Search Results

Search found 68155 results on 2727 pages for 'data security'.

Page 429/2727 | < Previous Page | 425 426 427 428 429 430 431 432 433 434 435 436  | Next Page >

• Can a program assign the memory directly?

  - by Tattat

  Is there any really low level programming language that can get access the memory variable directly? For example, if I have a program have a variable i. Can anyone access the memory to change my program variable i to another value?

  Read the article

• Alternative to jQuery .data()?

  - by thebossman

  I'm a big fan of jQuery's .data() method, but I can't always use it. Often times I am rendering html templates that I pass via AJAX and I need to attach metadata to each of the elements in the template. For example: <ul> {% for item in itemlist %} <li metadata="{{ item.metadata }}">{{ item.name }}</li> {% endfor %} </ul> I know attaching attributes to store data is bad practice (and it might not even work in older versions of IE). What is the best practice? Is there a good alternative to this method?

  Read the article

• How to play music on site preventing direct file download

  - by Hugo Palma

  I'm starting a blog with a hosted wordpress instance and i would like to be able to stream music using a flash player on some posts. The problem is that every player i find uses a simple param to get the file url which makes it very easy for someone to find that url and just download the file. A server side solution can be implemented as i have full access to the server.

  Read the article

• wrong data type in mysql for grails byte[] property

  - by srkiNZ84

  Hi, I have an application which is trying to save a photo to the database. I've created a grails domain class with a byte[] property and this was working well when using HSQLDB (the default in grails). However, when I changed the database to MySQL I ended up getting the following error: Data truncation: Data too long for column 'photo' at row 1 I then had a look at the schema and found that the byte[] was being created as a TINYBLOB field, which was causing the error. How can I specify that this property should correspond to a BLOB/LONGBLOB type in the database?

  Read the article

• Securing input of private / protected methods?

  - by ts

  Hello, normally, all sane developers are trying to secure input of all public methods (casting to proper types, validating, sanitizing etc.) My question is: are you in your code validating also parameters passed to protected / private methods? In my opinion it is not necessary, if you securize properly parameters of public methods and return values from outside (other classes, db, user input etc...). But I am constantly facing frameworks and apps (ie. prestashop to name one) where validation is often repeated in method call, in method body and once again for securize returned value - which, I think, is creating performace overhead and is also a sign of bad design.

  Read the article

• Handling of data truncation (short reads/writes) in FUSE

  - by Vi

  I expect any good program should do all their reads and writes in a loop until all data written/read without relying that write will write everything (even with regular files). Am I right? Implemented simple FUSE filesystem which only allows reading and writing with small buffers, very often returning that it is written less bytes that in a buffer (using -o direct_io). Some programs work, some not (notably mountlo). Are them buggy or programs should not expect truncated writes and reads from the regular files? In general, are seekable file descriptors expected to truncate data like sockets and pipes?

  Read the article

• Binding Data Template element to property on sub-class

  - by TerrorAustralis

  Hi guys, I have a class, for experiment sake call it foo() and another class, call it bar() I have a data template for class foo() defined in my xaml, but one of foo()'s properties is a bar() object such that foo() { Public string Name {get; set;} Public int ID {get; set;} Public bar barProp {get; set;} } and bar() { Public string Description{get; set;} } I want my data template of foo to display the Description property of bar. I have tried the simple <textblock Text="{Binding Path=barProp.Description}" /> and variants to no avail Seeking wisdom, DJ

  Read the article

• An old flaw in X Window System. How does it work?

  - by Legend

  I was going through an article today when it mentioned the following: "We've found many errors over the years. One of the absolute best was the following in the X Window System: if(getuid() != 0 && geteuid == 0) { ErrorF("Only root"); exit(1); } It allowed any local user to get root access. (The tautological check geteuid == 0 was intended to be geteuid() == 0. In its current form, it compress the address of geteuid to 0; given that the function exists, its address is never 0)." The article explained what was wrong with the code but I would like to know what it means to say that "It allowed any local user to get root access". I am not an expert in C but can someone give me an exact context in which this exploit would work? Specifically, what I mean is, lets say I am the local user, how would I get root access if we assume this code to be present somewhere?

  Read the article

• Reload AJAX data every X minutes/seconds, jQuery

  - by NightMICU

  Hi everyone, I programmed a CMS that has a log of who has recently logged into the system. Presently, this data is fed into a jQuery UI tab via Ajax. I would like to put this information into a sidebar on the main page and load it via AJAX every 30 seconds (or some set period of time). How would I go about doing this? Does the PHP response need to be JSON coded? I am fairly new to AJAX and JSON data. Here is the PHP I am currently using to pull details from the users table- <?php $loginLog = $db->query("SELECT name_f, name_l, DATE_FORMAT(lastLogin, '%a, %b %D, %Y %h:%i %p') AS lastLogin FROM user_control ORDER BY lastLogin ASC LIMIT 10"); while ($recentLogin = $loginLog->fetch()) { echo $recentLogin['name_f'] . " " . $recentLogin['name_l'] . " - " . $recentLogin['lastLogin']; } ?> Thanks!

  Read the article

• Ajax, not sending querystring data

  - by Tom Gullen

  var http = false; // Creates xmlhttp object if (navigator.appName == "Microsoft Internet Explorer") { http = new ActiveXObject("Microsoft.XMLHTTP"); } else { http = new XMLHttpRequest(); } http.onreadystatechange = function() { if (http.readyState == 4) { alert(http.responseText); } } // Functions to calculate optimum layout etc. function compute() { var statusSpan = document.getElementById("cwStatus"); document.getElementById("fader").style.display = ""; document.getElementById("computingWait").style.display = ""; statusSpan.innerHTML = "<b>Status:</b> Realigning sattelites" http.open("GET", "alg.aspx?cr=8&cc=7&sq=3,3", true); http.send(null); } This code sort of works, but the querystring data isn't being passed through. It keeps returning an ASPX error page which only happens when there is no querystring data. Thanks for any help

  Read the article

• How to get data in the servlet send via dojo.xhrPost

  - by snell

  > var xhrArgs = { > url: '/mum/proxy/http/localhost:8080/DemoProject/MyServlet', > postData:' MyDataToBeSend', > handleAs: 'text', > load: function(data) { }, > error: function(error) {alert(error);}}; var ret = > dojo.xhrGet(xhrArgs); Hi All, I have written the above code in Javascript to send data to a servlet. But I am not understanding how to get the postData in the servlet.

  Read the article

• Cross-Application User Authentication

  - by Chris Lieb

  We have a webapp written in .NET that uses NTLM for SSO. We are writing a new webapp in Java that will tightly integrate with the original application. Unfortunately, Java has no support for performing the server portion of NTLM authentication and the only library that I can find requires too much setup to be allowed by IT. To work around this, I came up with a remote authentication scheme to work across applications and would like your opinions on it. It does not need to be extremely secure, but at the same time not easily be broken. User is authenticated into .NET application using NTLM User clicks link that leaves .NET application .NET application generates random number and stores it in the user table along with the user's full username (domain\username) Insecure token is formed as random number:username Insecure token is run through secure cipher (likely AES-256) using pre-shared key stored within the application to produce a secure token The secure token is passed as part of the query string to the Java application The Java application decrypts the secure key using the same pre-shared key stored within its own code to get the insecure token The random number and username are split apart The username is used to retrieve the user's information from the user table and the stored random number is checked against the one pulled from the insecure token If the numbers match, the username is put into the session for the user and they are now authenticated If the numbers do not match, the user is redirected to the .NET application's home page The random number is removed from the database

  Read the article

• Securing database keys for client-side processing

  - by danp

  I have a tree of information which is sent to the client in a JSON object. In that object, I don't want to have raw IDs which are coming from the database. I thought of making a hash of the id and a field in the object (title, for example) or a salt, but I'm worried that this might have a serious effect on processing overhead. SELECT * FROM `things` where md5(concat(id,'some salt')) = md5('1some salt'); Is there a standard practice for obscuring IDs in this kind of situation?

  Read the article

• How to match data between columns to do the comparasion

  - by NCC

  I do not really know how to explain this in a clear manner. Please see attached image I have a table with 4 different columns, 2 are identical to each other (NAME and QTY). The goal is to compare the differences between the QTY, however, in order to do it. I must: 1. sort the data 2. match the data item by item This is not a big deal with small table but with 10 thousand rows, it takes me a few days to do it. Pleas help me, I appreciate. My logic is: 1. Sorted the first two columns (NAME and QTY) 2. For each value of second two columns (NAME and QTY), check if it match with first two column. If true, the insert the value. 3. For values are not matched, insert to new rows with offset from the rows that are in first two columns but not in second two columns

  Read the article

• How to Check Authenticity of an AJAX Request

  - by Alex Reisner

  I am designing a web site in which users solve puzzles as quickly as they can. JavaScript is used to time each puzzle, and the number of milliseconds is sent to the server via AJAX when the puzzle is completed. How can I ensure that the time received by the server was not forged by the user? I don't think a session-based authenticity token (the kind used for forms in Rails) is sufficient because I need to authenticate the source of a value, not just the legitimacy of the request. Is there a way to cryptographically sign the request? I can't think of anything that couldn't be duplicated by a hacker. Is any JavaScript, by its exposed, client-side nature, subject to tampering? Am I going to have to use something that gets compiled, like Flash? (Yikes.) Or is there some way to hide a secret key? Or something else I haven't thought of? Update: To clarify, I don't want to penalize people with slow network connections (and network speed should be considered inconsistent), so the timing needs to be 100% client-side (the timer starts only when we know the user can see the puzzle). Also, there is money involved so no amount of "trusting the user" is acceptable.

  Read the article

• Safari - showing expired .NET Page

  - by Hidayath

  We have a strange problem in Safari. When the user logs out of our Web Application we expire the forms authentication with the following FormsAuthentication.SignOut(); Session.Abandon(); This works fine in IE and Firefox (when the user hits the back button they are presented with a page expired message and are forced to login) but in Safari the last page the user was working on shows up. I tried many of the suggested thinks like setting the Response.Expires but nothing helps , Has anyone faced this problem ? Do u have any suggestion / workarounds ? Thanks

  Read the article

• How to ensure the HTTP_REQUEST Is coming from the right place?

  - by seatoskyhk

  I learn that HTTP_REFERER or any HTTP request header can be fake and not reliable. REMOTE_ADDR is reliable though. so, how can I ensure the incoming HTTP_REQUEST call is coming from a website that I white-list? For example, I have a js code that will send from client site to server. (something like a sniper, cross platform). however, I only allow this happen from several websites. Not others. so, even other people copy the code and put onto their website, it won't work.

  Read the article

• Preventing dictionary attacks on a web application

  - by Kevin Pang

  What's the best way to prevent a dictionary attack? I've thought up several implementations but they all seem to have some flaw in them: Lock out a user after X failed login attempts. Problem: easy to turn into a denial of service attack, locking out many users in a short amount of time. Incrementally increase response time per failed login attempt on a username. Problem: dictionary attacks might use the same password but different usernames. Incrementally increase response time per failed login attempt from an IP address. Problem: easy to get around by spoofing IP address. Incrementally increase response time per failed login attempt within a session. Problem: easy to get around by creating a dictionary attack that fires up a new session on each attempt.

  Read the article

• password/login system in php

  - by Jonathan

  For a login system in php would this be a suitable outline of how it would work: users types in username and password, clicks login button. Checks if user exists in database, if it does, then retrieve the salt for that user hash the password and salt (would this be done on the client or server side? I think client side would be better, but php is server side so how would you do this?) check value against value in database, if the values match then user has typed in correct password and they are logged in.

  Read the article

• Customer provider Password Reset client.

  - by ProfK

  I'm looking for guidence on writing a custom password reset UI, but it must fit the Provider 'Pattern', or degrade silently to built-in defaults. E.g. my Reset Control must collect extra information, and perform differently to the standard Password Recovery Control. It must close as possible use the standard MembershipProvider interface for standard functions, and only use an extended interface for the non-standard stuff. I'd like some reading on issues such as, what must I ask the Membership Provider for, and what must I do myself. What must I tell the provider (service?) about what I do? Etc.

  Read the article

• Stored procedure does not return data if executed from VBA

  - by Sam

  I had stored procedure MySPOld in Sybase db. I created new sp MySP. This new sp returns data while executed from Sybase Sql Advantage. But not returning the data when called from VBA - Excel 2003 (EOF property of recordset is True). Here is my code.. Dim dbCon As ADODB.Connection Dim rstTemp As New ADODB.Recordset Dim query As String query = "exec MySP '01/01/2010', '01/14/2010'" dbCon.Open connectionString, "username" "password" dbCon.CommandTimeout = 300 rstTemp.Open query, dbCon, adOpenForwardOnly The code was working well with old sp. What could be the problem ? any idea ? Thanks in Advance.

  Read the article

• In a web application (war) I have a config text file. How to prevent web access to it?

  - by EugeneP

  In a servlet I have a config text file. How to prevent web access to it? So that only servlet code can get access to it? It is not encrypted and lays in the subdirectory of WebContent.

  Read the article

• What is this hacker trying to do?

  - by JW

  If you do a search for: http://www.google.co.uk/search?q=0x57414954464F522044454C4159202730303A30303A313527&hl=en&start=30&sa=N you will see a lot of examples of an attempted hack along the lines of: 1) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) -- What is exactly is it trying to do? Which db is it trying to work on? Do you know of any advisories about this?

  Read the article

• Should I sanitize EVERY form variable passed along?

  - by Camran

  I have a form with many fields... The action is set to a php page which queries mysql... Should I sanitize with mysql_real_escape_string every single variable? Or can I ignore sanitizing drop-lists and radios for instance? Also, besides mysql_real_escape_string, what else should I do to prevent attacks? Thanks

  Read the article

• How do I get the CoreData Debug argument to output to the console?

  - by radesix

  According to Apple documentation on debugging Core Data it says we should be able to pass an argument to the application which will output the SQL core data sends to SQLite. I have gone into the arguments tab of my executable in XCode and specified the argument: -com.apple.CoreData.SQLDebug 1 However, I see no SQL in the console. I then tried to use this parameter in the CoreDataBooks application provided by Apple just in case there was some other issue in MY program. Even in Apple's example I get no SQL output in the console. Am I doing something wrong? Is Apple's documentation wrong? Should I be looking someplace other than the console? Has anyone else had success with this argument?

  Read the article

< Previous Page | 425 426 427 428 429 430 431 432 433 434 435 436  | Next Page >