Search Results

Search found 4028 results on 162 pages for 'mysqld safe'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 115/162 | < Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >

  • RewriteRule in htaccess in subdirectory

    - by Jay
    Windows server, running Apache. In my Apache conf, I have AllowOverride None for the root of a site and then I have a subdirectory set to AllowOverride All: <Directory /> AllowOverride None </Directory> <Directory "/safe/"> AllowOverride All </Directory> However, when I try to set up a rewrite rule in the subdirectory's htaccess file, nothing happens, I just get a 404 page not found error. Example: RewriteEngine On RewriteRule (.*) /blah?test=$1 [R=302,NC,NE,L] Rwewriting URLs are working fine from the root via the Apache conf. I don't understand why the rule is ignored. I don't want to do the URL re-writing within the conf because for this case I may need to be changing the redirects constantly and don't want to reload the server every time a change is made. I also don't want to affect server performance by enabling htaccess files site-wide, just in the subdirectory I need it.

    Read the article

  • Attaching files to WCF REST service responses

    - by David Seiler
    I have a resource that looks something like this: /users/{id}/summary?format={format} When format is "xml" or "json" I respond with a user summary object that gets automagically encoded by WCF - fine so far. But when format equals "pdf", I want my response to consist of a trivial HTTP response body and a PDF file attachment. How is this done? Hacking on WebOperationContext.Current.OutgoingResponse doesn't seem to work, and wouldn't be the right thing even if it did. Including the bits of the file in a CDATA section or something in the response isn't safe. Should I create a subclass of Message, then provide a custom IDispatchMessageFormatter that responds with it? I went a short distance down that path but ultimately found the documentation opaque. What's the right thing?

    Read the article

  • Is it possible for a XSS attack to obtain HttpOnly cookies?

    - by Dan Herbert
    Reading this blog post about HttpOnly cookies made me start thinking, is it possible for an HttpOnly cookie to be obtained through any form of XSS? Jeff mentions that it "raises the bar considerably" but makes it sound like it doesn't completely protect against XSS. Aside from the fact that not all browser support this feature properly, how could a hacker obtain a user's cookies if they are HttpOnly? I can't think of any way to make an HttpOnly cookie send itself to another site or be read by script, so it seems like this is a safe security feature, but I'm always amazed at how easily some people can work around many security layers. In the environment I work in, we use IE exclusively so other browsers aren't a concern. I'm looking specifically for other ways that this could become an issue that don't rely on browser specific flaws.

    Read the article

  • Exception Handling in MVP Passive View

    - by ilmatte
    Hello, I'm wondering what's the preferred way to manage exceptions in an MVP implemented with a Passive View. There's a discussion in my company about putting try/catch blocks in the presenter or only in the view. In my opinion the logical top level caller is the presenter (even if the actual one is the view). Moreover I can test the presenter and not the view. This is the reason why I prefer to define a method in the view interface: IView.ShowError(error) and invoke it from the catch blocks in the presenter: try { } catch (Exception exception) { ...log exception... view.ShowError("An error occurred") } In this way the developers of future views can safely forget to implement exception handling but the IView interface force them to implement a ShowError method. The drawback is that if I want to feel completely safe I need to add redundant try/catch blocks in the view. The other way would be to add try catch blocks only in the views and not introducing the showerror method in the view interface. What do you suggest?

    Read the article

  • Kohana v3, escape illegal characters?

    - by Dom
    Quick question, does Kohana (version 3) automatically escape data that is passed into ORM::factory..... (and everywhere else that has to do with the database)? For example: $thread = ORM::factory('thread', $this->request->param('id')); Would the data passed in the second argument be auto-escaped before it goes in the SQL query or do I have to manually do it? Probably a stupid question and it's better to be safe than sorry, but yeah... I usually do manually escape the data, but I want to know if Kohana does this for me? Thanks

    Read the article

  • Should I use C++0x Features Now?

    - by svu2g
    With the official release of VS 2010, is it safe for me to start using the partially-implemented C++0x feature set in my new code? The features that are of interest to me right now are both implemented by VC++ 2010 and recent versions of GCC. These are the only two that I have to support. In terms of the "safety" mentioned in the first sentence: can I start using these features (e.g., lambda functions) and still be guaranteed that my code will compile in 10 years on a compiler that properly conforms to C++0x when it is officially released? I guess I'm asking if there is any chance that VC++ 2010 or GCC will end up like VC++ 6; it was released before the language was officially standardized and consequently allowed grossly ill-formed code to compile. After all, Microsoft does say that "10 is the new 6". ;)

    Read the article

  • Securing files on IPhone

    - by clearbrian
    Hi Is there a way to decompile the binary from an IPhone app. I jailbroke my IPhone and was surprised to find other app's dbs wide open to be copied. So I exported my most important table and hardcoded it into code. Instead of loading table into array from a db I just generated code to fill the array and kept only the most basic DB info so relationships still work. Took a while but now works fine. I was just wondering am I safe, could someone decompile the binary for the app easily and extract the data. In Java its easy to decompile *.class files though thats bytecode where I presume iphone apps are more low level. I know IPhone sdk 4 can mark files as secure. Anyone know can this be overridden by jailbreaks or is this an unix lock?

    Read the article

  • Java 7 API design best practice - return Array or return Collection

    - by Shengjie
    I know this question has be asked before generic comes out. Array does win out a bit given Array enforces the return type, it's more type-safe. But now, with latest JDK 7, every time when I design this type of APIs: public String[] getElements(String type) vs public List<String> getElements(String type) I am always struggling to think of some good reasons to return A Collection over An Array or another way around. What's the best practice when it comes to the case of choosing String[] or List as the API's return type? Or it's courses for horses. I don't have a special case in my mind, I am more looking for a generic pros/cons comparison.

    Read the article

  • How can I safely decide if a variable is a string of more than one characters?

    - by Alan
    I am using the following Javascript: if (typeof content !== 'undefined' && content.length > 0) { $state.transitionTo('admin.content', { content: content }) } I thought this was safe to use but it gives me an error saying: TypeError: Cannot read property 'length' of null I am using the following function to decide if something is a number: isNumber: function (num) { // Return false if num is null or an empty string if (num === null || (typeof num === "string" && num.length === 0)) { return false; } var rtn = !isNaN(num) return rtn; }, How can I write a similar function that would very safely determine if something is a string with a length of more than 0?

    Read the article

  • Can getAttribute() method of Tomcat ServletContext implementation be called without synchronization?

    - by oo_olo_oo
    I would like to read some parameters during servlet initializtion (in init() method), and store them among servlet context attributes (using getServletContext().setAttribute()). I would like to read these parameters later - during some request processing (using getServletContext().getAttribute()). So, the multiple threads could do this simultaneously. My question is if such an attempt is safe? Could I be sure that multi threaded calls to the getAttribute() don't mess up any internal state of the servlet context? Please take into account that I'm not going to call the setAttribute() anywhere besides the initialization. So, only calls to the getAttribute() are going to be done from multiple threads. But depending on the internal implementation, this also could be dangerous. So, any information about Tomcat's implementation would be appreciated.

    Read the article

  • How to protect access to a url?

    - by ibiza
    I would need to create a php file that will do some work on my webserver and that will be called from a program on another server over the internet. Suppose the php file that will do the work is located at www.example.com/work.php What is the best way to protect unsollicited calls to the www.example.com/work.php? What I need is some mechanism so that when the intended program accesses the url (with some query string parameters), the work gets done, but if somebody type www.example.com/work.php in their browser, access will be denied and no work will be done. The way I've thought is to add some 'token' in the querystring that would be constructed by some algorithm from the calling program, a sample result could be to append to the url : ?key=randomKeyAtEachCall&token=SomeHexadecimalResultCalculatedFromTheKey and the key and token would be validated with a reverse algorithm on the php side. Is that safe, Are there any better idea?

    Read the article

  • What about the Sql transaction log

    - by Michel
    Hi, i always thought that the sql transaction log keeps track of all the transactions done in the database so it could help recovering the database file in case of a unexpected power down or something like that So then, in normal usage, when the data is committed and written to disk, it is cleared because all the data is nice and safe in the mdf file. Seeing the ldf file grow and reading some i understand that that is not the case, and it will keep growing, until: you shrink the log. Only at that point all the commited transactions are cleared and the log file is shrinked. I found some sp's who should do this, but also found the theory that you first have to backup the database? That last step doesn't make sense to me, so can anyone tell me of that is correct and if so, why that is?

    Read the article

  • The risk of granting to IUSR* NTFS permissions on a folder on the server

    - by vtortola
    I have two web applications that must share a file in the server file system. Both apps are inside of "Inetpub\wwwroot". The file cannot be accessed freely from outside, so it is in a folder out of "Inetpub". I have granted full NTFS permissions to the user "IUSR_whatever" (is the user that runs IIS in anonymous requests) in that folder. The folder has only that file, and has no other use. It works so far :) But, what is the risk? what should I be afraid of? As I see it, as long the folder is out of the "InetPub" cannot be accessed, and as long the apps don't have any security flaw like "path traversal" or server side code injection, it should be safe enough.... But I'm always keen to be wrong :) What do you think? May the file or even the server itself get compromised because of this? Thanks.

    Read the article

  • Mixing .NET 3.5 with 4/4.5 assemblies in the same process

    - by lysergic-acid
    Our team builds a .NET 3.5 WinForms based application that we'd like to migrate to the latest .NET version (4.5). Our application uses many "external" components (can be thought of as plugins) that are also currently .NET 3.5 based. I'd like to know what runtime/core libraries are used in case we convert ONLY THE APPLICATION to compile using .NET 4.5? Should this scenario properly work? (loading .NET 3.5 assemblies in a 4.5 process)? * The plugin assemblies are loaded via reflection. How does the CLR runtime handle such a scenario? is this a safe practice?

    Read the article

  • rails large amount of data in single insert activerecord gave out

    - by Nik
    So I have I think around 36,000 just to be safe, a number I wouldn't think was too large for a modern sql database like mysql. Each record has just two attributes. So I do: so I collected them into one single insert statement sql = "INSERT INTO tasks (attrib_a, attrib_b) VALUES (c1,d1),(c2,d2),(c3,d3)...(c36000,d36000);" ActiveRecord::Base.connection.execute sql from C:/Ruby/lib/ruby/gems/1.8/gems/activerecord-2.3.5/lib/active_record/connection_adapters/abstract_adapter.rb:219:in `log' from C:/Ruby/lib/ruby/gems/1.8/gems/activerecord-2.3.5/lib/active_record/connection_adapters/mysql_adapter.rb:323:in `execute_without_analyzer from c:/r/projects/vendor/plugins/rails-footnotes/lib/rails-footnotes/notes/queries_note.rb:130:in `execute' from C:/Ruby/lib/ruby/1.8/benchmark.rb:308:in `realtime' from c:/r/projects/vendor/plugins/rails-footnotes/lib/rails-footnotes/notes/queries_note.rb:130:in `execute' from (irb):53 from C:/Ruby/lib/ruby/gems/1.8/gems/activesupport-2.3.5/lib/active_support/vendor/tzinfo-0.3.12/tzinfo/time_or_datetime.rb:242 I don't know if the above info is enough, please do ask for anything that I didn't provide here. So any idea what this is about? THANK YOU!!!!

    Read the article

  • Migrate Data and Schema from MySQL to SQL Server

    - by colithium
    Are there any free solutions for automatically migrating a database from MySQL to SQL Server Server that "just works"? I've been attempting this simple (at least I thought so) task all day now. I've tried: SQL Server Management Studio's Import Data feature Create an empty database Tasks - Import Data... .NET Framework Data Provider for Odbc Valid DSN (verified it connects) Copy data from one or more tables or views Check 1 VERY simple table Click Preview Get Error: The preview data could not be retrieved. ADDITIONAL INFORMATION: ERROR [42000] [MySQL][ODBC 5.1 Driver][mysqld-5.1.45-community]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"table_name"' at line 1 (myodbc5.dll) A similar error occurs if I go through the rest of the wizard and perform the operation. The failed step is "Setting Source Connection" the error refers to retrieving column information and then lists the above error. It can retrieve column information just fine when I modify column mappings so I really don't know what the issue is. I've also tried getting various MySql tools to output ddl statements that SQL Server understand but haven't succeeded. I've tried with MySQL v5.1.11 to SQL Server 2005 and with MySQL v5.1.45 to SQL Server 2008 (with ODBC drivers 3.51.27.00 and 5.01.06.00 respectively)

    Read the article

  • Why does OSX document atoi/atof as not being threadsafe?

    - by Larry Gritz
    I understand that strtol and strtof are preferred to atoi/atof, since the former detect errors, and also strtol is much more flexible than atoi when it comes to non-base-10. But I'm still curious about something: 'man atoi' (or atof) on OS X (though not on Linux!) mentions that atoi/atof are not threadsafe. I frankly have a hard time imagining a possible implementation of atoi or atof that would not be threadsafe. Does anybody know why the man page says this? Are these functions actually unsafe on OS X or any other platform? And if they are, why on earth wouldn't the library just define atoi in terms of strtol, and therefore be safe?

    Read the article

  • C: Pointers to any type?

    - by dragme
    I hear that C isn't so type-safe and I think that I could use that as an advantage for my current project. I'm designing an interpreter with the goal for the VM to be extremely fast, much faster than Ruby and Python, for example. Now I know that premature optimization "is the root of all evil" but this is rather a conceptual problem. I have to use some sort of struct to represent all values in my language (from number over string to list and map) Would the following be possible? struct Value { ValueType type; void* value; } I would store the actual values elsewhere, e.g: a separate array for strings and integers, value* would then point to some member in this table. I would always know the type of the value via the type variable, so there wouldn't be any problems with type errors. Now: Is this even possible in terms of syntax and typing?

    Read the article

  • Removing unused selectors in a CSS stylesheet?

    - by Legend
    I've been developing a web app for a few weeks now and ended up with about a 1000 lines. I am sure not all the selectors are being used and am trying to clean it up. At the same time, I don't want to do it manually for obvious reasons. Is there a safe and an efficient way to remove unused selectors? For this, am I supposed to navigate the entire website to let it know which selectors are not being used? (I use javascript to add some selectors so these might not show up until a particular usecase is seen)

    Read the article

  • How do I handle user authorization the safest way?

    - by Irro
    I'm developing a small website where I'm going to allow user to create accounts but I'm quite clueless when it comes to safety around authorizations. I have built my project in PHP with codeigniter and found a library (Tank Auth) that could handle authorization for me. It stores password in a safe way but I'm still worried about the part when the user sends their password to my server. One easy way to do it would be to send the password in a post-request but I would guess that it's quite easy to sniff such a password. Should I do something with the password on the client side before sending it to my server? And is there any good javascript libraries for this?

    Read the article

  • I'm using the jQuery .scroll() function, why can't I override its effects with another function?

    - by Jason Rhodes
    I'm using the jQuery .scroll() function to make a certain element fade to 0.2 opacity. Since there is no native "scrollstop" indicator, I decided to make the element fade back to 1.0 opacity on hover. However, it doesn't work. Here's my code: $(document).ready(function() { $(window).scroll(function() { $("#navlist").animate({ opacity: 0.2 }, 2000); }); $("#navlist").hover( function() { $(this).animate({ opacity: 1 }, 500); }, function() { $(this).animate({ opacity: 1 }, 500); // just to be safe? } ); }); When I scroll, the #navlist element fades, but when you hover over it nothing happens. But if you refresh the page when you're half way down, the element automatically fades as soon as you refresh, before I've scrolled, and if you try to hover to fade it back in, nothing happens. Any thoughts?

    Read the article

  • How to assess the risk of a java version upgrade?

    - by Roy Tang
    I'm being asked to assess whether we can safely upgrade the java version on one of our production-deployed webapps. The codebase is fairly large and we want to avoid having to regression test everything (no automated tests sadly), but we've already encountered at least one problem during some manual testing (XmlStringReader.getLocalName now throws an IllegalStateExeption when it just used to return null) and higher-ups are pretty nervous about the upgrade. The current suggested approach is to do a source compare of the JDK sources for each version and assess those changes to see which ones might have impact, but it seems there's a lot of changes to go through (and as mentioned the codebase is kinda large). Is it safe and easier to just review the java version changes for each version? Or is there an easier way to conduct this assessment? Edit: I forgot to mention the version upgrade being considered is a minor version upgrade, i.e. 1.6.10 to 1.6.33

    Read the article

  • Web based interface for open SSL client certificates

    - by Felix
    Hi there! We are currently developing a apache2-based web application and want to invite some beta testers to give it a try. To be on the safe side, access should be provided by individual browser certificates (.p12) which are issued using a (fake) CA. Our users should be passing a complete register/login process and some of them will be granted administrative privileges within the application. That's why a preceding simple web-based authentication won't be sufficient. Atm, I using a serverside shellscript to generate the certificates each time. Do you know about a small, web-based tool to simplify the process of generating / revoking those certificates? Maybe an overview of the CA's index.txt plus the option to revoke a cert and a link to download them directly?

    Read the article

  • How to use a delay in a swing application

    - by M.R.
    I am building a swing application. At some point, I have to start an "animation": ... jpanel1.setBackground(Color.Black); Delay(milli) jpanel1.setBackground(Color.White); ... and so on. The gui itself and all the logic behind it work.It is just this time depended color-changing that does not. I have read, that swing is not thread safe, but all the examples I found showed me how to start another thread (for example in the background) but never how to stop the current swing-gui thread.

    Read the article

  • Forcing a method to be non-transactional in JPA (Eclipselink)

    - by rhinds
    Hi, I am developing an application using Eclipselink and as part of the app I need to be able to manipulate some of the objects which involves changing data without it being persisted to the database (i merging/changing objects for some batch generation processes). I am reluctant to change the data in the Entity objects, as there is a risk that even though i have not marked the methods as @Transactional, this method could in the future be inadvertantly called from within a transactional method and these changes could be persisted. So my question is, is there anyway to get around this? Such as force a method to always be non-transactional regardless; terminate any transactionality as soon as the method is started; etc. I know there is a .detach() method that can detach the objects from the Entity Manager, however, there are many objects and this seems like a potentially error prone fail-safe on my code.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 111 112 113 114 115 116 117 118 119 120 121 122  | Next Page >