Search Results

Search found 88156 results on 3527 pages for 'code contracts'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 534/3527 | < Previous Page | 530 531 532 533 534 535 536 537 538 539 540 541  | Next Page >

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

  • Google I/O 2012 - Big Data: Turning Your Data Problem Into a Competitive Advantage

    Google I/O 2012 - Big Data: Turning Your Data Problem Into a Competitive Advantage Ju-kay Kwek, Navneet Joneja Can businesses get practical value from web-scale data without building proprietary web-scale infrastructure? This session will explore how new Google data services can be used to solve key data storage, transformation and analysis challenges. We will look at concrete case studies demonstrating how real life businesses have successfully used these solutions to turn data into a competitive business asset. For all I/O 2012 sessions, go to developers.google.com From: GoogleDevelopers Views: 1 0 ratings Time: 52:39 More in Science & Technology

    Read the article

  • DICOM Image Viewer

    A simple viewer of images stored in the DICOM 3.0 File Format (C#). The file should have raw pixel data, uncompressed. Window Level functionality is also provided.

    Read the article

  • La gran final del Developer Bus en Colombia, la innovación desde las tecnologías Google (spanish)

    La gran final del Developer Bus en Colombia, la innovación desde las tecnologías Google (spanish) Toda la innovación del Developer Bus en Colombia con la presentación de los proyectos, la devolución del jurado y el gran ganador de la edición de Bogotá.#DevBusLatAm #DevBusBogota +Desarrolla... From: GoogleDevelopers Views: 0 0 ratings Time: 00:00 More in Science & Technology

    Read the article

  • OOP - Composition, Components and Composites Example?

    - by coder3
    I've been reading a bit about OOP in relation to Composition, Components and Composites. I believe I understand the fundamental principle (not sure). Can some one please provide a code example of a person or car (both have many properties) using Composition, Components and Composites. I think seeing it in code would clear up the confusion I have regarding this pattern. Preferably in Java or PHP - many thanks!

    Read the article

  • Sortie de Avgrund Modal : le plugin jQuery d'un nouvel effet pour popups et boîtes modales

    Sortie de Avgrund Modal le plugin jQuery pour vos boîtes modales et popups. Ce plugin, créé par Dmitri Voronianski, ajoute une impression de profondeur à la page lorsque vous affichez une boîte modale. Le contenu principal fait un zoom arrière (il rétrécit) et se grise. Il fonctionne dans tous les navigateurs récents. [IMG]http://dailyjs.com/images/posts/avgrund.png[/IMG] Simple d'utilisation, vous n'avez qu'à appeler ce code : Code javascript :

    Read the article

  • How do I make the launcher progress bar work with my application?

    - by Kevin Gurney
    Background Research I am attempting to update the progress bar within the Unity launcher for a simple python/Gtk application created using Quickly called test; however, following the instructions in this video, I have not been able to successfully update the progress bar in the Unity launcher. In the Unity Integration video, Quickly was not used, so the way that the application was structured was slightly different, and the code used in the video does not seem to function properly without modification in a default Quickly ubuntu-application template application. Screenshots Here is a screenshot of the application icon as it is currently displayed in the Unity Launcher. Here is a screenshot of the kind of Unity launcher progress bar functionality that I would like (overlayed on mail icon: wiki.ubuntu.com). Code class TestWindow(Window): __gtype_name__ = "TestWindow" def finish_initializing(self, builder): # pylint: disable=E1002 """Set up the main window""" super(TestWindow, self).finish_initializing(builder) self.AboutDialog = AboutTestDialog self.PreferencesDialog = PreferencesTestDialog # Code for other initialization actions should be added here. self.add_launcher_integration() def add_launcher_integration(self): self.launcher = Unity.LauncherEntry.get_for_desktop_id("test.destkop") self.launcher.set_property("progress", 0.75) self.launcher.set_property("progress_visible", True) Expected Behavior I would expect the above code to show a progress bar that is 75% full overlayed on the icon for the test application in the Unity Launcher, but the application only runs and displays no progress bar when the command quickly run is executed. Problem Investigation I believe that the problem is that I am not properly getting a reference to the application's main window, however, I am not sure how to properly fix this problem. I also believe that the line: self.launcher = Unity.LauncherEntry.get_for_desktop_id("test.destkop") may be another source of complication because Quickly creates .desktop.in files rather than ordinary .desktop files, so I am not sure if that might be causing issues as well. Perhaps, another source of the issue is that I do not entirely understand the difference between .desktop and .desktop.in files. Does it possibly make sense to make a copy of the test.desktop.in file and rename it test.desktop, and place it in /usr/share/applications in order for get_for_desktop_id("test,desktop") to reference the correct .desktop file? Related Research Links Although, I am still not clear on the difference between .desktop and .desktop.in files, I have done some research on .desktop files and I have come across a couple of links: Desktop Entry Files (library.gnome.org) Desktop File Installation Directory (askubuntu.com) Unity Launcher API (wiki.ubuntu.com) Desktop Files: putting your application in the desktop menus (developer.gnome.org) Desktop Menu Specification (standards.freedesktop.org)

    Read the article

  • Are there any drawbacks to the Major.Minor.YMDD.Build version strategy?

    - by Chu
    I'm trying to come up with a good version strategy to fit our specific needs. We've proposed settling on this and I wanted to ask the question to see if anyone's experience would suggest avoiding this or altering it in any way. Here's our proposal: Versions are released in this format: MAJOR.MINOR.YMDD.BN. Here it is broken out: MAJOR & MINOR are typical; we'll increase MINOR when we feel code and new feature sets warrants it; once every few months most likely. MAJOR will increase ~yearly. YMDD: Y will be the last digit of the current year, so "1" for 2011, "2" for 2012, etc. A non-padded month will be used to keep the number smaller (9 instead of 09 for example). DD of course is the day, padded with a zero for days under 10. BN: BN is the build number and increases by one anytime we make a change to a branch of the code represented by the build, for example: If were to make a build today, our release would be version 5.0.1707.1. I release to QA today and 3 days from now QA finds that a change broke the save functionality on a page. Instead of me changing our current development code, I'd go back to the code that I used to create version 5.0.1707.1, make the fix there, then increase the BN portion of the version and would then re-release 5.0.1707.2 back to QA. In short, anytime a change is made to a branched version that isn't the active dev branch, we'd use the original version number and increase only the BN portion (even if the change happened 3 days, 3 weeks or 3 months from the initial release of that version). Anytime we make a new release from our Active dev branch, we'd come up with a new version based on the M/D of the release using the outlined strategy. We do this once every 2-3 weeks. Are there holes or pitfalls with this? If so, what are they? Thanks EDIT To clarify one point that I didn't get out very well - Oct/Nov/Dec will be two digits, it's only the year that won't be. So 9 for Sept, 10 for Oct, 11 for Nov, etc.

    Read the article

  • Deploying website content via Subversion

    - by Johann
    we have recently set up a new development infrastructure and process for one of our clients. This involves the strict use of subversion as a central source code repository. The svn repositories contains a seperate branch for code on the live system (/branches/live/). The repositories are use for PHP content (mainly Wordpress Blogs), but in future they may hold other asp code as well. Bonus points for a solutions which more or less in the same way with ASP code on Windows Server 2008 R2. We have two servers: one staging system and one live system. The staging system is updated regularly with the code of the trunk. The live system is update manually. Each webroot on the servers are working copy of either the trunk (staging system) or the live branch (live system). The current workflow is: Developing on the dev's box - commit into the trunk - auto-deploy on staging system - testing on the staging system - merging into /branches/live/ - manual deployment on live system. This works for one-way changes very well, however we have some troubles on every wordpress (or plugin) update: The WP update process removes the directories and unpack the archive of the new version. This removes the svn admin area as well, which produces a lot of errors. We could switch to SVN 1.7 with a single, global admin area, but this would only solve on part of the problem. Finally, we have done the update via the WP Gui, restored the svn admin area, added/removed the files and committed the changes to the trunk. After testing, we had to do basically the same thing on the live server (except the commit, we just reverted the changes and merged the new files from the staging system to the live system). I'm currently thinking of the following: The htdocs of each website is a svn export Each website has a svn working copy beside the htdocs directory a script which "replays" the changes in the wc from htdocs after an update in WP (rsync'ing the changed files to the working copy, rsync'ing new files and svn add them and finally svn delete the deleted files). The script would have to exclude some files (like wp-config.php, uploads/temp directories, etc.). Are there better ways to do this? Unfortunaly, a complete CI server is out of scope due to time and budget limitations.

    Read the article

  • Women Techmakers

    Women Techmakers A panel of technical women leaders at Google talk about innovation, product leadership, and getting more women to the table. Susan Wojcicki (SVP, Advertising) Angela Lai (VP, Engineering of Payments) Anna Patterson (Director, Engineering) Gayathri Rajan (Director, Product Management) Megan Smith (VP, New Business Development) as moderator From: GoogleDevelopers Views: 10 3 ratings Time: 00:00 More in Education

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 530 531 532 533 534 535 536 537 538 539 540 541  | Next Page >