Search Results

Search found 22998 results on 920 pages for 'supervised users'.

Page 625/920 | < Previous Page | 621 622 623 624 625 626 627 628 629 630 631 632 | Next Page >

Pyramid.security: Is getting user info from a database with unauthenticated_userid(request) really secure?

- by yourfriendzak

I'm trying to make an accesible cache of user data using Pyramid doc's "Making A “User Object” Available as a Request Attribute" example. They're using this code to return a user object to set_request_property: from pyramid.security import unauthenticated_userid def get_user(request): # the below line is just an example, use your own method of # accessing a database connection here (this could even be another # request property such as request.db, implemented using this same # pattern). dbconn = request.registry.settings['dbconn'] userid = unauthenticated_userid(request) if userid is not None: # this should return None if the user doesn't exist # in the database return dbconn['users'].query({'id':userid}) I don't understand why they're using unauthenticated_userid(request) to lookup user info from the database...isn't that insecure? That means that user might not be logged in, so why are you using that ID to get there private info from the database? Shouldn't userid = authenticated_userid(request) be used instead to make sure the user is logged in? What's the advantage of using unauthenticated_userid(request)? Please help me understand what's going on here.

Read the article
C# double-quoted path name being escaped when read from file

- by KrisTrip

I am trying to read in a text input file that contains a list of filenames (one per line). However, I am running into an issue if the user double-quotes the path (because it has a space in it). For example, a normal input file might have: C:\test\test.tiff C:\test\anothertest.tiff C:\test\lasttest.tiff These get read in fine by my code ("C:\\test\\test.tiff" etc) However, if I have the following input file: "C:\test with spaces\test.tiff" "C:\test with spaces\anothertest.tiff" "C:\test with spaces\lasttest.tiff" These get read in double-quotes and all ("\"C:\\test with spaces\\test.tiff\"" etc). This becomes a problem when I try to open the files (I understandably get invalid character exceptions). My question is, how do I fix this? I want to allow users to input quoted strings and handle them correctly. My first impression was to just write a little method that strips off beginning or ending quotes, but I thought there might be a better way.

Read the article
Best practice for storing global data in PHP?

- by user281434

Hi I'm running a web application that allows a user to log in. The user can add/remove content to his/her 'library' which is displayed on a page called "library.php". Instead of querying the database for the contents of the users library everytime they load "library.php", I want to store it globally for PHP when the user logs in, so that the query is only run once. Is there a best practice for doing this? fx. storing their library in an array in a session? Thanks for your time

Read the article
Exporting tasks to 'C using DPI

- by Alphaneo

I have an verilog based test-bench, interfaced to 'C source using DPI. Now using DPI I am planning to write my whole firmware. To do this I need 3 things Register Read Register Write Interrupt handler As I understand, register reads and writes are tasks that I need to export from the RTL test-bench. And Interrupt handler (I implemented by importing a function from 'C). I checked most the cadence documentation and found no useful hints. I have also registered with cadence users community but it seems that I cannot ask question till they approve my registration. Just in case someone is aware of this, would appreciate their help.

Read the article
Stop multiple sessions accessing the same file simultaneously

- by Pablo

Is it possible to lock a file to stop it being opened while GD library is accessing it? What I am looking to achieve is similar to a database 'serialzable' level of isolation... I want to ensure that only one session/user can access an image at a time to stop a 'dirty read'. May application allows users to add an image of choice to a bigger image. for example the big image is empty Raj & Janet upload their images Raj's session opens the big image. 1 ms later Janet's session opens the big image. Raj's session add's his image and saves the big image 1 ms later Janet's session adds his image and saves its version of the big image. As a result Raj's image is not in the final image as Janet's version overwrote it. I hope that makes it clear enough.

Read the article
How do I prevent duplicate entrys to mySQL?

- by ggfan

On my site, I have a form that users fill out to become a member. They fill out name, bday, email, etc. Then when they click submit, the data gets into mySQL. But sometimes when a user clicks submit many times or refreshes the page, the data gets inputted to the database more than once. How can I prevent this? Is there a code I can use to only let one set of data get into the database? This is also a problem in my comment section. I allow uses to put comments on people's profiles. But when they abuse the refresh button or submit button, I get like 10 of the same comments. Thanks.

Read the article
How do I properly unit test a Django session?

- by thebossman

The behavior of Django sessions changes between "standard" views code and test code, making it unclear how test code is written for sessions. Googling this yields two relevant discussions about this issue: Easier manipulation of sessions by test client test.Client.session.save() raises error for anonymous users I'm confused because both tickets have different ways of dealing with this problem and they were both Accepted. I assume this means they were patched and the behavior is now different. I also don't know to which versions these patches would pertain. If I'm writing a unit test in Django 1.0, how would I set up my session store for sessions to work as they do in the browser?

Read the article
ASP.NET MVC - creating and handling with URLs with Greater Than and Less Than characters

- by pcampbell

Consider a link to a page for a user's profile. A page is creating that URL like this: //Model.Name has value "<bad guy>" Html.ActionLink("foo, "ViewUser", new { id=5, title=Url.Encode(Model.Name) }) The actual outcome was http://mysite/Users/5/%253cbad%2guy%253e When navigating to that URL, the server generates a HTTP Error 400 - Bad Request. Question: Given that the Model.Name may contain Unicode characters, or characters otherwise illegal in URLs, what's the best way to strip out illegal characters, or otherwise encode them? The problem surfaces when testing out 'interesting' user inputs with < and >, but anything could come from the user, and therefore be put in a URL by way of Model.Name.

Read the article
Read XML file from ADO (VB6) Into .Net DataSet

- by Jimbo

I am trying to assist users in migrating from a VB6 application to a C# application. The VB6 app allows the export of data from an ADO (2.8) recordset via XML, but the C# application fails to read the XML producing the following error: System.Data.DuplicateNameException: A column named 'name' already belongs to this DataTable VB6 Code Dim RS As Recordset Set RS = p_CN.Execute("SELECT * FROM tblSuppliers INNER JOIN tblSupplierGroups ON tblSupplierGroups.SupplierGroupID=tblSuppliers.SupplierGroupID") RS.Save sDestinationFile, adPersistXML Set RS = Nothing C# Code DataSet ds = new DataSet(); ds.ReadXml(xmlFilePath); I have obviously incorrectly assumed that the XML file format was universally understood?

Read the article
Publishing on Facebook user's wall

- by tek3

Hi all... i am developing an appon blackberry platform in which i hve to publish a message on users wall...i am able to get session id...but dont know how to proceed further... i am doing something like this... enter code here URLEncodedPostData post = new URLEncodedPostData(URLEncodedPostData.DEFAULT_CHARSET, false); post.append("method", "stream.publish"); post.append("message", "published through the Facebook API"); post.append("session_key", sessionKey); post.append("attachment", null); post.append("action_links", null); post.append("target_id ", null); post.append("uid ", null); i am sending this as post data to following url : http://api.facebook.com/restserver.php? and the response i am getting contains : 101 Invalid API key

Read the article
how to automate upsizing from Access to SQL Server?

- by Arne

Hi, I need to automate the migration from an Access (2003) to an SQL Server DB (2005 or 2008). The upsizing should be done automatically as part of a build process. I need that because there are 2 versions of the software, a single user rich client and a web version. Access DB is used for single user to minimize setup effort, SQL Server to improve performance and scaling with many simultanious users. Access should be the "leading" DB, meaning devs do changes in Access DB and those are propagated to the SQL server within the build process. Many changes will occur, so doing it manually is not an option. I am new to the Microsoft world, so I dont know appropriate tools for that. What tools can I use and how? I know how to do it (by clicking) with the upsizing assistant. Perhaps I can automate that somehow? Thanks in advance for your answers. Cheers, Arne

Read the article
Security flaw in this code approach

- by Alec Smart

Hello, Am wondering if there would be any security flaw in this approach. I am writing a piece of code which allows users to upload files and another set to download those files. These files can be anything. User uploads the file (any file including .php files), it is renamed to an md5 hash (extension removed) and stored on server. A corresponding mySQL entry is made. The user trying to download the file, uses say download.php to download the file where the md5 file is sent (with the original name). Is there someway in which anyone can exploit the above scenario?

Read the article
Django BigInteger auto-increment field as primary key?

- by Alex Letoosh

Hi all, I'm currently building a project which involves a lot of collective intelligence. Every user visiting the web site gets created a unique profile and their data is later used to calculate best matches for themselves and other users. By default, Django creates an INT(11) id field to handle models primary keys. I'm concerned with this being overflown very quickly (i.e. ~2.4b devices visiting the page without prior cookie set up). How can I change it to be represented as BIGINT in MySQL and long() inside Django itself? I've found I could do the following (http://docs.djangoproject.com/en/dev/ref/models/fields/#bigintegerfield): class MyProfile(models.Model): id = BigIntegerField(primary_key=True) But is there a way to make it autoincrement, like usual id fields? Additionally, can I make it unsigned so that I get more space to fill in? Thanks!

Read the article
SQL group and order

- by John Lambert

I have multiple users with multiple entries recording times they arrive at destinations Somehow, with my select query I would like to only show the most recent entries for each unique user name. Here is the code that doesn't work: SELECT * FROM $dbTable GROUP BY xNAME ORDER BY xDATETIME DESC This does the name grouping fine, but as far as showing ONLY their most recent entry, is just shows the first entry it sees in the SQL table. I guess my question is, is this possible? Here is my data sample: john 7:00 chris 7:30 greg 8:00 john 8:15 greg 8:30 chris 9:00 and my desired result should only be john 8:15 chris 9:00 greg 8:30

Read the article
gethostname() returns accurate hostname, bind() doesn't like it

- by user2072848

Doing a python socket tutorial, entire codebase is as follows import socket as so s = so.socket() host = so.gethostname() port = 12345 s.bind((host, port)) s.listen(5) while True: c, addr = s.accept() print 'Got connection from', addr c.send('Thank you for connecting') c.close() and error message: Traceback (most recent call last): File "server.py", line 13, in <module> s.bind((host, port)) File "/Users/solid*name*/anaconda/lib/python2.7/socket.py", line 224, in meth return getattr(self._sock,name)(*args) socket.gaierror: [Errno 8] nodename nor servname provided, or not known Printing hostname gives me super*name* Which is, in fact, my computer's hostname.

Read the article
Proper way to set class variables

- by ensnare

I'm writing a class to insert users into a database, and before I get too far in, I just want to make sure that my OO approach is clean: class User(object): def setName(self,name): #Do sanity checks on name self._name = name def setPassword(self,password): #Check password length > 6 characters #Encrypt to md5 self._password = password def commit(self): #Commit to database >>u = User() >>u.setName('Jason Martinez') >>u.setPassword('linebreak') >>u.commit() Is this the right approach? Should I declare class variables up top? Should I use a _ in front of all the class variables to make them private? Thanks for helping out.

Read the article
Questions and considerations to ask client for designing a database

- by Julia

Hi guys! so as title says, I would like to hear your advices what are the most important questions to consider and ask end-users before designing database for their application. We are to make database-oriented app, with special attenion to pay on db security (access control, encryption, integrity, backups)... Database will also keep some personal information about people, which is considered sensitive by law regulations, so security must be good. I worked on school projects with databases, but this is first time working "in real world", where this db security has real implications. So I found some advices and questions to ask on internet, but here I always get best ones. All help appreciated! Thank you!

Read the article
Properly handling unicode characters in Rails

- by Gdeglin

By default Rails allows users of our application to input non-utf8 data, such as: ¶®«¼ However when we attempt to retrieve the data from our database and render it in a template Rails incorrectly assumes that it is in UTF-8 format and throws an error. ArgumentError: invalid byte sequence in UTF-8 What is the best way to handle this? I have seen one fix that suggested sanitizing the data in every place the user can input it. However, that would involve changing a considerable amount of code and it would strip out the characters entirely. Ideally we would want some characters converted to their UTF-8 equivalents. Our environment: Ruby: 1.9.1 Rails 2.3.5 MySql Gem: 2.8.1 This is a serious and urgent problem for us so your answers are very appreciated!

Read the article
Upload 1GB files using chunking in PHP

- by rjha94

I have a web application that accepts file uploads of up to 4 MB. The server side script is PHP and web server is NGINX. Many users have requested to increase this limit drastically to allow upload of video etc. However there seems to be no easy solution for this problem with PHP. First, on the client side I am looking for something that would allow me to chunk files during transfer. SWFUpload does not seem to do that. I guess I can stream uploads using Java FX (http://blogs.sun.com/rakeshmenonp/entry/javafx_upload_file ) but I can not find any equivalent of request.getInputStream in PHP. Increasing browser client_post limits or php.ini upload or max_execution times is not really a solution for really large files (~ 1GB) because maybe the browser will time out and think of all those blobs stored in memory. is there any way to solve this problem using PHP on server side? I would appreciate your replies.

Read the article
SQL Join to only the maximum row puzzle

- by Billy ONeal

Given the following example data: Users +--------------------------------------------------+ | ID | First Name | Last Name | Network Identifier | +--------------------------------------------------+ | 1 | Billy | O'Neal | bro4 | +----+------------+-----------+--------------------+ | 2 | John | Skeet | jsk1 | +----+------------+-----------+--------------------+ Hardware +----+-------------------+---------------+ | ID | Hardware Name | Serial Number | +----+-------------------+---------------+ | 1 | Latitude E6500 | 5555555 | +----+-------------------+---------------+ | 2 | Latitude E6200 | 2222222 | +----+-------------------+---------------+ HardwareAssignments +---------+-------------+-------------+ | User ID | Hardware ID | Assigned On | +---------+-------------+-------------+ | 1 | 1 | April 1 | +---------+-------------+-------------+ | 1 | 2 | April 10 | +---------+-------------+-------------+ | 2 | 2 | April 1 | +---------+-------------+-------------+ | 2 | 1 | April 11 | +---------+-------------+-------------+ I'd like to write a SQL query which would give the following result: +--------------------+------------+-----------+----------------+---------------+-------------+ | Network Identifier | First Name | Last Name | Hardware Name | Serial Number | Assigned On | +--------------------+------------+-----------+----------------+---------------+-------------+ | bro4 | Billy | O'Neal | Latitude E6200 | 2222222 | April 10 | +--------------------+------------+-----------+----------------+---------------+-------------+ | jsk1 | John | Skeet | Latitude E6500 | 5555555 | April 11 | +--------------------+------------+-----------+----------------+---------------+-------------+ My trouble is that the maximum "Assigned On" date for each user needs to be selected for each individual user and used for the actual join ... Is there a clever way accomplish this in SQL?

Read the article
3rd Party Document Management Service

- by Element

I am developing an asp.net application that requires users to upload/view various documents. Rather then reinvent the wheel I was thinking about using a 3rd party service like Scribd to handle these documents and integrate it into my app via their API; I really like their ipaper viewer too. My concern is some of these documents will be sensitive data. Even though Scribd's FAQ says they are equipped to handle sensitive information, I am a little hesitant to trust an unpaid service that lacks an SLA. Has anyone used Scribd successfully for a similar task? Or can anyone recommend a better document management service?

Read the article
Winforms application hungs when switching to another app

- by joseluisrod

Hi, I believe I have a potential threading issue. I have a user control that contains the following code: private void btnVerify_Click(object sender, EventArgs e) { if (!backgroundWorkerVerify.IsBusy) { backgroundWorkerVerify.RunWorkerAsync(); } } private void backgroundWorkerVerify_DoWork(object sender, System.ComponentModel.DoWorkEventArgs e) { VerifyAppointments(); } private void backgroundWorkerVerify_RunWorkerCompleted(object sender, System.ComponentModel.RunWorkerCompletedEventArgs e) { MessageBox.Show("Information was Verified.", "Verify", MessageBoxButtons.OK, MessageBoxIcon.Information); CloseEvent(); } vanilla code. but the issue I have is that when the application is running and the users tabs to another application when they return to mine the application is hung, they get a blank screen and they have to kill it. This started when I put the threading code. Could I have some rogue threads out there? what is the best way to zero in a threading problem? The issue can't be recreated on my machine...I know I must be missing something on how to dispose of a backgroundworker properly. Any thoughts are appreciated, Thanks, Jose

Read the article
PHP File Exists Always False

- by Joe

I have a case where file_exists() is always returning false. My latest attempt was to just test to see if it would return true for $_SERVER["SCRIPT_FILENAME"] and then return the value of the path if it couldn't find the file which it does. The path while not necessarily relevant to solving the problem is: /Users/joe/Workspace/720/app/webroot/index.php I have obviously verified that the file is there, and am not even sure how it couldn't be there since php is serving it up. I should mention this is on an install of OS X Snow Leopard running PHP 5.3.0. Any ideas would be fantastic. CODE SAMPLE: if (!file_exists($_SERVER["SCRIPT_FILENAME"])) $errors[] = 'Cant find:'. $_SERVER["SCRIPT_FILENAME"];

Read the article
Make two page navigations on top ang bottom of a list

- by sees

I'm creating a simple PHP page that reads CSV file content and display some selected columns to users in pages Currently, I'm reading each line and display it immediately. Because of this method, I only know total of lines after finishing reading entire file( searching in file also). What I want is displaying two page navigations on the top and bottom of the list. Like this: Page 1|2|3|4 Field 1|Field 2|Field 3|Field 4|Field 5....|Field n Row1 Row2 .... Rown Page 1|2|3|4 After displaying all rows, bottom page nav, I used jquery function: insertBefore to insert another page navi to the top. Problems are: 1) Top page nav not displayed in IE8 but displayed ater pressing F5(worked in FF, Chrome). 2) Using insertBefore function, the top page nav is suddenly poppep up afer displaying the bottom one. It doesn't look naturally Any suggestion?

Read the article
How can I sandbox Python in pure Python?

- by Blixt

I'm developing a web game in pure Python, and want some simple scripting available to allow for more dynamic game content. Game content can be added live by privileged users. It would be nice if the scripting language could be Python. However, it can't run with access to the environment the game runs on since a malicious user could wreak havoc which would be bad. Is it possible to run sandboxed Python in pure Python? If not, are there any open source script interpreters written in pure Python that I could use? The requirements are support for variables, basic conditionals and function calls (not definitions).

Read the article

< Previous Page | 621 622 623 624 625 626 627 628 629 630 631 632 | Next Page >