Search Results

Search found 89880 results on 3596 pages for 'code sign'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 563/3596 | < Previous Page | 559 560 561 562 563 564 565 566 567 568 569 570  | Next Page >

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

  • Not using nofollow for UGC links

    - by Noam
    My site contains many links that were user generated so I've added a rel=nofollow to them. I'm considering removing that tag at least partially, as these are most of my outgoing links and I've come to understand it isn't a good SEO sign to not have outgoing followed links. Although these are external sites, I have some data on the popularity and categorization of these sites. I'm trying to decide between two options: Removing the nofollow link for popular sites in most categories. Removing the nofollow for links that are in specific categories that represent the categorization I would like to achieve for my site. For example if this is a site about Basketball only remove the nofollow for links that are from sport sites. As these are both not exactly natural approaches, can this hurt me? Which option would you recommend?

    Read the article

  • Google I/O 2012 - Big Data: Turning Your Data Problem Into a Competitive Advantage

    Google I/O 2012 - Big Data: Turning Your Data Problem Into a Competitive Advantage Ju-kay Kwek, Navneet Joneja Can businesses get practical value from web-scale data without building proprietary web-scale infrastructure? This session will explore how new Google data services can be used to solve key data storage, transformation and analysis challenges. We will look at concrete case studies demonstrating how real life businesses have successfully used these solutions to turn data into a competitive business asset. For all I/O 2012 sessions, go to developers.google.com From: GoogleDevelopers Views: 1 0 ratings Time: 52:39 More in Science & Technology

    Read the article

  • Multiple vulnerabilities in Wireshark

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1593 Denial of Service (DoS) vulnerability 3.3 Wireshark Solaris 11 11/11 SRU 8.5 CVE-2012-1594 Improper Control of Generation of Code ('Code Injection') vulnerability 3.3 CVE-2012-1595 Resource Management Errors vulnerability 4.3 CVE-2012-1596 Resource Management Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • DICOM Image Viewer

    A simple viewer of images stored in the DICOM 3.0 File Format (C#). The file should have raw pixel data, uncompressed. Window Level functionality is also provided.

    Read the article

  • Problems creating a debdiff

    - by Chris Wilson
    I'm following this guide to create a debdiff for a package I'm patching. Everything goes fine until step number 8 and I attempt to create the debdiff after committing the changes. The package in question is Zim, pulled form Launchpad using bzr branch lp:zim and according to this guide I should execute the following command to create the debdiff: debdiff zim_0.49.dsc zim_0.49ubuntu1.dsc > zim_0.49ubuntu1.debdiff however, when I actually try to execute this command, I get the following error: debdiff: fatal error at line 314: Can't read file: zim_0.49.dsc Upon inspection of the directory in which the files created from debuild -S (step 6) are deposited, I find zim_0.49ubuntu1_source.changes zim_0.49ubuntu1.dsc zim_0.49ubuntu1.tar.gz zim_0.49ubuntu1_source.build but no sign of zim_0.49.dsc. I could probably create one by debuilding the package as soon as I check out the code, before starting work, but that would add an extraneous entry in the changelog. Is there a step missing from the guide that creates zim_0.49.dsc or is the file itself missing from the source?

    Read the article

  • How do I make the launcher progress bar work with my application?

    - by Kevin Gurney
    Background Research I am attempting to update the progress bar within the Unity launcher for a simple python/Gtk application created using Quickly called test; however, following the instructions in this video, I have not been able to successfully update the progress bar in the Unity launcher. In the Unity Integration video, Quickly was not used, so the way that the application was structured was slightly different, and the code used in the video does not seem to function properly without modification in a default Quickly ubuntu-application template application. Screenshots Here is a screenshot of the application icon as it is currently displayed in the Unity Launcher. Here is a screenshot of the kind of Unity launcher progress bar functionality that I would like (overlayed on mail icon: wiki.ubuntu.com). Code class TestWindow(Window): __gtype_name__ = "TestWindow" def finish_initializing(self, builder): # pylint: disable=E1002 """Set up the main window""" super(TestWindow, self).finish_initializing(builder) self.AboutDialog = AboutTestDialog self.PreferencesDialog = PreferencesTestDialog # Code for other initialization actions should be added here. self.add_launcher_integration() def add_launcher_integration(self): self.launcher = Unity.LauncherEntry.get_for_desktop_id("test.destkop") self.launcher.set_property("progress", 0.75) self.launcher.set_property("progress_visible", True) Expected Behavior I would expect the above code to show a progress bar that is 75% full overlayed on the icon for the test application in the Unity Launcher, but the application only runs and displays no progress bar when the command quickly run is executed. Problem Investigation I believe that the problem is that I am not properly getting a reference to the application's main window, however, I am not sure how to properly fix this problem. I also believe that the line: self.launcher = Unity.LauncherEntry.get_for_desktop_id("test.destkop") may be another source of complication because Quickly creates .desktop.in files rather than ordinary .desktop files, so I am not sure if that might be causing issues as well. Perhaps, another source of the issue is that I do not entirely understand the difference between .desktop and .desktop.in files. Does it possibly make sense to make a copy of the test.desktop.in file and rename it test.desktop, and place it in /usr/share/applications in order for get_for_desktop_id("test,desktop") to reference the correct .desktop file? Related Research Links Although, I am still not clear on the difference between .desktop and .desktop.in files, I have done some research on .desktop files and I have come across a couple of links: Desktop Entry Files (library.gnome.org) Desktop File Installation Directory (askubuntu.com) Unity Launcher API (wiki.ubuntu.com) Desktop Files: putting your application in the desktop menus (developer.gnome.org) Desktop Menu Specification (standards.freedesktop.org)

    Read the article

  • La gran final del Developer Bus en Colombia, la innovación desde las tecnologías Google (spanish)

    La gran final del Developer Bus en Colombia, la innovación desde las tecnologías Google (spanish) Toda la innovación del Developer Bus en Colombia con la presentación de los proyectos, la devolución del jurado y el gran ganador de la edición de Bogotá.#DevBusLatAm #DevBusBogota +Desarrolla... From: GoogleDevelopers Views: 0 0 ratings Time: 00:00 More in Science & Technology

    Read the article

  • OOP - Composition, Components and Composites Example?

    - by coder3
    I've been reading a bit about OOP in relation to Composition, Components and Composites. I believe I understand the fundamental principle (not sure). Can some one please provide a code example of a person or car (both have many properties) using Composition, Components and Composites. I think seeing it in code would clear up the confusion I have regarding this pattern. Preferably in Java or PHP - many thanks!

    Read the article

  • Sortie de Avgrund Modal : le plugin jQuery d'un nouvel effet pour popups et boîtes modales

    Sortie de Avgrund Modal le plugin jQuery pour vos boîtes modales et popups. Ce plugin, créé par Dmitri Voronianski, ajoute une impression de profondeur à la page lorsque vous affichez une boîte modale. Le contenu principal fait un zoom arrière (il rétrécit) et se grise. Il fonctionne dans tous les navigateurs récents. [IMG]http://dailyjs.com/images/posts/avgrund.png[/IMG] Simple d'utilisation, vous n'avez qu'à appeler ce code : Code javascript :

    Read the article

  • Recover personal PGP key from old home

    - by Oli
    Many lives ago, I created a GPG key to sign the Ubuntu Code of Conduct on Launchpad. I haven't really used it since. Some time later, I backed up my home and started fresh. That was all back in 2009. I still have the backup but now I'm starting to play around with Quickly and upload things to Launchpad, I could really do with having my PGP key back. I don't really know how the key is organised or where it's stored, but I'd like to recover my old key rather than generate a new one. Any idea where to start?

    Read the article

  • Free Java Workshops at Mobile World Congress

    - by Jacob Lehrbaum
    Are you attending Mobile World Congress in Barcelona next week? If so, you might want to register for Oracle's free workshop series taking place in the App Planet. We will be hosting a series of 25 workshops in our booth covering a range of topics that include: Benefits of Deploying Phones with Oracle Java Wireless Client Oracle's Embedded Java solutions for Machine-to-Machine applications Building better User Interfaces with the Lightweight User Interface Toolkit Resources to help you leverage Operator Network APIs in your Applications The Java Verified Program: new trusted status and other recent initiatives Building better mobile enterprise applications with Oracle's ADF Mobile technology How to build a profitable mobile applications business with Java ME Guest speakers from Orange, Telefonica and from leading ISVs REGISTER NOW for one or more workshops in the Oracle Java Booth 7C18 located in the App Planet. Oh, and did we mention there might be giveaways? Note: you may need to "sign out" if you have an account on Oracle.com in order to see the registration page

    Read the article

  • Are there any drawbacks to the Major.Minor.YMDD.Build version strategy?

    - by Chu
    I'm trying to come up with a good version strategy to fit our specific needs. We've proposed settling on this and I wanted to ask the question to see if anyone's experience would suggest avoiding this or altering it in any way. Here's our proposal: Versions are released in this format: MAJOR.MINOR.YMDD.BN. Here it is broken out: MAJOR & MINOR are typical; we'll increase MINOR when we feel code and new feature sets warrants it; once every few months most likely. MAJOR will increase ~yearly. YMDD: Y will be the last digit of the current year, so "1" for 2011, "2" for 2012, etc. A non-padded month will be used to keep the number smaller (9 instead of 09 for example). DD of course is the day, padded with a zero for days under 10. BN: BN is the build number and increases by one anytime we make a change to a branch of the code represented by the build, for example: If were to make a build today, our release would be version 5.0.1707.1. I release to QA today and 3 days from now QA finds that a change broke the save functionality on a page. Instead of me changing our current development code, I'd go back to the code that I used to create version 5.0.1707.1, make the fix there, then increase the BN portion of the version and would then re-release 5.0.1707.2 back to QA. In short, anytime a change is made to a branched version that isn't the active dev branch, we'd use the original version number and increase only the BN portion (even if the change happened 3 days, 3 weeks or 3 months from the initial release of that version). Anytime we make a new release from our Active dev branch, we'd come up with a new version based on the M/D of the release using the outlined strategy. We do this once every 2-3 weeks. Are there holes or pitfalls with this? If so, what are they? Thanks EDIT To clarify one point that I didn't get out very well - Oct/Nov/Dec will be two digits, it's only the year that won't be. So 9 for Sept, 10 for Oct, 11 for Nov, etc.

    Read the article

  • The October 2013 Oracle Linux Newsletter is Out!

    - by Chris Kawalek
    The October 2013 edition of the Oracle Linux Newsletter is here! This issue is absolutely packed with information. Some highlights: Information on the "Why Choose Oracle Linux for Your Oracle Database 12c Deployments?" webcast coming up on October 30. Now Available: Unbreakable Enterprise Kernel 3 Oracle Linux Highlights from Oracle OpenWorld 2013 Oracle Linux Now Available on Microsoft Azure Faster Downloads of Oracle Linux Updates Plus, videos, white papers, customer spotlights, information on training, and much more! You can sign up to get the newsletter in your inbox automatically, or you can read this edition online right now. -Chris 

    Read the article

  • Applications: Colliding Marbles in C Sharp

    - by TechTwaddle
    If you follow this blog, you know how much I love marbles. I was staying up for Microsoft's "It's Time To Share" event and I thought I'll write up a C# version of Colliding Marbles. It's a pretty straight forward port from the native version, the only major difference being in the drawing primitives. Video follows. The solution was created using Visual Studio 2008 and the source code is shared below. Source Code: CollidingMarbles.zip [Shared on SkyDrive] Video,

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 559 560 561 562 563 564 565 566 567 568 569 570  | Next Page >