Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 323/3920 | < Previous Page | 319 320 321 322 323 324 325 326 327 328 329 330  | Next Page >

  • VB6 debugging- doesn't go to error handling code.

    - by Can Ho
    Hi, I'm maintaining a vb6 project(ActiveX DLL). When debugging, the app run into the following function: Public Function HasValue(ByVal vValue) As Boolean On Error GoTo Err If IsMissing(vValue) Then HasValue = False ElseIf IsNull(vValue) Or Len(vValue) = 0 Then HasValue = False ElseIf isEmpty(vValue) Then HasValue = False Else HasValue = True End If Exit Function Err: If IsArray(vValue) Or IsObject(vValue) Then HasValue = True Else HasValue = False End If End Function and it stops at the line ElseIf IsNull(vValue) Or Len(vValue) = 0 Then vValue is a custom object, contains some properties(obviously, not null). Although I didn't put any break point there, the app stopped there and alerted error dialog saying that "Run-time error '438': Object doesn't support this property or method". We had error handling code but the app didn't run to error handling code. It just stopped at the line causing the error and I had to stop the application. Do you have any idea about that? Thank you very much.

    Read the article

  • Python code, extracting extensions

    - by user1434001
    import os path = '/Users/Marjan/Documents/Nothing/Costco' print path names = os.listdir(path) print len(names) for name in names: print name Here is the code I've been using, it lists all the names in this category in terminal. There are a few filenames in this file (Costco) that don't have .html and _files. I need to pick them out, the only issue is that it has over 2,500 filenames. Need help on a code that will search through this path and pick out all the filenames that don't end with .html or _files. Thanks guys

    Read the article

  • How do I validate that my the openid.op_endpoint when a request is completed.

    - by Sam Saffron
    I have an Open ID based authentication system on my site. Occasionally users will have an account registered under [email protected] and they will attempt to login using the google open id provider https://www.google.com/accounts/o8/id, in this case I would like to automatically associate the account and log them in. When the process is done I get a payload from somewhere claiming that openid.op_endpoint=https://www.google.com/accounts/o8/id. My question: Can I trust openid.op_endpoint to be correct? Can this be spoofed somehow by a malicious openid provider? For illustration, lets say someone types in http://evil.org as their openid provider, can I somehow end up getting a request back that claims openid.op_endpoint is google? Do I need to store extra information against the nonce to validate? The spec is kind of tricky to understand

    Read the article

  • Login form to an a secured app in tomcat

    - by patricio
    I have a normal HTML page in a normal Apache http server (http://yyy.yyy.yyy.yyy/index.html ), with an authentication form, with that form I need to access with the credentials to an application located in other server with diferent IP , that server have a secured application with tomcat: here is the login form in the apache http server: <form method="POST" id="theForm" action="http://xxx.xxx.xxx.xxx:8080/securedapp/j_security_check"> <input name="j_username" type="text" class="tx_form" id="j_username" size="20" /> <input name="j_password" type="password" class="tx_form" id="textfield2" size="20" /> <input name="btn" type="submit" value="login" /> </form> the submit only works random in chrome and dont work in IE and FF. im doing something wrong?

    Read the article

  • Single Sign On with 3 applications

    - by John H.
    I'm building three web applications in .NET that will all share a users database and login information. Lets pretend that application 1 is the "parent" application and applications "A" and "B" are the "child" applications. All users have to be logged into application 1 to have access to applications A and B. Authorization, Authentication, and MachineKey sections of all web configs are present and work correctly. I have the correct web.config settings in all applications to achieve Single Sign On except one problem remains: what do I put in the "loginUrl" attribute of the forms tag in Applications A and B. Assume that the url for the login to application 1 is "www.johnsapp.com/login.aspx" How can I get applications A and B to send the user back to application 1 for authentication using only settings in web.config?

    Read the article

  • How can we store password other than plain text?

    - by Eric
    I've found numerous posts on stackoverflow on how to store user passwords. However, I need to know what is the best way to store a password that my application needs to communicate with another application via the web? Currently, our web app needs to transmit data to a remote website. To upload the data, our web app reads the password from a text file and creates the header with payloads and submits via https. This password in plain text on the file system is the issue. Is there any way to store the password more securely? Thanks!

    Read the article

  • How much effort does it take to spoof an Ip Address in a call to a webservice?

    - by Rory Becker
    I don't want to know how... Just how complicated.... I'm thinking of securing a webservice or 2 based on the incoming client ipaddress of the caller. Is this in any way secure? Surely if the IPaddress was being spoofed then the result would have to be sent back to the address that was being spoofed and therefore not reach the spoofer? Update: Ok so from what I can tell.... I should create a Gettoken() method which checks the IPaddress and passes out a cryptographically significant token with a timeout to any valid IP address. This is then required by any other method before any kind of side effect is allowed. Since an Attacker can't (likely) get the token without having a valid IP, he will be unable to validly call any of my "dangerous" webmethods ?

    Read the article

  • How to play music on site preventing direct file download

    - by Hugo Palma
    I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. A server side solution can be implemented as i have full access to the server.

    Read the article

  • Backdoor Strategy- opinion needed.

    - by the Hampster
    I'm creating an application to track publications and grants for a university. Professors will need to put they CV into the system when it is up and running. Yeah, right. The person in charge is planning on hiring someone to input all of the information, but my questions is how? The strategy I'm thinking of is to install a backdoor. The lucky undergrad can log in as any professor using the backdoor. Once all the data is removed, the backdoor can be removed. Doing so would probably be as simple as editing out a comment in the config file. The IT guys would still have access, but since they control the machines, they would have access anyway. Are there any flaws to this strategy?

    Read the article

  • Preventing dictionary attacks on a web application

    - by Kevin Pang
    What's the best way to prevent a dictionary attack? I've thought up several implementations but they all seem to have some flaw in them: Lock out a user after X failed login attempts. Problem: easy to turn into a denial of service attack, locking out many users in a short amount of time. Incrementally increase response time per failed login attempt on a username. Problem: dictionary attacks might use the same password but different usernames. Incrementally increase response time per failed login attempt from an IP address. Problem: easy to get around by spoofing IP address. Incrementally increase response time per failed login attempt within a session. Problem: easy to get around by creating a dictionary attack that fires up a new session on each attempt.

    Read the article

  • How to Check Authenticity of an AJAX Request

    - by Alex Reisner
    I am designing a web site in which users solve puzzles as quickly as they can. JavaScript is used to time each puzzle, and the number of milliseconds is sent to the server via AJAX when the puzzle is completed. How can I ensure that the time received by the server was not forged by the user? I don't think a session-based authenticity token (the kind used for forms in Rails) is sufficient because I need to authenticate the source of a value, not just the legitimacy of the request. Is there a way to cryptographically sign the request? I can't think of anything that couldn't be duplicated by a hacker. Is any JavaScript, by its exposed, client-side nature, subject to tampering? Am I going to have to use something that gets compiled, like Flash? (Yikes.) Or is there some way to hide a secret key? Or something else I haven't thought of? Update: To clarify, I don't want to penalize people with slow network connections (and network speed should be considered inconsistent), so the timing needs to be 100% client-side (the timer starts only when we know the user can see the puzzle). Also, there is money involved so no amount of "trusting the user" is acceptable.

    Read the article

  • Question about SSL Certificate.

    - by smwikipedia
    Hi experts, I am trying to make a SSL connection to a web site. Each time I enter the https:// address and press enter, the IE8 prompts me to select the Certificate (Client Certificate) to send to the server. I got 2 certificates to choose from. And they are stored in the IE8 - Internet Options - Content - Certificates - Personal. Since my server and client are the same machine, I want to use a single certificate for both server and client. And this certificate is a IIS generated self signed certificate. I do the following steps: 1- Generate a self-signed-cert in IIS; 2- Bind my site to https and choose the above self-signed-cert 3- Import the self-signed-cert at the IE8 - Internet Options - Content - Certificates - Personal. Then I use the https link to access my page, it is still prompts me to choose a certificate. But I cannot see my newly imported self-signed-cert. Why?

    Read the article

  • Customer provider Password Reset client.

    - by ProfK
    I'm looking for guidence on writing a custom password reset UI, but it must fit the Provider 'Pattern', or degrade silently to built-in defaults. E.g. my Reset Control must collect extra information, and perform differently to the standard Password Recovery Control. It must close as possible use the standard MembershipProvider interface for standard functions, and only use an extended interface for the non-standard stuff. I'd like some reading on issues such as, what must I ask the Membership Provider for, and what must I do myself. What must I tell the provider (service?) about what I do? Etc.

    Read the article

  • user access management in j2ee web application

    - by kawtousse
    Hi everyone, I am working with jsp/servlet project and i have to complete the module of access management to my jsps since I have more than one user with different profile. I defined a table in my database wich resume the profil and the url permitted like that: id_profil :1 url : http://localhost/...xyz.jsp id page 1 Now I am trying to let the menu modified appropriately to the id_profil of the logged user. So there are pages allowed in one profile but must be hidden to others. I have no idea since now how to realize this and it is so important for me. thanks for your help.

    Read the article

  • Converting a C# code to F#??

    - by Brendon
    Hello all I am just a beginner in programing i wish covert some code from C# to F#, I have encotered this code: float[] v1=new float[10]; ... //Enqueue the Execute command. Queue.Execute(kernelVecSum, null, **new long[] { v1.Length }**, null, null); I have previously ask how to convert the v1 object, I think i know how, But how do i use the function call especially the "new long[] { v1.Length }" part of the function argument, what does "new long[] { v1.Length }" mean?? I have created v1 like this "let v1 = [| for i in 1.0 .. 10.0 -> 2.0 * i |]" Is it correct?? or should i use v1 like this "let v1 = ref [| for i in 1.0 .. 10.0 -> 2.0 * i |]" ???

    Read the article

  • Hosting SQL at remote location?

    - by Syd
    Hey guys, My OSCommerce site includes a separately programmed feature for which I use SQL tables. I've decided to host its tables on a remote site offering free SQL accounts. I'd like to know if there could be any disadvantages to this approach. Thanks Syd

    Read the article

  • starting a service based on someone's GPL/MIT licensed code

    - by fooyee
    someone wrote a nice framework for developing html5 3d engine. It's GPL/MIT licensed. Do you think it's a good idea to build upon it, and then repackage it and sell it as a service? For eg the framework lets you build 3d environments. so I build on it, maybe add a few features like characters and music in the environment, and turn it into an online game. Is it a feasible idea? Of course, part of the GPL license says that all source code has to be visible to end users. Assuming the web is a winner take all market based on first mover advantage, why care about hiding the source code? It's the product that's being sold that counts.

    Read the article

  • C++ code generation for repeted task

    - by sateesh
    Hi, I have something like below which will get repeated many times based on the function that get called for e.g acceptfunction() { inserter["quantity"] = sdd.getfloat(quantity); inserter["prodtype"] = sdd.getstring(prodtype); : : so on } Like accept above there are 20 more functions(reject,cancel etc) which will do the similar thing.But the parameteres they insert can differ based on function called. How can I automate this kind of code.So that I dont need to write new function from scratch.Basically what I need is if i provide parametres like ("quantity",prodtype) through some text file or xml, it should generate the required function with the input parametres. Is this task can be handled through C++ tempalte Meta programming or someother code generation tool will help me to do this?

    Read the article

  • Ngen or compile to native code is better

    - by Raghav55
    I want to know which is one better native code generated is NGen.exe is better or run time conversion of IL to native code by JIT ? using System; public class Vehicle { public Vehicle() { } public string Name { get; set; } public string Model { get; set; } } class Program { static void Main(string[] args) { Vehicle aVech = new Vehicle(); aVech.Name = "BUS"; aVech.Model = "1980"; } }

    Read the article

  • How to play music on site preventing easy direct file download

    - by Hugo Palma
    I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. I know that it's probably impossible to prevent this all together, but i at least don't want it to be obvious. A server side solution can be implemented as i have full access to the server.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 319 320 321 322 323 324 325 326 327 328 329 330  | Next Page >