Search Results

Search found 635 results on 26 pages for 'bypass'.

Page 20/26 | < Previous Page | 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • Help securing files access with htaccess and php?

    - by bschaeffer
    I'm working on a site that allows users to purchase digital content and have implemented a method that attempts to serve secure downloads. I'm using CodeIgniter to force downloads like this: $file = file_get_contents($path); force_download("my_file_name.zip", $file); Of course, I make sure the user has access to the file using a database before serving the download, but I was wondering if there was a way to make these files more secure. I'm using a some 8-10 letter keys to create the file paths so urls to the files aren't exactly easy to figure out... something like http://mysite.com/as67Hgr/asdo0980/uth89.zip in lieu of http://mysite.com/downloads/my_file.zip. Also, I'm using .htaccess to deny directory browsing like so: Options All -Indexes. Other than that... I have no idea what steps to take. I've seen articles suggesting username and password methods using .htaccess, but I don't understand how to bypass the password prompt that would occur using that method. I was hoping there might be a method where I could send a username and password combination using headers and cUrl (or something similar), but I wouldn't know where to start. Any help would be hugely appreciated. Thanks in advance!

    Read the article

  • Convert function to read from string instead of file in C

    - by Dusty
    I've been tasked with updating a function which currently reads in a configuration file from disk and populates a structure: static int LoadFromFile(FILE *Stream, ConfigStructure *cs) { int tempInt; ... if ( fscanf( Stream, "Version: %d\n",&tempInt) != 1 ) { printf("Unable to read version number\n"); return 0; } cs->Version = tempInt; ... } to one which allows us to bypass writing the configuration to disk and instead pass it directly in memory, roughly equivalent to this: static int LoadFromString(char *Stream, ConfigStructure *cs) A few things to note: The current LoadFromFile function is incredibly dense and complex, reading dozens of versions of the config file in a backward compatible manner, which makes duplication of the overall logic quite a pain. The functions that generate the config file and those that read it originate in totally different parts of the old system and therefore don't share any data structures so I can't pass those directly. I could potentially write a wrapper, but again, it would need to handle any structure passed in in a backwards compatible manner. I'm tempted to just pass the file as is in as a string (as in the prototype above) and convert all the fscanf's to sscanf's but then I have to handle incrementing the pointer along (and potentially dealing with buffer overrun errors) manually. This has to remain in C, so no C++ functionality like streams can help here Am I missing a better option? Is there some way to create a FILE * that actually just points to a location in memory instead of on disk? Any pointers, suggestions or other help is greatly appreciated.

    Read the article

  • .NET XML serialization

    - by ShdNx
    I would like to serialize and deserialize mixed data into XML. After some searches I found out that there were two ways of doing it: System.Runtime.Serialization.Formatters.Soap.SoapFormatter and System.Xml.Serialization.XmlSerializer. However, neither turned out to match my requirements, since: SoapFormatter doesn't support serialization of generic types XmlSerializer refuses to serialize types that implement IDictionary, not to mention that it's far less easy-to-use than "normal" serialization (e.g. see this SO question) I'm wondering if there exists an implementation that doesn't have these limitations? I have found attempts (for example CustomXmlSerializer and YAXLib as suggested in a related SO question), but they don't seem to work either. I was thinking about writing such serializer myself (though it certainly doesn't seem to be a very easy task), but then I find myself limited by the CLR, as I cannot create object instances of types that won't have a paramaterless constructor, even if I'm using reflection. I recall having read somewhere that implementations in System.Runtime.Serialization somehow bypass the normal object creation mechanism when deserializing objects, though I'm not sure. Any hints of how could this be done? Could somebody please point me to the right direction with this?

    Read the article

  • Best way to pass image to server?

    - by Chris
    I have an SL3 application that needs to be able to pass an image to the server, and then the server will generate a PDF file with the image in it, and display it to the user. What I already have in place are the following: (1) Code to convert image to byte array (2) Code to generate PDF file with image The main problem that I am running into is the following: In order to bypass the pop-up blocker, which is a requirement for my application, I am using the following code: var button = new NavigationButton(); button.NavigateUri = new Uri("http://localhost:3616/PrintReport.aspx?ReportIndex=11&ActionType=Get&ReportIdentifier=" + reportIdentifier.ToString() + ""); button.TargetName = "_blank"; button.PerformClick(); Initially, I would pass the image to a WCF web service (as a byte array), and then "navigate" to the ASP.NET page that would display the report. However, if I do this, then I can not use my custom HyperlinkButton class, and, certain browsers, including Safari, will block a new window from opening up. Therefore, it appears that the only option is to use the HyperlinkButton class. What I need to be able to do is to somehow pass the image, as a byte array or some other data type, to the server, such that it can temporarily store the image, even if it is in a server variable, and then immediately retrieve it when I navigate to the PrintReport.aspx page. If I upload the image to an ASP.NET form and then use the HyperlinkButton class to navigate to the PrintReport page, it doesn't work, as the app navigates to the PrintReport page before the system has finished uploading the image. I can't pass it to a web service, as that would require that I navigate to the PrintReport.aspx page in the callback code of the web method that I would be passing the image to, and the HyperlinkButton will not allow that, based on security rules. Any help or ideas would be appreciated. Thanks. Chris

    Read the article

  • Internet Explorer Warning when embedding Youtube on HTTPS site?

    - by pellepim
    Our application is run over HTTPS which rarely presents any problems for us. When it comes to youtube however, the fact that they do not present any content over SSL connections is giving us some head ache when trying to embed clips. Mostly because of Internet Explorers famous little warning message: "Do you want to view only the webpage content that was delivered securely? This page contains content that will not be delivered using a secure HTTPS ... etc" I've tried to solve this in several ways. The most promising one was to use the ProxyPass functionality in Apache to map to YouTube. Like this: ProxyPass: /youtube/ http://www.youtube.com ProxyPassReverse: /youtube/ http://www.youtube.com This gets rid of the annoying warning. However, the youtube SWF fails to start streaming The SWF i manage to load into the browser simply states : "An error occurred, please try again later". Potential solutions are perhaps: Download youtube FLV:s and serve them out of own domain (gah) Use custom FLV-player and stream only FLV:s from youtube over a https proxy? Update 10 March: I've tried to use Googles Youtube API for ActionScript to load a player. It looked promising at first and I was able to load a player through my https:// proxy. However, the SWF that is loaded contains loads of explicit calls to different non-ssl urls to create authentication links for the FLV-stream and for loading different crossdomain policies. It really seems like we're not supposed to access flv-streams directly. This makes it very hard to bypass the Internet Explorer warning, short of ripping out the FLV:s from youtube and serving them out of your own domain. There are solutions out there for downloading youtubes FLV:s. But that is not compliant with the Youtube terms of use and is really not an option for us.

    Read the article

  • Mimic.js handle fault response

    - by nikolas
    i use mimic.js regarding a project that i m developing.. the issue that i face, is if there is a fault response from the webservice, mimic, doesn't handle it, and the browser remains "awaiting" for a response, that has actually been back, but hasn't been handled by mimic.. to be more specific, one typical fault response is the following.. <?xml version="1.0" encoding="UTF-8"?> <methodResponse> <fault> <value> <struct> <member> <name>faultCode</name><value><int>104</int></value> </member> <member> <name>faultString</name><value><string>Invalid Input Parameters</string></value> </member> </struct></value></fault></methodResponse> and chrome console get me the error mimic.js:11 Uncaught TypeError: Cannot read property 'childNodes' of null any suggestions on how to handle "fault" responses? mimic.js hasn't been altered at all.. also tried to bypass the fact that mimic can't handle the fault, by trying to use the isFault flag, in the if statement, with no success either.. isFault is supposed to get a boolean value, i guess true/false?

    Read the article

  • How can I read a DBF file with incorrectly defined column data types using ADO.NET?

    - by Jason
    I have a several DBF files generated by a third party that I need to be able to query. I am having trouble because all of the column types have been defined as characters, but the data within some of these fields actually contain binary data. If I try to read these fields using an OleDbDataReader as anything other than a string or character array, I get an InvalidCastException thrown, but I need to be able to read them as a binary value or at least cast/convert them after they are read. The columns that actually DO contain text are being returned as expected. For example, the very first column is defined as a character field with a length of 2 bytes, but the field contains a 16-bit integer. I have written the following test code to read the first column and convert it to the appropriate data type, but the value is not coming out right. The first row of the database has a value of 17365 (0x43D5) in the first column. Running the following code, what I end up getting is 17215 (0x433F). I'm pretty sure it has to do with using the ASCII encoding to get the bytes from the string returned by the data reader, but I'm not sure of another way to get the value into the format that I need, other that to write my own DBF reader and bypass ADO.NET altogether which I don't want to do unless I absolutely have to. Any help would be greatly appreciated. byte[] c0; int i0; string con = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\ASTM;Extended Properties=dBASE III;User ID=Admin;Password=;"; using (OleDbConnection c = new OleDbConnection(con)) { c.Open(); OleDbCommand cmd = c.CreateCommand(); cmd.CommandText = "SELECT * FROM astm2007"; OleDbDataReader dr = cmd.ExecuteReader(); while (dr.Read()) { c0 = Encoding.ASCII.GetBytes(dr.GetValue(0).ToString()); i0 = BitConverter.ToInt16(c0, 0); } dr.Dispose(); }

    Read the article

  • Looping HTML5 audio on the iPhone

    - by Peeps
    I'm trying to make a HTML5 webapp that simply plays a sound over and over and over again, on my iPhone. I don't know any Obj-C to do it natively. What I have works fine, but the sound only plays once: <!DOCTYPE html> <html> <head> <title>noisemaker!</title> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="viewport" content="maximum-scale=1, minimum-scale=1, width=device-width, user-scalable=no" /> <meta name="apple-mobile-web-app-capable" content="yes" /> </head> <body> <audio src="noise.mp3" autoplay controls loop></audio> </body> </html> Is there a way to either bypass the QuickTime audio screen and loop it in the webpage, or get the QuickTime audio screen to loop the sound?

    Read the article

  • Rails user authorization

    - by Zachary
    I am currently building a Rails app, and trying to figure out the best way to authenticate that a user owns whatever data object they are trying to edit. I already have an authentication system in place (restful-authentication), and I'm using a simple before_filter to make sure a user is logged in before they can reach certain areas of the website. However, I'm not sure the best way to handle a user trying to edit a specific piece of data - for example lets say users on my site can own Books, and they can edit the properties of the book (title, author, pages, etc), but they should only be able to do this for Books that -they- own. In my 'edit' method on the books controller I would have a find that only retrieved books owned by the current_user. However, if another user knew the id of the book, they could type in http://website.com/book/7/edit , and the controller would verify that they are logged in, then show the edit page for that book (seems to bypass the controller). What is the best way to handle this? Is it more of a Rails convention routing issue that I don't understand (being able to go straight to the edit page), or should I be adding in a before_find, before_save, before_update, etc callbacks to my model?

    Read the article

  • Visual Studio: How to attach a debugger dynamically to a specific process

    - by Jeff Cyr
    I am building an internal dev tool to manage different processes commonly used in our development environment. The tool show the list the monitored processes, indicate their running state and allow to start or stop each process. I'd like to add the functionality of attaching a debugger to a monitored process from my tool instead of going in 'Debug-Attach to process' in visual studio and finding the process. My goal is to have something like Debugger.Launch() that would show a list of the available visual studio. I can't use Debugger.Launch() because it lauches the debugger on the process that make the call. I would need something like Debugger.Launch(processId). Does anyone know how to acheive this functionality? A solution could be to implement a command in each monitored process to call Debugger.Launch() when the command is received from the monitoring tool, but I would prefer something that does not require to modify the code of the monitored processes. Side question: When using Debugger.Launch(), instances of Visual Studio that already have a debugger attached are not listed. Visual Studio is not limited to one attached debugger, you can attach on multiple process when using 'Debug - Attach to process'. Anyone know how to bypass this limitation when using Debugger.Launch() or an alternative?

    Read the article

  • 1. I fill out a form & click submit. 2. I get the results page. Goal: Get the same results without f

    - by Chris
    This is my first time posting - I greatly appreciate any and all guidance on this subject. Background: I am building a Real Estate web site. I would like to use the free IDX data provided by my local MLS board. The MLS board does not allow me the option of displaying a predefined search and only provides me with a link to the search field. after filling out the search field, I am able to view the results. Goal: I would like to bypass this step and frame the results page into a GoDaddy website I am building, which supports HTML. Here is a link to the search page: http://fgcmls.rapmls.com/scripts/mgrqispi.dll?APPNAME=Fortmyers&PRGNAME=MLSLogin&ARGUMENT=vBSJvLQtMcbg7F0O0KnXDiggv%2F12B0S6Ss9wv4510QA%3D&KeyRid=1 I am trying to only show the listings that appear in my neighborhood. Options include: 1. Property Type - Residential 2. GEO Area - FM11 3. Developments: Fiddlesticks Country Club Once this criteria is entered, I have the page needed to make this project work. Thank all of you for taking the time to read this and for the time you spend helping me out. Best regards, Chris

    Read the article

  • A way to specify a different host in an SSH tunnel from the host in use

    - by Tom
    I am trying to setup an SSH tunnel to access Beanstalk (to bypass an annoying proxy server). I can get this to work, but with one caveat: I have to map my Beanstalk host URL (username.svn.beanstalkapp.com) in my hosts file to 127.0.0.1 (and use the ip in place of the domain when setting up the tunnel). The reason (I think) is that I am creating the tunnel using the local SSH instance (on Snow Leopard) and if I use localhost or 127.0.0.1 when talking to Beanstalk, it rejects the authorisation credentials. I believe this is because Beanstalk use the hostname specified in a request to determine which account the username / password combination should be checked against. If localhost is used, I think this information is missing (in some manner which Beanstalk requires) from the requests. At the moment I dig the IP for username.svn.beanstalkapp.com, map username.svn.beanstalkapp.com to 127.0.0.1 in my hosts file, then for the tunnel I use the command: ssh -L 8080:ip:443 -p 22 -l tom -N 127.0.0.1 I can tell Subversion that the repo. is located at: https://username.svn.beanstalkapp.com:8080/repo-name This uses my tunnel and the username and password are accepted. So, my question is if there is an option when setting up the SSH tunnel which would mean I wouldn't have to use my hosts file workaround?

    Read the article

  • jquery validator message styling error in IE08 only when customised using errorPlacement function

    - by John Slaytor
    Going back to the errorplacement solution by Nadia (http://stackoverflow.com/questions/860055/jquery-override-default-validation-error-message-display-css-popup-tooltip-like) I have tried it and it works like a charm in Safari and Firefox but causes IE08 to bypass the jqueryvalidator and go straight to the server side validator. My code is this - as soon as I insert 'error element.... it is unstable in IE08. All help much appreciated <script type="text/javascript"> $(document).ready(function() { $("#sampleform").validate({ rules: { dinername: "required", venue: "required", contact: "required", dinertelephone: "required", venuetime: "required", numberdiners: "required", dineremail: { required: true, email: true}, datepicker: { required: true,date: true} }, messages: { dinername: "Your name?", numberdiners: "How many guests?", dinertelephone: "Your mobile?", venue: "Which restaurant?", venuetime: "Your arrival time?", datepicker: "Your booking date?", dineremail: "Please enter a valid email address", }, errorElement: "div", errorPlacement: function(error, element) { element.before(error); offset = element.offset(); error.css('right', offset.right); error.css('right', offset.right - element.outerHeight()); } }); }); </script> <script type="text/javascript"> $(function() { $("#datepicker") .datepicker({minDate: 0, maxDate: '+6M +0D',dateFormat: 'DD, d M yy',onClose: function() {$(this).valid();} }); }); </script> The relevant webpage is http://www.johnslaytor.com.au/nilgiris/forms/bookingform/bookingform.html

    Read the article

  • EF Forced Concurrency Checks

    - by Imran
    Hi, I have an issue with EF 4.0 that I hope someone can help with. I currently have an entity that I want to update in a last in wins fashion (i.e. ignore concurrency checks and just overwrite whats in the db with what is submitted). It seems Entity Framework not only includes the primary key of the entity in the where clause of the generated sql, but also any foreign key fields. This is annoying as it means that I don't get true last in wins semantics and need to know what value the fk field had before the update or I get a concurrency exception. I am aware that this can be short circuited by including a foreign key field as well as the navigation property on the entity. I would like to avoid this if possible as it's not a very clean solution. I was just wondering if there was any other way to override this behaviour? It seems like more of a bug than a feature. I have no problem with ef doing concurrency checks if I instruct it to do so but not being able to bypass concurrency completely is a bit of a hindrance as there are many valid scenarios where this is not needed

    Read the article

  • jQuery ajax post failing in asp

    - by Dave Kiss
    hey guys, this might be really stupid, but hopefully someone can help. I'm trying to post to an external script using ajax so i can mail the data, but for some reason my data is not making it to the script. $(document).ready(function() { $("#submitContactForm").click(function () { $('#loading').append('<img src="http://www.xxxxxxxx.com/demo/copyshop/images/loading.gif" alt="Currently Loading" id="loadingComment" />'); var name = $('#name').val(); var email = $('#email').val(); var comment = $('#comment').val(); var dataString = 'name='+ name + '&email=' + email + '&comment=' + comment; $.ajax({ url: 'http://www.xxxxx.com/demo/copyshop/php/sendmail.php', type: 'POST', data: '?name=Dave&[email protected]&comment=hiiii', success: function(result) { $('#loading').append('success'); } }); return false; }); }); the php script is simple (for now - just wanted to make sure it worked) <?php $name = $_POST['name']; $email = $_POST['email']; $comment = $_POST['comment']; $to = '[email protected]'; $subject = 'New Contact Inquiry'; $message = $comment; mail($to, $subject, $message); ?> the jquery is embedded in an .aspx page (a language i'm not familiar with) but is posting to a php script. i'm receiving emails properly but there is no data inside. am i missing something? i tried to bypass the variables in this example, but its still not working thanks

    Read the article

  • innerHTML doesn't work correctly with xhtml in Chrome

    - by Desperadeus
    Hi! I've got a trouble with Chrome5.0.375.70, but FF 3.6.3 and Opera 10.53 are OK. Below is the line of code: document.getElementById('content').innerHTML = data.documentElement.innerHTML; The data object from the code is a document (typeof(data) == 'object') and I've got it by ajax request to chapter01.xhtml: <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html [ <!ENTITY D "&#x2014;"> <!ENTITY o "&#x2018;"> <!ENTITY c "&#x2019;"> <!ENTITY O "&#x201C;"> <!ENTITY C "&#x201D;"> ]> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Alice's Adventures in Wonderland by Lewis Carroll. Chapter I: Down the Rabbit-Hole</title> <link rel="stylesheet" type="text/css" href="style.css"/> <link rel="stylesheet" type="application/vnd.adobe-page-template+xml" href="page-template.xpgt"/> </head> <body> <div class="title_box"> <h2 class="chapnum">Chapter I</h2> <h2 class="chaptitle">Down the Rabbit-Hole</h2> <hr/> </div> The Chrome cuts all before body and as a result link to css in header is missed; user can't see formatted text and images. How can I fix it or bypass?

    Read the article

  • rails Creating a model instance automatically when another is created

    - by bob
    Hello I have a user model and a ratings model. Whenever a new user is created I want to create a new feedback model with it automatically. Each user model has one feedback model and each feedback model has many ratings. My Classes class User < ActiveRecord::Base end class Feedback < ActiveRecord::Base belongs_to :user has_many :ratings end class Rating < ActiveRecord::Base belongs_to :feedback end My database tables -user doesn't have anything special -feedback has user_id. This user_id should be the same as the user that has just been created. For example, user_id of 1 is created, then a feedback model should be created that belongs to user_id of 1. So the user_id column in the feedback database will also be 1. - Rating has a feedback_id and a user_id the user_id in this case is the id of the person who submitted the rating. I am having it assigned through the build command. I believe my process is correct here. The Goal The goal is to have each user have a feedback table that has many ratings from other users. So if someone goes to the feedback page, they will see all the ratings given and by who. Is there a better way to approach this? How do you create a model of feedback with the same id as the user being created right when a new user is created. The idea is that when a user is created a feedback is created associated with that user so people can then go to http://localhost:3000/users/1/feedback/ and submit new ratings. I'm trying to bypass having a user rate another user with just a ratings model because I'm not sure how to do it.

    Read the article

  • How do I authenticate regarding EJB3 Container ?

    - by FMR
    I have my business classes protected by EJB3 security annotations, now I would like to call these methods from a Spring controller, how do I do it? edit I will add some information about my setup, I'm using Tomcat for the webcontainer and OpenEJB for embedding EJB into tomcat. I did not settle on any version of spring so it's more or less open to suggestions. edit current setup works this way : I have a login form + controller that puts a User pojo inside SessionContext. Each time someone access a secured part of the site, the application checks for the User pojo, if it's there check roles and then show the page, if it's not show a appropriate message or redirect to login page. Now the bussiness calls are made thanks to a call method inside User which bypass a probable security context which is a remix of this code found in openejb security examples : Caller managerBean = (Caller) context.lookup("ManagerBeanLocal"); managerBean.call(new Callable() { public Object call() throws Exception { Movies movies = (Movies) context.lookup("MoviesLocal"); movies.addMovie(new Movie("Quentin Tarantino", "Reservoir Dogs", 1992)); movies.addMovie(new Movie("Joel Coen", "Fargo", 1996)); movies.addMovie(new Movie("Joel Coen", "The Big Lebowski", 1998)); List<Movie> list = movies.getMovies(); assertEquals("List.size()", 3, list.size()); for (Movie movie : list) { movies.deleteMovie(movie); } assertEquals("Movies.getMovies()", 0, movies.getMovies().size()); return null; } });

    Read the article

  • Skip HTML escape in custom label_tag helper in Rail 3

    - by tricote
    Hi, I have this nice class ErrorFormBuilder that allows me to add the error description near the corresponding field in the form view : class ErrorFormBuilder < ActionView::Helpers::FormBuilder #Adds error message directly inline to a form label #Accepts all the options normall passed to form.label as well as: # :hide_errors - true if you don't want errors displayed on this label # :additional_text - Will add additional text after the error message or after the label if no errors def label(method, text = nil, options = {}) #Check to see if text for this label has been supplied and humanize the field name if not. text = text || method.to_s.humanize #Get a reference to the model object object = @template.instance_variable_get("@#{@object_name}") #Make sure we have an object and we're not told to hide errors for this label unless object.nil? || options[:hide_errors] #Check if there are any errors for this field in the model errors = object.errors.on(method.to_sym) if errors #Generate the label using the text as well as the error message wrapped in a span with error class text += " <br/><span class=\"error\">#{errors.is_a?(Array) ? errors.first : errors}</span>" end end #Add any additional text that might be needed on the label text += " #{options[:additional_text]}" if options[:additional_text] #Finally hand off to super to deal with the display of the label super(method, text, options) end end But the HTML : text += " <br/><span class=\"error\">#{errors.is_a?(Array) ? errors.first : errors}</span>" is escaped by default in the view... I tried to add the {:escape = false} option : super(method, text, options.merge({:escape => false})) without success Is there any way to bypass this behavior ? Thanks

    Read the article

  • Rackspace Cloud rewrite jpg causes Session reset

    - by willoller
    This may be the .Net version of this question. I have an image script with the following: ... Response.WriteFile(filename); Response.End(); I am rewriting .jpg files using the following rewrite rule in web.config: <rule name="Image Redirect" stopProcessing="true"> <match url="^product-images/(.*).jpg" /> <conditions> <add input="{REQUEST_URI}" pattern="\.(jp?g|JP?G)$" /> </conditions> <action type="Redirect" redirectType="SeeOther" url="/product-images/ProductImage.aspx?path=product-images/{tolower:{R:1}}.jpg" /> </rule> It basically just rewrites the image path into a query parameter. The problem is that (intermittently of course) Mosso returns a new Asp Session cookie which breaks the whole world. Directly accessing a static .jpg file does not cause this problem. Directly accessing the image script does not cause it either. Only rewriting a .jpg file to the .aspx script causes the Session loss. Things I have tried (From the Rackspace doc How can I bypass the cache?) I added Private cacheability to the image script itself: Response.Cache.SetCacheability(HttpCacheability.Private); I tried adding these cache-disabling nodes to web.config: <staticContent> <clientCache cacheControlMode="DisableCache" /> </staticContent> and <httpProtocol> <customHeaders> <add name="Cache-Control private" value="Cache-Control private" </customHeaders> </httpProtocol> The Solution I need The browser cache cannot be disabled. This means potential solutions involving Cache.SetNoStore() or HttpCacheability.NoCache will not work.

    Read the article

  • Low-Hanging Fruit: Obfuscating non-critical values in JavaScript

    - by Piskvor
    I'm making an in-browser game of the type "guess what place/monument/etc. is in this satellite/aerial view", using Google Maps JS API v3. However, I need to protect against cheaters - you have to pass a google.maps.LatLng and a zoom level to the map constructor, which means a cheating user only needs to view source to get to this data. I am already unsetting every value I possibly can without breaking the map (such as center and the manipulation functions like setZoom()), and initializing the map in an anonymous function (so the object is not visible in global namespace). Now, this is of course in-browser, client-side, untrusted JavaScript; I've read much of the obfuscation tag and I'm not trying to make the script bullet-proof (it's just a game, after all). I only need to make the obfuscation reasonably hard against the 1337 Java5kryp7 haxz0rz - "kid sister encryption", as Bruce Schneier puts it. Anything harder than base64 encoding would deter most cheaters by eliminating the lowest-hanging fruit - if the cheater is smart and determined enough to use a JS debugger, he can bypass anything I can do (as I need to pass the value to Google Maps API in plaintext), but that's unlikely to happen on a mass scale (there will also be other, not-code-related ways to prevent cheating). I've tried various minimizers and obfuscators, but those will mostly deal with code - the values are still shown verbatim. TL;DR: I need to obfuscate three values in JavaScript. I'm not looking for bullet-proof armor, just a sneeze-guard. What should I use?

    Read the article

  • Web-app currency input/manipulation/calculation with javascript .. there has got to be a better (fra

    - by dreftymac
    BACKGROUND: I am of the "user-input-lockdown" school of thought. Whenever possible, I try to mistrust and sanitize user input, both client side and server side; and I try to take multiple opportunities to restrict possible inputs to a known subset of possibilities, usually this means providing a lot of checkboxes and select lists. (This is from the usability side of things, I know security-wise that malicious users can easily bypass fixed user input GUI controls). PROBLEM: Anyway, the problem always arises with non-fixed input of currency. Whenever I have to accept a freely-specified dollar amount as user input, I always have to confront these problems/annoyances and it is always painful: 1) Make sure to give the user two input boxes for each currency_datapoint, one for the whole_dollar_part and another for the fractional_pennies_part 2) Whenever the user changes a currency_datapoint, provide keystroke-by-keystroke GUI feedback to let them know whether the currency_datapoint is well-formed, with context-appropriate validation rules (e.g., no negatives?, nonzero only?, numeric only!, no non-numeric punctuation! no symbols!) 3) For display purposes, every user-provided currency_datapoint should be translated to human-readable currency formatting (dollar sign, period, commas provided by the app, where appropriate) 4) For calculation purposes, every user-provided currency_datapoint has to be converted to integer (all pennies, to avoid floating point errors) and summed into a grand total with zero or more subtotals. 5) Every user-provided currency_datapoint should be displayed or displayable in a nice "tabular" format, which auto-updates as the user enters each currency_datapoint, including a baloon that warns when one or more currency_datapoints is not well-formed. I seem to be re-inventing this wheel every time I have to work with currency in Javascript on the client side (server side is a bit more flexible since most programming languages have higher-level currency formatting logic). QUESTION: Has anyone out there solved the problem of dealing with the above issues, client side, in a way that is server-side-technology-stack agnostic, (preferrably plain javascript or jquery)? This is getting old, there has to be a better way.

    Read the article

  • LNK 1104 error to lib file - Continues despite removing includes and links

    - by user1556594
    A link error to a lib file popped up out of the blue in a c++ application of mine after code was working fine in my last session. Error 1 error LNK1104: cannot open file '..........\Program Files (x86)\FMOD SoundSystem\FMOD Programmers API Windows\api\lib\fmodex_vc.lib' I triple checked my project directories were set up correctly to link to the lib file, that the file existed in said directory and that it was a working version of the .lib. My next step was to remove the includes to the file and the links to bypass the error and work on the rest of my code until the problem was solved. The error remains, however, despite: Commenting out absolutely every include relating to the lib. Commenting out absolutely every line of code dependant on the includes. Removing the directory from VC++ Directories in the project properties. Checking the Additional Library Directories field was also clear of references. To my understanding this should have made the library and related code virtually non-existant to the compiler. What am I missing? The library itself is fmodex_vc.lib - part of the FMOD API for providing sound to interactive applications. Again, the application was working one session, but failed to compile the next. I hadn't touched the code since so this led me to believe some aspect of VS is at fault. I'd like to avoid the time involded in re-installing if possible as I'm on the clock for a review tomorrow evening and there are a few more things I'd like to smooth out before then. If necessary, however, I won't hesitate. Very much appreciate the help.

    Read the article

  • Python optimization problem?

    - by user342079
    Alright, i had this homework recently (don't worry, i've already done it, but in c++) but I got curious how i could do it in python. The problem is about 2 light sources that emit light. I won't get into details tho. Here's the code (that I've managed to optimize a bit in the latter part): import math, array import numpy as np from PIL import Image size = (800,800) width, height = size s1x = width * 1./8 s1y = height * 1./8 s2x = width * 7./8 s2y = height * 7./8 r,g,b = (255,255,255) arr = np.zeros((width,height,3)) hy = math.hypot print 'computing distances (%s by %s)'%size, for i in xrange(width): if i%(width/10)==0: print i, if i%20==0: print '.', for j in xrange(height): d1 = hy(i-s1x,j-s1y) d2 = hy(i-s2x,j-s2y) arr[i][j] = abs(d1-d2) print '' arr2 = np.zeros((width,height,3),dtype="uint8") for ld in [200,116,100,84,68,52,36,20,8,4,2]: print 'now computing image for ld = '+str(ld) arr2 *= 0 arr2 += abs(arr%ld-ld/2)*(r,g,b)/(ld/2) print 'saving image...' ar2img = Image.fromarray(arr2) ar2img.save('ld'+str(ld).rjust(4,'0')+'.png') print 'saved as ld'+str(ld).rjust(4,'0')+'.png' I have managed to optimize most of it, but there's still a huge performance gap in the part with the 2 for-s, and I can't seem to think of a way to bypass that using common array operations... I'm open to suggestions :D

    Read the article

  • Lack of security in many PHP applications?

    - by John
    Over the past year of freelancing, I inherited two web projects, both of them built in PHP, both of them with sensitive information like credit card info, bank info, etc... In one application, when I typed http://thecompany.com/admin/, and without being asked for a username and password, I saw every user's sensitive information, including credit card numbers, bank account numbers etc... In another application, I was able to bypass the login screen by simply typing http://the2ndcompany.com/customer.php?user_id=777, and again, without any prompts for username and password, i was able to see user 777's credit card info. I cycled through a few more user_ids (any integer) and saw each person's credit card info. Is something wrong here? Or is this the quality of work that the "average" programmer produces? Because if this is what the average programmer produces, does that means I'm an...gasp...elite programmer?? No..that can't be right....something doesn't make sense. So my question is, is it just coincidence that I inherited two applications both of which are dangerously lacking in security? Or are there are a lot of bad PHP programmers out there?

    Read the article

< Previous Page | 16 17 18 19 20 21 22 23 24 25 26  | Next Page >