Search Results

Search found 30279 results on 1212 pages for 'database drift'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 794/1212 | < Previous Page | 790 791 792 793 794 795 796 797 798 799 800 801  | Next Page >

  • How to convert a PGresult to custom data type with libpq (PostgreSQL)

    - by mocopera
    Hi everyone! I'm using the libpq library in C to accessing my PostgreSQL database. So, when I do res = PQexec(conn, "SELECT point FROM test_point3d"); I don't know how to convert the PGresult I got to my custom data type. I know I can use the PQgetValue function, but again I don't know how to convert the returning string to my custom data type. Any suggestion? Thanks in advice.

    Read the article

  • Client/Server communication via internet

    - by user957829
    Hi, Which is the best solution to communicate bidirectionally between a remote server and a client behind an internet box? UPnP with Sockets. HTTPS/Database Server and the client make 1 request every Xsec to know if there is new data. Client opens 1 connection on the server and it maintains open to make a tunnel. Thanks in advance for your help

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • Reduce the number of additional Queries to 0 by overriding functions in the base model

    - by user334017
    my basic database setup is: User:... Info: relations: User: { foreignType:one } When displaying information on the user it takes: 1 query to find info on the user, and 1 query to find additional info I want to reduce this to one query that finds both, I assume I need to override a function from BaseUser.class.php, or something along those lines but I'm not really sure what to do. Thanks!

    Read the article

  • php validation code format

    - by user2970887
    Okay I have this MySQL database form and am trying to add validation to it. After 2 days of fighting with it, I thought I would get some advice. Would like that the selected item from dropdown and Firstname, Phone, Email, are all required. Then I want to verify that the data in the Firstname, Lastname, Phone (doesn't have to be any special format), Email and Comments are all acceptable formats before putting in database. Here is what I have so far: <?php include('inc_header.php'); if(isset($_POST['add'])) { require('dbcon.php'); if(! get_magic_quotes_gpc() ) { $Id = addslashes ($_POST['Id']); $List = addslashes ($_POST['List']); $Firstname = addslashes ($_POST['Firstname']); $Lastname = addslashes ($_POST['Lastname']); $Phone = addslashes ($_POST['Phone']); $Email= addslashes ($_POST['Email']); $Calltime = addslashes ($_POST['Calltime']); $Comment = addslashes ($_POST['Comment']); } else { $Id = $_POST['Id']; $Date = $_POST['Date']; $List = $_POST['List']; $Firstname = $_POST['Firstname']; $Lastname = $_POST['Lastname']; $Phone = $_POST['Phone']; $Email = $_POST['Email']; $Calltime = $_POST['Calltime']; $Comment = $_POST['Comment']; } $error = ''; //put chosen function here function validate_Firstname($input, $pattern = "/([A-Za-z0-9])") { return !preg_match($pattern, $input); } function validate_Phone($input, $pattern = "/([A-Za-z0-9])") { return !preg_match($pattern, $input); } function isValidEmail( $Email ){ return filter_var( $Email, FILTER_VALIDATE_EMAIL ); } //get values and validate each one as required $List = mysql_real_escape_string($_POST['List']); if(!$List){ $error .= "Please choose one<br />"; } $Firstname = mysql_real_escape_string($_POST['Firstname']); if(!$Firstname){ $error .= "First name is required<br />"; } //get values and validate each one as required $Lastname = mysql_real_escape_string($_POST['Lastname']); if(!$Lastname){ $error .= "Last name is required<br />"; } //repeat for each field $Email = mysql_real_escape_string($_POST['Email']); if(!isValidEmail($Email)){ $error .= "The email entered is invalid<br />"; } //and so on... if(!$error){ //add insert into database code here $sql = "INSERT INTO contacts ". "(`Id`,`Date`,`List`,`Firstname`,`Lastname`,`Phone`,`Email`,`Calltime`,`Comment`)". "VALUES'$Id,','$Date','$List','$Firstname','$Lastname','$Phone','$Email','$Calltime','$Comment') "; mysql_select_db('hmintcwa_contacts'); $retval = mysql_query( $sql, $conn ); if(! $retval ) { die('Could not enter data: ' . mysql_error()); } echo "Entered data successfully<br /><br /><a href=contactsadd.php><font color=#000000>Back</font></a>\n"; mysql_close($conn); } else { ?> <form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" name="ContactForm"> <table bgcolor="#000000" width="500" cellpadding="5" cellspacing="1" border="0"> <input type="hidden" name="Id" id="Id"> <tr> <td bgcolor="#e9e9e9" align="right">Requested Info</td> <td bgcolor="#ffffff" align="left"><select name="List"> <option value="0" > Please Choose One </option> <option value="Market Analysis" > Market Analysis </option> <option value="Consultation" > Consultation </option></select></td></tr> <tr> <td bgcolor="#e9e9e9" align="right">Date</td> <input name="Date" type="hidden" id="Date" value="<? print(Date("l F d, Y")); ?>" /> <td bgcolor="#ffffff" align="left"><? print(Date("l F d, Y")); ?></td> </tr> <tr> <td bgcolor="#e9e9e9" align="right">Firstname</td> <td bgcolor="#ffffff" align="left"><input name="Firstname" type="text" size="20" id="Firstname"></td></tr> <tr> <td bgcolor="#e9e9e9" align="right">Lastname</td> <td bgcolor="#ffffff" align="left"><input type="text" name="Lastname" size="20" id="Lastname"></td> </tr> <tr> <td bgcolor="#e9e9e9" align="right">Phone</td> <td bgcolor="#ffffff" align="left"><input type="text" name="Phone" size="20" id="Phone"></td></tr> <tr> <td bgcolor="#e9e9e9" align="right">Email</td> <td bgcolor="#ffffff" align="left"><input type="text" name="Email" size="20" id="Email"></td></tr> <tr> <td bgcolor="#e9e9e9" align="right">Preferred Calltime</td> <td bgcolor="#ffffff" align="left"><input type="text" name="Calltime" size="20" id="Calltime"> &nbsp;&nbsp; If none put N/A</td></tr> <tr> <td bgcolor="#e9e9e9" align="right">Comment</td> <td bgcolor="#ffffff" align="left"><textarea name="Comment" cols="40" rows="8" id="Comment"></textarea></td></tr> <tr> <td bgcolor="#e9e9e9" align="right">&nbsp;</td> <td bgcolor="#ffffff" align="center"><br> <input name="add" type="submit" id="add" value="Add Contact"><input type="reset" name="Reset" value="Clear Form"><input type=button value="Cancel" onClick="history.go(-1)"><br>&nbsp; </td> </tr> </table> </form> <br>&nbsp;</center> <?php } ?> </body> </html> So far I just keep chasing error message. Please forgive formatting I am trying to learn be gentle.

    Read the article

  • Make a collection with movies

    - by Dimitar Vouldjeff
    Hello, I need to make a collection with a lot of movies, but I was wandering if there is something like API or other method to make that database automatically? I will be using Ruby on Rails, but if there is a useful and fast tool, I will use it. Thank you.

    Read the article

  • why is ADODB inserting NULL values on update?

    - by every_answer_gets_a_point
    i have: With rs .AddNew ' create a new record ' add values to each field in the record .Fields("datapath") = dpath .Fields("analysistime") = "atime" .Fields("reporttime") = "rtime" .Fields("lastcalib") = "lcalib" .Fields("analystname") = "aname" .Fields("reportname") = "rname" .Fields("batchstate") = "bstate" .Fields("instrument") = "NA" .Update ' stores the new record End With when i check the database, it looks like it ONLY inserted the last field! has anyone encountered this problem?

    Read the article

  • how to ensure comparison is case sensitive?

    - by newguy
    Hi there, im trying to do a comparison in MYSQL but wish for it to be case sensitive ex: $userID="test" $q = db_query("select * from users where user_id = '" . $userID . "'"); In DB: userid = "TEST" Ho do i go about making sure the mysql query does not return TRUE for this query as the userid varialbe doesnt match the case of the userid in the database thanks

    Read the article

  • Help getting the following create table function to work with mysql and C#

    - by Matt
    string createTable = "CREATE TABLE IF NOT EXISTS " + m_strDatabase + "_TimeLogs (logName VARCHAR(16), logTime INTEGER, logCountry TEXT, UNIQUE(logName)) TYPE=MyISAM;"; When this runs, no table is created. No errors either. Im using an ODBC connector. the variable passes in the db name, so that the table created would be users_TimeLogs if the database was called users for example. Am I doing something wrong?

    Read the article

  • Entity Framework equivalence for NHibernte SchemaExport

    - by jbandi
    Is there an equivalence in Entity Framework to NHibernate SchemaExport? Given I have a working Entity-Model, I would like to programmatically initialize a database. I would like to use this functionality in the setup of my integration tests. Creating the matching DDL for an Entity-Model would also suffice.

    Read the article

  • Delete document with an empty ID

    - by Damien MATHIEU
    Hello, I have a CouchDB database in production. One of the documents has been edited (in Futon by an other developer). And it's lost it's ID (don't ask me how he did it). So now the document's id is an empty string, which makes it impossible to edit or delete via Futon. Is there a way I could hack into CouchDB to delete that document anyway ?

    Read the article

  • Php/MySQL to ASP.NET/MSSQL, Suggest if its worth the trouble.

    - by user302656
    Hello Guys, We have been using PHP/MySQL for our web application which has been growing a lot, the database is around 4-5GB and one of the table is 2GB sometimes, hence slowing down whenever any queries to that table is called. Should we just try to optimize, or are we using MySQL above its limit? Will switching our web app to .NET/MSSQL resolve the issues? Thanks

    Read the article

  • my sql insert query not working

    - by Piyush
    I am inserting userId.It is displaying correct but inserting 0 in spite of actual userId. mycode- If(! empty($userIDToCheck) || $userIDToCheck != '' ) { echo $userIDToCheck; $sql = "INSERT INTOpnpdb.ruser(userid) VALUES ('$userIDToCheck');"; mysql_query($sql)or die(mysql_error()); echo "Done"; } Output : pi203713 Done But is database it is inserting "0"???

    Read the article

  • Codeigniter Current Logged in user

    - by KierenT
    In Codeigniter, I have a login/registration form all set up, working perfectly, however how can I output the current users username, i.e. When the user has logged in it would say "Welcome, [username]". I also need to know this, to be able to output from the database the record based on the current users ID, how can I do that? I've browsed the docs on codeigniter but couldn't find what i was looking for. I'm using active record btw. Thanks

    Read the article

  • What does the length attribute do when set on the @Column JPA annontation?

    - by James McMahon
    What exactly does setting the length on a column do in JPA? @Column(name = "middle_name", nullable = false, length = 32) public String getMiddleName() { return this.middleName; } I understand that you can use the annotations to generate the database schema based on the entity objects, but does length do any sort of check or truncation when persistence happens, or it solely used for schema creation? I also realize that JPA can sit on top of various implementations, the implementation I am concerned with in this case, is Hibernate.

    Read the article

  • Security Resources Defining, Static/Dynamic

    - by mmontalvo
    I am implementing a simple(hopefully) security manager within an application. Is it better to have predefined(static) roles, custom roles(dynamic)? I am leaning more towards dynamic groups or roles only because then it would not require a redeploy to update the system. Also, what would be the best approach to define resources in general? The application has a database that can hold either the static or dynamic values.

    Read the article

  • Knowing the type of the stored proc when invoking from C#

    - by dotnetdev
    I am making a windows service to be able to run operations on a sql server database (insert, edit, etc) and invoke Stored Procs. However, is there a way for me to know the type of the SP? When invoking from C#, I need to knof if it is returning 1 value, or more, or none (so I can use executereader, scalar, etc)? Thanks

    Read the article

  • How do I create links in the cells of a PHP generated table?

    - by typoknig
    I have a table generated from some PHP code that lists a SMALL amount of important information for employees. I want to make it so each row, or at least one element in each row can be clicked on so the user will be redirected to ALL of the information (pulled from MySQL database) related to the employee who was clicked on. I am not sure how would be the best way to go about this, but I am open to suggestions. I would like to stick to PHP and/or JavaScript. Below is the code for my table: <table> <tr> <td id="content_heading" width="25px">ID</td> <td id="content_heading" width="150px">Last Name</td> <td id="content_heading" width="150px">First Name</td> <td id="content_heading" width="75px">SSN</td> </tr> <?php $user = 'user'; $pass = 'pass'; $server = 'localhost'; $link = mysql_connect($server, $user, $pass); if (!$link){ die('Could not connect to database!' . mysql_error()); } mysql_select_db('mydb', $link); $query = "SELECT * FROM employees"; $result = mysql_query($query); mysql_close($link); $num = mysql_num_rows($result); for ($i = 0; $i < $num; $i++){ $row = mysql_fetch_array($result); $class = (($i % 2) == 0) ? "table_odd_row" : "table_even_row"; echo "<tr class=".$class.">"; echo "<td>".$row[id]."</td>"; echo "<td>".$row[l_name]."</td>"; echo "<td>".$row[f_name]."</td>"; echo "<td>".$row[ssn]."</td>"; echo "</tr>"; } ?> </table>

    Read the article

  • How to login users that are stored within a Wordpress account

    - by user3716795
    I am developing an iOS app that is password protected and all the users are stored in a wordpress account that, of course, is password protected as well. Does anybody know the format that wordpress uses to store login information for these accounts, I would assume that it is a MySQL that sends a json? I have only been able to find the database code for the initial admin page but nothing that shows the way these accounts (815 to be exact) would be stored within the site.

    Read the article

  • How to test if a table is empty, using Hibernate

    - by landon9720
    Using Hibernate, what is the most efficient way to determine if a table is empty or non-empty? In other words, does the table have 0, or more than 0 rows? I could execute the HQL query select count(*) from tablename and then check if result is 0 or non-0, but this isn't optimal as I would be asking the database for more detail than I really need.

    Read the article

  • SimpleDB as Denormalized DB

    - by Max
    In an environment where you have a relational database which handles all business transactions is it a good idea to utilise SimpleDB for all data queries to have faster and more lightweight search? So the master data storage would be a relational DB which is "replicated"/"transformed" into SimpleDB to provide very fast read only queries since no JOINS and complicated subselects are needed.

    Read the article

  • passing data to and from server using xml

    - by sapna
    i need to design a web site in which data is passed to and from the server using xml.i got it how to transform data from database to xml and then to html.but i am not able to find how to pass data from client to server using xml.webpages are designed using asp.is it possible to do pass data from client to server using xml.what are the things that are to be studied.help needed immediately.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 790 791 792 793 794 795 796 797 798 799 800 801  | Next Page >