Search Results

Search found 57810 results on 2313 pages for 'http delete'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 838/2313 | < Previous Page | 834 835 836 837 838 839 840 841 842 843 844 845  | Next Page >

  • Is reliance on parametrized queries the only way to protect against SQL injection?

    - by Chris Walton
    All I have seen on SQL injection attacks seems to suggest that parametrized queries, particularly ones in stored procedures, are the only way to protect against such attacks. While I was working (back in the Dark Ages) stored procedures were viewed as poor practice, mainly because they were seen as less maintainable; less testable; highly coupled; and locked a system into one vendor; (this question covers some other reasons). Although when I was working, projects were virtually unaware of the possibility of such attacks; various rules were adopted to secure the database against corruption of various sorts. These rules can be summarised as: No client/application had direct access to the database tables. All accesses to all tables were through views (and all the updates to the base tables were done through triggers). All data items had a domain specified. No data item was permitted to be nullable - this had implications that had the DBAs grinding their teeth on occasion; but was enforced. Roles and permissions were set up appropriately - for instance, a restricted role to give only views the right to change the data. So is a set of (enforced) rules such as this (though not necessarily this particular set) an appropriate alternative to parametrized queries in preventing SQL injection attacks? If not, why not? Can a database be secured against such attacks by database (only) specific measures? EDIT Emphasis of the question changed slightly, in the light of the initial responses received. Base question unchanged. EDIT2 The approach of relying on paramaterized queries seems to be only a peripheral step in defense against attacks on systems. It seems to me that more fundamental defenses are both desirable, and may render reliance on such queries not necessary, or less critical, even to defend specifically against injection attacks. The approach implicit in my question was based on "armouring" the database and I had no idea whether it was a viable option. Further research has suggested that there are such approaches. I have found the following sources that provide some pointers to this type of approach: http://database-programmer.blogspot.com http://thehelsinkideclaration.blogspot.com The principle features I have taken from these sources is: An extensive data dictionary, combined with an extensive security data dictionary Generation of triggers, queries and constraints from the data dictionary Minimize Code and maximize data While the answers I have had so far are very useful and point out difficulties arising from disregarding paramaterized queries, ultimately they do not answer my original question(s) (now emphasised in bold).

    Read the article

  • New ASP.NET Performance Tool

    Greetings, I have released a tool used to collect ETW events in ASP.NET pages to measure their duration. It's friendly and easy to use. Check it out at  http://blogs.msdn.com/josere/ Thanks for reading, Jose....Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Interesting links week #9

    - by erwin21
    Below a list of interesting links that I found this week: Frontend: Subway Map Visualization jQuery Plugin Internet Explorer 9 Guide for Developers Development: Html Agility Pack Cache Integration - Building and Using Custom OutputCache Providers in ASP.NET Marketing: A/B testing applications Other: Top 10 Reasons Web Developers Should Avoid Flash Interested in more interesting links follow me at twitter http://twitter.com/erwingriekspoor

    Read the article

  • Radeon HD 2000, 3000, 4000 on 12.10 Quantal: fglrx (legacy) 12.6 unsupported, what to do?

    - by Andrew Mao
    After upgrading to 12.10 quantal, the packaged version of fglrx no longer works. I discovered that this is because there is a separate 'legacy' fglrx driver for the HD 2k-4k series cards, but it is incompatible with the xorg server on 12.10. This is the most current version of the driver for HD 2000 through HD 4000 series cards. You can't use the non-legacy fglrx driver, but you can use the open-source radeon driver if you prefer your WM compositing to be laggy and your YouTube videos to play like they would on a Pentium MMX series: http://support.amd.com/us/kbarticles/Pages/catalyst126legacyproducts.aspx Usually this driver can be installed in the following way, necessary because apt-get install fglrx would pull in the non-legacy driver: wget http://www2.ati.com/drivers/legacy/amd-driver-installer-12.6-legacy-x86.x86_64.zip unzip amd-driver-installer-* sudo sh ./amd-driver-installer-*.run --buildpkg Ubuntu/quantal sudo dpkg -i fglrx*.deb sudo aticonfig --initial -f If you use a different version of fglrx (for example, a newer 12.9 that doesn't support those cards) then the final command will give you an error no supported hardware detected or something similar. However, everything works at this point and you will get a reasonable xorg.conf: ... other stuff Section "Device" Identifier "aticonfig-Device[0]-0" Driver "fglrx" BusID "PCI:1:5:0" EndSection ... other stuff At this point you're supposed to reboot and everything will be working with the fglrx driver. However, upon rebooting, you'll be treated to the following errors in Xorg.0.log when fglrx attempts to load: (EE) Failed to load /usr/lib/xorg/modules/drivers/fglrx_drv.so: /usr/lib/xorg/modules/drivers/fglrx_drv.so: undefined symbol: noXFree86DRIExtension Some searching around will show that this is a problem with the legacy ATI drivers not supporting xserver 1.13 or newer. (Arch Linux thread) ATI has released a fixed driver for its most recent (HD 5000 series or later) cards, but not for the 'legacy' cards yet. The non-legacy ATI drivers can't be used with the old cards. What should an Ubuntu user, using one of these HD 2000-4000 series cards, do? Wait for an updated 'legacy' ATI driver that properly works with xserver 1.13? Downgrade back to 12.04 Precise, which uses xserver 1.11? Try to downgrade xserver on 12.10 Quantal to 1.12, which could possibly break Unity and GNOME? Forced upgrade to HD 5000 series or later card? (Not possible with integrated graphics...) Some other 1337 action that fixes this problem painlessly?

    Read the article

  • is Microsoft LC random generator patented?

    - by user396672
    I need a very simple pseudo random generator (no any specific quality requirements) and I found Microsoft's variant of LCG algorithm used for rand() C runtime library function fit my needs (gcc's one seems too complex). I found the algorithm here: http://rosettacode.org/wiki/Linear_congruential_generator#C However, I worry the algorithm (including its "magic numbers" i.e coefficients) may by patented or restricted for use in some another way. Is it allowed to use this algorithm without any licence or patent restrictions or not? I can't use library rand() because I need my results to be exactly reproducible on different platforms

    Read the article

  • Can't open Software Center or Update Manager

    - by Albert
    When I try to (not from terminal) the following error message opens up: An unresolvable problem occurred while initializing the package information. Please report this bug against the 'update-manager' package and include the following error message: 'E:Malformed line 60 in source list /etc/apt/sources.list (dist parse)' Using Ubuntu 12.04, thanks. Edit: Went to line 60, this is what I found: deb http://archive.canonical.com/precise partner

    Read the article

  • Filling array with numbers from given range so that sum of adjacent numbers is square number

    - by REACHUS
    Problem: Fill all the cells using distinct numbers from <1,25 set, so that sum of two adjacent cells is a square number. (source: http://grymat.im.pwr.wroc.pl/etap1/zad1etp1213.pdf; numbers 20 and 13 have been given) I've already solved this problem analytically and now I would like to approach it using an algorithm. I would like to know how should I approach these kind of problems in general (not a solution, just a point for me to start).

    Read the article

  • What could be the Java successor Oracle wants to invest in?

    - by deamon
    I've read that Oracle wants to invest into another language than Java: "On the other hand, Oracle has been particularly supportive of alternative JVM languages. Adam Messinger ( http://www.linkedin.com/in/adammessinger ) was pretty blunt at the JVM Languages Summit this year about Java the language reaching it's logical end and how Oracle is looking for a 'higher level' language to 'put significant investment into.'" But what language could be the one Oracle wants to invest in? Is there another candidate than Scala?

    Read the article

  • Configuring the iPlanet as web tier for Oracle WebCenter Content (UCM)

    - by Adao Junior
    If you are looking for configure the iPlanet as Web server/proxy to use with the Oracle WebCenter Content, you probably won’t found an specific documentation for that or will found some old complex notes related to the old 10gR3. This post will help you out with few simple steps. That’s the diagram of the test scenario, considering that you will deploy in production in an cluster environment. First you need the software, for our scenario you will need: - Oracle iPlanet Web Server 7.0.15+ (Installed) - Oracle WebCenter Content 11gR1 PS5 (Installed) - Oracle WebLogic Web Server Plugins 11g (1.1) - Supported JDK (Using Oracle Java JDK 7u4 for the test) - Certified Client OS - Certified Server OS (Using Oracle Solaris 11 for the test) - Certified Database (Using Oracle Database 11.2.0.3 for the test) Then the configuration: - Download the latest plugin: http://www.oracle.com/technetwork/middleware/ias/downloads/wls-plugins-096117.html - Extract the WLSPlugin11g-iPlanet7.0 in some folder, like <iPlanet_Home>/plugins/wls11 - Include the plugin reference to the magnus.conf: If Unix (Solaris or Linux), include the line: Init fn="load-modules" shlib="/apps/oracle/WebServer7/plugins/wls11/lib/mod_wl.so" If Windows, Include the line:        Init fn="load-modules" shlib="D:\\oracle\\WebServer7\\plugins\\wls11\\lib\\mod_wl.dll" - Include the proxy reference to the obj.conf of each instance: <Object name="weblogic" ppath="*/cs/*"> Service fn="wl-proxy" WebLogicCluster="wcc-node1:16201,wcc-node2:16202, wcc-node3:16203" </Object>   <Object name="weblogic" ppath="*/_dav/*"> Service fn="wl-proxy" WebLogicCluster="wcc-node1:16201,wcc-node2:16202, wcc-node3:16203" </Object>   <Object name="weblogic" ppath="*/_ocsh/*"> Service fn="wl-proxy" WebLogicCluster="wcc-node1:16201,wcc-node2:16202, wcc-node3:16203" </Object>   <Object name="weblogic" ppath="*/adfAuthentication/*"> Service fn="wl-proxy" WebLogicCluster="wcc-node1:16201,wcc-node2:16202, wcc-node3:16203" </Object> If you are using an single node setup, change the Service fn=…. line to something like: Service fn="wl-proxy" WebLogicHost=<wcc-server> WebLogicPort=16200 With these configurations, your should have the WebCenter Content UI working with the iPlanet, test it. [http://<web-server>/cs/] With the UI working, the last step is to configure the WebDav: - Go to the iPlanet Admin Console (usually https://<web-server>:8989) - Go to Configurations >> [instance] >> Virtual Servers >> [Virtual Server] >> WebDAV: - Click New - Populate the URI with /cs/idcplg/webdav: - Select “Anyone (No Authentication)”, the wc Content will take care of the security: This will allow you to use the WebDav feature and the Desktop Integration Suite, including double-byte characters. Anothers iPlanet tunes could be done, I can cover in the next post related to the iPlanet. Cross-posted on the ContentrA.com Blog Related posts:  - Using a Web Proxy Server with WebCenter Family

    Read the article

  • SQL Azure Database Size Calculator

    - by kaleidoscope
    A neat trick on how to measure your database size in SQL Azure.  Here are the exact queries you can run to do it: Select Sum (reserved_page_count) * 8.0 / 1024 From sys.dm_db_partition_stats GO Select sys.objects.name, sum (reserved_page_count) * 8.0 / 1024 From sys.dm_db_partition_stats, sys.objects Where sys.dm_db_partition_stats.object_id = sys.objects.object_id Group by sys.objects.name The first one will give you the size of your database in MB and the second one will do the same, but break it out for each object in your database. http://www.azurejournal.com/2010/03/sql-azure-database-size-calculator/   Ritesh, D

    Read the article

  • Hash Sum mismatch on python-keyring

    - by Gearoid Murphy
    I came in to my workstation this morning to find an apt error notification relating to a hash sum mismatch on the python keyring password storage mechanism, given the sensitive nature of this package, this gives me some cause for concern. Has anyone else seen this error?, how can I ensure that my system has not been compromised? Failed to fetch http://gb.archive.ubuntu.com/ubuntu/pool/main/p/python-keyring/python-keyring_0.9.2-0ubuntu0.12.04.2_all.deb Hash Sum mismatch Xubuntu 11.04 AMD64

    Read the article

  • How do I make a more or less realistic water surface?

    - by Johnny
    I want to make a similar water surface like in this picture: http://www.publicdomainpictures.net/pictures/20000/velka/water-surface-detail-11291208064MpI.jpg I need the water surface in the same view than in the picture. Is it possible to work without shaders? I want to develop a little game for Xbox Live Indie Marketplace, Windows Phone and maybe later iPhone/iPad. How should I make the water surface, so that it works on multiple platforms?

    Read the article

  • Interesting links week #1

    - by erwin21
    Below a list of interesting links that I found this week: Frontend: 10 Tips for Optimizing Web Form Submission Usability 10 Valuable Tips and Tricks for Designing HTML Emails 8 useful sites for web developers Development: Mono for Android Other: 7 Exciting Web Development Trends for 2011 Interested in more interesting links follow me at twitter http://twitter.com/erwingriekspoor

    Read the article

  • Common Areas For Securing Web Services

    The only way to truly keep a web service secure is to host it on a web server and then turn off the server. In real life no web service is 100% secure but there are methodologies for increasing the security around web services. In order for consumers of a web service they must adhere to the service’s Service-Level Agreement (SLA).  An SLA is a digital contract between a web service and its consumer. This contract defines what methods and protocols must be used to access the web service along with the defined data formats for sending and receiving data through the service. If either part does not abide by the contract then the service will not be accessible for consumption. Common areas for securing web services: Universal Discovery Description Integration  (UDDI) Web Service Description Language  (WSDL) Application Level Network Level “UDDI is a specification for maintaining standardized directories of information about web services, recording their capabilities, location and requirements in a universally recognized format.” (UDDI, 2010) WSDL on the other hand is a standardized format for defining a web service. A WSDL describes the allowable methods for accessing the web service along with what operations it performs. Web services in the Application Level can control access to what data is available by implementing its own security through various methodologies but the most common method is to have a consumer pass in a token along with a system identifier so that they system can validate the users access to any data or actions that they may be requesting. Security restrictions can also be applied to the host web server of the service by restricting access to the site by IP address or login credentials. Furthermore, companies can also block access to a service by using firewall rules and only allowing access to specific services on certain ports coming from specific IP addresses. This last methodology may require consumers to obtain a static IP address and then register it with the web service host so that they will be provide access to the information they wish to obtain. It is important to note that these areas can be secured in any combination based on the security level tolerance dictated by the publisher of the web service. This being said, the bare minimum security implantation must be in the Application Level within the web service itself. Typically I create a security layer within a web services exposed Internet that requires a consumer identifier and a consumer token. This information is then used to authenticate the requesting consumer before the actual request is performed. Refernece:UDDI. (2010). Retrieved 11 13, 2011, from LooselyCoupled.com: http://www.looselycoupled.com/glossary/UDDIService-Level Agreement (SLA). (n.d.). Retrieved 11 13, 2011, from SearchITChannel: http://searchitchannel.techtarget.com/definition/service-level-agreement

    Read the article

  • How do I use GroundControl in 11.10?

    - by Jo-Erlend Schinstad
    When I installed Bazaar Explorer on a fresh system the other day, I came across this Ground Control. I had a look at its web page on http://ground-control.org/ and it looked seriously awesome, so I installed it from Ubuntus repositories. However, I can't find any way of starting it. apt-file shows that it should provide a file named /usr/share/applications/groundcontrol.desktop, but there's no such file. Can someone shed some light on this?

    Read the article

  • APress Deal of the Day 19/Oct/2013 - Software Projects Secrets Why Projects Fail

    - by TATWORTH
    Originally posted on: http://geekswithblogs.net/TATWORTH/archive/2013/10/19/apress-deal-of-the-day-19oct2013---software-projects-secrets.aspxTod\y's $10 deal of the day from APress at http://www.apress.com/9781430251019 is Software Projects Secrets Why Projects Fail "Software Project Secrets: Why Software Projects Fail airs dirty laundry about the software industry—how putting project management's priorities above all else is the root cause of problems in software development projects. This book offers solutions to integrate project management with agile methodologies that really work for software development."

    Read the article

  • Examples of good Javascript/HTML5 based games

    - by Zuch
    Now that Flash is largely being replaced with HTML5 elements (video, audio, canvas, etc.) are there any good examples of web-based games built on completely open standards (meaning Javascript, HTML and CSS)? I see a lot of examples of pure HTML5 implementations of what was once only in Flash (like stuff here: http://www.html5rocks.com/) but not many games, a domain which still seem dominated by Flash. I'm curious what's possible and what the limitations are.

    Read the article

  • Tweet count just shot up

    - by Tom Gullen
    On our homepage we have a tweet button and counter: http://www.scirra.com This was around 600 until overnight it suddenly doubled to 1,200. It's been continuing to rise at a normal rate since. Has Twitter changed what counts as a Tweet for that counter? I've noticed competitors counts have dropped significantly. We don't buy tweets or followers, and I haven't found any spam tweets about us nor have we had any significant recent press.

    Read the article

  • How to correctly track the analytics when using iframe

    - by Sherry Ann Hernandez
    In our main aspx page we have this analytics code <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-1301114-2']); _gaq.push(['_setDomainName', 'florahospitality.com']); _gaq.push(['_setAllowLinker', true]); _gaq.push(['_trackPageview']); _gaq.push(function() { var pageTracker = _gat._getTrackerByName(); var iframe = document.getElementById('reservationFrame'); iframe.src = pageTracker._getLinkerUrl('https://reservations.synxis.com/xbe/rez.aspx?Hotel=15159&template=flex&shell=flex&Chain=5375&locale=en&arrive=11/12/2012&depart=11/13/2012&adult=2&child=0&rooms=1&start=availresults&iata=&promo=&group='); }); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> Then inside this aspx page is an iframe. Inside the iframe we setup this analytics code <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-1301114-2']); _gaq.push(['_setDomainName', 'reservations.synxis.com']); _gaq.push(['_setAllowLinker', true]); _gaq.push(['_trackPageview', 'AvailabilityResults']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })(); </script> The problem is I see to pageview when I go to find the AvailabilityResults page. The first one is a direct traffic and the other one is a cpc. How come that they have different source? I was expecting that both of them is using a direct traffic.

    Read the article

  • LCM says Smart List import is complete but actually its not...Here are probable reasons

    - by RahulS
    First of all some basics of smart list: Administrators use Smart Lists to create custom drop-down lists that users access from data form cells. When clicking in cells whose members are associated with a Smart List (as a member property), users select items from drop-down lists instead of entering data. Users cannot type in cells that contain Smart Lists. Smart Lists display in cells as down arrows that expand when users click into the cells. Below link will give you more information on Smart Lists: http://download.oracle.com/docs/cd/E17236_01/epm.1112/hp_admin/enum_pg.html I got a simple query today, "The LCM process generates and indicates a status of "Complete", however, the 3,018 records do not appear in the Planning application. No error exists in the log to identify the problem." Things which can be checked in this case: 1. Spaces are not allowed in the Entry Name, 2. Spaces are allowed in the Entry Label, 3. The name must start with an alpha character or underscore, 4. Valid characters for the remaining part of the name must be alpha, numeric, or an underscore, 5. Enter a name that is unique within the smart list, 6. I am not sure about the limits but I have seen 22,000 members loaded fine, 7. ID for every entry should be unique,  8. IDs need not to be consecutive, Ex: It was go from 1 to 100 then 500 to 900 then 1900 to 4500 etc. While import .xml file using LCM there were no errors in the foundation and LCM migration logs, but when checked in the HyS9PlanningSysErr.log, few errors were found:Ex: The name Data_Coord_(Prod)_ACS is invalid, The name Sr_Dir_b+Medcd_Gvt_Rel_Sls_Mkt is invalid, The name entered is invalid. Enter a name that is unique within the smart list, Also, we can Load Smart List dimensions and Smart List dimension entries using the /DS:HSP_SMARTLISTS parameter in outlineload utility: OutlineLoad /A:acpt /U:admin /M /I:c:/smartlist_create1.csv /DS:HSP_SMARTLISTS /L:c:/OutlineLogs/outlineLoad.log /X:c:/OutlineLogs/outlineLoad.exc SmartList Name, Operation, Label, Display Order, Missing Label, Use Form Missing Label, Entry ID, Entry Name, Entry Label SL1,addsmartlist,SL1Label,,,,,, SL1,addEntry,,,,,,entry1,entrylabel1 SL1,addEntry,,,,,,entry2,entrylabel2 Cheers..!!! Rahul S. http://www.facebook.com/pages/HyperionPlanning/117320818374228

    Read the article

  • MCM Preperations - how it's going

    - by NeilHambly
    Since the announcement in November 2010 that the MCM SQL Server 2008 Training program had been revamped, read more on that here http://www.sqlskills.com/BLOGS/PAUL/post/Big-changes-to-the-MCM-program-and-how-SQLskills-can-help-you.aspx Experienced SQL Professionals now have more opportunity to undertake this advanced certification, Where they previously might not have been able to undertake for a variety of reasons, {time, money, location etc..} With a few announcements of those who has recently...(read more)

    Read the article

  • Can anyone do anything about the spam here on weblogs.asp.net?

    - by Chris Hammond
    If there anyone out there who can do something about the spam here on weblogs.asp.net? Perhaps we could get some new software here that we could use to blog with? The old software barely works in Chrome (I can't see the rich text editor at this point), and lately the notification emails for Comments (which are mostly spam anyways) are pointing to http://weblogs.aspnet05.orcsweb.com which tries to get you to login with https://weblogs.aspnet05.orcsweb.com/ Anyone still maintaining this place?...(read more)

    Read the article

  • XenApp 6.5 – How to create and set a Policy using PowerShell

    - by Waclaw Chrabaszcz
    Originally posted on: http://geekswithblogs.net/Wchrabaszcz/archive/2013/06/20/xenapp-6.5--how-to-create-and-set-a-policy.aspxHere is my homework Add-PSSnapin -name Citrix.Common.* -ErrorAction SilentlyContinueNew-Item LocalFarmGpo:\User\MyPolicycd LocalFarmGpo:\User\MyPolicy\Settings\ICA\SecuritySet-ItemProperty .\MinimumEncryptionLevel State EnabledSet-ItemProperty .\MinimumEncryptionLevel Value Bits128cd LocalFarmGpo:\User\MyPolicy\Filters\WorkerGroupNew-Item -Name "All Servers" -Value "All Servers"Set-ItemProperty LocalFarmGpo:\User\MyPolicy -Name Priority -Value 2  So cute …

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 834 835 836 837 838 839 840 841 842 843 844 845  | Next Page >