Search Results

Search found 41147 results on 1646 pages for 'database security'.

Page 357/1646 | < Previous Page | 353 354 355 356 357 358 359 360 361 362 363 364  | Next Page >

• Echo html+php from database

  - by pg-robban

  I am working on a site which deals with a lot of texts in HTML, so recently I learned PHP and moved them into a MySQL database and echo the contents given a specific chapter and section. Now this works relatively fine, the HTML shows up properly. However, in some parts I have included PHP function calls, and these doesn't seem to be evaluated - rather, they get just inserted into the source code (and thus invisible for the page viewer), never doing anything. They did work when they were simple .html files. How can I solve this? For example, a text can look like this: <?php printChapterName(); ?> <p>Some text</p> ... <?php showImage($name, $alt-text); ?> ... This just shows the text on the page. Edit: The functions are echo:ing some HTML.

  Read the article

• Securing Web Services approach valid?

  - by NBrowne

  Hi , Currently I am looking at securing our web services. At the moment we are not using WCF so this is not an option. One approach I have seen and implemented locally fairly easily was the approach described in article: http://www.codeproject.com/KB/aspnet/wsFormsAuthentication.aspx Which describes adding a HttpModule which prompts for user credentials if the user browses to any pages (web services) which are contained in a services folder. Does anyone see any way that this security could fall down and could be bypassed etc. I'm really just trying to decide whether this is a valid approach to take or not? thanks

  Read the article

• A better understanding of the relations beetween database tables

  - by Nistor Alexandru

  Hi I am trying to get a better understanding of relational databases and there is something that I keep bumping into and don't understand.Let's take this two tables: In this case Login.ID is the primary key with auto_increment set and Profile.ID_LOGIN is the Foreign KEY.When a user is created and it's username and password is stored in the login database does the ID coresponding to the curesnt username and password get automaticly added into ID_LOGIN or do I have to create an SQL statement to do this? If I have to create a SQL statement how should I aproach adding the ID_LOGIN to make sure I am adding it corectly?

  Read the article

• Designing DAOs for data sources other than a database

  - by James P.

  Hi, Until now I've been used to using DAOs to retrieve information from databases. Other sources of data are possible though and I'm wondering if and how the pattern could be applied in general. For example, I'm now working on an application that fetches XML on the web. The XML file could be considered as a data source and the actual fetching is similar in principle to a database request. I'm not quite sure how the DAO could be structured though. Any views on the subject are welcome.

  Read the article

• SQL Server Express: Failed to add primary key after creating a database table

  - by Syd

  Scenario: I have created a database table. And when I tried to add a primary key (using the SQL Server Management Studiio) to the table, it failed with an error message "Saving changes is not permitted. The changes you have made requrie the following tables to be dropped and re-created. You have either made changes to a table that can't be recreated or enabled the option Prevent savign changes that require the table to be re-created." The environment is Windows 7. I have earlier installed it on a Windows XP SP2 and it worked. And yes, my table is empty (freshly created). My current workaround is to run the "Drop and Create" script. The other alternative is to create the primary key before I save the table. Is this a bug or a limitation with the Express version?

  Read the article

• Images with unknown content: Dangerous for a browser?

  - by chris_l

  Let's say I allow users to link to any images they like. The link would be checked for syntactical correctness, escaping etc., and then inserted in an <img src="..."/> tag. Are there any known security vulnerabilities, e.g. by someone linking to "evil.example.com/evil.jpg", and evil.jpg contains some code that will be executed due to a browser bug or something like that? (Let's ignore CSRF attacks - it must suffice that I will only allow URLs with typical image file suffixes.)

  Read the article

• Form Submitting Incorrect Information to MySQL Database

  - by ThatMacLad

  I've created a form that submits data to a MySQL database but the Date, Time, Year and Month fields constantly revert to the exact same date (1st January 1970) despite the fact that when I submit the information to the database the form displays the current date, time etc to me. I've already set it so that the time and date fields automatically display the current time and date. Could someone please help me with this. Form: <html> <head> <title>Blog | New Post</title> <link rel="stylesheet" href="css/newposts.css" type="text/css" /> </head> <body> <div class="new-form"> <div class="header"> <a href="edit.php"><img src="images/edit-home-button.png"></a> </div> <div class="form-bg"> <?php if (isset($_POST['submit'])) { $month = htmlspecialchars(strip_tags($_POST['month'])); $date = htmlspecialchars(strip_tags($_POST['date'])); $year = htmlspecialchars(strip_tags($_POST['year'])); $time = htmlspecialchars(strip_tags($_POST['time'])); $title = htmlspecialchars(strip_tags($_POST['title'])); $entry = $_POST['entry']; $timestamp = strtotime($month . " " . $date . " " . $year . " " . $time); $entry = nl2br($entry); if (!get_magic_quotes_gpc()) { $title = addslashes($title); $entry = addslashes($entry); } mysql_connect ('localhost', 'root', 'root') ; mysql_select_db ('tmlblog'); $sql = "INSERT INTO php_blog (timestamp,title,entry) VALUES ('$timestamp','$title','$entry')"; $result = mysql_query($sql) or print("Can't insert into table php_blog.<br />" . $sql . "<br />" . mysql_error()); if ($result != false) { print "<p class=\"success\">Your entry has successfully been entered into the blog. </p>"; } mysql_close(); } ?> <?php $current_month = date("F"); $current_date = date("d"); $current_year = date("Y"); $current_time = date("H:i"); ?> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>"> <input class="field" type="text" name="date" id="date" size="2" value="<?php echo $current_month; ?>" /> <input class="field" type="text" name="date" id="date" size="2" value="<?php echo $current_date; ?>" /> <input class="field" type="text" name="date" id="date" size="2" value="<?php echo $current_year; ?>" /> <input type="text" name="time" id="time" size="5"value="<?php echo $current_time; ?>" /> <input class="field2" type="text" id="title" value="Title Goes Here." name="title" size="40" /> <textarea class="textarea" cols="80" rows="20" name="entry" id="entry" class="field2"></textarea> <input class="field" type="submit" name="submit" id="submit" value="Submit"> </form> </div> </div> </div> <div class="bottom"></div> </body> </html>

  Read the article

• Store date object in sqlite database

  - by bnabilos

  Hello, I'm using a database in my Java project and I want to store date in it, the 5th and the 6th parameter are Date Object. I used the solution below but I have errors in these 2 lines : creerFilm.setDate(5, new Date (getDateDebut().getDate())); creerFilm.setDate(6, new Date (getDateFin().getDate())); PreparedStatement creerFilm = connecteur.getConnexion().prepareStatement("INSERT INTO FILM (ID, REF, NOM, DISTRIBUTEUR, DATEDEBUT, DATEFIN) VALUES (?, ?, ?, ?, ?, ?)"); creerFilm.setInt(1, getId()); creerFilm.setString(2, getReference()); creerFilm.setString(3, getNomFilm()); creerFilm.setString(4, getDistributeur()); creerFilm.setDate(5, new Date (getDateDebut().getDate())); creerFilm.setDate(6, new Date (getDateFin().getDate())); creerFilm.executeUpdate(); creerFilm.close(); Can you help me to fix that please ? Thank you

  Read the article

• Selected number of records from database in DB2.

  - by Abhi

  Hi All, I have to fetch only 50 records at a time from database(DB2), for this I have been usig Row_Number but now the persons are telling that this Row_Number is not stable and has bugs in it so now I have to write a different querry for the same as I have to fetch only 50 records at a time. so please can any body help me out for the same. Thanks in advance. The Query which I have been using is SELECT PLC.* FROM ( SELECT ROW_NUMBER() OVER (ORDER BY PRDLN_CTLG_OID) AS Row, PRDLN_CTLG_OID, PRODUCT_LINE_OID AS PRODUCT_LINE_OID, RTRIM(CATALOG_ID) AS CATALOG_ID, FROM PROD_LINE_CATALOG WHERE PRODUCT_LINE_OID=:productLineOID AND ACTV_IND = 1 ORDER BY CATALOG_ID) PLC WHERE Row >= :startIndex AND Row <= :endIndex ORDER BY PLC.CATALOG_ID DESC WITH UR

  Read the article

• More intelligent Context Menus in Visual Studio 2008 Database Projects

  - by Mike C.

  I'm using a SQL Server 2008 Database Project, and I'm finding it's very cumbersome to add certain items. For example, if I right click on Tables = Keys and navigate to the Add item, I'd expect to see the different kinds of keys that I can add. Instead, I see the stock items that don't apply, and I'm forced to navigate the Add New Item screen to find Primary Key. Is there a way to make this more efficient? I have Resharper; can I leverage templates somehow (kind of a noob with these). Thanks!

  Read the article

• Cannot add App_Data SQL Server database

  - by Interfector

  Hello, Using Visual Studio 2010 10.0.20319.1 RTMRel and SQL Server Express 10.50.1600.1 I'm trying to add a new SQL Server Database .mdf, however, I receive the following error: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: SQL Network Interfaces, error: 25 – Connection string is not valid) I have enabled TCP/IP and Named Pipelines, added Firewall Exceptions for Sql Server, I am successfully connecting from VS in the Server Explorer window. I would appreciate if someone can pint me to a solution to my problem. Thank you.

  Read the article

• WCF: What happens if a channel is established but no method is called?

  - by mafutrct

  In my specific case: A WCF connection is established, but the only method with "IsInitiating=true" (the login method) is never called. What happens? In case the connection is closed due to inactivity after some time: Which setting configures this timeout? Is there still a way for a client to keep the connection alive? Reason for this question: I'm considering the above case as a possible security hole. Imagine many clients connecting to a server without logging in thus preventing other clients from connecting due to bandwidth problems or port shortage or lack of processing power or ... Am I dreaming, or is this an actual issue?

  Read the article

• Get data from database with two conditions in one list

  - by Kreeki

  Hi coders out there, I'm new to this. I have a (sqlite3, but with ActiveRecord it doesn't matter) table called Messages and a model called Message. I want to find all messages in database that have user_id or reciever_id equal to the object user and his attribute id (for short user.id). I know it's probably just one simple line of code, but I wanna do it the right "rails" way and I don't have much experience with this. I'm using Rails 3. Thanks for any help. Cheers

  Read the article

• Styled Javascript Popup that Connects to Database

  - by user269799

  I want to create a javascript popup box that contains text fields. I want to be able to style this box - using CSS - and I want the textfield entries to be Inserted into a MySQL database. Is this possible? I would be familiar with doing this through web forms and server side scripting but I need it to be a bit more client side this time to make things seem a bit faster. I am thinking I may need to learn some AJAX but any pointers would be a help. GF

  Read the article

• Caching for database questions.

  - by SeanD

  When we say caching like using memcahe or Redis, is this a 1:1 caching between the user and the cache or can we cache 1 item and use it for all user? Some items like a Friend list will be 1:1 a that is unique per user. But if i want to cache the auto complete list for city lookups which can be used by any user, will it just store 1 list in the cache used by all users at same time or doe it need to store 1 list per user? Is it possible to cache the entire database, all the lookups, all the users, all their photos, etc using memache or redis? So from the above example: a friend list will be cleared from the cache when the user logs off. But something like city auto complete will stay in the cache 24-7-365, am i correct?

  Read the article

• asp.net impersonation identity: Where does it come from?

  - by Rising Star

  Here's a simple question I've been stuck on for a while. When I set < identity impersonate=true > in my web.config so that asp.net impersonates the logged on user automatically (or the anonymous account if not using Windows Authentication), where does the identity that asp.net impersonates come from? This document: http://msdn.microsoft.com/en-us/library/ff649264.aspx shows three places you can retrieve information about the logged on user: Httpcontext.Current.user System.Threading.Thread.Current System.Security.Principal.WindowsIdentity.GetCurrent It seems that none of these locations consistently match the identity that gets impersonated when I set < identity impersonate=true > in web.config. I would like to know where the impersonated identity comes from.

  Read the article

• Why is using a Non-Random IV with CBC Mode a vulnerability?

  - by The Rook

  I understand the purpose of an IV. Specifically in CBC mode this insures that the first block of of 2 messages encrypted with the same key will never be identical. But why is it a vulnerability if the IV's are sequential? According to CWE-329 NON-Random IV's allow for the possibility of a dictionary attack. I know that in practice protocols like WEP make no effort to hide the IV. If the attacker has the IV and a cipher text message then this opens the door for a dictionary attack against the key. I don't see how a random iv changes this. (I know the attacks against wep are more complex than this.) What security advantage does a randomized iv have? Is this still a problem with an "Ideal Block Cipher"? (A perfectly secure block cipher with no possible weaknesses.)

  Read the article

• VB.Net Create Database table from class property

  - by joeb

  I'm trying to create an inheritable class(OF t) in vb.net that I will pass it a class of objects. Inside the class of objects I want to use the class properties to create a corresponding database table. Like below Public Class SampleClass #Region "Properties" Private newPropertyValue As String Public Property NewProperty() As String Get Return newPropertyValue End Get Set(ByVal value As String) newPropertyValue = value End Set End Property #End Region Public Sub New() End Sub End Class I'm new to vb.net so I don't know my way around exactly. I was looking into class attributes for this action but they do not fully make sense to me yet. Thanks in advance.

  Read the article

• jQuery autocomplete that retrieves items from a database

  - by Ankur

  I want to provide autocomplete for users when they are filling in a text box. The values for the autocomplete should come from a mysql database that I use with the application. Can you please recommend a plugin or two that would be best suited to this. I can see that there are a number of options out there. But I was hoping that based on the answers it would be clear that one or two plugins are considered to be the better ones, and I would only have to choose from those. Thanks,

  Read the article

• dates when saving to mysql database

  - by Patrick

  in my php code I was asking the user to choose day, month and year from some dropdown fields where values where 1, 2, 3 etc instead of 01, 02, 03. these were then combined to form a string like "YYYY-MM-DD" for the insertion in a db (in a date field). Having missed the initial 0, I thought I was sending strings in the wrong format, eg "YYYY-M-D" or YYYY-MM-D", but then I've noticed they appear in the right format in the database anyway: even if I submitted YYYY-M-D, it appeared as YYYY-MM-DD. is this the normal behaviour of mysql? if so, can i just avoid worrying about changing the code in my application?

  Read the article

• Need data on disk drive management by OS: getting base I/O unit size, “sync” option, Direct Memory A

  - by Richard T

  Hello All, I want to ensure I have done all I can to configure a system's disks for serious database use. The three areas I know of (any others?) to be concerned about are: I/O size: the database engine and disk's native size should either match, or the database's native I/O size should be a multiple of the disk's native I/O size. Disks that are capable of Direct Memory Access (eg. IDE) should be configured for it. When a disk says it has written data persistently, it must be so! No keeping it in cache and lying about it. I have been looking for information on how to ensure these are so for CENTOS and Ubuntu, but can't seem to find anything at all! I want to be able to check these things and change them if needed. Any and all input appreciated.

  Read the article

• Cross domain secure cookie usage?

  - by asdasda

  I have a website that came with a SSL site for HTTPS but its on a different server. Example being my website: http://example.com my SSL site: http://myhostingcompany.com/~myuseraccount/ So I can do transactions over HTTPS and we have user accounts and everything but it is located on a different domain. The cookie domain is set for that one. Is there a way I can check on my actual site to see if a cookie is set for the other one? And possibly grab its data and auth a user? I think this violates a major principle of security and can't be done for good reasons, but am i wrong? is this possible?

  Read the article

• Create a PHP cache system in MySQL database?

  - by Zach Smith

  I'm creating a web service that often scrapes data from remote web pages. After scraping this data, I have a simple multidimensional array of information to use. The scraping process is fairly taxing on my server, and the page load takes a while. I was considering adding a simple cache system using a MySQL database, where I create one row per remote web page with a the array of information pulled from it stored as a JSON encoded string. Is this a good enough system? Or would something like a text file per web page be a better idea?

  Read the article

• Storing database records into array

  - by zerey

  I would want to create an array that will hold records retrieved from a database using a query of SELECT statement. The records to be retrieved have multiple fields such as lastname, firstname, mi and 20 more fields. What would be the best approach on coding this function? alright i have followed what prisoner have given below.. the next question is how do i search through this kind of array using queries? for example i want to search for a username..

  Read the article

• How to store coordinates in a database

  - by Tim

  Hello all! I have a Flex GUI where I have to place quadrate elements. The position of these elements need to be stored into a database. So I can create two integer fields in the db table x and y. Also I need an angle, because the user can rotate these elements, so I can also make a int (int is okay, I do not need a double value therefore). As a ORM, I use Hibernate. But the question is, if creating three integer fields is the best way to handle this. Perhaps someone can tell me if this will be okay or if there are better ways? Thanks a lot in advance & Best Regards.

  Read the article

< Previous Page | 353 354 355 356 357 358 359 360 361 362 363 364  | Next Page >