Search Results

Search found 18715 results on 749 pages for 'website attack'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 353/749 | < Previous Page | 349 350 351 352 353 354 355 356 357 358 359 360  | Next Page >

  • Open txt files from a directory, compare the values, and output the top 15 in PHP

    - by Anon
    Hello, I recently designed a referral game website for the fun of it. There's a simple MySQL user system with a email verification. It's using the UserCake user management system. On top of this i added a php page that the user could give to "victims" that when they visit it they get "infected" and can infect other users or "victims". This page uses GET to get the username from the url. I have a folder that when a user registers it creates a file with 4 digits and then the username. (ex; 0000Username.txt) All the numbers are the same, it's just so that if a user discovers the folder they won't be able to find the files. There is also a txt file in the same format with IPS in the name. (ex; 0000IPSUsername.txt) The file when visited gets the username from the url, then checks if the text file for that username exists. If the username is present in the url, and a valid user it opens the IPS file and adds the IP of the visitor, then opens the user text file, takes the value and adds one to it, and saves. At the end it makes the difference between saying "You are infected, Username has infected (amount) people." or just you have been infected. Now to what i need! I need to add a hi-scores to the website so people can compete to be the one with the most "infections". I thought i could use readdir to get a list of the files and open them with the value in an array, but i need it to also strip the username from the file name. It would be best if it just saves to a text file like "Username | value" because then i can add echo's of the html tags and have it include the file in the page i want it to be one. Many thanks in advance.

    Read the article

  • Best practices for encrypting continuous/small UDP data

    - by temp
    Hello everyone, I am having an application where I have to send several small data per second through the network using UDP. The application need to send the data in real-time (no waiting). I want to encrypt these data and insure that what I am doing is as secure as possible. Since I am using UDP, there is no way to use SSL/TLS, so I have to encrypt each packet alone since the protocol is connectionless/unreliable/unregulated. Right now, I am using a 128-bit key derived from a passphrase from the user, and AES in CBC mode (PBE using AES-CBC). I decided to use a random salt with the passphrase to derive the 128-bit key (prevent dictionary attack on the passphrase), and of course use IVs (to prevent statistical analysis for packets). However I am concerned about few things: Each packet contains small amount of data (like a couple of integer values per packet) which will make the encrypted packets vulnerable to known-plaintext attacks (which will result in making it easier to crack the key). Also, since the encryption key is derived from a passphrase, this will make the key space way less (I know the salt will help, but I have to send the salt through the network once and anyone can get it). Given these two things, anyone can sniff and store the sent data, and try to crack the key. Although this process might take some time, once the key is cracked all the stored data will be decrypted, which will be a real problem for my application. So my question is, what is the best practices for sending/encrypting continuous small data using a connectionless protocol (UDP)? Is my way the best way to do it? ...flowed? ...Overkill? ... Please note that I am not asking for a 100% secure solution, as there is no such thing. Cheers

    Read the article

  • Adjust width of td to make make row widths even

    - by user1729886
    I am trying to produce a table with a different number of cells in each row. The first row is a header row (every other row contains cells). This header is the width of the table. The second row has 2 cells in it... the third has 1 cell... the fourth has 4 cells... the fifth and final row has 3 cells. I want the table set up so that the rows span the full width of the table. If the table is 1000px... The header would be 1000px wide the cells in the 2nd row would be 500px EACH the cell in the 3rd row would be 1000px the cells in the 4th row would be 250px EACH and the cells in the 5th row would be 333px, 334px, and 333px each (left-to-right) I figured out I could use colspan for the first 4 rows, but the 5th (with 3 cells) would require a non-integer value. The cells in the 5th row won't expand beyond their column without colspan that I can tell... trying the width:## CSS code inside a div tag for each cell inside the td tag creating a class or classes that define the cell widths id-ing each cell, with or without a div tag, and defining widths individually and adjuting the table-layout: option After several days, I'm now at my rope's end. The only thing I can come up with is deliberately tripling the number of cells in each row so that colspan would be all integer values. That sounds inconvenient and unreasonably difficult to format the table the way I'd like. It's a table of Batman movies for a website -- a practice website I'm building, in order to learn HTML/CSS. I've been working on-and-off with HTML for several months, and CSS for a few weeks. PS: It is not being used for layout, I am simply trying to adjust the layout of the table itself.

    Read the article

  • Why are Facebook Likes Insisting on using Wrong Product Image...?

    - by Joan Kent
    Firstly, I'm not a web developer so please be patient. I have read the other posts but I think i have everything covered. My website http://www.joaniesgifts.co.uk includes the like button on the product pages. However, I've found that certain product pages are using the incorrect image when a user likes the page. For example - http://www.joaniesgifts.co.uk/terramundi-money-pots/terramundi-money-pot-holiday-fund I think this may have been down to an original incorrect setup which is now corrected. However, the problem remains... The only thing I have to go on :- if i use the facebook url linter (developers.facebook.com/tools/debug) on the above product page, I receive the following error :- Object at URL 'http://www.joaniesgifts.co.uk/terramundi-money-pot-holiday-fund' of type '213689662010141:product' is invalid because the domain 'www.joaniesgifts.co.uk' is not allowed for the application id '213689662010141' which owns the specified object type. If you are the owner of this application, you can verify your configured 'Site Domain' at developers.facebook.com/apps/213689662010141. (I have verified my site's domain) Everything else appears fine except it is also showing the wrong image!! However, under Raw Open Graph Document Information it has the correct link! If I then click graph api - graph.facebook.com/10150450766583352 it again shows the wrong image was linked! I've no idea what else to do - can you help me? Kind Regards, Joan PS Graph API shows the incorrect image after a scrape only minutes ago { "url": "http://www.joaniesgifts.co.uk/terramundi-money-pot-holiday-fund", "type": "website", "title": "Terramundi Money Pot - Holiday Fund", "image": [ { "url": "http://www.joaniesgifts.co.uk/index.php?route=product\u00252Fproduct\u00252Fcaptcha" } ], "updated_time": "2011-11-11T18:54:38+0000", "id": "10150450766583352" }

    Read the article

  • iPhone Development - calling external JSON API (will Apple reject?)

    - by RPM1984
    Ok guys, so im new to iPhone development, so apologies if this is a silly question, but before i actually create my app i want to know if this is possible, and if Apple will reject this. (Note this is all theoretical) So i'd have a API (.NET) that runs on a cloud server somewhere and can return HTML/JSON/XML. I'll have a website that can access this API and allow customers to do some stuff (but this is not important for this question). I would then like my iPhone app to make a call to this API which would return JSON data. So my iPhone app might make a call to http://myapp/Foos which would return a JSON string of Foo objects. The iPhone app would then parse this JSON and do some funky stuff with it. So, that's the background, now the questions: Is this possible? (that is, call an external cloud API over HTTP, parse JSON response?) What are the chances of Apple rejecting this application (because it would be calling a non-Apple API) Are there any limitations (security, libraries, etc) on the iPhone/Objective-C/Cocoa that might hinder this solution? On this website, they seem to be doing exactly what im asking. Thoughts, suggestions, links would be greatly appreciated...

    Read the article

  • Best Practice: Protecting Personally Identifiable Data in a ASP.NET / SQL Server 2008 Environment

    - by William
    Thanks to a SQL injection vulnerability found last week, some of my recommendations are being investigated at work. We recently re-did an application which stores personally identifiable information whose disclosure could lead to identity theft. While we read some of the data on a regular basis, the restricted data we only need a couple of times a year and then only two employees need it. I've read up on SQL Server 2008's encryption function, but I'm not convinced that's the route I want to go. My problem ultimately boils down to the fact that we're either using symmetric keys or assymetric keys encrypted by a symmetric key. Thus it seems like a SQL injection attack could lead to a data leak. I realize permissions should prevent that, permissions should also prevent the leaking in the first place. It seems to me the better method would be to asymmetrically encrypt the data in the web application. Then store the private key offline and have a fat client that they can run the few times a year they need to access the restricted data so the data could be decrypted on the client. This way, if the server get compromised, we don't leak old data although depending on what they do we may leak future data. I think the big disadvantage is this would require re-writing the web application and creating a new fat application (to pull the restricted data). Due to the recent problem, I can probably get the time allocated, so now would be the proper time to make the recommendation. Do you have a better suggestion? Which method would you recommend? More importantly why?

    Read the article

  • My python program always brings down my internet connection after several hours running, how do I debug and fix this problem?

    - by Shane
    I'm writing a python script checking/monitoring several server/websites status(response time and similar stuff), it's a GUI program and I use separate thread to check different server/website, and the basic structure of each thread is using an infinite while loop to request that site every random time period(15 to 30 seconds), once there's changes in website/server each thread will start a new thread to do a thorough check(requesting more pages and similar stuff). The problem is, my internet connection always got blocked/jammed/messed up after several hours running of this script, the situation is, from my script side I got urlopen error timed out each time it's requesting a page, and from my FireFox browser side I cannot open any site. But the weird thing is, the moment I close my script my Internet connection got back on immediately which means now I can surf any site through my browser, so it must be the script causing all the problem. I've checked the program carefully and even use del to delete any connection once it's used, still get the same problem. I only use urllib2, urllib, mechanize to do network requests. Anybody knows why such thing happens? How do I debug this problem? Is there a tool or something to check my network status once such situation occurs? It's really bugging me for a while... By the way I'm behind a VPN, does it have something to do with this problem? Although I don't think so because my network always get back on once the script closed, and the VPN connection never drops(as it appears) during the whole process.

    Read the article

  • SASS mixin for swapping images / floats on site language (change)

    - by DBUK
    Currently using SASS on a website build. It is my first project using it, tried a little LESS before and liked it. I made a few basic mixins and variables with LESS, super useful stuff! I am trying to get my head around SASS mixins, and syntax, specifically for swapping images when the page changes to a different language, be that with body ID changing or <html lang="en">. And, swapping floats around if, for example, a website changed to chinese. So a mixin where float left is float left unless language is AR and then it becomes float right. With LESS I think it would be something like: .headerBg() when (@lang = en) {background-image:url(../img/hello.png);} .headerBg() when (@lang = it) {background-image:url(../img/ciao.png);} .header {.headerBg(); width: 200px; height:100px} .floatleft() when (@lang = en) { float: left;} .floatleft() when (@lang = ar) { float: right;} .logo {.floatleft();} Its the syntax I am having problems with combined with a brain melting day.

    Read the article

  • could not execute a stored procedure(using DAAB) from a client(aspx page) to a wcf service

    - by user1144695
    i am trying to store data to sql database from a asp.net client website through a stored procedure(using DAAB) in a wcf service hosted in a asp.net empty website.When i try to store data to the DB i get the following error: ** - The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs. ** When i try to debug i get the following exception: Activation error occured while trying to get instance of type Database, key "" in the code-- Database db = EnterpriseLibraryContainer.Current.GetInstance<Database>("MyInstance"); where my app.config is <?xml version="1.0"?> <configuration> <configSections> <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings, Microsoft.Practices.EnterpriseLibrary.Data, Version=5.0.414.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" requirePermission="true"/> </configSections> <dataConfiguration defaultDatabase="MyInstance"/> <connectionStrings> <add name="MyInstance" connectionString="Data Source=BLRKDAS307581\KD;Integrated Security=True;User ID=SAPIENT\kdas3;Password=ilove0LINUX" providerName="System.Data.SqlClient" /> </connectionStrings> <startup> <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/> </startup> </configuration> Can anyone help me with it? Thanks in advance...

    Read the article

  • Setting up a web development/build environment

    - by Eric
    Hello all, My current project has a development web server and live web server. Developers make changes to files on the dev server and test them (by going to the dev address) and make changes as necessary. When the file or files are ready to go, they are copied to the live server. There is no version control. As you might expect, there are some problems with this model: It's hard to keep track of what other programmers have done. It's hard to keep track of what files should be copied to the live server. There is no version control. I'm in a position to make nearly any change I like, but I want it to be the right one! I have been turning this over in my head for quite a while, and I have a solution that might be okay. But I want SO's opinion. Certainly version control needs to be added. But how should it work with the existing codebase and where should the developers be testing? How can anyone know what needs to be moved to the live server? What other details need to be addressed? How would you attack this problem? Supplementary information: The website is vital, but not mission critical. A small amount of downtime is acceptable. There are very few developers. (Right now, only 4.) History: Before I started, the project used Visual Source Safe. This was a sufficiently bad experience that they quit using it and abandoned version control. The project is an ASP.NET (C#) website. This seems like a question that may have a complicated answer. Thanks for thinking about it!

    Read the article

  • Understanding REST: is GET fundamentally incompatible with any "number of views" counter?

    - by cocotwo
    I'm trying to understand REST. Under REST a GET must not trigger something transactional on the server (this is a definition everybody agrees upon, it is fundamental to REST). So imagine you've got a website like stackoverflow.com (I say like so if I got the underlying details of SO wrong it doesn't change anything to my question), where everytime someone reads a question, using a GET, there's also some display showing "This question has been read 256 times". Now someone else reads that question. The counter now is at 257. The GET is transactional because the number of views got incremented and is now incremented again. The "number of views" is incremented in the DB, there's no arguing about that (for example on SO the number of time any question has been viewed is always displayed). So, is a REST GET fundamentally incompatible with any kind of "number of views" like functionality in a website? So should it want to be "RESTFUL", should the SO main page either stop display plain HTML links that are accessed using GETs or stop displaying the "this question has been viewed x times"? Because incrementing a counter in a DB is transactional and hence "unrestful"? EDIT just so that people Googling this can get some pointers: From http://www.xfront.com/REST-Web-Services.html : 4. All resources accessible via HTTP GET should be side-effect free. That is, the request should just return a representation of the resource. Invoking the resource should not result in modifying the resource. Now to me if the representation contains the "number of views", it is part of the resource [and in SO the "number of views" a question has is a very important information] and accessing it definitely modifies the resource. This is in sharp contrast with, say, a true RESTFUL HTTP GET like the one you can make on an Amazon S3 resource, where your GET is guaranteed not to modify the resource you get back. But then I'm still very confused.

    Read the article

  • Apache redirection problem!!!!

    - by vikas
    Hi guys, I am setting up a pre-built website built in php. The site was actually hosted on the linux server. Now I am trying to set it up on a Window machine with WAMP server. In this website almost every page request passes through a particular file called redirect(which is basically a php file without extension). Now the problem is that when I inspected the configuration(httpd.conf, apache.conf,.htaccess, vhost.conf etc) of the apache server on the linux machine, I nowhere found the redirect rules for doing so. Neither mod_rewrite nor mod_alias rules for this redirection were found there. But is still redirects the request properly. I also noticed that Zend Framework library is there in the exact same directory where the redirect file is. This library is included in the include_path in php.ini. However, the web site is still not developed using Zend MVC and I have seen NO proof of ZEND being used there. So I am really confused how this redirection is working there? I am unable to set up this on window machine without rewrite rules of mod_rewrite or mod_alias. Do you guys know any alternative of both the said modules for redirection? I know the site is really weird, but i have to set it up. :) Thanks in advance for your help.

    Read the article

  • Django Aggregation Across Reverse Relationship

    - by Tom
    Given these two models: class Profile(models.Model): user = models.ForeignKey(User, unique=True, verbose_name=_('user')) about = models.TextField(_('about'), blank=True) zip = models.CharField(max_length=10, verbose_name='zip code', blank=True) website = models.URLField(_('website'), blank=True, verify_exists=False) class ProfileView(models.Model): profile = models.ForeignKey(Profile) viewer = models.ForeignKey(User, blank=True, null=True) created = models.DateTimeField(auto_now_add=True) I want to get all profiles sorted by total views. I can get a list of profile ids sorted by total views with: ProfileView.objects.values('profile').annotate(Count('profile')).order_by('-profile__count') But that's just a dictionary of profile ids, which means I then have to loop over it and put together a list of profile objects. Which is a number of additional queries and still doesn't result in a QuerySet. At that point, I might as well drop to raw SQL. Before I do, is there a way to do this from the Profile model? ProfileViews are related via a ForeignKey field, but it's not as though the Profile model knows that, so I'm not sure how to tie the two together. As an aside, I realize I could just store views as a property on the Profile model and that may turn out to be what I do here, but I'm still interested in learning how to better use the Aggregation functions.

    Read the article

  • Creating a web application that can be extended by plugins/modules

    - by Adam Pope
    I'm currently involved with developing a C# CMS-like web application which will be used to standardise our development of websites. From the outset, the idea has been to keep the core as simple as possible to avoid the complexity and menu/option overload that blights many CMS systems. This simple core is now complete and working very well. We envisisaged that the system would be able to accept plugins or modules which would extend the core functionality to suit a given projects needs. These would also be re-usable across projects. For example, a basic catalogue and shopping basket might be needed. All the code for such extensions should be in seperate assemblies. They should be able to provide their own admin interfaces and front-end code from this library. The system should search for available plugins and give the admin user the option to enable/disable the feature. (This is all very much like WordPress plugins) It is crucial that we attack this problem in the correct way, so I'm trying to perform as much due dilligence as possible before jumping in. I am aware of the Plugin Pattern (http://msdn.microsoft.com/en-us/library/ms972962.aspx) and have read some articles on it's use. It seems reasonable but I'm not convinced it's necessarily the correct/best technique for this situation. It seems more suited to processing applications (image/audio manipulation, maths etc). Are there any other options for achieving this kind of UI extensibility functionality? Or is the plugin pattern the way to go? I'd also be interested if anybody has links to articles that explain using the plugin pattern for this purpose?

    Read the article

  • regressions with many nested categorical covariates

    - by eric
    I have a few hundred thousand measurements where the dependent variable is a probability, and would like to use logistic regression. However, the covariates I have are all categorical, and worse, are all nested. By this I mean that if a certain measurement has "city - Phoenix" then obviously it is certain to have "state - Arizona" and "country - U.S." I have four such factors - the most granular has some 20k levels, but if need be I could do without that one, I think. I also have a few non-nested categorical covariates (only four or so, with maybe three different levels each). What I am most interested in is prediction - given a new observation in some city, I would like to know the relevant probability/dependent variable. I am not interested as much in the related inferential machinery - standard deviations, etc - at least as of now. I am hoping I can afford to be sloppy. However, I would love to have that information unless it requires methods that are more computationally expensive. Does anyone have any advice on how to attack this? I have looked into mixed effects, but am not sure it is what I am looking for.

    Read the article

  • SSIS String or binary data would be truncated. The statement has been terminated.

    - by Subbarao
    When I run SSIS package from BIDS it runs fine without any error / problem. When I try to call it through a ASP.NET website I get the following error - "String or binary data would be truncated. The statement has been terminated." I checked all the columns / data to see if anything is exceeding the limit, everything is fine. I can run the package through command line using dtexec C:dtexec /f "C:\temp\MyTempPackage.dtsx", it executes without any problem . The problem is when I try to run it through ASP.NET. The following is the code that I am trying to use - //DTS Runtime Application Application app = new Application(); //DTS Package Package package = app.LoadPackage(packagePath, null); //Execute and Get the result DTSExecResult result = package.Execute(); I am making a call to a webservice from asp.net which has the above code. Both the webservice and website have identity impersonation enabled. I have identity enabled in my web.config for this <identity impersonate="true" userName="MyUserName" password="MyPassword"/> This problem is only when I am trying to import a Excel file (.xlsx) when I import a .txt file everything is fine. Excel Import blew up in both 32bit and 64bit enviornments. Help on how to make this to work is greatly appreciated.

    Read the article

  • OpenSource Projects - Is there a site which lists projecs that need more developers?

    - by Jamie
    Morning/Afternoon/Evening all, Do any of you know of a website which lists opensource projects which are in need of more help? Let me elaborate, I would like to work on another open source project (I already work on a couple), however, it would be nice to have a site which lists lots of OS projects, their aims, deadlines, workload, how many more developers they are in need of etc. Of course, I could just pick a topic i'm interested in, find an OS project and then work on it, however, it would be nice to see a diversified list of projects. Primarily because some little known awesome projects get little attention and big projects such as jQuery forks, adium, gimp etc. etc. get a lot of attention because they are well known (and of course because they are great)and thus get a lot of developers working on them. It would be nice to see some little known projects getting more attention and thus hopefully drawing some people to work on them. Currently there are many websites hosting os projects, such as github, sourceforge, google code etc. A website to centralise all of this into one place and categorise it would be awesome. Let me know your thoughts please. I'm not looking for an answer per se, so I will mark it is as a community wiki. Your thoughts would be great.

    Read the article

  • Smallcaps / multiple fonts and bolding using 'DrawString' in GDI+

    - by Simon_Weaver
    I want to write out some text using smallcaps in combination with different fonts for different words. To clarify I might want the message 'Welcome to our New Website' which is generated into a PNG file for the header of a page. The text will be smallcaps - everything is capitalized but the 'W', 'N' and 'W' are slightly larger. The 'New Website' will be in a different font than the rest of the text. Is there a way i can do this without doing it completely manually? Doing something like this is conceptually what I want to do : graphics.DrawString("<font size=2>W</font>ELCOME TO OUR <b><font size=2>N</font>" + "EW <font size=2>W</font>EBSITE</b>"); The best approach I could find so far is here, but I'm worried that I'll go to all the trouble to do this manually and end up with some horrible kerning or tracking problems. Edit: I should have mentioned that this is being done within ASP.NET so it needs to be fast and as lean as possible. I want it to be automated so I can localize easily and not have to create tonnes of little images.

    Read the article

  • Namespaced controller redirect urls

    - by bajki
    Hello, i have probably a simple question. I have created a namespace panel with categories controller. After creating or editing a category, rails redirects me to website.com/categories/:id instead of website.com/panel/categories/:id. I've noticed that in the _form view, the @panel_categories argument of form_for() function points to /categories nor /panel/categories and that's causing this behaviour. Offcourse i can add a :url => '/panel/categories' param but i feel that it's not the best solution... Can you provide me any better solution? Thanks in advance Files: routes.rb: Photowall::Application.routes.draw do resources :photos resources :categories resources :fields resources :users, :user_sessions match 'login' => 'user_sessions#new', :as => :login match 'logout' => 'user_sessions#destroy', :as => :logout namespace :panel do root :to => "photos#index" resources :users, :photos, :categories, :fields end namespace :admin do root :to => "users#index" resources :users, :photos, :categories, :fields end end categories_controller.rb: http://pastebin.com/rWJykCCF model is the default one form: http://pastebin.com/HGmkZZHM

    Read the article

  • What is the correct high level schema.org microdata itemtype for a retail brand/company homepage?

    - by kpowz
    I'd like to hear which schema.org itemtype others would recommend using or have used in the case of completing a retail brand's company homepage microdata. Take for example TOMS's shoes: Example #1 - Using /Corporation as the high-level itemtype one can include a lot of great /Organization microdata, but nothing about the retail store. <html itemscope='itemscope' itemtype="http://schema.org/Website> <head></head> <body itemscope='itemscope' itemtype="http://schema.org/Corporation> various microdata here probably including Product microdata </body> </html> NOTE: the only schema.org property specific to /Corporation is tickerSymbol & TOMS doesn't have one. Example #2 - This code would work if TOMS started their own channel of physical retail stores & each location had it's own homepage. However, for TOMS's.com, although accurate schematically & more descriptive at the face, this is incorrect microdata markup for TOMS.com, because /ShoeStore derives from /LocalBusiness - which must represent a physical place. <html itemscope='itemscope' itemtype='http://schema.org/Website'> <head></head> <body itemscope='itemscope' itemtype='http://schema.org/ShoeStore'> a whole bunch of jabber here </body> </html> NOTE: Since TOMS is virtual & thus can't be a /Store this means you lose really cool properties like 'currenciesAccepted', 'paymentAccepted' & 'priceRange'. Is this just a 'sit and wait' situation until more schemas are approved for 'virtual places' or is there a validation-passing way to get the best of both worlds?

    Read the article

  • Best practices for encrytping continuous/small UDP data

    - by temp
    Hello everyone, I am having an application where I have to send several small data per second through the network using UDP. The application need to send the data in real-time (on waiting). I want to encrypt these data and insure that what I am doing is as secure as possible. Since I am using UDP, there is no way to use SSL/TLS, so I have to encrypt each packet alone since the protocol is connectionless/unreliable/unregulated. Right now, I am using a 128-bit key derived from a passphrase from the user, and AES in CBC mode (PBE using AES-CBC). I decided to use a random salt with the passphrase to derive the 128-bit key (prevent dictionary attack on the passphrase), and of course use IVs (to prevent statistical analysis for packets). However I am concerned about few things: Each packet contains small amount of data (like a couple of integer values per packet) which will make the encrypted packets vulnerable to known-plaintext attacks (which will result in making it easier to crack the key). Also, since the encryption key is derived from a passphrase, this will make the key space way less (I know the salt will help, but I have to send the salt through the network once and anyone can get it). Given these two things, anyone can sniff and store the sent data, and try to crack the key. Although this process might take some time, once the key is cracked all the stored data will be decrypted, which will be a real problem for my application. So my question is, what is the best practices for sending/encrypting continuous small data using a connectionless protocol (UDP)? Is my way the best way to do it? ...flowed? ...Overkill? ... Please note that I am not asking for a 100% secure solution, as there is no such thing. Cheers

    Read the article

  • Enterprise Platform in Python, Design Advice

    - by Jason Miesionczek
    I am starting the design of a somewhat large enterprise platform in Python, and was wondering if you guys can give me some advice as to how to organize the various components and which packages would help achieve the goals of scalability, maintainability, and reliability. The system is basically a service that collects data from various outside sources, with each outside source having its own separate application. These applications would poll a central database and get any requests that have been submitted to perform on the external source. There will be a main website and REST/SOAP API that should also have access to the central data service. My initial thought was to use Django for the web site, web service and data access layer (using its built-in ORM), and then the outside source applications can use the web service(s) to get the information they need to process the request and save the results. Using this method would allow me to have multiple instances of the service applications running on the same or different machines to balance out the load. Are there more elegant means of accomplishing this? i've heard of messaging systems such as MQ, would something like that be beneficial in this scenario? My other thought was to use a completely separate data service not based on Django, and use some kind of remoting or remote objects (in they exist in Python) to interact with the data model. The downside here would be with the website which would become much slower if it had to push all of its data requests through a second layer. I would love to hear what other developers have come up with to achieve these goals in the most flexible way possible.

    Read the article

  • MySQL to SQL Server ODBC Connector?

    - by Scott C.
    My boss wants to have data in MySQL DBs used for our website to be "linked and synced" with a Financial Server that has its DB in SQL Server. Sooooo...even though I have no idea how to accomplish this, this just sounds like an absolute nightmare especially since the MySQL DB is most likely going to be hosted in the cloud and not on a machine next to the Financial Server. Any ideas how to accomplish this? (within reason?) Also, his big thing is he wants to basically pull up the data from any record a user enters and using data pulled from that do all sorts of calculations using ANOTHER program that stores its data (apparently) in SQL Server. Thinking of all the data I might have to convert makes me very uneasy. Please tell a ODBC eliminates complicated junk like this. :/ I'm trying to talk him into just having MySQL do a nightly dump into a CSV file or something and using that (rather than connector) to update the SQL Server DBs. I guess I'm just not that comfortable with a server and/or programming I have no say over being connected DIRECTLY to my MySQL DB for the website. If there's no good answer for this, can anyone offer a suggestion as to what I can say to talk him out of this? (I'm a low-level IT guy w/ a decent grasp on programming...but I'm no expert - should I try to push this off to a seasoned IT pro?) Thanks in advance.

    Read the article

  • larger file upload problem with php

    - by chris
    I need to upload a csv file to a server. works fine for smaller files but when the file is 3-6 meg its not working. $allowedExtensions = array("csv"); foreach ($_FILES as $file) { if ($file['tmp_name'] > '') { if (!in_array(end(explode(".", strtolower($file['name']))), $allowedExtensions)) { die($file['name'].' is an invalid file type!<br/>'. '<a href="javascript:history.go(-1);">'. '&lt;&lt Go Back</a>'); } if (move_uploaded_file($file['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } echo "File has been uploaded"; } //upload form <form name="upload" enctype="multipart/form-data" action="<? echo $_SERVER['php_self'];?>?action=upload_process" method="POST"> <!-- MAX_FILE_SIZE must precede the file input field --> <input type="hidden" name="MAX_FILE_SIZE" value="31457280" /> <!-- Name of input element determines name in $_FILES array --> Send this file: <input name="userfile" type="file" /> <input type="submit" value="Send File" /> </form> I have also added this to htaccess php_value upload_max_filesize 20M php_value post_max_size 20M php_value max_execution_time 200 php_value max_input_time 200 Where am i going wrong?

    Read the article

  • Random problem connecting to MySQL

    - by CharlesLeaf
    Environment: RHEL 5 servers, MySQL 5.1.43, PHP 5.1.6 (using MySQLi). Currently only available within our internal VPN network. Servers ServerA: Webserver ServerB/C/D: Database server (1 master 2 slaves) The error (on ServerA) [Tue May 25 11:12:17 2010] [error] [client CLIENTIP] PHP Warning: mysqli::real_connect() [function.mysqli-real-connect]: (HY000/2003): Can't connect to MySQL server on 'ServerB' (4) in /home/**/Database.php on line 67, referer: [website] Problem description It appears that at completely random times, our website is unable to connect to one of the MySQL servers - usually the Master. Except for the forementioned error message, there is nothing to be found in any of the logs as far as I can see, and most of the times the connection is succesful and everything works as it should. It's just at completely random times, this error pops up. There's no firewall blocking any internal traffic, timeout value is 3 but it doesn't take 3 seconds before it fails to connect. With the default mysql client I can connect from ServerA to ServerB,C and D and haven't encountered a problem yet. Does anyone have a clue what I might be overlooking / could be the problem? Because I've run out of ideas myself.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 349 350 351 352 353 354 355 356 357 358 359 360  | Next Page >