Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 324/3920 | < Previous Page | 320 321 322 323 324 325 326 327 328 329 330 331  | Next Page >

  • How to play music on site preventing easy direct file download

    - by Hugo Palma
    I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. I know that it's probably impossible to prevent this all together, but i at least don't want it to be obvious. A server side solution can be implemented as i have full access to the server.

    Read the article

  • Using Forms authentication with remote auth system?

    - by chobo
    I am working on a website that uses a remote websites database to check for authentication (they are both share some database tables, but are separate website...) Right now I check the username and password against the remote websites account / member table, if there is a match I create a session. Questions: Is this secure? On authenticated pages I just check if a session of a specific type exists.Is it possible for someone to create an empty session or something that could bypass this? Is it possible to use Forms authentication with this setup? Right now if a user is authenticated I just get an object back with the username, email and id.

    Read the article

  • Should I sanitize EVERY form variable passed along?

    - by Camran
    I have a form with many fields... The action is set to a php page which queries mysql... Should I sanitize with mysql_real_escape_string every single variable? Or can I ignore sanitizing drop-lists and radios for instance? Also, besides mysql_real_escape_string, what else should I do to prevent attacks? Thanks

    Read the article

  • Replace text in code with counting numbers

    - by Gpx
    Hi, due to testing and time measuring i have to write some kind of log into existing c# winforms code in Visual Studio 2010. I want to hold the changes and the work very small so my question is about replacing text in my call by counting numbers. Lets say i want to past a line like Log.WriteLine(position) many times in the code and then replace "position" with numbers starting from 1 to n in on turn. I cant use a counter in this case because of many loops i don´t get the right position. Thanks for any suggestions, Gpx

    Read the article

  • Detecting use after free() on windows. (dangling pointers)

    - by The Rook
    I'm trying to detect "Use after free()" bugs, otherwise known as "Dangling pointers". I know Valgrind can be used to detect "Use after free" bugs on the *nix platform, but what about windows? What if I don't have the source? Is there a better program than Valgrind for detecting all dangling pointers in a program? A free and open source would be preferred , but I'll use a commercial solution if it will get the job done.

    Read the article

  • Is it possible to get RSA private key knowing public key and set of "original data=>encrypted data"

    - by Riz
    Hi, I work on apllication which allows plugins to access different set of functionality, every plugin provides "initialization string" which sets level of access to different features. Developers send me this strings, and I encrypt them using my 1024 bit RSA private key and send encoded data back. When started, my application decodes encoded data(encoded initialisation string) using built-in public key and if "decoded data != initialization string" it fails to start. So, is it possible to use a database of "initialization string" = "encoded initialization string"(extracted from other plugins) to crack my private key, or make it possible to bruteforce it in reasonable time?

    Read the article

  • SQL Stored Procedure fired from C# Code-Behind not working on UPDATE

    - by CSSHell
    I have a stored procedure called from a C# code-behind. The code fires but the update command does not get performed. The stored procedure, if run directly, works. I think I am having a brain fart. Please help. :) CODEBEHIND protected void btnAbout_Click(object sender, EventArgs e) { SqlConnection myConnection = new SqlConnection(strConnection); SqlCommand myCommand = new SqlCommand("spUpdateCMSAbout", myConnection); myConnection.Open(); myCommand.CommandType = CommandType.StoredProcedure; myCommand.Parameters.Add("@AboutText", SqlDbType.NVarChar, -1).Value = txtAbout.Text.ToString(); myCommand.ExecuteNonQuery(); myConnection.Close(); } STORED PROCEDURE ALTER PROCEDURE fstage.spUpdateCMSAbout ( @AboutText nvarchar(max) ) AS BEGIN SET NOCOUNT ON; UPDATE fstage.staticCMS SET About = @AboutText; END HTML <asp:Button ID="btnAbout" runat="server" Text="Save" CausesValidation="False" onclick="btnAbout_Click" UseSubmitBehavior="False" /> C# .NET 4.0

    Read the article

  • password/login system in php

    - by Jonathan
    For a login system in php would this be a suitable outline of how it would work: users types in username and password, clicks login button. Checks if user exists in database, if it does, then retrieve the salt for that user hash the password and salt (would this be done on the client or server side? I think client side would be better, but php is server side so how would you do this?) check value against value in database, if the values match then user has typed in correct password and they are logged in.

    Read the article

  • Compute hex color code for an arbitrary string

    - by user222164
    Heading Is there a way to map an arbitrary string to a HEX COLOR code. I tried to compute the HEX number for string using string hashcode. Now I need to convert this hex number to six digits which are in HEX color code range. Any suggestions ? String [] programs = {"XYZ", "TEST1", "TEST2", "TEST3", "SDFSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS"}; for(int i = 0; i < programs.length; i++) { System.out.println( programs[i] + " -- " + Integer.toHexString(programs[i].hashCode())); }

    Read the article

  • Exists a replacement for the command-line-tool CASPOL.exe?

    - by tantran
    When trying to execute a .NET-App, it throws a "PolicyException", because "only one group is allowed". The tool should list existing settings, and allow to delete selected settings. Using caspol to list is not helpful, it is cruel. I've seen there is a simple gui-frontend, which allows to define NEW settings, but it does not allow to list or delete existing settings. Caspol is a nightmare, no wonder anyone uses it by choice. With .NET 1.1 Microsoft delivered a configuration-utility, but for .NET 2.0 i've found nothing.

    Read the article

  • Do you use logical negation operator (!) in "if" statement or check on "== false"

    - by Taras Terebkov
    Hello everyone, I just want to conduct a little survey about code style developers prefer. For me there are two ways to write "if" in such languages as Java, C#, C++, etc. (1) Logical negation operator public void foo() { if (!SessionManager.getInstance().hasActiveSession()) { . . . . . } } (2) Check on "false" public void foo() { if (SessionManager.getInstance().hasActiveSession() == false) { . . . . . } } I always believe that first way is much worst then the second one. Cause usually you don't "read" the code, but "recognize" it in one brief look. And exclamation symbol slipped from your mind, just disturbing you somewhere on the bottom of your unconscious. And only during reading the "if" block below you understand, that the logic is opposite - no sessions in "if" On the other hand in the second way of writing, an eye immediately catches words "SessionManager", "hasActiveSession" and "false". Also for me, the situation with "true" is different. In code like class SessionManager { private bool hasSession; public void foo() { if (hasSession == true) { . . . . . } else { . . . . . } } } I find "true" superfluous. why we repeating the sentence two times? The following is shorter and quicker to catch. class SessionManager { private bool hasSession; public void foo() { if (hasSession) { . . . . . } else { . . . . . } } } What do YOU think, guys?

    Read the article

  • .NET MVC What is the best way to disable browser caching?

    - by Chameera Dedduwage
    As far as my research goes, there are several steps in order to make sure that browser caching is disabled. These HTTP headers must be set: Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate Pragma: no-cache, no-store Expires: -1 Last-Modified: -1 I have found out that this can be done in two ways: Way One: use the web.config file <add name="Cache-Control" value="no-store, no-cache, must-revalidate, proxy-revalidate"/> <add name="Pragma" value="no-cache, no-store" /> <add name="Expires" value="-1" /> <add name="Last-Modified" value="-1" /> Way Two: use the meta tags in _Layout.cshtml <meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate, proxy-revalidate" /> <meta http-equiv="Pragma" content="no-cache, no-store" /> <meta http-equiv="Expires" content="-1" /> <meta http-equiv="Expires" content="-1" /> My Question: which is the better approach? Or, alternatively, are they equally acceptable? How do these all relate to different platforms? Which browsers would honor what headers? In addition, please feel free to add anything I've missed, if any.

    Read the article

  • Access denied for user 'root@localhost' (using password:NO)

    - by Nasser Hajloo
    I'm new to mysql, I'm trying to run Wordpress inmy windows desktop and it need Mysql. I install everything with Web Platform Installer which provided by microsoft. I never seta root password for mysql and in final step of installing wordpressit askfor root password of mysql. What is the default password for root (if there is one) and how to change it? I try mysql -u root password '123' but it show me Access denied for user 'root@localhost' (using password:NO) after this I try mysql -u root -p but it ask for a password which I don't have Thank you in advance

    Read the article

  • How do I password protect IIS in a method analogous to Apache's AuthType / AuthUserFile mechanism?

    - by Matt
    I'm used to doing basic password protection for Apache w/ the following method in Apache config files: AuthType Basic AuthName "By Invitation Only" AuthUserFile /path/to/.htpasswd Require valid-user However, I've been asked to put some protection on a subdirectory of a site running ColdFusion on top of IIS6, and I'm unfamiliar with how to do this. How is this done? What should I look out for? I just need to password protect an administrative subdirectory, so I don't need a full user login system - just something that limits who can access the section of the site.

    Read the article

  • Is Storing Cookies in a Database Safe?

    - by viatropos
    If I use mechanize, I can, for instance, create a new google analytics profile for a website. I do this by programmatically filling out the login form and storing the cookies in the database. Then, for at least until the cookie expires, I can access my analytics admin panel without having to enter my username and password again. Assuming you can't create a new analytics profile any other way (with OpenAuth or any of that, I don't think it works for actually creating a new Google Analytics profile, the Analytics API is for viewing the data, but I need to create an new analytics profile), is storing the cookie in the database a bad thing? If I do store the cookie in the database, it makes it super easy to programatically login to Google Analytics without the user ever having to go to the browser (maybe the app has functionality that says "user, you can schedule a hook that creates a new anaytics profile for each new domain you create, just enter your credentials once and we'll keep you logged in and safe"). Otherwise I have to keep transferring around emails and passwords which seems worse. So is storing cookies in the database safe?

    Read the article

  • code in xmlhttp.readyState==4 doen't get executed

    - by shazia
    function download() { if (window.XMLHttpRequest) {// code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); } else {// code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { //alert(xmlhttp.readyState); if(xmlhttp.readyState==4 && xmlhttp.status==200) { alert (xmlhttp.responseText); } } xmlhttp.open("GET","import.php?file="+document.getElementById('uploaded_file').value,false); xmlhttp.send(); // location.reload(true); } if I put alert and monitor xmlhttp.readyState then it shows me that its status does turn 4 and it does go in the if statement, if I don't monitor it with alert then it doesn't go in the if statement but I know import.php is working because I can see the changes in the database. I don't know whats going on...can anyone help. Thanks

    Read the article

  • Experience with protecting PHP code

    - by Alec Smart
    Hello, I am aware of that there are a number of code obfuscators/licensing programs for PHP. I wanted to know if anyone has actually used these and what their experience has been. Please note I do not want to know the solutions available. I want to know your experience using one of these solutions. Is it worth investing say 200$ purchasing a code obfuscator etc? I honestly would prefer something that does not have a loader etc. I know that it increases the chances of cracking, but I only want it to be a detrimental factor for them. Thank you for your time.

    Read the article

  • External user domain in grails

    - by archer
    We're currently using Acegi 0.5.2 plugin for Grails 1.2.1. However, we're going to move our user management to external CRM. What would be the best way to link existing Person domain with external CRM entity?

    Read the article

  • how can I reliably check that requests to my service file have come from my website?

    - by woot586
    I have a service.php class that I use to service AJAX calls from my website. To prevent other people accessing the service using PHP CURL I would normally check the request has come from mysite, and if they are not then just redirect to my home page e.g. if($_SERVER['HTTP_REFERER'] != "http://www.mysite.com"){ header('location: http://www.mysite.com'); exit; } I read in the PHP holy bible: http://www.php.net/manual/en/reserved.variables.server.php that "Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted." So if this method is not reliable, my question is how can I reliably check that requests to my service file have come from my website? Thanks for any help you can provide!

    Read the article

  • How does Contract.Exists add value?

    - by Scott Bilas
    I am just starting to learn about the code contracts library that comes standard with VS2010. One thing I am running into right away is what some of the contract clauses really mean. For example, how are these two statements different? Contract.Requires(!mycollection.Any(a => a.ID == newID)); Contract.Requires(!Contract.Exists(mycollection, a => a.ID == newID)); In other words, what does Contract.Exists do in practical purposes, either for a developer using my function, or for the static code analysis system?

    Read the article

  • C struct print, decode this code?

    - by pauliwago
    I am in the process of studying for a test, and I'm trying to work through some practice problems. I've been working on this a while now..but can't figure it out. Please take a look at the code fragment: union { int i; short x; unsigned short u; float f; } testout; testout.i=0xC0208000; Before I ask the question, can someone please explain to me how the above code works?? My guess is that testout.i=0xC0208000 puts either an int, short, unsigned short, or float and puts the result in that address. (?) The question is what prints out if we write printf("%d", testout.x)? I know we should expect digits....but I have no idea where they are getting the digits from....there is no output. Any explanation would be greatly appreciated. Thanks!

    Read the article

  • j_security_check to SSO in different module under Oracle App Server?

    - by thebearinboulder
    I have an existing j2ee application running on Oracle App Server. It is targeted towards paying customers so the content is secured and a SSO module properly intercepts all requests for secured content. Now the company is adding a unbranded public-facing module with a number of unsecured pages. At one point the user is expected to register for a free account and log in to proceed further. Think doctors adding a public-facing site with information for potential patients, or lawyers adding a public-facing site with information for potential clients. There's some information on the session and the usual approach would be to authenticate the user, persist the session information using the now-known user id, invalidate the existing session (to prevent certain types of attacks), the reload the session information before returning to the user. I can't just persist it under the session id since that's about to change. The glitch is that the existing application already has an SSO module and I get a 404 error every time I try to direct to j_security_check. I've tried that, /sso/j_security_check, even http://localhost/sso/j_security_check, all without success. I noticed that an earlier question said that tomcat requires access to a secured page before j_security_check is even visible. I don't know if that's the case with Oracle AS. Ideas? Or is the best approach to continue arguing that we have a different user base so it would be better to handle authentication in our own module anyway?

    Read the article

  • mysql to xls sheet genration problemI(getting html code along with records ,unable get column names)

    - by pmms
    <?php if($_POST['Submit']=='Generatexml') { $tblname=$_GET['genratexml']; //mysql_connect("localhost","root",""); //mysql_select_db("hitnrunf_db"); global $obj_mysql; $result = mysql_query("SELECT * FROM tbl_js_login"); while($row = mysql_fetch_array($result)) { $csv_output .= "$row[fld_id],$row[fld_fname],$row[fld_lname]"; $csv_output .="\015\012"; } header("Content-type: application/vnd.ms-excel"); header("Content-disposition: csv; filename= Student_Data_". date("Y-m-d") . ".csv"); print $csv_output; exit; } include_once $path."includes/jobseeker_form.php"; ?> In the above we are getting html code along wtih id, firstname, lastname columns. we are unable to get the heading of the columns also How to remove Html code from xls file also need to get headers

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 320 321 322 323 324 325 326 327 328 329 330 331  | Next Page >