Search Results

Search found 8253 results on 331 pages for 'secure coding'.

Page 110/331 | < Previous Page | 106 107 108 109 110 111 112 113 114 115 116 117  | Next Page >

• Cryptography: best practices for keys in memory?

  - by Johan

  Background: I got some data encrypted with AES (ie symmetric crypto) in a database. A server side application, running on a (assumed) secure and isolated Linux box, uses this data. It reads the encrypted data from the DB, and writes back encrypted data, only dealing with the unencrypted data in memory. So, in order to do this, the app is required to have the key stored in memory. The question is, is there any good best practices for this? Securing the key in memory. A few ideas: Keeping it in unswappable memory (for linux: setting SHM_LOCK with shmctl(2)?) Splitting the key over multiple memory locations. Encrypting the key. With what, and how to keep the...key key.. secure? Loading the key from file each time its required (slow and if the evildoer can read our memory, he can probably read our files too) Some scenarios on why the key might leak: evildoer getting hold of mem dump/core dump; bad bounds checking in code leading to information leakage; The first one seems like a good and pretty simple thing to do, but how about the rest? Other ideas? Any standard specifications/best practices? Thanks for any input!

  Read the article

• Calling a subclass method from a superclass

  - by Shaun

  Preface: This is in the context of a Rails application. The question, however, is specific to Ruby. Let's say I have a Media object. class Media < ActiveRecord::Base end I've extended it in a few subclasses: class Image < Media def show # logic end end class Video < Media def show # logic end end From within the Media class, I want to call the implementation of show from the proper subclass. So, from Media, if self is a Video, then it would call Video's show method. If self is instead an Image, it would call Image's show method. Coming from a Java background, the first thing that popped into my head was 'create an abstract method in the superclass'. However, I've read in several places (including Stack Overflow) that abstract methods aren't the best way to deal with this in Ruby. With that in mind, I started researching typecasting and discovered that this is also a relic of Java thinking that I need to banish from my mind when dealing with Ruby. Defeated, I started coding something that looked like this: def superclass_method # logic this_media = self.type.constantize.find(self.id) this_media.show end I've been coding in Ruby/Rails for a while now, but since this was my first time trying out this behavior and existing resources didn't answer my question directly, I wanted to get feedback from more-seasoned developers on how to accomplish my task. So, how can I call a subclass's implementation of a method from the superclass in Rails? Is there a better way than what I ended up (almost) implementing?

  Read the article

• How do I use .htaccess to redirect to a URL containing HTTP_HOST?

  - by Jon Cram

  Problem I need to redirect some short convenience URLs to longer actual URLs. The site in question uses a set of subdomains to identify a set of development or live versions. I would like the URL to which certain requests are redirected to include the HTTP_HOST such that I don't have to create a custom .htaccess file for each host. Host-specific Example (snipped from .htaccess file) Redirect /terms http://support.dev01.example.com/articles/terms/ This example works fine for the development version running at dev01.example.com. If I use the same line in the main .htaccess file for the development version running under dev02.example.com I'd end up being redirected to the wrong place. Ideal rule (not sure of the correct syntax) Redirect /terms http://support.{HTTP_HOST}/articles/terms/ This rule does not work and merely serves as an example of what I'd like to achieve. I could then use the exact same rule under many different hosts and get the correct result. Answers? Can this be done with mod_alias or does it require the more complex mod_rewrite? How can this be achieved using mod_alias or mod_rewrite? I'd prefer a mod_alias solution if possible. Clarifications I'm not staying on the same server. I'd like: http://example.com/terms/ - http://support.example.com/articles/terms/ https://secure.example.com/terms/ - http://support.example.com/articles/terms/ http://dev.example.com/terms/ - http://support.dev.example.com/articles/terms/ https://secure.dev.example.com/terms/ - http://support.dev.example.com/articles/terms/ I'd like to be able to use the same rule in the .htaccess file on both example.com and dev.example.com. In this situation I'd need to be able to refer to the HTTP_HOST as a variable rather than specifying it literally in the URL to which requests are redirected. I'll investigate the HTTP_HOST parameter as suggested but was hoping for a working example.

  Read the article

• How important is it to use SSL on every page of your website?

  - by Mark

  Recently I installed a certificate on the website I'm working on. I've made as much of the site as possible work with HTTP, but after you log in, it has to remain in HTTPS to prevent session hi-jacking, doesn't it? Unfortunately, this causes some problems with Google Maps; I get warnings in IE saying "this page contains insecure content". I don't think we can afford Google Maps Premier right now to get their secure service. It's sort of an auction site so it's fairly important that people don't get charged for things they didn't purchase because some hacker got into their account. All payments are done through PayPal though, so I'm not saving any sort of credit card info, but I am keeping personal contact information. Fraudulent charges could be reversed fairly easily if it ever came to that. What do you guys suggest I do? Should I take the bulk of the site off HTTPS and just secure certain pages like where ever you enter your password, and that's it? That's what our competition seems to do.

  Read the article

• The perfect web UI framework (with Microsoft stack?) - architecture question?

  - by Igorek

  I'm looking for suggestions for the following issue, and I realize there is really not going to be a perfect answer to my question: I have a UI built in WinForms.NET (v4.0 framework) with WCF back-end and EF4 model objects, that I am looking to port to the web. UI is not huge and is not super complex and is structured well. But it is not a super simple system either. I am looking to pick a technology stack for the web-frontend that will target desktop & partially mobile platforms, provide a good development platform to build on, and facilitate code reuse across UI and back-end tiers... I would rather avoid: custom coding of UI-centric scripts, because they are hard to debug, non-compiled, usually a maintenance nightmare, almost always start to contain business logic, and duplicate some of the logic that back-end tiers have (especially validation) custom-coding for Desktop Web and Mobile Web UI's separately (although I realize that mobile web UI will likely contain fewer of data-entry screens and more reporting screens) non-.NET technology stacks I would love to: target the reporting capabilities of the system toward mobile web browsers not have to write a single line of script (javascript, jquery, etc.) utilize a good collection of controls that produces an elegant UI use .NET for everything The way I see it right now, I need to re-write this app in Silverlight, utilize a 3rd party UI framework like Telerik, and re-do the reports UI again for mobile platforms separately. However, I'm rather concerned about the shelf-life of Silverlight and the needed to deploy a different architecture to deal with mobile platform. Is there an ASP.NET/MVC/Ajax architecture/framework/library that would allow me to get at the power of .NET and without painful (imho) client-side scripting, while providing a decent user experience Thank you

  Read the article

• Best practices for encrypting continuous/small UDP data

  - by temp

  Hello everyone, I am having an application where I have to send several small data per second through the network using UDP. The application need to send the data in real-time (no waiting). I want to encrypt these data and insure that what I am doing is as secure as possible. Since I am using UDP, there is no way to use SSL/TLS, so I have to encrypt each packet alone since the protocol is connectionless/unreliable/unregulated. Right now, I am using a 128-bit key derived from a passphrase from the user, and AES in CBC mode (PBE using AES-CBC). I decided to use a random salt with the passphrase to derive the 128-bit key (prevent dictionary attack on the passphrase), and of course use IVs (to prevent statistical analysis for packets). However I am concerned about few things: Each packet contains small amount of data (like a couple of integer values per packet) which will make the encrypted packets vulnerable to known-plaintext attacks (which will result in making it easier to crack the key). Also, since the encryption key is derived from a passphrase, this will make the key space way less (I know the salt will help, but I have to send the salt through the network once and anyone can get it). Given these two things, anyone can sniff and store the sent data, and try to crack the key. Although this process might take some time, once the key is cracked all the stored data will be decrypted, which will be a real problem for my application. So my question is, what is the best practices for sending/encrypting continuous small data using a connectionless protocol (UDP)? Is my way the best way to do it? ...flowed? ...Overkill? ... Please note that I am not asking for a 100% secure solution, as there is no such thing. Cheers

  Read the article

• Best practices for encrytping continuous/small UDP data

  - by temp

  Hello everyone, I am having an application where I have to send several small data per second through the network using UDP. The application need to send the data in real-time (on waiting). I want to encrypt these data and insure that what I am doing is as secure as possible. Since I am using UDP, there is no way to use SSL/TLS, so I have to encrypt each packet alone since the protocol is connectionless/unreliable/unregulated. Right now, I am using a 128-bit key derived from a passphrase from the user, and AES in CBC mode (PBE using AES-CBC). I decided to use a random salt with the passphrase to derive the 128-bit key (prevent dictionary attack on the passphrase), and of course use IVs (to prevent statistical analysis for packets). However I am concerned about few things: Each packet contains small amount of data (like a couple of integer values per packet) which will make the encrypted packets vulnerable to known-plaintext attacks (which will result in making it easier to crack the key). Also, since the encryption key is derived from a passphrase, this will make the key space way less (I know the salt will help, but I have to send the salt through the network once and anyone can get it). Given these two things, anyone can sniff and store the sent data, and try to crack the key. Although this process might take some time, once the key is cracked all the stored data will be decrypted, which will be a real problem for my application. So my question is, what is the best practices for sending/encrypting continuous small data using a connectionless protocol (UDP)? Is my way the best way to do it? ...flowed? ...Overkill? ... Please note that I am not asking for a 100% secure solution, as there is no such thing. Cheers

  Read the article

• Struts 2 security

  - by Dewfy

  Does Struts 2 has complete solution for simple login task? I have simple declaration in struts.xml: <package namespace="/protected" name="manager" extends="struts-default" > <interceptors> <interceptor-stack name="secure"> <interceptor-ref name="roles"> <param name="allowedRoles">registered</param> </interceptor-ref> </interceptor-stack> </interceptors> <default-action-ref name="pindex"/> <action name="pindex" > <interceptor-ref name="completeStack"/> <interceptor-ref name="secure"/> <result>protected/index.html</result> </action> </package> Accessing to this resource shows only (Forbidden 403). So what should I do on the next step to: Add login page (standart Tomcat declaration on web.xml with <login-config> not works) ? Provide security round trip. Do I need write my own servlet or exists struts2 solutions? Thanks in advance!

  Read the article

• How to handle people who lie on their resume

  - by Juliet

  I'm conducting technical interviews to fill a few .NET positions. Many of the people I interview really do know .NET pretty well, but I find at least 90% of embellish their skillset anywhere between "a little" and "quite drastically". Sometimes they fabricate skills relevant to the position they're applying for, sometimes they not. Most of the people I interview, even the most egregious liars, are not scam artists. They just want to stand out among the crowd, so they drop a few buzzwords on their resume like "JBoss", "LINQ", "web services", "Django" or whatever just to pad their skillset and stay competitive. (You might wonder if a person lies about those skills, whether they are just bluffing their way through a technical interview. My interviews involve a lot of hands-on coding and problem-solving -- people who attempt to bluff will bomb the hands-on coding portion in the first 3 minutes.) These are two open-ended questions, but it would really help me out when I make my recommendations to the hiring managers: 1) Regarding interviewing etiquette, should I attempt to determine whether a person really possesses all of the skills they claim to have? Can I do this without making the candidate feel uncomfortable? 2) Regarding the final decision, should I recommend candidates who are genuinely qualified for the positions they're applying for, even if they've fabricated portions of their skillset?

  Read the article

• App is fast on 3GS but slow on 3G

  - by Anthony Chan

  Hi all, I'm new to computer coding and have just finished coding an app and tested it on both 3G and 3GS. On 3GS, it worked as normal as on the simulator. However, when I tried to run it on 3G, the app becomes extremely slow. I'm not sure what's the reason and I hope someone could shed some light on me. Generally, my app has a couple of view controller classes, with one of them being the title page, one being the main page, one is setting, etc. I used a dissolve to transition from the title page to the main page. But even this simple transition shows un-smooth performance on a 3G! My other part of the app involves zooming in to some images by scaling up the images, switching images by push or dissolve upon receiving touch events, saving photos into photo library and storing and retrieving some photos in a folder and some data in a SQlite database, each showing un-smooth actions. Compared with some heavy graphic or heavy maths app, I think mine is pretty simple. I totally have no clue why the app would behave so slow and un-smooth that it is barely useful on a 3G. Any help/ direction would be much appreciated. Thanks for helping out.

  Read the article

• Druapl & Regular PHP Integration

  - by user333128

  I'm building a new website which has one core application and many content pages. Content pages are mostly dynamic and I require a way to manage this dynamic content on a regular basis. The core application's main functionality is a 3 step process or reading user data (input page), reading data from MySQL (product page) and submitting an application to an email address (application page). Ideally I would like to build the core application in regular PHP and leverage Drupal for its content management capabilities. Can Drupal and regular PHP be integrated as I suggest easily? My feeling is that coding the core application as a Drupal module(s) will add layers of complexity that could be difficult to code from the outset and maintain later on as the system matures - so I would really like to just use regular PHP. Let me explain where dynamic content (managed by the CMS) intersects with the core application: Dynamic content such as FAQ data is used both on the 'normal' help pages and also within a mini-feed displayed within core application pages down a right hand side column. In this column, 3 random questions are pulled from the database and displayed as a feed. When users click on FAQ question they are not taken away from the core application product page but are instead shown data in a pop-up window displaying the question and answer. In addition, users can browse other questions and answers through a simple navigation menu within this popup. There are 3 such like feeds as I describe above that I require on the core application product page. So, what is the ideal solution here in terms of 'keeping things simple' for both the management of dynamic content and the ease of coding the core application? Can 'regular PHP' and Drupal co-exist 'peacefully'? If so, how is this technically possible? Because there is some content managed by Drupal contained within core application pages, can the core application still be coded in regular PHP? Any advice / suggestions? Thank you! Jim.

  Read the article

• What are the benefits and risks of moving to a Model Driven Architecture approach?

  - by Tone

  I work for a company with about 350 employees and we are in the process of growing. Our current codebase is not structured very well and we are looking both at how to improve it immediately (by organizing objects into namespaces, separating concerns, etc.) and moving to a model driven architecture approach, where we model and design everything first with uml, then generate code from that model. We have been looking heavily at Sparx Systems Enterprise Architect (EA) (which is UML 2.0 capable) and we are also considering the tools in VS 2010. I know there are other tools out there (Rational XDE being one) but I really do not think we can spend $1500+ per license at this point. I'm not looking for answers on which tool is better than another but more for experiences moving from a cowboy coding environment (that is, little planning and design, just jump in and start coding) to a model driven architecture. Looking back was it helpful to your organization? What are the pain points? What are the risks? What are the benefits?

  Read the article

• protect form hijacking hack

  - by Karem

  Yes hello today I discovered a hack for my site. When you write a msg on a users wall (in my communitysite) it runs a ajax call, to insert the msg to the db and will then on success slide down and show it. Works fine with no problem. So I was rethinking alittle, I am using POST methods for this and if it was GET method you could easily do ?msg=haxmsg&usr=12345679. But what could you do to come around the POST method? I made a new html document, made a form and on action i set "site.com/insertwall.php" (the file that normally are being used in ajax), i made some input fields with names exactly like i am doing with the ajaxcall (msg, uID (userid), BuID (by userid) ) and made a submit button. I know I have a page_protect() function on which requires you to login and if you arent you will be header to index.php. So i logged in (started session on my site.com) and then I pressed on this submit button. And then wops I saw on my site that it has made a new message. I was like wow, was it so easy to hijack POST method i thought maybe it was little more secure or something. I would like to know what could I do to prevent this hijacking? As i wouldnt even want to know what real hackers could do with this "hole". The page_protect secures that the sessions are from the same http user agent and so, and this works fine (tried to run the form without logging in, and it just headers me to startpage) but yea wouldnt take long time to figure out to log in first and then run it. Any advices are appreciated alot. I would like to keep my ajax calls most secure as possible and all of them are running on the POST method. What could I do to the insertwall.php, to check that it comes from the server or something.. Thank you

  Read the article

• HMAC URLs instead of login?

  - by Tres

  In implementing my site (a Rails site if it makes any difference), one of my design priorities is to relieve the user of the need to create yet another username and password while still providing useful per-user functionality. The way I am planning to do this is: User enters information on the site. Information is associated with the user via server-side session. User completes entering information, server sends an access URL via e-mail to the user roughly in the form of: http://siteurl/<user identifier>/<signature: HMAC(secret + salt + user identifier)> User clicks URL, site looks up user ID and salt and computes the HMAC with the server-stored secret and authenticates if the computed HMAC and signature match. My question is: is this a reasonably secure way to accomplish what I'm looking to do? Are there common attacks that would render it useless? Is there a compelling reason to abandon my desire to avoid a username/password? Is there a must-read book or article on the subject? Note that I'm not dealing with credit card numbers or anything exceedingly private, but I would still like to keep the information reasonably secure.

  Read the article

• Which cms or script for social network wiki?

  - by Jason

  Hi, I am building a social network. I need a cms that will allow users to contribute content. Each content item will need to have a google map, list of features, ratings, comments, etc. And the content must be editable by other users with revision control. Also, each user should have a profile with their bookmarked content items, contributed items, comments, etc. It's very important that I can create a template for the wiki/content entries so that each item looks uniform. (and as a kick in the teeth, I would like to be able to search for wiki items using a radial search or map) Joomla was my first choice, as I've used it for many projects, but the wiki functionality is not there. I was also setting up a grou.ps site, but the wiki is so-so - not feature rich and it really doesn't have the option I need. Additionally, I know someone out there will mention Drupal. I may consider it if I can see it put to use without and overabundance of custom programming (I don't mind initial coding, but drupal requires constant coding & recoding - with this site, I dont' have that time commitment) I thought about using mediawiki with buddypress, but i'm not sure if that's the way to go. Thoughts?

  Read the article

• Extracting data form XML file with SimpleXML in PHP

  - by Cudos

  Introduction: I want to loop through XML files with flexible categories structure. Problem: I don't know to loop through a theoretical infinte subcategories without having to make x amount of "for each" statements (See coding example in the bottom). How do I dynamically traverse the categories structure? What I have now: I have no problem looping through XML files with a set structure: <catalog> <category name="Category - level 1"> <category name="Category - level 2"> <category name="Category - level 3" /> </category> <category name="Category - level 2"> <category name="Category - level 3" /> </category> </category> </catalog> Coding example: //$xml holds the XML file foreach ( $xml AS $category_level1 ) { echo $category_level1['name']; foreach ( $category_level1->category AS $category_level2 ) { echo $category_level2['name']; foreach ( $category_level2->category AS $category_level3 ) { echo $category_level3['name']; } } }

  Read the article

• Why might this work on my server but not my schools?

  - by Doug

  I created a captcha just now, and it works PERFECTLY on my own server. On the school's server, it doesn't generate an image. Why might this be? The difference in code is one line. *Edit:*Originally, it was working, but I deleted the directory by mistake and I do not know why did it suddenly work in the first place. Source code on school server: <?php session_save_path("/ichanged/this/path/for/this/post/"); session_start(); $img=imagecreatefromjpeg("bg.jpg"); if( empty($_SESSION['captcha_numbers']) ) { $captcha_numbers = 'error'; } else { $captcha_numbers = $_SESSION['captcha_numbers']; } $image_numbers=$captcha_numbers; $red=rand(100,150); $green=rand(100,255); $blue=rand(100,255); $color=imagecolorallocate($img,255-$red,255-$green,255-$blue); $text=imagettftext($img,12,rand(-7,7),rand(10,20),rand(20,30),$color,"fonts/M04.TTF",$image_numbers); header("Content-type:image/jpeg"); header("Content-Disposition:inline ; filename=secure.jpg"); imagejpeg($img); ?> Source code on my server: <?php session_start(); $img=imagecreatefromjpeg("bg.jpg"); if( empty($_SESSION['captcha_numbers']) ) { $captcha_numbers = 'error'; } else { $captcha_numbers = $_SESSION['captcha_numbers']; } $image_numbers=$captcha_numbers; $red=rand(100,150); $green=rand(100,255); $blue=rand(100,255); $color=imagecolorallocate($img,255-$red,255-$green,255-$blue); $text=imagettftext($img,12,rand(-7,7),rand(10,20),rand(20,30),$color,"fonts/M04.TTF",$image_numbers); header("Content-type:image/jpeg"); header("Content-Disposition:inline ; filename=secure.jpg"); imagejpeg($img); ?>

  Read the article

• How to do this in a smart way

  - by Azzyh

  Hello SO. My websystem im coding with now is integrated from the originally phpBB system. With this i mean when you log on my websystem, you have actually logged into the forum from the login page. Now i came to the "log out" part, and i want to make it smart. Right now its a simply link with logout: <a href="<?php echo BASEDIR; ?>../../ucp.php?mode=logout&sid=<? echo $user->data['session_id']; ?>" style="margin-left: 14px; font-size: 10px;">- Log Out</a> As you see in the link it refers to the forum´s ucp.php?mode=logout, and you need to have the SID variable in it in order to log out right.. anyway.. I want to do this log out part in a smart way, i mean, not so you land on the forum´s "you have now been logged out", i want something maybe like run this page in background when you click, and then it refreshes the current page your on. Or should it be smarter just try to modify the phpbb file ucp.php? I think its hard coded, and not the way I am coding, so thats why i find it abit tricky. Thank you for your answers and examples on how this could be done, in a smart way..

  Read the article

• gaema twitter handle error..

  - by zjm1126

  i use gaema for twitter user loggin http://code.google.com/p/gaema/ and my code is : class TwitterAuth(WebappAuth, auth.TwitterMixin): pass class TwitterHandler(BaseHandler): def get(self): twitter_auth = TwitterAuth(self) try: if self.request.GET.get("oauth_token", None): twitter_auth.get_authenticated_user(self._on_auth) self.response.out.write('sss') return twitter_auth.authorize_redirect() except RequestRedirect, e: return self.redirect(e.url, permanent=True) self.render_template('index.html', user=None) def _on_auth(self, user): """This function is called immediatelly after an authentication attempt. Use it to save the login information in a session or secure cookie. :param user: A dictionary with user data if the authentication was successful, or ``None`` if the authentication failed. """ if user: # Authentication was successful. Create a session or secure cookie # to keep the user logged in. #self.response.out.write('logged in as '+user['first_name']+' '+user['last_name']) self.response.out.write(user) return else: # Login failed. Show an error message or do nothing. pass # After cookie is persisted, redirect user to the original URL, using # the home page as fallback. self.redirect(self.request.GET.get('redirect', '/')) and the error is : Traceback (most recent call last): File "D:\Program Files\Google\google_appengine\google\appengine\ext\webapp\__init__.py", line 511, in __call__ handler.get(*groups) File "D:\zjm_code\gaema\demos\webapp\main.py", line 76, in get twitter_auth.authorize_redirect() File "D:\zjm_code\gaema\demos\webapp\gaema\auth.py", line 209, in authorize_redirect http.fetch(self._oauth_request_token_url(), self.async_callback( File "D:\zjm_code\gaema\demos\webapp\gaema\auth.py", line 239, in _oauth_request_token_url consumer_token = self._oauth_consumer_token() File "D:\zjm_code\gaema\demos\webapp\gaema\auth.py", line 441, in _oauth_consumer_token self.require_setting("twitter_consumer_key", "Twitter OAuth") TypeError: require_setting() takes at most 2 arguments (3 given) thanks

  Read the article

• What tools do you have at your disposal as a manager to promote a way of thinking

  - by John Leidegren

  This question goes beoynd just programming, but I'd like to get some input on this, if that's okay with the community. Preferably from people that do a lot of coding themselves but also manage other people coding. My problem is this. We have all these ideas that we know is good for the overall strategy of the company and the problem is not figuring out what to do, it's to come about this change. Just telling someone to do things differently isn't enough and it's hard to promote a mind set that is shared within all of the company, (this will take time). If I could jump forward I'd like it if we could create a very nurturing company culture that promotes these ideals cross all areas but I'm not sure what tools to use. And by tools I mean anything I'm legally permitted to do. e.g. we could talk about, we could arrange traning sessions, we could spend more time in meeting (talk about it more), we could spend more time designing, we could spend more time pair-programming, we could add/remove incentive or we could encurage more play. Ultimately if we did all of these things what will be the recurring theme that ties this together. I'd like to be able to answer the question -- why should we do things like this? -- and come up with an answer that explains how important it is to think about our ideals from begining to end. I've puposly avoided to talk about or specifics of the situtation becuase I believe that it narrows things down too much. But I guess, by know you either know how to answer this question or you're as confused as I am ;) I'd love to hear from people who had to bring about a change in order to go from chaos to order, or fix something in the organization which wasn't working. And I'd like to hear it from the perspective of the developer and designer. -- or -- You could simply weigh in on what are the most important qualities in an organization encurage or stimulate rigid fun development cycle from start to finish?

  Read the article

• how to execute any function in jquery after few seconds on the click of any link

  - by james Bond

  I have struts2 jquery grid where on click of a row I am calling a jQuery function for performating a struts2 action. My code is running fine. I want to perform my jQuery function after delay of a few seconds. How can I do this? <script type="text/javascript"> //assume this code is working fine on rowselect from my jquery grid, New Updation in it is "i want to execute or load the url after few seconds" $(function(){ $.subscribe('rowselect', function(event,data) { var param = (event.originalEvent.id); $("#myAdvanceDivBoxx").load('<s:url action='InsertbooksToSession' namespace='/admin/setups/secure/jspHomepage/bookstransaction'/>'+"?bid="+event.originalEvent.id); }); }); </script> What i tried is the below code but am unable to get the output which i am looking for: <script type="text/javascript"> $(function(){ $.subscribe('rowselect', function(event,data) { var param = (event.originalEvent.id); $("#myAdvanceDivBoxx").load('<s:url action='InsertbooksToSession' namespace='/admin/setups/secure/jspHomepage/bookstransaction'/>'+"?bid="+event.originalEvent.id); }).delay(9000); }); </script>

  Read the article

• Celery Received unregistered task of type (run example)

  - by Echeg

  I'm trying to run example from Celery documentation. I run: celeryd --loglevel=INFO /usr/local/lib/python2.7/dist-packages/celery/loaders/default.py:64: NotConfigured: No 'celeryconfig' module found! Please make sure it exists and is available to Python. "is available to Python." % (configname, ))) [2012-03-19 04:26:34,899: WARNING/MainProcess] -------------- celery@ubuntu v2.5.1 ---- **** ----- --- * *** * -- [Configuration] -- * - **** --- . broker: amqp://guest@localhost:5672// - ** ---------- . loader: celery.loaders.default.Loader - ** ---------- . logfile: [stderr]@INFO - ** ---------- . concurrency: 4 - ** ---------- . events: OFF - *** --- * --- . beat: OFF -- ******* ---- --- ***** ----- [Queues] -------------- . celery: exchange:celery (direct) binding:celery tasks.py: # -*- coding: utf-8 -*- from celery.task import task @task def add(x, y): return x + y run_task.py: # -*- coding: utf-8 -*- from tasks import add result = add.delay(4, 4) print (result) print (result.ready()) print (result.get()) In same folder celeryconfig.py: CELERY_IMPORTS = ("tasks", ) CELERY_RESULT_BACKEND = "amqp" BROKER_URL = "amqp://guest:guest@localhost:5672//" CELERY_TASK_RESULT_EXPIRES = 300 When I run "run_task.py": on python console eb503f77-b5fc-44e2-ac0b-91ce6ddbf153 False errors on celeryd server [2012-03-19 04:34:14,913: ERROR/MainProcess] Received unregistered task of type 'tasks.add'. The message has been ignored and discarded. Did you remember to import the module containing this task? Or maybe you are using relative imports? Please see http://bit.ly/gLye1c for more information. The full contents of the message body was: {'retries': 0, 'task': 'tasks.add', 'utc': False, 'args': (4, 4), 'expires': None, 'eta': None, 'kwargs': {}, 'id': '841bc21f-8124-436b-92f1-e3b62cafdfe7'} Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/celery/worker/consumer.py", line 444, in receive_message self.strategies[name](message, body, message.ack_log_error) KeyError: 'tasks.add' Please explain what's the problem.

  Read the article

• How to strengthen Mysql database server Security?

  - by i need help

  If we were to use server1 for all files (file server), server2 for mysql database (database server). In order for websites in server1 to access to the database in server2, isn't it needed to connect to to ip address of second (mysql server) ? In this case, is remote mysql connection. However, I seen from some people comment on the security issue. remote access to MySQL is not very secure. When your remote computer first connects to your MySQL database, the password is encrypted before being transmitted over the Internet. But after that, all data is passed as unencrypted "plain text". If someone was able to view your connection data (such as a "hacker" capturing data from an unencrypted WiFi connection you're using), that person would be able to view part or all of your database. So I just wondering ways to secure it? Allow remote mysql access from server1 by allowing the static ip adress allow remote access from server 1 by setting port allowed to connect to 3306 change 3306 to other port? Any advice?

  Read the article

• codeigniter cron job with http access

  - by user1313850

  Sorry if this is a duplicate question...I've searched around and found similar advice but nothing that helps my exact problem. And please excuse the noob questions, CRON is a new thing for me. I have a codeigniter script that scrapes the html DOM of another site and stores some of that in a database. I'd like to run this script at a regular interval. This has lead me to looking into cron jobs. The page I have is at myserver.com/index.php/update I realize I can run a cron job with curl and run this page. If I want to be a bit more secure I can put a string at the end like: myserver.com/index.php/update/asdfh2784fufds And check for that in my CI controller. This seems like it would be mostly secure, but doesn't seem like the "right" way to do things. I've looked into running CI from the command line, and can execute basic pages like: php index.php mycontroller But when I try to do: php index.php update It doesn't work. I suspect this is because it needs to use HTTP to scrape the DOM of the outside page. So, my question: How do I securely run a codeigniter script with a cron job that needs HTTP access?

  Read the article

• Why can't we just use a hash of passphrase as the encryption key (and IV) with symmetric encryption algorithms?

  - by TX_

  Inspired by my previous question, now I have a very interesting idea: Do you really ever need to use Rfc2898DeriveBytes or similar classes to "securely derive" the encryption key and initialization vector from the passphrase string, or will just a simple hash of that string work equally well as a key/IV, when encrypting the data with symmetric algorithm (e.g. AES, DES, etc.)? I see tons of AES encryption code snippets, where Rfc2898DeriveBytes class is used to derive the encryption key and initialization vector (IV) from the password string. It is assumed that one should use a random salt and a shitload of iterations to derive secure enough key/IV for the encryption. While deriving bytes from password string using this method is quite useful in some scenarios, I think that's not applicable when encrypting data with symmetric algorithms! Here is why: using salt makes sense when there is a possibility to build precalculated rainbow tables, and when attacker gets his hands on hash he looks up the original password as a result. But... with symmetric data encryption, I think this is not required, as the hash of password string, or the encryption key, is never stored anywhere. So, if we just get the SHA1 hash of password, and use it as the encryption key/IV, isn't that going to be equally secure? What is the purpose of using Rfc2898DeriveBytes class to generate key/IV from password string (which is a very very performance-intensive operation), when we could just use a SHA1 (or any other) hash of that password? Hash would result in random bit distribution in a key (as opposed to using string bytes directly). And attacker would have to brute-force the whole range of key (e.g. if key length is 256bit he would have to try 2^256 combinations) anyway. So either I'm wrong in a dangerous way, or all those samples of AES encryption (including many upvoted answers here at SO), etc. that use Rfc2898DeriveBytes method to generate encryption key and IV are just wrong.

  Read the article

< Previous Page | 106 107 108 109 110 111 112 113 114 115 116 117  | Next Page >