Search Results

Search found 17651 results on 707 pages for 'unix domain sockets'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 509/707 | < Previous Page | 505 506 507 508 509 510 511 512 513 514 515 516  | Next Page >

  • session fixation

    - by markiv
    Hi All, I am new to web development, and trying to get a hold on security issues. I went through this article on http://guides.rubyonrails.org/security.html these are some of the steps the author has mentioned how an attacker fixes session. 1. The attacker creates a valid session id: He loads the login page of the web application where he wants to fix the session, and takes the session id in the cookie from the response (see number 1 and 2 in the image). 2. He possibly maintains the session. Expiring sessions, for example every 20 minutes, greatly reduces the time-frame for attack. Therefore he accesses the web application from time to time in order to keep the session alive. 3. Now the attacker will force the user’s browser into using this session id (see number 3 in the image). As you may not change a cookie of another domain (because of the same origin policy), the attacker has to run a JavaScript from the domain of the target web application. Injecting the JavaScript code into the application by XSS accomplishes this attack. Here is an example: <script>?document.cookie="_session_id=16d5b78abb28e3d6206b60f22a03c8d9";?</script>. Read more about XSS and injection later on. 4. The attacker lures the victim to the infected page with the JavaScript code. By viewing the page, the victim’s browser will change the session id to the trap session id. 5. As the new trap session is unused, the web application will require the user to authenticate. 6. From now on, the victim and the attacker will co-use the web application with the same session: The session became valid and the victim didn’t notice the attack. I dont understand couple of points. i) why is user made to login in step5, since session is sent through. ii) I saw possible solutions on wiki, like user properties check and others why cant we just reset the session for the user whoever is login in when they enter username and password in step5? Thanks in advance Markiv

    Read the article

  • What do these characters do in a URL/WebAddress?

    - by acidzombie24
    I notice these characters are all illegal #%<>?\/*+|:" I notice these are encoded (%NN where NN is the hex value) but can be replace without problem $,;=& @ (note the space which is typically encoded as + (but may be %20)) #%?/+ i understand. But whats do the following characters do? <>\*|": Note: I understand what : does in the domain part (its the port) as @ is a login but after the first / why is : illegal? (@ isnt)

    Read the article

  • Optimal diff between object lists in Java

    - by Philipp
    I have a List of Java objects on my server which is sent to the client through some serialization mechanism. Once in a while the List of objects gets updated on the server, that is, some objects get added, some get deleted and others just change their place in the List. I want to update the List on the client side as well, but send the least possible data. Especially, I don't want to resend Objects which are already available on the client. Is there a library available which will produce some sort of diff from the two lists, so that I can only send the difference and the new Objects accross the wire? I have found several Java implementation of the unix diff command, but this algorithm is unpractical for order changes. ie. [A,B,C] - [C,B,A] could be sent as only place changes [1-3] [3-1], while diff will want to resend the whole A and C objects (as far as I understand).

    Read the article

  • Grails views for subclasses

    - by Jeff Beck
    I have a domain object called page that only has a title, I then have subclasses what are StaticPage that also has a textblock and PicturePage that contains a url. I have a site object that has many pages, I am looking for a way in the view for the site to call the a different template for each subclass. I can easily iterate through the pages but I would like to call each subclasses own view.

    Read the article

  • Do not filter outlinks in Nutch?

    - by sigpwned
    I'm currently trying to perform a deep crawl within a small list of sites. To accomplish this, I updated conf/domain-urlfilter.txt with the domains of the sites I wish to scrape, which worked nicely. However, I found that not only were the links crawled at every step filtered, but the outlinks captured from each page crawled were filtered as well. Is there a way to avoid filtering captured outlinks while still filtering crawled URLs?

    Read the article

  • Adding php script to cron

    - by shyam
    What should be given as the url to the script while adding it to cron scheduler. The script is at, say, domain.com/scripts/script.php or /public_html/scripts/script.php PS:I am using cPanel

    Read the article

  • Grails automatic constraint update

    - by Prakash
    Does grails have an automatic constraint update. If we change the field in domain class to be nullable by adding constraint, it is not getting reflected in database without schema export. Is it possible to do get grails do this update automatically.

    Read the article

  • mod_rewrite - Don't get a second rule work

    - by poru
    I want to have a url like this: domain.com/css/site.css?test=234 Rule: RewriteEngine On RewriteRule ^([a-z]+)/$ $1.php RewriteRule ^css/([a-zA-Z0-9]+).css?count=(.*)$ css.php?f=$1&test=$2 But I get every time a 404: Not found (site.css) If I have a rule like that it works, just without getting the $_GET-Variable: RewriteEngine On RewriteRule ^([a-z]+)/$ $1.php RewriteRule ^css/([a-zA-Z0-9]+).css$ css.php?f=$1

    Read the article

  • running jar file with multiple arguments in perl

    - by compiler9999
    Hi All, Im trying to run a jar file. this jar file will output multiple question in console manner, i want to eliminate the console and i need to input a value in order to proceed. e.g : A. Choose value 1 : [1] Windows [2] Unix Input : 2 B. Choose value 2 : [1] Oracle [2] DB2 Input : 1 Im trying : "java -jar program.jar < abc.txt" where abc.txt has a value of : 2 1 3 etc. but its not working its only getting the first value. please help. thanks. btw, ive also try : OPEN PIPE, "| java -jar program.jar"; open (FH, /abc.txt) print PIPE "$res"; close FH; close PIPE; Regards

    Read the article

  • Reading in multiple words for prolog

    - by prolog123456789
    Im running prolog via poplog on unix and was wondering if there was a way to read in multiple words (such as encase it into a string). For instance, read(X) will only allow X to be 1 term. However, if I encase the user input with "", it will return a list of character codes, is this the correct method as I can not find a way to convert it back to a readable string. I would also like to be able to see if the multiworded string contains a set value (for instance, if it contains "i have been") and am unsure of how i will be able to do this as well.

    Read the article

  • Is canvas security model ignoring access-control-allow-origin headers?

    - by luklatlug
    It seems that even if you set the access-control-allow-origin header to allow access from mydomain.org to an image hosted on domain example.org, the canvas' origin-clean flag gets set to false, and trying to manipulate that image's pixel data will trigger a security exception. Shouldn't canvas' obey the access-control-allow-origin header and allow access to image's data without throwing an exception?

    Read the article

  • WebService remote invoking fails.

    - by user569913
    I have a web service hosted on a web server, I invoke the web service using jquery ajax. The service returns results successfully when invoked locally from the server, but it fails when invoked from a remote client machine (not in the same domain). I see the request fail in the firebug returning error (401 UnAuthorized) and the response has the following error (Request format is unrecognized for URL unexpectedly ending in '/List').

    Read the article

  • How to determine bandwidth used by cron job?

    - by Lost_in_code
    I'm not a unix guy. CPanel does a good job of managing cronjobs and that is what I used to run dozens of cronjobs. All of them combined run more than 5000 times every day. Every cron makes a call to an external API. How can I check how much bandwidth are all the cron jobs eating? For my website I use awstats and that shows bandwidth usage et al. Another thing is that I dont want the admins to ban the cron jobs because they are using too much bandwidth (and CPU), more than what is allocated in my web hosting package.

    Read the article

  • codeigniter not being able to get the full param from url?

    - by bnelsonjax
    Im having a weird issue that i cant seem to fix. It's dealing with viewing a company and adding a location to that company. when viewing a company, my url would look like this: domain.com/company/view/415 So clearly 415 is the ID of company, the company shows up correctly on my company view page. Now comes the weird part. when clicking on an "Add Location" link, which would take me to : domain.com/location/add/415 so once again this should be saying Location / Add / 415 (company ID 415) on this page, if i do it will echo 4 (instead of 415...the company id) if the company id is 754, the php echo $data['id'] would echo 7 (instead of 754). So its stripping the last 2 numbers off the Company ID. Here is my controller: public function add($id) { if (isset($_POST["add"])) { $this->Equipment_model->add($id); redirect('company/view/'.$id); } $data['locations'] = $this->Equipment_model->get_locations($id); $data['data'] = $id; $this->load->view('templates/header'); $this->load->view('equipment/add', $data); $this->load->view('templates/footer'); } here is my .htaccess RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-l RewriteCond $1 !^(index\.php|css|font|img|js|themes) RewriteRule ^(.*)$ index.php/$1 [QSA,L] Because my php/codeigniter experience is limited, maybe my terminology is off, so i created a video and uploaded it to twitch, here is the link if you wanna see what im talking about: http://www.twitch.tv/bnelsonjax/b/420079504 if anyone could help i'd be so grateful, I've been stuck on this for about a week. UPDATE ok now we are getting somehwere, when i change controller to: public function add($id) { if (isset($_POST["add"])) { $this->Equipment_model->add($id); redirect('company/view/'.$id); } $data['locations'] = $this->Equipment_model->get_locations($id); $data['data'] = $id; $data['cid'] = $id; $this->load->view('templates/header'); $this->load->view('equipment/add', $data); $this->load->view('templates/footer'); $this->output->enable_profiler(TRUE); } if i add the following to the view page: <?php echo $data['id']; ?> it echos: 7 this one: <?php echo $cid; ?> it echos 766 (CORRECT ONE) this one: <?php echo $data['cid']; ?> it echos 7 my question then is why if the controller show: $data['data'] = $id; $data['cid'] = $id; does only the one thats $data['cid'] echo correctly?

    Read the article

  • Ignoring specific differences in diff

    - by naumcho
    When doing recursive diffs I want to ignore expected differences/translations - is there a way to do that with standard unix tools? E.g. file1: 1 ... 2 /path/to/something/ver1/blah/blah 3 /path/to/something/ver1/blah/blah 4 ... file2: 1 ... 2 /path/to/something/ver2/blah/blah 3 /path/to/something/ver3/blah/blah 4 ... I want to be able to do something like: diff file1 file2 --ignore-transltion "ver1>ver2" This should show only show me that line 3 is different Does anyone know of a good way to do that? I can easily write a perl script to do it but i will end up re-implementing most of the rest of the functionality of 'diff'. Update: My goal is to run this on directories with different versions of the same files with "diff -r" so I can spot unexpected differences in versions.

    Read the article

  • Redirect-gateway def1

    - by John
    I have setup OpenVPN on my server, and I am able to connect to it just fine, and browse the web, etc, from the client box. If I set the following option in the client config, I can no longer browse the web via domain name: redirect-gateway def1 On the server, I have run the following command: iptables -t nat -s 10.8.0.0/24 -A POSTROUTING -j SNAT --to myserver'sIP but that hasn't changed anything. Can anyone help suggest something?

    Read the article

  • How to utilize intranet bandwith

    - by tguclu
    Hi Is it possible to measure which web pages are visited mostyy and download their contenet so that people can access them offline. Basic scheme is: There will be client software on each user PC which will extract domain information on http requests and decide if it's already available on server or not. On the server side there will be another software which updates downloaded web pages. Do you think is this a good way of utilizing intranet bandwith ? thanks

    Read the article

  • MonoRails 2.0 CombineJS doesnt cache

    - by olemarius
    We just upgraded from MonoRails 1 to MonoRails 2.0, and want to use the CombineJS as seen here: http://erichauser.net/2009/01/27/javascript-compression-for-monorail/ In Firebug Net, it loads as http://www.domain.com/MonoRail/Files/BuiltJS.rails?name=deflayout&version=8204059377542922030 But it has must-revalidate in the cache-control: Cache-Control public, must-revalidate, max-age=259200 How can I get rid of that? Thanks in advance! :)

    Read the article

  • Is there a tool that automatically saves incremental changes to files while coding?

    - by Bob.
    One of my favorite features of Google docs is the fact that it's constantly automatically saving versions of my document as I work. This means that even if I forget to save at a certain point before making a critical change there's a good chance that a save point has been created automatically. At the very least, I can return the document to a state prior to the mistaken change and continue working from that point. Is there a tool with an equivalent feature for a Ruby coder running on Mac OS (or UNIX)? For example, a tool that will do an automatic Git check-in every couple of minutes to my local repository for the files I'm working on. Maybe I'm paranoid, but this small bit of insurance could put my mind at ease during my day-to-day work.

    Read the article

  • Is it the best practice to extract an interface for every class?

    - by the_drow
    I have seen code where every class has an interface that it implements. Sometimes there is no common interface for them all. They are just there and they are used instead of concreate objects. They do not offer a generic interface for two classes and are specific to the domain of the problem that the class solves. Is there any reason to do that?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 505 506 507 508 509 510 511 512 513 514 515 516  | Next Page >