Search Results

Search found 10511 results on 421 pages for 'clear cycle corp'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 24/421 | < Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >

  • Is a clear and replace more efficient than a loop checking all records?

    - by Matt
    I have a C# List, that is filled from a database.. So far its only 1400 records, but I expect it to grow a LOT.. Routinely I do a check for new data on the entire list.. What I'm trying to figure out is this, is it faster to simply clear the List and reload all the data from the table, or would checking each record be faster.. Intuition tells me that the dump and load method would be faster, but I thought I should check first...

    Read the article

  • Working with CPU cycles in Gameboy Advance

    - by Preston Sexton
    I am working on an GBA emulator and stuck at implementing CPU cycles. I just know the basic knowledge about it, each instruction of ARM and THUMB mode as each different set of cycles for each instructions. Currently I am simply saying every ARM instructions cost 4 cycles and THUMB instructions cost 2 cycles. But how do you implement it like the CPU documentation says? Does instruction cycles vary depending on which section of the memory it's currently accessing to? http://nocash.emubase.de/gbatek.htm#cpuinstructioncycletimes According to the above specification, it says different memory areas have different waitstates but I don't know what it exactly mean. Furthermore, what are Non-sequential cycle, Sequential cycle, Internal Cycle, Coprocessor Cycle for? I saw in some GBA source code that they are using PC to figure out how many cycles each instruction takes to complete, but how are they doing it?

    Read the article

  • Can working exclusively with niche apps or tech hurt your career in software development? How to get out of the cycle? [closed]

    - by Keoma
    I'm finding myself in a bit of a pickle. I've been at a pretty comfortable IT group for almost a decade. I got my start here working on web development, mostly CRUD, but have demonstrated the ability to figure out more complex problems. I'm not a rock star, but I have received many compliments on my programming aptitude, and technologists and architects have commented on my ability to pick things up (for example, I recently learned a very popular web framework that shall remain nameless since I don’t want to be identified). My problem is that, over time, my responsibilities have been shifting towards work such as support or ‘development’ with some rather niche products (afraid to mention here due to potential for being identified). Some of this work, if it includes anything resembling coding, is very menial scripting in languages such as Powershell or VBScript. The vast majority of the time, however, a typical day consists of going back and forth with the product’s vendor support to send them logs and apply configuration changes or patches they recommend. I’m basically starved for some actual software development. However, even though I’m more than capable of doing that development work (and actually do a much better job at it than anything else), our boss is more interested in the kind of work I mentioned above, her reasoning being that since no one else in the organization wants to do it, it must mean job security. This has been going on for close to 3 years, and the only reason I have held on is on the promise that we would eventually get more development projects assigned to us. Well, that turned out not to be true at all. A recent talk with the boss has just made it more explicitly clear, as she told me in no uncertain terms that it’s very likely that development work (web or otherwise) would go to another group. The reason given to me is that our we don’t have enough resources in our group to handle that. So now I find myself in the position that I either have to stay in what has essentially become a dead end IT job that is tied to the fortunes of a niche stack of apps, or try to find a position that will be better for my long term career. My problem (is it a problem?), however, is that compared to others, my development projects in the last three years are very sparse in number. To compound things, projects using the latest and most popular frameworks, amount to the big fat number of just one—with no work of that kind in the foreseeable future. I am very concerned that this sparseness in my resume is a deficit, and that it will hurt my chances of landing a different job. I’m also wondering how much it will hurt me, and whether that can be ameliorated with hobby projects of my own. I guess I’m looking for opinions. Thank you very much for reading.

    Read the article

  • Can I get all active directory passwords in clear text using reversible encryption?

    - by christian123
    EDIT: Can anybody actually answer the question? Thanks, I don't need no audit trail, I WILL know all the passwords and users can't change them and I will continue to do so. This is not for hacking! We recently migrated away from a old and rusty Linux/Samba domain to an active directory. We had a custom little interface to manage accounts there. It always stored the passwords of all users and all service accounts in cleartext in a secure location (Of course, many of you will certainly not think of this a being secure, but without real exploits nobody could read that) and disabled password changing on the samba domain controller. In addition, no user can ever select his own passwords, we create them using pwgen. We don't change them every 40 days or so, but only every 2 years to reward employees for really learning them and NOT writing them down. We need the passwords to e.g. go into user accounts and modify settings that are too complicated for group policies or to help users. These might certainly be controversial policies, but I want to continue them on AD. Now I save new accounts and their PWGEN-generated (pwgen creates nice sounding random words with nice amounts of vowels, consonants and numbers) manually into the old text-file that the old scripts used to maintain automatically. How can I get this functionality back in AD? I see that there is "reversible encryption" in AD accounts, probably for challenge response authentication systems that need the cleartext password stored on the server. Is there a script that displays all these passwords? That would be great. (Again: I trust my DC not to be compromised.) Or can I have a plugin into AD users&computers that gets a notification of every new password and stores it into a file? On clients that is possible with GINA-dlls, they can get notified about passwords and get the cleartext.

    Read the article

  • How well does Windows 7 MCE support Clear QAM?

    - by Jess Sightler
    How well does Windows 7 MCE support ClearQAM (no-cablecard, no HD), and are there any guidelines for which capture cards work best with it? Also, I have an old laptop with a 2 Ghz Pentium M with 1 GB of RAM. I believe that this will be able to handle 1 stream (as it currently does with non-QAM content under XP MCE. Would it also be able to handle 2 streams?

    Read the article

  • How can I use `SetEnvIf` to clear an Apache2 environment variable?

    - by Jamie
    In my apache2 configuration I've got these lines: SetEnv log_everything # Create the environment variables based on access requests SetEnvIf Request_URI "^/orders/.*$" download_access !log_everything SetEnvIf Request_URI "^/download/.*$" download_access !log_everything SetEnvIf Request_URI "^/wg/.*$" wg_1x1_access !log_everything # Log the accesses using the generated environment variable as conditionals. CustomLog ${APACHE_LOG_DIR}/download.log combined env=download_access CustomLog ${APACHE_LOG_DIR}/wg.log combined env=wg_1x1_access RewriteEngine on RewriteRule "^/wg/.+$" "/wg/1x1.gif" ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined env=log_everything Which currently logs all the "download" and "orders" requests to "download.log" and "wg" requests to "wg.log", but everything is also going to access.log. How can I configure this so that "wg" and "download/orders" requests won't be duplicated in access.log?

    Read the article

  • Does Ubuntu Server have any sort of cron job to automatically clear /tmp?

    - by DWilliams
    I know it clears out /tmp on reboots, but I haven't been able to find any sort of cron job on my server that clears /tmp. I recently set up a script that writes lots of files to /tmp and my server usually goes several months between reboots so I'm concerned about it being cluttered. I've seen several other distros that have a tmpwatch script installed by default. Ubuntu's repository seems to have replaced tmpwatch with tmpreaper. Is there any mechanism in place on Ubuntu (8.04 currently, soon to be upgraded to 10.04 when I get around to it) to clean up temp files on a server that doesn't regularly reboot or do I need to install tmpreaper?

    Read the article

  • Does the password get sent in the clear when connecting to Sql-Server?

    - by Scott Chamberlain
    I was asked this today and I honestly did not know the answer. If you connect using a connection string without sspi to a server is there any way a 3rd party can intercept on the wire the password used to log in? "Data Source=MyServer;Initial Catalog=MyDatabase;User Id=sa;Password=CanThisBeSniffed;" I am not asking about MiTM attacks just someone listing on the same computer or on the same hub on the network with wireshark or something similar running. I fired up wireshark myself and did not see it in plain text but it could be a simple obfuscation or proper encryption, I just wanted to know which.

    Read the article

  • how do you clear apple/mac install program files?

    - by mserin
    I installed a 30-day "test drive" of QuarkXpress, but got pulled in to other projects and didn't have time to test it. I now need to test it, but the 30 days are up. So I want to install the "test drive" again, but it won't let me. So far I uninstalled the old copy, signed up under a different account, and downloaded a new version. I know there has to be application data somewhere, but I am a PC person and don't know where to look in the Apple. HELP! Thanks. Oh, and if necessary, I am using Mac OS X (SnowLeopard) Version 10.6.8 on a MacPro

    Read the article

  • CSS file not served by IIS 7.5 after multiple clear cache refreshes in a row in browser

    - by KenB
    We are experiencing an interesting issue with IIS 7.5 static caching and a css file. When we use IE to hit the page in question everything works fine - 200 OK on css file. When we refresh the page it works fine - 304 Not Modified on css file. When I refresh again with control key it reloads fine - 200 OK on css file. Now if I do a control key + refresh multiple times in a row really fast the css fails to load and in the developer tools network it says "Loading..." for the css file and it hangs never coming back. Any ideas?

    Read the article

  • DB2 Transaction log is full. How to flush / clear it?

    - by Mestika
    Hi, I’m working on a experiment regarding to a course I’m taking about tuning DB2. I’m using the EC2 from Amazon (aws) to conduct the experiment. My problem is, however, that I have to test a non-compression against row-compression in DB2 and to do that I’ve created a bsh file that run those experiments. But when I reach to my compression part I get the error ”Transaction log is full”; and no matter how low I set the inserts for it is complaining about my transaction log. I’ve scouted Google for a day now trying to find some way to flush / clear the log or just get rit of it, i don’t need it. I’ve tried to increase the size but nothing has helped. Please, I hope someone has an answer to solve this frustrating problem Thanks - Mestika

    Read the article

  • How to clear cache for previously installed InfoPath forms on a client computer?

    - by user313067
    Hi folks, We recently had a strange issue with an InfoPath 2007 form being opened from SharePoint 2007 and receiving the error message "the system cannot find the file specified". To be clear, this was not a form services enabled form. Anyway, after spending way too much time trying to figure out what was going on (nothing in the MOSS 2007 server log files), we determined that the user had previously installed an older version of the form (but with the same name) on their workstation using a no longer available msi file (meaning we could not uninstall it from the workstation). So I wanted to pass on a very simple solution for anyone who is unfortunate to run into this problem in the future (since I lost a great deal of hair over it): Fire up regedit, go to HKEY_LOCALMACHINE-Software-Microsoft-Office-InfoPath-SolutionsCatalog. Locate the key that has the previously installed form name, and delete it. This will cause InfoPath to stop trying to open the form locally (which is either old or doesn't exist) and force it to open your form from SharePoint. Hope this helps someone!

    Read the article

  • What is the best way to clear the CSS style "float"?

    - by Sam Saffron
    I'm pretty accustomed to clearing my floats by using <br style="clear:both"/> but stuff keeps on changing and I am not sure if this is the best practice. There is a CSS hack (from positioneverything) available that lets you achieve the same result without the clearing div. But... they claim the hack is a little out of date and instead you perhaps should look at this hack. But.. after reading through 700 pages of comments :) it seems there may be some places the latter hack does not work. I would like to avoid any javascript hacks cause I would like my clearing to work regardless of javascript being enabled. What is the current best practice for clearing divs in a browser independent way?

    Read the article

  • Canvas Animation Kit Experiment... ...how to clear the canvas?

    - by Ted Wong
    I can make a obj to use the canvas to draw like this: MyObj.myDiv = new Canvas($("effectDiv"), Setting.width, Setting.height); Then, I use this to draw a rectangle on the canvas: var c = new Rectangle(80, 80, { fill: [220, 40, 90] } ); var move = new Timeline; move.addKeyframe(0, { x: 0, y: 0 } ); c.addTimeline(move); MyObj.myDiv.append(c); But after I draw the rectangle, I want clear the canvas, but I don't know which method and how to do this... ... O...one more thing: it is the CAKE's web site: Link

    Read the article

  • How do I clear a WebView's content before loading a page?

    - by Mark
    I have an embedded WebView in my Cocoa application in which I load an external web page. Each time the user clicks on a button, the view opens and shows the page. The problem is that the second time the user opens the WebView, the previous page is still visible. Instead I'd like to show a blank/empty page (together with a progress indicator). How can I clear a WebView before loading a new page? The closest solution I could find was to call this: [webView stringByEvaluatingJavaScriptFromString:@"document.open();document.close()"]; Is there a better way to do this? Thanks!

    Read the article

  • Struggling to "clear" a CGLayer -- can it even be done?

    - by Joe Blow
    So I'm doing this repetitively - making a CGLayer, doing some processing, and then releasing it. This happens a lot in real time -- so surely there is a lot of overhead in making a whole new CGLayer each time? Surely it would be better to just keep lair around, and start fresh each time? However, I do not know any way, at all, to "erase" or "start from blank" a CGLayer?? Can anyone help on this? There is a function CGContextBeginPath(cc) but it's confusing: it seems to only clear out "that" path, it does not erase all of the CGLayer back to a blank canvas. how to return a CGLayer to a blank canvas????? Does anyone know? CGLayerRef lair = CGLayerCreateWithContext( UIGraphicsGetCurrentContext(), CGSizeMake(1024,768), NULL); CGContextRef cc = CGLayerGetContext(ether); // various processing here CGContextAddPath(cc, somePath); // various processing here CGLayerRelease(lair); Any ideas?!

    Read the article

  • Can this Query can be corrected or different table structure needed? (question is clear, detailed, d

    - by sandeepan
    This is a bit lengthy but I have provided sufficient details and kept things very clear. Please see if you can help. (I will surely accept answer if it solves my problem) I am sure a person experienced with this can surely help or suggest me to decide the tables structure. About the system:- There are tutors who create classes A tags based search approach is being followed Tag relations are created/edited when new tutors registers/edits profile data and when tutors create classes (this makes tutors and classes searcheable).For simplicity, let us consider only tutor name and class name are the fields which are matched against search keywords. In this example, I am considering - tutor "Sandeepan Nath" has created a class called "first class" tutor "Bob Cratchit" has created a class called "new class" Desired search results- AND logic to be appied on the search keywords and match against class and tutor data(class name + tutor name), in other words, All those classes be shown such that all the search terms are present in the class name or its tutor name. Example to be clear - Searching "first class" returns class with id_wc = 1. Working Searching "Sandeepan class" should also return class with id_wc = 1. Not working in System 2. Problem with profile editing and searching To tell in one sentence, I am facing a conflict between the ease of profile edition (edition of tag relations when tutor profiles are edited) and the ease of search logic. In the beginning, we had one table structure and search was easy but tag edition logic was very clumsy and unmaintainable(Check System 1 in the section below) . So we created separate tag relations tables to make profile edition simpler but search has become difficult. Please dump the tables so that you can run the search query I have given below and see the results. System 1 (previous system - search easy - profile edition difficult):- Only one table called All_Tag_Relations table had the all the tag relations. The tags table below is common to both systems 1 and 2. CREATE TABLE IF NOT EXISTS `all_tag_relations` ( `id_tag_rel` int(10) NOT NULL AUTO_INCREMENT, `id_tag` int(10) unsigned NOT NULL DEFAULT '0', `id_tutor` int(10) DEFAULT NULL, `id_wc` int(10) unsigned DEFAULT NULL, PRIMARY KEY (`id_tag_rel`), KEY `All_Tag_Relations_FKIndex1` (`id_tag`), KEY `id_wc` (`id_wc`), KEY `id_tag` (`id_tag`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; INSERT INTO `all_tag_relations` (`id_tag_rel`, `id_tag`, `id_tutor`, `id_wc`) VALUES (1, 1, 1, NULL), (2, 2, 1, NULL), (3, 1, 1, 1), (4, 2, 1, 1), (5, 3, 1, 1), (6, 4, 1, 1), (7, 6, 2, NULL), (8, 7, 2, NULL), (9, 6, 2, 2), (10, 7, 2, 2), (11, 5, 2, 2), (12, 4, 2, 2); CREATE TABLE IF NOT EXISTS `tags` ( `id_tag` int(10) unsigned NOT NULL AUTO_INCREMENT, `tag` varchar(255) DEFAULT NULL, PRIMARY KEY (`id_tag`), UNIQUE KEY `tag` (`tag`), KEY `id_tag` (`id_tag`), KEY `tag_2` (`tag`), KEY `tag_3` (`tag`), KEY `tag_4` (`tag`), FULLTEXT KEY `tag_5` (`tag`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ; INSERT INTO `tags` (`id_tag`, `tag`) VALUES (1, 'Sandeepan'), (2, 'Nath'), (3, 'first'), (4, 'class'), (5, 'new'), (6, 'Bob'), (7, 'Cratchit'); Please note that for every class, the tag rels of its tutor have to be duplicated. Example, for class with id_wc=1, the tag rel records with id_tag_rel = 3 and 4 are actually extras if you compare with the tag rel records with id_tag_rel = 1 and 2. System 2 (present system - profile edition easy, search difficult) Two separate tables Tutors_Tag_Relations and Webclasses_Tag_Relations have the corresponding tag relations data (Please dump into a separate database)- CREATE TABLE IF NOT EXISTS `tutors_tag_relations` ( `id_tag_rel` int(10) NOT NULL AUTO_INCREMENT, `id_tag` int(10) unsigned NOT NULL DEFAULT '0', `id_tutor` int(10) DEFAULT NULL, PRIMARY KEY (`id_tag_rel`), KEY `All_Tag_Relations_FKIndex1` (`id_tag`), KEY `id_tag` (`id_tag`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; INSERT INTO `tutors_tag_relations` (`id_tag_rel`, `id_tag`, `id_tutor`) VALUES (1, 1, 1), (2, 2, 1), (3, 6, 2), (4, 7, 2); CREATE TABLE IF NOT EXISTS `webclasses_tag_relations` ( `id_tag_rel` int(10) NOT NULL AUTO_INCREMENT, `id_tag` int(10) unsigned NOT NULL DEFAULT '0', `id_tutor` int(10) DEFAULT NULL, `id_wc` int(10) DEFAULT NULL, PRIMARY KEY (`id_tag_rel`), KEY `webclasses_Tag_Relations_FKIndex1` (`id_tag`), KEY `id_wc` (`id_wc`), KEY `id_tag` (`id_tag`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; INSERT INTO `webclasses_tag_relations` (`id_tag_rel`, `id_tag`, `id_tutor`, `id_wc`) VALUES (1, 3, 1, 1), (2, 4, 1, 1), (3, 5, 2, 2), (4, 4, 2, 2); CREATE TABLE IF NOT EXISTS `tags` ( `id_tag` int(10) unsigned NOT NULL AUTO_INCREMENT, `tag` varchar(255) DEFAULT NULL, PRIMARY KEY (`id_tag`), UNIQUE KEY `tag` (`tag`), KEY `id_tag` (`id_tag`), KEY `tag_2` (`tag`), KEY `tag_3` (`tag`), KEY `tag_4` (`tag`), FULLTEXT KEY `tag_5` (`tag`) ) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=8 ; INSERT INTO `tags` (`id_tag`, `tag`) VALUES (1, 'Sandeepan'), (2, 'Nath'), (3, 'first'), (4, 'class'), (5, 'new'), (6, 'Bob'), (7, 'Cratchit'); CREATE TABLE IF NOT EXISTS `all_tag_relations` ( `id_tag_rel` int(10) NOT NULL AUTO_INCREMENT, `id_tag` int(10) unsigned NOT NULL DEFAULT '0', `id_tutor` int(10) DEFAULT NULL, `id_wc` int(10) unsigned DEFAULT NULL, PRIMARY KEY (`id_tag_rel`), KEY `All_Tag_Relations_FKIndex1` (`id_tag`), KEY `id_wc` (`id_wc`) ) ENGINE=InnoDB DEFAULT CHARSET=latin1; insert into All_Tag_Relations select NULL,id_tag,id_tutor,NULL from Tutors_Tag_Relations; insert into All_Tag_Relations select NULL,id_tag,id_tutor,id_wc from Webclasses_Tag_Relations; Here you can see how easily tutor first name can be edited only in one place. But search has become really difficult, so on being advised to use a Temporary table, I am creating one at every search request, then dumping all the necessary data and then searching from it, I am creating this All_Tag_Relations table at search run time. Here I am just dumping all the data from the two tables Tutors_Tag_Relations and Webclasses_Tag_Relations. But, I am still not able to get classes if I search with tutor name This is the query which searches "first class". Running them on both the systems shows correct results (returns the class with id_wc = 1). SELECT wtagrels.id_wc,SUM(DISTINCT( wtagrels.id_tag =3)) AS key_1_total_matches, SUM(DISTINCT( wtagrels.id_tag =4)) AS key_2_total_matches FROM all_tag_relations AS wtagrels WHERE ( wtagrels.id_tag =3 OR wtagrels.id_tag =4 ) GROUP BY wtagrels.id_wc HAVING key_1_total_matches = 1 AND key_2_total_matches = 1 LIMIT 0, 20 But, searching for "Sandeepan class" works only with the 1st system Here is the query which searches "Sandeepan class" SELECT wtagrels.id_wc,SUM(DISTINCT( wtagrels.id_tag =1)) AS key_1_total_matches, SUM(DISTINCT( wtagrels.id_tag =4)) AS key_2_total_matches FROM all_tag_relations AS wtagrels WHERE ( wtagrels.id_tag =1 OR wtagrels.id_tag =4 ) GROUP BY wtagrels.id_wc HAVING key_1_total_matches = 1 AND key_2_total_matches = 1 LIMIT 0, 20 Can anybody alter this query and somehow do a proper join or something to get correct results. That solves my problem in a nice way. As you can figure out, the reason why it does not work in system 2 is that in system 1, for every class, one additional tag relation linking class and tutor name is present. e.g. for class first class, (records with id_tag_rel 3 and 4) which returns the class on searching with tutor name. So, you see the trade-off between the search and profile edition difficulty with the two systems. How do I overcome both. I have to reach a conclusion soon. So far my reasoning is it is definitely not good from a code maintainability point of view to follow the single tag rel table structure of system one, because in a real system while editing a field like "tutor qualifications", there can be as many records in tag rels table as there are words in qualification of a tutor (one word in a field = one tag relation). Now suppose a tutor has 100 classes. When he edits his qualification, all the tag rel rows corresponding to him are deleted and then as many copies are to be created (as per the new qualification data) as there are classes. This becomes particularly difficult if later more searcheable fields are added. The code cannot be robust. Is the best solution to follow system 2 (edition has to be in one table - no extra work for each and every class) and somehow re-create the all_tag_relations table like system 1 (from the tables tutor_tag_relations and webclasses_tag_relations), creating the extra tutor tag rels for each and every class by a tutor (which is currently missing in system 2's temporary all_tag_relations table). That would be a time consuming logic script. I doubt that table can be recreated without resorting to PHP sript (mysql alone cannot do that). But the problem is that running all this at search time will make search definitely slow. So, how do such systems work? How are such situations handled? I thought about we can run a cron which initiates that PHP script, say every 1 minute and replaces the existing all_tag_relations table as per new tag rels from tutor_tag_relations and webclasses_tag_relations (replaces means creates a new table, deletes the original and renames the new one as all_tag_relations, otherwise search won't work during that period- or is there any better way to that?). Anyway, the result would be that any changes by tutors will reflect in search in the next 1 minute and not immediately. An alternateve would be to initate that PHP script every time a tutor edits his profile. But here again, since many users may edit their profiles concurrently, will the creation of so many tables be a burden and can mysql make the server slow? Any help would be appreciated and working solution will be accepted as answer. Thanks, Sandeepan

    Read the article

  • SINGLE SIGN ON SECURITY THREAT! FACEBOOK access_token broadcast in the open/clear

    - by MOKANA
    Subsequent to my posting there was a remark made that this was not really a question but I thought I did indeed postulate one. So that there is no ambiquity here is the question with a lead in: Since there is no data sent from Facebook during the Canvas Load process that is not at some point divulged, including the access_token, session and other data that could uniquely identify a user, does any one see any other way other than adding one more layer, i.e., a password, sent over the wire via HTTPS along with the access_toekn, that will insure unique untampered with security by the user? Using Wireshark I captured the local broadcast while loading my Canvas Application page. I was hugely surprised to see the access_token broadcast in the open, viewable for any one to see. This access_token is appended to any https call to the Facebook OpenGraph API. Using facebook as a single click log on has now raised huge concerns for me. It is stored in a session object in memory and the cookie is cleared upon app termination and after reviewing the FB.Init calls I saw a lot of HTTPS calls so I assumed the access_token was always encrypted. But last night I saw in the status bar a call from what was simply an http call that included the App ID so I felt I should sniff the Application Canvas load sequence. Today I did sniff the broadcast and in the attached image you can see that there are http calls with the access_token being broadcast in the open and clear for anyone to gain access to. Am I missing something, is what I am seeing and my interpretation really correct. If any one can sniff and get the access_token they can theorically make calls to the Graph API via https, even though the call back would still need to be the site established in Facebook's application set up. But what is truly a security threat is anyone using the access_token for access to their own site. I do not see the value of a single sign on via Facebook if the only thing that was established as secure was the access_token - becuase for what I can see it clearly is not secure. Access tokens that never have an expire date do not change. Access_tokens are different for every user, to access to another site could be held tight to just a single user, but compromising even a single user's data is unacceptable. http://www.creatingstory.com/images/InTheOpen.png Went back and did more research on this: FINDINGS: Went back an re ran the canvas application to verify that it was not any of my code that was not broadcasting. In this call: HTTP GET /connect.php/en_US/js/CacheData HTTP/1.1 The USER ID is clearly visible in the cookie. So USER_ID's are fully visible, but they are already. Anyone can go to pretty much any ones page and hover over the image and see the USER ID. So no big threat. APP_ID are also easily obtainable - but . . . http://www.creatingstory.com/images/InTheOpen2.png The above file clearly shows the FULL ACCESS TOKEN clearly in the OPEN via a Facebook initiated call. Am I wrong. TELL ME I AM WRONG because I want to be wrong about this. I have since reset my app secret so I am showing the real sniff of the Canvas Page being loaded. Additional data 02/20/2011: @ifaour - I appreciate the time you took to compile your response. I am pretty familiar with the OAuth process and have a pretty solid understanding of the signed_request unpacking and utilization of the access_token. I perform a substantial amount of my processing on the server and my Facebook server side flows are all complete and function without any flaw that I know of. The application secret is secure and never passed to the front end application and is also changed regularly. I am being as fanatical about security as I can be, knowing there is so much I don’t know that could come back and bite me. Two huge access_token issues: The issues concern the possible utilization of the access_token from the USER AGENT (browser). During the FB.INIT() process of the Facebook JavaScript SDK, a cookie is created as well as an object in memory called a session object. This object, along with the cookie contain the access_token, session, a secret, and uid and status of the connection. The session object is structured such that is supports both the new OAuth and the legacy flows. With OAuth, the access_token and status are pretty much al that is used in the session object. The first issue is that the access_token is used to make HTTPS calls to the GRAPH API. If you had the access_token, you could do this from any browser: https://graph.facebook.com/220439?access_token=... and it will return a ton of information about the user. So any one with the access token can gain access to a Facebook account. You can also make additional calls to any info the user has granted access to the application tied to the access_token. At first I thought that a call into the GRAPH had to have a Callback to the URL established in the App Setup, but I tested it as mentioned below and it will return info back right into the browser. Adding that callback feature would be a good idea I think, tightens things up a bit. The second issue is utilization of some unique private secured data that identifies the user to the third party data base, i.e., like in my case, I would use a single sign on to populate user information into my database using this unique secured data item (i.e., access_token which contains the APP ID, the USER ID, and a hashed with secret sequence). None of this is a problem on the server side. You get a signed_request, you unpack it with secret, make HTTPS calls, get HTTPS responses back. When a user has information entered via the USER AGENT(browser) that must be stored via a POST, this unique secured data element would be sent via HTTPS such that they are validated prior to data base insertion. However, If there is NO secured piece of unique data that is supplied via the single sign on process, then there is no way to guarantee unauthorized access. The access_token is the one piece of data that is utilized by Facebook to make the HTTPS calls into the GRAPH API. it is considered unique in regards to BOTH the USER and the APPLICATION and is initially secure via the signed_request packaging. If however, it is subsequently transmitted in the clear and if I can sniff the wire and obtain the access_token, then I can pretend to be the application and gain the information they have authorized the application to see. I tried the above example from a Safari and IE browser and it returned all of my information to me in the browser. In conclusion, the access_token is part of the signed_request and that is how the application initially obtains it. After OAuth authentication and authorization, i.e., the USER has logged into Facebook and then runs your app, the access_token is stored as mentioned above and I have sniffed it such that I see it stored in a Cookie that is transmitted over the wire, resulting in there being NO UNIQUE SECURED IDENTIFIABLE piece of information that can be used to support interaction with the database, or in other words, unless there were one more piece of secure data sent along with the access_token to my database, i.e., a password, I would not be able to discern if it is a legitimate call. Luckily I utilized secure AJAX via POST and the call has to come from the same domain, but I am sure there is a way to hijack that. I am totally open to any ideas on this topic on how to uniquely identify my USERS other than adding another layer (password) via this single sign on process or if someone would just share with me that I read and analyzed my data incorrectly and that the access_token is always secure over the wire. Mahalo nui loa in advance.

    Read the article

  • UIView drawRect: when you draw a line, the rect area will be clear so the previous drawing is gone

    - by snakewa
    It is quite hard to tell so I upload an image to show my problem: http://i42.tinypic.com/2eezamo.jpg Basically in drawRect, I will draw the line from touchesMoved as finger touches and I will call "needsDisplayInRect" for redraw. But I found that the first line is done, the second line will clear the rect part, so some previouse drawing is gone. Here is my implementation: enter code here -(void) drawRect:(CGRect)rect{ //[super drawRect: rect]; CGContextRef context = UIGraphicsGetCurrentContext(); [self drawSquiggle:squiggle at:rect inContext:context]; } - (void)drawSquiggle:(Squiggle *)squiggle at:(CGRect) rect inContext:(CGContextRef)context { CGContextSetBlendMode(context, kCGBlendModeMultiply); UIColor *squiggleColor = squiggle.strokeColor; // get squiggle's color CGColorRef colorRef = [squiggleColor CGColor]; // get the CGColor CGContextSetStrokeColorWithColor(context, colorRef); NSMutableArray *points = [squiggle points]; // get points from squiggle // retrieve the NSValue object and store the value in firstPoint CGPoint firstPoint; // declare a CGPoint [[points objectAtIndex:0] getValue:&firstPoint]; // move to the point CGContextMoveToPoint(context, firstPoint.x, firstPoint.y); // draw a line from each point to the next in order for (int i = 1; i < [points count]; i++) { NSValue *value = [points objectAtIndex:i]; // get the next value CGPoint point; // declare a new point [value getValue:&point]; // store the value in point // draw a line to the new point CGContextAddLineToPoint(context, point.x, point.y); } // end for CGContextStrokePath(context); }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 20 21 22 23 24 25 26 27 28 29 30 31  | Next Page >