Search Results

Search found 3370 results on 135 pages for 'attack vector'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 24/135 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • C++ bughunt - High-score insertion in a vector crashes the program

    - by Francisco P.
    Hello, everyone! I have a game I'm working on. My players are stored in a vector, and, at the end of the game, the game crashes when trying to insert the high-scores in the correct positions. Here's what I have (please ignore the portuguese comments, the code is pretty straightforward :P): //TOTAL_HIGHSCORES is the max. number of hiscores that i'm willing to store. This is set as 10. bool Game::updateHiScores() { bool stopIterating; bool scoresChanged = false; //Se ainda nao existirem TOTAL_HISCORES melhores pontuacoes ou se a pontuacao for melhor que uma das existentes for (size_t i = 0; i < players.size(); ++i) { //&& !(players[i].isAI()) if (players[i].getScoreValue() > 0 && (hiScores.size() < TOTAL_HISCORES || hiScores.back() < players[i].getScore())) { scoresChanged = true; if(hiScores.empty() || hiScores.back() >= players[i].getScore()) hiScores.push_back(players[i].getScore()); else { //Ciclo que encontra e insere a pontuacao no lugar desejado stopIterating = false; for(vector<Score>::iterator it = hiScores.begin(); it < hiScores.end() && !(stopIterating); ++it) { if(*it <= players[i].getScore()) { //E inserida na posicao 'it' o Score correspondente hiScores.insert(it, players[i].getScore()); //Verifica se o comprimento do vector esta dentro do desejado, se nao estiver, este e rectificado if (hiScores.size() > TOTAL_HISCORES) hiScores.pop_back(); stopIterating = true; } } } } } if (scoresChanged) sort(hiScores.begin(), hiScores.end(), higher); return scoresChanged; } What am I doing wrong here? Thanks for your time, fellas.

    Read the article

  • How to copy_if from map to vector?

    - by VJo
    I'd like to copy values that match a predicate (equal ints) from a map<string,int> to a vector<int>. This is what I tried: #include <map> #include <vector> #include <algorithm> int main() { std::vector< int > v; std::map< std::string, int > m; m[ "1" ] = 1; m[ "2" ] = 2; m[ "3" ] = 3; m[ "4" ] = 4; m[ "5" ] = 5; std::copy_if( m.begin(), m.end(), v.begin(), [] ( const std::pair< std::string,int > &it ) { return ( 0 == ( it.second % 2 ) ); } ); } The error message from g++ 4.6.1 is : error: cannot convert 'std::pair<const std::basic_string<char>, int>' to 'int' in assignment Is there a way to adjust the example to do the above copy?

    Read the article

  • c++ STL vector is not acccepting the copy constructor

    - by prabhakaran
    I wrote a code ( c++,visual studio 2010) which is having a vector, even I though copy const is declared, but is still showing that copy const is not declared Here the code #include<iostream> #include<vector> using namespace std; class A { public: A(){cout << "Default A is acting" << endl ;} A(A &a){cout << "Copy Constructor of A is acting" << endl ;} }; int main() { A a; A b=a; vector<A> nothing; nothing.push_back(a); int n; cin >> n; } The error I got is Error 1 error C2558: class 'A' : no copy constructor available or copy constructor is declared 'explicit' c:\program files\microsoft visual studio 10.0\vc\include\xmemory 48 1 delete Anybody please help me

    Read the article

  • How to make a multi vector in C++

    - by Bob Dealio
    I was wondering why can't I have a multi vectors in C ++ /please take a look at this example, it's not working though. there are only two parts to the code, foo function to manipulate the vector and the main function to echo them. typedef vector< vector<double> > MyVec; MyVec foo() { MyVec v; for (int index=0; index < 2; index ++) { for (int j=0; j<5; j++) { v[index][j]; } } return v; } int main () { MyVec z = foo(); for (int i = 0; i < z.size(); i++) { cout << z[i][1]; } return 0; }

    Read the article

  • how to implement a sparse_vector class

    - by Neil G
    I am implementing a templated sparse_vector class. It's like a vector, but it only stores elements that are different from their default constructed value. So, sparse_vector would store the index-value pairs for all indices whose value is not T(). I am basing my implementation on existing sparse vectors in numeric libraries-- though mine will handle non-numeric types T as well. I looked at boost::numeric::ublas::coordinate_vector and eigen::SparseVector. Both store: size_t* indices_; // a dynamic array T* values_; // a dynamic array int size_; int capacity_; Why don't they simply use vector<pair<size_t, T>> data_; My main question is what are the pros and cons of both systems, and which is ultimately better? The vector of pairs manages size_ and capacity_ for you, and simplifies the accompanying iterator classes; it also has one memory block instead of two, so it incurs half the reallocations, and might have better locality of reference. The other solution might search more quickly since the cache lines fill up with only index data during a search. There might also be some alignment advantages if T is an 8-byte type? It seems to me that vector of pairs is the better solution, yet both containers chose the other solution. Why?

    Read the article

  • Having trouble creating vectors of System::String^

    - by Justen
    So I have a regex expression to parse certain parts of a file name. I'm trying to store each part in its own vector until I use it later, but it won't let me. One error I get when I try making a vector of System::String^ is that error C3698: 'System::String ^' : cannot use this type as argument of 'new' Then, when I try just making a vector of std::string, it can't implicitly convert to type System::String^, and casting won't work either. void parseData() { System::String^ pattern = "(\\D+)(\\d+)(\\w{1})(\\d+)\\.(\\D{3})"; std::vector < System::String^ > x, y, filename, separator; Regex re( pattern ); for ( int i = 0; i < openFileDialog1->FileNames->Length; i++ ) { Match^ m = re.Match( openFileDialog1->FileNames[i] ); filename.push_back( m->Groups[0]->Value );/* x.push_back( m->Groups[1]->Value ); separator.push_back( m->Groups[2]->Value ); y.push_back( m->Groups[3]->Value );*/ } }

    Read the article

  • What's the problem with the code below ?

    - by VaioIsBorn
    #include <iostream> #include <vector> using namespace std; int main(void) { int i, s, g; vector<int> a; cin >> s; for(i=1;i<=s;i++) { g = s; if(g<10) a.push_back(g); else { vector<int> temp; while(g > 0) { int k = g % 10; g = g / 10; temp.push_back(g); } for(int j=temp.size();j>0;j--) { a.push_back(temp[j]); } } } cout << a[s-1] << endl; return 0; } What is wrong with the code above ? It doesn't give me the appropriate results. The vector a is supposed to hold the values from 1, 2, 3...up to s such that a = 12345..910111213... and print to output a[s]. Ex if s=15 a=123456789101112131415 and a[15] = 2 . If someone could tell me what's the problem

    Read the article

  • Copy object using pointer (templates)

    - by Azodious
    How the push_back of stl::vector is implemented so it can make copy of any datatype .. may be pointer, double pointer and so on ... I'm implementing a template class having a function push_back almost similar to vector. Within this method a copy of argument should be inserted in internal memory allocated memory. but the argument is a pointer. (an object pointer). Can you pls tell how to create copy from pointer. so that if i delete the pointer in caller still the copy exists in my template class? Code base is as follows: template<typename T> class Vector { public: void push_back(const T& val_in) { T* a = *(new T(val_in)); m_pData[SIZE++] = a; } } Caller: Vector<MyClass*> v(3); MyClass* a = new MyClass(); a->a = 0; a->b = .5; v.push_back(a); delete a; Thanks.

    Read the article

  • Best Methods for Dynamically Creating New Objects

    - by frankV
    I'm looking for a method to dynamically create new class objects during runtime of a program. So far what I've read leads me to believe it's not easy and normally reserved for more advanced program requirements. What I've tried so far is this: // create a vector of type class vector<class_name> vect; // and use push_back (method 1) vect.push_back(*new Object); //or use for loop and [] operator (method 2) vect[i] = *new Object; neither of these throw errors from the compiler, but I'm using ifstream to read data from a file and dynamically create the objects... the file read is taking in some weird data and occasionally reading a memory address, and it's obvious to me it's due to my use/misuse of the code snippet above. The file read code is as follows: // in main ifstream fileIn fileIn.open( fileName.c_str() ); // passes to a separate function along w/ vector loadObjects (fileIn, vect); void loadObjects (ifstream& is, vector<class_name>& Object) { int data1, data2, data3; int count = 0; string line; if( is.good() ){ for (int i = 0; i < 4; i++) { is >> data1 >> data2 >> data3; if (data1 == 0) { vect.push_back(*new Object(data2, data3) ) } } } }

    Read the article

  • Meet-in-the-Middle Atack on an NTRU Private key

    - by Elena Kirshanova
    Hello everyone. I was wondering if anyone could tell me how to represent the enumeration of vectors of privite key f in a Meet-In-the-Middle Attack on an NTRU Private key. I can not understand the example, given here http://securityinnovation.com/cryptolab/pdf/NTRUTech004v2.pdf I'll be very thankful if anyone could show an example in detail.

    Read the article

  • How can I stop a bot attack on my site?

    - by tnorthcutt
    I have a site (built with wordpress) that is currently under a bot attack (as best I can tell). A file is being requested over and over, and the referrer is (almost every time) turkyoutube.org/player/player.swf. The file being requested is deep within my theme files, and is always followed by "?v=" and a long string (i.e. r.php?v=Wby02FlVyms&title=izlesen.tk_Wby02FlVyms&toke). I've tried setting an .htaccess rule for that referrer, which seems to work, except that now my 404 page is being loaded over and over, which is still using lots of bandwidth. Is there a way to create an .htaccess rule that requires no bandwidth usage on my part? I also tried creating a robots.txt file, but the attack seems to be ignoring that. #This is the relevant part of the .htaccess file: RewriteCond %{HTTP_REFERER} turkyoutube\.org [NC] RewriteRule .* - [F]

    Read the article

  • Getting attacked, please what do I do?

    - by E3pO
    Getting millions of these requests! How can i stop these??? Gecko/20100101 Firefox/12.0" 173.59.227.11 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338416620414 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 173.72.197.39 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338416641552 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 2.222.7.143 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338416647004 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 62.83.154.11 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338416572373 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 65.35.221.207 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338416453921 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BOIE8;ENUS)" 68.40.182.244 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338415880184 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0" 99.244.26.33 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338384208421 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0" 65.12.234.229 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338415812217 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 173.59.227.11 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338416620415 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 68.40.182.244 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338415881181 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0" 188.82.242.197 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338414398872 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0) Gecko/20100101 Firefox/12.0" 99.244.26.33 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338384208454 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0" 173.59.227.11 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338416620424 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 68.40.182.244 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338415882180 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0" 65.12.234.229 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338415812229 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 95.34.134.51 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338416367865 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 65.35.221.207 - - [30/May/2012:18:23:45 -0400] "GET /?id=1338416453937 HTTP/1.1" 200 28 "http://108.166.97.22/" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; BOIE8;ENUS)" How can i filter GET requests containing "http://108.166.97.22/" ?

    Read the article

  • XSS attack to bypass htmlspecialchars() function in value attribute

    - by Setzer
    Let's say we have this form, and the possible part for a user to inject malicious code is this below ... <input type=text name=username value=<?php echo htmlspecialchars($_POST['username']); ? ... We can't simply put a tag, or a javascript:alert(); call, because value will be interpreted as a string, and htmlspecialchars filters out the <,,',", so We can't close off the value with quotations. We can use String.fromCode(.....) to get around the quotes, but I still unable to get a simple alert box to pop up. Any ideas?

    Read the article

  • How do you protect against specific CSRF attack

    - by Saif Bechan
    I am going trough the OWASP Top 10 list of 2007 and 2010. I stumbled upon Cross Site Request Forgery (CSRF) this is often called session riding as you let the user usee his session to fulfill your wishes. Now a solution to this is adding a token to every url and this token is checked for every link. For example to vote on product x the url would be: 'http://mysite.com?token=HVBKJNKL' This looks like a solid solution to because a hacker can not guess the token. But I was thinking of the following scenario(I do not know if it is possible): You create a website with an hidden iFrame or div. After that you can load my website in it either using just the normal iFrame or ajax. When you have my website loaded hidden inside your website, and the user has a stored session, the following can be done. You can retrieve the token from the URLS, and still do all the actions needed. Is it possible to do something like this. Or is it not possible to do this cross domain.

    Read the article

  • CSRF (Cross-site request forgery) attack example and prevention in PHP

    - by Saif Bechan
    I have an website where people can place a vote like this: http://mysite.com/vote/25 This will place a vote on item 25. I want to only make this available for registered users, and only if they want to do this. Now I know when someone is busy on the website, and someone gives them a link like this: http://mysite.com/vote/30 then the vote will be places for him on the item without him wanting to do this. I have read the explanation on the OWASP website, but i don't really understand it Is this an example of CSFR, and how can I prevent this. The best thing i can think off is adding something to the link like a hash. But this will be quite irritating to put something on the end of all the links. Is there no other way of doing this. Another thing can someone maybe give me some other example of this, because the website seems fairly fugue to me.

    Read the article

  • mod_security2 and w00tw00t attacks

    - by Saif Bechan
    I have a server with apache and i recently installed mod_config2 because I get attacked a lot by this: My apache version is apache v 2.2.3 and i user mod_security2.c [Wed Mar 24 02:35:41 2010] [error] [client 88.191.109.38] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:47:31 2010] [error] [client 202.75.211.90] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:47:49 2010] [error] [client 95.228.153.177] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Wed Mar 24 02:48:03 2010] [error] [client 88.191.109.38] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) I tried configuring mod_security2 like this: SecFilterSelective REQUEST_URI "w00tw00t.at.ISC.SANS.DFind" SecFilterSelective REQUEST_URI "\w00tw00t.at.ISC.SANS" SecFilterSelective REQUEST_URI "w00tw00t.at.ISC.SANS" SecFilterSelective REQUEST_URI "w00tw00t.at.ISC.SANS.DFind:" SecFilterSelective REQUEST_URI "w00tw00t.at.ISC.SANS.DFind:)" The thing in mod_security2 is that SecFilterSelective can not be used, it gives me erros. Instead i use a rule like this: SecRule REQUEST_URI "w00tw00t.at.ISC.SANS.DFind" SecRule REQUEST_URI "\w00tw00t.at.ISC.SANS" SecRule REQUEST_URI "w00tw00t.at.ISC.SANS" SecRule REQUEST_URI "w00tw00t.at.ISC.SANS.DFind:" SecRule REQUEST_URI "w00tw00t.at.ISC.SANS.DFind:)" Even this does not work. I don't know what to do anymore. Anyone have any advice?

    Read the article

  • Rate limiting Django admin login with Nginx to prevent dictionary attack

    - by shreddies
    I'm looking into the various methods of rate limiting the Django admin login to prevent dictionary attacks. One solution is explained here: simonwillison.net/2009/Jan/7/ratelimitcache/ However, I would prefer to do the rate limiting at the web server side, using Nginx. Nginx's limit_req module does just that - allowing you to specify the maximum number of requests per minute, and sending a 503 if the user goes over: http://wiki.nginx.org/NginxHttpLimitReqModule Perfect! I thought I'd cracked it until I realised that Django admin's login page is not in a consistent place, eg /admin/blah/ gives you a login page at that URL, rather than bouncing to a standard login page. So I can't match on the URL. Can anyone think of another way to know that the admin page was being displayed (regexp the response HTML?)

    Read the article

  • HTTP requests and Apache modules: Creative attack vectors

    - by pinkgothic
    Slightly unorthodox question here: I'm currently trying to break an Apache with a handful of custom modules. What spawned the testing is that Apache internally forwards requests that it considers too large (e.g. 1 MB trash) to modules hooked in appropriately, forcing them to deal with the garbage data - and lack of handling in the custom modules caused Apache in its entirety to go up in flames. Ouch, ouch, ouch. That particular issue was fortunately fixed, but the question's arisen whether or not there may be other similar vulnerabilities. Right now I have a tool at my disposal that lets me send a raw HTTP request to the server (or rather, raw data through an established TCP connection that could be interpreted as an HTTP request if it followed the form of one, e.g. "GET ...") and I'm trying to come up with other ideas. (TCP-level attacks like Slowloris and Nkiller2 are not my focus at the moment.) Does anyone have a few nice ideas how to confuse the server and/or its modules to the point of self-immolation? Broken UTF-8? (Though I doubt Apache cares about encoding - I imagine it just juggles raw bytes.) Stuff that is only barely too long, followed by a 0-byte, followed by junk? et cetera I don't consider myself a very good tester (I'm doing this by necessity and lack of manpower; I unfortunately don't even have a more than basic grasp of Apache internals that would help me along), which is why I'm hoping for an insightful response or two or three. Maybe some of you have done some similar testing for your own projects? (If stackoverflow is not the right place for this question, I apologise. Not sure where else to put it.)

    Read the article

  • How to exploit Diffie-hellman to perform a man in the middle attack

    - by jfisk
    Im doing a project where Alice and Bob send each other messages using the Diffie-Hellman key-exchange. What is throwing me for a loop is how to incorporate the certificate they are using in this so i can obtain their secret messages. From what I understand about MIM attakcs, the MIM acts as an imposter as seen on this diagram: Below are the details for my project. I understand that they both have g and p agreed upon before communicating, but how would I be able to implement this with they both having a certificate to verify their signatures? Alice prepares ?signA(NA, Bob), pkA, certA? where signA is the digital signature algorithm used by Alice, “Bob” is Bob’s name, pkA is the public-key of Alice which equals gx mod p encoded according to X.509 for a fixed g, p as specified in the Diffie-Hellman key- exchange and certA is the certificate of Alice that contains Alice’s public-key that verifies the signature; Finally, NA is a nonce (random string) that is 8 bytes long. Bob checks Alice's signature, and response with ?signB{NA,NB,Alice},pkB,certB?. Alice gets the message she checks her nonce NA and calculates the joint key based on pkA, pkB according to the Diffie-Hellman key exchange. Then Alice submits the message ?signA{NA,NB,Bob},EK(MA),certA? to Bob and Bobrespondswith?SignB{NA,NB,Alice},EK(MB),certB?. where MA and MB are their corresponding secret messages.

    Read the article

  • How Do I Secure WordPress Blogs Against Elemento_pcx Exploit?

    - by Volomike
    I have a client who has several WordPress 2.9.2 blogs that he hosts. They are getting a deface kind of hack with the Elemento_pcx exploit somehow. It drops these files in the root folder of the blog: -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 default.htm -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 default.php -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.asp -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.aspx -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.htm -rw-r--r-- 1 userx userx 1459 Apr 16 04:25 index.html -rwxr-xr-x 1 userx userx 1459 Apr 16 04:25 index.php* It overwrites index.php. A keyword inside each file is "Elemento_pcx". It shows a white fist with a black background and the phrase "HACKED" in bold letters above it. We cannot determine how it gets in to do what it does. The wp-admin password isn't hard, but it's also not very easy either. I'll change it up a little to show you what the password sort of looks like: wviking10. Do you think it's using an engine to crack the password? If so, how come our server logs aren't flooded with wp-admin requests as it runs down a random password list? The wp-content folder has no changes inside it, but is run as chmod 777 because wp-cache required it. Also, the wp-content/cache folder is run as chmod 777 too.

    Read the article

  • How Do I Prevent a XSS Cross-Site Scripting Attack When Using jQueryUI Autocomplete

    - by theschmitzer
    I am checking for XSS vulnerabilities in a web application I am developing. This Rails app uses the h method to sanitize HTML it generates. It does, however, make use of the jQueryUI autocomplete widget (new in latest release), where I don't have control over the generated HTML, and I see tags are not getting escaped there. The data fed to autocomplete is retrieved through a JSON request immediately before display. I Possibilities: 1) Autocomplete has an option to sanitize I don't know about 2) There is an easy way to do this in jQuery I don't know about 3) There is an easy way to do this in a Rails controller I don't know about (where I can't use the h method) 4) Disallow < symbol in the model Sugestions?

    Read the article

  • A cross between std::multimap and std::vector?

    - by Milan Babuškov
    I'm looking for a STL container that works like std::multimap, but has constant access time to random n-th element. I need this because I have such structure in memory that is std::multimap for many reasons, but items stored in it have to be presented to the user in a listbox. Since amount of data is huge, I'm using list box with virtual items (i.e. list control polls for value at line X). As a workaround I'm currently using additional std::vector to store "indexes" into std::map, and I fill it like this: std::vector<MMap::data_type&> vec; for (MMap::iterator it = mmap.begin(); it != mmap.end(); ++it) vec.push_back((*it).second); But this is not very elegant solution. Is there some such containter?

    Read the article

  • I got these strange messages on my websites feedback form?

    - by Ali
    Hi guys - I got all of a sudden a number of strange feedback messages from my sites feedback form its where normally users would come and enter feedback and then I would review it on an admin panel. However these messages make little to no sense like for an example: here are two 'messages': 2GyOim <a href=\"http://vdjzpnoyzfji.com/\">vdjzpnoyzfji</a>, [url=http://gixlpbtswcdh.com/]gixlpbtswcdh[/url], [link=http://zudauexgjgot.com/]zudauexgjgot[/link], http://vqhafprwogyf.com/ jF2wdU <a href=\"http://aprjkscbhnxf.com/\">aprjkscbhnxf</a>, [url=http://dhfeoqufoqvu.com/]dhfeoqufoqvu[/url], [link=http://whmzpbqrsume.com/]whmzpbqrsume[/link], http://xxfntqzhhbza.com/ I got about over a dozen of these - and they are all from very different ips is someone playing around and is it a cause for me to get vigilant?

    Read the article

  • Remove key from known_hosts

    - by Adam Matan
    Hi, I have built several virtual machines during the last few weeks. The problem is, the .ssh/known_hosts gives me the Man in the middle warning. This happens because another fingerprint is associated with the virtual machine IP. In the .ssh/known_hosts file, however, I don't seem to find the record related to the IP, only two bizarre, key-like strings and "ssh-rsa". Any ideas how to remove the old key from known_hosts? Thanks, Udi

    Read the article

  • Weird behavior of std::vector

    - by Nima
    I have a class like this: class OBJ{...}; class A { public: vector<OBJ> v; A(int SZ){v.clear(); v.reserve(SZ);} }; A *a = new A(123); OBJ something; a->v.push_back(something); This is a simplified version of my code. The problem is in debug mode it works perfect. But in release mode it crashes at "push_back" line. (with all optimization flags OFF) I debugged it in release mode and the problem is in the constructor of A. the size of the vector is something really big with dummy values and when I clear it, it doesn't change... Do you know why? Thanks,

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >