still using Apache for authentication? That is, I'd like a page that says "Please login" and provides a form asking for username and password, and passes this information on to Apache for authentication. (I'd do this over an SSL connection, of course.)

    Read the article

  • Resuming execution of code after exception is thrown and caught

    - by dotnetdev
    Hi, How is it possible to resume code execution after an exception is thrown? For exampel, take the following code: namespace ConsoleApplication1 { class Test { public void s() { throw new NotSupportedException(); string @class = "" ; Console.WriteLine(@class); Console.ReadLine(); } } class Program { static void Main(string[] args) { try { new Test().s(); } catch (ArgumentException x) { } catch (Exception ex) { } } } } After catching the exception when stepping through, the program will stop running. How can I still carry on execution? Thanks

    Read the article

  • CSRF protecting and cross site form access

    - by fl00r
    Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?

    Read the article

  • Self signed Certificate Based Authentication

    - by Tadi Vijay Kumar
    Hi All.. I have started a project based on Client server communication in java. What i'm doing is client and server have their own self signed certificates. In initial communication both client and server will exchange their certificates. Server has to verify clients certificate and should grant authentication. Where i struck was on what topic server can validate or invalidate a particular client..? I am unable to proceed from here. So please any of you can give brief explanation about it? if possible some Pseudocode in java..?

    Read the article

  • Strategy for developing namespaced and non-namespaced versions of same PHP code

    - by porneL
    I'm maintaining library written for PHP 5.2 and I'd like to create PHP 5.3-namespaced version of it. However, I'd also keep non-namespaced version up to date until PHP 5.3 becomes so old, that even Debian stable ships it ;) I've got rather clean code, about 80 classes following Project_Directory_Filename naming scheme (I'd change them to \Project\Directory\Filename of course) and only few functions and constants (also prefixed with project name). Question is: what's the best way to develop namespaced and non-namespaced versions in parallel? Should I just create fork in repository and keep merging changes between branches? Are there cases where backslash-sprinkled code becomes hard to merge? Should I write script that converts 5.2 version to 5.3 or vice-versa? Should I use PHP tokenizer? sed? C preprocessor? Is there a better way to use namespaces where available and keep backwards compatibility with older PHP?

    Read the article

  • is it safe to call "plink.exe" in an application

    - by EBAGHAKI
    i want to use "plink.exe -u username -pw securepassword" on my windows visual c++ program. will username and password remain safe while calling this command? I mean can a hacker steal or sniff the username and password? (consider hacker can't get to the password directly from the exe file)

    Read the article

  • Anything wrong with this code?

    - by Scott B
    Do I actually have to return $postID in each case, in the code below? This is code required for capturing the values of custom fields I've added to the WP post and page editor. Got the idea from here: http://apartmentonesix.com/2009/03/creating-user-friendly-custom-fields-by-modifying-the-post-page/ add_action('save_post', 'custom_add_save'); function custom_add_save($postID){ if (defined('DOING_AUTOSAVE') && DOING_AUTOSAVE) { return $postID; } else { // called after a post or page is saved if($parent_id = wp_is_post_revision($postID)) { $postID = $parent_id; } if ($_POST['my_customHeader']) { update_custom_meta($postID, $_POST['my_customHeader'], 'my_customHeader'); } else { update_custom_meta($postID, '', 'my_customHeader'); } if ($_POST['my_customTitle']) { update_custom_meta($postID, $_POST['my_customTitle'], 'my_customTitle'); } else { update_custom_meta($postID, '', 'my_customTitle'); } } return $postID; //IS THIS EVEN NECESSARY? } function update_custom_meta($postID, $newvalue, $field_name) { // To create new meta if(!get_post_meta($postID, $field_name)){ add_post_meta($postID, $field_name, $newvalue); }else{ // or to update existing meta update_post_meta($postID, $field_name, $newvalue); } }

    Read the article

  • How to secure the communication between an MSSQL database and a c# administrative tool?

    - by citronas
    How can I secure the communication between a C# programm running locally on my computer and a MSSQL Server in a hosted environment? I have an asp.net application that is secured by SSL encryption. So using the asp.net from an open wlan connection is no problem. How can I achieve the same kind of encryption for my administrative tool? Would it be best to write a service? But how would that connection to the service be secured?

    Read the article

  • PHP Session code work differently on two servers

    - by williamsdb
    I have some code which works fine on one server but is giving a session header warning: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent on another. I have checked the php.ini settings on the two servers and they are identical. I know that the warning message is supposed to suggest that something has been outputted before the session_start but what I don't understand is why the same code works on one server but not the other. Is there anything else that could be explaining it other than the php.ini settings?

    Read the article

  • Too much data for RSA block fail. What is PKCS#7?

    - by Tom Brito
    Talking about javax.crypto.Cipher; I was trying to encrypt data using Cipher.getInstance("RSA/None/NoPadding", "BC"); but I got the exception: ArrayIndexOutOfBoundsException: too much data for RSA block Looks like is something related to the "NoPadding", so, reading about padding, looks like CBC is the best approach to use here. I found at google something about "RSA/CBC/PKCS#7", what is this "PKCS#7"? And why its not listed on sun's standard algorithm names?

    Read the article

  • Code in Global.asax prevents webpage from loading

    - by pete the pagan-gerbil
    I've made a static class to hold a number of configuration values (and also swap these values out in unit tests). If I initialise it in the Global.asax, the code runs correctly but the page doesn't load at all, and trying to navigate to a specific page fails. I can't initialise the values in a constructor or inline on the field declarations, because I need to be able to swap the values out in unit tests before the web.config is interrogated. Basically, putting the one line "ConfigClass.SetValues()" in the Global.asax prevents the app from loading correctly (although, as I say, it runs the code fine) and removing it again makes the app load properly - but without the class values initialised. As an aside, I'm sure I had this working correctly and being initialised in the Global.asax yesterday. I'm positive I didn't take any action to change or break it... Does anyone have advice on how I might track down what's going on here? Was I mistaken that it worked before (always possible) and that I need to go back and redesign something?

    Read the article

  • Explain a block of crazy JS code inside Sizzle(the CSS selector engine)

    - by Andy Li
    So, here is the function for pre-filtering "CHILD": function(match){ if ( match[1] === "nth" ) { // parse equations like 'even', 'odd', '5', '2n', '3n+2', '4n-1', '-n+6' var test = /(-?)(\d*)n((?:\+|-)?\d*)/.exec( match[2] === "even" && "2n" || match[2] === "odd" && "2n+1" || !/\D/.test( match[2] ) && "0n+" + match[2] || match[2]); // calculate the numbers (first)n+(last) including if they are negative match[2] = (test[1] + (test[2] || 1)) - 0; match[3] = test[3] - 0; } // TODO: Move to normal caching system match[0] = done++; return match; } The code is extracted from line 442-458 of sizzle.js. So, why is the line var test = ..., have the exec inputing a boolean? Or is that really a string? Can someone explain it by splitting it into a few more lines of code?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 308 309 310 311 312 313 314 315 316 317 318 319  | Next Page >