Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 165/3920 | < Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >

  • Retrieving all objects in code upfront for performance reasons

    - by ming yeow
    How do you folks retrieve all objects in code upfront? I figure you can increase performance if you bundle all the model calls together? This makes for a bigger deal, especially if your DB cannot keep everything in memory def hitDBSeperately { get X users ...code get Y users... code get Z users... code } Versus: def hitDBInSingleCall { get X+Y+Z users code for X code for Y... }

    Read the article

  • Paypal's "Security header is not valid"

    - by Paypal
    I'm implementing the Express Checkout? I have no problem with the first two steps:SetExpressCheckout and GetExpressCheckout,but met the "Security header is not valid" at DoExpressCheckout. The API credentials are the same! I've fixed it by changing the $environment to live in DoExpressCheckout.(The difference is that it'll use https://api.sandbox.paypal.com/nvp/ instead of https://api-3t.$environment.paypal.com/nvp) But why? Is there something wrong with https://api-3t.$environment.paypal.com/nvp?

    Read the article

  • Turn off IIS 7.5 Attach security warning

    - by Miau
    IIS 7 and Visual Studio 2008, every time you attach to w3wp.exe you get an Attach Security Warning, How do you turn this of? It would be cool to know also, how to keep it attached for linger, as this seems to time out after a while Btw: I Added this as a comment to the answer below, the first thing i did was try the msdn article http://msdn.microsoft.com/en-us/library/ms241736.aspx that doesn't work

    Read the article

  • Make a Method of the Business Layer secure. best practice / best pattern

    - by gsharp
    We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-)

    Read the article

  • Make a Method of the Business Layer secure. best practice / best pattern [.net/c#]

    - by gsharp
    Hi We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-) Thanks for you help.

    Read the article

  • Windows Console .exe won't run if it's downloaded from the internet

    - by Jason Kester
    I have a nightly job on Windows Server 2003 that automatically updates itself by downloading its .exe from Amazon S3. I've noticed that when it performs the download and tries to run the newly downloaded .exe, it is immediately kicked back to the command line without actually running anything. I can verify this by sticking the new version of the code directly on the server and watching it execute successfully, then uploading it to the "update" server, running the bootstrapper then running the .exe and observing it fail to execute. I can only assume that this is due to Windows protecting me from running code from outside its trusted zone. How does a fella go about configuring it to allow code from this particular external location to execute? Thanks!

    Read the article

  • Is WinRT really as secure as it's made out to be?

    - by IDWMaster
    Prior to releasing Windows 8, Microsoft claimed that all WinRT apps are cleanly removed from your computer after uninstalling them, and that WinRT apps should not interfere with other running applications, because they are ran in a "sandboxed" environment. Microsoft has also claimed numerous times on Channel9 that Windows 8 apps are not ran in a VM. So my question is; are these claims accurate? If the application is not running inside of a VM, how is it possible to protect the system against malicious code at runtime, assuming the attacker was able to bypass the screening process of the Windows Store system? Microsoft allows "native code" in WinRT apps, so wouldn't it be possible (using hand-coded assembly or some odd pointer manipulation trick to call functions outside of the sandboxed environment and interfere with the rest of the system, if it's really "native code" and not some VM?

    Read the article

  • How can i run code on the client side from a browser?

    - by acidzombie24
    With LLVM and silverlight this may be possible now (or it may be possible with flash). I like the user to select a file and then do the following things 1) Hash it with md5 and sha1 2) If archive check if an exe is in it 3) If archive check if password protected The first to see if the user has uploaded it already (today, yesterday, last month) 2nd to prevent viruses 3rd i should be fine without but if i decide to not allow protected archives i can warn before the user uploads it. How may i do this through the browser?

    Read the article

  • osCommerce Security Issue

    - by Auxi
    Hi, I am planning to integrate some opensource shopping cart with my site and I am bit worried about it's security. Is it that easy to hack osCommerce based website? Because I am thinking to use osCommerce.. Kindly advise.

    Read the article

  • Where can I find a deliberately insecure open source web application?

    - by Phil Laliberte
    As a developer, I've learned that I usually gain a better understanding of best/worst practices through experience. The area of web application security isn't really somewhere where my organization can afford to let developers learn through trial and error. So looking for a hands-on approach to knowledge sharing of best practices in web application security, I was thinking that it would be useful to have an open source application that was deliberately built to be insecure in order to help teach junior developers about application security. Does anyone out there know where to find something like this?

    Read the article

  • How to avoid Eclipse warnings when using legacy code without generics?

    - by Paul Crowley
    I'm using JSON.simple to generate JSON output from Java. But every time I call jsonobj.put("this", "that"), I see a warning in Eclipse: Type safety: The method put(Object, Object) belongs to the raw type HashMap. References to generic type HashMap should be parameterized The clean fix would be if JSONObject were genericized, but since it isn't, I can't add any generic type parameters to fix this. I'd like to switch off as few warnings as possible, so adding "@SuppressWarnings("unchecked")" to lots of methods is unappealing, but do I have any other option besides putting up with the warnings?

    Read the article

  • gwt seperate modules with no code sharing

    - by Code freak
    Hi, I have to make a web application using GWT. The project has a core module that'll expose a set of apis to be used by other apps; each of these app are unrelated. Each shall be loaded in a separate iframe. My idea was to compile core into core.js and each app shall have its own app1.js app2.js and so on... App1 script type="text/javascript" src="core.js" ></script> script type="text/javascript" src="app1.js" ></script> with this design, due to browser caching, each app laod only the app.js which should be smaller ~20kb in size. Making a core module is straightforward but the apps are problematic. The reason being after compilation, each app contains the entire GWT library - this substantially increases the download size of the complete webapp. Can anyone suggest a way to get aroung this problem ? I've checked similar questions on SO, but failed to find a simple working answer fr the problem. Thanks for any help.

    Read the article

  • Compromising design & code quality to integrate with existing modules

    - by filip-fku
    Greetings! I inherited a C#.NET application I have been extending and improving for a while now. Overall it was obviously a rush-job (or whoever wrote it was seemingly less competent than myself). The app pulls some data from an embedded device & displays and manipulates it. At the core is a communications thread in the main application form which executes a 600+ lines of code method which calls functions all over the place, implementing a state machine - lots of if-state-then-do type code. Interaction with the device is done by setting the state/mode globally and letting the thread do it's thing. (This is just one example of the badness of the code - overall it is not very OO-like, it reminds of the style of embedded C code the device firmware is written in). My problem is that this piece of code is central to the application. The software, communications protocol or device firmware are not documented at all. Obviously to carry on with my work I have to interact with this code. What I would like some guidance on, is whether it is worth scrapping this code & trying to piece together something more reasonable from the information I can reverse engineer? I can't decide! The reason I don't want to refactor is because the code already works, and changing it will surely be a long, laborious and unpleasant task. On the flip side, not refactoring means I have to sometimes compromise the design of other modules so that I may call my code from this state machine! I've heard of "If it ain't broke don't fix it!", so I am wondering if it should apply when "it" is influencing the design of future code! Any advice would be appreciated! Thanks!

    Read the article

  • Is there a website to lookup already common code functions?

    - by pinnacler
    I'm sitting here writing a function that I'm positive has been written before, somewhere on earth. It's just too common to have not been attempted, and I'm wondering why I can't just go to a website and search for a function that I can then copy and paste into my project in 2 seconds, instead of wasting my day reinventing the wheel. Sure there are certain libraries you can use, but where do you find these libraries and when they are absent, is there a site like I'm describing?

    Read the article

  • Versioning code in two separate projects concurently with subverison

    - by Matt1776
    I have a need to create a library of Object Oriented PHP code that will see much reuse and aspires to be highly flexible and modular. Because of its independent nature I would like it to exist as its own SVN project. I would like to be able to create a new web project, save it in SVN as its own separate project, and include within it the library project code as well. During this process, while coding the web application code and making commits, I may need to add a class to the library. I would like to be able to do so and commit those changes back to the libraries project code. In light of all this I could manage the code in two ways Commit the changes to the library back to a branch of its original base project code and make the branch name relevant to the web project I was using it with Commit the changes to the library back to the original code, growing it in size regardless of any specific references that might exist. I have two questions How can I include this library project code into a new project yet not break the subversion functionality, i.e. allowing me to make changes to each project individually? How I can keep the code synchronized? If I choose the first method of managing the library code I may want to grab changes from another branch and pull it in for use in another.

    Read the article

  • Storing a NTFS Security Descriptor in C

    - by Doori Bar
    My goal is to store a NTFS Security Descriptor in its identical native state. The purpose is to restore it on-demand. I managed to write the code for that purpose, I was wondering if anybody mind to validate a sample of it? (The for loop represents the way I store the native descriptor) This sample only contains the flag for "OWNER", but my intention is to apply the same method for all of the security descriptor flags. I'm just a beginner, would appreciate the heads up. Thanks, Doori Bar #define _WIN32_WINNT 0x0501 #define WINVER 0x0501 #include <stdio.h> #include <windows.h> #include "accctrl.h" #include "aclapi.h" #include "sddl.h" int main (void) { DWORD lasterror; PSECURITY_DESCRIPTOR PSecurityD1, PSecurityD2; HANDLE hFile; PSID owner; LPTSTR ownerstr; BOOL ownerdefault; int ret = 0; unsigned int i; hFile = CreateFile("c:\\boot.ini", GENERIC_READ | ACCESS_SYSTEM_SECURITY, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL); if (hFile == INVALID_HANDLE_VALUE) { fprintf(stderr,"CreateFile() failed. Error: INVALID_HANDLE_VALUE\n"); return 1; } lasterror = GetSecurityInfo(hFile, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION , &owner, NULL, NULL, NULL, &PSecurityD1); if (lasterror != ERROR_SUCCESS) { fprintf(stderr,"GetSecurityInfo() failed. Error: %lu;\n", lasterror); ret = 1; goto ret1; } ConvertSidToStringSid(owner,&ownerstr); printf("ownerstr of PSecurityD1: %s\n", ownerstr); /* The for loop represents the way I store the native descriptor */ PSecurityD2 = malloc( GetSecurityDescriptorLength(PSecurityD1) * sizeof(unsigned char) ); for (i=0; i < GetSecurityDescriptorLength(PSecurityD1); i++) ((unsigned char *) PSecurityD2)[i] = ((unsigned char *) PSecurityD1)[i]; if (IsValidSecurityDescriptor(PSecurityD2) == 0) { fprintf(stderr,"IsValidSecurityDescriptor(PSecurityD2) failed.\n"); ret = 2; goto ret2; } if (GetSecurityDescriptorOwner(PSecurityD2,&owner,&ownerdefault) == 0) { fprintf(stderr,"GetSecurityDescriptorOwner() failed."); ret = 2; goto ret2; } ConvertSidToStringSid(owner,&ownerstr); printf("ownerstr of PSecurityD2: %s\n", ownerstr); ret2: free(owner); free(ownerstr); free(PSecurityD1); free(PSecurityD2); ret1: CloseHandle(hFile); return ret; }

    Read the article

  • default file/folder security permissions sbs 2003

    - by Floris
    I have lost all file/folder security permissions of a SBS 2003 installation and was wondering is there some command I can run to restore system file/folder permissions to there default values. I lost the permissions when I had boot error and had to restore the primary boot sector from backup primary boot sector and had to tun fixboot to get the system booting again. Many Thanks Floris

    Read the article

  • Writable folder by all users on the same pc

    - by Catalin DICU
    I have a desktop .NET WPF application witch uses an embedded database (SQLite). Where to put the database file ? It's the same database for all users. I tried to use CommonAppData but it's not writable by non-admin users. So I tried to use a custom installer action to give write rights to all users to this folder but it fails on domain PCs. The code is: DirectorySecurity security = Directory.GetAccessControl(appDataPath); FileSystemAccessRule rule = new FileSystemAccessRule("Users", FileSystemRights.WriteData, InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit, PropagationFlags.InheritOnly, AccessControlType.Allow); security.AddAccessRule(rule); Directory.SetAccessControl(appDataPath, security); Would ".\Users" insead of "Users" work on a domain ? Is this the best approach ? Is there any other folder I could use ?

    Read the article

  • CXF code first service, WSDL generation; soap:address changes?

    - by jcalvert
    I have a simple Java interface/implementation I am exposing via CXF. I have a jaxws element in my Spring configuration file like this: <jaxws:endpoint id="managementServiceJaxws" implementor="#managementService" address="/jaxws/ManagementService" > </jaxws:endpoint> It generates the WSDL from my annotated interface and exposes the service. Then when I hit http://myhostname/cxf/jaxws/ManagementService?wsdl I get a lovely WSDL. At the bottom in the wsdl:service element, I'll see <soap:address location="http://myhostname/cxf/jaxws/ManagementService"/> However, some time a day or so later, with no application restart, hitting that same url produces: This causes a number of problems, but what I really want is to fix it. Right now, there's a particular client to the webservice that sets the endpoint to localhost; because it runs on the same machine. Is it possible the wsdl is getting regenerated and cached and then exposing the 'localhost' version? In part I don't know the exact mechanism by which one goes from a ?wsdl request in CXF to the response. It seems almost certain that it's retrieving some cached version, given that it's supposed to be determining the address by asking the servletcontainer (Jetty). For reference I know a stopgap solution is using the hostname on the client and making sure an alias in place so that it goes over the loopback. EDIT: For reference, I confirmed that if I bring my application up and first hit it over localhost, then querying for the wsdl via the hostname shows the address as localhost. Conversely, first hitting it over the hostname causes localhost requests to show the hostname. So obviously something is getting cached here.

    Read the article

  • Is there a preferred method of including the source code(s) of other software you've used in your ap

    - by Adam S
    I've used a few F/OSS libraries in my commercial application. As per their licenses, I am obligated to include their source codes along with my VS2008 application. This is my first time making a "real" commercial application, and I would appreciate some advice on how best to go about including their source codes. I don't want to package them as zip files alongside my installed. I still want my installer to be a single file.

    Read the article

  • When I use WinForms (C#) designer in VS2010, it still generates code that StyleCop complains about.

    - by Hamish Grubijan
    Some problems that I recall (there may be more): Includes regions Does not use this. prefix for member variables and methods Includes comments like the one below ( having // by itself catches the eye of StyleCop) // // fileNameTextBox // If I make a change to the text, and then open the designer again, and screws up my previously perfected fruits of hard labor. How did / would you solve this problem? I heard but did not personally experience a similar problem with WPF. How did / would you fix that? Thanks.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 161 162 163 164 165 166 167 168 169 170 171 172  | Next Page >