Search Results

Search found 3528 results on 142 pages for 'safe'.

Page 98/142 | < Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105  | Next Page >

• How do I secure a folder used to let users upload files?

  - by Eduardo Molteni

  I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

  Read the article

• Why is the 'this' keyword not a reference type in C++ [closed]

  - by Dave Tapley

  Possible Duplicates: Why ‘this’ is a pointer and not a reference? SAFE Pointer to a pointer (well reference to a reference) in C# The this keyword in C++ gets a pointer to the object I currently am. My question is why is the type of this a pointer type and not a reference type. Are there any conditions under which the this keyword would be NULL? My immediate thought would be in a static function, but Visual C++ at least is smart enough to spot this and report static member functions do not have 'this' pointers. Is this in the standard?

  Read the article

• Web based interface for open SSL client certificates

  - by Felix

  Hi there! We are currently developing a apache2-based web application and want to invite some beta testers to give it a try. To be on the safe side, access should be provided by individual browser certificates (.p12) which are issued using a (fake) CA. Our users should be passing a complete register/login process and some of them will be granted administrative privileges within the application. That's why a preceding simple web-based authentication won't be sufficient. Atm, I using a serverside shellscript to generate the certificates each time. Do you know about a small, web-based tool to simplify the process of generating / revoking those certificates? Maybe an overview of the CA's index.txt plus the option to revoke a cert and a link to download them directly?

  Read the article

• How can I safely decide if a variable is a string of more than one characters?

  - by Alan

  I am using the following Javascript: if (typeof content !== 'undefined' && content.length > 0) { $state.transitionTo('admin.content', { content: content }) } I thought this was safe to use but it gives me an error saying: TypeError: Cannot read property 'length' of null I am using the following function to decide if something is a number: isNumber: function (num) { // Return false if num is null or an empty string if (num === null || (typeof num === "string" && num.length === 0)) { return false; } var rtn = !isNaN(num) return rtn; }, How can I write a similar function that would very safely determine if something is a string with a length of more than 0?

  Read the article

• Mixing .NET 3.5 with 4/4.5 assemblies in the same process

  - by lysergic-acid

  Our team builds a .NET 3.5 WinForms based application that we'd like to migrate to the latest .NET version (4.5). Our application uses many "external" components (can be thought of as plugins) that are also currently .NET 3.5 based. I'd like to know what runtime/core libraries are used in case we convert ONLY THE APPLICATION to compile using .NET 4.5? Should this scenario properly work? (loading .NET 3.5 assemblies in a 4.5 process)? * The plugin assemblies are loaded via reflection. How does the CLR runtime handle such a scenario? is this a safe practice?

  Read the article

• How to build a builder dynamically with escaped values

  - by dorelal

  Now I know how to build xml without escaping values. http://stackoverflow.com/questions/2693036/how-to-tell-bulider-to-not-to-escape-values However I need to build tags dynamically. Desired result <bank_info>Chase</bank_info> What I have is attr = 'bank_info' builder = Builder::XmlMarkup.new builder.attr { |x| x << 'bank_info' } # does not work I can try making the whole thing as a giant string and eval that. But evaling is not that safe. Is there a better option that I am missing.

  Read the article

• Can Parallel.ForEach be used safely with CloudTableQuery

  - by knightpfhor

  I have a reasonable number of records in an Azure Table that I'm attempting to do some one time data encryption on. I thought that I could speed things up by using a Parallel.ForEach. Also because there are more than 1K records and I don't want to mess around with continuation tokens myself I'm using a CloudTableQuery to get my enumerator. My problem is that some of my records have been double encrypted and I realised that I'm not sure how thread safe the enumerator returned by CloudTableQuery.Execute() is. Has anyone else out there had any experience with this combination?

  Read the article

• My program is getting a false positive from a certain 3 letter Anti Virus Company.

  - by JimDel

  My program is getting a false positive from a certain 3 letter Anti Virus Company. Its just our companies branded version of Ultra VNC. Its only this one company that's identifying it as a virus and we've been using the same copy of that program for almost a year. I know its possible to tell this Anti Virus program the VNC client is safe, but I can't do that for all of our clients. I've tried to find a way to contact this company to see if they can do something to prevent this from happening, but I'm not getting anywhere. Has anyone who's experiened this issue with thier software, found a solution? Thanks

  Read the article

• How do I escape a string for a shell command in nodejs (V8 Javascript engine)?

  - by Maciek

  In nodejs, the only way to execute external commands is via sys.exec(cmd). I'd like to call an external command and give it data via stdin. In nodejs there does yet not appear to be a way to open a command and then push data to it (only to exec and receive its standard+error outputs), so it appears the only way I've got to do this right now is via a single string command such as: var dangerStr = "bad stuff here"; sys.exec("echo '" + dangerStr + "' | somecommand"); Most answers to questions like this have focused on either regex which doesn't work for me in nodejs (which uses Google's V8 Javascript engine) or native features from other languages like Python. I'd like to escape dangerStr so that it's safe to compose an exec string like the one above. If it helps, dangerStr will contain JSON data.

  Read the article

• Aren't passwords written in inputbox vulnerable through a stack trace ?

  - by loursonwinny

  Hello, I am not a guru of the stack tracing, at all. I even don't know how to get some. Anyway, I am wondering if entering a password entered in an inputbox is safe. Can't it be retrieved by getting a stack trace ? A password entered that way will be found in many places : Caption property of the TEdit Result of the function which creates the inputbox probably, a variable that stores the Result of the InputBox Command etc... If the answer is "yes, it is a vulnerability", then my world collapses :p. What can be done to avoid that vulnerability hole ? NOTE : The InputBox is an example but it can be with a "homebrewed" login prompt. InputBox is a Delphi command but I haven't tagged the question with the Delphi tag because I suppose that the question concerns any language. Thanks for reading

  Read the article

• MD5 password twice

  - by NoviceCoding

  I know MD5's safety is under question lately and this is the reason a lot of people are using salt (I dont understand this at all btw) but I was wondering if you wanted to easily implement a safe system in php can you just md5 something twice? like test 098f6bcd4621d373cade4e832627b4f6 fb469d7ef430b0baf0cab6c436e70375 So basically: $val = 'test'; $val = md5($val); $val = md5($val); Would that solve the whole rainbow security stuff? Is there an easy/noob proof way of making secure database passwords in php?

  Read the article

• Can I assume Flash and PHP will generate the same floating point numbers?

  - by Fragsworth

  In a multiplayer game I'm developing, we have a few values that are floating point numbers. The back-end (in PHP) and the front-end (in Flash) occasionally perform the same calculations on these numbers, to minimize communication. I am currently making sure that both sides are using 64-bit doubles, but am I safe to assume that all calculations will be the same? For instance, what about string to float conversion - should I worry about Flash having a potentially different implementation as PHP? (If this happens, our game will go out of sync - the client will think it is in one state while the server is in another) With some testing, it appears to be the same, but I'm just not sure. Can someone clarify this for me?

  Read the article

• iphone threading speed up startup of app

  - by BahaiResearch.com

  I have an app that must get data from the Sqlite database in order to display the first element to the User. I have created a domain object which wraps the DB access and is a thread safe singleton. Is this following strategy optimal to ensure the fastest load given the iPhone's file access and memory management capabilities in threaded apps: 1) In the AppDelegate's FinishedLaunching event the very first thing I do is create the domain singleton within a new thread. This will cause the domain object to go to Sqlite and get the data it needs without locking the UI thread. 2) I then call the standard Window methods to add the View and MakeKeyAndVisible etc. Is there an earlier stage in the AppDelegate where I should fire off the thread that creates the Domain Object and accesses Sqlite?

  Read the article

• Java - Thread safety of ArrayList constructors

  - by andy boot

  I am looking at this piece of code. This constructor delegates to the native method "System.arraycopy" Is it Thread safe? And by that I mean can it ever throw a ConcurrentModificationException? public Collection<Object> getConnections(Collection<Object> someCollection) { return new ArrayList<Object>(someCollection); } Does it make any difference if the collection being copied is ThreadSafe eg a CopyOnWriteArrayList? public Collection<Object> getConnections(CopyOnWriteArrayList<Object> someCollection) { return new ArrayList<Object>(someCollection); }

  Read the article

• STL deque accessing by index is O(1)?

  - by jasonline

  I've read that accessing elements by position index can be done in constant time in a STL deque. As far as I know, elements in a deque may be stored in several non-contiguous locations, eliminating safe access through pointer arithmetic. For example: abc-defghi-jkl-mnop The elements of the deque above consists of a single character. The set of characters in one group indicate it is allocated in contiguous memory (e.g. abc is in a single block of memory, defhi is located in another block of memory, etc.). Can anyone explain how accessing by position index can be done in constant time, especially if the element to be accessed is in the second block? Or does a deque have a pointer to the group of blocks? Update: Or is there any other common implementation for a deque?

  Read the article

• How to protect access to a url?

  - by ibiza

  I would need to create a php file that will do some work on my webserver and that will be called from a program on another server over the internet. Suppose the php file that will do the work is located at www.example.com/work.php What is the best way to protect unsollicited calls to the www.example.com/work.php? What I need is some mechanism so that when the intended program accesses the url (with some query string parameters), the work gets done, but if somebody type www.example.com/work.php in their browser, access will be denied and no work will be done. The way I've thought is to add some 'token' in the querystring that would be constructed by some algorithm from the calling program, a sample result could be to append to the url : ?key=randomKeyAtEachCall&token=SomeHexadecimalResultCalculatedFromTheKey and the key and token would be validated with a reverse algorithm on the php side. Is that safe, Are there any better idea?

  Read the article

• Would you make this method Static or not?

  - by Adam Drummond

  During a code review I presented a method quickly to the team that I had made static and one person agreed that there was no reason for it to not be static and a person disagreed saying that he would not make it static because it wasn't necessary and just to be on the safe side for future modifications and testing. So I did quite a bit of research and obviously it's a specialized case but I would like to know what you would do in this situation and why? (Its basically a helper method I call from a few different methods, a very low traffic page. More for my knowledge and learning on Static.) private IEnumerable<Category> GetCategoryByID(int id, Context context) { var categoryQuery = from selectAllProc in context.SelectAll_sp() where selectAllProc.CategoryID == id select selectAllProc; return categoryQuery; }

  Read the article

• How to recalculate primary index?

  - by JohnM2

  I have table in mysql database with autoincrement PRIMARY KEY. On regular basis rows in this table are being deleted an added. So the result is that value of PK of the latest row is growing very fast, but there is not so much rows in this table. What I want to do is to "recalculate" PK in this way, that the first row has PK = 1, second PK = 2 and so on. There are no external dependencies on PK of this table so it would be "safe". Is there anyway it can be done using only mysql queries/tools? Or I have to do it from my code?

  Read the article

• How to execute a function called many times, only once !

  - by Roesone

  Hello, is there a way to execute a function that is called thousand of times only once ? I have a function that adds items in a container of sort, and there is code in there, that updates lists and other windows (GUI staff). So, if i have to add a million items (the number of which is impossible to tell, anyone could call the function from anywhere), the GUI update mechanism will be called as many as times... Is there a way to tell appart continuous function execution (and ignore it) from discontinuous ? Is there a safe way to execute the update mechanism only the last time the add-item function is called, within a time interval ? Thank you.

  Read the article

• How do to check to see if the user has a Google account.

  - by skrat

  Is there any safe way to detect, on a web page, client side (JS), whether user has an Google/Yahoo/Live/? account? I know about some suspicious ways to do this by styling visited links and then sneaking on computed style attribute, but it's more of a hack, Mozilla and maybe other are planning to crack down on this, as it might be abused. But I need this to allow users more integration with their identity providers, like: Have a Google account? ~ load contacts for sharing from Google Contacts API Have an Yahoo account? ~ load contacts for sharing from Yahoo Contacts API none of the above? show no link I don't want to provide all these options to all visitors, would be nice if I can detect the account, and provide integration only in that case.

  Read the article

• c# Create a unique name with a GUID

  - by Dave Rook

  I am creating a back up solution. I doubt there is anything new in what I'm trying to achieve. Before copying the file I want to take a backup of the destination file in case anything becomes corrupt. This means renaming the file. I have to be careful when renaming in case the file already exists and adding a 01 to the end is not safe. My question is, based upon not finding the answer else where, would adding a GUID to the file name work. So, if my file was called file01.txt, renaming the file to file01.txtGUID (where GUID is the generated GUID), I could then perform my back up of that file (at this instance having 2 back ups) and then, after ensuring the file has copied (by comparing length of file to the source), delete the file with the GUID in the name. I know the GUID is not 100% guaranteed to be unique but would this suffice?

  Read the article

• Need to dynamically-generate a "sticky note" text

  - by gravyface

  Working on a website that has an image of a sticky note which will change text somewhat frequently (every month or so) as new "todo" items are created on it. Font I'm currently using is not Web Safe and the text is slightly angled to match the skew of the sticky note as well. Now I'm a pragmatist, and in situations like this I would normally secede defeat and opt for something more CSS/HTML practical. But no more! I'm falling a bit behind on what's going on with HTML5, CSS3, PNG graphics, Flash (ugh), and/or any other rich visuals. I'm decent with PHP/CSS/JS (jquery), have dabbled in Flash/actionscript too. My question is: what tools/method should I be looking at here?

  Read the article

• PHP Security checklist (injection, sessions etc)

  - by NoviceCoding

  So what kind of things should a person using PHP and MySql be focused on to maximize security. Things I have done: -mysql_real_escape_string all inputs -validate all inputs after escaping em -Placed random alpha numerics before my table names -50character salt + Ripemd passwords Heres where I think I am slacking: -I know know nothing about sessions and securing them. How unsafe/safe is it if all you are doing is: session_start(); $_SESSION['login']= $login; and checking it with: session_start(); if(isset($_SESSION['login'])){ -I heard something about other forms of injection like cross site injection and what not... -And probably many other things I dont know about. Is there a "checklist"/Quicktut on making php secure? I dont even know what I should be worried about.I kinda regret now not building off cakephp since I am not a pro.

  Read the article

• Do mini-filter functions need APCs enabled?

  - by botismarius

  Hello, Many Zw* functions that work with files (such as ZwCreateFile) need to be called at PASSIVE_LEVEL with APCs enabled: http://msdn.microsoft.com/en-us/library/ff566424%28VS.85%29.aspx. This is because, internally, I/O operations are asynchronously and the completion of an operation is delivered through an APC (correct me if I'm wrong). However, the documentation for similar functions from a mini-filter (such as FltCreateFile, FltReadFile, etc) does not specify that APCs should be enabled. Is it safe to call FltCreateFile/FltReadFile with APCs disabled? Thanks!

  Read the article

• Can I have fixed typed ArrayList in C#, just like C++?

  - by Kazoom

  I have an ArrayList which contains fixed type of objects. However everytime I need to extract an object a particular index, I need to typecast it to my user defined type from object type. Is there a way in C# to declare ArrayList of fixed types just like Java and C++, or is there a work around to avoid the typecasting everytime? Edit: I apologize I forgot mentioning that I require the datastructure to be thread-safe, which List is not. Otherwise I would have just used a normal Array. But I want to save myself from the effort of explicitly locking and unlocking while writing the array. So I thought of using ArrayList, synchronize it, but it requires typecasting every time.

  Read the article

< Previous Page | 94 95 96 97 98 99 100 101 102 103 104 105  | Next Page >