Search Results

Search found 16333 results on 654 pages for 'exception safe'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 113/654 | < Previous Page | 109 110 111 112 113 114 115 116 117 118 119 120  | Next Page >

  • Untrusted GPGPU code (OpenCL etc) - is it safe? What risks?

    - by Grzegorz Wierzowiecki
    There are many approaches when it goes about running untrusted code on typical CPU : sandboxes, fake-roots, virtualization... What about untrusted code for GPGPU (OpenCL,cuda or already compiled one) ? Assuming that memory on graphics card is cleared before running such third-party untrusted code, are there any security risks? What kind of risks? Any way to prevent them ? (Possible sandboxing on gpgpu or other technique?) P.S. I am more interested in gpu binary code level security rather than hight-level gpgpu programming language security (But those solutions are welcome as well). What I mean is that references to gpu opcodes (a.k.a machine code) are welcome.

    Read the article

  • How to implement a 'safe' periodical executer without using the Rails helpers?

    - by Robbie
    I am very new to Ruby on Rails and was never really big on writing JavaScript, so the built in helpers were like a tiny silce of heaven. However I have recently learned that using the helper methods creates "obtrusive javascript" so I am doing a tiny bit of refactoring to get all this messy code out of my view. I'm also using the Prototype API to figure out what all these functions do. Right now, I have: <%= periodically_call_remote(:url => {:action => "tablerefresh", :id => 1 }, :frequency => '5', :complete => "load('26', 'table1', request.responseText)")%> Which produces: <script type="text/javascript"> //<![CDATA[ new PeriodicalExecuter(function() {new Ajax.Request('/qrpsdrail/grids/tablerefresh/1', {asynchronous:true, evalScripts:true, onComplete:function(request){load('26', 'table1', request.responseText)}, parameters:'authenticity_token=' + encodeURIComponent('dfG7wWyVYEpelfdZvBWk7MlhzZoK7VvtT/HDi3w7gPM=')})}, 5) //]]> </script> My concern is that the "encodeURIComponent" and the presence of "authenticity_token" are generated by Rails. I'm assuming these are used to assure the validity of a request. (Ensuring a request comes from a currently active session?) If that is the case, how can I implement this in application.js 'safely'? It seems that the built in method, although obtrusive, does add some beneficial security. Thanks, in advance, to all who answer.

    Read the article

  • PHP max_execution_time ignored (no safe mode, no shared host, just localhost/windows7/php 5.3.1 and

    - by Felix
    This problem drives me nuts, because the max_execution_time in the php.ini and in the htaccess and reported from php is definitely higher, than reportet in the warning message. <?php echo "Max execution time: ".ini_get("max_execution_time")."<br />"; while(true) { sleep(1); } ?> Output: Max execution time: 240 Fatal error: Maximum execution time of 60 seconds exceeded in C:\xampp\htdocs\timetest.php on line 5

    Read the article

  • Is using advanced constructs (function, new, function calls) in JSON safe?

    - by Vilx-
    JSON is a nice way to pass complex data from my server side code to client side JavaScript. For example, in PHP I can write: <script type="text/javascript> var MyComplexVariable = <?= BigFancyObjectGraph.GetJSON() ?>; DoMagic(MyComplexVariable); </script> This is pretty cool, but sometimes you want to pass more than basic date, like dates or even function definitions. There is a simple and straightforward way of doing it too, like: <script type="text/javascript> var MyComplexVariable = { 'SimpleProperty' : 42, 'FunctionProperty' : function() { return 6*7; }, 'DateProperty' : new Date(989539200000), 'ArbitraryProperty' : GetTheMeaningOfLifeUniverseAndEverything() }; DoMagic(MyComplexVariable); </script> And this works like a charm on all browsers I've seen so far. But according to JSON.org such syntax is invalid. On the other hand, I've seen this syntax being used in very many places, including some popular JavaScript frameworks. So... Can I expect any problems if I use "unsupported" JSON features like the above? Why is it wrong or not?

    Read the article

  • How to design authentication in a thick client, to be fail safe?

    - by Jay
    Here's a use case: I have a desktop application (built using Eclipse RCP) which on start, pops open a dialog box with 'UserName' and 'Password' fields in it. Once the end user, inputs his UserName and Password, a server is contacted (a spring remote-servlet, with the client side being a spring httpclient: similar to the approaches here.), and authentication is performed on the server side. A few questions related to the above mentioned scenario: If said this authentication service were to go down, what would be the best way to handle further proceedings? Authentication is something that I cannot do away with. Would running the desktop client in a "limited" mode be a good idea? For instance, important features/menus/views will be disabled, rest of the application will be accessible? Should I have a back up authentication service running on a different machine, working as a backup? What are the general best-practices in this scenario? I remember reading about google gears and how it would let you edit and do stuff offline - should something like this be designed? Please let me know your design/architectural comments/suggestions. Appreciate your help.

    Read the article

  • Password security; Is this safe?

    - by Camran
    I asked a question yesterday about password safety... I am new at security... I am using a mysql db, and need to store users passwords there. I have been told in answers that hashing and THEN saving the HASHED value of the password is the correct way of doing this. So basically I want to verify with you guys this is correct now. It is a classifieds website, and for each classified the user puts, he has to enter a password so that he/she can remove the classified using that password later on (when product is sold for example). In a file called "put_ad.php" I use the $_POST method to fetch the pass from a form. Then I hash it and put it into a mysql table. Then whenever the users wants to delete the ad, I check the entered password by hashing it and comparing the hashed value of the entered passw against the hashed value in the mysql db, right? BUT, what if I as an admin want to delete a classified, is there a method to "Unhash" the password easily? sha1 is used currently btw. some code is very much appreciated. Thanks

    Read the article

  • How do I create a safe local development environment?

    - by docgnome
    I'm currently doing web development with another developer on a centralized development server. In the past this has worked alright, as we have two separate projects we are working on and rarely conflict. Now, however, we are adding a third (possible) developer into the mix. This is clearly going to create problems with other developers changes affecting my work and vice versa. To solve this problem, I'm thinking the best solution would be to create a virtual machine to distribute between the developers for local use. The problem I have is when it comes to the database. Given that we all develop on laptops, simply keeping a local copy of the live data is plain stupid. I've considered sanitizing the data, but I can't really figure out how to replace the real data, with data that would be representative of what people actually enter with out repeating the same information over and over again, e.g. everyone's address becomes 123 Testing Lane, Test Town, WA, 99999 or something. Is this really something to be concerned about? Are there tools to help with this sort of thing? I'm using MySQL. Ideally, if I sanitized the db it should be done from a script that I can run regularly. If I do this I'd also need a way to reduce the size of the db itself. (I figure I could select all the records created after x and whack them and all the records in corresponding tables out so that isn't really a big deal.) The second solution I've thought of is to encrypt the hard drive of the vm, but I'm unsure of how practical this is in terms of speed and also in the event of a lost/stolen laptop. If I do this, should the vm hard drive file itself be encrypted or should it be encrypted in the vm? (I'm assuming the latter as it would be portable and doesn't require the devs to have any sort of encryption capability on their OS of choice.) The third is to create a copy of the database for each developer on our development server that they are then responsible to keep the schema in sync with the canonical db by means of migration scripts or what have you. This solution seems to be the simplest but doesn't really scale as more developers are added. How do you deal with this problem?

    Read the article

  • In mysql, is "explain ..." always safe?

    - by tye
    If I allow a group of users to submit "explain $whatever" to mysql (via Perl's DBI using DBD::mysql), is there anything that a user could put into $whatever that would make any database changes, leak non-trivial information, or even cause significant database load? If so, how? I know that via "explain $whatever" one can figure out what tables / columns exist (you have to guess names, though) and roughly how many records are in a table or how many records have a particular value for an indexed field. I don't expect one to be able to get any information about the contents of unindexed fields. DBD::mysql should not allow multiple statements so I don't expect it to be possible to run any query (just explain one query). Even subqueries should not be executed, just explained. But I'm not a mysql expert and there are surely features of mysql that I'm not even aware of. In trying to come up with a query plan, might the optimizer actual execute an expression in order to come up with the value that an indexed field is going to be compared against? explain select * from atable where class = somefunction(...) where atable.class is indexed and not unique and class='unused' would find no records but class='common' would find a million records. Might 'explain' evaluate somefunction(...)? And then could somefunction(...) be written such that it modifies data?

    Read the article

  • Is it safe to delete rotated MySQL binary logs?

    - by Milan Babuškov
    I have a MySQL server with binary logging active. Once a days logs file is "rotated", i.e. MySQL seems to stop writing to it and creates and new log file. For example, I currently have these files in /var/lib/mysql -rw-rw---- 1 mysql mysql 10485760 Jun 7 09:26 ibdata1 -rw-rw---- 1 mysql mysql 5242880 Jun 7 09:26 ib_logfile0 -rw-rw---- 1 mysql mysql 5242880 Jun 2 15:20 ib_logfile1 -rw-rw---- 1 mysql mysql 1916844 Jun 6 09:20 mybinlog.000004 -rw-rw---- 1 mysql mysql 61112500 Jun 7 09:26 mybinlog.000005 -rw-rw---- 1 mysql mysql 15609789 Jun 7 13:57 mybinlog.000006 -rw-rw---- 1 mysql mysql 54 Jun 7 09:26 mybinlog.index and mybinlog.000006 is growing. Can I simply take mybinlog.000004 and mybinlog.000005, zip them up and transfer to another server, or I need to do something else before? What info is stored in mybinlog.index? Only the info about the latest binary log? UPDATE: I understand I can delete the logs with PURGE BINARY LOGS which updates mybinlog.index file. However, I need to transfer logs to another computer before deleting them (I test if backup is valid on another machine). To reduce the transfer size, I wish to bzip2 the files. What will PURGE BINARY LOGS do if log files are not "there" anymore?

    Read the article

  • Why is it safe to use copy & paste in Flash but not in Javascript?

    - by Lenni
    I'm trying to use copy'n paste in one of my web apps and have read a few articles/SO questions about it. Most people say that using Flash is the only option since most browsers don't allow access to the system clipboard because of security concerns. I can understand this but I wonder why it is okay for Flash do this, but not for the browser. Or has it got nothing to do with security and it is simply to complicated to implement this for cross-platform browser vendors?

    Read the article

  • Password verification; Is this way of doing it safe?

    - by Camran
    I have a classifieds website, where everybody may put ads of their products. For each classified, the user has to enter a password (so that they can delete the classified whenever they wish). So basically, when somebody wants to delete a classified, they click on the classified, click on the delete button, and enter the pass. I use MySql as a database. I use this code basically: if ($pass==$row['poster_password']) where row[poster_password] is fetched from MySql... What do you think? Thanks

    Read the article

  • Are there really safe and legal resources for sound effects to use in applications?

    - by mystify
    For those who want to opt for "close" immediately: Great user interfaces need great sound effects, right? User interfaces are programmed by programmers, right? So this is a programming question, ok? I had a very hard time to find good and legal sound resources. I am not looking for free sounds. Proper licensing is absolutely crucial, and I don't want to get sued by multibilliondollar music companies, hollywood sound studios and their highly overpaid lawyers. They cry about people downloading their stuff in file sharing sites but when someone comes and wants to really license stuff, the market is so empty like an open and unwatched gold mine. Trust me, whatever I type into google, I always end up getting sort of opaque and strange music libraries that do charge money, but refuse to provide proper licensing evidence to the licensee. When you pay money and they only count how many files you downloaded, that can never be a valid license, nor any evidence for you that you did license the sounds. Imagine that contributor suing you and you say: "I licensed it at xy", and his lawyer just smiles: "Show me proof, mofo!". So you loose a million dollars, or 1 for every downloaded app. Congrats. But that's the way all those "hey we're the worlds largest sound effect library" libraries are doing it. It's really annoying. And I hope someone here is able to point out a sound effects ressource which is A) big B) used by professinals C) has a reasonable pricing and licensing model D) provides the licensee with proper legal evidence about licensed sounds You know, I'm not from the US and typically you US folks are the ones who invent the cool stuff on the net, and maybe I just missed a new great start up. So?

    Read the article

  • Is it safe to develop for older versions of Zend Framework?

    - by RenderIn
    Our vendor-supported server's O/S only supports PHP 5.1.6, which limits us to ZF 1.6. The current version of Zend Framework requires a higher version of PHP. We're struggling to decide whether to adopt ZF because of this incompatibility. Is it feasible to develop (indefinitely) in these older versions of ZF or should we hold off? Features, security, bugs, etc. Is this a path we don't want to go down or are these older versions perfectly usable in a production environment?

    Read the article

  • Is it safe to use a subversion feature branch after reintegrate-merged to trunk?

    - by ripper234
    Must a feature branch be deleted after it's merged (reintegrated) back to trunk? I prefer to constantly merge changes back and forth from my feature branch - I believe this keeps the conflicts to a minimum. Yet I understand that once you use the reintegrate merge to trunk, a feature branch should be deleted. Is it so? Why? What can I do to circumvent this? Update I'm asking about technical problems that come from the tool, not "methodology concerns". I intend to keep working on the feature branch after the merge. Update the top answer indeed specifies a rather complex procedure (merge, delete & rebranch). Is there an easy way to accomplish this in TortoiseSVN? Shouldn't there be?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 109 110 111 112 113 114 115 116 117 118 119 120  | Next Page >