Search Results

Search found 601 results on 25 pages for 'bank'.

Page 17/25 | < Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >

  • Adding Postgres table cells based on same value

    - by russell kinch
    I have a table called expenses. There are numerous columns but the ones involved in my php page are date, spplierinv, amount. I have created a page that lists all the expenses in a given month and totals it at the end. However, each row has a value, but many rows might be on the same supplier invoice.This means adding each row with the same supplierinv to get a total as per my bank statement. Is there anyway I can get a total for the rows based on the supplierinv. I mean say I have 10 rows. 5 on supplierinv 4, two on supplierinv 5 and 3 on supplierinv 12, how can a get 3 figures (inv 4, 5 and 12) and the grand total at the bottom. Many thanks

    Read the article

  • submitHandler is an invalid label

    - by Steven
    Below is the code, I get an error which says that submitHandler is an invalid label $(document).ready(function() { $("#withdraw").validate({ rules: { amount: { required: true, number:true, min:0, max:<?php echo $balance; ?> } , bank:{ required:true, }, cardnumber1: { required: true, minlength:8 }, cardnumber2:{ required:true, equalTo: "#cardnumber1" }, holder:{ required:true, } } }), submitHandler: function(form){ var answer = confirm("Do you really want to withdraw this amount of money from your account?") if (answer){ form.submit(); } else{ return false; } } }); How to solve this problem?

    Read the article

  • C# filter results quarterly

    - by user339067
    Hello! I am writing a simple C# application that is handling bank savings. I want to be able to show the results on either, yearly, monthly or quarterly basic how can this be done? How can I loop through a set of results and only show every third post (if I am using quarterly) for example. In Python I can use range(1,31,3) but how is it done in C#? UPDATE 1 I want to loop 12 times (annually) and calculate the interest each loop but I only want to print the results every third loop (quarterly). How can I achieve this? Please help!

    Read the article

  • Does it make sense to use BOTH mongodb and mysql in the same rails application?

    - by Brian Armstrong
    I have a good reason to use mongodb for part of my app. But people generally describe it as not a good fit for "transactional" applications like a bank where transactions have to be exact/consistent, etc. Does it make sense to split the models up in Rails and have some of them use MySql and others mongo? Or will this generally cause more problems than it's worth? I'm not building a banking app or anything, but was thinking it might make sense for my users table or or transactions table (recording revenue) to do that part in MySql.

    Read the article

  • Choosing between assembler and COBOL

    - by Azares Cob
    I have to rewrite and greatly modify parts of a legacy COBOL application. The COBOL source-code is available (around 100.000 lines of copy & pasted code mixed with GOTOs). Some more details on the system: It is a general management system controlling transactions, bank management, customer data and employees of the company I work for. The COBOL-powered database is about 4 Terabytes distributed over 50 old HDDs. (But messing around with them is the sysadmins job) They are using COBOL85 only. Now I have two options: Rewrite and refactor 50% of the old COBOL system, or use X86 assembly. Should I use X86 assembler or COBOL?

    Read the article

  • String encryption only with numbers?

    - by HH
    Suppose your bank clerk gives you an arbitrary password such as hel34/hjal0@# and you cannot remember it without writing it to a paper. Dilemma: you never write passwords to paper. So you try to invent an encryption, one-to-one map, where you write only a key to a paper, only numbers, and leave the rest junk to your server. Of course, the password can consist of arbitrary things. Implemention should work like hel34/hjal0#@ ---- magic ----> 3442 and to other way: 3442 ---- server magic ---> hel34/hjal0#@ [Update] mvds has the correct idea, to change the base, how would you implement it?

    Read the article

  • Allow only numeric values in textbox not working in Firefox

    - by AsM
    I have one Textbox accepting Bank A/c Number value which should be numerical only. I have written one javascript function for this as follows. function fncInputNumericValuesOnly() { if(!(event.keyCode=48||event.keyCode<=57)) { event.returnValue=false; } } This code is not allowing non-numerical values in IE. but same is not working in Firefox. I also tried to use onkeyup event. & also tried on pageload txtAccountNumber.Attributes.Add("onkeyup","fncInputNumericValuesOnly()") Why this is not working with firefox 3.

    Read the article

  • 600 tables in DDBB

    - by Michael
    Hi all, I'm a very young software architect. Now I'm working in a very large and I have to lead a group of developers to rewrite all the mortgage system of the bank. I'm looking at database tables and I realize that there is no any data model, neither documentation. The worst part is that there are about 1000 tables in dev environment, and like 600 in production. I trust more the production environment, but anyway, what can I do? I mean, I can suicide me or something, but is there any good reverse engineering tool, so at least I could get the schema definition with the relations between tables and comments extracted from the fields? Can you advice me something? Thanks in advance.

    Read the article

  • Java training for .NET developers?

    - by C Keene
    We are working with a large retail bank on training 40-50 .Net developers to use Java. They are familiar with C# and .Net framework and have built dozens of "run the business" style apps in .Net. We need advice on how to provide basic Java familiarity, with a focus on back end logic, security and transaction management. Back end is Spring/Hibernate, front end is Ajax (Dojo). Are there any online, self-paced, Java courses that would be good for C#/.Net developers to get up to speed quickly?

    Read the article

  • Dynamically changing the component of webpage

    - by peril brain
    Hi, I am working for a project on disaster management sponsered by World Bank, under this project i have assigned work on CMS. and my senior has asked me to make a ASP.NET webpage where those logged with administrator privilege will be able to edit the page. like:- <div id="mydiv"><pre>+++++++MY CONTENT+++++++++++++++++++</pre></div> now if if the admin clicks on mydiv he should be able to edit the pre contents. for this i got many options such as WYSIWYG editors (but they work on textboxs only and further more they cant save the data back to server replacing the previous content) then I came to know about Webparts , but its editing capabilities was so low that my plan for implementing a WYSIWYG editor went in vain. so I m seeking help from u all is their any way to achieve the motive, it would be better if u can suggest something like incorporating WYSIWYG into webpartmanager editor... THANKS..

    Read the article

  • Two DomainContext or data sources with WCF RIA - Silverlight page

    - by Mayur Kotlikar
    I am writting a Silverlight Business Application with WCF RIA link. I have 2 databases on same SQL server, Public and Private. The Public database contains a table which is mostly for public access level, like "user" table which has basic user information The Private database contains a table which has "private" information, user bank transactions etc I created 2 ADO.Net entity models, one each for Private and Public database and selected the tables. I also created 2 different domain context services On on Silverlight page, I need to get information from the tables that are across 2 databases, Private and Public as described above. How do I achieve this? I am thinking of some kind of a wrapper that internally gets data from domain services. Whats the best approach?

    Read the article

  • Homework - C# - Creating an object instance with a button click

    - by Erica
    I'm new to learning Windows Programming with C#. My current assignment is to create a very simple bank account program: The user enters the accountholder name, account number and beginning balance, then presses a "Continue" button to work with that account by making deposits and withdrawals. I wrote a separate "BankAccount" class with the required data members and methods. I've put the code for the creation of the BankAccount object in the Continue button click event BankAccount currentAccount = new BankAccount(acctName, acctNum, beginningBalance); But that seems to make it local to that method only, and currentAccount is not recognized when I'm programming the click event for the "Record Transactions" (deposits and withdrawals) button. How and where should the creation of the BankAccount object be coded in order for it to be created when the "Continue" button is clicked and also recognized in the "Record Transactions" button click event? Please let me know if any clarification is needed, or if you need to see part or all of my code.

    Read the article

  • How to play a set of jpeg files as a movie?

    - by RJ
    I have a set of jpeg images where eacg image has an associated description. e.g. im1.jpg - suspect enters bank im7.jpg - suspect hands teller a note imj41.jpg - teller gives suspect a bag ... ... It's trivial to view these images individually and see the description but how do I play this as a movie? I need to play the images and when I encounter one with a description, display the description in a status pane. Do I need to convert the images into a movie, if so how? How do I get the player to notify me when the description frame is encountered? I'm using Windows. language doesn't matter, I just need the concept right now.

    Read the article

  • Getting confused why i dont get expected amount ?

    - by Stackfan
    I have 1 result and which i will receive in Bank account, Based on that account i have to Put a balance to user account. How can you find the Handling cost from total tried 491.50 / 0.95 = 517.36 which is wrong ? It should be 500.00 (to my expectation) User balance requires 500.00 When 500.00 selected he gets 5% discount There is a handling cost for this ex: 1) Discount: 500.00 - 5% = 475.00 2) Handling cost: (475.00 x 0.034) + 0.35 = 16.50 3) Total: 475.00 + 16.50 = 491.50 So problem is from 491.50, i have to find atleast handling cost to get promised Balance. Any solution ? Cant figure it out myself...

    Read the article

  • Best way of obfuscating / encrypting form data on the iPhone

    - by cannyboy
    I want to create an app which holds sensitive information (imagine it's bank account details, thought it's not). The user enters this information on a form the first time the app starts up. I want this info to be saved, and available, any time the user uses the app (without having to enter a password). However, if the iPhone has a password lock on it, and is stolen, I don't want the data to be easily accessible from the file system. What is the best way of encrypting or obfuscating the data? There is not a lot of data, just a dozen NSStrings from the UITextFields on the form. I'm aware there are encryption export restrictions on the iPhone for non-US developers (I am in UK), so I would prefer to avoid going jumping through any of Apple's app submission hoops to get it on the store.

    Read the article

  • How to check if the sum of some records equals the difference between two other records in t-sql?

    - by Dan Appleyard
    I have a view that contains bank account activity. ACCOUNT BALANCE_ROW AMOUNT SORT_ORDER 111 1 0.00 1 111 0 10.00 2 111 0 -2.50 3 111 1 7.50 4 222 1 100.00 5 222 0 25.00 6 222 1 125.00 7 ACCOUNT = account number BALANCE_ROW = either starting or ending balance would be 1, otherwise 0 AMOUNT = the amount SORT_ORDER = simple order to return the records in the order of start balance, activity, and end balance I need to figure out a way to see if the sum of the non balance_row rows equal the difference between the ending balance and the starting balance. The result for each account (1 for yes, 0 for no) would be simply added to the resulting result set. Example: Account 111 had a starting balance of 0.00. There were two account activity records of 10.00 and -2.5. That resulted in the ending balance of 7.50. I've been playing around with temp tables, but I was not sure if there is a more efficient way of accomplishing this. Thanks for any input you may have!

    Read the article

  • ING Selecciona Oracle Fusion HCM para la Gestión del Capital Humano

    - by Noelia Gomez
    Normal 0 21 false false false ES X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif";} La decisión de ING sobre la elección de Oracle Fusion HCM fue impulsada por su deseo continuo de fortalecer la función de RRHH para impulsar su negocio. Tras mucho tiempo como cliente de Oracle PeopleSoft HCM, evaluó el segmento de mercado de HCM antes de seleccionar Oracle Fusion HCM, con el objetivo de seguir utilizando las herramientas principales de recursos humanos y mantener su posición como uno de los principales empleadores en los Países Bajos. ING implementará Oracle Fusion HCM, en estrecha colaboración con NorthgateArinso, miembro de Oracle PartnerNetwork (Gold), que proporcionará los servicios de alojamiento y de Oracle Consulting. La firma de servicios financieros utilizará toda la suite de Oracle Fusion Global Human Resources y Oracle Talent Management incluyendo Oracle Fusion Goal, Oracle Fusion OTBI, Oracle Fusion Workforce Compensation, Oracle Fusion Benefits y Oracle Fusion Performance Management. Además, ING implementará Oracle Fusion Financials, aprovechando la plataforma unificada de Oracle Fusion Applications. “Como institución financiera líder y mejor empleador, ING considera a sus colaboradores el activo más estratégico. Continuar siendo “best-in-class” en recursos humanos, es un diferenciador competitivo para nosotros, y necesitamos una aplicación líder de HCM para complementar nuestros esfuerzos ", dijo Marijke Brunklaus, Director General de Recursos Humanos de ING Bank Países Bajos. "Siendo un antiguo usuario de Oracle PeopleSoft HCM, cuidadosamente hemos evaluado las posibles soluciones disponibles y elegimos Oracle Fusion HCM como nuestra futura plataforma. Las profundas capacidades globales y las herramientas principales de talento de Oracle Fusion HCM son una buena opción para ayudarnos a evolucionar continuamente en nuestro negocio". Puede conocer más sobre HCM Fusion : · Oracle Fusion Applications · Oracle Fusion Human Capital Management · Oracle PartnerNetwork · Oracle Consulting Services · Oracle Human Capital Management Blog · Oracle HCM on Twitter · Oracle HCM on Facebook

    Read the article

  • Security Issues with Single Page Apps

    - by Stephen.Walther
    Last week, I was asked to do a code review of a Single Page App built using the ASP.NET Web API, Durandal, and Knockout (good stuff!). In particular, I was asked to investigate whether there any special security issues associated with building a Single Page App which are not present in the case of a traditional server-side ASP.NET application. In this blog entry, I discuss two areas in which you need to exercise extra caution when building a Single Page App. I discuss how Single Page Apps are extra vulnerable to both Cross-Site Scripting (XSS) attacks and Cross-Site Request Forgery (CSRF) attacks. This goal of this blog post is NOT to persuade you to avoid writing Single Page Apps. I’m a big fan of Single Page Apps. Instead, the goal is to ensure that you are fully aware of some of the security issues related to Single Page Apps and ensure that you know how to guard against them. Cross-Site Scripting (XSS) Attacks According to WhiteHat Security, over 65% of public websites are open to XSS attacks. That’s bad. By taking advantage of XSS holes in a website, a hacker can steal your credit cards, passwords, or bank account information. Any website that redisplays untrusted information is open to XSS attacks. Let me give you a simple example. Imagine that you want to display the name of the current user on a page. To do this, you create the following server-side ASP.NET page located at http://MajorBank.com/SomePage.aspx: <%@Page Language="C#" %> <html> <head> <title>Some Page</title> </head> <body> Welcome <%= Request["username"] %> </body> </html> Nothing fancy here. Notice that the page displays the current username by using Request[“username”]. Using Request[“username”] displays the username regardless of whether the username is present in a cookie, a form field, or a query string variable. Unfortunately, by using Request[“username”] to redisplay untrusted information, you have now opened your website to XSS attacks. Here’s how. Imagine that an evil hacker creates the following link on another website (hackers.com): <a href="/SomePage.aspx?username=<script src=Evil.js></script>">Visit MajorBank</a> Notice that the link includes a query string variable named username and the value of the username variable is an HTML <SCRIPT> tag which points to a JavaScript file named Evil.js. When anyone clicks on the link, the <SCRIPT> tag will be injected into SomePage.aspx and the Evil.js script will be loaded and executed. What can a hacker do in the Evil.js script? Anything the hacker wants. For example, the hacker could display a popup dialog on the MajorBank.com site which asks the user to enter their password. The script could then post the password back to hackers.com and now the evil hacker has your secret password. ASP.NET Web Forms and ASP.NET MVC have two automatic safeguards against this type of attack: Request Validation and Automatic HTML Encoding. Protecting Coming In (Request Validation) In a server-side ASP.NET app, you are protected against the XSS attack described above by a feature named Request Validation. If you attempt to submit “potentially dangerous” content — such as a JavaScript <SCRIPT> tag — in a form field or query string variable then you get an exception. Unfortunately, Request Validation only applies to server-side apps. Request Validation does not help in the case of a Single Page App. In particular, the ASP.NET Web API does not pay attention to Request Validation. You can post any content you want – including <SCRIPT> tags – to an ASP.NET Web API action. For example, the following HTML page contains a form. When you submit the form, the form data is submitted to an ASP.NET Web API controller on the server using an Ajax request: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> <form data-bind="submit:submit"> <div> <label> User Name: <input data-bind="value:user.userName" /> </label> </div> <div> <label> Email: <input data-bind="value:user.email" /> </label> </div> <div> <input type="submit" value="Submit" /> </div> </form> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { user: { userName: ko.observable(), email: ko.observable() }, submit: function () { $.post("/api/users", ko.toJS(this.user)); } }; ko.applyBindings(viewModel); </script> </body> </html> The form above is using Knockout to bind the form fields to a view model. When you submit the form, the view model is submitted to an ASP.NET Web API action on the server. Here’s the server-side ASP.NET Web API controller and model class: public class UsersController : ApiController { public HttpResponseMessage Post(UserViewModel user) { var userName = user.UserName; return Request.CreateResponse(HttpStatusCode.OK); } } public class UserViewModel { public string UserName { get; set; } public string Email { get; set; } } If you submit the HTML form, you don’t get an error. The “potentially dangerous” content is passed to the server without any exception being thrown. In the screenshot below, you can see that I was able to post a username form field with the value “<script>alert(‘boo’)</script”. So what this means is that you do not get automatic Request Validation in the case of a Single Page App. You need to be extra careful in a Single Page App about ensuring that you do not display untrusted content because you don’t have the Request Validation safety net which you have in a traditional server-side ASP.NET app. Protecting Going Out (Automatic HTML Encoding) Server-side ASP.NET also protects you from XSS attacks when you render content. By default, all content rendered by the razor view engine is HTML encoded. For example, the following razor view displays the text “<b>Hello!</b>” instead of the text “Hello!” in bold: @{ var message = "<b>Hello!</b>"; } @message   If you don’t want to render content as HTML encoded in razor then you need to take the extra step of using the @Html.Raw() helper. In a Web Form page, if you use <%: %> instead of <%= %> then you get automatic HTML Encoding: <%@ Page Language="C#" %> <% var message = "<b>Hello!</b>"; %> <%: message %> This automatic HTML Encoding will prevent many types of XSS attacks. It prevents <script> tags from being rendered and only allows &lt;script&gt; tags to be rendered which are useless for executing JavaScript. (This automatic HTML encoding does not protect you from all forms of XSS attacks. For example, you can assign the value “javascript:alert(‘evil’)” to the Hyperlink control’s NavigateUrl property and execute the JavaScript). The situation with Knockout is more complicated. If you use the Knockout TEXT binding then you get HTML encoded content. On the other hand, if you use the HTML binding then you do not: <!-- This JavaScript DOES NOT execute --> <div data-bind="text:someProp"></div> <!-- This Javacript DOES execute --> <div data-bind="html:someProp"></div> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { someProp : "<script>alert('Evil!')<" + "/script>" }; ko.applyBindings(viewModel); </script>   So, in the page above, the DIV element which uses the TEXT binding is safe from XSS attacks. According to the Knockout documentation: “Since this binding sets your text value using a text node, it’s safe to set any string value without risking HTML or script injection.” Just like server-side HTML encoding, Knockout does not protect you from all types of XSS attacks. For example, there is nothing in Knockout which prevents you from binding JavaScript to a hyperlink like this: <a data-bind="attr:{href:homePageUrl}">Go</a> <script src="Scripts/jquery-1.7.1.min.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { homePageUrl: "javascript:alert('evil!')" }; ko.applyBindings(viewModel); </script> In the page above, the value “javascript:alert(‘evil’)” is bound to the HREF attribute using Knockout. When you click the link, the JavaScript executes. Cross-Site Request Forgery (CSRF) Attacks Cross-Site Request Forgery (CSRF) attacks rely on the fact that a session cookie does not expire until you close your browser. In particular, if you visit and login to MajorBank.com and then you navigate to Hackers.com then you will still be authenticated against MajorBank.com even after you navigate to Hackers.com. Because MajorBank.com cannot tell whether a request is coming from MajorBank.com or Hackers.com, Hackers.com can submit requests to MajorBank.com pretending to be you. For example, Hackers.com can post an HTML form from Hackers.com to MajorBank.com and change your email address at MajorBank.com. Hackers.com can post a form to MajorBank.com using your authentication cookie. After your email address has been changed, by using a password reset page at MajorBank.com, a hacker can access your bank account. To prevent CSRF attacks, you need some mechanism for detecting whether a request is coming from a page loaded from your website or whether the request is coming from some other website. The recommended way of preventing Cross-Site Request Forgery attacks is to use the “Synchronizer Token Pattern” as described here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet When using the Synchronizer Token Pattern, you include a hidden input field which contains a random token whenever you display an HTML form. When the user opens the form, you add a cookie to the user’s browser with the same random token. When the user posts the form, you verify that the hidden form token and the cookie token match. Preventing Cross-Site Request Forgery Attacks with ASP.NET MVC ASP.NET gives you a helper and an action filter which you can use to thwart Cross-Site Request Forgery attacks. For example, the following razor form for creating a product shows how you use the @Html.AntiForgeryToken() helper: @model MvcApplication2.Models.Product <h2>Create Product</h2> @using (Html.BeginForm()) { @Html.AntiForgeryToken(); <div> @Html.LabelFor( p => p.Name, "Product Name:") @Html.TextBoxFor( p => p.Name) </div> <div> @Html.LabelFor( p => p.Price, "Product Price:") @Html.TextBoxFor( p => p.Price) </div> <input type="submit" /> } The @Html.AntiForgeryToken() helper generates a random token and assigns a serialized version of the same random token to both a cookie and a hidden form field. (Actually, if you dive into the source code, the AntiForgeryToken() does something a little more complex because it takes advantage of a user’s identity when generating the token). Here’s what the hidden form field looks like: <input name=”__RequestVerificationToken” type=”hidden” value=”NqqZGAmlDHh6fPTNR_mti3nYGUDgpIkCiJHnEEL59S7FNToyyeSo7v4AfzF2i67Cv0qTB1TgmZcqiVtgdkW2NnXgEcBc-iBts0x6WAIShtM1″ /> And here’s what the cookie looks like using the Google Chrome developer toolbar: You use the [ValidateAntiForgeryToken] action filter on the controller action which is the recipient of the form post to validate that the token in the hidden form field matches the token in the cookie. If the tokens don’t match then validation fails and you can’t post the form: public ActionResult Create() { return View(); } [ValidateAntiForgeryToken] [HttpPost] public ActionResult Create(Product productToCreate) { if (ModelState.IsValid) { // save product to db return RedirectToAction("Index"); } return View(); } How does this all work? Let’s imagine that a hacker has copied the Create Product page from MajorBank.com to Hackers.com – the hacker grabs the HTML source and places it at Hackers.com. Now, imagine that the hacker trick you into submitting the Create Product form from Hackers.com to MajorBank.com. You’ll get the following exception: The Cross-Site Request Forgery attack is blocked because the anti-forgery token included in the Create Product form at Hackers.com won’t match the anti-forgery token stored in the cookie in your browser. The tokens were generated at different times for different users so the attack fails. Preventing Cross-Site Request Forgery Attacks with a Single Page App In a Single Page App, you can’t prevent Cross-Site Request Forgery attacks using the same method as a server-side ASP.NET MVC app. In a Single Page App, HTML forms are not generated on the server. Instead, in a Single Page App, forms are loaded dynamically in the browser. Phil Haack has a blog post on this topic where he discusses passing the anti-forgery token in an Ajax header instead of a hidden form field. He also describes how you can create a custom anti-forgery token attribute to compare the token in the Ajax header and the token in the cookie. See: http://haacked.com/archive/2011/10/10/preventing-csrf-with-ajax.aspx Also, take a look at Johan’s update to Phil Haack’s original post: http://johan.driessen.se/posts/Updated-Anti-XSRF-Validation-for-ASP.NET-MVC-4-RC (Other server frameworks such as Rails and Django do something similar. For example, Rails uses an X-CSRF-Token to prevent CSRF attacks which you generate on the server – see http://excid3.com/blog/rails-tip-2-include-csrf-token-with-every-ajax-request/#.UTFtgDDkvL8 ). For example, if you are creating a Durandal app, then you can use the following razor view for your one and only server-side page: @{ Layout = null; } <!DOCTYPE html> <html> <head> <title>Index</title> </head> <body> @Html.AntiForgeryToken() <div id="applicationHost"> Loading app.... </div> @Scripts.Render("~/scripts/vendor") <script type="text/javascript" src="~/App/durandal/amd/require.js" data-main="/App/main"></script> </body> </html> Notice that this page includes a call to @Html.AntiForgeryToken() to generate the anti-forgery token. Then, whenever you make an Ajax request in the Durandal app, you can retrieve the anti-forgery token from the razor view and pass the token as a header: var csrfToken = $("input[name='__RequestVerificationToken']").val(); $.ajax({ headers: { __RequestVerificationToken: csrfToken }, type: "POST", dataType: "json", contentType: 'application/json; charset=utf-8', url: "/api/products", data: JSON.stringify({ name: "Milk", price: 2.33 }), statusCode: { 200: function () { alert("Success!"); } } }); Use the following code to create an action filter which you can use to match the header and cookie tokens: using System.Linq; using System.Net.Http; using System.Web.Helpers; using System.Web.Http.Controllers; namespace MvcApplication2.Infrastructure { public class ValidateAjaxAntiForgeryToken : System.Web.Http.AuthorizeAttribute { protected override bool IsAuthorized(HttpActionContext actionContext) { var headerToken = actionContext .Request .Headers .GetValues("__RequestVerificationToken") .FirstOrDefault(); ; var cookieToken = actionContext .Request .Headers .GetCookies() .Select(c => c[AntiForgeryConfig.CookieName]) .FirstOrDefault(); // check for missing cookie or header if (cookieToken == null || headerToken == null) { return false; } // ensure that the cookie matches the header try { AntiForgery.Validate(cookieToken.Value, headerToken); } catch { return false; } return base.IsAuthorized(actionContext); } } } Notice that the action filter derives from the base AuthorizeAttribute. The ValidateAjaxAntiForgeryToken only works when the user is authenticated and it will not work for anonymous requests. Add the action filter to your ASP.NET Web API controller actions like this: [ValidateAjaxAntiForgeryToken] public HttpResponseMessage PostProduct(Product productToCreate) { // add product to db return Request.CreateResponse(HttpStatusCode.OK); } After you complete these steps, it won’t be possible for a hacker to pretend to be you at Hackers.com and submit a form to MajorBank.com. The header token used in the Ajax request won’t travel to Hackers.com. This approach works, but I am not entirely happy with it. The one thing that I don’t like about this approach is that it creates a hard dependency on using razor. Your single page in your Single Page App must be generated from a server-side razor view. A better solution would be to generate the anti-forgery token in JavaScript. Unfortunately, until all browsers support a way to generate cryptographically strong random numbers – for example, by supporting the window.crypto.getRandomValues() method — there is no good way to generate anti-forgery tokens in JavaScript. So, at least right now, the best solution for generating the tokens is the server-side solution with the (regrettable) dependency on razor. Conclusion The goal of this blog entry was to explore some ways in which you need to handle security differently in the case of a Single Page App than in the case of a traditional server app. In particular, I focused on how to prevent Cross-Site Scripting and Cross-Site Request Forgery attacks in the case of a Single Page App. I want to emphasize that I am not suggesting that Single Page Apps are inherently less secure than server-side apps. Whatever type of web application you build – regardless of whether it is a Single Page App, an ASP.NET MVC app, an ASP.NET Web Forms app, or a Rails app – you must constantly guard against security vulnerabilities.

    Read the article

  • Victor Grazi, Java Champion!

    - by Tori Wieldt
    Congratulations to Victor Grazi, who has been made a Java Champion! He was nominated by his peers and selected as a Java Champion for his experience as a developer, and his work in the Java and Open Source communities. Grazi is a Java evangelist and serves on the Executive Committee of the Java Community Process, representing Credit Suisse - the first non-technology vendor on the JCP. He also arranges the NY Java SIG meetings at Credit Suisse's New York campus each month, and he says it has been a valuable networking opportunity. He also is the spec lead for JSR 354, the Java Money and Currency API. Grazi has been building real time financial systems in Java since JDK version 1.02! In 1996, the internet was just starting to happen, Grazi started a dot com called Supermarkets to Go, that provided an on-line shopping presence to supermarkets and grocers. Grazi wrote most of the code, which was a great opportunity for him to learn Java and UI development, as well as database management. Next, he went to work at Bank of NY building a trading system. He studied for Java certification, and he noted that getting his certification was a game changer because it helped him started to learn the nuances of the Java language. He has held other development positions, "You may have noticed that you don't get as much junk mail from Citibank as you used to - that is thanks to one of my projects!" he told us. Grazi joined Credit Suisse in 2005 and is currently Vice President on the central architecture team. Grazi is proud of his open source project, Java Concurrent Animated, a series of animations that visualize the functionality of the components in the java.util.concurrent library. "It has afforded me the opportunity to speak around the globe" and because of it, has discovered that he really enjoys doing public presentations. He is a fine addition to the Java Champions program. The Java Champions are an exclusive group of passionate Java technology and community leaders who are community-nominated and selected under a project sponsored by Oracle. Nominees are named and selected through a peer review process. Java Champions get the opportunity to provide feedback, ideas, and direction that will help Oracle grow the Java Platform. This interchange may be in the form of technical discussions and/or community-building activities with Oracle's Java Development and Developer Program teams.

    Read the article

  • Indie Software Developers - How do I handle taxes?

    - by Connor
    I apologize if this is the wrong site to post on, perhaps someone could point me to the proper place if it is not. Hello, I am 17 years old and currently develop applications/games for Android and iPhone as well as develop internet websites and code a variety of my own projects. I have been very fortunate and have made a large amount of money and continue to make money online to the point where I do not need a stable job, though I'd like to get one after college. I've never held a job anywhere, and have never had to pay taxes. I'm coming into a lot of issues and I am quite confused. I get money from MANY sources- 15 different advertisement networks(!), 4 different payment processors, 5 different affiliate networks and a variety of other sources. All of them pay to different places and at different times (checking account, PayPal, reloadable debit card, ect.) I essentially have a list in a Notepad with names and login information for each source. I have also created a PHP script that uses cURL to grab all the revenue from each service, add it all up, then text me every few hours so I can keep track. It's a mess, but it's working OK, and I can create custom reports (for IRS?). But enough of that, my questions are about taxes in the US, and how indie developers handle it all. I'm at slightly over $250k so far this year, with negligible earnings last year. I have it all stockpiled in a bank account and haven't touched it, I'm a bit scared to. What do I file as? A sole proprietor, a business, just a regular person? How can I handle all of the different revenue sources? (AdSense, CJ, LinkShare) So far none of them have sent me any paperwork on taxes and I've read that I'm supposed to pay taxes quarterly? Do I need paperwork from EACH source to file? Or can I just say I got $x total and that'd be it? What percentage do you pay of total earnings? Average? Should I create an LLC? A corporation? Or stay as a developer? What would be the cheapest options? Could I go to jail? I haven't touched the money except a few dollars to help my parents pay the mortgage once. Any insight would be great. My parents have no idea what I should do, both have no forms of higher education and both have no high school diploma's. They just live day by day with simple jobs. I appreciate any help or experience with this.

    Read the article

  • sell ccv good and fresh sell cvv all country fullz info

    - by underworld
    ICQ: 640240418 YH: underworld_cvv Mail: [email protected] WELCOME TO MY UNDERWORLD ! I'm is Professional seller,more than 5 years experience,i started work in 2008,i have sold cvv credit card to many customers all over the world. Selling cvv, fullz many country as: Canada,USA,Australia,UK...all And many country in Europe: Fr,Ger,Spain,Ita... I hope we will work together for a long time. Always sell cvv quality with high balance. I have a website but if you want buy cvv good price please contact me. Have Cvv with Bin or Cvv with DOB,VBV if customer claim. List Price Some Cvv (good price for good buyer) -Us: 5$ /1 -Us VBV-DOB : 8$ /1 -Us fullz : 40$ /1 -Us (amex,discover) : 8$ /1 -Ca : 10$ /1 -Ca DOB : 20$ /1 -Ca fullz : 50$ /1 -Ca with bin : 15$ /1 -Au : 10$ /1 -Au DOB : 20$ /1 -Uk : 10$ /1 -Uk DOB-VBV : 20$ /1 -Fr : 15$ /1 -Fr DOB-VBV : 25$ /1 -Ger : 18$ /1 -Ger with DOB : 25$ /1 -Spain : 15$ /1 -Spain Fullz : 40$ /1 -Ita : 15$ /1 -Ita with DOB : 25$ /1 -Japan : 15$ /1 -Japan with DOB : 25$ /1 Cvv random country -Denmark : 25$ /1 -Sweden : 20$ /1 -Switzerland : 20$ /1 -Slovakia : 20$ /1 -Netherlands : 18$ /1 -Mexico : 15 /1 -Middle East : 18$ /1 -New zeland : 18$ /1 -Asia : 15$ /1 -Ireland : 18$ /1 -Belgium : 15$ /1 -Taiwan : 15$ /1 -UAE : 20$ /1 And many country... Some Bins -Us bins: 517805,488893,492536,408181,542432,482880,374355,374372... -Ca bins: 450003,450008,451242,450060,549198,533833,519123,544612... -Uk bins: 4547,5506,5569,5404,5031,4921,5505,5506,4921,4550... -Ger bins: 492942,490762,530127... -Au bins: 543568,450605,494053,450606,456475,521893,519163... -Fr bins: 497847,497831,497841,497849,497820,497825,497833... -And others bins for others country... Format France fullz Nom : di murro Prenom : mariano Adresse : rue des caillettes Ville : Corbeil Essonnes Code Postale : 91100 Telephone : 33672492372 ========== (2eme Tape) ========== Nom de Bank : crédit agricole Nom de Carte Bancaire : di murro mariano Date de naissance : 12 / 02 / 1969 Type de carte : MasterCard Numero de carte : 5131018223855xxx Numero de compte : Date d'expiration : 10 / 2014 CVN : 336 -WARRANTY time is 12 HOURS. Any cvv purchase over 12 hours can not warranty. -If you buy over 30 cvvs, i will sell for you best price. -I will discount for you if you are reseller or you order everyday many on the next day. -I only accept payment money by PerfectMoney (PM) Western Union (WU) and MoneyGram. -I will prove to you that I am the best sellers. And make sure you will enjoy doing business with me. Contact: ICQ: 640240418 YH: underworld_cvv Mail: [email protected]

    Read the article

  • Mark Zuckerberg tops the list of 50 Highest Rated CEOs. 3 Indian CEOs feature in the list.

    - by Gopinath
    Mark Zuckerberg, the CEO of Facebook is rated as the best CEO according to a report released by the popular employee reviews website Glassdoor.com. 50,000 employees reviews submitted to Glassdoor in the past 1 year are considered for preparing the rating list and Zukerberg topped the list with 99 percent approval to the question “Do you approve of the way your CEO is leading the company?”. Wow! That’s an amazing support to Zukergerg from his employees though stock market and share holders are not with him. Coincidently Facebook is also rated as the best company to work by Glassdoor in a recent survey. Here is the list of top 10 CEOs Mark Zuckerberg, Facebook; 99.3% Approval Bill McDermott & Jim Hagemann Snabe, SAP; 99% Approval Dominic Barton, McKinsey & Company; 97% Approval Jim Turley, Ernst & Young; 96% Approval John E. Schlifske, Northwestern Mutual; 96% Approval Frank D’Souza, Cognizant Technology Solutions; 96% Approval Joe Tucci, EMC; 96% Approval Paul E. Jacobs, QUALCOMM; 95% Approval Richard K. Davis, U.S. Bank; 95% Approval Pierre Nanterme, Accenture; 95% Approval 3 Indian CEOs in the top 50 list – TCS, Wipro & MindTree The list featured three Indian CEOs and all the three are leading Software IT Services organizations in India and creating thousands of IT jobs.  Natarajan Chandrasekaran – the CEO of TCS is at 25th position, Krishnakumar Natarajan – the CEO of MindTree is at 28th position and  Wipro’s T.K.Kurien is at 44th position. Glad to see Indian CEO joining the global ranks. Tech Heavy Weights Google, Apple, Amazon & Microsoft aren’t in top 10 Another thing to note from this report is that the CEO’s of technology heavy weights Google, Apple, Amazon and Microsoft are not in the top10 list- looks like their employees are not really happy with their bosses. At least not as happy as their peers at Facebook. Google CEO’s Larry Page is at 11th position, Jeff Bezos of Amazon at 16th position and Tim Cook of Apple is at 18th position. Well the Microsoft CEO is not even in the list of top 50!! You can read the complete list of ratings at Glassdoor.com’s blog. Photo Credit: Andrew Feinberg

    Read the article

  • Looking for Cutting-Edge Data Integration: 2014 Excellence Awards

    - by Sandrine Riley
    Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 It is nomination time!!! This year's Oracle Fusion Middleware Excellence Awards will honor customers and partners who are creatively using various products across Oracle Fusion Middleware. Think you have something unique and innovative with one or a few of our Oracle Data Integration products? We would love to hear from you! Please submit today. The deadline for the nomination is June 20, 2014. What you win: An Oracle Fusion Middleware Innovation trophy One free pass to Oracle OpenWorld 2014 Priority consideration for placement in Profit magazine, Oracle Magazine, or other Oracle publications & press release Oracle Fusion Middleware Innovation logo for inclusion on your own Website and/or press release Let us reminisce a little… For details on the 2013 Data Integration Winners: Royal Bank of Scotland’s Market and International Banking and The Yalumba Wine Company, check out this blog post: 2013 Oracle Excellence Awards for Fusion Middleware Innovation… and the Winners for Data Integration are… and for details on the 2012 Data Integration Winners: Raymond James and Morrisons, check out this blog post: And the Winners of Fusion Middleware Innovation Awards in Data Integration are…  Now to view the 2013 Winners (for all categories). We hope to honor you! Here's what you need to do:  Click here to submit your nomination today.  And just a reminder: the deadline to submit a nomination is 5pm Pacific Time on June 20, 2014. /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

    Read the article

  • ArchBeat Link-o-Rama for 2012-07-11

    - by Bob Rhubart
    Is the future of retail showrooming? | GigaOm "The digital shopper isn’t just digital and she expects to be served seamlessly across all channels, physical and digital," reports GigaOm. Twenty years into the Internet era and the changes just keep coming. Solution architects take note... Agile Bureaucracy: When Practices become Principles | Jim Highsmith.com "Principles and values are a critical part of keeping individuals in organizations aligned and engaged," says Agile guru Jim Highsmith, "but the more pseudo-principles are piled on top of principles, the less and less organizations are able to adapt." Oracle Fusion Applications 11g Basics | Michel Schildmeijer "We are trying to build up a Oracle Fusion Apps environment on a Exalogic system, though still on bare metal, because officially there still is no Oracle VM available yet on Exalogic," says Michel Schildmeijer, an Oracle Fusion Middleware Architect at Qualogy. "It is a bit of a challenge, but getting to know the basics and which components the install, build and configure phase use, might bring you a step further on the way." Process Centric Banking: Loan Origination Solution | Manish Palaparthy This interesting, detailed post by Manish Palaparthy explains the process behind the execution of a proof-of-concept for a Fusion Middleware-based loan-origination solution for a bank. The solution incorporates Oracle BPM Suite, Webcenter, and ADF technolgies in a SOA infrastructure. How eBay and Facebook are Cleaning Up Data Centers | Amy Gallo - HBR The Cloud has needs! As reported by Amy Gallo in an article in the Harvard Business Review, "The electricity demand of data centers and the telecommunications network is rivaling that of most nations. If the cloud were itself a country, it would rank fifth in the world on energy demand behind the U.S., China, Russia, and Japan." Do WebLogic configuration from ANT | Edwin Biemond "With WebLogic WLST you can script the creation of all your Application DataSources or SOA Integration artifacts( like JMS etc)," says Oracle ACE Edwin Biemond. "This is necessary if your domain contains many WebLogic artifacts or you have more then one WebLogic environment. If so, you want to script this so you can configure a new WebLogic domain in minutes and you can repeat this task with always the same result." Oracle Special-Edition E-Book: Cloud Architecture for Dummies Learn how to architect and model your cloud implementation to drive efficiency and leverage economies of scale with Cloud Architecture for Dummies, a free Oracle e-book. (Registration required.) Thought for the Day "One of the best things to come out of the home computer revolution could be the general and widespread understanding of how severely limited logic really is." — Frank Herbert Source: SoftwareQuotes.com

    Read the article

  • When to use SOAP over REST

    So, how does REST based services differ from SOAP based services, and when should you use SOAP? Representational State Transfer (REST) implements the standard HTTP/HTTPS as an interface allowing clients to obtain access to resources based on requested URIs. An example of a URI may look like this http://mydomain.com/service/method?parameter=var1&parameter=var2. It is important to note that REST based services are stateless because http/https is natively stateless. One of the many benefits for implementing HTTP/HTTPS as an interface is can be found in caching. Caching can be done on a web service much like caching is done on requested web pages. Caching allows for reduced web server processing and increased response times because content is already processed and stored for immediate access. Typical actions performed by REST based services include generic CRUD (Create, Read, Update, and Delete) operations and operations that do not require state. Simple Object Access Protocol (SOAP) on the other hand uses a generic interface in order to transport messages. Unlike REST, SOAP can use HTTP/HTTPS, SMTP, JMS, or any other standard transport protocols. Furthermore, SOAP utilizes XML in the following ways: Define a message Defines how a message is to be processed Defines the encoding of a message Lays out procedure calls and responses As REST aligns more with a Resource View, SOAP aligns more with a Method View in that business logic is exposed as methods typically through SOAP web service because they can retain state. In addition, SOAP requests are not cached therefore every request will be processed by the server. As stated before Soap does retain state and this gives it a special advantage over REST for services that need to preform transactions where multiple calls to a service are need in order to complete a task. Additionally, SOAP is more ideal for enterprise level services that implement standard exchange formats in the form of contracts due to the fact that REST does not currently support this. A real world example of where SOAP is preferred over REST can be seen in the banking industry where money is transferred from one account to another. SOAP would allow a bank to perform a transaction on an account and if the transaction failed, SOAP would automatically retry the transaction ensuring that the request was completed. Unfortunately, with REST, failed service calls must be handled manually by the requesting application. References: Francia, S. (2010). SOAP vs. REST. Retrieved 11 20, 2011, from spf13: http://spf13.com/post/soap-vs-rest Rozlog, M. (2010). REST and SOAP: When Should I Use Each (or Both)? Retrieved 11 20, 2011, from Infoq.com: http://www.infoq.com/articles/rest-soap-when-to-use-each

    Read the article

< Previous Page | 13 14 15 16 17 18 19 20 21 22 23 24  | Next Page >