Daily Archives

Articles indexed Monday March 22 2010

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 33/125 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • How to know if all the Thread Pool's thread are already done with its tasks?

    - by mcxiand
    I have this application that will recurse all folders in a given directory and look for PDF. If a PDF file is found, the application will count its pages using ITextSharp. I did this by using a thread to recursively scan all the folders for pdf, then if then PDF is found, this will be queued to the thread pool. The code looks like this: //spawn a thread to handle the processing of pdf on each folder. var th = new Thread(() => { pdfDirectories = Directory.GetDirectories(pdfPath); processDir(pdfDirectories); }); th.Start(); private void processDir(string[] dirs) { foreach (var dir in dirs) { pdfFiles = Directory.GetFiles(dir, "*.pdf"); processFiles(pdfFiles); string[] newdir = Directory.GetDirectories(dir); processDir(newdir); } } private void processFiles(string[] files) { foreach (var pdf in files) { ThreadPoolHelper.QueueUserWorkItem( new { path = pdf }, (data) => { processPDF(data.path); } ); } } My problem is, how do i know that the thread pool's thread has finished processing all the queued items so i can tell the user that the application is done with its intended task?

    Read the article

  • How can I reliably set the class attr w/JavaScript on IE, FF, Chrome, etc.?

    - by Alloi
    Hi, I am using the below js code in order to change the class when a link is clicked. document.getElementById("gifts").setAttribute("class", "gkvSprite selected"); This is not working in IE but it does in FF and Chrome Then I changed the code to : document.getElementById("gifts").setAttribute("className", "gkvSprite selected"); Then it worked in IE stopped working in FF and Chrome. Could someone please help me out here? Thanks in Advance Alloi

    Read the article

  • Dynamic Variable Names in Included Module in Ruby?

    - by viatropos
    I'm hoping to implement something like all of the great plugins out there for ruby, so that you can do this: acts_as_commentable has_attached_file :avatar But I have one constraint: That helper method can only include a module; it can't define any variables or methods. Here's what the structure looks like, and I'm wondering if you know the missing piece in the puzzle: # 1 - The workhorse, encapsuling all dynamic variables module My::Module def self.included(base) base.extend ClassMethods base.class_eval do include InstanceMethods end end module InstanceMethods self.instance_eval %Q? def #{options[:my_method]} "world!" end ? end module ClassMethods end end # 2 - all this does is define that helper method module HelperModule def self.included(base) base.extend(ClassMethods) end module ClassMethods def dynamic_method(options = {}) include My::Module(options) end end end # 3 - send it to active_record ActiveRecord::Base.send(:include, HelperModule) # 4 - what it looks like class TestClass < ActiveRecord::Base dynamic_method :my_method => "hello" end puts TestClass.new.hello #=> "world!" That %Q? I'm not totally sure how to use, but I'm basically just wanting to somehow be able to pass the options hash from that helper method into the workhorse module. Is that possible? That way, the workhorse module could define all sorts of functionality, but I could name the variables whatever I wanted at runtime.

    Read the article

  • Managing attachmnet files with same name and different content.

    - by Pari
    Hi, I am extracting attachment from Inbox,Send,Drafts e.t.c. mails. And saving them in a folder. Using below logic: http://stackoverflow.com/questions/1361695/how-to-access-attachments-from-notes-mail But problem i am facing here is. Attachment having same type and name but different content. In current situation it is replacing old file with new one. How i can uniquely manage this attachment for different mails.

    Read the article

  • "RepeatForUnit" item missing in Calender entry?

    - by Pari
    Hi, I am accessing RepeatForUnit to manage "Repeats" in Lotus Notes. String RepeatForUnit = (string)((object[])docCalendarDoc.GetItemValue("RepeatForUnit"))[0]; Initially i was getting "D" for Daily event, "W" for Weekly and "Y" for Yearly. But now properties field not showing any of this value even after adding Repeat in calender.It is not visible in Properties list of Lotus Notes Calender and showing "" (black entry) for above code. I am not getting why this is happening.Can anybody help me out in this?

    Read the article

  • Using a JMS Session from different threads

    - by Evan
    From the javadoc for Session it states: A Session object is a single-threaded context for producing and consuming messages. So I understand that you shouldn't use a Session object from two different threads at the same time. What I'm unclear on is if you could use the Session object (or children such as a Queue) from a different thread than the one it created. In the case I'm working on, I'm considering putting my Session objects into a pool of available sessions that any thread could borrow from, use, and return to the pool when it is finished with it. Is this kosher? (Using ActiveMQ BTW, if that impacts the answer at all.)

    Read the article

  • Managing Lotus Notes Mail Format using C#

    - by Pari
    Hi, I am accessing mail body and fetching it in another mail. But i am not getting original format of previous mail in new mail. Problem i am facing in this situation are: Not getting images in destination mail. Font is also varying. I am accessing mail body as follows: NotesRichTextItem rtItem = (NotesRichTextItem)docInbox.GetFirstItem("Body"); String Body = rtItem.GetFormattedText(false , 0); String bodyFormat = rtItem.type.ToString(); also tried this code: NotesItem itemBody = docInbox.GetFirstItem("Body"); String bodyFormat = itemBody.type.ToString(); String Body = itemBody.Text; But not getting solution in both case.

    Read the article

  • How to get Attachment value from "$File" Item? using C# (Lotus Notes).

    - by Pari
    Hi, I am trying to access Attachment names form "$File" (Lotus Notes). NotesView inbox = _serverDatabase.GetView("($Inbox)"); NotesDocument docInbox = inbox.GetFirstDocument(); NotesItem file = docInbox.GetFirstItem("$File"); String fileType = file.type.ToString(); ( getting fileType value "ATTACHMENT" for mail containing attachments) I am not getting solution given in: http://stackoverflow.com/questions/1361695/how-to-access-attachments-from-notes-mail

    Read the article

  • Troubles with my open id provider. How to debug ?

    - by Stefano Borini
    I have my own openid provider on my website, with phpmyid. It worked flawlessly until now, but apparently now it's not working anymore. I am unable to login anywhere I tried. How can I debug what's going on, to understand where's the problem ? I can add more details if required, but if I can figure it out by myself without having to paste stuff it would be better.

    Read the article

  • Enforce "spaces" or "tabs" only in python files ?

    - by edomaur
    In Python, is there a mean to enforce the use of spaces or tabs indentation with a per file basis ? Well, perhaps "enforce" is too strong, its more like "recommands". I keep getting files with mixed indentation and this is annoying... (to say the least) Python itself can tell when there is a problem, but I am searching something to do that at the editor level, like it exists for the charset.

    Read the article

  • Draw gridlines in C# form

    - by Jaosn
    Basically, i have it drawn out but i would like to scale it to a fixed cm scale like 0.3, 0.5 cm, 0.7cm and 1 cm respectively. How can i make sure that it is of a fixed scale?

    Read the article

  • LocalHost in share path?

    - by bugtussle
    I am setting up in a test environment and need to save some paths in a database but dont want to edit the paths when we go to production. My idea being that I could create a share on both servers and use a generic name like LocalHost instead of TestServer for the paths. Example: \\LocalHost\Docs I have used a mapped drive temporarily but was curious if there is another magic word like localhost that works with share paths?

    Read the article

  • Processing incoming email

    - by Mike Schots
    How do I programmatically read an incoming email with .NET. I need a method to take the content of email message (in this case XML) on a POP server and read it into my application. Ideally this could be solved by: .NET code that I can run as a background task on my webserver to process the email. A service that can POST the contents of the email to my webserver. Although I'm open to other options. EDIT: Copied from the "non-answer": Currently, we're looking at using the email accounts our hosting company provides. Our own mail server could potentially be an option, but its something the we'd need to contact the host about.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40  | Next Page >