Search Results

Search found 1303 results on 53 pages for 'injection'.

Page 13/53 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • Serializing array in PHP, preventing injection

    - by Cyclone
    I'm writing a PHP script which uses serialized arrays to store data. How can I prevent injection in serialization? It would be very easy to name your account: something";s:6:"access";s:5:"admin"; for a simple example. The user could then add the rest of the needed parameters somehow. Would addslashes work for this? Does the php unserialize pick up on that as being an escaped character? If so, is it possible to apply addslashes to an entire array without iterating through? Thanks for the help!

    Read the article

  • Bookmarklet, js injection and popup issue

    - by Neewok
    I'm currently writing a bookmarklet that loads and executes a remote js file by appending a new <script> tag in the current window, like so : javascript:(function() { if(typeof __bml_main != "undefined") return __bml_main.init(); var s= document.createElement('script'); s.type= 'text/javascript'; s.src= 'http://127.0.0.1:8000/media/bookmarklet.js'; void(document.body.appendChild(s)); })(); My bookmarklet needs to perform some dom manipulations in order to extract data from the page being viewed, and then to open a new popup to list them. The thing is : if I want to bypass pop-up blockers, I can't open my new window from the injected script. I need to open it right from the beginning in the bookmarklet code, and to access it later when needed. I've tried to do somehting like this : javascript:var my_popup = window.open('http://127.0.0.1:8000/resources/manage/new/', 'newResourcePopup',config='height=200,width=400,toolbar=no,menubar=no,scrollbars=no,resizable=no,location=no,directories=no,status=no'); (function() { // script injection (...) })(); but if I then try to access my_popup from my remotely loaded script, most browsers will throw a security warning and won't let me access the Window object. This is understandable since the script is not from the same domain than the displayed page, but I'm kind of stuck... A solution would be to use a div overlay, but I'd really prefer to open a window in this case. Any hints ?

    Read the article

  • Javascript HTML and Script injection issue in IE

    - by MartinHN
    Hi I have a javascript variable containing escaped HTML. There can be script tags inside the HTML, like this: var valueToInsert = "%3Cscript%20type%3D%22text/javascript%22%3Ealert%28%27test%27%29%3B%3C/script%3E%0A%3Cscript%20type%3D%22text/javascript%22%20src%3D%22http%3A//devserver/testinclude.js%22%3E%3C/script%3E%0A%3Cimg%20src%3D%22http%3A//www.footballpictures.net/data/media/131/manchester_united_logo.jpg%22%20/%3E" I want to append this to the DOM, and get all the javascript fired as expected. Right now I'm using this approach: var div = document.createElement("div"); div.innerHTML = unescape(valueToInsert); document.body.appendChild(div); In IE, at the time i set div.innerHTML - all script tags are removed. If I use jQuery to and do this: $(document.body).append(valueToInsert) It all works fine. Bad thing is, that I cannot use jQuery as this code will be added to sites I'm not in control of using some "already-implemented" script includes. Does someone have a trick? If jQuery can do it, it must be possible? I had another issue in Opera. I changed the injection script to be this: (still doesn't work in IE) var div = document.createElement("div"); div.innerHTML = unescape(valueToInsert); var a = new Array(); for (var i = 0; i < div.childNodes.length; i++) a.push(div.childNodes[i]); for (var i = 0; i < a.length; i++) { if (a[i].nodeName == "SCRIPT" && a[i].getAttribute("src") != null && a[i].getAttribute("src") != "" && typeof (a[i].getAttribute("src")) != "undefined") { var scriptTag = document.createElement("script"); scriptTag.src = a[i].getAttribute("src"); scriptTag.type = "text/javascript"; document.body.appendChild(scriptTag); } else if (a[i].nodeName == "SCRIPT") { eval(a[i].innerHTML); } else { document.body.appendChild(a[i]); } }

    Read the article

  • Spring constructor injection error

    - by Jeune
    I am getting the following error for a bean in my application context: Related cause: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'businessLogicContext' d efined in class path resource [activemq-jms-consumer.xml]: Unsatisfied dependency expressed through constructor argument with index 0 of type [java.lang.String]: Could not convert constructor argument value of type [java.util.ArrayList] to required type [java.lang.String]: Failed to convert value of type [java.util.ArrayList] to required type [java.lang.Stri ng]; nested exception is java.lang.IllegalArgumentException: Cannot convert value of type [java.util.ArrayList] to requi red type [java.lang.String]: no matching editors or conversion strategy found at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:53 4) at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:18 6) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAuto wireCapableBeanFactory.java:855) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutow ireCapableBeanFactory.java:765) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCap ableBeanFactory.java:412) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBea nFactory.java:383) at java.security.AccessController.doPrivileged(Native Method) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapab leBeanFactory.java:353) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:245) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegis try.java:169) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:242) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164) at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListable BeanFactory.java:400) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplic ationContext.java:736) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:369) at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java :123) at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java :66) Here is my bean: <bean id="businessLogicContext" class="org.springframework.context.support.ClassPathXmlApplicationContext" depends-on="resolveProperty"> <constructor-arg index="0"> <list> <value>jms-applicationContext.xml</value> <value>jms-managerBeanContext.xml</value> <value>jms-daoContext.xml</value> <value>jms-serviceContext.xml</value> </list> </constructor-arg> </bean> I don't know what's wrong, I have googled how to inject a string array via constructor injection and the way I do it above seems okay.

    Read the article

  • What response should be made to a continued web-app crack attempt?

    - by Tchalvak
    I've issues with a continuous, concerted cracking attempt on a website (coded in php). The main problem is sql-injection attempts, running on a Debian server. A secondary effect of the problem is being spidered or repeatedly spammed with urls that, though a security hole has been closed, are still obviously related attempts to crack the site, and continue to add load to the site, and thus should be blocked. So what measures can I take to: A: Block known intruders/known attack machines (notably making themselves anonymous via botnet or relaying servers) to prevent their repeated, continuous, timed access from affecting the load of the site, and B: report & respond to the attack (I'm aware that the reporting to law enforcement is almost certainly futile, as may be reporting to the ip/machine where the attacks are originating, but other responses to take would be welcome).

    Read the article

  • Service injection into Controller (Spring MVC)

    - by ThaSaleni
    Hi I have a Spring web application, I have built it up to the controller stage and I could inject my Daos, into my Services fine. Now when I want to inject my Service into my controller i get an error for dependency with the Dao and further down the sessionFactory. I don't want to inject these again cause this will ultimately lead me to eventually create a data source but I have my Daos for data access and they already know about sessionFactory. Am I missing something here? here's the sample code snippets My Service: @Service("productService") @Transactional public class ProductServiceImpl implements ProductService { private ProductDao productDao; @Autowired public void setDao(ProductDao productDao) { this.productDao = productDao; } My Controller @Controller @WebServlet(name="controllerServlet", loadOnStartup= urlPatterns=...}) public class ControllerServlet extends HttpServlet { boolean isUserLogedIn =false; @Autowired private ProductService productService; public void setProductService(ProductService productService){ this.productService = productService; } Servlet-context Stack trace javax.servlet.ServletException: Servlet.init() for servlet mvcServlet threw exception org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472) org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927) org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407) org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:999) org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java: 565) org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:1812) java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) java.lang.Thread.run(Thread.java:662) root cause org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'controllerServlet': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.phumzile.acme.services.ProductService com.phumzile.acme.client.web.controller.ControllerServlet.productService; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No matching bean of type [com.phumzile.acme.services.ProductService] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)} org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.p ostProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:287) org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1106) org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517) org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) SERVLET-CONTEXT <context:component-scan base-package="com.phumzile.acme.client" /> <!-- Enables the Spring MVC @Controller programming model --> <mvc:annotation-driven /> </beans> APP-CONFIG <bean id="propertyConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations"> <list> <value>configuration.properties</value> </list> </property> </bean> <context:annotation-config/> <context:component-scan base-package="com.phumzile.acme" /> <import resource="db-config.xml" /> </beans> DB-CONFIG <bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close"> <property name="idleConnectionTestPeriod" value="10800"/> <property name="maxIdleTime" value="21600"/> <property name="driverClass"> <value>${jdbc.driver.className}</value> </property> <property name="jdbcUrl"> <value>${jdbc.url}</value> </property> <property name="user"> <value>${jdbc.username}</value> </property> <property name="password"> <value>${jdbc.password}</value> </property> </bean> <bean id="sessionFactory" class="org.springframework.orm.hibernate3.a nnotation.AnnotationSessionFactoryBean"> <property name="dataSource"> <ref bean="dataSource" /> </property> <property name="annotatedClasses"> <list> <!-- Entities --> <value>com.phumzile.acme.model.User</value> <value>com.phumzile.acme.model.Person</value> <value>com.phumzile.acme.model.Company</value> <value>com.phumzile.acme.model.Product</value> <value>com.phumzile.acme.model.Game</value> <value>com.phumzile.acme.model.Book</value> <!-- Entities --> </list> </property> <property name="packagesToScan" value="com.phumzile.acme" /> <property name="hibernateProperties"> <props> <prop key="hibernate.dialect">${jdbc.hibernate.dialect </prop> <prop key="hibernate.hbm2ddl.auto">validate</prop> <prop key="hibernate.show_sql">true</prop> </props> </property> </bean> <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> <property name="sessionFactory"> <ref bean="sessionFactory" /> </property> </bean> <tx:annotation-driven /> </beans> CONFIGURATION.PROPERTIES jdbc.driver.className=com.mysql.jdbc.Driver jdbc.url=jdbc:mysql://localhost:3306/mydb jdbc.username=root jdbc.password=root jdbc.hibernate.dialect=org.hibernate.dialect.MySQLDialect

    Read the article

  • Correct way of using/testing event service in Eclipse E4 RCP

    - by Thorsten Beck
    Allow me to pose two coupled questions that might boil down to one about good application design ;-) What is the best practice for using event based communication in an e4 RCP application? How can I write simple unit tests (using JUnit) for classes that send/receive events using dependency injection and IEventBroker ? Let’s be more concrete: say I am developing an Eclipse e4 RCP application consisting of several plugins that need to communicate. For communication I want to use the event service provided by org.eclipse.e4.core.services.events.IEventBroker so my plugins stay loosely coupled. I use dependency injection to inject the event broker to a class that dispatches events: @Inject static IEventBroker broker; private void sendEvent() { broker.post(MyEventConstants.SOME_EVENT, payload) } On the receiver side, I have a method like: @Inject @Optional private void receiveEvent(@UIEventTopic(MyEventConstants.SOME_EVENT) Object payload) Now the questions: In order for IEventBroker to be successfully injected, my class needs access to the current IEclipseContext. Most of my classes using the event service are not referenced by the e4 application model, so I have to manually inject the context on instantiation using e.g. ContextInjectionFactory.inject(myEventSendingObject, context); This approach works but I find myself passing around a lot of context to wherever I use the event service. Is this really the correct approach to event based communication across an E4 application? how can I easily write JUnit tests for a class that uses the event service (either as a sender or receiver)? Obviously, none of the above annotations work in isolation since there is no context available. I understand everyone’s convinced that dependency injection simplifies testability. But does this also apply to injecting services like the IEventBroker? This article describes creation of your own IEclipseContext to include the process of DI in tests. Not sure if this could resolve my 2nd issue but I also hesitate running all my tests as JUnit Plug-in tests as it appears impractible to fire up the PDE for each unit test. Maybe I just misunderstand the approach. This article speaks about “simply mocking IEventBroker”. Yes, that would be great! Unfortunately, I couldn’t find any information on how this can be achieved. All this makes me wonder whether I am still on a "good path" or if this is already a case of bad design? And if so, how would you go about redesigning? Move all event related actions to dedicated event sender/receiver classes or a dedicated plugin?

    Read the article

  • Parameterized SQL statements vs. very simple method

    - by Philipp G
    When I started to write the first SQL-Statements in my programs I felt quite comfortable with protecting myself against SQL-Injection with a very simple method that a colleague showed me. It replaced all single quotes with two single quotes. So for example there is a searchfield in which you can enter a customername to search in the customertable. If you would enter Peter's Barbershop The SELECT Statement would look like SELECT * FROM Customers WHERE Customername = 'Peter''s Barbershop' If now an attacker would insert this: ';DROP TABLE FOO; -- The statement would look like: SELECT * FROM Customers WHERE Customername = ''';DROP TABLE FOO;--' It would not drop any table, but search the customertable for the customername ';DROP TABLE FOO;-- which, I suppose, won't be found ;-) Now after a while of writing statements and protecting myself against SQL-Injection with this method, I read that many developers use parameterized statements, but I never read an article where "our" method was used. So definitely there is a good reason for it. What scenarios would parameterized statements cover but our method doesn't? What are the advantages of parameterized statements compared to our method? Thanks Philipp

    Read the article

  • How to override the behavior of Spring @Autowired

    - by Mark
    Hi a little background: I am Using Spring 2.5, and specifically spring IOC and annotations. I am using @Autowired in my code (the Autowiring is done by type) and use @Component for exposing Classes to the Automatic wiring. The situation described bellow arose while i tried to test my code. now to the problem: Note: i use a different Spring Context for the Test environment. I have a class FOO which is @Autowired but in the test context i want to use a different class of the same type MockFoo (extends FOO) The Spring Setup of course fails do so automatically due to multiple options for the Dependency Injection of the FOO class (both FOO and MockFOO comply to the Type check) I am looking for a way to inject the test bean instead of the original bean. I expected Spring to allow using the Context configurion file to override a bean injection or to order Spring not to autowire a specific bean BUT All these option seem to exists only for the beans which were originally defined in the Spring Context Configuration file

    Read the article

  • How do I protect myself?

    - by ved
    I was poking around at my work computer this evening and was looking at my timesheets. I noticed that all my timesheets had variables in the URLs and I could figure out the numbering scheme for the pages. Then I got a little curious about SQL injection and thought of trying out adding simple SQL injections like "OR 1=1" etc. to see how protected we really were with our timesheet info. One of these strings yielded a friendly error page saying that an error email was sent to the developer. I am concerned that my ID, and request will be seen by the developer , immediately recognized as SQL injection and will be reported to network security officer as a malicious attempt by an employee to hack the timesheet dB. what is my defense? I am really worried.

    Read the article

  • Unity and web service

    - by zachary
    I had this awesome idea... but I am afraid maybe it is actually a bad idea.... we use unity for dependency injection. I make interfaces from my web services using partial classes for the purpose of mocking and web services.... What I want to do is put my web services into unity and get them via dependency injection... What do you think? Is there too much overhead somewhere? Memory leaks? Is this a bad idea?

    Read the article

  • What is the Sql Server equivalent for Oracle's DBMS_ASSERT?

    - by dotNetYum
    DBMS_ASSERT is one of the keys to prevent SQL injection attacks in Oracle. I tried a cursory search...is there any SQL Server 2005/2008 equivalent for this functionality? I am looking for a specific implementation that has a counterpart of all the respective Oracle package members of DBMS_ASSERT. NOOP SIMPLE_SQL_NAME QUALIFIED_SQL_NAME SCHEMA_NAME I know the best-practices of preventing injection...bind variables...being one of them. But,in this question I am specifically looking for a good way to sanitize input...in scenarios where bind-variables were not used. Do you have any specific implemetations? Is there a library that actually is a SQL Server Port of the Oracle package?

    Read the article

  • Can a plain servlet be configured as a seam component?

    - by stacker
    I created a plain servlet within a seam-gen (2.1.2) application, now I would like to use injection. Thus I annotated it with @Name and it's recognized as component: INFO [Component] Component: ConfigReport, scope: EVENT, type: JAVA_BEAN, class: com.mycompany.servlet.ConfigReport Unfortunatly the injection of the logger doesn't work NullPointerException in init() import org.jboss.seam.annotations.Logger; import org.jboss.seam.annotations.Name; import org.jboss.seam.log.Log; @Name("ConfigReport") public class ConfigReport extends HttpServlet { @Logger private Log log; public void init(ServletConfig config) throws ServletException { log.info( "BOOM" ); } } Is my approach abusive? What would be the alternatives (the client sending requests to the servlet is curl, not a browser)?

    Read the article

  • Can a plain servlet be configured to as a seam component?

    - by stacker
    I created a plain servlet within a seam-gen (2.1.2) application, now I would like to use injection. Thus I annotated it with @Name and it's recognized as component: INFO [Component] Component: ConfigReport, scope: EVENT, type: JAVA_BEAN, class: com.mycompany.servlet.ConfigReport Unfortunatly the injection of the logger doesn't work NullPointerException in init() import org.jboss.seam.annotations.Logger; import org.jboss.seam.annotations.Name; import org.jboss.seam.log.Log; @Name("ConfigReport") public class ConfigReport extends HttpServlet { @Logger private Log log; public void init(ServletConfig config) throws ServletException { log.info( "BOOM" ); } } Is my approach abusive? What would be the alternatives (the client sending requests to the servlet is curl, not a browser)?

    Read the article

  • Injection with google guice does not work anymore after obfuscation with proguard

    - by sme
    Has anyone ever tried to combine the use of google guice with obfuscation (in particular proguard)? The obfuscated version of my code does not work with google guice as guice complains about missing type parameters. This information seems to be erased by the transformation step that proguard does, even when the relevant classes are excluded from the obfuscation. The stack trace looks like this: com.google.inject.CreationException: Guice creation errors: 1) Cannot inject a Provider that has no type parameter while locating com.google.inject.Provider for parameter 0 at de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel.setPasswordPanelProvider(SourceFile:499) at de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel.setPasswordPanelProvider(SourceFile:499) while locating de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel for parameter 0 at de.repower.lvs.client.admin.user.administration.b.k.setParentPanel(SourceFile:65) at de.repower.lvs.client.admin.user.administration.b.k.setParentPanel(SourceFile:65) at de.repower.lvs.client.admin.user.administration.o.a(SourceFile:38) 2) Cannot inject a Provider that has no type parameter while locating com.google.inject.Provider for parameter 0 at de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel.setWindTurbineAccessGroupProvider(SourceFile:509) at de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel.setWindTurbineAccessGroupProvider(SourceFile:509) while locating de.repower.lvs.client.admin.user.administration.AdminUserCommonPanel for parameter 0 at de.repower.lvs.client.admin.user.administration.b.k.setParentPanel(SourceFile:65) at de.repower.lvs.client.admin.user.administration.b.k.setParentPanel(SourceFile:65) at de.repower.lvs.client.admin.user.administration.o.a(SourceFile:38) 2 errors at com.google.inject.internal.Errors.throwCreationExceptionIfErrorsExist(Errors.java:354) at com.google.inject.InjectorBuilder.initializeStatically(InjectorBuilder.java:152) at com.google.inject.InjectorBuilder.build(InjectorBuilder.java:105) at com.google.inject.Guice.createInjector(Guice.java:92) at com.google.inject.Guice.createInjector(Guice.java:69) at com.google.inject.Guice.createInjector(Guice.java:59) I tried to create a small example (without using guice) that seems to reproduce the problem: package de.repower.common; import java.lang.reflect.Method; import java.lang.reflect.ParameterizedType; import java.lang.reflect.Type; class SomeClass<S> { } public class ParameterizedTypeTest { public void someMethod(SomeClass<Integer> param) { System.out.println("value: " + param); System.setProperty("my.dummmy.property", "hallo"); } private static void checkParameterizedMethod(ParameterizedTypeTest testObject) { System.out.println("checking parameterized method ..."); Method[] methods = testObject.getClass().getMethods(); for (Method method : methods) { if (method.getName().equals("someMethod")) { System.out.println("Found method " + method.getName()); Type[] types = method.getGenericParameterTypes(); Type parameterType = types[0]; if (parameterType instanceof ParameterizedType) { Type parameterizedType = ((ParameterizedType) parameterType).getActualTypeArguments()[0]; System.out.println("Parameter: " + parameterizedType); System.out.println("Class: " + ((Class) parameterizedType).getName()); } else { System.out.println("Failed: type ist not instance of ParameterizedType"); } } } } public static void main(String[] args) { System.out.println("Starting ..."); try { ParameterizedTypeTest someInstance = new ParameterizedTypeTest(); checkParameterizedMethod(someInstance); } catch (SecurityException e) { e.printStackTrace(); } } } If you run this code unsbfuscated, the output looks like this: Starting ... checking parameterized method ... Found method someMethod Parameter: class java.lang.Integer Class: java.lang.Integer But running the version obfuscated with proguard yields: Starting ... checking parameterized method ... Found method someMethod Failed: type ist not instance of ParameterizedType These are the options I used for obfuscation: -injars classes_eclipse\methodTest.jar -outjars classes_eclipse\methodTestObfuscated.jar -libraryjars 'C:\Program Files\Java\jre6\lib\rt.jar' -dontskipnonpubliclibraryclasses -dontskipnonpubliclibraryclassmembers -dontshrink -printusage classes_eclipse\shrink.txt -dontoptimize -dontpreverify -verbose -keep class **.ParameterizedTypeTest.class { <fields>; <methods>; } -keep class ** { <fields>; <methods>; } # Keep - Applications. Keep all application classes, along with their 'main' # methods. -keepclasseswithmembers public class * { public static void main(java.lang.String[]); } # Also keep - Enumerations. Keep the special static methods that are required in # enumeration classes. -keepclassmembers enum * { public static **[] values(); public static ** valueOf(java.lang.String); } # Also keep - Database drivers. Keep all implementations of java.sql.Driver. -keep class * extends java.sql.Driver # Also keep - Swing UI L&F. Keep all extensions of javax.swing.plaf.ComponentUI, # along with the special 'createUI' method. -keep class * extends javax.swing.plaf.ComponentUI { public static javax.swing.plaf.ComponentUI createUI(javax.swing.JComponent); } # Keep names - Native method names. Keep all native class/method names. -keepclasseswithmembers,allowshrinking class * { native <methods>; } # Keep names - _class method names. Keep all .class method names. This may be # useful for libraries that will be obfuscated again with different obfuscators. -keepclassmembers,allowshrinking class * { java.lang.Class class$(java.lang.String); java.lang.Class class$(java.lang.String,boolean); } Does anyone have an idea of how to solve this (apart from the obvious workaround to put the relevant files into a seperate jar and not obfuscate it)? Best regards, Stefan

    Read the article

  • constructor injection using Autofac 2 and Named Registration

    - by Thad
    I am currently attempting to remove a number of .Resolve(s) in our code. I was moving along fine until I ran into a named registration and I have not been able to get Autofac resolve using the name. What am I missing to get the named registration injected into the constructor. Registration builder.RegisterType<CentralDataSessionFactory>().Named<IDataSessionFactory>("central").SingleInstance(); builder.RegisterType<ClientDataSessionFactory>().Named<IDataSessionFactory>("client").SingleInstance(); builder.RegisterType<CentralUnitOfWork>().As<ICentralUnitOfWork>().InstancePerDependency(); builder.RegisterType<ClientUnitOfWork>().As<IClientUnitOfWork>().InstancePerDependency(); Current class public class CentralUnitOfWork : UnitOfWork, ICentralUnitOfWork { protected override ISession CreateSession() { return IoCHelper.Resolve<IDataSessionFactory>("central").CreateSession(); } } Would Like to Have public class CentralUnitOfWork : UnitOfWork, ICentralUnitOfWork { private readonly IDataSessionFactory _factory; public CentralUnitOfWork(IDataSessionFactory factory) { _factory = factory; } protected override ISession CreateSession() { return _factory.CreateSession(); } }

    Read the article

  • Preventing LDAP injection

    - by Matias
    I am working on my first desktop app that queries LDAP. I'm working in C under unix and using opends, and I'm new to LDAP. After woking a while on that I noticed that the user could be able to alter the LDAP query by injecting malicious code. I'd like to know which sanitizing techniques are known, not only for C/unix development but in more general terms, i.e., web development etc. I thought that escaping equals and semicolons would be enough, but not sure. Here is a little piece of code so I can make clearer the question: String ldapSearchQuery = "(cn=" + $userName + ")"; System.out.println(ldapSearchQuery); Obviously I do need to sanitize $userName, as stated in this OWASP ARTICLE

    Read the article

  • determine if chipset is capable off packet injection and monitor mode

    - by Richard
    Hi, I am new to linux and I want to know if my chipset is capable off doing those things My chipset is a intel centrino advanced 6200-n on a sony vayo laptop running on windows 7. Now, I know that windows is only capable off listening, so I boot backtrack 4 from a usb stick. I also want to know if a live distribution can work flawlessly with the wificard even if it does not support formentioned things, because I try'd to use wget to download something and it says it ca not resolve the address? thanks, Richard

    Read the article

  • Simple factory to retrieve files using constructor dependency injection

    - by mrblah
    I want to create a class, that is flexible so I can switch implementations. Problem: Store files/documents Options: either store locally on the server filesystem, database or etc. Can someone help with a skeleton structure of the class, and how I would call it? I am not using an IoC, and don't really want to just yet. I just want the flexibility where I would make maybe 1 code change in the factory to call another implementation.

    Read the article

  • Debugging site written mainly in JScript with AJAX code injection

    - by blumidoo
    Hello, I have a legacy code to maintain and while trying to understand the logic behind the code, I have run into lots of annoying issues. The application is written mainly in Java Script, with extensive usage of jQuery + different plugins, especially Accordion. It creates a wizard-like flow, where client code for the next step is downloaded in the background by injecting a result of a remote AJAX request. It also uses callbacks a lot and pretty complicated "by convention" programming style (lots of events handlers are created on the fly based on certain object names - e.g. current page name, current step name). Adding to that, the code is very messy and there is no obvious inner structure - the functions are scattered in the code, file names do not reflect the business role of the code, lots of functions and code snippets are most likely not used at all etc. PROBLEM: How to approach this code base, so that the inner flow of the code can be sort-of "reverse engineered" using a suite of smart debugging tools. Ideally, I would like to be able to attach to the running application and step through the code, breaking on each new function call. Also, it would be nice to be able to create a "diagram of calls" in the application (i.e. in order to run a particular page logic, this particular flow of function calls was executed in a particular order). Not to mention to be able to run a coverage analysis, identifying potentially orphaned code fragments. I would like to stress out once more, that it is impossible to understand the inner logic of the application just by looking at the code itself, unless you have LOTS of spare time and beer crates, which I unfortunately do not have :/ (shame...) An IDE of some sort that would aid in extending that code would be also great, but I am currently looking into possibility to use Visual Studio 2010 to do the job, as the site itself is a mix of Classic ASP and ASP.NET (I'd say - 70% Java Script with jQuery, 30% ASP). I have obviously tried FireBug, but I was unable to find a way to define a breakpoint or step into the code, which is "injected" into the client JS using AJAX calls (i.e. the application retrieves the code by invoking an URL and injects it to the client local code). Venkman debugger had similar issues. Any hints would be welcome. Feel free to ask additional questions.

    Read the article

  • Action Filter Dependency Injection in ASP.NET MVC 3 RC2 with StructureMap

    - by Ben
    Hi, I've been playing with the DI support in ASP.NET MVC RC2. I have implemented session per request for NHibernate and need to inject ISession into my "Unit of work" action filter. If I reference the StructureMap container directly (ObjectFactory.GetInstance) or use DependencyResolver to get my session instance, everything works fine: ISession Session { get { return DependencyResolver.Current.GetService<ISession>(); } } However if I attempt to use my StructureMap filter provider (inherits FilterAttributeFilterProvider) I have problems with committing the NHibernate transaction at the end of the request. It is as if ISession objects are being shared between requests. I am seeing this frequently as all my images are loaded via an MVC controller so I get 20 or so NHibernate sessions created on a normal page load. I added the following to my action filter: ISession Session { get { return DependencyResolver.Current.GetService<ISession>(); } } public ISession SessionTest { get; set; } public override void OnResultExecuted(System.Web.Mvc.ResultExecutedContext filterContext) { bool sessionsMatch = (this.Session == this.SessionTest); SessionTest is injected using the StructureMap Filter provider. I found that on a page with 20 images, "sessionsMatch" was false for 2-3 of the requests. My StructureMap configuration for session management is as follows: For<ISessionFactory>().Singleton().Use(new NHibernateSessionFactory().GetSessionFactory()); For<ISession>().HttpContextScoped().Use(ctx => ctx.GetInstance<ISessionFactory>().OpenSession()); In global.asax I call the following at the end of each request: public Global() { EndRequest += (sender, e) => { ObjectFactory.ReleaseAndDisposeAllHttpScopedObjects(); }; } Is this configuration thread safe? Previously I was injecting dependencies into the same filter using a custom IActionInvoker. This worked fine until MVC 3 RC2 when I started experiencing the problem above, which is why I thought I would try using a filter provider instead. Any help would be appreciated Ben P.S. I'm using NHibernate 3 RC and the latest version of StructureMap

    Read the article

  • Autofac / MVC4 / WebApi (RC) Dependency Injection issue after upgrading from beta

    - by George D.
    var resolver = new AutofacWebApiDependencyResolver(container); configuration.ServiceResolver.SetResolver(resolver); after updating to ASP.NET MVC4 (RC) I get the following error: 'System.Web.Http.HttpConfiguration' does not contain a definition for 'ServiceResolver' and no extension method 'ServiceResolver' accepting a first argument of type 'System.Web.Http.HttpConfiguration' could be found (are you missing a using directive or an assembly reference?) I realize after reading this (http://www.asp.net/web-api/overview/extensibility/using-the-web-api-dependency-resolver) that these interfaces have changed, but I am not sure how to apply this change to how I use Autofac. Do i need to wait for a new release from Autofac or is there another way I can get past this.

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >