Search Results

Search found 22139 results on 886 pages for 'security testing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 771/886 | < Previous Page | 767 768 769 770 771 772 773 774 775 776 777 778  | Next Page >

  • routing mvc on the web

    - by generic_noob
    Hi, I was wondering if anyone could possibly provide me some advice on how i could improve the routing (and/or architecture) to each 'section' of my application. (I'm writing in PHP5, and trying to use strict MVC) Basically, I have a generic index page for the app, and that will spew out boilerplate stuff like jquery and the css etc. and it also generates the main navidation for the entire site, but i'm unsure about the best approach to connect the 'main menu' items(hyperlinks) with their associated controllers. Up until now I have been appending strings into the url and using a 'switch' statement to branch to the correct controller(and view) by extracting the strings back out of '$GET[]' to let it execute the code for the corrosponding action. for instance if i had a basic crud system for customer data, the url to edit a customers details would look like 'www.example.com/index.php?page=customer&action=edit&id=4'. I'm worried that there is a security concern by doing it this way, and i'm not sure of an alternative to branch the main 'index.php' file to the correct controller for each action once the user has clicked the link. Would it be better to use mod_rewrite to disguise the controllers names? or to create a similar system to the ASP MVC framework, where there is a seperate routing system where each url is filtered to get the associated controller? Cheers!

    Read the article

  • Creating a global variable on the fly. [PHP ENCRYPTION]

    - by stormdrain
    Is there a way to dynamically create constant variables on the fly? The idea is that upon logging into the system, a user would be asked to upload a small text file that would be fread, and assigned to a var that would be accessible throughout the system. If this is possible, just to be clear, would this variable then only be accessible to that user and only while the session is alive? Security being the main concern here, would it be more practical to store the var in a session variable? The plan: Data in the db will be encrypted via mcrypt, and the key will be stored on USB thumbdrives. The user will insert the thumbdrive when going to access the system. Upon logging in, the app will prompt the user to upload the key. They will navigate to the thumbdrive and key. Via fopen and fread, the key will be assigned to a global var which will then allow access to encrypted data, and will be used to encrypt new info being entered to the db. When the user logs out, or session times out, the global var will become empty. Thanks!

    Read the article

  • iPhone - Problem with in-app purchases

    - by Satyam svv
    I've created iPhone app with in-app purchase. Now, I'm in testing phase. I created provisioning profile com.satyam.testapp In iTunes connected I created the application and uploaded the images, screen shots, desscription etc. I also created two id's for in-app purchase. One is com.satyam.testapp.book1 and the other one is com.satyam.testapp.book5 I created test account also for verifying my in-app purchases. Using com.stayam.testapp i created developer test profile and using the same in my developed application. I logged out the itunes app store account in my iphone. Now i started running my application on my iphone. Its saying that no items are there to purchase. But its not even asking me for credentials where i've to enter test account username and password..... how to debug it? Here's my delegate: - (void)productsRequest:(SKProductsRequest *)request didReceiveResponse:(SKProductsResponse *)response { NSArray *myProduct = [[NSArray alloc] initWithArray:response.products]; for(int i=0;i<[myProduct count];i++) { SKProduct *product = [myProduct objectAtIndex:i]; NSLog(@"Name: %@ - Price: %f",[product localizedTitle],[[product price] doubleValue]); NSLog(@"Product identifier: %@", [product productIdentifier]); } for(NSString *invalidProduct in response.invalidProductIdentifiers) NSLog(@"Problem in iTunes connect configuration for product: %@", invalidProduct); [request autorelease]; [myProduct release]; }

    Read the article

  • Drupal advanced ACLs for "untrusted" administrators

    - by redShadow
    I have a multi-site Drupal-6 installation containing websites of different customers. On each site, there is an "administrator" role that includes mainly the customer's account. We want to give as many permissions as possible to this privileged user, but this could bring to security leaks using just the Drupal Core permissions management system. The main thing to avoid is the customer account being able to run PHP code on the server (that would be like being logged on the server as the www-data user.. sounds really bad). To avoid that, it is not sufficient to deny PHP code evaluation for the role. Since the administrator role must have permissions to manage users, he could also change the password of the user #1 and login in the site as superadmin. The second goal would be to deny also some "confusing" administrative pages (such as module selection) but not others (such as site informations configuration, or theme selection, etc.) I found the User One module that seems to fix the first problem, but I have no idea on how to solve the second one. I found some modules around, but no-one seems to fit.. it seems like the most ACLs are thought to protect the content, and not the site itself, as if the site administrator would always be the server owner itself..

    Read the article

  • Is there any other way of using signed applets

    - by 640KB
    Hi There, If I want to deploy high privileged applets they need to be signed. For that a certificate is created and then a jar file is signed with a jarsigner. After that in the HTML code one has to specify code,codebase AND archive (jar) which we signed before. However I wrote a servlet which acts as two things: it sits at the URL pointed by the codebase and serves class bytecode to the applet. The same servlet also uses serialization to communicate with the applet whereby whenever the applet gets a class it does not know it goes to the codebase which ends up back at the servlet. Almost like a mini RMI setup but simpler. I hope you can see the power in this. Unfortunately for signed applets one needs the archive. Now the servlet is also able to load a Certificate object and can send it to the applet too. So here is the setup: At one point the applet receives class bytecode and it also has the Certificate. It would be nice if the applet could instantiate all received classes using that certificate (otherwise code from jar is signed and outside is not which prompts nasty messages to the user). So my question to you fine Java aficionados: Would there by any way for me to use the bytecode data and the Certificate to instantiate the class as a signed object so that the plugin pops the Security dialog, accepts teh certificate and elevates the object's privileges. What I could find is that the there is a class CodeSource that accepts codebase URL and certificate and is essential to the signing process. What I am not sure is how one could intercept the class loading inside applets to install additional certificates not obtained through a JAR file via archive. What do you say? Thanks a bunch.

    Read the article

  • parse.json of authenticated play request

    - by niklassaers
    I've set up authentication in my application like this, always allow when a username is supplied and the API-key is 123: object Auth { def IsAuthenticated(block: => String => Request[AnyContent] => Result) = { Security.Authenticated(RetrieveUser, HandleUnauthorized) { user => Action { request => block(user)(request) } } } def RetrieveUser(request: RequestHeader) = { val auth = new String(base64Decode(request.headers.get("AUTHORIZATION").get.replaceFirst("Basic", ""))) val split = auth.split(":") val user = split(0) val pass = split(1) Option(user) } def HandleUnauthorized(request: RequestHeader) = { Results.Forbidden } def APIKey(apiKey: String)(f: => String => Request[AnyContent] => Result) = IsAuthenticated { user => request => if(apiKey == "123") f(user)(request) else Results.Forbidden } } I want then to define a method in my controller (testOut in this case) that uses the request as application/json only. Now, before I added authentication, I'd say "def testOut = Action(parse.json) {...}", but now that I'm using authentication, how can I add parse.json in to the mix and make this work? def testOut = Auth.APIKey("123") { username => implicit request => var props:Map[String, JsValue] = Map[String, JsValue]() request.body match { case JsObject(fields) => { props = fields.toMap } case _ => {} // Ok("received something else: " + request.body + '\n') } if(!props.contains("UUID")) props.+("UUID" -> UniqueIdGenerator.uuid) if (!props.contains("entity")) props.+("entity" -> "unset") props.+("username" -> username) Ok(props.toString) } As a bonus question, why is only UUID added to the props map, not entity and username? Sorry about the noob factor, I'm trying to learn Scala and Play at the same time. :-) Cheers Nik

    Read the article

  • How do I avoid having JSONP returns cached in an HTML5 offline application?

    - by Kent Brewster
    I had good luck with cached offline apps until I tried including data from JSONP endpoints. Here's a tiny example, which loads a single movie from the new Netflix widget API: <!DOCTYPE html> <html manifest="main.manifest"> <head> <title>Testing!</title> </head> <body> <p>Attempting to recover a title from Netflix now...</p> <script type="text/javascript"> function ping(r) { alert('API reply: ' + r.catalog_title.title.regular); } var cb = new Date().getTime(); var s = document.createElement('SCRIPT'); s.src = 'http://movi.es/7Soq?v=2.0&output=json&expand=widget&callback=ping&cacheBuster=' + cb; alert('SCRIPT src: ' + s.src); s.type = 'text/javascript'; document.getElementsByTagName('BODY')[0].appendChild(s); </script> </body> </html> ... and here's the contents of my manifest, main.manifest, which contains no files and is only there so my browser knows to cache the calling HTML file. CACHE MANIFEST Yes, I've confirmed that my server is sending the manifest down with the correct content type, text/cache-manifest. The app works fine--meaning both alerts show--the first time I run it, but subsequent runs, even with the attempt at cache-busting in line 10, seem to be attempting to load the script from cache no matter what the query string is. I see the alert showing the script source, but the callback never fires. If I remove the manifest link from line 2 and reset my browser--being Safari and the iPhone Simulator--to clear cache, it works every time. I've also tried alerting the number of SCRIPT tags in the page, and it's definitely seeing both the existing and dynamically-created tag in all cases.

    Read the article

  • Debug formatting code

    - by Arcadian
    I'm trying to debug my code here: private void CheckFormatting() { StringReader objReaderf = new StringReader(txtInput.Text); List<String> formatTextList = new List<String>(); do { formatTextList.Add(objReaderf.ReadLine()); } while (objReaderf.Peek() != -1); objReaderf.Close(); for (int i = 0; i < formatTextList.Count; i++) { if (!Regex.IsMatch(formatTextList[i], "G[0-9]{2}:[0-9]{2}:[0-9]{2}:[0-9]{2} JG[0-9]{2")) { MessageBox.Show("Line " + formatTextList[i] + " is not formatted correctly.", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error); break; } else { this.WriteToFile(); MessageBox.Show("Your entries have been saved.", "Saved", MessageBoxButtons.OK, MessageBoxIcon.Information); } } } what it is supposed to do is to check each line in the list. if one of them isn't formatted correctly, then break the loop and display a message box, if all the lines are formatted properly then it should call the WriteToFile method. However, when testing it using input that WAS correctly formatted it displayed the error message and broke the loop. Anyone figure out why? There's some rep points in it for you :) Thanks in advance

    Read the article

  • VB.Net - Launch app on Windows startup

    - by Queops
    We all now the tricky folders where your application runs when you publish your VB.NET to other people, but I won't give up on the benefits of the system (auto-update, you know). Problem is: Program is supposed to startup, or not, with Windows if the user wishes so. I'm saving program preferences into My.Settings. All fine with that. If you debug it it will save the values between sessions. The problem is after deployment. I installed the program on a testing machine. Application works okay, the settings load, if it's the user launching it by themselfs (using shortcut on desktop for example). Now upon restarting the program does indeed start up as I want it to but the My.Settings don't show up! It's like the config file has been erased. If I close program and re-open by clicking shorcut it loads the settings just fine though. So I wonder what's the problem? This is the code I use to save the registry key: regKey = Registry.CurrentUser.OpenSubKey("SOFTWARE\Microsoft\Windows\CurrentVersion\Run", True) regKey.SetValue("ScapeTracker", Chr(34) & Application.ExecutablePath & Chr(34) & " startup") Does what it's supposed to. The startup parameter is needed so the program knows if it's launched on startup on not (to show up on tray and idle there until user decides to use it). So the problem is that I can't use the settings upon restart of Windows, so I'm assuming the VB.Net applications have some extra parameters when launching? How can I solve this?

    Read the article

  • Keeping cached browser data inside ASP update panel textboxes/dropdowns for browser back click

    - by pmlevere
    I'm new in VB.net/asp and am running a VB web application in a visual database program called IronSpeed designer. I'm primarily using IronSpeed in this case for its login/role security features. I have a basic two page setup for this app. The user logs in then is taken to AccountEntry.aspx, they enter data into textboxes and select some dropdown values that are linked to a sql database, then they click "submit" to move to Results.aspx. On Results.aspx, the user can change data and then generate several types of reports (PDF, Excel, etc). I'm used to setting up ASP controls inside ASPContent areas, and in these areas if a user performs a browser back click the previously entered data will still be on the page for potential user modification. However in this web app, IronSpeed is setting up the page and asp controls inside an asp update panel. It appears inside an asp update panel, cached values can't be seen on a browser back click. In this case, it's important that the orginally entered values still be there for the user experience if the user advances to Results.aspx then clicks browser back to modify a value on AccountEntry.aspx. If I have to I'll setup Session Variables and disable browser clicking, but that is last resort. Is there any way to save cached data inside an asp update panel and have it there for a browser back click?

    Read the article

  • Access Controller Context/ TempData from business objects

    - by thanikkal
    I am trying to build a session/tempdata provider that can be swapped. The default provider will work on top of asp.net mvc and it needed to access the .net mvc TempData from the business object class. I know the tempdata is available through the controller context, but i cant seem to find if that is exposed through HttpContext or something. I dont really want to pass the Controller context as an argument as that would dilute my interface definition since only asp.net based session provider needs this, other (using NoSQL DB etc) doesn't care about Controller Context. To clarify further, adding little more code here. my ISession interface look like this. and when this code goes to production, the session/tempdata is expected to work using NoSql db. But i also like to have another implementation that works on top of asp.net mvc session/tempdata for my dev testing etc. public interface ISession { T GetTempData<T>(string key); void PutTempData<T>(string key, T value); T GetSessiondata<T>(string key); void PutSessiondata<T>(string key, T value); }

    Read the article

  • Why doesn't access database update?

    - by Ryan
    Recently I met a strange problem, see code snips as below: var sqlCommand: string; connection: TADOConnection; qry: TADOQuery; begin connection := TADOConnection.Create(nil); try connection.ConnectionString := 'Provider=Microsoft.Jet.OLEDB.4.0;Data Source=Test.MDB;Persist Security Info=False'; connection.Open(); qry := TADOQuery.Create(nil); try qry.Connection := connection; qry.SQL.Text := 'Select * from aaa'; qry.Open; qry.Append; qry.FieldByName('TestField1').AsString := 'test'; qry.Post; beep; finally qry.Free; end; finally connection.Free; end; end; First, Create a new access database named test.mdb and put it under the directory of this test project, we can create a new table named aaa in it which has only one text type field named TestField1. We set a breakpoint at line of "beep", then lunch the test application under ide debug mode, when ide stops at the breakpoint line (qry.post has been executed), at this time we use microsoft access to open test.mdb and open table aaa you will find there are no any changes in table aaa, if you let the ide continue running after pressing f9 you can find a new record is inserted in to table aaa, but if you press ctrl+f2 to terminate the application at the breakpoint, you will find the table aaa has no record been inserted, but in normal circumstance, a new record should be inserted in to the table aaa after qry.post executed. who can explain this problem , it troubles me so long time. thanks !!! BTW, the ide is delphi 2010, and the access mdb file is created by microsoft access 2007 under windows 7

    Read the article

  • Web Audio API and mobile browsers

    - by Michael
    I've run into a problem while implementing sound and music into an HTML game that I'm building. I'm using the Web Audio API, loading all the sound files with XMLHttpRequests and decoding them into an AudioBufferSourceNode with AudioContext.prototype.decodeAudioData(). It looks something like this: var request = new XMLHttpRequest(); request.open("GET", "soundfile.ogg", true); request.responseType = "arraybuffer"; request.onload = function() { context.decodeAudioData(request.response) } request.send(); Everything plays fine, but on mobile the decodeAudioData takes an absurdly long time for the background music. I then tried using AudioContext.prototype.createMediaElementSource() to load the music from an HTML Audio object, since they support streaming and don't have to load the whole file into memory at once. It looked something like this: var audio = new Audio('soundfile.ogg'); var source = context.createMediaElementSource(audio); var mainVolume = context.createGain(); source.connect(mainVolume); mainVolume.connect(context.destination); This loads much faster, but the audio volume isn't affected by the gain node. Works fine on desktop, so I'm assuming this is a bug/limitation of mobile Chrome (testing on Android). Is there actually no good, well-performing way to handle sound on mobile browsers or am just I doing something stupid?

    Read the article

  • PHP Sessions and Passing Session ID

    - by Jason McCreary
    I have an API where I am passing the session id back and forth between calls. I set up the session like so: // start API session session_name('apikey'); session_id($data['apikey']); // required to link session session_start(); Although I named my session and am passing the session id via GET and POST using the name, PHP does not automatically resume that session. It always creates a new one unless I set the explicitly set the session id. I found some old user comments on www.php.net that said unless the session id is the first parameter PHP won't set it automatically. This seems odd, but even when I call tried it still didn't work: rest_services.php?apikey=sdr6d3subaofcav53cpf71j4v3&q=testing I have used PHP for years, but am a little confused on why I needed to explicitly set the session with session_id() when I am naming the session and passing it's key accordingly. UPDATE It seems I wasn't clear. My question is why is setting the session ID with session_id() required when I am passing the id, using the session name apikey, via $_GET or $_POST. Theoretically this is no different than PHP's SID when cookies are disabled. But for me it doesn't work unless I explicitly set the session ID. Why?

    Read the article

  • connecting to secure database from website host

    - by jim
    Hello all, I've got a requirement to both read and write data via a .net webservice to a sqlserver database that's on a private network. this database is currently accessed via a vpn connection by remote client software (on standard desktop machines) to get latest product prices and to upload product stock sales. I've been tasked with finding a way to centralise this access from a webservice that the clients then access, rather than them using the vpn route to connect directly to the database. My question is related to my .net service's relationship to the sqlserver database. What are the options for connecting to a private network vpn from a domain host in order to achive the functionality of allowing the webservice to both read and write data to the database. For now, I'm not too concerned about the client connectivity and security (tho i appreciate that this will have to be worked out too), I'm really just interested in discovering the options available in order to allow my .net webservice to connect to the private network in as painless and transparent a way as posible. The option of switching the database onto public hosting is not an option, so I have to work with the sdcenario as described above for now, unless there's a compelling rationale presented to do otherwise. thanks all... jim

    Read the article

  • How do I connect to SQL Server with VB?

    - by Wayne Werner
    Hi, I'm trying to connect to a SQL server from VB. The SQL server is across the network uses my windows login for authentication. I can access the server using the following python code: import odbc conn = odbc.odbc('SignInspection') c = conn.cursor() c.execute("SELECT * FROM list_domain") c.fetchone() This code works fine, returning the first result of the SELECT. However, I've been trying to use the SqlClient.SqlConnection in VB, and it fails to connect. I've tried several different connection strings but this is the current code: Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click Dim conn As New SqlClient.SqlConnection conn.ConnectionString = "data source=signinspection;initial catalog=signinspection;integrated security=SSPI" Try conn.Open() MessageBox.Show("Sweet Success") 'Insert some code here, woo Catch ex As Exception MessageBox.Show("Failed to connect to data source.") MessageBox.Show(ex.ToString()) Finally conn.Close() End Try End Sub It fails miserably, and it gives me an error that says "A network-related or instance-specific error occurred... (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) I'm fairly certain it's my connection string, but nothing I've found has given me any solid examples (server=mySQLServer is not a solid example) of what I need to use. Thanks! -Wayne

    Read the article

  • How do the operators < and > work with pointers?

    - by Øystein
    Just for fun, I had a std::list of const char*, each element pointing to a null-terminated text string, and ran a std::list::sort() on it. As it happens, it sort of (no pun intended) did not sort the strings. Considering that it was working on pointers, that makes sense. According to the documentation of std::list::sort(), it (by default) uses the operator < between the elements to compare. Forgetting about the list for a moment, my actual question is: How do these (, <, =, <=) operators work on pointers in C++ and C? Do they simply compare the actual memory addresses? char* p1 = (char*) 0xDAB0BC47; char* p2 = (char*) 0xBABEC475; e.g. on a 32-bit, little-endian system, p1 p2 because 0xDAB0BC47 0xBABEC475? Testing seems to confirm this, but I thought it'd be good to put it on StackOverflow for future reference. C and C++ both do some weird things to pointers, so you never really know...

    Read the article

  • Will this class cause memory leaks, and does it need a dispose method? (asp.net vb)

    - by Phil
    Here is the class to export a gridview to an excel sheet: Imports System Imports System.Data Imports System.Configuration Imports System.IO Imports System.Web Imports System.Web.Security Imports System.Web.UI Imports System.Web.UI.WebControls Imports System.Web.UI.WebControls.WebParts Imports System.Web.UI.HtmlControls Namespace ExcelExport Public NotInheritable Class GVExportUtil Private Sub New() End Sub Public Shared Sub Export(ByVal fileName As String, ByVal gv As GridView) HttpContext.Current.Response.Clear() HttpContext.Current.Response.AddHeader("content-disposition", String.Format("attachment; filename={0}", fileName)) HttpContext.Current.Response.ContentType = "application/ms-excel" Dim sw As StringWriter = New StringWriter Dim htw As HtmlTextWriter = New HtmlTextWriter(sw) Dim table As Table = New Table table.GridLines = GridLines.Vertical If (Not (gv.HeaderRow) Is Nothing) Then GVExportUtil.PrepareControlForExport(gv.HeaderRow) table.Rows.Add(gv.HeaderRow) End If For Each row As GridViewRow In gv.Rows GVExportUtil.PrepareControlForExport(row) table.Rows.Add(row) Next If (Not (gv.FooterRow) Is Nothing) Then GVExportUtil.PrepareControlForExport(gv.FooterRow) table.Rows.Add(gv.FooterRow) End If table.RenderControl(htw) HttpContext.Current.Response.Write(sw.ToString) HttpContext.Current.Response.End() End Sub Private Shared Sub PrepareControlForExport(ByVal control As Control) Dim i As Integer = 0 Do While (i < control.Controls.Count) Dim current As Control = control.Controls(i) If (TypeOf current Is LinkButton) Then control.Controls.Remove(current) control.Controls.AddAt(i, New LiteralControl(CType(current, LinkButton).Text)) ElseIf (TypeOf current Is ImageButton) Then control.Controls.Remove(current) control.Controls.AddAt(i, New LiteralControl(CType(current, ImageButton).AlternateText)) ElseIf (TypeOf current Is HyperLink) Then control.Controls.Remove(current) control.Controls.AddAt(i, New LiteralControl(CType(current, HyperLink).Text)) ElseIf (TypeOf current Is DropDownList) Then control.Controls.Remove(current) control.Controls.AddAt(i, New LiteralControl(CType(current, DropDownList).SelectedItem.Text)) ElseIf (TypeOf current Is CheckBox) Then control.Controls.Remove(current) control.Controls.AddAt(i, New LiteralControl(CType(current, CheckBox).Checked)) End If If current.HasControls Then GVExportUtil.PrepareControlForExport(current) End If i = (i + 1) Loop End Sub End Class End Namespace Will this class cause memory leaks? And does anything here need to be disposed of? The code is working but I am getting frequent crashes of the app pool when it is in use. Thanks.

    Read the article

  • How do I get Spotlight attributes to display in the get info window?

    - by Alexander Rauchfuss
    I have created a spotlight importer for comic files. The attributes are successfully imported and searchable. The one thing that remains is getting the attributes to display in a file's get info window. It seems that this should be a simple matter of editing the schema.xml file so the attributes are nested inside displayattrs tags. Unfortunately this does not seem to be working. I simplified the plugin for testing. The following are all of the important files. schema.xml <types> <type name="cx.c3.cbz-archive"> <allattrs> kMDItemTitle kMDItemAuthors </allattrs> <displayattrs> kMDItemTitle kMDItemAuthors </displayattrs> </type> <type name="cx.c3.cbr-archive"> <allattrs> kMDItemTitle kMDItemAuthors </allattrs> <displayattrs> kMDItemTitle kMDItemAuthors </displayattrs> </type> GetMetadataForFile.m Boolean GetMetadataForFile(void* thisInterface, CFMutableDictionaryRef attributes, CFStringRef contentTypeUTI, CFStringRef pathToFile) { NSAutoreleasePool * pool = [NSAutoreleasePool new]; NSString * file = (NSString *)pathToFile; NSArray * authors = [[UKXattrMetadataStore stringForKey: @"com_opencomics_authors" atPath: file traverseLink: NO] componentsSeparatedByString: @","]; [(NSMutableDictionary *)attributes setObject: authors forKey: (id)kMDItemAuthors]; NSString * title = [UKXattrMetadataStore stringForKey: @"com_opencomics_title" atPath: file traverseLink: NO]; [(NSMutableDictionary *)attributes setObject: title forKey: (id)kMDItemTitle]; [pool release]; return true; }

    Read the article

  • Another developer revoked and re-created my client's iOS Distribution Certificate - does this mean I can never update my client's existing app?

    - by Schnapple
    Here is the story so far: A client hired us to do an iPhone app for them. This client had never done an iPhone app before and as part of the arrangement we handled all aspects for them, including app store submission, and we handle some level of future development (new features, bug/security fixes, etc.) We created a Distribution certificate and key pair on the client's behalf We developed the app, published it to the App Store without incident Some time later the client hired a second developer to do a different app for them This second developer, it appears, has revoked the existing Distribution certificate and created a new one with a new key pair on their system This second developer shared the new Distribution certificate and key pair with us for future reference. Due to user error, this new certificate and key pair has now been imported onto the Macintosh where the original certificate and key pair for the original app we developed were created and the originals were not backed up. So we have App #1 on the App Store with Distribution certificate/key pair #1 App #2 either on the App Store or soon to be using Distribution certificate/key pair #2 Distribution certificate/key pair #1 appears to be lost now So my question is: if we ever need to update App #1, will we be able to, using Distribution certificate/key pair #2? Or will we have to upload it as a new app?

    Read the article

  • PHP file upload issue

    - by Varun
    I am working on a PHP based, ticket management system. While creating a ticket, one can upload an attachment. I want to put a limit (say 10 MB) per file upload. To implement this I plan the following- 1. In php.ini set post_max_size = 10M 2.In PHP script which receives the POST- Since the file is larger than post_max_size, $_FILES[] will be empty. But I can still check the content-length header and discard the upload, if size more than 10M. While testing this I tried uploading a file of 1 GB and analysed the http traffic and this is what I found. - the entire 1 GB data is first uploaded to a to the server temporarily and discarded once the http request completes. Though I couldn't exactly find out where the file was getting saved(as it was not there in the temporary directory in the server.), but my http traffic analyzer showed that the browser did send 1 GB data to the server. - the PHP script execution started only after completion of the http request(i.e after uploading the entire 1 GB) Now I have 2 concerns: a) People may exploit my server bandwidth by trying to upload large file, which I will have to discard anyways. b) Even worse, if someone starts uploading a huge file (say 100 GB), entire 100 GB data is first uploaded to the server temporarily, that means for that period, it will consume that much of memory on my server. What's the common solution for this. Am I missing something here?

    Read the article

  • MSSQL 2005 FOR XML

    - by Lima
    Hi, I am wanting to export data from a table to a specifically formated XML file. I am fairly new to XML files, so what I am after may be quite obvious but I just cant find what I am looking for on the net. The format of the XML results I need are: <data> <event start="May 28 2006 09:00:00 GMT" end="Jun 15 2006 09:00:00 GMT" isDuration="true" title="Writing Timeline documentation" image="http://simile.mit.edu/images/csail-logo.gif"> A few days to write some documentation </event> </data> My table structure is: name VARCHAR(50), description VARCHAR(255), startDate DATETIME, endDate DATETIME (I am not too interested in the XML fields image or isDuration at this point in time). I have tried: SELECT [name] ,[description] ,[startDate] ,[endTime] FROM [testing].[dbo].[time_timeline] FOR XML RAW('event'), ROOT('data'), type Which gives me: <data> <event name="Test1" description="Test 1 Description...." startDate="1900-01-01T00:00:00" endTime="1900-01-01T00:00:00" /> <event name="Test2" description="Test 2 Description...." startDate="1900-01-01T00:00:00" endTime="1900-01-01T00:00:00" /> </data> What I am missing, is the description needs to be outside of the event attributes, and there needs to be a tag. Is anyone able to point me in the correct direction, or point me to a tutorial or similar on how to accomplish this? Thanks, Matt

    Read the article

  • How do I keep users from spoofing data through a form?

    - by Jonathan
    I have a site which has been running for some time now that uses a great deal of user input to build the site. Naturally there are dozens of forms on the site. When building the site, I often used hidden form fields to pass data back to the server so that I know which record to update. an example might be: <input type="hidden" name="id" value="132" /> <input type="text" name="total_price" value="15.02" /> When the form is submitted, these values get passed to the server and I update the records based on the data passed (i.e. the price of record 132 would get changed to 15.02). I recently found out that you can change the attributes and values via something as simple as firebug. So...I open firebug and change the id value to "155" and the price value to "0.00" and then submit the form. Viola! I view product number 155 on the site and it now says that it's $0.00. This concerns me. How can I know which record to update without either a query string (easily modified) or a hidden input element passing the id to the server? And if there's no better way (I've seen literally thousands of websites that pass the data this way), then how would I make it so that if a user changes these values, the data on the server side is not executed (or something similar to solve the issue)? I've thought about encrypting the id and then decrypting it on the other side, but that still doesn't protect me from someone changing it and just happening to get something that matches another id in the database. I've also thought about cookies, but I've heard that those can be manipulated as well. Any ideas? This seems like a HUGE security risk to me.

    Read the article

  • Timer appears to be pausing when screen becomes inactive

    - by elchuppa
    So I have a very simple android activity that starts a timer when you hit a button. Timer timer = new Timer(); timer.schedule(new TimerTask() { @Override public void run() { doStuff(); } }, 15 * 60 * 1000); So this worked reasonably well for me when I was testing but as it turns out when the screen becomes inactive so does the timer. I was a bit surprised by this. I understand you need to create a service to have anything running in the background but I hadn't realized this is required for an activity in the foreground when the phone has inactivated the screen due to lack of activity. What confuses me is I think this worked as I expected originally and just in the last few weeks or so has the timer been affected by the phone saving power. I could be wrong though.. So basically my questions are: am I seeing expected behavior? Do I need to create all timers as services or somehow disallow powersaving? thanks for any advice, Patrick

    Read the article

  • temporary tables within stored procedures on slave servers with readonly set

    - by lau
    Hi, We have set up a replication scheme master/slave and we've had problems lately because some users wrote directly on the slave instead of the master, making the whole setup inconsistent. To prevent these problems from happening again, we've decided to remove the insert, delete, update, etc... rights from the users accessing the slave. Problems is that some stored procedure (for reading) require temporary tables. I read that changing the global variable read_only to true would do what I want and allow the stored procedures to work correctly ( http://dev.mysql.com/doc/refman/5.0/en/server-system-variables.html#sysvar_read_only ) but I keep getting the error : The MySQL server is running with the --read-only option so it cannot execute this statement (1290) The stored procedure that I used (for testing purpose) is this one : DELIMITER $$ DROP PROCEDURE IF EXISTS test_readonly $$ CREATE DEFINER=dbuser@% PROCEDURE test_readonly() BEGIN CREATE TEMPORARY TABLE IF NOT EXISTS temp ( BT_INDEX int(11), BT_DESC VARCHAR(10) ); INSERT INTO temp (BT_INDEX, BT_DESC) VALUES (222,'walou'), (111,'bidouille'); DROP TABLE temp; END $$ DELIMITER ; The create temporary table and the drop table work fine with the readonly flag - if I comment the INSERT line, it runs fine- but whenever I want to insert or delete from that temporary table, I get the error message. I use Mysql 5.1.29-rc. My default storage engine is InnoDB. Thanks in advance, this problem is really driving me crazy.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 767 768 769 770 771 772 773 774 775 776 777 778  | Next Page >