Search Results

Search found 28186 results on 1128 pages for 'site master'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 100/1128 | < Previous Page | 96 97 98 99 100 101 102 103 104 105 106 107  | Next Page >

  • CSRF (Cross-site request forgery) attack example and prevention in PHP

    - by Saif Bechan
    I have an website where people can place a vote like this: http://mysite.com/vote/25 This will place a vote on item 25. I want to only make this available for registered users, and only if they want to do this. Now I know when someone is busy on the website, and someone gives them a link like this: http://mysite.com/vote/30 then the vote will be places for him on the item without him wanting to do this. I have read the explanation on the OWASP website, but i don't really understand it Is this an example of CSFR, and how can I prevent this. The best thing i can think off is adding something to the link like a hash. But this will be quite irritating to put something on the end of all the links. Is there no other way of doing this. Another thing can someone maybe give me some other example of this, because the website seems fairly fugue to me.

    Read the article

  • Drupal vs ExpressionEngine for any kind of project from simple commercial site to complex ecommerce

    - by artmania
    Hi friends... So far I've been using custom cms. lately I developed own cms with CodeIgniter, and I'm actually happy. But recently I take more design and front-end development works than deep development projects. I actually also prefer so... I have many things to do with custom cms, also some security issues, etc. I'm kind of tired of doing everyhing custom, also I want to give more time to my family... Recently I'm seriously considering to go for a ready cms, and develop custom plugins when project need sth specific. This cms should be very flexible to implement any layout. also secured (since i had some hack problems with my custom cms!) I googled so much about this. As a result 2 options: Drupal Expression Engine opensource or licensed matter is not an issue for me at all. I just consider to go for a cms that I can use for any kind of project from simple 4-5 pages company sites to complicated projects like hotels directory, ecommerce portals, etc... As I found out; EE is more userfriendly and doesnt hassle about implementing custom layout as much as Drupal does. Also EE use CodeIgniter that I'm familiar. on the other hand I found out that Drupal is 10000% flexible, we can do anything with that (requires good php knowledge), extremely powerful and has many plugins... So I can't decide!! I want to go for a cms that I will use for looooong years from now on with no problems to implement any kind of project. So which one do you recommend? Appreciate your helps! thanks a lot... Edited: http://expressionengine.com/ee2_sneak_preview/#cost this Commercial License $299.95 is for 1 setup? So I need to purchase new licence for each project? Nothing like I pay once, and use the cms for as many project as I want?

    Read the article

  • Rails: Open HTTP URL From HTTPS site

    - by Imran
    I have a rails application running on SSL. I also have setup Piwik (for analytics) and it is running non-secure i.e. HTTP. When I try to make a call to Piwik API from my ruby code (the application running on SSL) it gives me the following error: SocketError (getaddrinfo: Name or service not known): /usr/lib/ruby/1.8/net/http.rb:560:in initialize' /usr/lib/ruby/1.8/net/http.rb:560:inopen' /usr/lib/ruby/1.8/net/http.rb:560:in connect' /usr/lib/ruby/1.8/timeout.rb:53:intimeout' /usr/lib/ruby/1.8/timeout.rb:93:in timeout' /usr/lib/ruby/1.8/net/http.rb:560:inconnect' /usr/lib/ruby/1.8/net/http.rb:553:in do_start' /usr/lib/ruby/1.8/net/http.rb:542:instart' /usr/lib/ruby/1.8/net/http.rb:379:in get_response' app/controllers/piwik_charts_controller.rb:195:inmake_graph' It works perfect when I make call from an application running on HTTP. Please advise. Thanks, Imran

    Read the article

  • Site Security/Access management for asp.net mvc application

    - by minal
    I am trying to find a good pattern to use for user access validation. Basically on a webforms application I had a framework which used user roles to define access, ie, users were assigned into roles, and "pages" were granted access to a page. I had a table in the database with all the pages listed in it. Pages could have child pages that got their access inherited from the parent. When defining access, I assigned the roles access to the pages. Users in the role then had access to the pages. It is fairly simple to manage as well. The way I implemented this was on a base class that every page inherited. On pageload/init I would check the page url and validate access and act appropriately. However I am now working on a MVC application and need to implement something similar, however I can't find a good way to make my previous solution work. Purely because I don't have static pages as url paths. Also I am not sure how best to approach this as I now have controllers rather then aspx pages. I have looked at the MVCSitemapprovider, but that does not work off a database, it needs a sitemap file. I need control of changing user persmissions on the fly. Any thoughts/suggestions/pointers would be greatly appreciated.

    Read the article

  • IE6 Hacks: Getting jQuery tools expose to work properly on my site

    - by Wild Thing
    Hi, I am trying to get the jQuery tools 'expose' function to work properly in IE6. The page is http://204.51.246.10:12123/ You will need IE6 to reproduce the bug (obviously :)). If you click 'Sign In' on the top-right corner (below the 'Join Today!' button), you will notice that the sign in panel (fieldset#login-controls) is getting covered by the background of its parent element (.signinPanel), which is very weird. It is not on the top of z-index, and I can't figure out why. Please note that in order to get fieldset#login-controls positioned correctly, I have applied the following hack for IE6: $("#header, #header div, #header table, #header td, #header tr").css("position", "static"); $("fieldset#login-controls *").css("position", "static"); This might be the reason for the above. I am pretty lost at this point, as I can't figure what's going on - any advise would be appreciated. Cheers, Wild Thing

    Read the article

  • PHP Site Deployment Suggestion

    - by TheOnly92
    I'm currently quite troubled by the way of deployment my team is adopting... It's very old-fashioned and I know it doesn't work very well. But I don't exactly know how to change it, so please give some suggestions about it... Here is our current setup: 2 webservers 1 database server 1 test server Current deployment adaptation 1. We develop and work on the test server, every changes is uploaded manually to the test server. 2. When a change or feature is complete, we then commit the changes to SVN repository. 3. After committing the changes, we then upload our changes to the first webserver, where there will be a cronjob running every minute to sync the files between the servers. Something very annoying is, whenever we upload a file just as the syncing job starts, the file that is sync-ed will appear corrupted, since it is only half-uploaded. Another thing is whenever there is a deployment fault, it will be extremely difficult to revert. These are basically the problem I'm facing, what should I do?

    Read the article

  • Wordpress hacked. Disabled hacked site but bad traffic continues [closed]

    - by tetranz
    Possible Duplicate: My server's been hacked EMERGENCY My Ubuntu 10.04 LTS VPS has been hacked, probably via a WordPress site. I was alerted to it when I noticed the incoming traffic was unusually high. A WordPress site was littered with eval(base64_decode(...)) code in lots of files. My fault, I had some files writeable by www-data which shouldn't have been. I've disabled that site (a2dissite ... and restart Apache). This has reduced it but I am still getting some malware type traffic. My server runs several WordPress and Drupal sites and a home grown PHP site. I have captured traffic with tcpdump and looked at it Wireshark. It's reaching out to the login page of some Joomla sites, trying multiple logins. The traffic stops when I stop Apache. If I a2dissite every site and reload (not restart) Apache the traffic continues. At that point I have no virtual hosts running and no DocumentRoot in my apache2.conf so I don't know how Apache is still running something. I have searched the other sites with grep for likely looking php code with no success. I may have missed it but I haven't found anything suspicious in the Apache logs. I have mod-status running. I haven't really seen anything much there except that someone is still trying to do a POST to the theme page on the disabled WordPress site but they now get a 404. What should I be looking for? Are there any tools or whatever which would give me more info about how Apache is generating that traffic? Thanks

    Read the article

  • Access control for cross site requests in Internet Explorer

    - by Aleksandar
    I am trying to make an AJAX call from several domains to a single one which will handle the request. Enabling Cross domain in Firefox and Chrome was easy by setting the header on the handling server: header("Access-Control-Allow-Origin: *"); But this doesn't help enabling it in Internet Explorer. When I try: httpreq.send(''); it stops with error Access denied. How can this be enabled in Internet Explorer?

    Read the article

  • Database Design for multiple users site

    - by jl
    Hi, I am required to work on a php project that requires the database to cater to multiple users. Generally, the idea is similar to what they have for carbonmade or basecamp, or even wordpress mu. They cater to multiple users, whom are also owners of their accounts. And if they were to cancel/terminate their account, anything on the pages/database would be removed. I am not quite sure how should I design the database? Should it be: separate tables for individual user account separate databases for individual user account or otherwise? Kindly advise me for the best approach to this issue. Thank you very much.

    Read the article

  • Problem creating site using Microsoft Visual Web Developer Express 2008

    - by Peter
    Hi, this is a very newbie question, sorry! I need to create an aspx website based con C# and am calling some webservices based on some DLL's I already have. Beforem purchasing Visual Studio, I decided to try Microsoft Visual Web Developer Express (is this ok?) creating a Web Application ASP.NET based on Visual C#. I created the form to enter the data which is submitted when clicking the process button. At this point I need to call stuff from the DLL, which I have added in the Solution Explorer via Add Reference, selecting the DLL from the COM list. But whenever I run the project, I always get the error "the type or namespace xxx cannot be found - maybe a using directive or assembler directive is missing" when trying to create the object. What is my stupid mistake? Thanks!

    Read the article

  • MSDN Subscription Site Down?

    - by Vaccano
    I am not sure that this is an SO worthy question. (At least it is not like ones I normally ask.) But I can't get my MSDN Subscription to work any more. Is anyone else having this issue? When I log in and select "My Account" I get this: and when I try to download I get this: I have asked other developers that I know and it is broken for them too. But before I go digging into this, it would be nice to know if this is a me/us issue or an everyone issue. Also, if I am breaking the rules by posting this here let me know and I will delete it. Thanks.

    Read the article

  • Architecture of an image hosting site

    - by kamziro
    I'm sure many here are aware of image hosting sites, like imgur, min.us, photobucket etc. Not that I want to develop one, but besides just uploading the file, organising it in some directory somewhere, what architectural considerations are involved in these sites? Especially when there's millions of page views a day (like imgur, I'd imagine) I'm curious about this because it seems that a lot of sites (say, dating websites etc) would be pretty image intensive. Even if it's not for millions of page views, what are some basic architectural requirements of efficient image deliveries online?

    Read the article

  • What are the best practices for avoid xss attacks in a PHP site

    - by rikh
    I have PHP configured so that magic quotes are on and register globals are off. I do my best to always call htmlentities() for anything I am outputing that is derived from user input. I also occasionally seach my database for common things used in xss attached such as... <script What else should I be doing and how can I make sure that the things I am trying to do are always done.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 96 97 98 99 100 101 102 103 104 105 106 107  | Next Page >