Search Results

Search found 4593 results on 184 pages for 'constructor injection'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 104/184 | < Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111  | Next Page >

  • Stored Procedure with ALTER TABLE

    - by psayre23
    I have a need to sync auto_increment fields between two tables in different databases on the same MySQL server. The hope was to create a stored procedure where the permissions of the admin would let the web user run ALTER TABLE [db1].[table] AUTO_INCREMENT = [num]; without giving it permissions (That just smells of SQL injection). My problem is I'm receiving errors when creating the store procedure. Is this something that is not allowed by MySQL? DROP PROCEDURE IF EXISTS sync_auto_increment; CREATE PROCEDURE set_auto_increment (tableName VARCHAR(64), inc INT) BEGIN ALTER TABLE tableName AUTO_INCREMENT = inc; END;

    Read the article

  • Learning SQL White hat Hacking

    - by user301751
    Well here goes a sligtly arwkward question, I have changed job roles from Network Admin to SQL Server DBA thus having to learn SQL server 2005. I am quite self motivated and have learned the basics of Transac and a little about Reporting services. The only thing is I need to set senarios as theres not much coming in at work in the way of SQL tasks. I have always kept my interest in networking by setting little "Hacking tasks", I have has a look at some crackme's but can find nothing to play with. I understand the SQL injection is some sort of SQL hack but found not much on the subject. I know my way of learning might be a bit different from others but it is all White Hat and keeps my interest. Thanks

    Read the article

  • What is the sense of permiting the user to use no passwords longer than xx chars?

    - by reox
    Its more like a usability question or maybe database, or even maybe security (consider injection attacks) but what is the sense of permiting the user's password to a be not longer than xx chars? It does not make any sense to me, because longer passwords are mostly considered better and even harder to crack, and some users use password safes, so the password length should not matter. I understand that passwords with more than 20 chars are hardly to remember, but if you use diceware or password safe you dont have any problem with that. I really cant understand why there are sites that say "your password need to be between 5 and 8 chars"... also should the password saved as hash, so the length of the field in the database is fixed, so where is the problem? i think that most of the sites where the password is has to be a fixed length are not even using any hashing method...

    Read the article

  • How can a hacker put a file on my server root (apache, php, 1and1)

    - by mike-sav
    Hi there, I have a site hosted on 1and1 and a couple of weeks ago I noticed a hacker had put a .php file on the server that when viewed in a browser exposed my DB schema, DB connection strings, FTP account (for file uploads using a form), etc, etc. Naturally I panicked and I wiped the server and reuploaded my files. Fortunatley I encrypt passwords using MD5 and I don't store things like credit card details, etc, etc. Now I checked my files and with all user input I use a clean function (htmlentities, sql_real_escape_string, etc, etc) that strips the input of any XSS or SQL injection. I have also made sure that the session key gets re-engineered when a user status changes (like they log into their account) to prevent session hijacking, my folder permissions are set to 755 and file permission are 644. Has anyone got any idea how this could have happened? Or if I'm missing something

    Read the article

  • Java Spring 3.0 MVC Annotation vs COC. Whats the preferred method in the Java community?

    - by Athens
    I am using Spring's MVC framework for an application I'm hosting on Google's App Engine. So far, my controllers are registered via the @Controller annotation; however, prior to getting into Spring, I evaluated ASP.net MVC 2 which requires no configuration and is based on convention. Is convention over configuration (COC) the current and preferred method in the Java community to implement MVC with Spring. Also, this may be a result of my limited knowledge so far but i noticed that i could only instantiate my Controllers the required constuctor injection if i use the COC method via the ControllerClassNameHandlerMapping. For instance the following controller bean config will fail if i use the defaultannotationhandlermapping. <bean id="c" class="com.domain.TestController"> <constructor-arg ref="service" /> </bean> <bean id="service" class="com.domain.Service" /> My com.domain.TestController controller works fine if i use ControllerClassNameHandlerMapping/COC but it results in an error when i use defaultannotationhandlermapping/Annotations.

    Read the article

  • Is php fileinfo sufficient to prevent upload of malicious files?

    - by Scarface
    Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.

    Read the article

  • .Net 4.0 Is There a Business Layer "Technology" ?

    - by Ronny
    Hi, I have a theoretical question about the .net framework. As I see it Microsoft gave us bunch of technologies for different layers. We have the ADO.NET and with the more improved Entity Framework for Data Access. And ASP.NET for WEB UI. And even WCF for Facade and SOA. But what in the middle, what do we have for the Business Layer? Is it just Referenced DLLs? How do we deal with the Application Pulling this days? I remember using COM+ 10 yeas ago because the IIS couldn't handle the pressure. Is Spring.Net is the best option available for injection? Thanks, Ronny

    Read the article

  • Why is the EntityManager in my GAE + Spring (+graniteds) project reset to null?

    - by prefabSOFT
    Hi all, I'm having a problem with autowiring my EntityManager. Actually at server startup I can see that the injection works ok, though when trying to use my EntityManager it appears to be null again. @Component public class DataDaoImpl { protected EntityManager entityManager; @Autowired public void setEntityManager(EntityManager entityManager) { System.out.println("Injecting "+entityManager); //works! this.entityManager = entityManager; } public void createData(String key, String value) { System.out.println("In createData entityManager is "+entityManager); //entityManager null!? ... Output: Injecting org.datanucleus.store.appengine.jpa.DatastoreEntityManager@a60d19 The server is running at http://localhost:8888/ In createData entityManager is null So somehow the autowired entityManager is reset to null when trying to use it. It's a graniteds powered project though I don't think this is graniteds related. Any ideas? Thanks a lot in advance, Jochen

    Read the article

  • performance of parameterized queries for different db's

    - by tuinstoel
    A lot of people know that it is important to use parameterized queries to prevent sql injection attacks. Parameterized queries are also much faster in sqlite and oracle when doing online transaction processing because the query optimizer doesn't have to reparse every parameterized sql statement before executing. I've seen sqlite becoming 3 times faster when you use parameterized queries, oracle can become 10 times faster when you use parameterized queries in some extreme cases with a lot of concurrency. How about other db's like mysql, ms sql, db2 and postgresql? Is there an equal difference in performance between parameterized queries and literal queries?

    Read the article

  • Sticky Footers that move down when dynamic content gets loaded

    - by Dominic Rodger
    I've been using this snippet of jQuery to get a sticky footer: if($(document.body).height() < $(window).height()){ $("#footer").css({position: "absolute",top:($(window).scrollTop()+$(window).height()-$("#footer").height())+"px", width: "100%"}); } $(window).scroll(positionFooter).resize(positionFooter); However, that breaks when I've got expandable/collapsible divs lying around where the original content was less high than the window, since it is then stuck to the bottom of the window, rather than the bottom of the document. Is there a way of fixing this, or a better way of doing it? Please bear in mind that I don't have much control over the HTML, since I need to do this in Django's admin interface, which doesn't allow much injection of HTML in the places you might want to to accomplish this sort of thing (i.e. this answer and this answer don't work for me).

    Read the article

  • PDO::ATTR_EMULATE_PREPARES => false

    - by user264058
    I'm new to php and PDO ,so i read this response to a similar post- Does PDO really not use prepared statements with mysql? Yes, by default (at least with version I tested) but native mode can be turned on manually. If not, can it be forced to do so By employing PDO::ATTR_EMULATE_PREPARES setting, the name is pretty self-explanatory. $dbh-setAttribute( PDO::ATTR_EMULATE_PREPARES, false ); should you do that? That's hardest question of them all. Well, I'd say - yes, you should. If you choose PDO as your db driver, there is no point in using it in the emulation mode. by YOUR COMMON SENSE Aren't prepared statements secure from SQL injection, why change if from 'true'-false?? what is native mode??

    Read the article

  • Why doesn't Microsoft release a 'proper' AJAX grid for ASP.Net

    - by Maxim Gershkovich
    Why doesn't Microsoft release a 'proper' AJAX grid for ASP.Net either as part of Visual Studio or the AJAX control toolkit? Has there been any discussion that anyone is aware of regarding this issue? Also does anyone have any open source suggestions for 'proper' AJAX gridviews? So far I have found one.... http://dotnetslackers.com/projects/AjaxDataControls/Default.aspx PS: By proper I mean a grid that actually uses XML responses rather than the nasty html javascript based injection that is the current nastyness of the gridview (EVEN IN VS 2010).

    Read the article

  • How Do I Search Between a Date Rang Using the ActiveRecord Model?

    - by Russ Bradberry
    I am new to both Ruby and ActiveRecord. I currently have a need to modify and existing piece of code to add a date range in the select. The current piece goes like this: ReportsThirdparty.find(:all, :conditions => {:site_id=>site_id, :campaign_id=>campaign_id, :size_id=>size_id}) Now, I need to add a range, but I am not sure how to do the BETWEEN or >= or <= operators. I guess what I need is something similar to: ReportsThirdparty.find(:all, :conditions => {:site_id=>site_id, :campaign_id=>campaign_id, :size_id=>size_id, :row_date=>"BETWEEN #{start_date} AND #{end_date}") Even if this did work, I know that using interpolation here would leave me subject to SQL injection attacks.

    Read the article

  • Ideas for building vulnerabilities into your site?

    - by Jaco Pretorius
    I'm trying to create a programming challenge that would require developers to hack into the MVC site I create. The idea is obviously to teach them about preventing these types of attacks. The current idea I have is to build multiple vulnerabilities into the site - but the second vulnerability would require the first to be completed, etc. So I was thinking the first could be a sql injection attack, the second would require a modified GET request, etc. Exploiting the final vulnerability would reveal a specific piece of information which is proof that you have completed the entire challenge. This will not be deployed on a public site - it's simply a learning tool for developers at my company. I'm not looking for MVC-specific vulnerabilities - I'm simply using MVC because it allows me to work with the 'raw' HTML. Any ideas on the different vulnerabilities I can use?

    Read the article

  • Scaling Java applications - existing cluster-aware IoC frameworks?

    - by Zoltan
    Most people use some kind of an IoC framework - Guice, Spring, you name it. Many of us need to scale their applications too, so they complicate their lifes with Terracotta, Glassfish/JBoss/insertyourfavouritehere clusters. But is it really the way to go? Are you using any of the above? Here's some ideas we currently have implemented in a yet-to-be-opensourced framework, and I'd like to see what you think of it, or maybe "it's a complete ripoff of XY!". cluster-wide object replication - give it a name, and whenever you do something (in any node) on such an object, it will get replicated - with different guarantees do transparent soft-loadbalancing - simplest scenario: restful webservice method call proxied to an other node view-only node injection: inject a proxy to a "named" object, and get your calls automatically proxied to a node Would you use something like that? Is there a current, stable, enterprise-ready implementation out there?

    Read the article

  • Passing parameters into ViewModels (Prism)

    - by vXtreme
    Hi I can't figure out how to pass parameters to my viewmodels from other views or viewmodels. For instance, I have a View called Customers. There is a grid inside, and if you double-click the grid, a new view is supposed to come up and allow you to edit that customer's data. But how will the View(Model) responsible for editing data know which customer it's supposed to open if I can't pass any parameters inside? EventAggregator is out of the question because I obviously can't create hundreds of eventargs, each for one view. And besides, it's a lousy solution. So far I was able to come up with: CustomerDataView custView = new CustomerDataView(customerId, currentContext); manager.Regions[RegionNames.Sidebar].AddAndActivate(custView); What do you think about this particular solution? Is this the way it's normally done? What I don't like about this is the fact that I lose out on automatic dependency injection by Unity.

    Read the article

  • Java Spring 3.0 MVC Annotation vs COC. Whats the prefered method in the Java community?

    - by Athens
    I am using Spring's MVC framework for an application I'm hosting on Google's App Engine. So far, my controllers are registered via the @Controller annotation; however, prior to getting into Spring, I evaluated ASP.net MVC 2 which requires no configuration and is based on convention. Is convention over configuration (COC) the current and preferred method in the Java community to implement MVC with Spring. Also, this may be a result of my limited knowledge so far but i noticed that i could only instantiate my Controllers the required constuctor injection if i use the COC method via the ControllerClassNameHandlerMapping. For instance the following controller bean config will fail if i use the defaultannotationhandlermapping. My com.domain.TestController controller works fine if i use ControllerClassNameHandlerMapping/COC but it results in an error when i use defaultannotationhandlermapping/Annotations.

    Read the article

  • Should I use Spring or Guice for a Tomcat/Wicket/Hibernate project?

    - by Trevor Allred
    I'm building a new web application that uses Linux, Apache, Tomcat, Wicket, JPA/Hibernate, and MySQL. My primary need is Dependency Injection, which both Spring and Guice can do well. I think I need transaction support that would come with Spring and JTA but I'm not sure. The site will probably have about 20 pages and I'm not expect huge traffic. Should I use Spring or Guice? Feel free to ask and followup questions and I'll do my best to update this.

    Read the article

  • Sending mail via sendmail from python

    - by Nate
    If I want to send mail not via SMTP, but rather via sendmail, is there a library for python that encapsulates this process? Better yet, is there a good library that abstracts the whole 'sendmail -versus- smtp' choice? I'll be running this script on a bunch of unix hosts, only some of which are listening on localhost:25; a few of these are part of embedded systems and can't be set up to accept SMTP. As part of Good Practice, I'd really like to have the library take care of header injection vulnerabilities itself -- so just dumping a string to popen('/usr/bin/sendmail', 'w') is a little closer to the metal than I'd like. If the answer is 'go write a library,' so be it ;-)

    Read the article

  • Spring & Hibernate EJB Events

    - by Miguel Ping
    Is it possible to define a spring-managed EJB3 hibernate listener? I have this definition in my persistence.xml: <properties> <property name="hibernate.ejb.interceptor" value="my.class.HibernateAuditInterceptor" /> <property name="hibernate.ejb.event.post-update" value="my.class.HibernateAuditTrailEventListener" /> </properties> But I would like to manage HibernateAuditInterceptor and HibernateAuditTrailEventListener with spring, so I can do some bean injection (ex: session-scoped bean) within these classes. Is this possible?

    Read the article

  • MVC 2 Beta DefaultControllerFactory with Areas

    - by stoto
    Why default factory WON'T return full name of the controllers (with namespaces)? I'm using Service Locator and autofac. using System.Web.Mvc; using Microsoft.Practices.ServiceLocation; namespace Application.Core.MVC { public override IController CreateController(System.Web.Routing.RequestContext requestContext, string **controllerName**) { return ServiceLocator.Current.GetInstance<IController>(controllerName); } } I had two home controllers (one under area Blog) http://localhost/Home http://localhost/Blog/Home controllerName return only "Home" without full qualified name for both in above code. This creates a problem when I try to regiser controllers' names for dependency injection. Here is how I register controllers right now according to this situation. Even this brings up the pages without exception. But When I access http://localhost/Home, both controllers invoked regardlessly. foreach (var tp in currentAssemblyControllersTypes) builder.Register(tp).FactoryScoped().Named(tp.Name.Replace("Controller", "")); Anyone can help?Thanks.

    Read the article

  • For what programs are Objective C and Ruby ideal on the Mac?

    - by Kurt
    Hi, as a Mac outsider it seems that two popular programming languages on the Mac appear to be Objective C and Ruby. From what I understand the main API Cocoa seems to be written in and optimized for Objective C, but it is also possible to use Ruby for that. Are there different areas where each language is ideal, for example, I could imagine Objective C could be ideal for a GUI layer, or standalone desktop app, and Ruby could be good for web services etc. What about classic business logic, or data access layers? What language would be a good choice for a library of services for example? Can we write a library in one language and link to it from a main program written in the other language? If I wanted to write a layered enterprise application using domain driven design and dependency injection which languages could support each concerns? Are things like DDD and DI common amongst Mac devs? Just a curious outsider.

    Read the article

  • Html encoding in MVC input

    - by fearofawhackplanet
    I'm working through NerdDinner and I'm a bit confused about the following section... First they've added a form for creating a new dinner, with a bunch of textboxes delcared like: <%= Html.TextArea("Description") %> They then show two ways of binding form input to the model: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create() { Dinner dinner = new Dinner(); UpdateModel(dinner); ... } or: [AcceptVerbs(HttpVerbs.Post)] public ActionResult Create(Dinner dinner) { ... } Ok, great, that all looks really easy so far. Then a bit later on they say: It is important to always be paranoid about security when accepting any user input, and this is also true when binding objects to form input. You should be careful to always HTML encode any user-entered values to avoid HTML and JavaScript injection attacks Huh? MVC is managing the data binding for us. Where/how are you supposed to do the HTML encoding?

    Read the article

  • <jaxrs:client> not getting autowired

    - by himangshu
    I am trying to build a restful client using jaxrs:client as defined in http://svn.apache.org/repos/asf/cxf/trunk/systests/jaxrs/src/test/resources/jaxrs_soap_rest/WEB-INF/beans.xml In my test class I am getting org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'com.abc.service.ExportServiceTest': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.bankbazaar.service.ExportService com.abc.service.ExportServiceTest.exportClient; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No matching bean of type [com.abc.service.ExportService] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true), @org.springframework.beans.factory.annotation.Qualifier(value=exportClient)} this is my spring config However exportClient=(ExportService)applicationContext.getBean("exportClient"); this works. Thanks Himangshu

    Read the article

  • sp_executesql with 'IN' statement

    - by user300992
    I am trying to use sp_executesql to prevent SQL injection in SQL 2005, I have a simple query like this: SELECT * from table WHERE RegionCode in ('X101', 'B202') However, when I use sp_executesql to execute the following, it doesn't return anything. Set @Cmd = N'SELECT * FROM table WHERE RegionCode in (@P1)' SET @ParamDefinition = N'@P1 varchar(100)'; DECLARE @Code as nvarchar(100); SET @Code = 'X101,B202' EXECUTE sp_executesql @Cmd, @ParamDefinition, @P1 = @Code The is what I have tested: SET @Code = 'X101' <-- This works, it returns a single region SET @Code = 'X101,B202' <--- Returns nothing SET @Code = '''X101'',''B202''' <-- Returns nothing Please help.... what did I do wrong?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111  | Next Page >