Search Results

Search found 6834 results on 274 pages for 'dojo require'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 213/274 | < Previous Page | 209 210 211 212 213 214 215 216 217 218 219 220  | Next Page >

  • What issues to consider when rolling your own data-backend for Silverlight / AJAX on non-ASP.NET ser

    - by Edward Tanguay
    I have read-only Silverlight and AJAX apps which read static text and XML files from a PHP/Apache server, which works very nicely with features such as asynchronous loading, lazy-loading only what I need for each page, loading in the background, developed a little query language to get a PHP script to create custom XML files etc. it's pragmatic read-only REST, and all works fast and fine for read-only sites. Now I want to also add the ability to write data from these apps to a database on the same PHP/Apache server. For those of you who have built similar data-access layers, what do I need to consider while building this, especially regarding security so that not just any client can write and alter my database, e.g.: check HTTP_USER_AGENT for security check REMOTE_ADDR for security require a special code for security, perhaps a list of TAN codes (such as banks use for online transactions) each which can only be used once, both the client and server have these I wonder if there is some kind of standard REST query I should lean on for e.g. building SQL-like statements in the URL parameters, e.g. http://www.thedatalayersite.com/query?insertinto=customers&... Any thoughts, notes from experience, ideas, gotchas, especially ideas on tightening down security in this endeavor would be helpful.

    Read the article

  • Is there an algorithm to securely split a message into x parts requiring at least y parts to reassem

    - by Aaron
    Is there an algorithm to securely split a message into x parts requiring at least y parts to reassemble? Obviously, y <= x. An example: Say that I have a secret message that I only want to be read in the event of my death. As a way to ensure this, I give a fraction of the message to ten friends. Now, I can't guaranty that all my friends will be able to put their messages together to recover the original. So, I construct each message fraction in such a way so as to only require any 5 friends to put their parts together to reconstruct the whole. However, owning less than 5 parts will not give anything away about the message, except possibly the length. My question is, is this possible? What algorithms might I look at to accomplish this? Clarification edit: The important part of this is the cryptographic strength. An attacker should not be able to recover the message, either in whole or in part with less than y parts.

    Read the article

  • Debugging JSR 168 Portlet with spring, eclipse & pluto.

    - by mikep
    I am trying to set up a development environment to test Spring Portlet MVC for development of JSR 168 conforming portlets. I have the latest STS installed, which included Spring 2.5 and Eclipse (Catalina). This has been my environment to develop with Spring MVC, and that works fine using Apache as a local server for debugging. I found some instructions on the Pluto portal site on using Pluto as a remote debugging host for portlets. I have implemented those instructions. I am sending Eclipse into debug mode by right clicking on one of the JSPs and going into "debug as". My problem is that when I log into Pluto, it is not sending me into debug mode. I am seeing the default Pluto page as opposed to my portlet. My portlet has not been installed onto Pluto, and the instructions do not seem to require the portlet to be installed. To help, I have a screen shot at http://www.ceruleaninc.ca/pluto%5Fproblem.jpg, showing the following: Eclipse showing the remote debugging to localhost:8000 Tomcat showing the "Listening for transport dt_socket at address: 8000 The Catalina.bat jpda start command The Pluto Portal screen after log in Thanks much! I would welcome any advice on approaches to debugging portlets. I am not tied to pluto. There does seem to be a lack of detailed instructions on this topic.

    Read the article

  • Distributed Lock Service over MySql/GigaSpaces/Netapp

    - by ripper234
    Disclaimer: I already asked this question, but without the deployment requirement. I got an answer that got 3 upvotes, and when I edited the question to include the deployment requirement the answer then became irrelevant. The reason I'm resubmitting is because SO considers the original question 'answered', even though I got no meaningful upvoted answer. I opened a uservoice submission about this problem. The reason I reposted is so StackOverflow consider the original question answered, so it doesn't show up on the 'unanswered questions' tab. Which distributed lock service would you use? Requirements are: A mutual exclusion (lock) that can be seen from different processes/machines lock...release semantics Automatic lock release after a certain timeout - if lock holder dies, it will automatically be freed after X seconds Java implementation Easy deployment - must not require complicated deployment beyond either Netapp, MySql or GigaSpaces. Must play well with those products (especially GigaSpaces - this is why TerraCotta was ruled out). Nice to have: .Net implementation If it's free: Deadlock detection / mitigation I'm not interested in answers like "it can be done over a database", or "it can be done over JavaSpaces" - I know. Relevant answers should only contain a ready, out-of-the-box, proven implementation.

    Read the article

  • lightweight webserver to integrate on client end.

    - by Gopal
    Hi ,... I need to create a python module that will be installed on end-user machines. One of the scripts in that module should be able to receive http POSTS (usually with some JSON formatted data in the body) and then pass on that data to an appropriate python script. I can think of two ways to do this: a) Open a listening server socket on port 80, wait for that http request to come in, parse it and then pass that data to another python script depending on the url that arrived. This method will not require the end-user to install a webserver. End user only has to install the python module. b) Have a mini-webserver installed along with the python module. The webserver will do the same job as [a] via CGI without me requiring to write the CGI functionality. But then the user will have to install the web-server (ie., the hassle of yet another install). Would like to avoid that if possible. IF [b] is the easier option, what is the smallest simplest webserver there is (preferably one that can be packaged as part of the python module itself so that it does not have to be separately installed). Must be opensource of course. regards Gopal

    Read the article

  • Dependency injection and factory

    - by legenden
    Trying to figure out how to best handle the following scenario: Assume a RequestContext class which has a dependency to an external service, such as: public class RequestContext : IRequestContext { private readonly ServiceFactory<IWeatherService> _weatherService; public RequestContext(ServiceFactory<IWeatherService> weatherService, UserLocation location, string query) { _weatherService = weatherService; ... What sort of dependency should I require in the class that will ultimately instantiate RequestContext? It could be ServiceFactory<IWeatherService>, but that doesn't seem right, or I could create an IRequestContextFactory for it along the lines of: public class RequestContextFactory : IRequestContextFactory { private readonly ServiceFactory<IWeatherService> _weatherService; public RequestContextFactory(ServiceFactory<IWeatherService> weatherService) { _weatherService = weatherService; } public RequestContext Create(UserLocation location, string query) { return new RequestContext(_weatherService, location, query); } } And then pass the IRequestContextFactory through constructor injection. This seems like a good way to do it, but the problem with this approach is that I think it hinders discoverability (devs must know about the factory and implement it, which is not really apparent). Is there a better/more discoverable way that I'm missing?

    Read the article

  • Problem with Zend Project

    - by Fincha
    Hello, i write a script and it works perfectly, on my local server. I have uploaded it on my server and now I getting this Problem Parse error: syntax error, unexpected '{' in /homepages/46/d319011794/htdocs/suche/public/index.php on line 18 an here is my index.php <?php error_reporting(E_ALL || E_STRICT); define('APPLICATION_PATH', realpath(dirname(__FILE__)) . '/../application'); set_include_path( APPLICATION_PATH . '/../library' . PATH_SEPARATOR . '../application/models' . PATH_SEPARATOR . get_include_path() ); require_once 'Zend/Loader.php'; Zend_Loader::registerAutoload(); new App_Connect(); try { //Line 18 require '../application/bootstrap.php'; } catch(Exception $exception) { echo "<html><body>Fehler beim bootstraping"; if(defined('APPLICATION_ENVIROMENT') && APPLICATION_EVIROMENT != 'production') { echo "<br><br>" . $exception->getMessage() . "<br>" . "<div align='left'>Stack Trace: " . "<pre> " . $exception->getTraceAsString() . "</pre></div>"; } echo "</body></html>"; exit(1); } Zend_Controller_Front::getInstance()->dispatch(); This is a Zend Project... so may be some one know what to do...

    Read the article

  • Can I ignore a SIGFPE resulting from division by zero?

    - by Mikeage
    I have a program which deliberately performs a divide by zero (and stores the result in a volatile variable) in order to halt in certain circumstances. However, I'd like to be able to disable this halting, without changing the macro that performs the division by zero. Is there any way to ignore it? I've tried using #include <signal.h> ... int main(void) { signal(SIGFPE, SIG_IGN); ... } but it still dies with the message "Floating point exception (core dumped)". I don't actually use the value, so I don't really care what's assigned to the variable; 0, random, undefined... EDIT: I know this is not the most portable, but it's intended for an embedded device which runs on many different OSes. The default halt action is to divide by zero; other platforms require different tricks to force a watchdog induced reboot (such as an infinite loop with interrupts disabled). For a PC (linux) test environment, I wanted to disable the halt on division by zero without relying on things like assert.

    Read the article

  • Canonical resource for forms-based design in ASP.NET MVC?

    - by Robert Harvey
    Is there a resource on the web that describes various form scenarios in ASP.NET MVC, and gives example solutions within a sensible, consistent design philosophy? Examples of such scenarios might be: One-to-many forms, like invoice data-entry forms. Foreign-table forms such as Add New User in a form that requires specifying a user Forms that require dynamic interaction, using Ajax or JSON. Popup forms Forms requiring multiple data records to be input, without postbacks. Note that there is considerable conceptual and technological overlap among these example scenarios. I am aware that there is a vast patchwork quilt of available technologies and examples out there that provide partial solutions and pieces of solutions, such as jQuery Ajax, CSS, and so forth. But I would like guidance in using these technologies in more effective and consistent ways. I am not considering web forms integration with an ASP.NET MVC application; I would still like my applications to be pure MVC. Nor am I, at the moment, considering a paid solution like Telerik. But I would like to know if someone has already done some of the work combining these technologies into a consistent, cohesive whole, that follows a sensible design philosophy. (an open source framework, perhaps?)

    Read the article

  • Pass a data.frame column name to a function

    - by Kevin Middleton
    I'm trying to write a function to accept a data.frame (x) and a column from it. The function performs some calculations on x and later returns another data.frame. I'm stuck on the best-practices method to pass the column name to the function. The two minimal examples fun1 and fun2 below produce the desired result, being able to perform operations on x$column, using max() as an example. However, both rely on the seemingly (at least to me) inelegant (1) call to substitute() and possibly eval() and (2) the need to pass the column name as a character vector. fun1 <- function(x, column){ do.call("max", list(substitute(x[a], list(a = column)))) } fun2 <- function(x, column){ max(eval((substitute(x[a], list(a = column))))) } df <- data.frame(A = 1:20, B = rnorm(10)) fun1(df, "B") fun2(df, "B") I would like to be able to call the function as fun(df, B), for example. Other options I have considered but have not tried: Pass column as an integer of the column number. I think this would avoid substitute(). Ideally, the function could accept either. with(x, get(column)), but, even if it works, I think this would still require substitute Make use of formula() and match.call(), neither of which I have much experience with. Subquestion: Is do.call() preferred over eval()? Thanks, Kevin

    Read the article

  • Looking for a good dev environment for OSGi bundles

    - by Riduidel
    Hi, I'm currently investigating in the field of dev environment for OSGi bundles. My goal is to find a way to develop, test and debug with ease the bundles I'll be coding. Besides, I have some "cultural" requirements. I want to be able to use java continuous integration servers (typically, Hudson) As a consequence of that first requirement, I want to have a repeatable, one-click build process. My typical tool for that is maven. And finally, being long-term Eclipse user, and having the m2eclipse at hand to merge my eclipse env with my maven one, I obviously want to be able to test and debug with that IDE. So far, here are the infos I know I can use (and have already tested) maven-bundle-plugin, maven-ipojo-plugin which both offer clean packaging facilities I have tested maven pax (and eclipse pax) and am not really satisfied with both : maven pax generates a very heavy project, where adding dependencies is very error-prone (the maven pax:import-bundle command line, with all its arguments, is a hell per se) I have taken a look at Karaf, which seems to have some nice direct maven provisionning, but I don't know how to integrate it with my Eclipse, besides using the traditionnal JPDA bridge. However, it seems to be more production-oriented than dev-oriented, and as such may require heavy configuration to fit my need (although the reading of its user manual doesn't revedal that). Have you got any ideas ? Some maven/eclipse plugins ?

    Read the article

  • Dealing with Imprecise Drawing in CAD Drawing

    - by Graviton
    I have a CAD application, that allows user to draw lines and polygons and all that. One thorny problem that I face is user drawing can be highly imprecise, for example, a user might want to draw two rectangles that are connected to each other. Hence there should be one line shared by two rectangles. However, it's easy for user to, instead of draw a line, draw two lines that are very close to each other, so close to each other that when look from the screen, you would be mistaken that they are the same line, except that they aren't when you zoom in a little bit. My application would require user to properly draw the lines ( or my preprocessing must be able to do auto correction), or else my internal algorithm would not be able to process the inputs correctly. What is the best strategy to combat this kind of problem? I am thinking about rounding the point coordinates to a certain degree of precision, but although I can't exactly pinpoint the problem of this approach, but I feel that this is not the correct way of doing things, that this will introduce a new set of problem. Any idea?

    Read the article

  • Database sharing/versioning

    - by DarkJaff
    Hi everyone, I have a question but I'm not sure of the word to use. My problem: I have an application using a database to stock information. The database can ben in access (local) or in a server (SQL Server or Oracle). We support these 3 kind of database. We want to give the possibility to the user to do what I think we can call versioning. Let me explain : We have a database 1. This is the master. We want to be able to create a database 2 that will be the same thing as database 1 but we can give it to someone else. They each work on each other side, adding, modifying and deleting records on this very complex database. After that, we want the database 1 to include the change from database 2, but with the possibility to dismiss some of the change. For you information, ou application is already multiuser so why don't we just use this multi-user and forget about this versionning? It's because sometimes, we need to give a copy of the database to another company on another site and they can't connect on our server. They work on their side and then, we want to merge. Is there anyone here with experience with this type of requirement? We have a lot of ideas but most of them require a LOT of work, massive modification to the database or to the existing queries. This is a 2 millions and growing C++ app, so rewriting it is not possible! Thanks for any ideas that you may give us! J-F

    Read the article

  • How can I work around the fact that in C++, sin(M_PI) is not 0?

    - by Adam Doyle
    In C++, const double Pi = 3.14159265; cout << sin(Pi); // displays: 3.58979e-009 it SHOULD display the number zero I understand this is because Pi is being approximated, but is there any way I can have a value of Pi hardcoded into my program that will return 0 for sin(Pi)? (a different constant maybe?) In case you're wondering what I'm trying to do: I'm converting polar to rectangular, and while there are some printf() tricks I can do to print it as "0.00", it still doesn't consistently return decent values (in some cases I get "-0.00") The lines that require sin and cosine are: x = r*sin(theta); y = r*cos(theta); BTW: My Rectangular - Polar is working fine... it's just the Polar - Rectangular Thanks! edit: I'm looking for a workaround so that I can print sin(some multiple of Pi) as a nice round number to the console (ideally without a thousand if-statements) edit: In case anyone's curious, this was what I landed on: double sin2(double theta) // in degrees { double s = sin(toRadians(theta)); if (fabs(s - (int)s) < 0.000001) { return floor(s + 0.5); } return s; } where toRadians() is a macro that converts to radians

    Read the article

  • How to make a mapped field inherited from a superclass transient in JPA?

    - by Russ Hayward
    I have a legacy schema that cannot be changed. I am using a base class for the common features and it contains an embedded object. There is a field that is normally mapped in the embedded object that needs to be in the persistence id for only one (of many) subclasses. I have made a new id class that includes it but then I get the error that the field is mapped twice. Here is some example code that is much simplified to maintain the sanity of the reader: @MappedSuperclass class BaseClass { @Embedded private Data data; } @Entity class SubClass extends BaseClass { @EmbeddedId private SubClassId id; } @Embeddable class Data { private int location; private String name; } @Embeddable class SubClassId { private int thingy; private int location; } I have tried @AttributeOverride but I can only get it to rename the field. I have tried to set it to updatable = false, insertable = false but this did not seem to work when used in the @AttributeOverride annotation. See answer below for the solution to this issue. I realise I could change the base class but I really do not want to split up the embedded object to separate the shared field as it would make the surrounding code more complex and require some ugly wrapping code. I could also redesign the whole system for this corner case but I would really rather not. I am using Hibernate as my JPA provider.

    Read the article

  • Cross-platform and language (de)serialization

    - by fwgx
    I'm looking for a way to serialize a bunch of C++ structs in the most convenient way so that the serialization is portable across C++ and Java (at a minimum) and across 32bit/64bit, big/little endian platforms. The structures to be serialized just contain data, i.e. they're pure data objects with no state or behavior. The idea being that we serialize the structs into an octet blob that we can store in a database "generically" and be read out later on. Thus avoiding changing the database whenever a struct changes and also avoiding assigning each data member to a field - i.e. we only want one table to hold everything "generically" as a binary blob. This should make less work for developers and require less changes when structures change. I've looked at boost.serialize but don't think there's a way to enable compatibility with Java. And likewise for inheriting Serializable in Java. If there is a way to do it by starting with an IDL file that would be best as we already have IDL files that describe the structures. Cheers in advance!

    Read the article

  • Calling PHP functions within HEREDOC strings

    - by Doug Kavendek
    In PHP, the HEREDOC string declarations are really useful for outputting a block of html. You can have it parse in variables just by prefixing them with $, but for more complicated syntax (like $var[2][3]), you have to put your expression inside {} braces. In PHP 5, it is possible to actually make function calls within {} braces inside a HEREDOC string, but you have to go through a bit of work. The function name itself has to be stored in a variable, and you have to call it like it is a dynamically-named function. For example: $fn = 'testfunction'; function testfunction() { return 'ok'; } $string = <<< heredoc plain text and now a function: {$fn()} heredoc; As you can see, this is a bit more messy than just: $string = <<< heredoc plain text and now a function: {testfunction()} heredoc; There are other ways besides the first code example, such as breaking out of the HEREDOC to call the function, or reversing the issue and doing something like: ?> <!-- directly outputting html and only breaking into php for the function --> plain text and now a function: <?PHP print testfunction(); ?> The latter has the disadvantage that the output is directly put into the output stream (unless I'm using output buffering), which might not be what I want. So, the essence of my question is: is there a more elegant way to approach this? Edit based on responses: It certainly does seem like some kind of template engine would make my life much easier, but it would require me basically invert my usual PHP style. Not that that's a bad thing, but it explains my inertia.. I'm up for figuring out ways to make life easier though, so I'm looking into templates now.

    Read the article

  • Ways to gain a deeper understanding of programming concepts?

    - by MrPlow
    I'm a marketer and have been messing around in PHP/MySQL for years. Recently (the last several months) I've been making my own scripts/programs in Python and I've really enjoyed the whole problem solving process. I've read(skimmed) some books and understand the basics of OOP, polymorphism, etc.. I have a general interest in AI and Natural Language in particular but it seems these things require a masters in Computer Science. My knowledge of math is poor. The last class I took was calculus, and I've forgotten the majority of it. Basically I'm looking for things to learn that will help me think in a more analytic way, and maybe see solutions where I didn't before. Improving my ability to program in Python would be nice too. I don't need to learn a specific language or something for employment, just enjoyment. Although my work often involves web development so some utility would be nice. I don't like learning concepts by just reading them. I need to apply them, even if the examples are contrived. A recommendation of a couple good books or other resources would be nice. :) Apologies if this is too vague/misplaced...

    Read the article

  • Visual Studio: How to attach a debugger dynamically to a specific process

    - by Jeff Cyr
    I am building an internal dev tool to manage different processes commonly used in our development environment. The tool show the list the monitored processes, indicate their running state and allow to start or stop each process. I'd like to add the functionality of attaching a debugger to a monitored process from my tool instead of going in 'Debug-Attach to process' in visual studio and finding the process. My goal is to have something like Debugger.Launch() that would show a list of the available visual studio. I can't use Debugger.Launch() because it lauches the debugger on the process that make the call. I would need something like Debugger.Launch(processId). Does anyone know how to acheive this functionality? A solution could be to implement a command in each monitored process to call Debugger.Launch() when the command is received from the monitoring tool, but I would prefer something that does not require to modify the code of the monitored processes. Side question: When using Debugger.Launch(), instances of Visual Studio that already have a debugger attached are not listed. Visual Studio is not limited to one attached debugger, you can attach on multiple process when using 'Debug - Attach to process'. Anyone know how to bypass this limitation when using Debugger.Launch() or an alternative?

    Read the article

  • How can I print a web page on a server?

    - by Gavin Schultz
    Suppose I develop a web page using the cool Google visualization API, and it does everything the user wants. They can the parameters, look at the graphs, and print the page to get a reasonable-looking report. All good. Now suppose I want to do the same thing server-side. For example, say we need a set of report generated at a specific time of day, printed to a PDF and emailed to a manager. It's not a user-initiated action, so we don't have a user's browser or their printer. We have a URL that would render the report if we had a browser, and that's it. Is there a good way to do this server-side? Is this just foolish? Has anyone done anything like that before? Do any of the major browsers have APIs that might provide such functionality? Keep in mind too that it's not just static HTML; probably javascript will be running first to shift the DOM around. I know we could implement a whole different reporting engine on the server side to do this, but that will (a) generate reports that look a bit different, and (b) require me to build/maintain two sets of functionality. Instead, I'd be happy if I could just render the page / pages I want in an invisible server-side browser and print it to a PDF (let's mostly ignore that step - I know any number of PDF printer drivers that could do this). I don't really want to do it ugly either - i.e. by starting a browser process and then sending keystrokes directly to the window either - that's just bound to fall apart with a slight nudge. The only related question I found had an answer like that. Any advice appreciated!

    Read the article

  • Images in database vs file system

    - by Jesse
    We have a project coming up where we will be building a whole backend CMS system that will power our entire extranet and intranet with one package. The question I have been trying to find an answer to is which is better: storing images in the database (SQL Server 2005) so we may have integrity, single replication plan, etc OR storing on the file system? One issue we have is that we have multiple servers load balanced that require to have the same data at all times. As of now we have SQL replication taking care of that but file replication seems to be a little tougher. Another concern we have is that we would like to have multiple resolutions of the same image, we are not sure if creating and storing each version on the file system would be best or maybe dynamically pulling and creating the resolution image we would like upon request. Our concerns are the with the following: Data integrity Data replication Multiple resolutions Speed of database vs file system Overhead load of database vs file system Data management and backup Does anyone have a similar situation or have any input on what would be recommended? Thanks in advance for the help!

    Read the article

  • Rubygems on Debian: Gems won't load (LoadError)

    - by daswerth
    I've installed the development version of Crunchbang, a linux distro based off Debian. I got Ruby and Rubygems installed, but I can't get the gems I've installed to load. Here is a command-line session: $ ruby -v ruby 1.9.1p378 (2010-01-10 revision 26273) [i486-linux] $ gem env RubyGems Environment: - RUBYGEMS VERSION: 1.3.6 - RUBY VERSION: 1.9.1 (2010-01-10 patchlevel 378) [i486-linux] - INSTALLATION DIRECTORY: /usr/lib/ruby1.9.1/gems/1.9.1 - RUBY EXECUTABLE: /usr/bin/ruby1.9.1 - EXECUTABLE DIRECTORY: /usr/bin - RUBYGEMS PLATFORMS: - ruby - x86-linux - GEM PATHS: - /usr/lib/ruby1.9.1/gems/1.9.1 - /home/corey/.gem/ruby/1.9.1 - GEM CONFIGURATION: - :update_sources => true - :verbose => true - :benchmark => false - :backtrace => false - :bulk_threshold => 1000 - REMOTE SOURCES: - http://rubygems.org/ $ echo $PATH /home/corey/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games:/home/corey/.gem/ruby/1.9.1:/usr/lib/ruby1.9.1/gems/1.9.1 $ gem list -d nokogiri `*** LOCAL GEMS ***` nokogiri (1.4.1) Authors: Aaron Patterson, Mike Dalessio Rubyforge: http://rubyforge.org/projects/nokogiri Homepage: http://nokogiri.org Installed at: /usr/lib/ruby1.9.1/gems/1.9.1 Nokogiri (?) is an HTML, XML, SAX, and Reader parser $ ruby -r rubygems -e "require 'nokogiri'" -e:1:in `require': no such file to load -- nokogiri (LoadError) from -e:1:in `' I've encountered similar problems on Ubuntu before, but they were easy to fix. I can't figure out what's wrong in this particular case, and Google didn't seem to know either. Any help would be greatly appreciated! By the way... this is my first submission to stackoverflow. I hope this question is relevant. :)

    Read the article

  • If attacker has original data and encrypted data, can they determine the passphrase?

    - by Brad Cupit
    If an attacker has several distinct items (for example: e-mail addresses) and knows the encrypted value of each item, can the attacker more easily determine the secret passphrase used to encrypt those items? Meaning, can they determine the passphrase without resorting to brute force? This question may sound strange, so let me provide a use-case: User signs up to a site with their e-mail address Server sends that e-mail address a confirmation URL (for example: https://my.app.com/confirmEmailAddress/bill%40yahoo.com) Attacker can guess the confirmation URL and therefore can sign up with someone else's e-mail address, and 'confirm' it without ever having to sign in to that person's e-mail account and see the confirmation URL. This is a problem. Instead of sending the e-mail address plain text in the URL, we'll send it encrypted by a secret passphrase. (I know the attacker could still intercept the e-mail sent by the server, since e-mail are plain text, but bear with me here.) If an attacker then signs up with multiple free e-mail accounts and sees multiple URLs, each with the corresponding encrypted e-mail address, could the attacker more easily determine the passphrase used for encryption? Alternative Solution I could instead send a random number or one-way hash of their e-mail address (plus random salt). This eliminates storing the secret passphrase, but it means I need to store that random number/hash in the database. The original approach above does not require storage in the database. I'm leaning towards the the one-way-hash-stored-in-the-db, but I still would like to know the answer: does having multiple unencrypted e-mail addresses and their encrypted counterparts make it easier to determine the passphrase used?

    Read the article

  • Ajax Rich Internet Application framework for Linux + Firefox _AND_ iPhone consumption

    - by Maroloccio
    For a zero-budget (e.g. University) project we need to build a rich web UI for Firefox and iPhone clients. Firm requirement: all technologies to be free and open-source. Nice-to-have: all development to be done in Java/Eclipse. I generally like the Google's AppEngine + GWT combo but this project will require much more interactivity than what's in GWT 2.0. Something along the lines of: http://www.smartclient.com/smartgwt/showcase/. I know trusty plain ol' GWT won't cut it this time. Straight question: is there something that does the sort of thing that SmartGWT does and works really well on Safari/iPhone? I would say the mobile experience is even more important for this project than the desktop one. Optional question: perhaps this is not the best route to go at all? How could we otherwise render a rich UI with such capabilities and interactivity on both screen sizes? Windows, drag-and-drop, advanced tabs, dynamic grids... We don't need to support any other mobile devices. Yet. ;-)

    Read the article

  • Broken ssl, what to do

    - by TIT
    I have a site and i implemented ssl there. but when i browse it, the security seals dont come. i asked to godaddy, they replaid: Thank you for contacting online support. I cannot replicate the issue you have described. The error you described is caused by the way your site has been designed. If you receive this error, you have a combination of secure and non-secure objects on the page. For example, if your secure website was https://www.domain.tld and you added an object (an image, script, flash file, etc.) to that page that was located at http://www.domain.tld/image.jpg, you would break the seal. You will need to change your design to link to objects using https (ie https://www.domain.tld/image.jpg) or modify your site design to use relative paths (/image.jpg). This error can only be corrected by modifying your site design. Please contact your web designer or the manufacturer of your web design software if you require additional assistance modifying your site design. but the problem is i made everything,all my images javascripts are unders https, but the seal still not coming, saying: some content insecure. what is the problem.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 209 210 211 212 213 214 215 216 217 218 219 220  | Next Page >