Search Results

Search found 483 results on 20 pages for 'dangerous'.

Page 12/20 | < Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19 | Next Page >

Are Blogengine.net support posts in other language like Hindi when they written through unicode font

- by steven spielberg

when i test a post written in Hindi that i got the error that "Url : http://localhost:50263/BlogEngine.Web/admin/Pages/Add_entry.aspx?id=c3b7497c-60e7-41c7-ac10-36f21999f82f Raw Url : /BlogEngine.Web/admin/Pages/Add_entry.aspx?id=c3b7497c-60e7-41c7-ac10-36f21999f82f Message : A potentially dangerous Request.Form value was detected from the client (ctl00$cphAdmin$txtContent$TinyMCE1$txtContent=" ..."). Source : System.Web StackTrace : at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection) at System.Web.HttpRequest.ValidateNameValueCollection(NameValueCollection nvc, RequestValidationSource requestCollection) at System.Web.HttpRequest.get_Form() at System.Web.HttpRequest.get_Item(String key) at BlogEngine.Core.Web.HttpModules.CompressionModule.context_PostReleaseRequestState(Object sender, EventArgs e) in D:\Projects\Be-1610\BlogEngine\DotNetSlave.BusinessLogic\Web\HttpModules\CompressionModule.cs:line 62 at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) " what is meaning of this error. are this support unicode ?

Read the article
How does memory management in Java and C# differ?

- by David Johnstone

I was reading through 2010 CWE/SANS Top 25 Most Dangerous Programming Errors and one of the entries is for Buffer Copy without Checking Size of Input. It suggests using a language with features to prevent or mitigate this problem, and says: For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer. I was not aware that Java and C# differed in any meaningful way with regard to memory management. How is it that Java is not subject to buffer overflows, while C# only protects against overflows? And how is it possible to disable this protection in C#?

Read the article
VB.NET overloading array access?

- by Wayne Werner

Hi, Is it possible to overload the array/dict access operators in VB.net? For example, you can state something like: Dim mydict As New Hashtable() mydict.add("Cool guy", "Overloading is dangerous!") mydict("Cool guy") = "Overloading is cool!" And that works just fine. But what I would like to do is be able to say: mydict("Cool guy") = "3" and then have 3 automagically converted to the Integer 3. I mean, sure I can have a private member mydict.coolguy and have setCoolguy() and getCoolguy() methods, but I would prefer to be able to write it the former way if at all possible. Thanks

Read the article
Embedding an existing exe file into another C++ program

- by Milad

Is there a way to link an existing .exe file with other C++ source files during compilation? What I'm actually trying to do is to compress and decompress some files in my console program using LZMA(7zip) SDK but unfortunately it's very difficult to use for a newbie. There is a command line version of LZMA called 7za.exe and I am wondering if I can somehow embed it into my program and use it like a function. It can be easily used with system() function (which seems to be a very dangerous thing to use) but then if I send my program to someone who doesn't have 7za.exe in the right folder it won't work. I came across CreateProcess() function in windows.h header files but it seems to achieve what system() does in a more proper and advanced way. I don't know if it can actually link the exe file like an object file during compilation

Read the article
How should I move my code from dev to production?

- by Teddy

I have created a PHP web-application. I have 3 environments: DEV, TEST, PROD. What's a good tool / business practice for me to move my PHP web-application code from DEV to TEST to the PROD environment? Realizing that my TEST environment still only connects to my TEST database; whereas, I need to PROD environment to connect to my PROD database. So the code is mostly the same, except that I need to change my TEST code once moved into PROD to connect to the PROD database and not TEST database. I've heard of people taking down Apache in such away that it doesn't allow new connections and once all the existing connections are idle it simply brings down the web server. Then people manually copy the code and then manually update the config files of the PHP application to also point to the PROD instance. That seems terribly dangerous. Does a best practice exists?

Read the article
PHP: How should I move my code from dev to production?

- by Teddy

I have created a PHP web-application. I have 3 environments: DEV, TEST, PROD. What's a good tool / business practice for me to move my PHP web-application code from DEV to TEST to the PROD environment? Realizing that my TEST environment still only connects to my TEST database; whereas, I need to PROD environment to connect to my PROD database. So the code is mostly the same, except that I need to change my TEST code once moved into PROD to connect to the PROD database and not TEST database. I've heard of people taking down Apache in such away that it doesn't allow new connections and once all the existing connections are idle it simply brings down the web server. Then people manually copy the code and then manually update the config files of the PHP application to also point to the PROD instance. That seems terribly dangerous. Does a best practice exists?

Read the article
HttpRequestValidationexception on Asp.Net MVC

- by elranu

I’m getting an HttpRequestValidationexception with this error message: “A potentially dangerous Request.Form value was detected from the client”. But I have AllowHtml on the property that I’m getting the error. The problem is that later in my code I’m getting the following property to know in witch format I will show my view ControllerContext.HttpContext.Request.Params.AllKeys.Contains("format"). And on this “Param Getter” I’m getting the error. Let’s say my code is similar to the following: public class House { [AllowHtml] public string Text { get; set; } public string Name { get; set; } } [HttpPost, ValidateAntiForgeryToken] public ActionResult CreateTopic(House h) { //business code if(ControllerContext.HttpContext.Request.Params.AllKeys.Contains("format")) { Return view; } } How can I solve this? I already try with the ValidateInput(false) attribute on the controller action method. Any idea?

Read the article
Unable to enter data into database

- by Zerotoinfinite

Hi All, I have a gridview, I am allowing user to enter HTML data while editing a record in a gridview row. When I am clicking update button then I am getting this message A potentially dangerous Request.Form value was detected from the client (ctl00$ContentPlaceHolder1$gvCommentDetails$ctl02$ctl04="This is message,This is mark. ..."). Please let me know how could I resolve this , as I am using sql data source to update the gridview record. ============= " SelectCommand=" SELECT c.Id,c.Name, c.message FROM Table1 c UpdateCommand=" UPDATE Table1 SET Name = @Name, message = @message WHERE Id= @Id" Thanks in adavance

Read the article
ValidateInput Attribute Doesn't Seem To Work in ASP.NET MVC

- by JC Grubbs

I'm trying to get around the "potentially dangerous Request.Form value" error and I'm having no luck. Yes, yes, I've read all the other StackOverflow related questions and none of them seem to get me closer to an answer. I am using [ValidateInput(false)] on all related controller actions...and I've checked many times. I'm using ValidateRequest='false' in all the related ASPX views. I am using ASP.NET MVC 2 Preview 1, but I don't think that's an issue since the error is being generated lower in the framework; Page.ProcessRequest to be exact. I can't see anything I'm doing wrong, I even set <page validateRequest='false'> in the web.config and that didn't solve it either. HELP!!!!!

Read the article
CKEditor and asp.net

- by TheVillageIdiot

I am using CKEditor on my page. It is working fine except when I post back. I am getting this error: A potentially dangerous Request.Form value was detected from the client (ctl00$MainContent$txtDesc="<p>  </p> I am using this code to put CKEditor value into textbox on OnClientClick event of submit button: function getEditorValue(){ var editor=$("#<%= txtDesc.ClientID%>").ckeditorGet(); editor.updateElement(); return true; }

Read the article
Is Pex (Test generation) really usefull tool?

- by Yauheni Sivukha

Yes, it is possible to generate tests on boundary values for functions like "Sum" or "Divide". Pex is a good tool here. But more often we create tests on business behaviour. Let's consider example from classic Beck's tdd book: [Test] public void ShouldRoundOnCreation() { Money money = new Money(20.678); Assert.AreEqual(20.68,money.Amount); Assert.AreEqual(2068,money.Cents); } Can this test be generated? No :) 95 % of tests in my projects check business logic, and can not be generated. Pex (Especially in pair with Moles) can give 100% code coverage, but a high code coverage rate of a test suite does never indicate, that code is well tested - It only gives false confidence that everything is tested. And this is very dangerous. So, the question is - Is Pex really usefull tool?

Read the article
Is block style really this important?

- by Jack Roscoe

I just watched a video of Douglas Crockford's presentation about his 2009 book JavaScript: The Good Parts. In the video, he explains that the following block is dangerous because it produces silent errors: return { ok: false }; And that it should actually be written like this (emphasising that although seemingly identical the behavioural difference is crucial): return { ok: false }; You can see his comments around 32 minutes into the video here: http://www.youtube.com/watch?v=hQVTIJBZook&feature=player_embedded#!&start=1920 I have not heard this before, and was wondering if this rule still applies or if this requirement in syntax has been overcome by JavaScript developments since this statement was made. I found this very interesting as I have NOT been writing my code this way, and wanted to check that this information was not out of date.

Read the article
How do I safely Debug.Assert in ASP.NET?

- by MatthewMartin

Asserts can't be caught. This is good because some errors I don't want to be wrapped in try/catch, at least not on the development server. But Asserts seem awefully dangerous. If they get onto production, it can hang the ASP.NET server with a msgbox. //Don't want this on prod even if debug=true is in the web.config #if DEBUG //A future client programmer can wrap this in a try{}catch{} if (!EverythingIsOkay) throw new InvalidOperationException("Dagnabbit, programming error"); //This stops the but has less information that an // Exception and hangs the server if this accidentally // runs on production System.Diagnostics.Debug.Assert(!EverythingIsOkay); #endif Is there better way to communicate an violation of a inviolable condition to a developer without risking hanging IIS? UPDATE: After reading the first replies, I guess the answer hinges on a foolproof way to detect when code is running in a development environment and when it is on a production server, or figuring out how to throw an exception that can't be caught and ignored.

Read the article
Color blindness: Are you aware of it? Do you design for it?

- by User

I'm curious whether many of us who do design or take design decisions have ever heard of this problem. I'm aware there are dangerous color combinations, like green + red. This is probably one of the most popular cases of color blindness. If you have green text on a red background and vice versa some people won't see anything. I've also seen in practice that green text on a blue background was not seen by one guy. What other color compositions should be avoided, and how often these cases are to be expected? Let us make some ranging by encounter probability who has the numbers. Addition: I've just remembered one very bad example that causes problems to just about everyone - blue text on a black background. It's unreadable for all intents and purposes. Never could understand what could possibly compel a web master to use this color combination...

Read the article
Exchange Server 2007 is altering href value

- by Mark Kadlec

I am creating an email going out to internal users with the following code that has a link to an internal directory: <a href="\\abc\123">\\abc\123</a> And for whatever reason, the mail that comes in shows: \\abc\123 and the link points to /abc/123 I am suspecting Exchange Server of somehow altering the mail message to make it less "dangerous", but I am really stuck here since this is a network address, going to internal users! When they click the link it doesn't show the directory. Any help would be much appreciated!

Read the article
Limiting the number of threads executing a method at a single time.

- by Steve_

We have a situation where we want to limit the number of paralell requests our application can make to its application server. We have potentially 100+ background threads running that will want to at some point make a call to the application server but only want 5 threads to be able to call SendMessage() (or whatever the method will be) at any one time. What is the best way of achieving this? I have considered using some sort of gatekeeper object that blocks threads coming into the method until the number of threads executing in it has dropped below the threshold. Would this be a reasonable solution or am I overlooking the fact that this might be dirty/dangerous? We are developing in C#.NET 3.5. Thanks, Steve

Read the article
how to deal with a static analyzer output

- by Jim

We have started using a static analyzer (Coverity) on our code base. We were promptly stupefied by the sheer amount of warnings we received (its in the hundreds of thousands) , it will take the entire team a few mounts to clear them all (obliviously impossible). the options we discussed so far are 1) hire a contractor to sort out the warning and fix them - he drawback: we will probably need very experiences people to do all these modifications, and no contractor will have required understanding of the code. 2) filter out the warning and deal only with the dangerous ones - the problem here is that our static analysis output will always be cluttered by warning making it difficult for us to isolate problems. also the filtering of the warning is also a major effort. either way, bringing our code to a state when the static analyzer can be a useful tool for us seems a monumental task. so how is it possible to work with the static analyzer without braining current development efforts into a complete stand still?

Read the article
How to By Pass Request Validation

- by GIbboK

Hi, I have a GridView and I need update some data inserting HTML CODE; I would need this data been stored encoded and decoded on request. I cannot in any way disable globally "Request Validation" and not even at Page Level, so I would need a solution to disable "Request Validation" at Control Level. At the moment I am using a script which should Html.Encode every value being update, butt seems that "Request Validation" start its job before event RowUpdating, so I get the Error "Page A potentially dangerous Request.Form ... ". Any idea how to solve it? Thanks protected void GridView1_RowUpdating(object sender, GridViewUpdateEventArgs e) { foreach (DictionaryEntry entry in e.NewValues) { e.NewValues[entry.Key] = Server.HtmlEncode(entry.Value.ToString()); } PS I USE Wweb Controls not MVC

Read the article
Can getAttribute() method of Tomcat ServletContext implementation be called without synchronization?

- by oo_olo_oo

I would like to read some parameters during servlet initializtion (in init() method), and store them among servlet context attributes (using getServletContext().setAttribute()). I would like to read these parameters later - during some request processing (using getServletContext().getAttribute()). So, the multiple threads could do this simultaneously. My question is if such an attempt is safe? Could I be sure that multi threaded calls to the getAttribute() don't mess up any internal state of the servlet context? Please take into account that I'm not going to call the setAttribute() anywhere besides the initialization. So, only calls to the getAttribute() are going to be done from multiple threads. But depending on the internal implementation, this also could be dangerous. So, any information about Tomcat's implementation would be appreciated.

Read the article
How to avoid automatic renaming of sub signature parameters in visual basic 6.

- by systempuntoout

In Visual basic 6, i declare a sub like this: Private Sub test1(ByRef XmlFooOutput As String) ... End Sub after that, i declare another sub like the following one: Private Sub test2(ByRef xmlFooOutput As String) ... End Sub automagically, the first method is transformed in: Private Sub test1(ByVal xmlFooOutput As String) ... End Sub so the XmlFooOutput parameter is transformed in xmlFooOutput. This is a pretty dangerous feature because, method like those could be mapped to different XSL presentation files that read XML values through Xpath. So when test1 parameter is renamed, XSL bound to test1 method goes broken because Xpath point to XmlFooOuput but the correct value is now in xmlFooOutput. Is it possible to remove this weird feature? I'm using microsoft visual basic 6.0 (SP6). This question has some duplicate: http://stackoverflow.com/questions/1064858/stop-visual-basic-6-from-changing-my-casing http://stackoverflow.com/questions/248760/vb6-editor-changing-case-of-variable-names from what i see, there's no practical solution to disable this Intellisense evil feature.

Read the article
Windows Shell Programming book suggestion

- by Lijo

Hi, I am a web developer using C#. I would like to experiment with Windows shell programming in C#. Many people suggests that using managed applications for shell program, is dangerous. (Creation of separate instances for each process versus in process shell. Also version dependency) Frankly speaking, I am totally new to shell. Is there a book available, that will treat these topics; both through managed code and unmanaged code (but mostly towards managed code)? It would be great if that book is concise , for beginner and giving theoretical background of the shell. Please suggest…. Thanks Lijo

Read the article
Grails unit testing domain classes with Set properties - is this safe?

- by Ali G

I've created a domain class in Grails like this: class MyObject { static hasMany = [tags: String] // Have to declare this here, as nullable constraint does not seem to be honoured Set tags = new HashSet() static constraints = { tags(nullable: false) } } Writing unit tests to check the size and content of the MyObject.tags property, I found I had to do the following: assertLength(x, myObject.tags as Object[]) assertEquals(new HashSet([...]), myObject.tags) To make the syntax nicer for writing the tests, I implemented the following methods: void assertEquals(List expected, Set actual) { assertEquals(new HashSet(expected), actual) } void assertLength(int expected, Set set) { assertLength(expected, set as Object[]) } I can now call the assertLength() and assertEquals() methods directly on an instance of Set, e.g. assertLength(x, myObject.tags) assertEquals([...], myObject.tags) I'm new to Groovy and Grails, so unaware how dangerous method overloading like this is. Is it safe? If so, I'm slightly* surprised that these methods (or similar) aren't already available - please let me know if they are. * I can see how these methods could also introduce ambiguity if people weren't expecting them. E.g. assertLength(1, set) always passes, no matter what the content of set

Read the article
ValidateRequest="false" doesn't work when posting HTML values

- by Ivan90

I am developing a personal blog in ASP.NET MVC 1.0. This blog application has Views like "Insert Post", "Edit Post", etc. I need to post a string containing HTML back to the appropriate controller method. That HTML value is being posted from a textarea. I've read that it's necessary to disable ValidateRequest directly on the page with the attribute ValidateRequest = "false" or in the web.config file. When I insert an HTML value in my textarea, I get always the error of 'potential value dangerous'. How can I use ValidateRequest to allow the form element containing HTML values to be posted?

Read the article
Is it inefficient to access a python class member container in a loop statement?

- by Dave

Hi there. I'm trying to adopt some best practices to keep my python code efficient. I've heard that accessing a member variable inside of a loop can incur a dictionary lookup for every iteration of the loop, so I cache these in local variables to use inside the loop. My question is about the loop statement itself... if I have the following class: class A(object): def init(self) self.myList = [ 'a','b','c', 'd', 'e' ] Does the following code in a member function incur one, or one-per-loop-iteration (5) dictionary lookups? for letter in self.myList: print letter IE, should I adopt the following pattern, if I am concerned about efficiency... localList = self.myList for letter in localList: print letter or is that actually LESS efficient due to the local variable assign? Note, I am aware that early optimization is a dangerous pitfall if I'm concerned about the overall efficiency of code development. Here I am specifically asking about the efficiency of the code, not the coding. Thanks in advance! D

Read the article
What is good practice for writing web applications that control daemons (and their config files)

- by Jones R

Can someone suggest some basic advice on dealing with web applications that interact with configuration files like httpd.conf, bind zone files, etc. I understand that it's bad practice, in fact very dangerous to allow arbitrary execution of code without fully validating it and so on. But say you are tasked to write a small app that allows one to add vhosts to an apache configuration. Do you have your code execute with full privileges, do you write future variables into a database and have a cron job (with full privileges) execute a script that pulls the vars from the database and throws them into a template config file, etc. Some thoughts & contributions on this issue would be appreciated. tl;dr - how can you securely write a web app to update/create entries in a config file like apache's httpd.conf, etc.

Read the article

< Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19 | Next Page >