Search Results

Search found 120608 results on 4825 pages for 'code access security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 106/4825 | < Previous Page | 102 103 104 105 106 107 108 109 110 111 112 113  | Next Page >

  • What type of security problems are mitigated by this .NET architecture?

    - by Jonno
    Given the following physical layout for a .NET web application: DB (sql server, windows) - No public route (no table access, only stored procs) Web Service DAL (iis, windows) - No public route (can be accessed by web server via port 80 and 443) Web Server (iis, windows) - Public route (only via port 80 and 443) What type(s) / examples of attack could be used to compromise the public web server but would be blocked by the Web Service DAL? i.e. can you think of concrete attack types that the DAL stops? Please note, I am interested only in the security aspect, not scaling / fault tolerance / performance / etc. In my mind if the web server has been compromised using an attack over port 80/443, then the same attack would work over port 80/443 to the Web Service DAL box.

    Read the article

  • Debugging unmanaged code while debugging managed code

    - by sc_ray
    Hi, The .NET 3.5 application I am working on consists of bunch of different solutions. Some of these solutions consist of managed code(C#) and others have unmanaged code(C++). Methods written in C# communicate with the ones written in C++. I am trying to trace the dependencies between these various functions and I thought setting breakpoints on the solution consisting my C++ functions. One of the C# solutions have the startup project. I run this solution in debug mode with the expectation that the breakpoints in my unmanaged code will be hit but nothing really happens. Can somebody guide me through the process of debugging mixed applications such as these using the Visual Studio IDE? Thanks

    Read the article

  • How to write Tetris in Scala? (code review)

    - by eed3si9n
    Today's the 25th birthday of Tetris. I believe writing Tetris clone is one of the best ways to familiarize oneself to a new language or a platform. It's not completely trivial and it lends itself well to learning language specific constructs like iterators and closures. I've been hearing about Scala, and finally decided to read some docs and write a Tetris clone. So, this is my first Scala code. I did try to use functional constructs, but am sure there are lots of things I can improve to do it more Scala way. Please give me suggestions using comment. Also other submissions of Tetris clone in Scala are welcome too. I'm aware that the actual question itself is somewhat subjective, but I think this is of some value since others can use this as example (or anti-example) code. Edit: Let me rephrase the question. What can I do to make the code more Scala-ish?

    Read the article

  • Cannot run code on device

    - by lostInTransit
    Hi I have some source code which I had developed and later gave to another team. They signed it with their certificate and provisioning profile. Now I have the code back and have set the appropriate values in the project properties for code signing identity (with my cert and profile). But when I run the application on a device, I get an error showing the other team's certificate and prompting that the provisioning profile does not exist. I don't know where it is being referenced. Can someone please help. Thanks.

    Read the article

  • Code reviews for larger MVC.NET team using TFS

    - by Parrots
    I'm trying to find a good code review workflow for my team. Most questions similar to this on SO revolve around using shelved changes for the review, however I'm curious about how this works for people with larger teams. We usually have 2-3 people working a story (UI person, Domain/Repository person, sometimes DB person). I've recommended the shelf idea but we're all concerned about how to manage that with multiple people working the same feature. How could you share a shelf between multiple programmers at that point? We worry it would be clunky and we might easily have unintended consequences moving to this workflow. Of course moving to shelfs for each feature avoids having 10 or so checkins per feature (as developers need to share code) making seeing the diffs at code review time painful. Has anyone else been able to successfully deal with this? Are there any tools out there people have found useful aside from shelfs in TFS (preferably open-source)?

    Read the article

  • in TFS can we customize the merge algorithm (conflict resolution)

    - by Jennifer Zouak
    In our case we want to igonore changes in code comment headers for generated code. In Visual Studio, we can change the merge tool (GUI that pops up) and use a 3rd party tool that is able to be customized to ignore changes (http://msdn.microsoft.com/en-us/library/ms181446.aspx). Great, so a file comparison no longer highlights code comments as differences. However when it comes time to checkin, the TFS merge algorith is still prompting us to resolve conflicts. Is there any way to better inform the merge conflict resolution algorithm about which changes are actually important to us? Or can we replace the algorithm or otherwise have it subcontract its work to a 3rd party?

    Read the article

  • Running NUnit tests in Visual Studio 2010 with code coverage

    - by adrianbanks
    We have recently upgraded from Visual Studio 2008 to Visual Studio 2010. As part of our code base, we have a very large set of NUnit tests. We would like to be able to run these unit tests within Visual Studio, but with code coverage enabled. We have ReSharper, so can run the tests within Visual Studio, but it does not allow the code coverage tool to do its thing and generate the coverage statistics. Is there any way to make this work, or will we have to convert the tests over to MSTest?

    Read the article

  • Funniest code names for software projects

    - by furtelwart
    Developers are creative. Not as they create wonderfull GUIs or proof their sense for art with good color combinations, but with code names. Every project has a code name, sometimes official, sometimes private (with a good reason!). Here are my favourites: Android: 1.6 = Donut 2.0 = Eclaire (picture of Google's eclaire) grml (Live distribution based on Debian GNU/Linux, comes from Austria therefore in German) Hustenstopper (cough stopper) Eierspass (egg fun) Meilenschwein (mile pig, it's a pun with milestone) Lackdose-Allergie (lacquer can allergy, it's a pun with lactose allergy) Hello-Wien (pun with Halloween, Wien being German for Vienna) I really like to see the funniest code names you ever heard of. Aren't there any more funny project names?

    Read the article

  • Typical practice for redistributing third party source code with your source code

    - by bglenn
    I'm releasing an application I wrote as an open-source project by creating a public source-code repository. I use a third-party library which is also open-source and freely redistributable. I'm not versioning the third-party library, but should I include it in my repository for the convenience of those cloning the repository or should I expect them to download the third-party library on their own? To be clear, I'm not asking if I should version the third-party code or if I can redistribute it, but whether it is standard practice to include third-party source code as a convenience.

    Read the article

  • How to detect code duplication during development ?

    - by David Dibben
    We have a fairly large code base, 400K LOC of C++, and code duplication is something of a problem. Are there any tools which can effectively detect duplicated blocks of code? Ideally this would be something that developers could use during development rather than just run occasionally to see where the problems are. It would also be nice if we could integrate such a tool with CruiseControl to give a report after each check in. I had a look at Duploc some time ago, it showed a nice graph but requires a smalltalk environment to use it, which makes running it automatically rather difficult. Free tools would be nice, but if there are some good commercial tools I would also be interested.

    Read the article

  • Obtaining C++ Code Coverage

    - by anon
    I'm on Linux. My code is written in C++. My program is non-interactive; it runs as "./prog input-file", processes the file, and exits. I have various unit tests "input-file0, input-file1, input-file2, ..." For designing new unit tests, I want to know what lines of code existing tests do not cover. Question: Given that I control how "prog" is compiled/run; how can I get list of the lines of code that "./prog input-file" does not hit? Thanks!

    Read the article

  • Useful Eclipse Java Code Templates

    - by Jon
    You can create various Java code templates in Eclipse via the Window->Preferences->Java -> Editor -> Templates e.g. sysout is expanded to: System.out.println(${word_selection}${});${cursor} You can activate this by typing sysout followed by CTRL+SPACE What useful Java code templates do you currently use? Include the name and description of it and why it's awesome. There's an open bounty on this for an original/novel use of a template rather than a built-in existing feature. Create Log4J logger Get swt color from display Syncexec - Eclipse Framework Singleton Pattern/Enum Singleton Generation Readfile Const Traceout Format String Comment Code Review String format Try Finally Lock Message Format i18n and log Equalsbuilder Hashcodebuilder Spring Object Injection Create FileOutputStream

    Read the article

  • How Should I Print Documentation from Google Code?

    - by peter.newhook
    Google does a decent job of documenting their API (like Closure http://code.google.com/closure/compiler/docs/overview.html) but I find it hard to read because it's broken into such short pages. I like to leaf through my docs and read it on paper. Has anyone found a good way to print from the documentation on Google Code. It could be a PDF, or even just a long page with lots of content. Please note, I'm not talking about the Wikis in the Open Source side of Google Code. I'm referring to the API docs published by Google.

    Read the article

  • gcc-4.2 failed with exit code 1 iphone

    - by SKayser
    Hi, I've seen this error with different variations on discussion forums but being a non programmer I'm not sure how to progress this. Basically I have code which I found to help me with changing the background colors of cells on a grouped uitableview. The code introduced a line as such: CGContextAddArcToPoint(c, minx, miny, midx, miny, ROUND_SIZE); This gave an error indicated that it wasn't declared, so I added to my .h file the following under import uikit: #import <UIKit/UIKit.h> #define ROUND_SIZE 10 Now it shows that I have an error: Command/Developer/Platforms/iPhoneSimulator.platform/Developer/usr/bin/gcc-4.2 failed with exit code 1 iphone Some discussions talk about libraries but because I don't have a programming background I don't understand what to do. I also see that some people show a log output but I'm not sure where that comes from as I don't get any debug windows because I'm guessing it doesn't get that far. I simply click 'Build and Go' and I get this error in the Message window. Any thoughts?

    Read the article

  • Oracle Key Vault - Hardware Security Modul für TDE und mehr

    - by Heinz-Wilhelm Fabry (DBA Community)
    Anfang August hat Oracle ein neues Produkt namens Oracle Key Vault (OKV) zum Einsatz freigegeben. Es handelt sich dabei um ein Hardware Security Modul (HSM) - also um ein Stück Hardware zum Speichern von Schlüsseln, Passwörtern und Dateien, die Schlüssel und Passwörter enthalten. Oracle Datenbank Installationen nutzen die zuletzt genannte Form des Speicherns von Passwörtern und Schlüsseln in Dateien für Oracle Advanced Security Transparent Data Encryption (TDE) und external password stores. Die Dateien werden in den Versionen 10 und 11 der Datenbank als Wallets bezeichnet, in der Version 12 als Keystores. Allerdings gibt es auch schon seit der Datenbankversion 11.2 beim Einsatz von TDE die Möglichkeit, statt der Wallets / Keystores HSMs einzusetzen. Da Oracle selbst kein eigenes HSM Produkt anbieten konnte, haben Unternehmenskunden dann auf Produkte anderer Anbieter zurückgegriffen. Das kann sich mit OKV nun ändern. Abhängig vom Bedrohungsszenario kann die Entscheidung gegen den Einsatz von Wallets / Keystores und für den Einsatz eines HSMs durchaus sinnvoll sein, denn ein HSM bietet mehr Sicherheit: Eine Betriebssystemdatei kann leichter gestohlen (kopiert) werden, als ein HSM, das in der Regel als speziell gesicherte Steckkarte in einem Rechner eingebaut ist oder als eigenes Gerät geschützt in einem Rechenzentrum steht. ein HSM kann anders als ein Wallet / Keystore systemübergreifend verwendet werden. Das erlaubt eine gemeinsame Nutzung von Schlüsseln - was wiederum zum Beispiel den Einsatz von TDE auf RAC Installationen perfekt unterstützt. ein HSM kann von mehreren Anwendungen genutzt werden. Das erleichtert das Konsolidieren und Verwalten von Passwörtern und Schlüsseln. Im aktuellen Tipp wird als Einführung in das neue Produkt dargestellt, wie OKV für TDE genutzt werden kann.

    Read the article

  • MVP Pattern Philsophical Question - Security Checking in UI

    - by Brian
    Hello, I have a philosophical question about the MVP pattern: I have a component that checks whether a user has access to a certain privilege. This privilege turns on or off certain UI features. For instance, suppose you have a UI grid, and for each row that gets bound, I do a security check to see if certain features in the grid should be enabled or disabled. There are two ways to do this: have the UI/view call the component's method, determine if it has access, and enable/disable or show/hide. The other is have the view fire an event to the presenter, have the presenter do the check and return the access back down to the view through the model or through the event arg. As per the MVP pattern, which component should security checks fit into, the presenter or the view? Since the view is using it to determine its accessibility, it seems more fitting in the view, but it is doing database checks and all inside this business component, and there is business logic there, so I can see the reverse argument too. Thoughts? Thanks.

    Read the article

  • Fuzzing for Security

    - by Sylvain Duloutre
    Yesterday, I attended an internal workshop about ethical hacking. Hacking skills like fuzzing can be used to quantitatively assess and measure security threats in software.  Fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by injecting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. If the program contains a vulnerability that can leads to an exception, crash or server error (in the case of web apps), it can be determined that a vulnerability has been discovered.A fuzzer is a program that generates and injects random (and in general faulty) input to an application. Its main purpose is to make things easier and automated.There are typically two methods for producing fuzz data that is sent to a target, Generation or Mutation. Generational fuzzers are capable of building the data being sent based on a data model provided by the fuzzer creator. Sometimes this is simple and dumb as sending random bytes, swapping bytes or much smarter by knowing good values and combining them in interesting ways.Mutation on the other hand starts out with a known good "template" which is then modified. However, nothing that is not present in the "template" or "seed" will be produced.Generally fuzzers are good at finding buffer overflow, DoS, SQL Injection, Format String bugs etc. They do a poor job at finding vulnerabilites related to information disclosure, encryption flaws and any other vulnerability that does not cause the program to crash.  Fuzzing is simple and offers a high benefit-to-cost ratio but does not replace other proven testing techniques.What is your computer doing over the week-end ?

    Read the article

  • Encrypt php code

    - by riad
    Hi all, I create a software using php. Now need to sale this software .So, I need to encrypt my code that nobody can view my source code. can anybody help me to do: 1. Encrypt my PHP code but software functioning will remaining same. 2. Also I need to bind the software for a particular authorized pc & it will not run any other pc except my authentication. How can I do that? encrypt using LAN MAC address? or any other idea? pls help!

    Read the article

  • Top 25 security issues for developers of web sites

    - by BizTalk Visionary
    Sourced from: CWE This is a brief listing of the Top 25 items, using the general ranking. NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile. Rank Score ID Name [1] 346 CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') [2] 330 CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') [3] 273 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') [4] 261 CWE-352 Cross-Site Request Forgery (CSRF) [5] 219 CWE-285 Improper Access Control (Authorization) [6] 202 CWE-807 Reliance on Untrusted Inputs in a Security Decision [7] 197 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [8] 194 CWE-434 Unrestricted Upload of File with Dangerous Type [9] 188 CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') [10] 188 CWE-311 Missing Encryption of Sensitive Data [11] 176 CWE-798 Use of Hard-coded Credentials [12] 158 CWE-805 Buffer Access with Incorrect Length Value [13] 157 CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') [14] 156 CWE-129 Improper Validation of Array Index [15] 155 CWE-754 Improper Check for Unusual or Exceptional Conditions [16] 154 CWE-209 Information Exposure Through an Error Message [17] 154 CWE-190 Integer Overflow or Wraparound [18] 153 CWE-131 Incorrect Calculation of Buffer Size [19] 147 CWE-306 Missing Authentication for Critical Function [20] 146 CWE-494 Download of Code Without Integrity Check [21] 145 CWE-732 Incorrect Permission Assignment for Critical Resource [22] 145 CWE-770 Allocation of Resources Without Limits or Throttling [23] 142 CWE-601 URL Redirection to Untrusted Site ('Open Redirect') [24] 141 CWE-327 Use of a Broken or Risky Cryptographic Algorithm [25] 138 CWE-362 Race Condition Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.

    Read the article

  • How to make prevent public key inside jar to be saved using Java code

    - by Abhijith V R
    After signing a jar , we can retrieve the public keys from jar using Certificate[] cert = jarentry.getCertificates(); Once certificate is extracted we can save this to a new keystore as trusted cert. Once this is done , then second user can sign any jar using this certificate , isn't ? I want to distribute content as jars , contents will contain properties files for a application init. I want to make sure that an user is not capable to rebuilding the property files using the certificate he extracted from jarentry. In the code which reads the jar contents i am checking that jar is signed with my certificate only and also checking that jar is not tampered with . But the issue came to my mind that if i am able to extract the cerificate from jar then why don;t a third guy ? Can any one help me in this............

    Read the article

  • Code Golf: Phone Number to Words

    - by Nick Hodges
    Guidelines for code-golf on SO We've all seen phone numbers that are put into words: 1-800-BUY-MORE, etc. What is the shortest amount of code you can write that will produce all the possible combinations of words for a 7 digit US phone number. Input will be a seven digit integer (or string, if that is simpler), and assume that the input is properly formed. Output will be a list of seven character strings that For instance, the number 428-5246 would produce GATJAGM GATJAGN GATJAGO GATJAHM GATJAHN GATJAHO and so on..... Winning criteria will be code from any language with the fewest characters that produce every possible letter combination. Additional Notes: To make it more interesting, words can be formed only by using the letters on a North American Classic Key Pad phone with three letters per number as defined here.That means that Z and Q are excluded. For the number '1', put a space. For the number '0', put a hyphen '-' Bonus points awarded for recognizing output as real English words. Okay, not really. ;-)

    Read the article

  • What's wrong with my code? (pdcurses/getmaxyx)

    - by flarn2006
    It gives me an access violation on the getmaxyx line (second line in the main function) and also gives me these two warnings: LINK : warning LNK4049: locally defined symbol "_stdscr" imported LINK : warning LNK4049: locally defined symbol "_SP" imported Yes, it's the same code as in another question I asked, it's just that I'm making it more clear. And yes, I have written programs with pdcurses before with no problems. #include <time.h> #include <curses.h> #include "Ball.h" #include "Paddle.h" #include "config.h" int main(int argc, char *argv[]) { int maxY, maxX; getmaxyx(stdscr, maxY, maxX); Paddle *paddleLeft = new Paddle(0, KEY_L_UP, KEY_L_DOWN); Paddle *paddleRight = new Paddle(maxX, KEY_R_UP, KEY_R_DOWN); Ball *ball = new Ball(paddleLeft, paddleRight); int key = 0; initscr(); cbreak(); noecho(); curs_set(0); while (key != KEY_QUIT) { key = getch(); paddleLeft->OnKeyPress(key); paddleRight->OnKeyPress(key); } endwin(); return 0; }

    Read the article

  • Code Analysis Error: Declare types in namespaces

    - by George
    Is VS2010, I analyzed my code and got this error: Warning 64 CA1050 : Microsoft.Design : 'ApplicationVariables' should be declared inside a namespace. C:\My\Code\BESI\BESI\App_Code\ApplicationVariables.vb 10 C:\...\BESI\ Here is some reference info on the error. Essentially, I tried to create a class to be used to access data in the Application object in a typed way. The warning message said unless I put my (ApplicationVariables) class in a Namespace, that I wouldn't be able to use it. But I am using it, so what gives? Also, here is a link to another StackOverflow article that talks about how to disable this warning in VS2008, but how would you disable it for 2010? There is no GlobalSuppressions.vb file for VS2010. Here is the code it is complaining a bout: Public Class ApplicationVariables 'Shared Sub New() 'End Sub 'New Public Shared Property PaymentMethods() As PaymentMethods Get Return CType(HttpContext.Current.Application.Item("PaymentMethods"), PaymentMethods) End Get Set(ByVal value As PaymentMethods) HttpContext.Current.Application.Item("PaymentMethods") = value End Set End Property 'Etc, Etc... End Class

    Read the article

  • More Code Assist in Eclipse PDT For HTML

    - by Mike
    I am trying to come over from dreamweaver to eclipse. In eclipse when I am in a php file writing html. If I just type a "<" then the code assist popup will come up with all the options I can choose from. I would like to know if the code assist can appear in more places though. If I type "<div" and hit space can I get another code assist popup? If so, how?

    Read the article

  • Generating code for service proxies

    - by Hadi Eskandari
    I'm trying to generate some additional code base on the auto-generated webservice proxies in my VS2010 solution, I'm using a T4 template to do so. The problem is, automatically generated proxies are added in "Service Reference" folder but ProjectItems (files) are hidden by default and the following code does not find them in the project structure: var sr = GetProjectItem(project, "Service References"); if(sr != null) { foreach(ProjectItem item in sr.ProjectItems) { foreach(var file in item.ProjectItems) { //Services.Add(new ServiceInfo { Name = file.Name }); } } } The above code runs and although service reference is found, and there are ProjectItems under that node (named by the webservice reference name), under object under that node is of type System.__ComObject and I'm not sure how to progress. Any help is appreciated.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 102 103 104 105 106 107 108 109 110 111 112 113  | Next Page >