Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 314/3920 | < Previous Page | 310 311 312 313 314 315 316 317 318 319 320 321  | Next Page >

  • ASP.NET Thread Safety in aspx.cs code behind file

    - by Tim Michalski
    I am thinking of adding a DataContext as a member variable to my aspx.cs code-behind class for executing LinqToSql queries. Is this thread safe? I am not sure if a new instance of this code-behind class is created for each HTTP request, or if the instance is shared amongst all request threads? My fear is that I will get 10 simultaneous concurrent http requests that will be using the same database session. public partial class MyPage : System.Web.UI.Page { private DataContext myDB = new DataContext(); protected void MyAction_Click(object sender, EventArgs e) { myDB.DoWork(); } }

    Read the article

  • Password checking in dojo

    - by Richard
    I want to check that two passwords are the same using Dojo. Here is the HTML I have: <form id="form" action="." dojoType="dijit.form.Form" / <pPassword: <input type="password" name="password1" id="password1" dojoType="dijit.form.ValidationTextBox" required="true" invalidMessage="Please type a password" /</p <pConfirm: <input type="password" name="password2" id="password2" dojoType="dijit.form.ValidationTextBox" required="true" invalidMessage="This password doesn't match your first password" /</p <div dojoType="dijit.form.Button" onClick="onSave"Save</div </form Here is the JavaScript I have so far: var onSave = function() { if(dijit.byId('form').validate()) { alert('Good form'); } else { alert('Bad form'); } } Thanks for your help. I could do this in pure JavaScript, but I'm trying to find the Dojo way of doing it.

    Read the article

  • Javascript CS-PRNG - 64-bit random

    - by Jack
    Hi, I need to generate a cryptographically secure 64-bit unsigned random integer in Javascript. The first problem is that Javascript only allows 64-bit signed integers, so 9223372036854775808 is the biggest supported integer without going into floating point use I think? To fix this I can use a big number library, no problem. My Method: var randNum = SHA256( randBigInt(128, 0) ) % 2^64; Where SHA256() is a secure hash function and randBigInt() is defined below as a non-crypto PRNG, im giving it a 128bit seed so brute force shouldn't be a problem. randBigInt(n,s) //return an n-bit random BigInt (n>=1). If s=1, then the most significant of those n bits is set to 1. Is this a secure method to generate a cryptographically secure 64-bit random int? And importantly does taking the 2^64 mod guarantee 100% I have a 64-bit number? An abstract example, say this number is prime (it isn't i know), I will use it in the Galois Field [2^p], where p must be 64bits so that every possible 1-63bit number is a field element. In this query, my random int must be larger than any 63-bit number. And Im not sure im correct in taking the 2^64 mod of a 256bit hash output. Thanks (hope that makes sense)

    Read the article

  • Is DB logging more secure than file logging for my PHP web app?

    - by iama
    I would like to log errors/informational and warning messages from within my web application to a log. I was initially thinking of logging all of these onto a text file. However, my PHP web app will need write access to the log files and the folder housing this log file may also need write access if log file rotation is desired which my web app currently does not have. The alternative is for me to log the messages to the MySQL database since my web app is already using the MySQL database for all its data storage needs. However, this got me thinking that going with the MySQL option is much better than the file option since I already have a configuration file with the database access information protected using file system permissions. If I now go with the log file option I need to tinker the file and folder access permissions and this will only make my application less secure and defeats the whole purpose of logging. Is this correct? I am using XAMPP for development and am a newbie to LAMP. Please let me know your recommendations for logging. Thanks.

    Read the article

  • mysqli_stmt_bind_param SQL Injection

    - by profitphp
    Is there still an injection risk when using prepared statements and mysqli_stmt_bind_param? For example: $malicious_input = 'bob"; drop table users'; mysqli_stmt_bind_param($stmt, 's', $malicious_input); Behind the scenes does mysqli_stmt_bind_param pass this query string to mysql: SET @username = "bob"; drop table users"; Or does it perform the SET command through the API, or use some type of protection to keep this from happening?

    Read the article

  • Can this be imporved? Scrubing of dangerous html tags.

    - by chobo2
    Hi I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • permutation need help to code

    - by Hunt
    Thank for your reply, first thing i wish to thank you for trying to help me out, and i have post this in few website also no one trying to help at all. For my code, what i wish to do is permutation count. it will count from top to bottom 1,2,3 1,2,3 1,2,3 output to 111 = 1 112 = 1 113 = 1 121 = 1 122 = 1 123 = 1 133 = 1 211 = 1 212 = 1 213 = 1 333 = 1 and continue till all number is count and also store to the array which can check how many count after all code will check the input number and count how many outcome and show the results with how many outcome and each have how many after permutation count. Its hard to do?. Anyway thank you for help.

    Read the article

  • Use my own authentication in tomcat

    - by mabuzer
    how can I force tomcat to use my own implementation of Authenticator, and not the existing one like [FORM, BASIC, DIGEST,, etc]. I know if I added my authentication class name in org.apache.catalina.startup.Authenticators.properties it would work,,, any help please... I need an alternative for this...

    Read the article

  • How to reduce redundant code when adding new c++0x rvalue reference operator overloads

    - by Inverse
    I am adding new operator overloads to take advantage of c++0x rvalue references, and I feel like I'm producing a lot of redundant code. I have a class, tree, that holds a tree of algebraic operations on double values. Here is an example use case: tree x = 1.23; tree y = 8.19; tree z = (x + y)/67.31 - 3.15*y; ... std::cout << z; // prints "(1.23 + 8.19)/67.31 - 3.15*8.19" For each binary operation (like plus), each side can be either an lvalue tree, rvalue tree, or double. This results in 8 overloads for each binary operation: // core rvalue overloads for plus: tree operator +(const tree& a, const tree& b); tree operator +(const tree& a, tree&& b); tree operator +(tree&& a, const tree& b); tree operator +(tree&& a, tree&& b); // cast and forward cases: tree operator +(const tree& a, double b) { return a + tree(b); } tree operator +(double a, const tree& b) { return tree(a) + b; } tree operator +(tree&& a, double b) { return std::move(a) + tree(b); } tree operator +(double a, tree&& b) { return tree(a) + std::move(b); } // 8 more overloads for minus // 8 more overloads for multiply // 8 more overloads for divide // etc which also has to be repeated in a way for each binary operation (minus, multiply, divide, etc). As you can see, there are really only 4 functions I actually need to write; the other 4 can cast and forward to the core cases. Do you have any suggestions for reducing the size of this code? PS: The class is actually more complex than just a tree of doubles. Reducing copies does dramatically improve performance of my project. So, the rvalue overloads are worthwhile for me, even with the extra code. I have a suspicion that there might be a way to template away the "cast and forward" cases above, but I can't seem to think of anything.

    Read the article

  • Can this be improved? Scrubing of dangerous html tags.

    - by chobo2
    I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • Best way to get a reasonably random key for MYSQL records

    - by Steve N
    Hi there, I need to generate a reasonably random unique key for a table. It should be something like a GUID for MYSQL. I've tried UUID, but it looks like only the first few characters are actually random- the rest are the same every time I insert them. Essentially, it is desirable for this key field to be very difficult to guess, even if you already have one known value in the column. What is the best way to do this, and how should I set up the field data type to store the value efficiently? Thank you, Steve

    Read the article

  • Is this crufty?

    - by bobobobo
    I'm writing code like: class Game { int getMouseX() { return inputManager.getMouseX() ; } } ; I remember seeing code like this and hating it. One function passes off to another? What is this "pattern" (or, possibly, anti-pattern) called? I don't like it! On the other hand, it saves exposing the InputManager to the user of the class... would that be a better choice? Or should Game simply not contain InputManager? Edit What about using multiple inheritance instead? class Game : public InputManager, public Window { // by virtue of inheriting InputManager and Window, // Game now has "acquired" the capabilities of // InputManager's public functions, without requiring delegate. } ; Have I not found a reasonably good use for multiple inheritance??

    Read the article

  • Is *not* using the asp.net membership provider a bad idea?

    - by EJB
    Is it generally a really bad idea to not use the built-in asp.net membership provider? I've always rolled my own for my asp.net apps (public facing), and really have not had any problems in doing so. It works, and seems to avoid a layer of complexity. My needs are pretty basic: once setup, the user must use email address and password to login, if they forget it, it will be emailed back to them (a new one). After setup there is little that needs to be done to each user account, but I do need to store several extra fields with each user (full name, telephone and a few other fields etc). The number of users that required login credentials are small (usually just the administrator and a few backups), and everyone else uses the site unauthenticated. What are the big advantages that I might be missing out on by skipping the asp.net membership provider functionality?

    Read the article

  • Ruby execute code in class getting inherited to

    - by AdamB
    I'm trying to be able to have a global exception capture where I can add extra information when an error happens. I have two classes, "crawler" and "amazon". What I want to do is be able to call "crawl", execute a function in amazon, and use the exception handling in the crawl function. Here are the two classes I have: require 'mechanize' class Crawler Mechanize.html_parser = Nokogiri::HTML def initialize @agent = Mechanize.new end def crawl puts "crawling" begin #execute code in Amazon class here? rescue Exception => e puts "Exception: #{e.message}" puts "On url: #{@current_url}" puts e.backtrace end end def get(url) @current_url = url @agent.get(url) end end class Amazon < Crawler #some code with errors def stuff page = get("http://www.amazon.com") puts page.parser.xpath("//asldkfjasdlkj").first['href'] end end a = Amazon.new a.crawl Is there a way I can call "stuff" inside of "crawl" so I can use that exception handling over the entire stuff function? Is there a better way to accomplish this?

    Read the article

  • Optimizing BeautifulSoup (Python) code

    - by user283405
    I have code that uses the BeautifulSoup library for parsing, but it is very slow. The code is written in such a way that threads cannot be used. Can anyone help me with this? I am using BeautifulSoup for parsing and than save into a DB. If I comment out the save statement, it still takes a long time, so there is no problem with the database. def parse(self,text): soup = BeautifulSoup(text) arr = soup.findAll('tbody') for i in range(0,len(arr)-1): data=Data() soup2 = BeautifulSoup(str(arr[i])) arr2 = soup2.findAll('td') c=0 for j in arr2: if str(j).find("<a href=") > 0: data.sourceURL = self.getAttributeValue(str(j),'<a href="') else: if c == 2: data.Hits=j.renderContents() #and few others... c = c+1 data.save() Any suggestions? Note: I already ask this question here but that was closed due to incomplete information.

    Read the article

  • PHP - What to store in a session?

    - by eWolf
    I know about all the issues with session fixation and hijacking. My question is really basic: I want to create an authentication system with PHP. For that, after the login, I would just store the user id in the session. But: I've seen some people do weird things like generating a GUID for each user and session and storing that instead of just the user id in the session. Why? The content of a session cannot be obtained by a client - or can it?

    Read the article

  • Java - store sensitive data

    - by Mike
    Hello. I develop application with Java. I need to store some initial configuration data in some kind of file. I want my app to be able to read this data, but I don't want user to do so. Example : application loads IP from encrypted file. User sees like "dsda@#21da@" so he won't bother doing anything :) How should I do such a thing? Thanx!

    Read the article

  • What's wrong with XOR encryption?

    - by Colin
    I wrote a short C++ program to do XOR encryption on a file, which I may use for some personal files (if it gets cracked it's no big deal - I'm just protecting against casual viewers). Basically, I take an ASCII password and repeatedly XOR the password with the data in the file. Now I'm curious, though: if someone wanted to crack this, how would they go about it? Would it take a long time? Does it depend on the length of the password (i.e., what's the big-O)?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 310 311 312 313 314 315 316 317 318 319 320 321  | Next Page >