Search Results

Search found 18450 results on 738 pages for 'website attacks'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 339/738 | < Previous Page | 335 336 337 338 339 340 341 342 343 344 345 346  | Next Page >

  • Google Analytics API Authentication Speedup

    - by Paulo
    I'm using a Google Analytics API Class in PHP made by Doug Tan to retrieve Analytics data from a specific profile. Check the url here: http://code.google.com/intl/nl/apis/analytics/docs/gdata/gdataArticlesCode.html When you create a new instance of the class you can add the profile id, your google account + password, a daterange and whatever dimensions and metrics you want to pick up from analytics. For example i want to see how many people visited my website from different country's in 2009. //make a new instance from the class $ga = new GoogleAnalytics($email,$password); //website profile example id $ga->setProfile('ga:4329539'); //date range $ga->setDateRange('2010-02-01','2010-03-08'); //array to receive data from metrics and dimensions $array = $ga->getReport( array('dimensions'=>('ga:country'), 'metrics'=>('ga:visits'), 'sort'=>'-ga:visits' ) ); Now you know how this API class works, i'd like to adress my problem. Speed. It takes alot of time to retrieve multiple types of data from the analytics database, especially if you're building different arrays with different metrics/dimensions. How can i speed up this process? Is it possible to store all the possible data in a cache so i am able to retrieve the data without loading it over and over again?

    Read the article

  • Intern working for Indian NGO - Help with PHP 4, advising staff

    - by Kevin Burke
    Hello, For the past three months I've been working for an Indian NGO (http://sevamandir.org), doing some volunteer work in the field but also trying to improve their website, which needs a ton of work. Recently I've been trying to fix the "subscribe to newsletter" button, which is broken. I used filter_var to filter the email input, but when I tried to test this out I got an error. Then I learned that the web host is still using php version 4.3.2 and register_globals is turned on. I've mentioned that they should upgrade their web host before (they are paying around $50 per year for Rediff Web Hosting, complete with 100MB storage and 1 MySQL database). That would add a lot of complexity for the IT staff of 3, who would have to update everyone's email information (I assume? this is a 250-person organization), and have me find a new web host and teach them about it. The staff isn't that sophisticated about web usage - the head guy still uses IE6, and the website's laid out in tables (they use Dreamweaver WYSIWYG to lay out pages). So I've got two options - use regular expressions to filter the email, which I'm not that skilled at doing (and would be more vulnerable to exploitation after I leave), turn off register globals and then try to teach the staff what I'm doing, or try to get them to upgrade their versions of PHP and MySQL and/or change web host. I'd appreciate some advice. Thanks for your help, Kevin

    Read the article

  • How do I extract HTML content using Regex in PHP

    - by gAMBOOKa
    I know, i know... regex is not the best way to extract HTML text. But I need to extract article text from a lot of pages, I can store regexes in the database for each website. I'm not sure how XML parsers would work with multiple websites. You'd need a separate function for each website. In any case, I don't know much about regexes, so bear with me. I've got an HTML page in a format similar to this <html> <head>...</head> <body> <div class=nav>...</div><p id="someshit" /> <div class=body>....</div> <div class=footer>...</div> </body> I need to extract the contents of the body class container. I tried this. $pattern = "/<div class=\"body\">\(.*?\)<\/div>/sui" $text = $htmlPageAsIs; if (preg_match($pattern, $text, $matches)) echo "MATCHED!"; else echo "Sorry gambooka, but your text is in another castle."; What am I doing wrong? My text ends up in another castle.

    Read the article

  • MacBook Pro - Aquamacs - spell check

    - by peggy Li
    I have tried to use spell check for aquamac. I highlighted a region of the text. Then clicked Edit, then spell check region. I got the error message: Error : No word lists can be found for the language "en_US". Then I went to the website to download the following dictionaries: CocoAspell : I just clicked the download button. It was reported that the download was successful. However, when I tested it and highlighted a text region and clicked spell check. The same error message came out. Do I need to pull the downloaded .pkg to a certain place, such as the application folder, before I opened the .pkg? Or what else do I need to do make it work? I also downloaded the base package Aspell (for Intel) and the pre-built dictionaries as (as the instruction of the website), just the same way as point 1. I still got the same error message. Again, Do I need to pull the downloaded .pkg to a certain place, such as the application folder, before I opened the .pkg? Or what else do I need to do make it work? I would be greatly appreciated if someone could give me some help? Peggy Li

    Read the article

  • Transaction Isolation Level of Serializable not working for me

    - by Shahriar
    I have a website which is used by all branches of a store and what it does is that it records customer purchases into a table called myTransactions.myTransactions table has a column named SerialNumber.For each purchase i create a record in the transactions table and assign a serial to it.The stored procedure that does this calls a UDF function to get a new serialNumber before inserting the record.Like below : Create Procedure mytransaction_Insert as begin insert into myTransactions(column1,column2,column3,...SerialNumber) values( Value1 ,Value2,Value3,...., getTransactionNSerialNumber()) end Create function getTransactionNSerialNumber as begin RETURN isnull(SELECT TOP (1) SerialNumber FROM myTransactions READUNCOMMITTED ORDER BY SerialNumber DESC),0) + 1 end The website is being used by so many users in different stores at the same time and it is creating many duplicate serialNumbers(same SerialNumbers).So i added a Sql transaction with ReadCommitted level to the transaction and i still got duplicate transaction numbers.I changed it to SERIALIZABLE in order to lock the resources and i not only got duplicate transaction numbers(!!HOW!!) but i also got sporadic deadlocks between the same stored procedure calls.This is what i tried : (With ommissions of try catch blocks and rollbacks) Create Procedure mytransaction_Insert as begin SET TRANSACTION ISOLATION LEVEL SERIALIZABLE BEGIN TRASNACTION ins insert into myTransactions(column1,column2,column3,...SerialNumber) values( Value1 ,Value2 , Value3, ...., getTransactionNSerialNumber()) COMMIT TRANSACTION ins SET TRANSACTION ISOLATION READCOMMITTED end I even copied the function that gets the serial number directly into the stored procedure instead of the UDF function call and still got duplicate serialNumbers.So,How can a stored procedure line create something Like the c# lock() {} block. By the way,i have to implement the transaction serial number using the same pattern and i can't change the serialNumber to any other identity field or whatever.And for some reasons i need to generate the serialNumber inside the databse and i can't move SerialNumber generation to application level. Thank you.

    Read the article

  • ASP.NET Authentication Cookie timout and IIS 7 setting

    - by David Laplante
    Hello, I have an ASP.NET website for which i've set the authetication timeout to 60 days so that my users don't have to log in each time they come back if they checked the "remember me" option. Basic ASP.NET login mechanism... It's working fine on my developpement server as well as on the visual studio built-in web server. I can close the browser, wait around 30-40 minutes and browse back to the site and be automatically logged in. However, I've not moved the site to a hosting provider and it seems that whatever I do to my Web.config file, the cookie expires after around 30 minutes (hard to tell the exact amount of time). I have asked the provider's help support and they basically told me: "Web.config file is to configure your website. Please do not change it if you don't know what you are doing" Frustrating answer indeed... To be sure, I checked everywhere on the net for exceptions, fine prints, in the basic asp.net authentication but found none. I have access to IIS remote management for my site (IIS 7) but don't really know where to look. Can there be something in the IIS setting that is overriding my web.config authentication setting? What should I do... Thanks for you help!

    Read the article

  • Headless, scriptable Firefox/Webkit on linux?

    - by Parand
    I'm looking to automate some web interactions, namely periodic download of files from a secure website. This basically involves entering my username/password and navigating to the appropriate URL. I tried simple scripting in Python, followed by more sophisticated scripting, only to discover this particular website is using some obnoxious javascript and flash based mechanism for login, rendering my methods useless. I then tried HTMLUnit, but that doesn't seem to want to work either. I suspect use of Flash is the issue. I don't really want to think about it any more, so I'm leaning towards scripting an actual browser to log in and grab the file I need. Requirements are: Run on linux server (ie. no X running). If I really need to have X I can make that happen, but I won't be happy. Be reliable. I want to start this thing and never think about it again. Be scriptable. Nothing too sophisticated, but I should be able to tell the browser the various steps to take and pages to visit. Are there any good toolkits for a headless, X-less scriptable browser? Have you tried something like this and if so do you have any words of wisdom?

    Read the article

  • Using MD5 to generate an encryption key from password?

    - by Charles
    I'm writing a simple program for file encryption. Mostly as an academic exercise but possibly for future serious use. All of the heavy lifting is done with third-party libraries, but putting the pieces together in a secure manner is still quite a challenge for the non-cryptographer. Basically, I've got just about everything working the way I think it should. I'm using 128-bit AES for the encryption with a 128-bit key length. I want users to be able to enter in variable-length passwords, so I decided to hash the password with MD5 and then use the hash as the key. I figured this was acceptable--the key is always supposed to be a secret, so there's no reason to worry about collision attacks. Now that I've implemented this, I ran across a couple articles indicating that this is a bad idea. My question is: why? If a good password is chosen, the cipher is supposed to be strong enough on its own to never reveal the key except via an extraordinary (read: currently infeasible) brute-force effort, right? Should I be using something like PBKDF2 to generate the key or is that just overkill for all but the most extreme cryptographic applications?

    Read the article

  • Using jQuery to parse an RSS feed, having trouble in firefox and chrome.

    - by sjmarshy
    I used a jQuery library called jFeed to parse and display my blogs rss feed on my personal website. It worked perfectly well at first, but upon checking later it simply displays nothing, except in Internet Explorer, where it seems to work fine. After checking the javascript console using Firebug in Firefox, it shows an error in the 'XML' tab as follows: XML Parsing Error: no element found Location: moz-nullprincipal:{3f8a0c62-32b4-4f63-b69c- 9ef402b40b64} Line Number 1, Column 1: ^ Though I have no idea what to do with this information. Here is the code I used to get the rss feed and display it (it is almost exactly the same as the example provided by the jFeed website): jQuery.getFeed({ url: 'http://sammarshalldesign.co.uk/blog/wordpress/?feed=rss2', success: function(feed) { var html = ''; for(var i = 0; i < feed.items.length && i < 5; i++) { var item = feed.items[i]; html += '<h3>' + '<a href="' + item.link + '">' + item.title + '</a>' + '</h3>'; html += '<div>' + item.description + '</div>'; }//end for jQuery('#feed').append(html); }//end feed function });//end getfeed Any help would be really appreciated.

    Read the article

  • embedded php in html to include header (top part of page) into the page

    - by Andy
    Hi there, I'm trying to put the top of my page (which is all html) in a seperate file so I only need to change things once like the menu bar etc. So I googled some and found a solution on this website as well, but it doesn't work and I don't know why. So I have a page like article.html and on the top I have this: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html lang="en"> <head> <?php include("/pages/header.php"); ?> <!-- rest of the html code --> In the header.php I have the html that should be on the top of each page and it starts with: <?php /** * @author name * website header */ ?> <!-- html code --> So what's wrong with this. When I open the page article.html and right click on it to view the source, I can see the php from above calling the header.php file. Thanks!

    Read the article

  • getting the list of all functions executed like call stack in asp.net

    - by sridhar
    Hi, I am having trouble with debugging one of the problems that I am having in our website. This is the problem. I have a webpage that contains the photo of an employee and information related to the employee. When the user logins to our website, we are storing the details of the employee in session. I am setting the image url for the photo of an employee as follows. imgEEPhoto.ImageUrl = imgPhoto.aspx?Company=XXXX&Empno=YYYY. Inside the page imgPhoto.aspx, I am checking if the session is alive for that user. when I login to the page that has the employee photo sometimes the photo is not displayed. It is because I am checking whether the session is alive inside the imgPhoto.aspx page. sometimes the session is alive and sometimes the session is not alive. It looks like there is some function that is setting the session to null asynchronously. I am not knowing how to track that function. so I am thinking that inside the imgPhoto.aspx page, if I can get the list of all functions that have been executed so far, I could track the function that is resetting the session. Is there a way to find this? If there is no another way to debug this problem, please let me know. Thanks, sridhar.

    Read the article

  • Javascript won't execute in iPhone Safari

    - by Stuart Meyer
    I'm running into this issue only because I recently purchased an iPhone. The javascript for a picture carousel on my website (http://www.stuartmeyerphotography.com) won't execute in Safari for iPhone. I thought it worked on Mac Safari last I checked with a friend who had a Mac (a year ago), but now I need to go back and check that too to make sure it works on the Mac. "View source" on my website would show the entire html page, but I've pulled the code from the body section to show here: carousel({id:'Photos', border:'', size_mode:'image', width:120, height:120, sides:8, steps:75, speed:4, direction:'left', images:['mainthumbs/babiesthumb.jpg','mainthumbs/engagementsthumb.jpg','mainthumbs/dancethumb1.jpg','mainthumbs/artistthumb.jpg','mainthumbs/portraitsthumb1.jpg','mainthumbs/seniorsthumb1.jpg','mainthumbs/wedthumb1.jpg'], links:['babies/babies.html','engagements/engagemainshow/engagementpictures.html','dance/dancepictures.html','artists/artists.html','portraits/portraits.html','seniors/highschoolseniors.html','weddings/weddings.html'], lnk_base:'', lnk_targets:['_iframe1', '_iframe1', '_iframe1', '_iframe1', '_iframe1', '_iframe1', '_iframe1' ], lnk_attr:['width=200,height=300,top=200,menubar=yes', 'width=300,height=200,left=400,scrollbars=yes', 'width=150,height=250,left=200,top=100', ''], titles:['Babies', 'Engagements', 'Dance', 'Artists', 'Portraits', 'HS Seniors', 'Weddings'], image_border_width:1, image_border_color:'#E3F0A1' });   </div> Any thoughts? -Stuart

    Read the article

  • Javascript and webshop tracking/affiliate across websites, how to do?

    - by H4mm3rHead
    Hi, I have a small front end to a webshop. All customers that go through my website and buy an item from the webshop I get back 5% of the amount. I need to find a way af tracking the customers i forward from my webshop to the other webshop. And then get the webshop to reply to me when the purchase has been made. In my webshop i have made a small page: collect.aspx that requests and saves the values passed in the querystring, something like this pseudo code: string orderid = Request["orderid"]; string amount = Request["amount"]; ..save to database On the webshop i forward customers to i get to insert a javascript on the last page in the purchase flow. I have tried a lot of things but it seems that the only thing that works is to fool the browser into thinking im referring a javascript, like this: <script type="text/javascript" src="http://domain.com/mypage.aspx?orderid=4&amount=45/> I saw how other trackers did their bit, and this seems to be the general way of doing it. With this script however, i get all the orders, i only want to log those that belong tome, those who entered through my website. Here is my big problem, how to do this? I added a cookie when the user opens my page, and i want to check for this cookie again when the purchase page make the callback. It weems that i cant get the cookie from the browser when it makes the "" call. This is really buggin me now. Could anyone please tell me how this is generally done, this tracking. And what am i missing in regards to this cookie thing? All ideas on how to do this is very welcome.

    Read the article

  • Possible to recover mysql root pass with sudo server access?

    - by jonathonmorgan
    I've inherited development for a website on vps hosting, and have login info for a user with sudo privileges, but don't have the password for the mysql root user. After digging around a little, it looks like the only way to fix this is to stop mysql (something like this: http://waoewaoe.wordpress.com/2010/02/03/recover-reset-mysql-root-password/). But because the website it's serving is currently in production, I'm hoping you guys can enlighten me to any potential consequences (or let me know if there's typically a file where the password would be accessible). a) during the time mysql is stopped, information in the database won't be accessible, right -- even by other users? b) will resetting the root password have any impact on other users after mysql has restarted? Will their username/passwords still be valid? The current application is using an account with limited privileges to read/write to the database, and while 5min downtime in the middle of the night would probably go unnoticed, half a day while I tie up loose ends/figure out what I screwed up will land in me hot water. Thanks in advance for your help!

    Read the article

  • trackPageView on Google Analytics for iPhone Not Working

    - by DigitalZombieKid
    I'm trying to get Google Analytics working on an iPhone application without much luck. I've followed all the instructions on their website (google/apis/analytics/docs/tracking/mobileAppsTracking.html) and studied their sample application (google/gaformobileapps/GoogleAnalyticsIphone_0.7.tar.gz). When I run my application and go to Google Analytics' website (https://www.google.com/analytics/reporting/), the only page that is recording is /app_entry_point. I'm seeing one count in my Google Analytics detailed report once every time my app fires up. However, I have added other pages to be tracked but it's not working. Here is a sample of two pages I've added to be tracked: trackPageview:@"/calculator"; trackPageview:@"/tellafriend"; I call them from various ViewControllers in the app. In each of those view controllers I import the the GANTracker header: #import "GANTracker.h" I'll admit it: I'm an objective-c newbie. Any help you can offer is greatly appreciated! Do I need to physically dispatch them to get the trackPageview working? If so, why is the /app_entry_point page the only page that is recorded by Google Analytics?

    Read the article

  • session regeneration in tomcat ?

    - by shrini1000
    Hi, I am using Spring security to secure my Java web application which is deployed in tomcat. I found out that it is vulnerable to session fixation attacks because tomcat does not create a new session upon successful log in. On debugging some more, here's what I found. For the following code (which is supposed to create a new session - pl. note, it's just a snippet and not full code): HttpSession session = request.getSession(false); session.invalidate(); session = request.getSession(true); // we now have a new session I thought a new session will be created, but tomcat simply uses the same session that got invalidated and hence the session id does not change. I searched online and found a solution which uses a 'valve' - http://marvinsmutterings.blogspot.com/2010/02/fixing-session-fixation-in-liferay-on.html but could not get it to work because it's looking for a jboss logging class and when I add it to lib, I get a reflection exception and the server doesn't start up. I'm using tomcat 5.5.28. Will be glad to have any pointers. Pl. let me know if you need more details, since I don't want to make this post too long. Sincere thanks!

    Read the article

  • What is your workflow when designing HTML/CSS layouts?

    - by DMin
    I have been working with PHP/MySQL as a hobby for close to a couple of years now, I have been working with photoshop for a very long time, I know CSS & HTML well enough to write without any reference, so, I would not consider myself someone who's very new at this. I have recently started developing websites professionally - (only person working on the project). I have seen the power of Joomla and how you can make a website ready for your customer in a matter of hours(if not minutes). I find it very hard to make layouts that remotely look like the themes on joomla. I find making even simple layouts a very cumbersome process and takes a lot of time to get a good enough output. I have a feeling I may not be using the right tools or workflow for the job. What I wanted to findout was, as part of the industry : How do, you, make your website when you do it from scratch? What are the tools that you use? What is your workflow? Just noted a few things I know already, for your reference(You can skip this if you like) I have seen the export for web for Photoshop that exports CSS - but (as far as I know) exports only absolutely positioned webpages so they need to be beaten and fixed if you want to use them for example for joomla. I have used the SiteGrinder plugin for Photoshop that exports HTML/CSS. It looks promising but haven't tried it extensively. One of the tools that save loads of time is FireBug. This makes it easy to edit html and css on the fly and get the page looking exactly as you want it. Recently stumbled upon fireworks. But haven't explored it much. Thanks! :)

    Read the article

  • Problem sending email with Codeigniter - Headers sent in the message body

    - by Brian
    Having a strange issue with the email class in codeigniter. When I send email directly to my gmail account email address, it works fine. However if I send email to a different email address and use POP3 to import that email address into gmail, then for some reason all the headers are included in the message. Here's the code for sending the email: $this->email->clear(); $config['mailtype'] = "html"; $this->email->initialize($config); $this->email->set_newline("\r\n"); $this->email->from('[email protected]', 'Website'); $this->email->to('[email protected]'); $this->email->message($message); Here's what arrives in my inbox when the email is sent to an account which is imported into gmail via POP3: Date: Fri, 7 Jan 2011 15:07:04 +0000 From: "Website" <[email protected]> Reply-To: "[email protected]" <[email protected]> X-Sender: [email protected] X-Mailer: CodeIgniter X-Priority: 3 (Normal) Message-ID: <[email protected]> Mime-Version: 1.0 Content-Type: multipart/alternative; boundary="B_ALT_4d272c1835c46" This is a multi-part message in MIME format. Your email application may not support this format. --B_ALT_4d272c1835c46 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit this is the email message content --B_ALT_4d272c1835c46 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable <html> <body> <p>this is the email message content </p> </body> </html> --B_ALT_4d272c1835c46--

    Read the article

  • How do I show information to users belonging to different groups (web) in modx

    - by Gaurav Sharma
    Hello Everyone, I have created a website using modx evolution v1.0.2. The website that I have developed has 12 different types of users (categorized in groups). Each user will be shown a different price depending on the group to which he belongs. Till now I have been able to fetch the group name of current logged in user (created a snippet for that), but how can I achieve the above mentioned functionality so that each user should be able to see only the price that I have coded according to his group. For example: If a user is associated with the 'ocassional' group then he should be shown the price as , say, 50 bucks and if a user is associated with the 'regular' group then he should be shown the price as, say, 40 bucks I can easily do this by coding a single snippet for every product's variant, but there are a lot of variants (more than 100 and growing). I have created a resource(page) for every product and it's variant. Every variant has a price. It is this price that I want to be shown according to the logged in user group membership. I hope I am able to explain my query clearly. Please help me do this functionality. Thanks

    Read the article

  • PHP Switch and Login

    - by Steve Rivera
    I'm fairly new with PHP and I am messing around with a login/registration system. I setup my sample website using a PHP-SWITCH script I found a while back: <?php switch($_GET['id']) { default: include('home.php'); /* LOGIN PAGES */ break; case "register_form": include ('includes/user_system/register_form.php'); } ? On the registration page the form links to my "register.php" which checks the validity of the form and to check for any blank fields and so on. "register.php" is supposed to refresh the page and add a reason to what the user did wrong when submitting the form. On my "register_form.php" page, which holds the actual form. This field is hidden until the user makes a mistake. <?php if (isset($reg_error)) { ?> , please try again. My "register.php" checks the form for all the errors. Here's the bit of code that will refresh the page with the reason for the error: // Check if any of the fields are missing if (empty($_POST['username']) || empty($_POST['password']) || empty($_POST['confirmpass'])) { // Reshow the form with an error $reg_error = 'One or more fields missing'; include 'register_form.php'; Now after I submit the form without any fields filled out I get the error code, but it refreshes to the actual "register_form.php". The problem with this is that because of my PHP-SWITCH script (helps me manage the site a lot easier) I don't have any formatting on that page. The actual URL to my "register_form.php" would be: "index.php?id=register_form.php". Now I have tried several different things such as changing it to: include 'index.php?id=register_form.php' And also changing it to: header(location:index.php?id=register_form.php') Unfortunately all this does is refresh the page without the reason for the error. I know this can be easily solved by just adding a Javascript Validator but I'd like to know if it is possible to refresh the page with the error using either "include" or "header()" while having a PHP-SWITCH script on the website.

    Read the article

  • Creating an Admin directory in Rails

    - by matsko
    I've been developing the CMS backend for a website for a few weeks now. The idea is to craft everything in the backend first so that it can manage the database and information that will be displayed on the main website. As of now, I currently have all my code setup in the normal rails MVC structure. So the users admin is /users and videos is /videos. My plans are to take the code for this and move it to a /admin directory. So the two controllers above would need to be accessed by /admin/users and /admin/videos. I'm not sure how todo the ruote (adding the /admin as a prefix) nor am I sure about how to manage the logic. What I'm thinking of doing is setting up an additional 'middle' controller that somehow gets nested between the ApplicationControler and the targetted controller when the /admin directory is accessed. This way, any additional flags and overloaded methods can be spawned for the /admin section only (I believe I could use a filter too for this). If that were to work, then the next issue would be separating the views logic (but that would just be renaming folders and so on). Either I do it that way or I have two rails instances that share the MVC code between them (and I guess the database too), but I fear that would cause lots of duplication errors. Any ideas as to how I should go about doing this? Many thanks!

    Read the article

  • When *not* to use prepared statements?

    - by Ben Blank
    I'm re-engineering a PHP-driven web site which uses a minimal database. The original version used "pseudo-prepared-statements" (PHP functions which did quoting and parameter replacement) to prevent injection attacks and to separate database logic from page logic. It seemed natural to replace these ad-hoc functions with an object which uses PDO and real prepared statements, but after doing my reading on them, I'm not so sure. PDO still seems like a great idea, but one of the primary selling points of prepared statements is being able to reuse them… which I never will. Here's my setup: The statements are all trivially simple. Most are in the form SELECT foo,bar FROM baz WHERE quux = ? ORDER BY bar LIMIT 1. The most complex statement in the lot is simply three such selects joined together with UNION ALLs. Each page hit executes at most one statement and executes it only once. I'm in a hosted environment and therefore leery of slamming their servers by doing any "stress tests" personally. Given that using prepared statements will, at minimum, double the number of database round-trips I'm making, am I better off avoiding them? Can I use PDO::MYSQL_ATTR_DIRECT_QUERY to avoid the overhead of multiple database trips while retaining the benefit of parametrization and injection defense? Or do the binary calls used by the prepared statement API perform well enough compared to executing non-prepared queries that I shouldn't worry about it? EDIT: Thanks for all the good advice, folks. This is one where I wish I could mark more than one answer as "accepted" — lots of different perspectives. Ultimately, though, I have to give rick his due… without his answer I would have blissfully gone off and done the completely Wrong Thing even after following everyone's advice. :-) Emulated prepared statements it is!

    Read the article

  • Understanding CSRF - Simple Question

    - by byronh
    I know this might make me seem like an idiot, I've read everything there is to read about CSRF and I still don't understand how using a 'challenge token' would add any sort of prevention. Please help me clarify the basic concept, none of the articles and posts here on SO I read seemed to really explicitly state what value you're comparing with what. From OWASP: In general, developers need only generate this token once for the current session. After initial generation of this token, the value is stored in the session and is utilized for each subsequent request until the session expires. If I understand the process correctly, this is what happens. I log in at http://example.com and a session/cookie is created containing this random token. Then, every form includes a hidden input also containing this random value from the session which is compared with the session/cookie upon form submission. But what does that accomplish? Aren't you just taking session data, putting it in the page, and then comparing it with the exact same session data? Seems like circular reasoning. These articles keep talking about following the "same-origin policy" but that makes no sense, because all CSRF attacks ARE of the same origin as the user, just tricking the user into doing actions he/she didn't intend. Is there any alternative other than appending the token to every single URL as a query string? Seems very ugly and impractical, and makes bookmarking harder for the user.

    Read the article

  • IIS SMTP server (Installed on local server) in parallel to Google Apps

    - by sharru
    I am currently using free version of Google Apps for hosting my email.It works great for my official mails my email on Google is [email protected]. In addition I'm sending out high volume mails (registrations, forgotten passwords, newsletters etc) from the website (www.mydomain.com) using IIS SMTP installed on my windows machine. These emails are sent from [email protected] My problem is that when I send email from the website using IIS SMTP to a mail address [email protected] I don’t receive the email to Google apps. (I only receive these emails if I install a pop service on the server with the [email protected] email box). It seems that the IIS SMTP is ignoring the domain MX records and just delivers these emails to my local server. Here are my DNS records for domain.com: mydomain.com A 82.80.200.20 3600s mydomain.com TXT v=spf1 ip4: 82.80.200.20 a mx ptr include:aspmx.googlemail.com ~all mydomain.com MX preference: 10 exchange: aspmx2.googlemail.com 3600s mydomain.com MX preference: 10 exchange: aspmx3.googlemail.com 3600s mydomain.com MX preference: 10 exchange: aspmx4.googlemail.com 3600s mydomain.com MX preference: 10 exchange: aspmx5.googlemail.com 3600s mydomain.com MX preference: 1 exchange: aspmx.l.google.com 3600s mydomain.com MX preference: 5 exchange: alt1.aspmx.l.google.com 3600s mydomain.com MX preference: 5 exchange: alt2.aspmx.l.google.com 3600s Please help! Thanks.

    Read the article

  • ASP.NET webservice API security.

    - by Tejaswi Yerukalapudi
    Hi, I have an iPhone app accessing an ASP.NET Webservice for data. Since I'm building both the ASP.NET end and the iPhone part of the app, and we'll shortly be publishing it in the Appstore, I'd like to know what security checks I need to make. The basic flow of the program (without divulging too much info about it) is as follows - . Login (Enter Username, pass on the app) . Primary screen where the data is loaded from a webservice and presented . And post data back after a few updates by the user I'm using POST to send the data to the Webservice via HTTPS. I'm sanitizing the inputs, checking for length of the inputs, but that's the limit of my knowledge as far as security goes. Any other tips are greatly appreciated! Edit: I should probably add that our service needs to be subscribed to separately and the iPhone component of it cannot be used alone. So the average user will not have login credentials. And the app itself has healthcare data in it, so I'd rather not have anyone trying attacks from my login page. Thanks, Teja.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 335 336 337 338 339 340 341 342 343 344 345 346  | Next Page >