Search Results

Search found 4028 results on 162 pages for 'mysqld safe'.

Page 116/162 | < Previous Page | 112 113 114 115 116 117 118 119 120 121 122 123  | Next Page >

• MD5 password twice

  - by NoviceCoding

  I know MD5's safety is under question lately and this is the reason a lot of people are using salt (I dont understand this at all btw) but I was wondering if you wanted to easily implement a safe system in php can you just md5 something twice? like test 098f6bcd4621d373cade4e832627b4f6 fb469d7ef430b0baf0cab6c436e70375 So basically: $val = 'test'; $val = md5($val); $val = md5($val); Would that solve the whole rainbow security stuff? Is there an easy/noob proof way of making secure database passwords in php?

  Read the article

• How do I secure a folder used to let users upload files?

  - by Eduardo Molteni

  I have a folder in my web server used for the users to upload photos using an ASP page. Is it safe enough to give IUSR write permissions to the folder? Must I secure something else? I am afraid of hackers bypassing the ASP page and uploading content directly to the folder. I'm using ASP classic and IIS6 on Windows 2003 Server. The upload is through HTTP, not FTP. Edit: Changing the question for clarity and changing my answers as comments.

  Read the article

• How to build a builder dynamically with escaped values

  - by dorelal

  Now I know how to build xml without escaping values. http://stackoverflow.com/questions/2693036/how-to-tell-bulider-to-not-to-escape-values However I need to build tags dynamically. Desired result <bank_info>Chase</bank_info> What I have is attr = 'bank_info' builder = Builder::XmlMarkup.new builder.attr { |x| x << 'bank_info' } # does not work I can try making the whole thing as a giant string and eval that. But evaling is not that safe. Is there a better option that I am missing.

  Read the article

• Java - Thread safety of ArrayList constructors

  - by andy boot

  I am looking at this piece of code. This constructor delegates to the native method "System.arraycopy" Is it Thread safe? And by that I mean can it ever throw a ConcurrentModificationException? public Collection<Object> getConnections(Collection<Object> someCollection) { return new ArrayList<Object>(someCollection); } Does it make any difference if the collection being copied is ThreadSafe eg a CopyOnWriteArrayList? public Collection<Object> getConnections(CopyOnWriteArrayList<Object> someCollection) { return new ArrayList<Object>(someCollection); }

  Read the article

• How to use a delay in a swing application

  - by M.R.

  I am building a swing application. At some point, I have to start an "animation": ... jpanel1.setBackground(Color.Black); Delay(milli) jpanel1.setBackground(Color.White); ... and so on. The gui itself and all the logic behind it work.It is just this time depended color-changing that does not. I have read, that swing is not thread safe, but all the examples I found showed me how to start another thread (for example in the background) but never how to stop the current swing-gui thread.

  Read the article

• Error Exception 2048 on my website using OpenClassifieds software

  - by Rich Baxter

  I have a website called e-waitress.net, it is a jobs employment website for the restaurant industry. I installed an open source program called OpenClassifieds and a couple days after installing the OpenClassifieds, I get an error message when I enter my url that is this: ErrorException [ 2048 ]: date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EDT/-4.0/DST' instead ~ APPPATH/ko322/classes/kohana/date.php [ 592 ] I am wondering is this a server issue with my host provider or is it within the OpenClassifieds installation software? I've reinstalled the software twice and it's returned this error after a couple days of working great. Any ideas?

  Read the article

• Web based interface for open SSL client certificates

  - by Felix

  Hi there! We are currently developing a apache2-based web application and want to invite some beta testers to give it a try. To be on the safe side, access should be provided by individual browser certificates (.p12) which are issued using a (fake) CA. Our users should be passing a complete register/login process and some of them will be granted administrative privileges within the application. That's why a preceding simple web-based authentication won't be sufficient. Atm, I using a serverside shellscript to generate the certificates each time. Do you know about a small, web-based tool to simplify the process of generating / revoking those certificates? Maybe an overview of the CA's index.txt plus the option to revoke a cert and a link to download them directly?

  Read the article

• When are C++ macros beneficial?

  - by Motti

  The C preprocessor is justifiably feared and shunned by the C++ community. In-lined functions, consts and templates are usually a safer and superior alternative to a #define. The following macro: #define SUCCEEDED(hr) ((HRESULT)(hr) >= 0) is in no way superior to the type safe: inline bool succeeded(int hr) { return hr >= 0; } But macros do have their place, please list the uses you find for macros that you can't do without the preprocessor. Please put each use-cases in a seperate answer so it can be voted up and if you know of how to achieve one of the answers without the preprosessor point out how in that answer's comments.

  Read the article

• QLocale, what is the scope of the global QLocale::setDefault()?

  - by ALoopingIcon

  Problem: I have a QT based multiplatform (win,mac,*nix) application that parses ascii files containing decimal numbers. parsing is done using a variety of different code pieces that use anything from qt string stuff, c++ stdin, oldstyle scanf, etc. ascii files have always the '.' (dot) as separated decimal (e.g. in the file to be parsed 1/10 is written 0.1 as standard in many countries). people using the application within a OS localized for using comma separated decimal encounter a lot of problems (e.g. for french users scanf expect to find 0,1 as a valid textual representation of 1/10 and if they find 0.1 scanf will parse it as 0) How can I be sure that the OS Locale indication of how decimal point has to be written is always ignored? Is it safe assuming that adding QLocale::setDefault(QLocale(QLocale::English,QLocale::UnitedStates)); is enough to get rid of all these problems? Any suggestion for portable ways of setting the locale globally?

  Read the article

• Aren't passwords written in inputbox vulnerable through a stack trace ?

  - by loursonwinny

  Hello, I am not a guru of the stack tracing, at all. I even don't know how to get some. Anyway, I am wondering if entering a password entered in an inputbox is safe. Can't it be retrieved by getting a stack trace ? A password entered that way will be found in many places : Caption property of the TEdit Result of the function which creates the inputbox probably, a variable that stores the Result of the InputBox Command etc... If the answer is "yes, it is a vulnerability", then my world collapses :p. What can be done to avoid that vulnerability hole ? NOTE : The InputBox is an example but it can be with a "homebrewed" login prompt. InputBox is a Delphi command but I haven't tagged the question with the Delphi tag because I suppose that the question concerns any language. Thanks for reading

  Read the article

• Forcing a method to be non-transactional in JPA (Eclipselink)

  - by rhinds

  Hi, I am developing an application using Eclipselink and as part of the app I need to be able to manipulate some of the objects which involves changing data without it being persisted to the database (i merging/changing objects for some batch generation processes). I am reluctant to change the data in the Entity objects, as there is a risk that even though i have not marked the methods as @Transactional, this method could in the future be inadvertantly called from within a transactional method and these changes could be persisted. So my question is, is there anyway to get around this? Such as force a method to always be non-transactional regardless; terminate any transactionality as soon as the method is started; etc. I know there is a .detach() method that can detach the objects from the Entity Manager, however, there are many objects and this seems like a potentially error prone fail-safe on my code.

  Read the article

• Mixing .NET 3.5 with 4/4.5 assemblies in the same process

  - by lysergic-acid

  Our team builds a .NET 3.5 WinForms based application that we'd like to migrate to the latest .NET version (4.5). Our application uses many "external" components (can be thought of as plugins) that are also currently .NET 3.5 based. I'd like to know what runtime/core libraries are used in case we convert ONLY THE APPLICATION to compile using .NET 4.5? Should this scenario properly work? (loading .NET 3.5 assemblies in a 4.5 process)? * The plugin assemblies are loaded via reflection. How does the CLR runtime handle such a scenario? is this a safe practice?

  Read the article

• Would you make this method Static or not?

  - by Adam Drummond

  During a code review I presented a method quickly to the team that I had made static and one person agreed that there was no reason for it to not be static and a person disagreed saying that he would not make it static because it wasn't necessary and just to be on the safe side for future modifications and testing. So I did quite a bit of research and obviously it's a specialized case but I would like to know what you would do in this situation and why? (Its basically a helper method I call from a few different methods, a very low traffic page. More for my knowledge and learning on Static.) private IEnumerable<Category> GetCategoryByID(int id, Context context) { var categoryQuery = from selectAllProc in context.SelectAll_sp() where selectAllProc.CategoryID == id select selectAllProc; return categoryQuery; }

  Read the article

• Java 7 API design best practice - return Array or return Collection

  - by Shengjie

  I know this question has be asked before generic comes out. Array does win out a bit given Array enforces the return type, it's more type-safe. But now, with latest JDK 7, every time when I design this type of APIs: public String[] getElements(String type) vs public List<String> getElements(String type) I am always struggling to think of some good reasons to return A Collection over An Array or another way around. What's the best practice when it comes to the case of choosing String[] or List as the API's return type? Or it's courses for horses. I don't have a special case in my mind, I am more looking for a generic pros/cons comparison.

  Read the article

• Template approach for a PHP application

  - by Industrial

  Hi everyone, We're in the middle of making a new e-commerce related PHP application and we have come to the point where we have started to think about how we should solve templating for our customers needs. What we would like to do is offer our customers the possibility of uploading/modifying templates to suit their company:s profile. The initial thought is that we shall not reinvent the wheel, so instead letting our customers upload their templates with FTP, so there will be basic HTML skills required. For those customers that want to modify/customize template and doesnt have the knowledge, we offer that service as well. I know that there's a number of issues to solve before this could be considered safe, like preventing XSS and writing scripts that check through each uploaded file for potential security threats and so on. Of course, there are some part that probably will be to complex for the customer to modify by themselves, so maybe this approach won't apply to all<< template files in the frontend application. But besides that, what would be a good way to handle this?

  Read the article

• Can I assume Flash and PHP will generate the same floating point numbers?

  - by Fragsworth

  In a multiplayer game I'm developing, we have a few values that are floating point numbers. The back-end (in PHP) and the front-end (in Flash) occasionally perform the same calculations on these numbers, to minimize communication. I am currently making sure that both sides are using 64-bit doubles, but am I safe to assume that all calculations will be the same? For instance, what about string to float conversion - should I worry about Flash having a potentially different implementation as PHP? (If this happens, our game will go out of sync - the client will think it is in one state while the server is in another) With some testing, it appears to be the same, but I'm just not sure. Can someone clarify this for me?

  Read the article

• iphone threading speed up startup of app

  - by BahaiResearch.com

  I have an app that must get data from the Sqlite database in order to display the first element to the User. I have created a domain object which wraps the DB access and is a thread safe singleton. Is this following strategy optimal to ensure the fastest load given the iPhone's file access and memory management capabilities in threaded apps: 1) In the AppDelegate's FinishedLaunching event the very first thing I do is create the domain singleton within a new thread. This will cause the domain object to go to Sqlite and get the data it needs without locking the UI thread. 2) I then call the standard Window methods to add the View and MakeKeyAndVisible etc. Is there an earlier stage in the AppDelegate where I should fire off the thread that creates the Domain Object and accesses Sqlite?

  Read the article

• Need to dynamically-generate a "sticky note" text

  - by gravyface

  Working on a website that has an image of a sticky note which will change text somewhat frequently (every month or so) as new "todo" items are created on it. Font I'm currently using is not Web Safe and the text is slightly angled to match the skew of the sticky note as well. Now I'm a pragmatist, and in situations like this I would normally secede defeat and opt for something more CSS/HTML practical. But no more! I'm falling a bit behind on what's going on with HTML5, CSS3, PNG graphics, Flash (ugh), and/or any other rich visuals. I'm decent with PHP/CSS/JS (jquery), have dabbled in Flash/actionscript too. My question is: what tools/method should I be looking at here?

  Read the article

• Capistrano update causes C: to be placed in the current directory (cygwin)

  - by user321775

  When I run cap deploy:update in a directory on my local machine (via cygwin), "C:" magically appears in the directory. Sure enough, I can cd to it and it's my windows C: drive. Now I'm afraid to delete it, but I definitely don't want it in this directory (a rails project under /home/username/blah/blah). Here's my config/deploy.rb file. custom options set :application, "xyz.com" set :repository, "ssh://[email protected]:yyyy/home/git/xxx" set :user, "myname" set :runner, user set :use_sudo, false server "xxx.xxx.xxx.xxx:yyyy", :app, :web, :db, :primary = true deploy to set :deploy_to, "/home/myname/public_html/xyz" repository set :scm, :git set :deploy_via, :copy ssh options default_run_options[:pty] = true ssh_options[:paranoid] = false ssh_options[:port] = yyyy start passenger namespace :deploy do task :start do ; end task :stop do ; end task :restart, :roles = :app, :except = { :no_release = true } do run "#{try_sudo} touch #{File.join(current_path,'tmp','restart.txt')}" end end Anyone see the problem? And does anyone know a safe way of getting rid of the C: drives that have already shown up (this has happened in a few directories)?

  Read the article

• Specify sorting order for a GROUP BY query to retrieve oldest or newest record for each group

  - by Beau Simensen

  I need to get the most recent record for each device from an upgrade request log table. A device is unique based on a combination of its hardware ID and its MAC address. I have been attempting to do this with GROUP BY but I am not convinced this is safe since it looks like it may be simply returning the "top record" (whatever SQLite or MySQL thinks that is). I had hoped that this "top record" could be hinted at by way of ORDER BY but that does not seem to be having any impact as both of the following queries returns the same records for each device, just in opposite order: SELECT extHwId, mac, created FROM upgradeRequest GROUP BY extHwId, mac ORDER BY created DESC SELECT extHwId, mac, created FROM upgradeRequest GROUP BY extHwId, mac ORDER BY created ASC Is there another way to accomplish this? I've seen several somewhat related posts that have all involved sub selects. If possible, I would like to do this without subselects as I would like to learn how to do this without that.

  Read the article

• c# Create a unique name with a GUID

  - by Dave Rook

  I am creating a back up solution. I doubt there is anything new in what I'm trying to achieve. Before copying the file I want to take a backup of the destination file in case anything becomes corrupt. This means renaming the file. I have to be careful when renaming in case the file already exists and adding a 01 to the end is not safe. My question is, based upon not finding the answer else where, would adding a GUID to the file name work. So, if my file was called file01.txt, renaming the file to file01.txtGUID (where GUID is the generated GUID), I could then perform my back up of that file (at this instance having 2 back ups) and then, after ensuring the file has copied (by comparing length of file to the source), delete the file with the GUID in the name. I know the GUID is not 100% guaranteed to be unique but would this suffice?

  Read the article

• What should be contained in a global Subversion ignore pattern for Visual Studio 2010?

  - by Chris Simmons

  After installing and using Visual Studio 2010, I'm seeing some newer file types (at least with C++ projects ... don't know about the other types) as compared to 2008. e.g. .sdf, .opensdf, which I guess are the replacement for ncb files with Intellisense info stored in SQL Server Compact files? I also notice .log files are generated, which appear to be build logs. Given this, what's safe to add to my global ignore pattern? Off the bat, I'd assume .sdf, .opensdf, but what else?

  Read the article

• Apache Axis web service clients vs plain SOAP requests.

  - by Andy Pryor

  I'm looking for the best way to consume a Java web service that returns rather large and complex objects. I am currently using Apache Axis clients generated from the wsdl, (using eclipse "generate web service client" tool). We have concerns about performance of this. The service proxy objects are not thread safe, and they are rather heavy to instantiate, 2-3 MB on the JVM. The other alternative is making HTTP connections and building a String SOAP requests. I would have to interpret the response, and build objects from the XML. Would this be a better alternative to the heavy axis objects? I searched for good reading on this, if any one had any links I would greatly appreciate it.

  Read the article

• STL deque accessing by index is O(1)?

  - by jasonline

  I've read that accessing elements by position index can be done in constant time in a STL deque. As far as I know, elements in a deque may be stored in several non-contiguous locations, eliminating safe access through pointer arithmetic. For example: abc-defghi-jkl-mnop The elements of the deque above consists of a single character. The set of characters in one group indicate it is allocated in contiguous memory (e.g. abc is in a single block of memory, defhi is located in another block of memory, etc.). Can anyone explain how accessing by position index can be done in constant time, especially if the element to be accessed is in the second block? Or does a deque have a pointer to the group of blocks? Update: Or is there any other common implementation for a deque?

  Read the article

• How do I escape a string for a shell command in nodejs (V8 Javascript engine)?

  - by Maciek

  In nodejs, the only way to execute external commands is via sys.exec(cmd). I'd like to call an external command and give it data via stdin. In nodejs there does yet not appear to be a way to open a command and then push data to it (only to exec and receive its standard+error outputs), so it appears the only way I've got to do this right now is via a single string command such as: var dangerStr = "bad stuff here"; sys.exec("echo '" + dangerStr + "' | somecommand"); Most answers to questions like this have focused on either regex which doesn't work for me in nodejs (which uses Google's V8 Javascript engine) or native features from other languages like Python. I'd like to escape dangerStr so that it's safe to compose an exec string like the one above. If it helps, dangerStr will contain JSON data.

  Read the article

< Previous Page | 112 113 114 115 116 117 118 119 120 121 122 123  | Next Page >