Search Results

Search found 32274 results on 1291 pages for 'access specifier'.

Page 434/1291 | < Previous Page | 430 431 432 433 434 435 436 437 438 439 440 441  | Next Page >

• How to store private pictures and videos in Ruby on Rails

  - by TK

  Here's a story: User A should be able to upload an image. User A should be able to set a privacy. ("Public" or "Private"). User B should not be able to access "Private" images of User A. I'm planning to user Paperclip for dealing with uploads. If I store the images under "RAILS_ROOT/public/images", anyone who could guess the name of the files might access the files. (e.g., accessing http://example.com/public/images/uploads/john/family.png ) I need to show the images using img tags, so I cannot place a file except public. How can I ensure that images of a user or group is not accessible by others?

  Read the article

• Receive and Process Email with ASP.NET / C# [closed]

  - by Arthur Chaparyan

  Possible Duplicates: Recommendations for a .NET component to access an email inbox coding for how to receive a mail in windows apllication What methods are there for having .NET code run and handle e-mails as they arrive? I'm developing a social networking site that will allow users to send an email to an email address that is for posting. This is the same thing Blogger does. This allows me to take a picture with my phone and send it to [email protected] and have it posted to my profile. The site is running IIS6 and I have full access to the server. Emails are currently being processed using the SMTP service that comes with Windows 2003 Server, but I can switch to another system without any issues. I am assuming I would have to somehow have the incoming emails either go into a folder that my application is watching or cause incoming emails to trigger a script. can anyone point me in the right direction?

  Read the article

• What are the weaknesses of this user authentication method?

  - by byronh

  I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

  Read the article

• Multitenant shared user account?

  - by jpartogi

  Dear all, Based on your experience, which is the route to go for a multi-tenant user login? One user login per account. Which means if there is one user that has access to multiple account, there will be redundancy of record in the database One user login for all account that she has privileges to. Which means one user record has access to multiple account if she has privileges to that account. From your experience, which one is better and why? I was thinking to choose the latter, but I don't know whether it will cause security issue or less flexibility. Thank you for sharing your experience.

  Read the article

• .NET WebService Security who can see and use.

  - by user295734

  Trying to firgure out how to test the security of a WebService. Is there some way to search a site for webservices? I have 2 applications one has a webservice and the other a reference to that service. I let visual studio build the reference in the App_WebReferences folder. The webservice works, but i started wondering, can anyone access this service from any website? If so, how can i test this? How do you search a site for webservices? Could I use jQuery/JSON code from a simple site to access a webservice? I guess if it is not secure, how do you secure a webservice?

  Read the article

• How to make an Asp.net MVC 2 website have a Private Beta Mode.

  - by Mark Kitz

  I am creating an ASP.Net MVC website that I am launching soon in private beta. What I am using. ASP.NET MVC 2 ASP.NET Sql Membership Provider Authorization Attributes on ActionMethods. ex. [EditorsOnly] What I am trying to accomplish: During the private Beta period of my website, I want no anonymous users to access my site. Only Beta Testers of my site should be able to login and use my site as normal. After the private beta period people can access it using the security structure I already have set up. I am hoping I do not have to recompile but can have a setting in the webconfig to switch between Private Beta mode to Normal mode. Thanks for your suggestions.

  Read the article

• Iterating 'Active' View Controllers

  - by ISDi

  Ola Folks, In an iPhone application I am displaying different views by using the addSubView:SomeViewController.view method. I want to be able to, at the very least, log the view controllers that are in the view hierarchy that is being displayed. I would prefer to be able to get a handle to a specific view controller. I know how to iterate the views, I just do not see how to access the view controllers of those views. I am looking for something that will give me the type of access to the view controllers that UINavigationController::ViewControllers does. I thought I could get away with: for (UIViewController* oVC in [self.view subviews]) but this is not having the intended effect. If someone has a way of doing this, please share it with me. -isdi-

  Read the article

• python - checking if a user has admin privileges

  - by Matt

  Hi, I'm writing a little program as a self-learning project in Python 3.x. my idea is for the program to allow two fields of text entry to the user, and then plug the user's input into the value of two specific registry keys. What I was wondering, and something my books don't seem to cover, is if there is a simple way to make it check if the current user can access the registry. I'd rather it cleanly tell the user that he needs admin privileges than for the program to go nuts and crash because it's trying to access a restricted area. I'd like it to make this check as soon as the program launches, before the user is given any input options. What code is needed for this? thanks for the help

  Read the article

• Possible Performance Considerations using Linq to SQL Repositories

  - by Robert Harvey

  I have an ASP.NET MVC application that uses Linq to SQL repositories for all interactions with the database. To deal with data security, I do trimming to filter data to only those items to which the user has access. This occurs in several places: Data in list views Links in a menu bar A treeview on the left hand side containing links to content Role-based security A special security attribute, inheriting from AuthorizeAttribute, that implements content-based authorization on every controller method. Each of these places instantiates a repository, which opens a Linq to Sql DataContext and accesses the database. So, by my count, each request for a page access opens at least six separate Linq to SQL DataContexts. Should I be concerned about this from a performance perspective, and if so, what can be done to mitigate it?

  Read the article

• iPhone Wax accessing already instantiated classes

  - by John Smith

  I am trying to access already instantiated OBjC classes via Lua. How can I do it?

  Read the article

• Mail app up/down arrows

  - by 4thSpace

  Is there a way to get access to the up/down arrows used in the Mail app and implement them the same way?

  Read the article

• Starting with asp.net MVC

  - by Josemalive

  Hello, Actually im doing a home page that only have an action called Index() that returns the view Index.ascx. This index page will be composed by lastest news and lastest registered users, i think that create two partial views is the best idea (this way i could use it in other views). for other hand i have a data access class that calls to database for get stuff (get last news, get last users, etc...) My question is simple, should i call to the this data access class in the Index() action of my HomeController, and add to the ViewData the data obtained? I think that this index() action shouldnt be the responsable of passing this data to the partial views, right? Could you give me a hand? im messing too much? ;-) Thanks in advance. Best Regards. Jose

  Read the article

• Trapping events within list box item templates in WPF

  - by AC

  I've got listbox that employs an item template. Within each item in the list, as defined in the template there is a button. When the user clicks the button I change a value in the data source that defines the sort order of the list. Changing the datasource is not a problem as this is working just fine within my application template. However my next step is to reload the listbox with the new sorted data source. I've tried doing this from the tempalte but it apparently doesn't have access (or I can't figure out how to get access) to the parent elements so I can reset the .ItemSource property with a newly sorted data source. Seems like this is possible but the solution is eluding me :(

  Read the article

• PHP can be exclusively accessed by SWF

  - by brett

  I'm not sure how to describe this, but basically I have a PHP class file: class HelloHello { public function getSomeData($input_parameter){ // code to retrieve data from the database } public function deleteSomeData($input_parameter){ // code to delete data from the database } } This class is on the server and is part of the backend that connects with a database, and it's meant to be accessed by the frontend SWF only (not to be directly accessed). I've setup Flex to read this class and access it. But how do I make sure that someone doesn't develop a script that can call this php file directly and access its methods? For example using a script to add data in a fast automated way, or use the delete method directly, ouch. Is this a legitimate concern, or this can't be done?

  Read the article

• iphone: accessing the preferences localization file from code

  - by phonecoddy

  I was just facing the following problem and couldn't find a solution for it. Hopefully someone could help. The app I am working on has some preferences, which are using a localization file. Now I want to use labels in my app, which display the exact names, which are used in the localization file for the preferences. But I couldn't find a way to access the information which is stored in Settings.bundle - en.lproj - localizationfile.strings. to make this clear: If you open your preferences for your app, the display shows the localized string of the title and the value of the setting. I need to access the localized string of the title of each preference from my code. Does any know how to do this?

  Read the article

• IE8 no honoring display:none

  - by user357034

  I have the following markup on a page and unfortunately I do not have direct access to it. . This page is opened in an iframe. There is other code on the page but it is not relevant so I have not posted it. The only access to target the code in via css. I want to not display the close button so I added this to the css file img[alt='Close'] {display:none !important;} this is the markup <td align="center"><a href='javascript:window.close()'><img src='v/vspfiles/templates/100/images/buttons/btn_close.gif' alt='Close' border=0></a></td> It works as expected in all browsers that i have tested (firefox, Opera, Safari) but in IE8 it seems to ignore this css and shows the button. Not sure if it doesn't like the selector or perhaps I have a syntax error. Not sure where to go from here.

  Read the article

• .NET: Is there a way to finagle a default namespace in an XPath 1.0 query?

  - by Cheeso

  I'm building a tool that performs xpath 1.0 queries on XHTML documents. The requirement to use a namespace prefix in the query is killing me. The query looks like this: html/body/div[@class='contents']/div[@class='body']/ div[@class='pgdbbyauthor']/h2[a[@name][starts-with(.,'Quick')]]/ following-sibling::ul[1]/li/a (all on one line) ...which is bad enough, except because it's xpath 1.0, I need to use an explicit namespace prefix on each QName, so it looks like this: ns1:html/ns1:body/ns1:div[@class='contents']/ns1:div[@class='body']/ ns1:div[@class='pgdbbyauthor']/ns1:h2[ns1:a[@name][starts-with(.,'Quick')]]/ following-sibling::ns1:ul[1]/ns1:li/ns1:a To set up the query, I do something like this: var xpathDoc = new XPathDocument(new StringReader(theText)); var nav = xpathDoc.CreateNavigator(); var xmlns = new XmlNamespaceManager(nav.NameTable); foreach (string prefix in xmlNamespaces.Keys) xmlns.AddNamespace(prefix, xmlNamespaces[prefix]); XPathNodeIterator selection = nav.Select(xpathExpression, xmlns); But what I want is for the xpathExpression to use the implicit default namespace. Is there a way for me to transform the unadorned xpath expression, after it's been written, to inject a namespace prefix for each element name in the query? I'm thinking, anything between two slashes, I could inject a prefix there. Excepting of course axis names like "parent::" and "preceding-sibling::" . And wildcards. That's what I mean by "finagle a default namespace". Is this hack gonna work? Addendum Here's what I mean. suppose I have an xpath expression, and before passing it to nav.Select(), I transform it. Something like this: string FixupWithDefaultNamespace(string expr) { string s = expr; s = Regex.Replace(s, "^(?!::)([^/:]+)(?=/)", "ns1:$1"); // beginning s = Regex.Replace(s, "/([^/:]+)(?=/)", "/ns1:$1"); // stanza s = Regex.Replace(s, "::([A-Za-z][^/:*]*)(?=/)", "::ns1:$1"); // axis specifier s = Regex.Replace(s, "\\[([A-Za-z][^/:*\\(]*)(?=[\\[\\]])", "[ns1:$1"); // predicate s = Regex.Replace(s, "/([A-Za-z][^/:]*)(?!<::)$", "/ns1:$1"); // end s = Regex.Replace(s, "^([A-Za-z][^/:]*)$", "ns1:$1"); // edge case s = Regex.Replace(s, "([-A-Za-z]+)\\(([^/:\\.,\\)]+)(?=[,\\)])", "$1(ns1:$2"); // xpath functions return s; } This actually works for simple cases I tried. To use the example from above - if the input is the first xpath expression, the output I get is the 2nd one, with all the ns1 prefixes. The real question is, is it hopeless to expect this Regex.Replace approach to work, as the xpath expressions get more complicated?

  Read the article

• how change nginx temp & log folder or disable logging completely

  - by Ehsan Khodarahmi

  I'm running nginx 1.3.5 under windows seven, I need to execute nginx directly from a read-only media (CD or DVD), but when I want to run it, it fails with this error: nginx: [alert] could not open error log file: CreateFile() "logs/error.log" fail ed (5: Access is denied) 2012/08/28 13:52:46 [emerg] 5604#2864: CreateDirectory() "J:\nginx-1.3.5/temp/client_body_temp" failed (5: Access is denied) where J is my CD-ROM drive letter. I've changed nginx.conf to disable logging completely, but seems anyway it still tries to build a file named 'error.log' in '/logs' folder & some extra temporary contents in '/temp' folder at the startup, so I want to change 'logs' & 'temp' directory path to windows temp folder (%temp%), but I dont have any idea that how can I do it. Also I want to know why nginx still creates 'logs/error.log' after disableing error logging ?

  Read the article

• How many layers is too many?

  - by Nathan

  As I have been learning about software development the last 2 years the more I learn, it seems the more gray areas I am running into. One gray area I have issues with right now is trying to decide how many layers an application should have. For example, in a WPF MVVM application what fashion of layering is ok? Is the following too separated? When I mention layering I mean creating a new class library for each layer. Presentation (View) View Model Business Layer Data Access Model Layer Utility Layer Or for a non MVVM application is this too separated? Presenation Business Data Access Model Layer Utility Layer Is acceptable to run layers together and just create folders for each layer? Any coloring of this gray area would be appreciated.

  Read the article

• E4X in ActionScript

  - by Brian Genisio

  Hey all, Looking at the E4X implementation in ActionScript, it occurs to me that they had to figure out how to do three things that I am not sure can be done within ActionScript regularly: Properties/Getters prefixed with @: var myAttribute = xmlPerson.@name; Nameless functions for filtering: xmlData.person.(/* predicate */) lambda syntax for predicates: xmlData.person.(@name == "Brian") So here is my question: Are these just one-off capabilities (much like Vector.<>) they put in just for E4X, therefore keeping out of reach for us? Or do we, as ActionScript developers, have access to these features? More specifically, I'd love to get access to the expression tree of that lambda predicate for my own code (not tied to the XML classes in any way). I figured out that this is called the "filter operator"... but I am not sure how to harness it. Not sure I can... since ActionScript does not allow for operator overloading :(

  Read the article

• Building an application that includes a DB, and need recommendations

  - by Rubys

  I'm going to build a little system for personal use, and I want it to save data to a database. The language is going to be C#, and so I'd like to use this opportunity to get my head around LINQ to SQL. I have some DB experience and I know my SQL, but it was all in school using Access, which is giving me trouble, and so I'd like to use another DB, something that is small in size, easy to install, and should work with LINQ to SQL. The problem is: I don't know any except Access, and am looking for recommendations. To sum it up: I need a lightweight, easy to install, linq-to-sql supporting database for a small system on a home computer, any recommendations?

  Read the article

• Accessing rails flash[:notice] in a model

  - by titaniumdecoy

  I am trying to assign a message to flash[:notice] in a model observer. This question has already been asked: Ruby on Rails: Observers and flash[:notice] messages? However, I get the following error message when I try to access it in my model: undefined local variable or method `flash' for #<ModelObserver:0x2c1742c> Here is my code: class ModelObserver < ActiveRecord::Observer observe A, B, C def after_save(model) puts "Model saved" flash[:notice] = "Model saved" end end I know the method is being called because "Model saved" is printed to the terminal. Is it possible to access the flash inside an observer, and if so, how?

  Read the article

• Tmp issues with java service on windows 2008 service

  - by Mans

  Hello! I am having a rather nasty problem with windows 2008 server. We have a java application that is running as a service using the local services user. The problem is this user does not have access to read/write to the specified java tmp directory (specified by the system). This means that every time the application tries to create a tmp file an IOException is thrown. Is there any way to make a java application that need access to the tmp directory run as a service without: Creating a new user specifically for the purspose Specifying a new tmp directory (which you will have to clean up yourself)

  Read the article

• C# Calling Methods in Generic Classes

  - by aip.cd.aish

  I am extending the ImageBox control from EmguCV. The control's Image property can be set to anything implementing the IImage interface. All of the following implement this interface: Image<Bgr, Byte> Image<Ycc, Byte> Image<Hsv, Byte> Now I want to call the Draw method on the object of the above type (what ever it may be). The problem is when I access the Image property, the return type is IImage. IImage does not implement the Draw method, but all of the above do. I believe I can cast the object of type IImage to one of the above (the right one) and I can access the Draw method. But how do I know what the right one is? If you have a better way of doing this, please suggest that as well.

  Read the article

• problem convert idl to tbl

  - by Bahgat Mashaly

  i try to get a selected text and the word under mouse in firefox after a lot of search i get the solution that i must access a document's HTML in Firefox using IAccessible i found that solution in c++ in this link How to access a document's HTML in Firefox using IAccessible the solution use ISimpleDOMNode.idl file so the first step to convert that solution from c++ to c# is convert ISimpleDOMNode.idl to tlb file and convert tlb to dll fill i try to use VS Command Prompt with this command to convert to tlb file midl ISimpleDOMNode.idl but That generate ISimpleDOMNode.h and ISimpleDOMDocument.h, which define the interfaces. It also create ISimpleDOMNode_i.c and ISimpleDOMDocument_i.c but there is no tlb file what is the wrong ?

  Read the article

< Previous Page | 430 431 432 433 434 435 436 437 438 439 440 441  | Next Page >