Search Results

Search found 5998 results on 240 pages for 'rise against'.

Page 139/240 | < Previous Page | 135 136 137 138 139 140 141 142 143 144 145 146  | Next Page >

• Is it possible for a XSS attack to obtain HttpOnly cookies?

  - by Dan Herbert

  Reading this blog post about HttpOnly cookies made me start thinking, is it possible for an HttpOnly cookie to be obtained through any form of XSS? Jeff mentions that it "raises the bar considerably" but makes it sound like it doesn't completely protect against XSS. Aside from the fact that not all browser support this feature properly, how could a hacker obtain a user's cookies if they are HttpOnly? I can't think of any way to make an HttpOnly cookie send itself to another site or be read by script, so it seems like this is a safe security feature, but I'm always amazed at how easily some people can work around many security layers. In the environment I work in, we use IE exclusively so other browsers aren't a concern. I'm looking specifically for other ways that this could become an issue that don't rely on browser specific flaws.

  Read the article

• ASP.NET MVC: Is is possible to set a global variable?

  - by Sergio

  Hello, I have a process within my MVC 2 application that takes a large amount of time and alters many rows in the database in the process. There is a chance that two or more users could attempt to perform this action at the same time, which would lead to undesirable effects. Is there a way to set a global flag somewhere within asp.net that I can check against all requests to see if the action in question is currently being executed? (a bit that I flip prior to running query, and then then flip back on completition) Or is there a better way of handling this situation? Thanks

  Read the article

• .NET Conditional Callback on a type.

  - by Mahesh

  I have a stock price which changes by nature all the time. And, there will be many users who wants to buy that stock. Let's say that the stock price is started at 10 and let's say, 30 people bid for 10.98, 20 people bid for 7.45, 100 people bid for 8.99. During the day, the stock price can touch any of these values, and if that happens, I want to execute all the orders for users who quoted that price. Technically, I am storing in a List. Whenever the price changes, I am checking against all the values in the list and executing those that satisfy the quoted price. Class Bids { string stockname; double quote; } Is there any better alternative way to callback the satisfied items in the list rather than checking all the items whenever there is a change?? If storing in a list is not right way of doing it, let me know the best way.

  Read the article

• Is there a security issue with using javascript to manipulate cookies?

  - by Scarface

  Hey guys, another quick question for the experts. I have an alert box that displays updates processed in php to the user just like this site. I want to make it so that if the user closes the box, then it will not pop up for another 5 minutes (unless they check the messages then it will not pop up because the entries that cause the pop up are deleted in the database). On the close of the box I was thinking of giving the user a javascript cookie, since the alert box is done in javascript. I was wondering if this was a bad coding practice, since I am kind of unfamiliar with cookies and was warned against them before. If anyone has any advice or can recommend a better way, I would really appreciate it.

  Read the article

• An appropriate C API for inspecting attribute values

  - by uk82

  There are two obvious ways in C to provide outside access to internal attribute values (A) provide a generic interface that accepts a list of attributes that changes over time (some added / some die) or (B) a specific interface for each and every attribute. Example A: int x_get_attribute_value(ATT att) { if (a) return a_val; if (b) return b_val; } Example B: A_Enum x_get_a_type_attribute() {} B_Enum x_get_b_type_attribute() {} I recall that Eclipse's API is very much like A (I could be wrong). What I can't do is come up with a compelling argument against either. A is clean - any user will no where to go to find out a property value. It can evolve cleanly without leaving dead interfaces around. B has type checking to a degree - this is C enums! Is there a big hitter argument that pushes the balance away from opinion?

  Read the article

• Are there any widely used non-commercial software licenses?

  - by Lillemanden

  I'm am looking into releasing the sourcecode for a project for non-commercial use. GPL and similar licenses are not non-commercial, but I don't want end up competing against software I wrote, so I can't use them. Are there non-commercial software licenses? Preferably some that are at least somewhat known. For know I thinking to use Creative Commons Attribution-Noncommercial-Share Alike 3.0. But Creative Commons don't recommend using their licenses for software, but using software specific licenses instead.

  Read the article

• What is your company's stance on Developers using Laptops?

  - by codepunk

  I am a developer and my company is moving towards a "no laptop" policy in fear of them being lost or stolen and source code being compromised. Now I don't work for NASA, the military or anything labeled Top Secret but our code is very important to our business nonetheless (as all source code would be). I'll be honest, I disagree with this policy against laptops and wanted to see what others think. I'd like to know: What is your team/company's stance on laptops Your company's size and/or field (small, medium or large, Fortune 500, etc). Whether you've had to take any extra precautions (signing any additional legal, ensure your hard drive is encrypted, etc). Thanks!

  Read the article

• can I prohibit users from loading swf files by AS3 / Flash Loader.load() and only allow loading imag

  - by EndangeringSpecies

  I want to have an AS3 app load images from url supplied by the user. But I don't want a malicious user to be able to load an SWF file in place of the image, such as with an altered extension "maliciousSwf.png". Well, not sure how big a security threat that is above and beyond the ability of the hacker to decompile swf, but I think that ideally such behavior should not be allowed. So, is there any way to prevent this? When people allow users to load images in their Flash apps, do they somehow guard against loading of SWF? Or is this really absolutely no big deal?

  Read the article

• regex pattern to match only strings that don't contain spaces PHP

  - by Jamex

  Hi, I want to match the word/pattern that is contained in the variable, but only match against the words that don't have white spaces. Please give suggestions. $var = 'look'; $array = ('look', 'greatlook', 'lookgreat', 'look great', 'badlook', 'look bad', 'look ', ' look'); matches words: look, greatlook, lookgreat, badlook non matches: look great, bad look, look (trailing space(s)), (space(s)) look. The syntax of the below functions are OK, but it matches everything $match = preg_grep ("/$var/", $array); $match = preg_grep ("/^$var/", $array); (match words with 'look' at the start) but when I include the [^\s], it gives an error $match = preg_grep ("/$var[^\s]/", $array); Parse error: syntax error, unexpected '^', expecting T_STRING or T_VARIABLE TIA

  Read the article

• Overlapping images w/ image maps obstructing each other

  - by Hamster

  Information: The images have large transparent sections, so each must be overlapped to create the needed effect. Specifically, the clickable portions of each image are in weird trapezoid shapes meant to be pressed up against each other. Images have image maps with large portions being overlapped by the transparent portions of other nearby (trapezoid) images. I don't expect any change in z indexes will solve this... Combining the image files into a larger single one to overlay a single image map for each section seems less than ideal, especially since I may need to re-order or rename them later and such. Never mind hover animations and other possibilities down the road. What would be the best workaround?

  Read the article

• Most efficient way for a lookup/search in a huge list (python)

  - by user229269

  Hey guys, -- I just parsed a big file and I created a list containing 42.000 strings/words. I want to query [against this list] to check if a given word/string belongs to it. So my question is: What is the most efficient way for such a lookup? A first approach is to sort the list [list.sort()] and then just use the if word in list: print 'word' -- which is really trivial and I am sure there is a better way to do it. My goal is to apply a fast lookup that finds whether a given string is in this list or not. If you have any ideas of another data structure, they are welcome. Yet, I want to avoid for now more sophisticated data-structures like Tries etc. I am interested in hearing ideas (or tricks) about fast lookups or any other python library methods that might do the search faster than the simple 'in'. Thanks in advance!

  Read the article

• In C, would !~b ever be faster than b == 0xff ?

  - by James Morris

  From a long time ago I have a memory which has stuck with me that says comparisons against zero are faster than any other value (ahem Z80). In some C code I'm writing I want to skip values which have all their bits set. Currently the type of these values is char but may change. I have two different alternatives to perform the test: if (!~b) /* skip */ and if (b == 0xff) /* skip */ Apart from the latter making the assumption that b is an 8bit char whereas the former does not, would the former ever be faster due to the old compare to zero optimization trick, or are the CPUs of today way beyond this kind of thing?

  Read the article

• MasterPage Page_Load hits before Grid_ItemCommand

  - by Raheel Khan

  I am using the session object to store success/error messages based on user actions. On each postback, the message is set on ItemCommend and retrieved on the Page_Load of the master page. Once retrieved, the message is deleted from the session. The problem is that the master page's Page_Load gets called before the ItemCommand gets called so the message does not show up until the next refresh or postback. How is this situation normally handled? Is there some other event we can code against?

  Read the article

• Is there a security issue with using javascript cookies?

  - by Scarface

  Hey guys, another quick question for the experts. I have an alert box that displays updates processed in php to the user just like this site. I want to make it so that if the user closes the box, then it will not pop up for another 5 minutes (unless they check the messages then it will not pop up because the entries that cause the pop up are deleted in the database). On the close of the box I was thinking of giving the user a javascript cookie, since the alert box is done in javascript. I was wondering if this was a bad coding practice, since I am kind of unfamiliar with cookies and was warned against them before. If anyone has any advice or can recommend a better way, I would really appreciate it.

  Read the article

• delphi "Invalid use of keyword" in TQuery

  - by Baldric

  I'm trying to populate a TDBGrid with the results of the following TQuery against the file Journal.db: select * from Journal where Journal.where = "RainPump" I've tried both Journal."Where" and Journal.[Where] to no avail. I've also tried: select Journal.[Where] as "Location" - with the same result. Journal.db is a file created by a third party and I am unable to change the field names. The problem is that the field I'm interested in is called 'where' and understandably causes the above error. How do I reference this field without causing the BDE (presumably) to explode?

  Read the article

• Cheapest way to go for somebody who wants to accept payments, but won't be accepting hundreds of ord

  - by blockhead

  I have a client who lectures, and wants to sell spots to his lecture online. I would preferably like to set him up with a solution that allows me to collect billing information on his site. My experience with e-commerce is in using solutions like Authorize.net, however this does not seem cost effective since I can't imagine he's making a huge profit off of this. I'm afraid he would lose money in the cost of using Authorize.net (or any payment gateway for the matter). I could use google checkout or paypal express, but this would require me to leave his site (although with google checkout, it looks like, from a glance, that I could just submit to their form from my server, and likely with paypal as well, but I don't know if this is against their TOS). What is the most cost-effective solution for accepting credit card payments in this situation?

  Read the article

• JSONP Implications with true REST

  - by REA_ANDREW

  From my understanding JSONP can only be achieved using the GET verb. Assuming this is true which I think it is, then this rules out core compliance with true REST in which you should make use of different verbs i.e. GET,PUT,POST,DELETE etc... for different and specific purposes. My question is what type of barriers am I likely to come up against if I where to say allow updating and deleting of resources using a JSONP service using a get request. Is it better practice to offer a JSON service and state that the user will need a server side proxy to consume using JavaScript XDomain? Cheers , Andrew

  Read the article

• how to modify a json array with jQuery

  - by Emin

  I have the following json array of objects in my code var groups = [ { "gid": 28, "name": "Group 1", "ishidden": false, "isprivate": false }, { "gid": 16, "name": "Group 2", "ishidden": true, "isprivate": false }, { "gid": 31, "name": "Group 3", "ishidden": true, "isprivate": false }, { "gid": 11, "name": "Group 4", "ishidden": false, "isprivate": false }, { "gid": 23, "name": "Group 5", "ishidden": false, "isprivate": false } ]; I can access or iterate through this with no problm using jQuery. However a situation arose where I need to change a value of one of the items (e.g. change the ishidden property to true for gid: 28) and then run some other jQuery function against it. Is this possible? or do I have to re-build the whole object ? If possible, how can I achieve this? any help would be appreciated!

  Read the article

• Is re-using a Command and Connection object in ado.net a legitimate way of reducing new object creat

  - by Neil Trodden

  The current way our application is written, involves creating a new connection and command object in every method that access our sqlite db. Considering we need it to run on a WM5 device, that is leading to hideous performance. Our plan is to use just one connection object per-thread but it's also occurred to us to use one global command object per-thread too. The benefit of this is it reduces the overhead on the garbage collector created by instantiating objects all over the place. I can't find any advice against doing this but wondered if anyone can answer definitively if this is a good or bad thing to do, and why?

  Read the article

• php $_REQUEST data is only half-decoded

  - by hackmaster.a

  I am retrieving a url via querystring. I need to pass it again to the next page. When I retrieve it the first time, using $_REQUEST['url'], only the slashes are decoded, e.g: http://example.com/search~S10?/Xllamas&searchscope=10&SORT=D/Xllamas&searchscope=10&SORT=D&SUBKEY=llamas/51%2C64%2C64%2CB/browse The php docs page for urldecode advises against decoding request data, and says that it will already be decoded. I need it either completely decoded, so I can encode it again without double-encoding some parts, or not decoded at all. I'm not sure why my experience of this data is incongruous with the php docs. Appreciate any help or pointers to same!!

  Read the article

• Issues with format in reporting services

  - by Greg Lorenz

  In a report a have a cell that contains a System.Decimal type value. I am using the cells format property to format the value to "D2". This works in VS but not when I run the report on the report server or in my application. If I switch the format string to "0.00" then it works. The confusing part is that it seems that sometimes it works and sometimes it doesn't. Does anyone have any viable explaination for this? I'm not particularly confortable with saying "sometimes it works and sometimes it doesn't"! Is this something that might happen when you have a report written in VS2005 but is running using sql server 2008. I ask because I noticed that when we run the report in our application which is using sql server 2005 it works fine but when we run it against the application where the report is VS2005 and the sql server is 2008 that is where the issue occurs. Thanks.

  Read the article

• Which external DSLs do you like to use?

  - by Max Toro

  The reason I'm asking is because right now there seems to be tendency to make DSLs internal. One example is LINQ in C# and VB. You can use it against in-memory objects, or you can use it as a replacement of SQL or other external DSL. Another example is HTML5 vs XHTML2. XHTML2 supported decentralized extensibility through namespaces, in other words you embed external DSL code (XForms, SVG, MathML, etc.) in your XHTML code. Sadly HTML5 doesn't seem to have such mechanism, instead new features are internal (e.g. <canvas> instead of SVG). I'd like to know what other developers think about this. Do you like using external DSLs ? Which ones ? If not, why ?

  Read the article

• Including the functionality of a tool within another program?

  - by darren

  Hi there I would like to write an application, for my own interest, that graphically visualizes some network concepts. Basically I would like to show the output from tools like ping, traceroute and nmap. The most obvious approach seems to be to use pipes to call out to these tools from my C program, and process the information they return. However, I would like to avoid this heavy-handed approach if possible. My question is, is it possible to somehow link against these tools, or are there APIs that can be used to gain programatic access instead? If so, is this behavior available on a tool-by-tool basis only? One reason for wanting to do this is to keep everything in a single process / address space and to avoid dependance on these external tools. For example, if I wrote an iphone application, I would not be able to spawn processes to call out to the external tools themselves. Thanks for any advice or suggestions.

  Read the article

• Oracle (PL/SQL): Is UPDATE RETURNING concurrent?

  - by Jaap

  I'm using table with a counter to ensure unique id's on a child element. I know it is usually better to use a sequence, but I can't use it because I have a lot of counters (a customer can create a couple of buckets and each of them needs to have their own counter, they have to start with 1 (it's a requirement, my customer needs "human readable" keys). I'm creating records (let's call them items) that have a prikey (bucket_id, num = counter). I need to guarantee that the bucket_id / num combination is unique (so using a sequence as prikey won't fix my problem). The creation of rows doesn't happen in pl/sql, so I need to claim the number (btw: it's not against the requirements to have gaps). My solution was: UPDATE bucket SET counter = counter + 1 WHERE id = param_id RETURNING counter INTO num_forprikey; PL/SQL returns var_num_forprikey so the item record can be created. Question: Will I always get unique num_forprikey even if the user concurrently asks for new items in a bucket?

  Read the article

• ASP Classic Named Parameter in Paramaterized Query: Must declare the scalar variable

  - by My Alter Ego

  I'm trying to write a parameterized query in ASP Classic, and it's starting to feel like i'm beating my head against a wall. I'm getting the following error: Must declare the scalar variable "@something". I would swear that is what the hello line does, but maybe i'm missing something... <% OPTION EXPLICIT %> <!-- #include file="../common/adovbs.inc" --> <% Response.Buffer=false dim conn,connectionString,cmd,sql,rs,parm connectionString = "Provider=SQLOLEDB.1;Integrated Security=SSPI;Data Source=.\sqlexpress;Initial Catalog=stuff" set conn = server.CreateObject("adodb.connection") conn.Open(connectionString) set cmd = server.CreateObject("adodb.command") set cmd.ActiveConnection = conn cmd.CommandType = adCmdText cmd.CommandText = "select @something" cmd.NamedParameters = true cmd.Prepared = true set parm = cmd.CreateParameter("@something",advarchar,adParamInput,255,"Hello") call cmd.Parameters.append(parm) set rs = cmd.Execute if not rs.eof then Response.Write rs(0) end if %>

  Read the article

< Previous Page | 135 136 137 138 139 140 141 142 143 144 145 146  | Next Page >