Search Results

Search found 24207 results on 969 pages for 'anonymous users'.

Page 734/969 | < Previous Page | 730 731 732 733 734 735 736 737 738 739 740 741 | Next Page >

Zend - Deny access to CSS, JS, Image files

- by Vincent

All, I have the following Zend application structure: helloworld - application - configs - controllers - models - layouts - include - library - public - design -- css -- site.css -- js -- global.js -- images -- siteheader.gif -- sitefooter.gif - .htaccess - index.php My .htaccess file in public folder looks like this: Options -MultiViews RewriteEngine On RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.php [NC,L] My document root points to the "public" folder. Currently, if the user visits a directory level URL, (Ex: http://localhost/design or localhost/css) , my .htaccess file above make sure to show him the "Access Forbidden" page. But if he visits the file level URL, (Ex: http://localhost/design/css/site.css), it shows him the CSS file or the js file or PHP file.. How can I make sure to lock file level access for the above file types, if accessed directly from the URL? Since my application is JS intensive, I want to protect it from users looking at it. Thanks

Read the article
Database Design for One to One relationships

- by Greelmo

I'm trying to finalize my design of the data model for my project, and am having difficulty figuring out which way to go with it. I have a table of users, and an undetermined number of attributes that apply to that user. The attributes are in almost every case optional, so null values are allowed. Each of these attributes are one to one for the user. Should I put them on the same table, and keep adding columns when attributes are added (making the user table quite wide), or should I put each attribute on a separate table with a foreign key to the user table. I have decided against using the EAV model. Thanks!

Read the article
url or content as a variable in the header of the page

- by Scorpion King

I am designing a site where external links form various are being shown on my page. I am using $url=$_GET['url']; $website_data = file_get_contents($url); echo $website_data; so essentially a user would click on a hyperlink which is something like www.test.com/display_page.php?url=http://www.xyz.com/article/2.jpg My page, list_of_images.php, typically has a list of images with href for each image as above on the page and when any image is clicked it would go to display_page.php, which would show our banner on the top of this page, some text and then this image beneath that. This image could be from any website. I am currently sending the url directly and grabbing it using GET. I understand that users/hackers can actually do some coding and send commands for the url variable and could break the server or do something harmful and so i would like to avoid this method or sending the url directly in the header. what is the alternate approach for this problem?

Read the article
Make a Method of the Business Layer secure. best practice / best pattern [.net/c#]

- by gsharp

Hi We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-) Thanks for you help.

Read the article
Django: How/Where to store a value for a session without unnecessary DB hits

- by GerardJP

Hi all, I have an extended userprofile with AUTH_PROFILE_MODULE (ref: http://tinyurl.com/yhracqq) I would like to set a user.is_guru() method similar to user.is_active(). This would results for al views (or rather templates) to e.g. disable/enable certain user messages, displaying of widgets, etc. The boolean is stored in the extended user profile model, but I want to avoid hitting the DB for every view. So the questions is .. Do I use a context_processor, a template tag, session_dict or what have you to, possible cached, store this info for the duration of the users visit. Note: I dont have performance issues, so it's definitely filed under premature optimization. I just want to avoid generating extra work in the future :). Any pointers are very welcome. Thanx and greetz! Gerard.

Read the article
How to convert Beautiful Soup Unicode into a decimal value?

- by MikeTheCoder

I'm trying to Use python's Beautiful Soup Library to grab a bunch of divs from an html file, and from there get the string - which is a money value - that's inside the div. Then remove the dollar sign and convert it to a decimal so that I can use a greater than and less than conditional statement to compare values. I have googled the heck out of it and can't seem to come up with a way to convert this unicode string into a decimal value. I really could use some help here. How do I convert unicode into a decimal value? This was my last attempt: import unicodedata from bs4 import BeautifulSoup soup = BeautifulSoup(open("/Users/sm/Documents/python/htmldemo.html")) for tag in soup.findAll("div",attrs={"itemprop":"price"}) : val = tag.string new_val = val[8:] workable = int(new_val) if workable > 250: print(type(workable)) else: print(type(workable)) Edit: When I print the type of new_val I get : print(type(new_val))

Read the article
Git: can I store known repositories along the repository?

- by 0x6adb015

I am setting up a Git repository. I know you can add repositories using git config --global, but is there a way that those known repositories gets cloned by users? The goal would be that once the repo gets cloned by userz, they can push to other repos just by their aliases. For example, I add git://X/mobility.git as X to the repo (somehow), a user clone it from git://Y, but then can do git push X without previously doing the git config. How to do that?

Read the article
Proper way to structure a Sync Framework DAL

- by Refracted Paladin

I am creating a WPF app that needs to allow users to work in a temporary disconnected state and I plan to use a Local Database Cache. My question's are about my data access layer. Do you typically create the whole DAL to point at the Cache or both and create a switching mechanism? Is Entity's a good way to go for my DAL against the Cache? I am used to L2S but my understanding is that I can't use that against SQLCE, correct? Thanks! PS: Any good resources out there for using Sync, Linq, and WPF ALL TOGETHER? Tutorials, videos, etc?

Read the article
Custom authorize using MVC

- by Karsten

Im working a bit with MVC. I need to know something about roles when using the same controller for several users getting and showing pictures. I need to show pictures, but sometimes these pictures should only be shown for those who created them. So now when using the Authorize attribute and if picture and username match thrue my databse I could ofcause use this to make a match. I could ofcause make a match method in the controller. [Authorize] controllGetPicture(Picture ID){ getSomepicture.. return picture } DB relations Relations [User] <- [Pictures] ID FK_UserID Im thinking about just getting the User ID and compare with the Picture FK_UserId at the picture but I think it could be smarter. How?

Read the article
Commenting out protect_from_forgery

- by Andy

Hi, I was trying to use active record store but I kept getting an invalid authenticity token. Someone told me to remove my protect_from_forgery from application controller. I know that this would remove all auth tokens but I'm not sure if this is a good idea. Does active record store not need auth tokens? By the way, all I need is a way to dynamically calculate the number of users online and their session variables. If there is a better way than using active record store it would be nice to know.

Read the article
Compiling CSS to SWF server side Java, What is the best practice?

- by DataSurfer

My project allows users to create custom css for our flex app. In regards to compiling the CSS into SWFs on the server side: Should I use the flex2.compiler.css.Compiler class in mxmlc-3.5.0.12683.jar? Or Should I invoke mxmlc from Runtime.getRuntime().exec()? The css.Compiler class is not very well documented. Does anyone have any examples that use this? For the Runtime exec method, what is the best way to package mxmlc into the maven build so its available to the server at runtime?

Read the article
Best approach to a customer portal in ASP.NET MVC

- by DoodleWalker

Hi All, The problem: client needs a website to serve 10+ customers, each customer has 5-10 people they wish to grant access using login & user name, once "logged in" the user can download files specific to their company. The files will be uploaded to a directory under the customer name, and displayed as a list. Currently using membership for all of the users, it's just the "by customer" segmentation I'm wondering about. the question being under ASP.NET MVC what is the cleanest or simplest approach to solving the customer segmentation, trying to avoid customer membership provider so was going to use the roles to assign customer group. Thoughts appreciated.

Read the article
How should my team decide between 3-tier and 2-tier architectures?

- by j0rd4n

My team is discussing the future direction we take our projects. Half the team believes in a pure 3-tier architecture while the other half favors a 2-tier architecture. Project Assumptions: Enterprise business applications Business logic needed between user and database Data validation necessary Service-oriented (prefer RESTful services) Multi-year maintenance plan Support hundreds of users 3-tier Team Favors: Persistant layer <== Domain layer <== UI layer Service boundary between at least persistant layer and domain layer. Domain layer might have service boundary between it. Translations between each layer (clean DTO separation) Hand roll persistance unless we can find creative yet elegant automation 2-tier Team Favors: Entity Framework + WCF Data Service layer <== UI layer Business logic kept in WCF Data Service interceptors Minimal translation between layers - favor faster coding So that's the high-level argument. What considerations should we take into account? What experiences have you had with either approach?

Read the article
tools for creating user-friendly command-line prompt?

- by davka

I notice that some programs (e.g. sqlite, mysql client) provide a command-line prompt that is very similar in capabilities to the bash's, including: line editing with left and right arrows, delete, insert, ^K, etc. history browsing with up and down arrows ^R for reverse i-search in command history which make me think that they are using the same toolset for this. I'd like to create a prompt with similar capabilities in my program, which tools can I use? I prefer it to have the same functionality as in bash, so that the users would be familiar with it.

Read the article
[Hibernate] Problem with saveOrUpdate()

- by kunkanwan

Hi, I've problem with Hibernate. I have a class User class User { int id; String name; } where id is native generator in User.hbm.xml , and name is primary-key in DB. In my database , I saved some information about Users. Than, I want to connect with this information about User. For example in my DB i have row INSERT INTO User VALUES ('Bill'); Main.java User bill = new User(); bill.setName("Bill"); session.saveOrUpdate(bill); This code always trying insert bill to database , rather than update when row about Bill exists in DB... Could you help me ? Thank you for advance.

Read the article
SQL Server Reporting Services Format Hours as Hours:Minutes

- by Frank Schmitt

I'm writing reports on SQL Server Reporting Server that have a number of hours grouped by, say, user, and a total calculated based on the sum of the values. Currently my query runs a stored proc that returns the hours as in HH:MM format, rather than decimal hours, as our users find that more intuitive. The problem occurs when I try and add up the column using an SSRS expression, because the SUM function isn't smart enough to handle adding up times in this format. Is there any way to: Display a time interval (in minutes or hours) in HH:MM format while having it calculated in decimal form? Or split up and calculate the total of the HH:MM text values to arrive at a total as an expression? I'd like to avoid having to write/run a second query just to get the total.

Read the article
preventing selection on MKPointAnnotation

- by Derek

Is there a way to prevent an annotation in a MKMapView instance from being enabled. In other words, when the user taps the red pin on the map, is there a way to prevent it from highlighting the pin. Right now the pin turns dark when touched... Edit: I'm using the following code to return the MKPinAnnotationView // To future MKMapView users - Don't forget to set _mapView's delegate _mapView.delegate = self; _annotation = [[MKPointAnnotation alloc] init]; _annotation.coordinate = myLocation; [_mapView addAnnotation:_annotation]; -(MKAnnotationView *)mapView:(MKMapView *)mapView viewForAnnotation:(id<MKAnnotation>)annotation{ MKPinAnnotationView *pin = [[MKPinAnnotationView alloc] initWithAnnotation:_annotation reuseIdentifier:@"id"]; pin.enabled = NO; return pin; }

Read the article
Google App Engine - SiteMap Creation for a social network

- by spidee

Hi all. I am creating a social tool - I want to allow search engines to pick up "public" user profiles - like twitter and face-book. I have seen all the protocol info at http://www.sitemaps.org and i understand this and how to build such a file - along with an index if i exceed the 50K limit. Where i am struggling is the concept of how i make this run. The site map for my general site pages is simple i can use a tool to create the file - or a script - host the file - submit the file and done. What i then need is a script that will create the site-maps of user profiles. I assume this would be something like: <?xml version="1.0" encoding="UTF-8"?> <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9"> <url> <loc>http://www.socialsite.com/profile/spidee</loc> <lastmod>2010-5-12</lastmod> <changefreq>???</changefreq> <priority>???</priority> </url> <url> <loc>http://www.socialsite.com/profile/webbsterisback</loc> <lastmod>2010-5-12</lastmod> <changefreq>???</changefreq> <priority>???</priority> </url> </urlset> Ive added some ??? as i don't know how i should set these settings for my profiles based on the following:- When a new profile is created it must be added to a site-map. If the profile is changed or if "certain" properties are changed - then i don't know if i update the entry in the map - or do something else? (updating would be a nightmare!) Some users may change their profile. In terms of relevance to the search engine the only way a google or yahoo search will find the users (for my requirement) profile would be for example by means of [user name] and [location] so once the entry for the profile has been added to the map file the only reason to have the search-bot re-index the profile would be if the user changed their user-name - which they cant. or their location - and or set their settings so that their profile would be "hidden" from search engines. I assume my map creation will need to be dynamic. From what i have said above i would imagine that creating a new profile and possible editing certain properties could mark it as needing adding/updating in the sitemap. Assuming i will have millions of profiles added/being edited how can i manage this in a sensible manner. i know i need a script that can append urls as each profile is created i know the script will prob be a TASK - running at a set freq - perhaps the profiles have a property like "indexed" and the TASK sets them to "true" when the profiles are added to the map. I dont see the best way to store the map - do i store it in the datastore i.e; model=sitemaps properties key_name=sitemap_xml_1 (and for my map sitemap_index_xml) mapxml=blobstore (the raw xml map or ror map) full=boolean (set true when url count is 50) # might need this as a shard will tell us To make this work my thoughts are m cache the current site map structure as "sitemap_xml" keep a shard of url count when my task executes 1. build the xml structure for say the first 100 urls marked "index==false" (how many could u run at a time?) 2. test if the current mcache sitemap is full (shardcounter+10050K) 3.a if the map is near full create a new map entry in models "sitemap_xml_2" - update the map_index file (also stored in my model as "sitemap_index" start a new shard - or reset.2 3.b if the map is not full grab it from mcache 4.append the 100 url xml structure 5.save / m cache the map I can now add a handler using a url map/route like /sitemaps/* Get my * as map name and serve the maps from the blobstore/mache on the fly. Now my question is does this work - is this the right way or a good way to start? Will this handle the situation of making sure the search bots update when a user changes their profile - possibly by setting the change freq correctly? - Do i need a more advance system :( ? or have i re-invented the wheel! I hope this is all clear and make some form of sense :-)

Read the article
How Transport for London Website Works

- by Subhen

Hi, Here let me clarify , I have no intentions to peep in to or any evil intention towards tfls database and other related information. But , ofcourse Millions of users are greatly beniftted the way it serves the information. http://journeyplanner.tfl.gov.uk/ So , If we want to create some site like tfl, journeyplanner , what are the basic things we need to keep in mind. Which Architecture We should use? Can We create this website using ASP.NET(Should be able to)? Is TFL integrating it's website with google maps or any other GPS Edit: While you enter the Zip/Pin code or Station name , it creates a map automatically from source to destination and calcculates the distance also. My Question here is , How do they calculate the distance , do they keep help of Maps or GPS or they created there own webservic?

Read the article
Regex to test if an input string contains a certain number of characters

- by Dan

So, I basically would like to test to see if a string contains a range of alphanumeric characters. It's to be used as a client-side validation and I don't want to prevent users from entering whatever they want. Best to give examples of what should/should not pass validation: So to be specific, the expression I'm looking for is to test to make sure string contains anywhere from 3 to 10 alphanumeric characters. I'd like to plug into an ASP.NET client side validator. NOTE: quotes not part of input (but could be!) " f o o " should pass since there are 3 chars "f_0_0" should pass " fo " should not "F......o......o......b.....a......r" should pass thx

Read the article
Make a Method of the Business Layer secure. best practice / best pattern

- by gsharp

We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-)

Read the article
Occurs in MYOB Accounting Plus 18.5 among other versions. Cannot get the function address for " MAPI

- by sjw

I've installed MYOB on SBS server 2003. Why? Because the users were using offline files and it turned out there was about 7 versions of the file both locally and on the server that were out of sync... So the only way I could control the file access was to force RDP to the server... Always using the server file and always in sync... Anyway, this issue occurs in MYOB Accounting Plus 18.5. Cannot get the function address for "MAPISendMail" from "MAPI32.dll" Please check your Mapi installation I just want to send mail from MYOB but I can't - MYOB support is useless and blames everyone else...(i.e. Microsoft and outlook) I have found other people with the same problem whose resolution appears to be to copy MAPI32.dll into myob directory but that hasn't worked for me...

Read the article
Drupal limit number of menu items in primary links

- by ninusik

Is there a way to set a limit on how many menu items users can add to Primary Links menu? I'm working on a Drupal site and I have a horizontal primary links nav bar. There is only room for no more than 7-8 links in the nav bar. I don't want the future maintainer of the site to add more than 8 items to the menu. Is there a way I can set a limit on that? Some module or override function? Thanks,

Read the article
How to convert .NET WPF application to Windows Forms?

- by Janusz

Hello, We have created a beautifully designed .NET WPF desktop application. We are installing the application with InnoSetup , and if .NET 3.5 is not present, it automatically installs it. However, the package to download .NET 3.5 is huge and we found out that about 30% of users do not finish instalation due to this. The obvious solution is to recode everything into .NET 1.1 with Windows Forms but its a major development which would take few weeks. Also, we would then face dilemma if to support both versions (and use innosetup to choose the right one) or just ditch WPF all together. Is there any easy way how to convert WPF to Windows Forms? Or do we have any alternative options to consider? Thank you!

Read the article
PHP REMOTE_ADDR and secure sessions

- by Christopher McCann

One of the ways I have used to make securer sessions in the past is to also record the clients IP address and user agent at the handshake. Each time the client moves a page and calls session_start() I also check that the IP address and user agent stored is still the same to prevent hiijacking. But if someone is connecting from say a company network then all the users will probably have the same external static IP address and they could also really easily be using the same user agent. Is there other metrics I can use which are local only to the physical machine? Thanks

Read the article

< Previous Page | 730 731 732 733 734 735 736 737 738 739 740 741 | Next Page >