Search Results

Search found 483 results on 20 pages for 'dangerous'.

Page 1/20 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Dangerous programming

    - by benhowdle89
    Ok, i'm talking pure software/web, i'm not on about code to power Life Support machines or NASA rockets. In terms of software/web development what is the most dangerous single piece of code someone could put into a program (say if they had a grudge against a client/employee) In PHP, the first thing that comes to mind is some sort of file deletion: function EmptyDir($dir) { $handle=opendir($dir); while (($file = readdir($handle))!==false) { echo "$file <br>"; @unlink($dir.'/'.$file); } closedir($handle); } EmptyDir('images'); Or a PHP script that takes a user's sensitive input and posts it to Google sitemap or something? I hope this doesnt get closed off as subjective as there surely must be a ranking order of dangerous code. So i'm asking for the No.1 spot :) DISCLAIMER: I have no grudges against anyone, just curious for the answer!

    Read the article

  • IntegrationTests - A potentially dangerous Request.Path value was detected from the client

    - by stacker
    I get this error: A potentially dangerous Request.Path value was detected from the client (?). when this URI: http://www.site.com/%3f. How can I write a integration test for this type of errors. I want to test against all this erros: A potentially dangerous Request.Path value was detected from the client A potentially dangerous Request.Cookies value was detected from the client A potentially dangerous Request.Form value was detected from the client A potentially dangerous Request.QueryString value was detected from the client

    Read the article

  • TOP 25 Most Dangerous Software Errors for 2010

    - by TATWORTH
    A top 25 most dangerous list of software errors has been published at http://www.sans.org/top25-software-errors/ Insterestingly the top error listed was cross site scripting. So what do you do if have to accept HTML input? I suggest that write a white list filter function to allow through only acceptable mark-up. A basis for such a function can be found in the common filter function at http://commonfilter.codeplex.com/

    Read the article

  • Data migration - dangerous or essential?

    - by MRalwasser
    The software development department of my company is facing with the problem that data migrations are considered as potentially dangerous, especially for my managers. The background is that our customers are using a large amount of data with poor quality. The reasons for this is only partially related to our software quality, but rather to the history of the data: Most of them have been migrated from predecessor systems, some bugs caused (mostly business) inconsistencies in the data records or misentries by accident on the customer's side (which our software allowed by error). The most important counter-arguments from my managers are that faulty data may turn into even worse data, the data troubles may awake some managers at the customer and some processes on the customer's side may not work anymore because their processes somewhat adapted to our system. Personally, I consider data migrations as an integral part of the software development and that data migration can been seen to data what refactoring is to code. I think that data migration is an essential for creating software that evolves. Without it, we would have to create painful software which somewhat works around a bad data structure. I am asking you: What are your thoughts to data migration, especially for the real life cases and not only from a developer's perspecticve? Do you have any arguments against my managers opinions? How does your company deal with data migrations and the difficulties caused by them? Any other interesting thoughts which belongs to this topics?

    Read the article

  • Data migration - dangerous or essential?

    - by MRalwasser
    The software development department of my company is facing with the problem that data migrations are considered as potentially dangerous, especially for my managers. The background is that our customers are using a large amount of data with poor quality. The reasons for this is only partially related to our software quality, but rather to the history of the data: Most of them have been migrated from predecessor systems, some bugs caused (mostly business) inconsistencies in the data records or misentries by accident on the customer's side (which our software allowed by error). The most important counter-arguments from my managers are that faulty data may turn into even worse data, the data troubles may awake some managers at the customer and some processes on the customer's side may not work anymore because their processes somewhat adapted to our system. Personally, I consider data migrations as an integral part of the software development and that data migration can been seen to data what refactoring is to code. I think that data migration is an essential for creating software that evolves. Without it, we would have to create painful software which somewhat works around a bad data structure. I am asking you: What are your thoughts to data migration, especially for the real life cases and not only from a developer's perspecticve? Do you have any arguments against my managers opinions? How does your company deal with data migrations and the difficulties caused by them? Any other interesting thoughts which belongs to this topics?

    Read the article

  • I get error "A potentially dangerous Request.Form value was detected from the client" inspite of the

    - by VJ
    I am using ASP.NET 4.0 and MVC 2 I have added these lines which i found in other articles - To the Web-Config - <httpRuntime requestValidationMode="2.0"/> To the Controller - <ValidateInput(False), AcceptVerbs(HttpVerbs.Post)> To the View Page - <%@ Page ValidateRequest="false" %> But still gives me "A potentially dangerous Request.Form value was detected from the client" I am trying to use the Markitp editor in this way - <%= Html.TextAreaFor( model => model.Description,"markitup")%>

    Read the article

  • You may get "A potentially dangerous Request.QueryString value was detected from the client" after u

    - by anas
    I was upgradting one of the DNN portals to ASP.NET 4.After Upgrading completed and when i configured it to run under asp.net 4 in iis, I started to get that exception on every postback. The mentioned exception is happening because in ASP.NET 4, the request validation is now being called for every asp.net resource like web services and other httphandlers.As a result, you may get that exception even if you turned off the RequestValidation via: <pages validateRequest="false" .... section. This is...(read more)

    Read the article

  • Properly Label Your Dangerous Projects

    - by Jason Fitzpatrick
    In the pursuit of science, fun, and laser-fueled hijinks, we often undertake projects that really should be labeled more properly. Download this effective label to visually warn “No really, you’ll burn the house down”. Courtesy of Flattr at Thingiverse, you can grab a copy of the “Warning: Will Burn Your House Down” graphic in high resolution image formats suitable for silk screening, laser engraving, or plain old fashioned sign printing. Warning: Will Burn Your House Down [Thingiverse via Make] How To Encrypt Your Cloud-Based Drive with BoxcryptorHTG Explains: Photography with Film-Based CamerasHow to Clean Your Dirty Smartphone (Without Breaking Something)

    Read the article

  • Ransomware: Why This New Malware is So Dangerous and How to Protect Yourself

    - by Chris Hoffman
    Ransomware is a type of malware that tries to extort money from you. One of the nastiest examples, CryptoLocker, takes your files hostage and holds them for ransom, forcing you to pay hundreds of dollars to regain access. Most malware is no longer created by bored teenagers looking to cause some chaos. Much of the current malware is now produced by organized crime for profit and is becoming increasingly sophisticated. How Ransomware Works Not all ransomware is identical. The key thing that makes a piece of malware “ransomware” is that it attempts to extort a direct payment from you. Some ransomware may be disguised. It may function as “scareware,” displaying a pop-up that says something like “Your computer is infected, purchase this product to fix the infection” or “Your computer has been used to download illegal files, pay a fine to continue using your computer.” In other situations, ransomware may be more up-front. It may hook deep into your system, displaying a message saying that it will only go away when you pay money to the ransomware’s creators. This type of malware could be bypassed via malware removal tools or just by reinstalling Windows. Unfortunately, Ransomware is becoming more and more sophisticated. One of the latest examples, CryptoLocker, starts encrypting your personal files as soon as it gains access to your system, preventing access to the files without knowing the encryption key. CryptoLocker then displays a message informing you that your files have been locked with encryption and that you have just a few days to pay up. If you pay them $300, they’ll hand you the encryption key and you can recover your files. CryptoLocker helpfully walks you through choosing a payment method and, after paying, the criminals seem to actually give you a key that you can use to restore your files. You can never be sure that the criminals will keep their end of the deal, of course. It’s not a good idea to pay up when you’re extorted by criminals. On the other hand, businesses that lose their only copy of business-critical data may be tempted to take the risk — and it’s hard to blame them. Protecting Your Files From Ransomware This type of malware is another good example of why backups are essential. You should regularly back up files to an external hard drive or a remote file storage server. If all your copies of your files are on your computer, malware that infects your computer could encrypt them all and restrict access — or even delete them entirely. When backing up files, be sure to back up your personal files to a location where they can’t be written to or erased. For example, place them on a removable hard drive or upload them to a remote backup service like CrashPlan that would allow you to revert to previous versions of files. Don’t just store your backups on an internal hard drive or network share you have write access to. The ransomware could encrypt the files on your connected backup drive or on your network share if you have full write access. Frequent backups are also important. You wouldn’t want to lose a week’s worth of work because you only back up your files every week. This is part of the reason why automated back-up solutions are so convenient. If your files do become locked by ransomware and you don’t have the appropriate backups, you can try recovering them with ShadowExplorer. This tool accesses “Shadow Copies,” which Windows uses for System Restore — they will often contain some personal files. How to Avoid Ransomware Aside from using a proper backup strategy, you can avoid ransomware in the same way you avoid other forms of malware. CryptoLocker has been verified to arrive through email attachments, via the Java plug-in, and installed on computers that are part of the Zeus botnet. Use a good antivirus product that will attempt to stop ransomware in its tracks. Antivirus programs are never perfect and you could be infected even if you run one, but it’s an important layer of defense. Avoid running suspicious files. Ransomware can arrive in .exe files attached to emails, from illicit websites containing pirated software, or anywhere else that malware comes from. Be alert and exercise caution over the files you download and run. Keep your software updated. Using an old version of your web browser, operating system, or a browser plugin can allow malware in through open security holes. If you have Java installed, you should probably uninstall it. For more tips, read our list of important security practices you should be following. Ransomware — CryptoLocker in particular — is brutally efficient and smart. It just wants to get down to business and take your money. Holding your files hostage is an effective way to prevent removal by antivirus programs after it’s taken root, but CryptoLocker is much less scary if you have good backups. This sort of malware demonstrates the importance of backups as well as proper security practices. Unfortunately, CryptoLocker is probably a sign of things to come — it’s the kind of malware we’ll likely be seeing more of in the future.     

    Read the article

  • The most dangerous SQL Script in the world!

    - by DrJohn
    In my last blog entry, I outlined how to automate SQL Server database builds from concatenated SQL Scripts. However, I did not mention how I ensure the database is clean before I rebuild it. Clearly a simple DROP/CREATE DATABASE command would suffice; but you may not have permission to execute such commands, especially in a corporate environment controlled by a centralised DBA team. However, you should at least have database owner permissions on the development database so you can actually do your job! Then you can employ my universal "drop all" script which will clear down your database before you run your SQL Scripts to rebuild all the database objects. Why start with a clean database? During the development process, it is all too easy to leave old objects hanging around in the database which can have unforeseen consequences. For example, when you rename a table you may forget to delete the old table and change all the related views to use the new table. Clearly this will mean an end-user querying the views will get the wrong data and your reputation will take a nose dive as a result! Starting with a clean, empty database and then building all your database objects using SQL Scripts using the technique outlined in my previous blog means you know exactly what you have in your database. The database can then be repopulated using SSIS and bingo; you have a data mart "to go". My universal "drop all" SQL Script To ensure you start with a clean database run my universal "drop all" script which you can download from here: 100_drop_all.zip By using the database catalog views, the script finds and drops all of the following database objects: Foreign key relationships Stored procedures Triggers Database triggers Views Tables Functions Partition schemes Partition functions XML Schema Collections Schemas Types Service broker services Service broker queues Service broker contracts Service broker message types SQLCLR assemblies There are two optional sections to the script: drop users and drop roles. You may use these at your peril, particularly as you may well remove your own permissions! Note that the script has a verbose mode which displays the SQL commands it is executing. This can be switched on by setting @debug=1. Running this script against one of the system databases is certainly not recommended! So I advise you to keep a USE database statement at the top of the file. Good luck and be careful!!

    Read the article

  • Is a disk/ata timeout exception dangerous?

    - by j-g-faustus
    I have a few hard drives in mdadm RAID 5 configured to go to standby after a few minutes of inactivity. (Using hdparm.conf spindown_time.) At irregular intervals I get messages like these in dmesg: [ 1840.251661] ata4.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x6 frozen [ 1840.251722] ata4.00: failed command: SMART [ 1840.251758] ata4.00: cmd b0/d5:01:06:4f:c2/00:00:00:00:00/00 tag 0 pio 512 in [ 1840.251759] res 40/00:14:50:2e:04/00:00:02:00:00/40 Emask 0x4 (timeout) [ 1840.251858] ata4.00: status: { DRDY } [ 1840.251888] ata4: hard resetting link [ 1840.600742] ata4: SATA link up 3.0 Gbps (SStatus 123 SControl 300) [ 1840.601521] ata4.00: configured for UDMA/133 [ 1840.601547] ata4: EH complete [337877.713988] ata4.00: exception Emask 0x0 SAct 0x0 SErr 0x0 action 0x6 frozen [337877.714019] ata4.00: failed command: SMART [337877.714038] ata4.00: cmd b0/d5:01:06:4f:c2/00:00:00:00:00/00 tag 0 pio 512 in [337877.714039] res 40/00:04:90:10:81/00:00:00:00:00/40 Emask 0x4 (timeout) [337877.714089] ata4.00: status: { DRDY } [337877.714107] ata4: hard resetting link [337878.063085] ata4: SATA link up 3.0 Gbps (SStatus 123 SControl 300) [337878.063743] ata4.00: configured for UDMA/133 [337878.063764] ata4: EH complete I think the exception is caused by smartd when a drive does not wake up quickly enough. There are no issues (that I can tell) in accessing the drives normally through the file system - it takes a few seconds longer than normal when they are asleep, but there are no exceptions. Is this something I should worry about, as a potential symptom on something that could corrupt a drive over time? Or can I safely ignore it as part of normal operation? Edit: By request: smartctl -a for sdaand sde, both disks are members of the array. If ata4is the same as scsi-4 then sde is the one that gave the error above, according to /dev/disk/by-path.

    Read the article

  • Think Before You Leap - Life is Dangerous for Change Agents

    - by technodrone
    So you want to introduce agile methods to your team... The following are some "lessons learned" when from someone who advocated agile/scrum to a group that was not ready for it. "Change agents, in my experience, face negative consequences. Sometimes, most of the time at the beginning, it's painful. This is the question you might have to ask yourself. Do you want to be a developer in scrum project or do you want be a scrum master managing the process? I think with proper mentoring/training, you can become good scrum master. But is that what you want? if yes, you can go ahead, take the training. if you want to be a developer, you may not need to be certified  as scrum master. You can just pick up from a book such as Mike Cohn new book Succeeding with Agile, I am reading it now. It's good. In my experience, I did waste my resources by trying to change the culture. It cost me lot. Instead, I should have focused on technical practices that are core to agile. Then look for teams that are good at agile. I would have saved lot of energy, and time. Try baby steps first yourself in the company, and next with the team, starting with technical practices like writing unit tests, SOLID principles, patterns, refactoring, continuous integration, pairing, and peer code reviews. These have inherent pull that can bring collaboration from a team.  Once you see team adaption in core practices, then you can introduce scrum concepts like user stories/task board etc.  This idea of Leading by example seems to be working for most of the agile folks. You can pitch core practices to the manager, and the team, and start showing them how you are doing.  You can put a road map for agile adaption and you can pitch to your manager. I would include need for scrum master training as part of the road map. " I thought about his advice for a couple of weeks and read about the pitfalls of technical debt and the team not having prior awareness of agile methods. The more I read and think about it the more I think he was right.  What do you think?

    Read the article

  • Signs that a SQL statement is dangerous

    - by Matt
    Hi, I want to develop a function in PHP that checks how dangerous a SQL statement is. When i say dangerous i mean, certain symbols, characters or strings that are used to get data from a database that the user shouldnt see. For example: SELECT * FROM users WHERE userId = '1' can be injected in several ways. Although i clean the params, i also want to monitor how safe the query is to run. Thanks in advance

    Read the article

  • Running a Check-Disk (Is it dangerous)

    - by vaccano
    I have a lap top that a friend of mine would like me to fix. It is giving a blue screen on boot up. When I looked up the error message it indicates that I should run a check disk. Is this dangerous? Should I try to off load stuff from the hard drive first? I ask because I had a hard drive of my own that when I ran check disk it wiped a bunch of "bad sectors" and I lost most of the info on it (but it had been going bad). Opinions?

    Read the article

  • A potentially dangerous Request.Form value was detected: Dealing with these errors proactively, or a

    - by Albert
    I'm noticing this error more and more in my error logs. I've read through the questions here talking about this error, but they don't address what I would like to do (see below). I'm considering three options, in the order of preference: 1) When submitting a form (I use formviews almost exclusively, if that helps), if potentially dangerous characters are detected, automatically strip them out and submit. 2) When submitting a form, if potentially dangerous characters are detected, alert the user and let them fix it before trying again. 3) After the exception is generated, deal with it and alert the user. I'm hoping one of the first two options might be able to do somewhat globally...I know for the 3rd I'd have to alter a TON of Try-Catch blocks I already have in place. Doable, but labor intensive. I'd rather be proactive about it if at all possible and avoid the exception all together. Perhaps one approach to #1 would be to write a block of code that could loop through all text entry fields in a formview, during the insert/update event, and strip the characters out. I'm ok with that, but I'd rather not have to heavily alter all my Insert/Update events to accomplish this. Or maybe I just create a different class to do the text checking/deleting, and only insert 1 line of code in each Insert/Update event. If anyone can come up with some example code of any of these approaches that would be a help. Thanks for any ideas or information. I'm definitely open to other solutions too; these are only the 3 that came to mind. I can say that I don't want to turn request validation off though.

    Read the article

  • How dangerous can javascript be?

    - by CrazyJugglerDrummer
    I have recently started using noscript (in addition to ABP). It took a little while to get used to it and can occasionally require some clicking when visiting a new site to investigate why the site's not working and where I need to allow javascript from. Is the extra security worth it? Some of the controversy is discussed here. I suppose it boils down to a matter of whether javascript is a genuine threat to your computer or not. Any thoughts on this?

    Read the article

  • Set process priority to High: Dangerous?

    - by eek142
    I have read that setting something to realtime is a big no-no, so I am not going to do that. But I do have an application that I need to make sure always has the highest priority on my system as it is critical for the rest of the applications I am running. Is there any danger in setting the priority to high, which is one level below realtime? Also, how would I be able to do this by changing the shortcut target? What is the command?

    Read the article

  • Forward spam is dangerous for my domain repute?

    - by Memiux
    I have Postfix with spamassassin and forward the emails (including spam) to gmail.com, my problem is that when I send "legitimate" emails to gmail.com it is marked as spam, I've done everything that the guidelines said like signing with DKIM, setup a SPF for my domains, require authentication for outbound mails, etc. Now I wonder what I'm doing wrong?

    Read the article

  • A potentially dangerous Request.Form value in MVC 2 & ASP.NET 4.0

    - by Veton
    When I trying to send form containing value with xml, I get HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client All approaches I found: <%@ Page ValidateRequest="false" %> in .aspx-file. <pages validateRequest="false" /> in web.config. [ValidateInput(false)] on controller's action. don't help me. Hope for any advice.

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >