Search Results

Search found 68155 results on 2727 pages for 'data security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 425/2727 | < Previous Page | 421 422 423 424 425 426 427 428 429 430 431 432  | Next Page >

  • How do I secure a folder used to let users upload files?

    - by Eduardo Molteni
    I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

    Read the article

  • Finding mySQL duplicates, then merging data

    - by Michael Pasqualone
    I have a mySQL database with a tad under 2 million rows. The database is non-interactive, so efficiency isn't key. The (simplified) structure I have is: `id` int(11) NOT NULL auto_increment `category` varchar(64) NOT NULL `productListing` varchar(256) NOT NULL Now the problem I would like to solve is, I want to find duplicates on productListing field, merge the data on the category field into a single result - deleting the duplicates. So given the following data: +----+-----------+---------------------------+ | id | category | productListing | +----+-----------+---------------------------+ | 1 | Category1 | productGroup1 | | 2 | Category2 | productGroup1 | | 3 | Category3 | anotherGroup9 | +----+-----------+---------------------------+ What I want to end up is with: +----+----------------------+---------------------------+ | id | category | productListing | +----+----------------------+---------------------------+ | 1 | Category1,Category2 | productGroup1 | | 3 | Category3 | anotherGroup9 | +----+----------------------+---------------------------+ What's the most efficient way to do this either in pure mySQL query or php?

    Read the article

  • Transferring data to (Windows) Mobile Devices

    - by Ritu
    I created an app for Windows Mobile 6.5 and am fairly happy with it. However, if anyone else need to use this app, they will have to transfer an initial file (txt or csv) to the device. For a developer this isn't a problem but is this too much to ask of an end user? Granted, they will want to move (sync) data back to their desktop after the device's data have been updated. So how do other apps solve this problem? Do I need to provide some kind of syncing software?

    Read the article

  • PHP: Safe way to store decryptable passwords

    - by Jammer
    I'm making an application in PHP and there is a requirement that it must be possible to decrypt the passwords in order to avoid problems in the future with switching user database to different system. What encryption/decryption algorithm would you suggest? Is it good idea to just store the encrypted value and then compare the future authentication attempts to that value? Are the passwords still as safe as MD5/SHA1 when the private key is not available to the attacker (Hidden in USB drive for example)? I should still use salting, right? What encryption libraries should I use for PHP?

    Read the article

  • Problems inserting file data into sqlite database using python

    - by tylerc230
    I'm trying to open an image file in python and add that data to an sqlite table. I created the table using: "CREATE TABLE "images" ("id" INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL , "description" VARCHAR, "image" BLOB );" I am trying to add the image to the db using: imageFile = open(imageName, 'rb') b = sqlite3.Binary(imageFile.read()) targetCursor.execute("INSERT INTO images (image) values(?)", (b,)) targetCursor.execute("SELECT id from images") for id in targetCursor: imageid= id[0] targetCursor.execute("INSERT INTO %s (questionID,imageID) values(?,?)" % table, (questionId, imageid)) When I print the value of 'b' it looks like binary data but when I call: 'select image from images where id = 1' I get '????' printed to the console. Anyone know what I'm doing wrong?

    Read the article

  • Detecting use after free() on windows.

    - by The Rook
    I'm trying to detect "Use after free()" bugs, otherwise known as "Dangling pointers". I know Valgrind can be used to detect "Use after free" bugs on the *nix platform, but what about windows? What if I don't have the source? Is there a better program than Valgrind for detecting all dangling pointers in a program? A free and open source would be preferred , but I'll use a commercial solution if it will get the job done.

    Read the article

  • Data Grid Shows extra column

    - by cre-johnny07
    I have a wpf data Grid where I created twlo columns. But whenever I run the window the datagrid shows a extra column. I can't figure out why.? Below is my code <Custom:DataGrid Background="White" AlternatingRowBackground="#103D7EC5" RowHeaderWidth="20" SelectionMode="Single" SelectionUnit="FullRow" GridLinesVisibility="None" MinRowHeight="30" EnableRowVirtualization="True" EnableColumnVirtualization="True" CanUserAddRows="False" CanUserSortColumns="True" AreRowDetailsFrozen="True" RowDetailsVisibilityMode="Collapsed" ItemsSource="{Binding CurrentEntity.RefDetails, Mode = TwoWay}" AutoGenerateColumns="False" Name="grdDoctor1" ScrollViewer.VerticalScrollBarVisibility="Auto" MaxHeight="200"> <Custom:DataGrid.RowDetailsTemplate> <DataTemplate> </DataTemplate> </Custom:DataGrid.RowDetailsTemplate> <Custom:DataGrid.Columns> <Custom:DataGridTextColumn Binding="{Binding DepId}" Width="100" IsReadOnly="True" Header="Id"/> <Custom:DataGridTextColumn Binding="{Binding DepData}" Width="100" IsReadOnly="False" Header="Data"/> </Custom:DataGrid.Columns> </Custom:DataGrid> Any suggestion why this is happening..?

    Read the article

  • How can I make CAPTCHA work across multiple pages?

    - by jm04469
    Ever visit a website such as myspace where they leverage CAPTCHA to prevent spam? The typical pattern is to present a challenge to each URL that is opened, yet the challenge doesn't actually belong to the page itself which causes additional bandwidth usage. So, if I open up six pages at the same time and want to present a challenge on each page. I want the challenge to be tied to the page and not to the session. How can I make this work with Spring and/or Struts.

    Read the article

  • How to serialize a data of type string without using StringWriter as input

    - by starz26
    I want to serialize a input data of type string, but do not want to use StringWriter and StringReader for for serializing/Deserializing. The reason for this is when a escapse chars are sent as part of the Input string for serializing, it is serialized but some Spl chars are inserted in the xml(eg:"").I'm getting an XMl error while deserializing this serialized data. void M1() { string str = 23 + "AC"+(char)1; StringWriter sw = new StringWriter(); XmlSerializer serializer = new XmlSerializer(typeof(String)); serializer.Serialize(sw, str); System.Console.WriteLine("String encoded to XML = \n{0} \n", sw.ToString()); StringReader sr = new StringReader(sw.ToString()); String s2 = (String)serializer.Deserialize(sr); System.Console.WriteLine("String decoded from XML = \n {0}", s2); }

    Read the article

  • Are PDO prepared statements sufficient to prevent SQL injection?

    - by Mark Biek
    Let's say I have code like this: $dbh = new PDO("blahblah"); $stmt = $dbh->prepare('SELECT * FROM users where username = :username'); $stmt->execute( array(':username' => $_REQUEST['username']) ); The PDO documentation says The parameters to prepared statements don't need to be quoted; the driver handles it for you. Is that truly all I need to do to avoid SQL injections? Is it really that easy? You can assume MySQL if it makes a difference. Also, I'm really only curious about the use of prepared statements against SQL injection. In this context, I don't care about XSS or other possible vulnerabilities.

    Read the article

  • arbitrary input from stdin to shell

    - by python_noob
    So I have this existing command that accepts a single argument, but I need something that accepts the argument over stdin instead. A shell script wrapper like the following works, but as I will be allowing untrusted users to pass arbitrary strings on stdin, I'm wondering if there's potential for someone to execute arbitary commands on the shell. #!/bin/sh $CMD "`cat`" Obviously if $CMD has a vulnerability in the way it processes the argument there's nothing I can do, so I'm concerned stuff like this: Somehow allow the user to escape the double quotes and pass input into argument #2 of $CMD Somehow cause another arbitary command to run

    Read the article

  • SQL Server db_owner

    - by andrew007
    Hi, in my SQL2008 I have a user which is in the "db_datareader", "db_datawriter" and "db_ddladmin" DB roles, however when he tries to modify a table with SSMS he receives a message saying: You are not logged in as the database owner or system administrator. You might not be able to save changes to tables that you do not own. Of course, I would like to avoid such message, but until now I did find the way... Therefore, I try to modify the user by adding him to the "db_owner" role, and of course I do not have the message above. My question is: Is it possible to keep the user in the "db_owner" role, but deny some actions like alter user or ? I try "alter any user" securable on DB level, but it does not work... THANKS!

    Read the article

  • WINSDK: Determining whether an arbitrary pid identifies a running process on Windows

    - by Vlad Romascanu
    Attempting to implement a poor man's test of whether a process is still running or not (essentially an equivalent of the trivial kill(pid, 0).) Hoped to be able to simply call OpenProcess with some minimal desired access then test for either GetLastError() == ERROR_INVALID_PARAMETER or GetExitCodeProcess(...) != STILL_ACTIVE. Nice try... Running on Windows XP, as administrator: HANDLE hProc = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, pid); if (!hProc) { DWORD dwLastError = GetLastError(); } ...fails miserably with dwLastError == ERROR_ACCESS_DENIED when pid is owned by a different (not SYSTEM) user. Moreover, if pid was originally owned by a different user but has since terminated, OpenProcess also fails with ERROR_ACCESS_DENIED (not ERROR_INVALID_PARAMETER.) Do I have to use Process32First/Process32Next or EnumProcesses? I absolutely do not want to use SeDebugPrivilege. Thanks, V

    Read the article

  • varchar data type to datetime data type resulted in an out-of-range??

    - by leen3o
    Very weird problem occurred, I have moved a site from one server to another - All is working, but any query involving a date is playing up. I get the following: DELETE FROM MYTABLE WHERE categoryId = -2 AND datecreated < '3/23/2010'; The conversion of a varchar data type to a datetime data type resulted in an out-of-range value Now what's strange is I have changed the LCID to 1033 on the new server as the date is showing as US format and its still throwing an error! I then tried 2057 and again the same error? Made no difference. I'm a little confused, as this is a working site from a server with IIS6 - The locale is 1033 on that server and it works perfectly!! :S I have just tried thrown a Cdate() around the date too and yet again the same error??? Any ideas??

    Read the article

  • String encryption only with numbers?

    - by HH
    Suppose your bank clerk gives you an arbitrary password such as hel34/hjal0@# and you cannot remember it without writing it to a paper. Dilemma: you never write passwords to paper. So you try to invent an encryption, one-to-one map, where you write only a key to a paper, only numbers, and leave the rest junk to your server. Of course, the password can consist of arbitrary things. Implemention should work like hel34/hjal0#@ ---- magic ----> 3442 and to other way: 3442 ---- server magic ---> hel34/hjal0#@ [Update] mvds has the correct idea, to change the base, how would you implement it?

    Read the article

  • storing original password text

    - by Richard
    My application stores external website login/passwords for interaction with them. To interact with these website I need to use the original password text, so storing just the hash in my database is not going to work. How should I store these passwords?

    Read the article

  • A scripting engine for Ruby?

    - by Earlz
    Hello, I am creating a Ruby On Rails website, and for one part it needs to be dynamic so that (sorta) trusted users can make parts of the website work differently. For this, I need a scripting language. In a sort of similar project in ASP.Net, I wrote my own scripting language/DSL. I can not use that source code(written at work) though, and I don't want to make another scripting language if I don't have to. So, what choices do I have? The scripting must be locked down and not be able to crash my server or anything. I'd really like if I could use Ruby as the scripting language, but it's not strictly necessary. Also, this scripting part will be called on almost every request for the website, sometimes more than once. So, speed is a factor. I looked at the RubyLuaBridge but it is Alpha status and seems dead. What choices for a scripting language do I have in a Ruby project? Also, I will have full control over where this project is deployed(root access), so there are no real limits..

    Read the article

  • Do similar passwords have similar hashes?

    - by SLC
    Our computer system at work requires users to change their password every few weeks, and you cannot have the same password as you had previously. It remembers something like 20 of your last passwords. I discovered most people simply increment a digit at the end of their password, so "thisismypassword1" becomes "thisismypassword2" then 3, 4, 5 etc. Since all of these passwords are stored somewhere, I wondered if there was any weakness in the hashes themselves, for standard hashing algorithms used to store passwords like MD5. Could a hacker increase their chances of brute-forcing the password if they have a list of hashes of similar passwords?

    Read the article

  • How to hash and salt passwords

    - by Henrik Skogmo
    I realize that this topic have been brought up sometimes, but I find myself not entirely sure on the topic just yet. What I am wondering about how do you salt a hash and work with the salted hash? If the password is encrypted with a random generated salt, how can the we verify it when the user tries to authenticate? Do we need to store the generated hash in our database as well? Is there any specific way the salt preferably should be generated? Which encryption method is favored to be used? From what I hear sha256 is quite alright. And lastly, would it be an idea to have the hash "re-salted" when the user authenticates? Thank you!

    Read the article

  • Unable to fetch Json data from remote url

    - by user3772611
    I am cracking my head to solve this thing. I am unable to fetch the JSON data from remote REST API. I need to fetch the JSOn data nd display the "html_url" field from the JSON data on my website. I saw that you need the below charset and content type for fetching JSON. <html> <head> <meta charset="utf-8"> <meta http-equiv="content-type" content="application/json"> </head> <body> <p>My Instruments page</p> <ul></ul> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script> <script src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.10.3/jquery-ui.min.js"></script> <script type="text/javascript" src="http://code.jquery.com/jquery-1.11.0.min.js"></script> <script type="text/javascript"> $(document).ready(function () { alert("Inside the script"); $.getJSON(" https://pki.zendesk.com/api/v2/help_center/sections/200268985/articles.json", function (obj) { alert("Inside the getJSON"); $.each(obj, function (key, value) { $("ul").append("<li>" + value.html_url + "</li>"); }); }); }); </script> </body> </html> I referred to following example on jsfiddle http://jsfiddle.net/2xTjf/29/ The "http://date.jsontest.com" given in this example also doesn't work in my code. The first alert is pops but not the other one. I am a novice at JSON/ Jquery. i used jsonlint.com to find if it has valid JSON, it came out valid. I tested using chrome REST client too. What am I missing here ? Help me please ! Thanks in anticipation.

    Read the article

  • json service from data scraping with php

    - by fredz0003
    I am trying to figure out what is the best way to make this work, I am new to php. I was able to make my script work to find specific data on my htm file with the following script tested on my local server. <?php include ('simple_html_dom.php'); //create DOM from URL or local file $html = file_get_html ('Lotto Texas.htm'); //find td class name currLotWinnum and store in variable winNumbers foreach($html ->find('td.currLotWinnum') as $winNumbers) //print winNumbers echo "<b>The winning numbers are</b><br>"; echo $winNumbers -> innertext . '<br>'; ?> Need some light here, ultimately I would like to create a web service to return json format and access that data from my iOS application using NSJSONSerialization class.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 421 422 423 424 425 426 427 428 429 430 431 432  | Next Page >