Search Results

Search found 8253 results on 331 pages for 'secure coding'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 109/331 | < Previous Page | 105 106 107 108 109 110 111 112 113 114 115 116  | Next Page >

  • How to detect hidden field tampering?

    - by Myron
    On a form of my web app, I've got a hidden field that I need to protect from tampering for security reasons. I'm trying to come up with a solution whereby I can detect if the value of the hidden field has been changed, and react appropriately (i.e. with a generic "Something went wrong, please try again" error message). The solution should be secure enough that brute force attacks are infeasible. I've got a basic solution that I think will work, but I'm not security expert and I may be totally missing something here. My idea is to render two hidden inputs: one named "important_value", containing the value I need to protect, and one named "important_value_hash" containing the SHA hash of the important value concatenated with a constant long random string (i.e. the same string will be used every time). When the form is submitted, the server will re-compute the SHA hash, and compare against the submitted value of important_value_hash. If they are not the same, the important_value has been tampered with. I could also concatenate additional values with the SHA's input string (maybe the user's IP address?), but I don't know if that really gains me anything. Will this be secure? Anyone have any insight into how it might be broken, and what could/should be done to improve it? Thanks!

    Read the article

  • Single Sign On for WebServices, WCS, WFS, WMS (Geoserver), etc.

    - by lajuette
    I'm trying to implement a Single Sign On (SSO) for a web application. Maybe you can help me find a proper solution, give me a direction or tell me, that solutions already exist. The scenario: A GeoExt (ExtJS for geodata/map based apps) webapp (JavaScript only) has a login form to let the user authenticate himself. The authentication is not implemented yet, so i'm flexible with respect to that. After authenticating to the main webapp the user indirectly accesses multiple 3rd-party services like WebServices, GeoServer WFS, Google Maps, etc. These services might require additional authentication like credentials or keys. We are (so far) not talking about additional login screens, just some kind of "machine to machine"-authentication. The main problem: I'm unable to modify the 3rd party services (e.g. Google) to add a SSO mechanism. I'd like to have a solution that allows the user to log in once to have access to all the services required. My first idea was a repository that stores all the required credentials or keys. The user logs in and can retrieve all required information to acces sthe other services. Does anybody know of existing implementations, papers, maybe implementations of such services? Other requirements: The communication between the JS application and the repository must be secure. The credentials must be stored in a secure manner. But the JS app must be able to use them to access the services (no chance to store a decryption key in a JS-app securely, eh? *g).

    Read the article

  • Game login authentication and security.

    - by Charles
    First off I will say I am completely new to security in coding. I am currently helping a friend develop a small game (in Python) which will have a login server. I don't have much knowledge regarding security, but I know many games do have issues with this. Everything from 3rd party applications (bots) to WPE packet manipulation. Considering how small this game will be and the limited user base, I doubt we will have serious issues, but would like to try our best to limit problems. I am not sure where to start or what methods I should use, or what's worth it. For example, sending data to the server such as login name and password. I was told his information should be encrypted when sending, so in-case someone was viewing it (with whatever means), that they couldn't get into the account. However, if someone is able to capture the encrypted string, wouldn't this string always work since it's decrypted server side? In other words, someone could just capture the packet, reuse it, and still gain access to the account? The main goal I am really looking for is to make sure the players are logging into the game with the client we provide, and to make sure it's 'secure' (broad, I know). I have looked around at different methods such as Public and Private Key encryption, which I am sure any hex editor could eventually find. There are many other methods that seem way over my head at the moment and leave the impression of overkill. I realize nothing is 100% secure. I am just looking for any input or reading material (links) to accomplish the main goal stated above. Would appreciate any help, thanks.

    Read the article

  • Help securing files access with htaccess and php?

    - by bschaeffer
    I'm working on a site that allows users to purchase digital content and have implemented a method that attempts to serve secure downloads. I'm using CodeIgniter to force downloads like this: $file = file_get_contents($path); force_download("my_file_name.zip", $file); Of course, I make sure the user has access to the file using a database before serving the download, but I was wondering if there was a way to make these files more secure. I'm using a some 8-10 letter keys to create the file paths so urls to the files aren't exactly easy to figure out... something like http://mysite.com/as67Hgr/asdo0980/uth89.zip in lieu of http://mysite.com/downloads/my_file.zip. Also, I'm using .htaccess to deny directory browsing like so: Options All -Indexes. Other than that... I have no idea what steps to take. I've seen articles suggesting username and password methods using .htaccess, but I don't understand how to bypass the password prompt that would occur using that method. I was hoping there might be a method where I could send a username and password combination using headers and cUrl (or something similar), but I wouldn't know where to start. Any help would be hugely appreciated. Thanks in advance!

    Read the article

  • Create a HTML table from nested maps (and vectors)

    - by Kenny164
    I'm trying to create a table (a work schedule) I have coded previously using python, I think it would be a nice introduction to the Clojure language for me. I have very little experience in Clojure (or lisp in that matter) and I've done my rounds in google and a good bit of trial and error but can't seem to get my head around this style of coding. Here is my sample data (will be coming from an sqlite database in the future): (def smpl2 (ref {"Salaried" [{"John Doe" ["12:00-20:00" nil nil nil "11:00-19:00"]} {"Mary Jane" [nil "12:00-20:00" nil nil nil "11:00-19:00"]}] "Shift Manager" [{"Peter Simpson" ["12:00-20:00" nil nil nil "11:00-19:00"]} {"Joe Jones" [nil "12:00-20:00" nil nil nil "11:00-19:00"]}] "Other" [{"Super Man" ["07:00-16:00" "07:00-16:00" "07:00-16:00" "07:00-16:00" "07:00-16:00"]}]})) I was trying to step through this originally using for then moving onto doseq and finally domap (which seems more successful) and dumping the contents into a html table (my original python program outputed this from a sqlite database into an excel spreadsheet using COM). Here is my attempt (the create-table fn): (defn html-doc [title & body] (html (doctype "xhtml/transitional") [:html [:head [:title title]] [:body body]])) (defn create-table [] [:h1 "Schedule"] [:hr] [:table (:style "border: 0; width: 90%") [:th "Name"][:th "Mon"][:th "Tue"][:th "Wed"] [:th "Thur"][:th "Fri"][:th "Sat"][:th "Sun"] [:tr (domap [ct @smpl2] [:tr [:td (key ct)] (domap [cl (val ct)] (domap [c cl] [:tr [:td (key c)]]))]) ]]) (defroutes tstr (GET "/" ((html-doc "Sample" create-table))) (ANY "*" 404)) That outputs the table with the sections (salaried, manager, etc) and the names in the sections, I just feel like I'm abusing the domap by nesting it too many times as I'll probably need to add more domaps just to get the shift times in their proper columns and the code is getting a 'dirty' feel to it. I apologize in advance if I'm not including enough information, I don't normally ask for help on coding, also this is my 1st SO question :). If you know any better approaches to do this or even tips or tricks I should know as a newbie, they are definitely welcome. Thanks.

    Read the article

  • Choosing an installer product that is free and will download/install the .NET Framework

    - by Coder7862396
    I'm currently using the Visual Studio Installer (Setup Project) in Visual Studio 2010 as the installer for MyProgram. It has some quirky bugs and is not very customizable so I would like to switch to another installer product. Here are my requirements: Must be free (and licensed for commercial use) Must install the Windows Installer 3.1 and .NET Framework 4.0 if the client doesn't have them The installer will download them if they are not available The code for detecting the .NET Framework and downloading it must be written by Microsoft (I do not want to have to update hard-coded URLs and registry keys in the future). I know that the Windows SDK includes a setup bootstrap that does this (C:\Program Files\Microsoft SDKs\Windows\v7.0A\Bootstrapper) In the future, when .NET Framework 5 is released and MyProgram uses it, no installer code will need to be changed, the updated installer product should see that MyProgram now uses the .NET Framework version 5 and will install that Here are my current choices: Visual Studio Installer: Automatically detects/downloads/installs Windows Installer and .NET Framework using a bootstrapper Setup.exe (Good!) Limited/buggy functionality (Uninstall shortcuts in the Start Menu cause empty folders to be left behind during uninstall, asking the user if they want a desktop shortcut requires a lot of work, etc.) NSIS: Doesn't natively support the .NET Framework so adding it as a prerequisite requires excessive coding, hardcoded URLS, etc. Inno Setup: Doesn't natively support the .NET Framework so adding it as a prerequisite requires excessive coding, hardcoded URLs, etc. WiX: Steep learning curve... not sure if I want to spend weeks learning it only to find out that it has the same uninstall problem as the Visual Studio Installer (because they both use MSI files) InstallShield LE 2010: Downloading it requires me to setup a fake email account to register just to download it. Then once it is installed it has to contact the company's servers and transmit some private information to them before I'm even allowed to try the free version. This is the most insidious form of DRM that there is and I will not accept it.

    Read the article

  • How do you think while formulating Sql Queries. Is it an experience or a concept ?

    - by Shantanu Gupta
    I have been working on sql server and front end coding and have usually faced problem formulating queries. I do understand most of the concepts of sql that are needed in formulating queries but whenever some new functionality comes into the picture that can be dont using sql query, i do usually fails resolving them. I am very comfortable with select queries using joins and all such things but when it comes to DML operation i usually fails For every query that i never done before I usually finds uncomfortable with that while creating them. Whenever I goes for an interview I usually faces this problem. Is it their some concept behind approaching on formulating sql queries. Eg. I need to create an sql query such that A table contain single column having duplicate record. I need to remove duplicate records. I know i can find the solution to this query very easily on Googling, but I want to know how everyone comes to the desired result. Is it something like Practice Makes Man Perfect i.e. once you did it, next time you will be able to formulate or their is some logic or concept behind. I could have get my answer of solving above problem simply by posting it on stackoverflow and i would have been with an answer within 5 to 10 minutes but I want to know the reason. How do you work on any new kind of query. Is it a major contribution of experience or some an implementation of concepts. Whenever I learns some new thing in coding section I tries to utilize it wherever I can use it. But here scenario seems to be changed because might be i am lagging in some concepts.

    Read the article

  • PHP (A few questions) OO, refactoring, eclipse

    - by jax
    I am using PHP in eclipse. It works ok, I can connect to my remote site, there is colour coding of code elements and some code hints. I realise this may be too long to answer all questions, if you have a good answer for one part, answering just that is ok. Firstly General Coding I have found that it is easy to loose track of included files and their variables. For example if there was a database $cursor it is difficult to remember or even know that it was declared in the included file (this becomes much worse the more files you include). How are people dealing with this? How are people documenting their code - in particular the required GET and POST data? Secondly OO Development: Should I be going full OO in my development. Currently I have a functions library which I can include and have separated each "task" into a separate file. It is a bit nasty but it works. If I go OO how do I structure the directories in PHP, java uses packages - what about php? How should I name my files, should I use all lower case with _ for spaces "hello_world.php"? Should I name classes with Uppercase like Java "HelloWorld.php"? Is there a different naming convention for Classes and regular function files? Thirdly Refactoring I must say this is a real pain. If I change the name of a variable in one place I have to go through whole document and each file that included this file and change the name their too. Of course, errors everywhere is what results. How are people dealing with this problem? In Java if you change the name in one place it changes everywhere. Are there any plugins to improve php refactoring? I am using the official PHP version of Eclipse from their website. thanks

    Read the article

  • Help with php code - need to add condition to make one link https

    - by Kaskade
    Hi, I have a wordpress blog and I need to make one of the pages secure. I have been told to make the link to that page point to https://claimpage.html as opposed to http://claimpage.html. The problem is I don't actually create the menu that links the user to the individual pages. This is done automatically by the code in the background. I think I need to put in some sort of an IF statement, saying, if the title of the page is "claim now" then use https otherwise use http. I found this code in the header.php so I think my changes need to go in here but I'm not really sure what to do. <div id="navbar"> <ul class="menu"> <li class="<?php if ( is_home() ) { ?>current_page_item<?php } else { ?>page_item<?php } ?>"><a href="<?php echo get_settings('home'); ?>"><?php _e('Home'); ?></a></li> <?php wp_list_pages('sort_column=id&depth=1&title_li='); ?> <?php wp_register('<li>','</li>'); ?> </ul> </div> <!-- end of #navbar --> Any suggestions as to how I can make one page that I know the title and url or https while the others are kept using normal http? The site is hosted on a secure server so I do have an ssl certificate.

    Read the article

  • rapid application developement tools for very basic GUI apps

    - by Jurij
    I know there are many RAD platforms out there. Infact there are so many that I'm having a hard time finding out which one fits me best. What I want is a RAD tool that would allow me to define a database data model (make DB tables) and then create (view and edit) forms for the various tables. Data input, updating and various queries should be easy and GUI should generate automatically. I'd like to add some additional functionality by coding (such as various complex calculations on the data). I'm a programmer so I'm willing to learn to use a more complete, full-blown RAD solution if you can point me to it (NetBeans and RubyOnRails being the two such frameworks that I'd would probably be high on the list). I'm currently doing Windows Forms logistics apps in .NET. I've actually developed a very crude and basic version of what I need, but I just know that there are solutions out there that are much better and I'd benefit by knowing how to use them. So in short, the basic requirements: * database based data storage (SQLite if possible) * very automated GUI creation * desktop based (as in: not a web app) * extendable by coding * used for creating simple data entry, view & query apps. So basically something like Oracle Forms or DotNetMushroom Rapid Application Developer. But for .NET and SQLite if possible.

    Read the article

  • How to make a good programming interview?

    - by luckyluke
    I am doing interviews with from time to time to recruit some not bad people. And I really think I AM NOT doing to correct Job. I work in a company when We have to do a lot o DB programming, .NET programming, Java programming, so we need people who are open minded and not focused on a particular tech. Afterall language is a notation, You have to understand what is going under the hood. I ask people about their project, ask them some coding questions (believe me a SQL question involving a CROSS JOIN is hard), let them write some code, ask them about oo design, ask them how they update their knowledge, and stay up to date, do they have FUN when they code (at least sometimes). Hell I even give them a coding solution for home (3 hours max) to see how they think and code. And yet my hit rate at hiring junior member (those who live over the initial 3 months) is just about 33%. So my question, how do YOU make the good interviews, because I think my hit rate is to low? Do you have any best-practices(should be at least 60-70%)? p.s. And i noticed that: the best programmers are lazy, but motivated, just being lazy is not enough:) But people who write the best code are attentive to details:)

    Read the article

  • How to verify the SSL connection when calling an URI?

    - by robertokl
    Hello, I am developing an web application that is authenticated using CAS (A single-sign-on solution: http://www.ja-sig.org/wiki/display/CAS/Home). For security reasons, I need two things to work: The communication between CAS and my application needs to be secure My application needs to accept the certification coming with CAS, so that I can guarantee that the CAS responding is the real CAS Server. This is what I got so far: uri = URI.parse("https://www.google.com/accounts") https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = (uri.scheme == 'https') https.verify_mode = (OpenSSL::SSL::VERIFY_PEER) raw_res = https.start do |conn| conn.get("#{uri.path}?#{uri.query}") end This works just great in my Mac OSX. When I try to reach an insecure uri, it raises an exception, and when I try to reach a secure uri, it allow me normally, just like expected. The problem starts when I deploy my application on my Linux server. I tried in both Ubuntu and Red Hat. Independing of what uri I try to reach, it always raises me this exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect' from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect' from /usr/local/lib/ruby/1.8/net/http.rb:553:in `do_start' from /usr/local/lib/ruby/1.8/net/http.rb:542:in `start' from (irb):7 I think this have something to do with my installed OpenSSL package, but I can't be sure. This are my installed OpenSSL packages: openssl.x86_64 0.9.8e-12.el5 installed openssl-devel.x86_64 0.9.8e-12.el5 installed I tried using HTTParty as well, but it just ignores the SSL certificated. I hope someone can help me, either by telling me a gem that works the way I need. Thanks.

    Read the article

  • Is it possible to unstick a remote IIS ASP server after an exception hangs the session?

    - by user89691
    I have been coding an app in classic ASP that accesses 2 Access databases. I had a page I was working on throw an exception, which is normal during development and causes no lasting problems. This time however, after the exception any attempt to open either of the databases would freeze the session with an infinite script timeout. If I delete the session cookie I an able to access ASP pages again until I try to open the database again. The database that was open when the exception was thrown is left open. There is a LDB lock file and I can't rename or delete either the LDB or MDB file, though I can download the MDB file with FTP. The 2nd access database is not open but any attempt to read this also hangs the session. Accessing HTML pages is fine. The site is hosted with Hostway and they are not interested ("Coding problem = Your problem" even though it leaves my site dead in the water, I suspect until the next reboot, whenever that might be). Here is the dump from the relevant ASP page that threw the exception: Active Server Pages error 'ASP 0115' Unexpected error /translatestats.asp A trappable error (C0000005) occurred in an external object. The script cannot continue running. Active Server Pages error 'ASP 0240' Script Engine Exception /translatestats.asp A ScriptEngine threw exception 'C0000005' in 'IActiveScript::Close()' from 'CActiveScriptEngine::FinalRelease()'. Is there any way I can unstick the site / force close the database remotely ?

    Read the article

  • How to verify the SSL connection when calling a URI?

    - by robertokl
    Hello, I am developing a web application that is authenticated using CAS (A single-sign-on solution: http://www.ja-sig.org/wiki/display/CAS/Home). For security reasons, I need two things to work: The communication between CAS and my application needs to be secure My application needs to accept the certification coming from CAS, so that I can guarantee that the CAS responding is the real CAS server This is what I got so far: uri = URI.parse("https://www.google.com/accounts") https = Net::HTTP.new(uri.host, uri.port) https.use_ssl = (uri.scheme == 'https') https.verify_mode = (OpenSSL::SSL::VERIFY_PEER) raw_res = https.start do |conn| conn.get("#{uri.path}?#{uri.query}") end This works just great in Mac OS X. When I try to reach an insecure URI, it raises an exception, and when I try to reach a secure URI, it allows me normally, just like expected. The problem starts when I deploy my application on my Linux server. I tried in both Ubuntu and Red Hat. Independent of what URI I try to reach, it always raises this exception: OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect' from /usr/local/lib/ruby/1.8/net/http.rb:586:in `connect' from /usr/local/lib/ruby/1.8/net/http.rb:553:in `do_start' from /usr/local/lib/ruby/1.8/net/http.rb:542:in `start' from (irb):7 I think this have something to do with my installed OpenSSL package, but I can't be sure. This are my installed OpenSSL packages: openssl.x86_64 0.9.8e-12.el5 installed openssl-devel.x86_64 0.9.8e-12.el5 installed I tried using HTTParty as well, but it just ignores the SSL certificate. I hope someone can help me, or tell me about a gem that works the way I need. Thanks.

    Read the article

  • How important is it to use SSL?

    - by Mark
    Recently I installed a certificate on the website I'm working on. I've made as much of the site as possible work with HTTP, but after you log in, it has to remain in HTTPS to prevent session hi-jacking, doesn't it? Unfortunately, this causes some problems with Google Maps; I get warnings in IE saying "this page contains insecure content". I don't think we can afford Google Maps Premier right now to get their secure service. It's sort of an auction site so it's fairly important that people don't get charged for things they didn't purchase because some hacker got into their account. All payments are done through PayPal though, so I'm not saving any sort of credit card info, but I am keeping personal contact information. Fraudulent charges could be reversed fairly easily if it ever came to that. What do you guys suggest I do? Should I take the bulk of the site off HTTPS and just secure certain pages like where ever you enter your password, and that's it? That's what our competition seems to do.

    Read the article

  • E-Commerce Security: Only Credit Card Fields Encrypted?!

    - by bizarreunprofessionalanddangerous
    I'd like your opinions on how a major bricks-and-mortar company is running the security for its shopping Web site. After a recent update, when you are logged into your shopping account, the session is now not secured. No 'https', no browser 'lock'. All the personal contact info, shopping history -- and if I'm not mistaken submit and change password -- are being sent unencrypted. There is a small frame around the credit card fields that is https. There's a little notice: "Our website is secure. Our website uses frames and because of this the secure icon will not appear in your browser" On top of this the most prominent login fields for the site are broken, and haven't gotten fixed for a week or longer (giving the distinct impression they have no clue what's going on and can't be trusted with anything). Now is it just me -- or is this simply incomprehensible for a billion dollar company, significant shopping site, in the year 2010. No lock. "We use frames" (maybe they forget "Best viewed in IE4"). Customers complaining, as you can see from their FAQ "explaining" why you aren't seeing https. I'm getting nowhere trying to convince customer service that they REALLY need to do something about this, and am about to head for the CEO. But I just want to make sure this is as BIZARRE and unprofessional and dangerous a situation as I think it is. (I'm trying to visualize what their Web technical team consists of. I'm getting A) some customer service reps who were given a 3 hour training course on Web site maintenance, B) a 14 year old boy in his bedroom masquerading as a major technical services company, C) a guy in a hut in a jungle with an e-commerce book from 1996.)

    Read the article

  • Method of transforming 3D vectors with a matrix

    - by Drew Noakes
    I've been doing some reading on transforming Vector3 with matrices, and am tossing up digging deeper into the math and coding this myself versus using existing code. For whatever reason my school curriculum never included matrices, so I'm filling a gap in my knowledge. Thankfully I only need a few simple things, I think. Context is that I'm programming a robot for the RoboCup 3D league. I'm coding it in C# but it'll have to run on Mono. Ideally I wouldn't use any existing graphics libraries for this (WinForms/WPF/XNA) as all I really need is a neat subset of matrix transformations. Specifically, I need translation and x/y/z rotations, and a way of combining multiple transformations into a single matrix. This will then be applied to my own Vector3 type to produce the transformed Vector3. I've read different advice about this. For example, some model the transformation with a 4x3 matrix, others with a 4x4 matrix. Also, some examples show that you need a forth value for the vector's matrix of 1. What happens to this value when it's included in the output? [1 0 0 0] [x y z 1] * [0 1 0 0] = [a b c d] [0 0 1 0] [2 4 6 1] The parts I'm missing are: What sizes my matrices should be Compositing transformations by multiplying the transformation matrices together Transforming 3D vectors with the resulting matrix As I mostly just want to get this running, any psuedo-code would be great. Information about what matrix values perform what transformations is quite clearly defined on many pages, so need not be discussed here unless you're very keen :)

    Read the article

  • 'Forward-Compatible' Program Design

    - by Jeffrey Kern
    The majority of my questions I've asked here so far on StackOverflow have been how to implement individual concepts and techniques towards developing a software-based NES clone via the XNA environment. The small samples that I've thrown together on my PC work relatively great and everything. Except I hit a brick wall. How do I merge all of these samples together. Having proof-of-concept is amazing, except when you need it to go beyond just that. I now have samples strewn about that I'm trying to merge, some of them incomplete. And now I'm stuck with the chicken-and-the-egg situation of where I would like to incorporate these samples together, to make sure they work, but I cannot without test data. And I don't have tools to create test data, because they'd need to be based off of the individual pieces that need to be put together. In my mind, I'm having nightmares with circular reference. For my sample data, I am hoping to save it in XML and write a specification - and then make sample data by hand - but I'm too paranoid of manually creating an XML file full of incorrect data and blaming it on my code, or vice-versa. It doesn't help that the end-result of my work is graphic-oriented, which makes it interseting how a graphic on the screen can be visualized in XML Nodes. I guess, my question is this: What design patterns and disciplines exist in the coding world that address this type of concern? I've always relied on brute-force coding and restarting a project with a whole new code base in attempts to further along my goals, but I doubt that would be the best way to do so. Within my college career, the majority of my programming was to work on simple projects that came out of a book, or with a given correct data set and a verifyable result. I don't have that, as my own design documents that I am going by could be terribly wrong.

    Read the article

  • How to process AJAX requests more securely in PHP?

    - by animuson
    Ok, so I want to send AJAX requests to my website from my Flash games to process data, but I don't want people downloading them, decompiling them, then sending fake requests to be processed, so I'm trying to figure out the most secure way to process in the PHP files. My first idea was to use Apache's built in Authorization module to require a username and password to access the pages on a separate subdomain of my website, but then you'd have to include that username and password in the AJAX request anyway so that seems kind of pointless to even try. My current option looks pretty promising but I want to make sure it will work. Basically it just checks the IP address being sent using REMOTE_ADDR to make sure it's the IP address that my server runs on. <? $allowed = new Array("64.120.211.89", "64.120.211.90"); if (!in_array($_SERVER['REMOTE_ADDR'], $allowed)) header("HTTP/1.1 403 Forbidden"); ?> Both of those IP addresses point to my server. Things I'm worried about: 1) If I send a request from Flash/ActionScript, will that affect the IP address in any way? 2) Is it possible for malicious users to change the IP address that is being sent with REMOTE_ADDR to one of my IP addresses? Any other ways you would suggest that might be more secure?

    Read the article

  • ListBox and Listview problem

    - by Anu
    Hi, I have listbox in my applcation and corresponding coding.. XAML: <DataTemplate x:Key="menuItemTemplate"> <WrapPanel> <TextBlock Text="{Binding Path = Menu}" /> </WrapPanel> </DataTemplate> <ListBox x:Name="menubox" ItemsSource="{Binding}" ItemTemplate="{StaticResource menuItemTemplate}" Margin="0,5,0,0"> .CS : public void Add(string[] menu) { ItemList items = ItemList.Load(menu); DataContext = items; } It works fine.Later i add Listview for another purpose and i coded like the same way of listbox XAML: <DataTemplate x:Key="ListItemTemplate"> <WrapPanel> <TextBlock Text="{Binding Path = Title}" /> </WrapPanel> </DataTemplate> <ListView ItemsSource="{Binding}" ItemTemplate="{StaticResource ListItemTemplate}" Name="listView1" /> .cs coding: public void SetTree(string Title,int BoxNo ) { TreeList items1 = TreeList.Load(Title,BoxNo); DataContext = items1; } After adding Listview,what happended this ListView show data,but Listbox didnot show anything.When i click the listbox it perfectly executing the clicking event of listbox.Only problem it doesnot display the text.What can i do for that. Here i added corresponding list class pls see tht. namespace Tabcontrol { public class TreeList : Collection<TreeItems> { public int size; public TreeList() { size = 0; } public int Count { get { return size; } } public static TreeList Load(string pmenu,int Box) { TreeList result = new TreeList(); TreeItems item = TreeItems.Load(pmenu,Box); result.Add(item); return result; } } } The ItemList class also the same thing, only variable names are getting differred.

    Read the article

  • Java OO design confusion: how to handle actions modified by states modified by actions...

    - by Arvanem
    Hi folks, Given an entity, whose action is potentially modified by states (of the entity and other entities) in turn potentially modified by other actions (of the entity and other entities) , what is the best way to code or design to handle the potential existence of the modifiers? Speaking metaphorically, I am coding a Java application representing a piano. As you know a piano has keys (which, when pressed, emit sound) and pedals (which, when pressed, modify the keys' sounds). My base class structure is as follows: Entity (for keys and pedals) State (this holds each entity's states, e.g. name such as "soft pedal", and boolean "Pressed"), Action (this holds each entity's actions, e.g. play sound when pressed, or modify others sounds). By composition, the Entity class has a copy of each of State and Action inside it. e.g.: public class Entity { State entityState = new State(); Action entityAction = new Action(); Thus I have coded a "C-Sharp" key Entity. When I "press" that entity (set its "Pressed" state to true), its action plays a "C-Sharp" sound and then sets its "Pressed" state to false. At the same time, if the "C-Sharp" key entity is not "tuned", its sound deviates from "C-Sharp". Meanwhile I have coded a "soft pedal" Entity. When that entity is "pressed", no sound plays but its action is to make softer the sound of the "C-Sharp" and other key entities. I have also coded a "sustain pedal" Entity. When that entity is "pressed", no sound plays but its action is to enable reverberation of the sound of the "C-Sharp" and other key entities. Both the "soft" and "sustain pedals" can be pressed at the same time with the result that keys entities become both softened and reverberating. In short, I do not understand how to make this simultaneous series of states and actions modify each other in a sensible OO way. I am wary of coding a massive series of "if" statements or "switches". Thanks in advance for any help or links you can offer.

    Read the article

  • Avoiding Multiple Dialog Calls with htaccess

    - by Jeffrey J Weimer
    OK, I'm new to this, so pardon if the question is already a FAQ. Searching multiple places still leaves me dumbfounded. I have a Web site generated with iWeb09/Mac hosting on an ISP. To secure certain pages, I am trying to set up .htaccess + .htpasswd files. The basic directory structure is ... Main index.html Images.html Images (some css, js stuff) Media Image01 Image01.jpeg ... Image02 Image02.jpeg ... I want to password protect access to the Images directory and all the files therein. The index.html file has a link to the Images.html file that contains the layout for the files in the Images directory. I have put a basic .htaccess file at the Main level that restricts access via ... <Files "Images.html"> AuthType Basic AuthName "Images" AuthUserFile /Main/.htpasswd AuthGroupFile /dev/null Require valid-user </Files> I have then created a valid .htpasswd file. All works at the start, however after the first call to set up the Images.html page, the secure login prompt is displayed multiple times, presumably once for every sub-sub-directory Images/Media/ImageXX (with multiple sub-directories, I just give up after two or three times). I have also tried placing the .htaccess file inside the Images directory with the same problem. Recommendations I have seen suggest a better convention is needed in the basic .htaccess file itself. Alternatively, perhaps a companion .htaccess is needed in the Images directory. So, how do I fix this problem? -- JJW

    Read the article

  • Api/plugins for open source libraries?

    - by fayer
    whenever i use a open source library eg. Doctrine i always ending up coding a class (so called Facade) to use the Doctrine library. so next time i want to create a user i just type: $fields = array('name' => 'peter', 'email' => '[email protected]'); Doctrine_Facade::create_entity($entity, $fields); then it creates an entity with the provided information. so i guess, all coders will create their own "Facade". i wonder how usual it is with open source Facades to download and interact with the open source libraries? is this rare cause i haven't seen any of these. in some frameworks i have seen them called plugins, eg. plugins for twitter api or facebook api. so whenever you download a library, should you search for plugins/facades on the net, or is it better to just try coding your own? i just thought it would be great for everyone not to reinvent the wheel. thanks.

    Read the article

  • Error in Getting Youtube Video Title, Description and thumbnail

    - by Muhammad Ayyaz Zafar
    I was getting youtube title and youtube description form the same code but now its not working I am getting following error: Warning: DOMDocument::load() [domdocument.load]: http:// wrapper is disabled in the server configuration by allow_url_fopen=0 in /home/colorsfo/public_html/zaroorat/admin/pages/addSongProcess.php on line 16 Warning: DOMDocument::load(http://gdata.youtube.com/feeds/api/videos/Y7G-tYRzwYY) [domdocument.load]: failed to open stream: no suitable wrapper could be found in /home/colorsfo/public_html/zaroorat/admin/pages/addSongProcess.php on line 16 Warning: DOMDocument::load() [domdocument.load]: I/O warning : failed to load external entity "http://gdata.youtube.com/feeds/api/videos/Y7G-tYRzwYY" in /home/colorsfo/public_html/zaroorat/admin/pages/addSongProcess.php on line 16 .................................... Following Coding is used to get Youtube Video Data: $url = "http://gdata.youtube.com/feeds/api/videos/".$embedCodeParts2[0]; $doc = new DOMDocument; @$doc->load($url); $title = $doc->getElementsByTagName("title")->item(0)->nodeValue; $videoDescription = $doc->getElementsByTagName("description")->item(0)->nodeValue; It was working before (This coding is working fine in Local server but on internet its not working) but now its not working. Please guide me how to fix this error. Thanks for your time.

    Read the article

  • 'Fixed' for loop - what is more efficient?

    - by pimvdb
    I'm creating a tic-tac-toe game, and one of the functions has to iterate through each of the 9 fields (tic-tac-toe is played on a 3x3 grid). I was wondering what is more efficient (which one is perhaps faster, or what is the preferred way of scripting in such situation) - using two for nested loops like this: for(var i=0; i<3; i++) { for(var j=0; j<3; j++) { checkField(i, j); } } or hard-coding it like this: checkField(0, 0); checkField(0, 1); checkField(0, 2); checkField(1, 0); checkField(1, 1); checkField(1, 2); checkField(2, 0); checkField(2, 1); checkField(2, 2); As there are only 9 combinations, it would be perhaps overkill to use two nested for loops, but then again this is clearer to read. The for loop, however, will increment variables and check whether i and j are smaller than 3 every time as well. In this example, the time saving at least might be negligible, but what is the preferred way of coding in this case? Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 105 106 107 108 109 110 111 112 113 114 115 116  | Next Page >