Search Results

Search found 650 results on 26 pages for 'universe hacker'.

Page 19/26 | < Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • Browser for cross-site-script testing (for testing Mozilla Add-On)

    - by Anthony
    I am working on a Firefox extension that will involve ajax calls to domains that would normally fail due to the same-origin policy set by Firefox (and most modern browsers). I was wondering if there is a way to either turn off the same-origin restriction (in about:config, perhaps) or if there was a standard lite-browser that developers turn to for this. I really would like to avoid using any blackhat tools, if possible. Not because I'm against them, I just don't want to add another learning curve to the process. I can use curl in PHP to confirm that the requests work, but I want to get started on writing the js that the addon will actually use, so I need a client that will execute js. I also tried spidermonkey, but since I'm doing the ajax with jquery, it threw a fit at all of the browser-based default variables. So, short version: is there a reliable browser/client for cross site scripting that isn't primarily a hacker app? Or can I just turn off same-domain policy in Firefox?

    Read the article

  • What's a reliable and practical way to protect software with a user license ?

    - by Frank
    I know software companies use licenses to protect their softwares, but I also know there are keygen programs to bypass them. I'm a Java developer, if I put my program online for sale, what's a reliable and practical way to protect it ? How about something like this, would it work ? <1> I use ProGuard to protect the source code. <2> Sign the executable Jar file. <3> Since my Java program only need to work on PC [I need to use JDIC in it], I wrap the final executable Jar into an .exe file which makes it harder to decompile. <4> When a user first downloads and runs my app, it checks for a Pass file on his PC. <5> If the Pass file doesn't exist, run the app in demo mode, exits in 5 minutes. <6> When demo exits a panel opens with a "Buy Now" button. This demo mode repeats forever unless step <7> happens. <7> If user clicks the "Buy Now" button, he fills out a detailed form [name, phone, email ...], presses a "Verify Info" button to save the form to a Pass file, leaving license Key # field empty in this newly generated Pass file. <8> Pressing "Verify Info" button will take him to a html form pre-filled with his info to verify what he is buying, also hidden in the form's input filed is a license Key number. He can now press a "Pay Now" button to goto Paypal to finish the process. <9> The hidden license Key # will be passed to Paypal as product Id info and emailed to me. <10> After I got the payment and Paypal email, I'll add the license Key # to a valid license Key list, and put it on my site, only I know the url. The list is updated hourly. <11> Few hours later when the user runs the app again, it can find the Pass file on his PC, but the license Key # value is empty, so it goes to the valid list url to see if its license Key # is on the list, if so, write the license Key # into the Pass file, and the next time it starts again, it will find the valid license Key # and start in purchased mode without exiting in 5 minutes. <12> If it can't find its license Key # on the list from my url, run in demo mode. <13> In order to prevent a user from copying and using another paid user's valid Pass file, the license Key # is unique to each PC [I'm trying to find how], so a valid Pass file only works on one PC. Only after a user has paid will Paypal email me the valid license Key # with his payment. <14> The Id checking goes like this : Use the CPU ID : "CPU_01-02-ABC" for example, encrypt it to the result ID : "XeR5TY67rgf", and compare it to the list on my url, if "XeR5TY67rgf" is not on my valid user list, run in demo mode. If it exists write "XeR5TY67rgf" into the Pass File license field. In order to get a unique license Key, can I use his PC's CPU Id ? Or something unique and useful [ relatively less likely to change ]. If so let's say this CPU ID is "CPU_01-02-ABC", I can encrypt it to something like "XeR5TY67rgf", and pass it to Paypal as product Id in the hidden html form field, then I'll get it from Paypal's email notification, and add it to the valid license Key # list on the url. So, even if a hacker knows it uses CPU Id, he can't write it into the Pass file field, because only encrypted Ids are valid Ids. And only my program knows how to generate the encrypted Ids. And even if another hacker knows the encrypted Id is hidden in the html form input field, as long as it's not on my url list, it's still invalid. Can anyone find any flaw in the above system ? Is it practical ? And most importantly how do I get hold of this unique ID that can represent a user's PC ? Frank

    Read the article

  • get height on a block of latex output

    - by georg raba
    Hello, I am trying to determine how to get the height on a block of latex output (not the whole document, and not the code..but rather a block of output). As an example of what I am trying to accomplish: i were to have the latex code $\sum_{i=0}^\infty \frac{1}{n}\infty$ \newline hello world \newline hello universe its output would be something like 2 inches high. Of course, the height of the above block of text is dependent on a number of things-font, margin size, etc, as changing any of these parameters changes how many inches that output would be. Is there a command/package that does this? Thanks in advance! Georg Raba

    Read the article

  • What's the funniest user request you've ever had?

    - by Shaul
    Users sometimes come up with the most amusing, weird and wonderful requirements for programmers to design and implement. Today I read a memo from my boss that we need the "ability to import any excel or access data, irrespective of size, easily and quickly." From the same memo, we have a requirement to "know if anyone unauthorized accessed the system" - as if a hacker is going to leave his calling card wedged between an index and a foreign key somewhere. I think my boss has been watching too much "Star Trek"... :) What's the funniest user request you've ever had?

    Read the article

  • Accessing PostGIS spatial data from Rails

    - by Lakitu
    I need to use an existing PostGIS database from my Rails application. So far I am able to access the DB just fine, GeoRuby nicely converts the 'geom' column into a Point object. What I am looking for is an easy way to execute ActiveRecord-like queries on those tables, e.g. Poi.find_within_radius(...) or similar spatial queries like distance calculations et. al. I tried several combinations of geokit, accompanying rails plugins but I'm quite sure there must be something better out there in the ruby/rails universe. Any hints?

    Read the article

  • Telling between a "natural" HTTP 404 and a PHP Generated one

    - by JCOC611
    So I have a file that should never be accessed by a user directly, but included in another PHP file. If the file is called directly, it generates a HTTP Status 404 Not Found to trick a possible attacker that such file doesn't exist. However, if the hacker could tell that the 404 was generated by PHP or is not "natural" then the whole point of the header would be lost. So is it possible to tell whether the 404 was generated by the server naturally (because the file really doesn't exist) or by a PHP code? PS: I know this question might seem pretty weird lol

    Read the article

  • Resources for TDD aimed at Python Web Development

    - by Null Route
    I am a hacker not and not a full-time programmer but am looking to start my own full application development experiment. I apologize if I am missing something easy here. I am looking for recommendations for books, articles, sites, etc for learning more about test driven development specifically compatible with or aimed at Python web application programming. I understand that Python has built-in tools to assist. What would be the best way to learn about these outside of RTFM? I have searched on StackOverflow and found the Kent Beck's and David Astels book on the subject. I have also bookmarked the Wikipedia article as it has many of these types of resources. Are there any particular ones you would recommend for this language/application?

    Read the article

  • Good book(s) for MMORPG design & implementation?

    - by mawg
    I am a long time professional C/C++ programmer (mostly embedded systems) and a hobbyist windows & php hacker. Can anyone recommend a book(s) specifically aimed at designing and (hopefully) implementing an MMORPG? I don't need general how to design or how to code books. Maybe a really good generic games book, but I am not interested in 1st person shooters, I want to know what it takes to implement an MMORPG. Good books, maybe also good URLs. Thanks just searching eBay and Amazon threw up a whole slew of books. Amazon's customer reviews give me an idea of how good they are, and the overview tells me what areas they cover

    Read the article

  • Replacing multiple patterns in a block of data

    - by VikrantY
    Hi All, I need to find the most efficient way of matching multiple regular expressions on a single block of text. To give an example of what I need, consider a block of text: "Hello World what a beautiful day" I want to replace Hello with "Bye" and "World" with Universe. I can always do this in a loop ofcourse, using something like String.replace functions availiable in various languages. However, I could have a huge block of text with multiple string patterns, that I need to match and replace. I was wondering if I can use Regular Expressions to do this efficiently or do I have to use a Parser like LALR. I need to do this in JavaScript, so if anyone knows tools that can get it done, it would be appreciated.

    Read the article

  • Prevent strings stored in memory from being read by other programs

    - by Roy
    Some programs like ProcessExplorer are able to read strings in memory (for example, my error message written in the code could be displayed easily, even though it is compiled already). Imagine if I have a password string "123456" allocated sequentially in memory. What if hackers are able to get hold of the password typed by the user? Is there anyway to prevent strings from being seen so clearly? Oh yes, also, if I hash the password and sent it from client to server to compare the stored database hash value, won't the hacker be able to store the same hash and replay it to gain access to the user account? Is there anyway to prevent replaying? Thank You!

    Read the article

  • Launch application from a browser

    - by Goro
    Hello, Is it possible to launch an application from a browser? I am not talking about opening a file from a browser (like open a PDF with Adobe Reader), but rather opening a new (blank) instance of an application that is installed on the user's machine. Hypothetical situation: User browses a website that lists computers that can be managed via RDP. He clicks on a link to 192.168.1.10, that link opens Microsoft RDP client (mstsc.exe) with that ip address already filled out. I am talking strictly about Windows universe. Is that thing even doable outside of ActiveX and IE? Is it wise to attempt this in IE with ActiveX ? Thanks a lot,

    Read the article

  • Is it possible for a XSS attack to obtain HttpOnly cookies?

    - by Dan Herbert
    Reading this blog post about HttpOnly cookies made me start thinking, is it possible for an HttpOnly cookie to be obtained through any form of XSS? Jeff mentions that it "raises the bar considerably" but makes it sound like it doesn't completely protect against XSS. Aside from the fact that not all browser support this feature properly, how could a hacker obtain a user's cookies if they are HttpOnly? I can't think of any way to make an HttpOnly cookie send itself to another site or be read by script, so it seems like this is a safe security feature, but I'm always amazed at how easily some people can work around many security layers. In the environment I work in, we use IE exclusively so other browsers aren't a concern. I'm looking specifically for other ways that this could become an issue that don't rely on browser specific flaws.

    Read the article

  • can I prohibit users from loading swf files by AS3 / Flash Loader.load() and only allow loading imag

    - by EndangeringSpecies
    I want to have an AS3 app load images from url supplied by the user. But I don't want a malicious user to be able to load an SWF file in place of the image, such as with an altered extension "maliciousSwf.png". Well, not sure how big a security threat that is above and beyond the ability of the hacker to decompile swf, but I think that ideally such behavior should not be allowed. So, is there any way to prevent this? When people allow users to load images in their Flash apps, do they somehow guard against loading of SWF? Or is this really absolutely no big deal?

    Read the article

  • jQuery plugin: Validation can't be customized without setting all fields to 'required'?

    - by rasx
    I've spent the day looking at jQuery plugin: Validation by Jörn Zaefferer. I notice that it works fine as long as you call the validate() method without options. In my little squalid world, as soon as I add options, like errorPlacement, I notice that validation ignores form fields that are not marked required. I also notice that many, many demos mark all fields required---or do not pass options. Am I writing about anything familiar here? Or should I astral project to a parallel universe?

    Read the article

  • How necessary is using PHP filters?

    - by Jamie
    I'm a relatively newbie to PHP and just making my way through the W3Schools tut. The tut makes a big point of saying you must always filter external data (i.e. cookies, form data etc). I'm writing a fairly simple system that talks with a third party Joomla extension. It's at a prototype stage where I'm just wanting to demonstrate the functionality in a minimum viable product. Basically, I'd like to know... what's the worst that could happen in I don't filter content. Are we talking 'I might get a bunch of spam', or 'a good hacker could get root server access'? Have hunted around online, but would love any of your experience / insight on the matter!

    Read the article

  • Connect to a MySQL database and count the number of rows.

    - by Hugo
    Hi there! I need to connect to a MySQL database and then show the number of rows. This is what I've got so far; <?php include "connect.php"; db_connect(); $result = mysql_query("SELECT * FROM hacker"); $num_rows = mysql_num_rows($result); echo $num_rows; ?> When I use that code I end up with this error; Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:\Documents and Settings\username\Desktop\xammp\htdocs\news2\results.php on line 10 Thanks in advance :D

    Read the article

  • php: security question

    - by Syom
    in my cms i have index.php, where client must enter username and password. if they are correct, he'll moove to admin.php, where the cms is. but now hacker can enter to cms/admin.php, so my security now is awful. i know, that i can use $_SESSION variable. index.php - i can give some value to $_SESSION['error']: $_SESSION['error'] = TRUE, and in admin.php just verify it admin.php if($_SESSION['error'] == TRUE) { my script here... } else header("Location: index.php"); but i want to rich this effect without SESSION. could you give me an idea, how can i do it? thanks

    Read the article

  • Do I have to use Stored Procedures to get query level security or can I still do this with Dynamic S

    - by Peter Smith
    I'm developing an application where I'm concerned about locking down access to the database. I know I can develop stored procedures (and with proper parameter checking) limit a database user to an exact set of queries to execute. It's imperative that no other queries other then the ones I created in the stored procedures be allowed to execute under that user. Ideally even if a hacker gained access to the database connection (which only accepts connections from certain computers) they would only be able to execute the predefined stored procedures. Must I choose stored procedures for this or can I use Dynamic Sql with these fine grain permissions?

    Read the article

  • Security question

    - by Syom
    in my cms i have index.php, where client must enter username and password. if they are correct, he'll moove to admin.php, where the cms is. but now hacker can enter to cms/admin.php, so my security now is awful. i know, that i can use $_SESSION variable. index.php - i can give some value to $_SESSION['success']: $_SESSION['success'] = TRUE, and in admin.php just verify it admin.php if($_SESSION['success'] == TRUE) { my script here... } else header("Location: index.php"); but i want to rich this effect without SESSION. could you give me an idea, how can i do it? thanks

    Read the article

  • Do similar passwords have similar hashes?

    - by SLC
    Our computer system at work requires users to change their password every few weeks, and you cannot have the same password as you had previously. It remembers something like 20 of your last passwords. I discovered most people simply increment a digit at the end of their password, so "thisismypassword1" becomes "thisismypassword2" then 3, 4, 5 etc. Since all of these passwords are stored somewhere, I wondered if there was any weakness in the hashes themselves, for standard hashing algorithms used to store passwords like MD5. Could a hacker increase their chances of brute-forcing the password if they have a list of hashes of similar passwords?

    Read the article

  • What tool can I use to extract resources from a VB6 application?

    - by RichieACC
    One of my clients has an application that was written for them using VB6. They no longer have the original resources that were given to the developer. The developer has disappeared off the face of the earth. My challenge is to extract the resources from the executable and rebuild the application, adding new material to it. I've tried using Resource Hacker, but that only finds the icon. The exe is over 26MB, I can't see that the only resource embedded is the icon. Is there a way to extract this resource?

    Read the article

  • Have you ever derived a programming solution from nature?

    - by Ryu
    When you step back and look at ... the nature of animals, insects, plants and the problems they have organically solved perhaps even the nature and balance of the universe Have you ever been able to solve a problem by deriving an approach from nature? I've heard of Ant Colony Algorithms being able to optimize supply chain amongst other things. Also Fractal's being the "geometry of nature" have been applied to a wide range of problems. Now that spring is here again and the world is coming back to life I'm wondering if anybody has some experiences they can share. Thanks PS I would recommend watching the "Hunting the Hidden Dimension" Nova episode on fractals.

    Read the article

  • Condor job using DAG with some jobs needing to run the same host

    - by gurney alex
    I have a computation task which is split in several individual program executions, with dependencies. I'm using Condor 7 as task scheduler (with the Vanilla Universe, due do constraints on the programs beyond my reach, so no checkpointing is involved), so DAG looks like a natural solution. However some of the programs need to run on the same host. I could not find a reference on how to do this in the Condor manuals. Example DAG file: JOB A A.condor JOB B B.condor JOB C C.condor JOB D D.condor PARENT A CHILD B C PARENT B C CHILD D I need to express that B and D need to be run on the same computer node, without breaking the parallel execution of B and C. Thanks for your help.

    Read the article

  • From .NET TO SQL

    - by Berlioz
    How do you pass a value from your DAL to your sproc so that the ISNULL function will do it's job. Particularly the DATE value coming from my .NET assembly. In T-SQL an INSERT STMNT and in the VALUES clause, the line of interest goes like this; ISNULL(@myparm_forcolumn9, @myparm_forcolumn9). What value do I pass from .NET to make this line in my sproc work universally, so I don't have to write a millions INSERT SPROCS for every combination of columns??? I just want to write one stored procedure(sproc) that will handle all INSERTS in my universe.

    Read the article

  • How do I remove specific numbers from a string?

    - by user1666900
    I have this string in PHP Hopelessly Incredible |SPG:M| 766 STEAM_0:1:20130600 " banned "A Blatantly Obvious Hacker 740 STEAM_0:1:55386073 " (minutes "0") (reason "Multi-Hack") The Format of the string is: Name1 Number(0-3 digits) Steam_0:x:xxxx offense (banned/kicked/mute etc) Name2 Number(0-3 digits) Steam_0:x:xxxx time reason My goal is to remove the values 766 and 740 because it is just garbage. Those values can have single, double, and triple digits. The next step would be to strip STEAM_0:1:20130600 and STEAM_0:1:55386073 out of the string and capture it in a new variable. The only constant is STEAM_0: the rest can change. I am still learning regex but I fear this is a bit complicated for me to do. Some guidance would be most appreciative.

    Read the article

< Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >