Search Results

Search found 631 results on 26 pages for 'yyy i 777'.

Page 10/26 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17 | Next Page >

Lack of security in many PHP applications?

- by John

Over the past year of freelancing, I inherited two web projects, both of them built in PHP, both of them with sensitive information like credit card info, bank info, etc... In one application, when I typed http://thecompany.com/admin/, and without being asked for a username and password, I saw every user's sensitive information, including credit card numbers, bank account numbers etc... In another application, I was able to bypass the login screen by simply typing http://the2ndcompany.com/customer.php?user_id=777, and again, without any prompts for username and password, i was able to see user 777's credit card info. I cycled through a few more user_ids (any integer) and saw each person's credit card info. Is something wrong here? Or is this the quality of work that the "average" programmer produces? Because if this is what the average programmer produces, does that means I'm an...gasp...elite programmer?? No..that can't be right....something doesn't make sense. So my question is, is it just coincidence that I inherited two applications both of which are dangerously lacking in security? Or are there are a lot of bad PHP programmers out there?

Read the article
python json_encode throws KeyError exception

- by MattM

In a unit test case that I am running, I get a KeyError exception on the 4th json object in the json text below. I went through the sub-objects and found that it was the "cpuid" object that is the offending object, but I am completely at a loss as to what is wrong with the formatting. response = self.app.post( '/machinestats', params=dict(record=self.json_encode([ {"type": "crash", "instance_id": "xxx", "version": "0.2.0", "build_id": "unknown", "crash_text": "Gah!"}, {"type": "machine_info", "machine_info": "I'm awesome.", "version": "0.2.0", "build_id": "unknown", "instance_id": "yyy"}, {"machine_info": "Soup", "crash_text": "boom!", "version": "0.2.0", "build_id": "unknown", "instance_id": "zzz", "type": "crash"}, {"build_id" : "unknown", "cpu_brand" : "intel", "cpu_count" : 4, "cpuid": { "00000000": {"eax" :123,"ebx" :456, "ecx" :789,"edx" :321}, "00000001": {"eax" :123,"ebx" :456, "ecx" :789,"edx" :321}}, "driver_installed" : True, "instance_id" : "yyy", "version" : "0.2.0", "machine_info" : "I'm awesome.", "os_version" : "linux", "physical_memory_mib" : 1024, "product_loaded" : True, "type" : "machine_info", "virtualization_advertised" : True} ])))

Read the article
MonoDevelop seems to hang (not unresponsive) when building csprojs

- by Michael Shimmins

Building a solution from Visual Studio in mono develop seems to have some issues. I'm hoping someone else has experienced this and has some suggestions. The actual dcms process goes pretty quickly, but in between projects it hangs after printing: Building: XXX.YYY.ZZZ (Debug) After a few minutes (been 10 so far on this current run), it jumps to: Performing main compilation... /Library/Frameworks/Mono.framework/Versions/2.10.1/bin/dmcs /noconfig "/... Build complete -- 0 errors, 0 warnings Building: XXX.YYY.ZZZ (Debug) Then hangs again for another few minutes. This is a sln file with 29 csproj projects in it that was originally created in Visual Studio 2010. I'm wondering if there is a better way to set this up - potentially a native MD file format?

Read the article
Switch statement for string matching in JavaScript

- by yaya3

How do I write a swtich for the following conditional? If the url contains "foo", then settings.base_url is "bar". The following is achieving the effect required but I've a feeling this would be more manageable in a switch: var doc_location = document.location.href; var url_strip = new RegExp("http:\/\/.*\/"); var base_url = url_strip.exec(doc_location) var base_url_string = base_url[0]; //BASE URL CASES // LOCAL if (base_url_string.indexOf('xxx.local') > -1) { settings = { "base_url" : "http://xxx.local/" }; } // DEV if (base_url_string.indexOf('xxx.dev.yyy.com') > -1) { settings = { "base_url" : "http://xxx.dev.yyy.com/xxx/" }; } Thanks

Read the article
Changing href atribute

- by ferrucio

In need to change a part of this href: <a href="media/xxxxx-yyy.jpg">large pic</a> I have some designs, and some colors, xxxxx stands for designnumber and yyy for colornumber, when one of the designs is clicked or one of the colors the href should change according to the value: <a href="#">design1</a> <a href="#">design2</a> <a href="#">design3</a> <a href="#">color1</a> <a href="#">color2</a> <a href="#">color3</a> Is there any way to do this with JQuery?

Read the article
User's possibilities on site

- by Lari13

I want to build a system on the website, that allows users to do some things depend on their rating. For example I have rule for rating value X: 1 post in 3 days 10 comments in 1 day 20 votes in 2 days for rating value Y, rule may be following: 3 post in 1 day 50 comments in 1 day 30 votes in 1 day Each night I recalculate users' ratings, so I know what each user is able to do. Possibilities don't sum or reset on each rating's recalculation. One more important thing is that admin can fill concrete user's possibilities at any time. What is optimal database (MySQL) structure for desired? I can count what concrete user has done: SELECT COUNT(*) FROM posts WHERE UserID=XXX AND DateOfPost >= 'YYY' SELECT COUNT(*) FROM comments WHERE UserID=XXX AND CommentOfPost >= 'YYY' But how can I do admin filling possibilities in this case?

Read the article
Creating new Entities from Stored Procedure

- by SK

I have a stored procedure that retrieves existing rows from a table and also creates includes new rows that match the table definition and mapped entity (.net 3.5 entity framework). These new rows are not written to the database in the stored procedure. The stored procedure executes, but the new rows that were created will not load the navigation properties sucessfully i.e. the rows that do not actually exist in the database. e.g. database rows: key, data, FK 1, xxx, a 2, xxx, b returned rows from stored procedure: key, data, FK 1, xxx, a 2, xxx, b 3, yyy, a 4, yyy, b The entity will load FK entities a and b for rows 1 and 2, but for rows 3 and 4 the FK entity is null. Do I somehow need to add the new rows to the data context? or turn off tracking?

Read the article
how to retrieve substring from string having variable length of character in php?

- by user187580

Hello I have some data in the format of C222 = 50 C1234P687 = 'some text' C123YYY = 'text' C444 = 89 C345 = 3 C122P687 = 'some text' C122YYY = 'text' .... .... so basically 3 different forms "C" number = value, example - C444 = 89 "C" number "P" number = value, example - C123P687 = 'some text' "C" number "YYY" = value Only number is of variable length on the left side of (=) sign. Values vary. I want to store the data in db as INSERT INTO datatable c_id = "number after C" p_id = "number after P" // if it exists for a line of data value = 'value' yyy = 'value' Any ideas how to retrieve these numbers? Thanks

Read the article
apache2: Could not open configuration file /etc/apache2/apache2.conf: Permission denied

- by AntonChanning

I recently upgraded Ubuntu to the latest LTS edition on my work laptop, which I use as a LAMP development platform. The upgrade was from 12.4 to 14.4. Now I'm having trouble getting apache up and running again. Here is the output from an attempt: antonc@antonc-laptop:/etc/apache2$ sudo service apache2 restart * Restarting web server apache2 * The apache2 configtest failed. Output of config test was: apache2: Could not open configuration file /etc/apache2/apache2.conf: Permission denied Action 'configtest' failed. The Apache error log may have more information. Here is a list of permissions and ownership in /etc/apache, showing that apache2.conf is currently owned by root with permissions 644. I changed this temporarily to 777, but this made no difference, so I changed it back to 644. antonc@antonc-laptop:/etc/apache2$ ls -l total 80 -rw-r--r-- 1 root root 7115 Jan 7 2014 apache2.conf ... What do I need to do to get apache running again? Is the problem really with apache2.conf or some other setting? Should the conf file be owned by a user other than root?

Read the article
read and write permission for FAT32 partition in Ubuntu

- by Dean

This is a strange problem. I have the following partition table Device Boot Start End Blocks Id System /dev/sda1 * 1 13 102400 7 HPFS/NTFS Partition 1 does not end on cylinder boundary. /dev/sda2 13 5737 45978624 7 HPFS/NTFS /dev/sda3 5738 10600 39062047+ 83 Linux /dev/sda4 10601 19457 71143852+ 5 Extended /dev/sda5 10601 11208 4883728+ 82 Linux swap / Solaris /dev/sda6 11209 15033 30720000 b W95 FAT32 /dev/sda7 15033 19457 35537920 7 HPFS/NTFS I dual boot Win7 (sda2) and Ubuntu (sda3) and wanted to use the FAT23 partition to share files across two OS's. I followed some online tutorial and have done these: sudo mkdir /media/FAT32 sudo chmod 777 /media/FAT32 sudo mount /dev/sda6/ /media/FAT32 after I mounted the file, I can only read but not be able to write to it. I checked the file permission, it becomes: drwxr-xr-x but after I unmounted the it then becomes drwxrwxrwx and I can read and write to it. very strange. I don't know where I've down wrong. Cheers.

Read the article
Lighttpd getting 403 forbidden page

- by Ramesh

i have newly installed lighttpd in ubuntu 9.10 first it showed the detault page and i changed the permission of /var/www/ directory to 777 and now its saying 404 forbidden my php-cgi -v PHP 5.2.10-2ubuntu6.4 with Suhosin-Patch 0.9.7 (cgi-fcgi) (built: Jan 6 2010 22:34:28) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies php -v PHP 5.2.10-2ubuntu6.4 with Suhosin-Patch 0.9.7 (cli) (built: J 6) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies and i have added these line in lighttpd.conf file fastcgi.server = ( ".php" = (( "bin-path" = "/usr/bin/php-cgi", "socket" = "/tmp/php.socket" ))) still getting same error....

Read the article
mysql UDF : fopen = permission denied

- by lindenb

Hi All, this is question I already asked on SO but I wonder if this could be a SysAdmin problem. I'm trying to create a mysql UDF function , this function calls "fopen/fclose" to read a flat file stored in /data. But using errno (yes, I know it is bad in a MT program...) I can see that the function cannot open my file: "Permission denied" I tried to do a chmod -R 755 /data (as well as 777, chown -R mysql:mysql /data etc...) but it didn't change anything. when I copied the flat file to /tmp : OK, my UDF was able to 'fopen' the file. I'm puzzled. currently , I've got: drwxrwxrwx 4 pierre root 4096 2010-05-26 16:51 /data drwxrwxrwx 3 pierre root 4096 2010-05-18 09:41 /data/dir1 drwxrwxrwx 3 pierre root 4096 2010-05-18 09:41 /data/dir1/dir2 drwxrwxrwx 4 pierre root 4096 2010-05-18 10:27 /data/dir1/dir2/dir3 -rw-r--r-- 1 pierre root 50685268 2005-12-10 00:01 /data/dir1/dir2/dir3/myfile.txt Any idea ?

Read the article
Ubuntu - changing another users file permissions

- by Cameron

I have setup Ubuntu as a development web server - however I am experiencing problems with file permissions. I have 2 users, user1 and user2, and they both have been put into the group www-data. I have uploaded a new file with user1 so the file is owned by user1 and the www-data group. At present if user2 wants to modify the permissions on that file to say 777 - they cannot. Is there a way to allow any users within a group to be able to modifiy permissions etc.. on this file? I have tried changing umask to 002 and a few other combinations that were suggested without luck.

Read the article
Installing a wiki on Snow Leopard

- by JPCF

Hi... I want to instal twiki on my mac and server it from ~/Sites. Because the wiki has code to be run, I have to modify the user and group of wiki's files and directories, but I'm not sure about: 1) It is secure to change the user and group to the web server's group? If not what can I do having into account that I'll not put 777 permissions on those files? 2) How are named apache and web user groups? Thanks...

Read the article
directory listing on Mac OS X

- by user27150

I dumped a bunch of files (music and otherwise) onto my shiny new Macbook, and since I'm more comfortable with linux than Mac (at this point) I tend to use the terminal. I did a ls -al on the files I'd transfered, and some had an "@" at the end of the permissions string, and some did not. Something like: drwxrwxr--@ 93 user staff etc. drwxrwxr-- 107 user staff etc. The ones without "@" could be seen in Finder and accessed by other programs-- the "@" files and directories were invisible. Can anyone explain what the "@" means, and how to chmod (or whatever) so I can use these files? I assume it is some sort of system flag but I don't know how to unset it. Chmod 777 had no effect and I already own the files. Thanks

Read the article
XAMPP: Access Forbidden!

- by Yar

I just installed a fresh XAMPP on OSX. Apache runs and I can see the splash page. I open the httpd.conf and I set both places that point to htdocs to someplace else, which results in Apache showing an "Access Forbidden!" message. I plugged my directory here: <Directory "/Applications/XAMPP/xamppfiles/htdocs"> and here: DocumentRoot "/Applications/XAMPP/xamppfiles/htdocs" I have set the permissions to 777 for everything including the enclosing directory, but to no avail. Strangely, I just did this whole thing with MAMP and had no problems serving that directory, but it was slow.

Read the article
Trying to mount NFS share on Windows Machien at startup with Z: letter for all users

- by ScottC

Windows Server 2008 We are trying to mount a specific drive letter on a windows machine from a unix machine. We need the mount to be available to the server even if no users are logged in and to users who are logged in with If we run the command from the command prompt manually it conencts and we have access to the NFS share, and can open it and see and edit files. mount -o fileaccess=777 anon \\127.0.0.1\nav z: (ip address replaced with 127.0.0.1 for security reasons) However if we try to automate the task by making an entry in the task schedule for boot time, to execute the batch script, it adds a disconencted drive to the list in 'My Computer' but it is disconencted and when trying to access the drive an error is produced: Z: is not accessible The data area passed to a system call is too small.| Tried as administrator with highest privelidges, as SYSTEM (group) and as my user (adminstator level user) same results. Is there another way to do this? Most of the help I have found online suggest this way but it keeps failing.

Read the article
Folder Permissions Apache

- by user1671777

I have a site that will need to store file uploads by the user once logged in. Currently I have a folder with permissions opened up, (777), because that was the only way I could get mkdir() to work. When the user uploads a file, the application creates several directories based on the user, in this directory then eventually stores the file. Couple of questions: How do I setup the permissions on each of these folders and sub folders so that only logged in users to my site have access to them? Is this even possible? Is there a more secure way of storing .pdf, word docs, and text files?

Read the article
Python script won't write data when ran from cron

- by Ruud

When I run a python script in a terminal it runs as expected; downloads file and saves it in the desired spot. sudo python script.py I've added the python script to the root crontab, but then it runs as it is supposed to except it does not write the file. $ sudo crontab -l > * * * * * python /home/test/script.py >> /var/log/test.log 2>&1 Below is a simplified script that still has the problem: #!/usr/bin/python scheduleUrl = 'http://test.com/schedule.xml' schedule = '/var/test/schedule.xml' # Download url and save as filename def wget(url, filename): import urllib2 try: response = urllib2.urlopen(url) except Exception: import traceback logging.exception('generic exception: ' + traceback.format_exc()) else: print('writing:'+filename+';') output = open(filename,'wb') output.write(response.read()) output.close() # Download the schedule wget(scheduleUrl, schedule) I do get the message "writing:name of file;" inside the log, to which the cron entry outputs. But the actual file is nowhere to be found... The dir /var/test is chmodded to 777 and using whatever user, I am allowed to add and change files as I please.

Read the article
Error pushing to remote with git

- by pcm2a

I have a fresh Centos 6 server stood up and I have installed git version 1.7.1 through yum. I am using the smart http method through apache for access. When I try to push to the remote server this is what I get: $ git push origin master Password: Counting objects: 6, done. Compressing objects: 100% (3/3), done. Writing objects: 100% (6/6), 436 bytes, done. Total 6 (delta 0), reused 0 (delta 0) error: unpack failed: index-pack abnormal exit I have tried these things which made no difference: chown -R apache:apache /path/to/git/repository (httpd runs as apache) chown -R apache:users /path/to/git/repository chmod -R 777 /path/to/git/repository (obviously not secure but wanted to eliminate this being a file permission problem) What can I try to get pushing to work?

Read the article
How come my Apache can't read my media folder, but it can load the site? (static files don't work)

- by Alex

Alias /media/ /home/matt/repos/hello/media <Directory /home/matt/repos/hello/media> Options -Indexes Order deny,allow Allow from all </Directory> WSGIScriptAlias / /home/matt/repos/hello/wsgi/django.wsgi /media is my directory. When I go to mydomain.com/media/, it says 403 Forbidden. And, the rest of my site doesn't work because all static files are 404s. Why? The page loads. Just not the media folder. Edit: hello is my project folder. I have tried 777 all my permissions of that folder.

Read the article
How to prevent ssh git push to set file ownership?

- by e-satis

I have a remote bare git repository on an Ubuntu server, where the file are owned by the user my_project and the group my_project, with permissions set accordingly. All commiters are themself in the group my_project. When somebody commit then push from my Ubuntu laptop with the user my_user to the server via SSH, some files in the remote repository are created (updated?) so they now belong to the user and group my_user. Of course, when somebody else want to commit, he is now unable to do so because he doesn't have write permissions. I could set permission to 777 but it's not the best option. Is there any way I can solve this problem while keeping restricted write permissions.

Read the article
Apache Not Accepting a Path in My Home Folder

- by Promather

I have trying to set up an Apache site to use a folder in my home folder without any success. I exactly followed the steps in this page: https://help.ubuntu.com/community/ApacheMySQLPHP yet I did not succeed; I keep getting error 403, which says that the server doesn't have permission to access the requested page. I searched forums and many suggested changing the permission of the folder. I went straight away and set the permission to 777, but that didn't solve the problem. I made another search and somebody gave me a clue, which is that it could be because my home folder is encrypted. I believe this could be the problem, but: What is the relation between encryption and Apache? I suppose Apache server is requesting the file from the system, rather than trying to access the file bytes! Is there anyway to solve this problem? I don't want to move the folder to /var/www because I am using this Apache for testing, so I want whatever change I make to be immediately reflected, rather than having to copy files which is error prone.

Read the article
Symlink - Permission Denied

- by John Smith

I'm facing an interesting problem with plenty of Permission Denied outputs when using SymLinks Linux: Slackware 13.1 Directory with Symlink: root@Tower:/var/lib# ls -lah drwxr-xr-x 8 root root 0 2012-12-02 20:09 ./ drwxr-xr-x 15 root root 0 2012-12-01 21:06 ../ lrwxrwxrwx 1 ntop ntop 21 2012-12-02 20:09 ntop - /mnt/user/media/ntop6/ Symlinked Directory: root@Tower:/mnt/user/media# ls -lah drwxrwx--- 1 nobody users 1.4K 2012-12-02 19:28 ./ drwxrwx--- 1 nobody users 128 2012-11-18 16:06 ../ drwxrwxrwx 1 ntop ntop 320 2012-12-02 20:22 ntop6/ What I have done: I have used chown -h ntop:ntop on the ntop directory in /var/lib Just to be sure, I have chmod 777 to both directories Permission denied actions: root@Tower:/var/lib# sudo -u ntop mkdir /var/lib/ntop/test mkdir: cannot create directory `/var/lib/ntop/test': Permission denied Any ideas?

Read the article
Files listed by bash but unaccessible

- by Cerin

What would cause the following behavior on an Ubuntu 12.04 system? I've SSHed into a machine as the "ubuntu" user. Running ls -lah /data/* shows dozens of non-empty files (e.g. file1.txt, file2.txt, etc), all owned by the "ubuntu" user/group, and with full read/write access. If I try to cat /data/file1.txt, bash gives me the error "cat: /data/file1.txt: No such file or directory" In short, ls is listing files, but in every other way, the files essentially don't exist. I can't cat them or read them in any way. Even giving all the files 777 permission doesn't change anything. This is really bizarre. What's going on here?

Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17 | Next Page >