Search Results

Search found 101690 results on 4068 pages for 'user input'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 404/4068 | < Previous Page | 400 401 402 403 404 405 406 407 408 409 410 411  | Next Page >

  • Am I under risk of CSRF attacks in a POST form that doesn't require the user to be logged in?

    - by Monika Sulik
    I'm probably being a total noob here, but I'm still uncertain about what a CSRF (Cross-Site Request Forgery) attack is exactly. So lets look at three situations... 1) I have a POST form that I use to edit data on my site. I want this data to be edited only by users that are logged in. 2) I have a site, which can be used by both users who are logged in as well as guests. Parts of the site are for logged in users only, but there are also POST forms that can be used by all users - anonymous and not (for example a standard contact form). Should the contact form be safeguarded against CSRF attacks? 3) I have a site which doesn't have an authentication system at all (well, perhaps that's unrealistic, so lets say it has an admin site which is separate from the rest of it and the admin part is properly safeguarded). The main part of the site is only used by anonymous users. Do the POST forms on it need to be safeguarded? In the case of 1) the answer is clearly yes. But in the case of 2 and 3 I don't know (and is the difference between 2 and 3 even significant?).

    Read the article

  • How can I test to see if a class contains a particular attribute?

    - by BryanWheelock
    How can I test to see if a class contains a particular attribute? In [14]: user = User.objects.get(pk=2) In [18]: user.__dict__ Out[18]: {'date_joined': datetime.datetime(2010, 3, 17, 15, 20, 45), 'email': u'[email protected]', 'first_name': u'', 'id': 2L, 'is_active': 1, 'is_staff': 0, 'is_superuser': 0, 'last_login': datetime.datetime(2010, 3, 17, 16, 15, 35), 'last_name': u'', 'password': u'sha1$44a2055f5', 'username': u'DickCheney'} In [25]: hasattr(user, 'username') Out[25]: True In [26]: hasattr(User, 'username') Out[26]: False I'm having a weird bug where more attributes are showing up than I actually define. I want to conditionally stop this. e.g. if not hasattr(User, 'karma'): User.add_to_class('karma', models.PositiveIntegerField(default=1))

    Read the article

  • In TFS, is there a maximum amount of workspaces which can be used for a user?

    - by Gerrie Schenck
    I'm currently in the process of creating a bunch of new build scripts for our platform. Things went okay until I encountered the following error: D:\TFS\WorkingDir\BuildType\TFSBuild.proj(173,5): error MSB4018: Microsoft.TeamFoundation.VersionControl.Client.WorkspaceNotFoundException: TF14061: The workspace BUILDMACHINENAME_9;BUILDMACHINENAME\TFSService does not exist. When I take a look at the list of workspaces (with Team Foundation Sidekicks) I see there are a bunch of BUILDMACHINENAME_xxx workspaces, where xxx is a number ranging from 1 to 8. What I'm thinking is that TFS reaches some kind of limit (10 probably) of the amount of workspaces it can create for a certain owner, and thus fails to create a workspace for the build automatically. Can this be the case? Anyone else encountered this?

    Read the article

  • Using Office 2003 normal.dot in Office 2010?

    - by TJ
    I have a user who I have upgraded from office 2003 to Office 2010. This user relies on his custom auto correct that he built into his normal.dot file for Word 2003. He would not like to have to reenter all 200 of his auto corrects. How can I convert his old Normal.dot file with auto corrects to the new Normal.dot for Office 2010?

    Read the article

  • A method to change effective user id of a running program?

    - by Brendan Long
    I'm writing a simple package manager and I'd like to automatically try sudo if the program isn't run as root. I found a function called seteuid, which looks likes it's exactly what I need, but I don't have the permissions to run it. So far all I can think of is a bash script to check before they get to the actual binary, but I'd like to do this all as C++ if possible. Is there any method of changing a processes's euid after it starts executing? Or a way to call sudo?

    Read the article

  • Not sure about ACL permissions

    - by Darko Miletic
    I'm writing up something about ACL usage on CentOS but since I still do not have a box ready I would like to ask something. Let us assume we have a folder /var/www/test If I do this in terms of permissions: /bin/chown -R root:root /var/www/test/ /bin/chmod -R u=rwx,go= /var/www/test/ /usr/bin/setfacl -R -m u:apache:rwx /var/www/test/ Will user apache be able to change owner of folder test or of any particular file within that folder? If answer is yes shall I than use group instead of user?

    Read the article

  • Wizard form in Struts

    - by Kuntal Basu
    I am creating a wizard in Struts. It cotains 4 steps. For Each step I have separate ActionClass say:- Step1Action.java Step2Action.java Step3Action.java Step4Action.java and in each class there are 2 methods input() and process(). input() method is for showing the page in input mode process() method is will be use for processing the submitted data (if validation is ok) I am carrying all data upto the last step in a session. And saving all of them in database in the last step Similaly 4 action tags in struts.xml like :- <action name="step1" class="com.mycomp.myapp.action.Step1Action1" method="input"> <result name="success" type="redirectAction">step2</result> <result name="input">/view/step1.jsp</result> </action> <action name="step2" class="com.mycomp.myapp.action.Step1Action2" method="input"> <result name="success" type="redirectAction">step3</result> <result name="input">/view/step2.jsp</result> </action> But I think I am going wrong. Please Tell me How will I handle This case?

    Read the article

  • Apps management dashboard: what features should be in it?

    - by Christophe
    On a dashboard to manage business web apps (CRM, email marketing, collaboration, accounting...) from a single place which features should be a must have and nice to have? Those that come to mind are SSO, unified billing, users provisioning. What else? What should be available to the super user (admin) vs the business user? Do you know any products of this kind in the market today? Thanks Christophe GetApp.com

    Read the article

  • How to create Data Entry User Interfaces in asp.net?

    - by Wael Dalloul
    Suppose that you have a big Data Entry Web Application Like Microsoft CRM, what is the strategies and technologies that you follow to build a website like it? I don't want to use any Dynamic Web Page Generation software, because it have a lot of limitations.. Also I don't want to design every page and repeat everything what's the best approach? Any Ideas or Head lines on this issue? Thanks in Advance...

    Read the article

  • Set Recurring payment with different initial payment in Paypal

    - by www.sapnaedu.in
    I am developing a payment option in a PHP based application. The user can choose Paypal or Paypal recurring method to make a payment. However, the user would pay $50 for the first time and $40 starting from next month. However, when the user chooses the Paypal recurring option and he pays $50, Paypal automatically chooses $50 from the next month onwards. Is it possible to set the different initial payment and recurring payment ? Here is the part of the code : echo "<input type=\"hidden\" name=\"no_shipping\" value=\"1\"/>\n"; echo "<input type=\"hidden\" name=\"a3\" value=\"".$amt."\"/>\n"; echo "<input type=\"hidden\" name=\"p3\" value=\"1\"/>\n"; echo "<input type=\"hidden\" name=\"t3\" value=\"M\"/>\n"; echo "<input type=\"hidden\" name=\"src\" value=\"1\"/>\n"; echo "<input type=\"hidden\" name=\"sra\" value=\"1\"/>\n"; echo "<input type=\"hidden\" name=\"no_note\" value=\"1\"/>\n"; Thanks Kiran

    Read the article

  • Generic function pointers in C

    - by Lucas
    I have a function which takes a block of data and the size of the block and a function pointer as argument. Then it iterates over the data and performes a calculation on each element of the data block. The following is the essential outline of what I am doing: int myfunction(int* data, int size, int (*functionAsPointer)(int)){ //walking through the data and calculating something for (int n = 0; n < size; n++){ data[n] = (*function)(data[n]); } } The functions I am passing as arguments look something like this: int mycalculation(int input){ //doing some math with input //... return input; } This is working well, but now I need to pass an additional variable to my functionpointer. Something along the lines int mynewcalculation(int input, int someVariable){ //e.g. input = input * someVariable; //... return input; } Is there an elegant way to achieve this and at the same time keeping my overall design idea?

    Read the article

  • Access current_user in model

    - by LearnRails
    I have 3 tables items (columns are: name , type) history(columns are: date, username, item_id) user(username, password) When a user say "ABC" logs in and creates a new item, a history record gets created with the following after_create filter. How to assign this username ‘ABC’ to the username field in history table through this filter. class Item < ActiveRecord::Base has_many :histories after_create :update_history def update_history histories.create(:date=Time.now, username= ?) end My login method in session_controller def login if request.post? user=User.authenticate(params[:username]) if user session[:user_id] =user.id redirect_to( :action='home') flash[:message] = "Successfully logged in " else flash[:notice] = "Incorrect user/password combination" redirect_to(:action="login") end end end I am not using any authentication plugin. I would appreciate if someone could tell me how to achieve this without using plugin(like userstamp etc.) if possible.

    Read the article

  • What's the most accurate way to determine user geolocation in the browser?

    - by Crashalot
    I found a few examples suggesting Google AJAX APIs. This link typifies the advice I have found so far: http://briancray.com/2009/05/29/find-web-visitors-location-javascript-google-api/ However, the location is often wrong with the Google APIs. Other sites seem to know exactly which city I'm in, though, without me entering any information. Suggestions? Is there something cross-browser (ignoring IE6) and reliable?

    Read the article

  • How to save http referer in rails

    - by TenJack
    I'm trying to save the site that a user came from when they sign up. Right now I have a before_filter in my ApplicationController: before_filter :save_referer def save_referer unless is_logged_in? session['referer'] = request.env["HTTP_REFERER"] unless session['referer'] end end Then when a user is created, it checks this session variable and sets it to nil. Sometimes this does not work and I'm worried there might be some unintended things happening with using session like this. Does anyone have a better way? Or some input perhaps? EDIT: This is the logic I am using to save the referer: def create @user = User.new(params[:user]) if @user.save_with(session[:referer]) .... end User def save_with(referer) self.referer = referer unless referer == "null" self.save end Is there any reason why this should not work?

    Read the article

  • can some hacker steal the cookie from a user and login with that name on the web site ?

    - by Aristos
    Reading this question different users get the same cookie value in aspxanonymous and search for a solution, I start thinking, if it is possible for some one to really steal the cookie with some way, and then place it on his browser and login lets say as administrator. Do you know how form authentication can ensure that even if the cookie is stoled, the hacker not actual login using it ? Or do you know any other automatic defense mechanism ? Thank you in advanced.

    Read the article

  • Insert record in Linq to Sql

    - by Anders Svensson
    Is this the easiest way to insert a record with Linq to Sql when there's a many-to-many relationship, or is there a better/cleaner way? I wasn't sure why things weren't working at first, but when I added a second SubmitChanges() it worked. Why was this necessary? Would be grateful if someone could clarify this a bit! private void InsertNew() { UserPageDBDataContext context = new UserPageDBDataContext(); User user = new User(); ManyToMany.Model.Page page = new ManyToMany.Model.Page(); user.Name = "Madde Andersson"; page.Url = "anderscom/references"; context.Users.InsertOnSubmit(user); context.Pages.InsertOnSubmit(page); context.SubmitChanges(); UserPage userPage = new UserPage(); userPage.UserID = user.UserID; userPage.PageID = page.PageID; user.UserPages.Add(userPage); context.SubmitChanges(); }

    Read the article

  • May I open my own device driver twice simultanoiusly from a user program under Linux?

    - by Viktor Gyuris
    Somewhere I read that opening the same file twice has an undefined semantics and should be avoided. In my situation I would like to open my own device multiple times associating multiple file descriptors to it. The file operations of my device are all safe. Is there some part of Linux between the sys call open() and the point it calls the registered file operation .open() that is unsafe?

    Read the article

  • Is Rails default CSRF protection insecure

    - by schickb
    By default the form post CSRF protection in Rails creates an authenticity token for a user that only changes when the user's session changes. One of our customers did a security audit of our site and flagged that as an issue. The auditor's statement was that if we also had a XSS vulnerability that an attacker could grab another user's authenticity token and make use of it for CSRF attacks until the user's session expired. But is seems to me that if we had an XSS vulnerability like that an attacker could just as easily grab another user's session cookie and login as that user directly. Or even just make call to our REST Api as the user being attacked. No secondary CSRF attack needed. Have I missed something? Is there a real problem with the default CSRF protection in Rails?

    Read the article

  • Drupal, mysql server settings

    - by Patrick
    hi, I've a problem to configure database settings in Drupal. I will propose here some sample data: Database Mysql: Database: databaseName User: user Password: password Server: server.com Server Choice: mysqldb2 (in phpmyadmin I have this option and I can choose between mysqldb1 and mysqldb2 to access to the mysql server) The error message I get is: The mysql error was: Access denied for user: 'user@localhost' (Using password: YES). I've tried the following lines in settings.php but I always get the same error message: $db_url = 'mysql://user:password@localhost/databaseName'; $db_url = 'mysql://user:password@localhost/databaseName/mysqldb2'; The user and password work in phpmyadmin so I'm sure they are correct. thanks

    Read the article

  • When onblur occurs, how can I find out which element focus went *to*?

    - by Michiel Borkent
    Suppose I attach an onblur function to an html input box like this: <input id="myInput" onblur="function() { ... }"></input> Is there a way to get the ID of the element which caused the onblur event to fire (the element which was clicked) inside the function? How? For example, suppose I have a span like this: <span id="mySpan">Hello World</span> If I click the span right after the input element has focus, the input element will lose its focus. How does the function know that it was mySpan that was clicked? PS: If the onclick event of the span would occur before the onblur event of the input element my problem would be solved, because I could set some status value indicating a specific element had been clicked. PPS: The background of this problem is that I want to trigger an Ajax.AutoCompleter control externally (from a clickable element) to show its suggestions, without the suggestions disappearing immediately because of the onblur event on the input element. So I want to check in the OnBlur function if one specific element has been clicked, and if so, ignore the blur event.

    Read the article

  • function (blurClass) NOT WORKING IN IE

    - by Erik
    I can't get this plugin to function properly in IE.... Check out my homepage and look at the huge search field toward the top... www.naturalskin.com Whenever I refresh the screen the "blur" looses its function and I'm stuck with text..... Here is the script that I place in an external js page: http://www.naturalskin.com/src/js/javascript/batches.js jQuery.fn.hint = function (blurClass) { if (!blurClass) { blurClass = 'blur'; } return this.each(function () { // get jQuery version of 'this' var $input = jQuery(this), // capture the rest of the variable to allow for reuse title = $input.attr('title'), $form = jQuery(this.form), $win = jQuery(window); function remove() { if ($input.val() === title && $input.hasClass(blurClass)) { $input.val('').removeClass(blurClass); } } // only apply logic if the element has the attribute if (title) { // on blur, set value to title attr if text is blank $input.blur(function () { if (this.value === '') { $input.val(title).addClass(blurClass); } }).focus(remove).blur(); // now change all inputs to title // clear the pre-defined text when form is submitted $form.submit(remove); $win.unload(remove); // handles Firefox's autocomplete } }); }; Erik

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 400 401 402 403 404 405 406 407 408 409 410 411  | Next Page >