Search Results

Search found 4028 results on 162 pages for 'mysqld safe'.

Page 27/162 | < Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >

  • Is it safe to display user input as input values without sanitation?

    - by Svish
    Say we have a form where the user types in various info. We validate the info, and find that something is wrong. A field is missing, invalid email, et cetera. When displaying the form to the user again I of course don't want him to have to type in everything again so I want to populate the input fields. Is it safe to do this without sanitation? If not, what is the minimum sanitation that should be done first? And to clearify: It would of course be sanitized before being for example added to a database or displayed elsewhere on the site.

    Read the article

  • Grails unit testing domain classes with Set properties - is this safe?

    - by Ali G
    I've created a domain class in Grails like this: class MyObject { static hasMany = [tags: String] // Have to declare this here, as nullable constraint does not seem to be honoured Set tags = new HashSet() static constraints = { tags(nullable: false) } } Writing unit tests to check the size and content of the MyObject.tags property, I found I had to do the following: assertLength(x, myObject.tags as Object[]) assertEquals(new HashSet([...]), myObject.tags) To make the syntax nicer for writing the tests, I implemented the following methods: void assertEquals(List expected, Set actual) { assertEquals(new HashSet(expected), actual) } void assertLength(int expected, Set set) { assertLength(expected, set as Object[]) } I can now call the assertLength() and assertEquals() methods directly on an instance of Set, e.g. assertLength(x, myObject.tags) assertEquals([...], myObject.tags) I'm new to Groovy and Grails, so unaware how dangerous method overloading like this is. Is it safe? If so, I'm slightly* surprised that these methods (or similar) aren't already available - please let me know if they are. * I can see how these methods could also introduce ambiguity if people weren't expecting them. E.g. assertLength(1, set) always passes, no matter what the content of set

    Read the article

  • Output problem in mysql query in MFC program

    - by D.Gaughan
    Im currently working on a small MFC program that outputs data from a mysql database. I can get output when im using an sql statement that does not contain any variable eg. select album from Artists; but when i try to use a variable the program compiles but i get no output eg. mysql_perform_query(conn,select album from Artists where artists = '"+m_search_edit"'") Here is the function for mysql_perform_query: MYSQL_RES* mysql_perform_query(MYSQL *conn, const char* query) { // send the query to the database if (mysql_query(conn, query)) { // printf("MySQL query error : %s\n", mysql_error(conn)); // exit(1); } return mysql_use_result(conn); } And here is the code block for outputting the data: struct connection_details mysqlD; mysqlD.server = "www.freesqldatabase.com"; // where the mysql database is mysqlD.user = "**********"; // the root user of mysql mysqlD.password = "***********"; // the password of the root user in mysql mysqlD.database = "***************"; // the databse to pick // connect to the mysql database conn = mysql_connection_setup(mysqlD); CStringA query; query.Format("select album from Artists where artist = '%s'", CT2CA(m_search_edit)); res = mysql_perform_query(conn, query); //res = mysql_perform_query (conn, "select distinct artist from Artists"); while((row = mysql_fetch_row(res)) != NULL){ CString str; UpdateData(); str = ("%s\n", row[0]); UpdateData(FALSE); m_list_control.AddString(str); } The m_search_edit variable is the variable for an edit box. I am using Visual Studio 2008 with one copy of this program unicode and one nonunicode, I also have a version built with VC++ 6. Any tips on how I can get output from the databse using the m_search_edit variable??

    Read the article

  • When is it safe to do a Response.Redirect() without throwing an exception?

    - by DDechant
    I have an intermediary class extending System.Web.UI.Page for all of my pages that require authentication. The class mostly does custom authentication handling. When a user with insufficient access attempts to visit a page, I try to redirect the user back to the login page while preventing any further page events from being executed (ie. Page_load). The first solution that came to mind was the default implementation of Response.Redirect. Of course the downside to this is the possibility of ThreadAbortExceptions being thrown. So my question is this: When (if at all) during the page life cycle is it actually safe to execute Response.Redirect() without ThreadAbortException ever being thrown? public class CustomPage : System.Web.UI.Page { protected override void OnInit(EventArgs e) { base.OnInit(e); if (!IsValid()) Response.Redirect("login.aspx", true); } }

    Read the article

  • Safe to cast pointer to a forward-declared class to its true base class in C++?

    - by Matt DiMeo
    In one header file I have: #include "BaseClass.h" // a forward declaration of DerivedClass, which extends class BaseClass. class DerivedClass ; class Foo { DerivedClass *derived ; void someMethod() { // this is the cast I'm worried about. ((BaseClass*)derived)->baseClassMethod() ; } }; Now, DerivedClass is (in its own header file) derived from BaseClass, but the compiler doesn't know that at the time it's reading the definition above for class Foo. However, Foo refers to DerivedClass pointers and DerivedClass refers to Foo pointers, so they can't both know each other's declaration. First question is whether it's safe (according to C++ spec, not in any given compiler) to cast a derived class pointer to its base class pointer type in the absence of a full definition of the derived class. Second question is whether there's a better approach. I'm aware I could move someMethod()'s body out of the class definition, but in this case it's important that it be inlined (part of an actual, measured hotspot - I'm not guessing).

    Read the article

  • Can the lock function be used to implement thread-safe enumeration?

    - by Daniel
    I'm working on a thread-safe collection that uses Dictionary as a backing store. In C# you can do the following: private IEnumerable<KeyValuePair<K, V>> Enumerate() { if (_synchronize) { lock (_locker) { foreach (var entry in _dict) yield return entry; } } else { foreach (var entry in _dict) yield return entry; } } The only way I've found to do this in F# is using Monitor, e.g.: let enumerate() = if synchronize then seq { System.Threading.Monitor.Enter(locker) try for entry in dict -> entry finally System.Threading.Monitor.Exit(locker) } else seq { for entry in dict -> entry } Can this be done using the lock function? Or, is there a better way to do this in general? I don't think returning a copy of the collection for iteration will work because I need absolute synchronization.

    Read the article

  • J2EE/EJB + service locator: is it safe to cache EJB Home lookup result ?

    - by Guillaume
    In a J2EE application, we are using EJB2 in weblogic. To avoid losing time building the initial context and looking up EJB Home interface, I'm considering the Service Locator Pattern. But after a few search on the web I found that event if this pattern is often recommended for the InitialContext caching, there are some negative opinion about the EJB Home caching. Questions: Is it safe to cache EJB Home lookup result ? What will happen if one my cluster node is no more working ? What will happen if I install a new version of the EJB without refreshing the service locator's cache ?

    Read the article

  • How long can a hash left out in the open be considered safe?

    - by Xeoncross
    If I were to leave a SHA2 family hash out on my website - how long would it be considered safe? How long would I have before I could be sure that someone would find a collision for it and know what was hashed? I know that the amount of time would be based on the computational power of the one seeking to break it. It would also depend on the string length, but I'm curious just how secure hashes are. Since many of us run web-servers we constantly have to be prepared for the day when someone might make it all the way to the database which stores the user hashes. So, move the server security out of the way and then what do you have? This is a slightly theoretical area for many of the people I have talked with, so I would love to actually have some more information about average expectations for cracking.

    Read the article

  • Is it safe to take the address of std::wstring's internal pointer?

    - by LCC
    I have an interface which is used like the following: if (SUCCEEDED(pInterface->GetSize(&size)) { wchar_t tmp = new wchar_t[size]; if (SUCCEEDED(pInterface->GetValue(tmp, size))) { std::wstring str = tmp; // do some work which doesn't throw } delete[] tmp; } Is it safe and portable to do this instead? if (SUCCEEDED(pInterface->GetSize(&size)) { std::wstring str; str.resize(size); if (SUCCEEDED(pInterface->GetValue(&str[0], size))) { // do some work } } Now, obviously this works (doesn't crash/corrupt memory) or I wouldn't have asked, but I'm mostly wanting to know if there's a compelling reason not to do this.

    Read the article

  • Is it safe to validate a URL with a regexp?

    - by Vilx-
    In my web app I've got a form field where the user can enter an URL. I'm already doing some preliminary client-side validation and I was wondering if I could use a regexp to validate if the entered string is a valid URL. So, two questions: Is it safe to do this with a regexp? A URL is a complex beast, and just like you shouldn't use a regexp for parsing HTML, I'm worried that it might be unsuitable for a URL as well. If it can be done, what would be a good regexp for the task? (I know that Google turns up countless regexps, but I'm worried about their quality). My goal is to prevent a situation where the URL appears in the web page and is unusable by the browser.

    Read the article

  • Is the use of union in this matrix class completely safe?

    - by identitycrisisuk
    Unions aren't something I've used that often and after looking at a few other questions on them here it seems like there is almost always some kind of caveat where they might not work. Eg. structs possibly having unexpected padding or endian differences. Came across this in a math library I'm using though and I wondered if it is a totally safe usage. I assume that multidimensional arrays don't have any extra padding and since the type is the same for both definitions they are guaranteed to take up exactly the same amount of memory? template<typename T> class Matrix44T { ... union { T M[16]; T m[4][4]; } m; }; Are there any downsides to this setup? Would the order of definition make any difference to how this works?

    Read the article

  • Is this a valid, lazy, thread-safe Singleton implementation for C#?

    - by Matthew
    I implemented a Singleton pattern like this: public sealed class MyClass { ... public static MyClass Instance { get { return SingletonHolder.instance; } } ... static class SingletonHolder { public static MyClass instance = new MyClass (); } } From Googling around for C# Singleton implementations, it doesn't seem like this is a common way to do things in C#. I found one similar implementation, but the SingletonHolder class wasn't static, and included an explicit (empty) static constructor. Is this a valid, lazy, thread-safe way to implement the Singleton pattern? Or is there something I'm missing?

    Read the article

  • Using modified date of file for comparison. Is it safe?

    - by papadi
    I want to make a procedure that does one way syncrhonization of a folder between a server and a client. I was thinking to use ModifiedDate as a criterio, provided that only the date of the server files will be used. Procedure will not use Modified dates of files on the client at all. It will read dates from the server and compare them with dates read from the server last time the procedure run. Do you think this is safe? Is there any possibility that Modified Date will not be changed when a file is edited or it will be changed without touching the contents of the file (eg. from some strange antivirus programs)?

    Read the article

  • Does /boot safe on top of a lvm LV (logical volume)?

    - by fantoman
    Title already asked the question. More specifically, I read in some documents that logical volumes are nice in general but not for /boot in a linux system. They say that bootloaders don't understand LVM volumes, so create a separate partition for /boot out of lvm. I recently installed Ubuntu server (9.10) for my home server, but by default /boot is created in the LVM. Everything is fine now, but I am not sure it is safe to use /boot in LVM. Second question is do I really need a physical partition (volume)(pv) for /boot or is it equally fine if I put it into a logical volume (lv) on top of a single shared volume group. Thanks in advance.

    Read the article

  • is it right way( safe) to assign post data value directly by name attibute value to a variable in

    - by I Like PHP
    i m working in PHP since one year, but now a days i got this way to assign post data value directly using name attribute . i m really curious to know the documentation about it.please refere me link regarding this . i explain by example here is my form <form method="post" action=""> <input type="text" name="userName" id="userName"> <input type="submit" name="doit" value="submit"> </form> to get the post data i always use $somevar=mysql_real_escape_string($_POST['userName']); but now i see another way $somevar= "userName"; i just want to know that is it safe n easy way??

    Read the article

  • Null Safe dereferencing in Java like ?. in Groovy using Maybe monad

    - by Sathish
    I'm working on a codebase ported from Objective C to Java. There are several usages of method chaining without nullchecks dog.collar().tag().name() I was looking for something similar to safe-dereferencing operator ?. in Groovy instead of having nullchecks dog.collar?.tag?.name This led to Maybe monad to have the notion of Nothing instead of Null. But all the implementations of Nothing i came across throw exception when value is accessed which still doesn't solve the chaining problem. I made Nothing return a mock, which behaves like NullObject pattern. But it solves the chaining problem. Is there anything wrong with this implementation of Nothing? [http://github.com/sathish316/jsafederef/blob/master/src/s2k/util/safederef/Nothing.java] As far as i can see 1. It feels odd to use mocking library in code 2. It doesn't stop at the first null. 3. How do i distinguish between null result because of null reference or name actually being null? How is it distinguished in Groovy code?

    Read the article

  • Safe to pass objects to C functions when working in JNI Invocation API?

    - by bubbadoughball
    I am coding up something using the JNI Invocation API. A C program starts up a JVM and makes calls into it. The JNIenv pointer is global to the C file. I have numerous C functions which need to perform the same operation on a given class of jobject. So I wrote helper functions which take a jobject and process it, returning the needed data (a C data type...for example, an int status value). Is it safe to write C helper functions and pass jobjects to them as arguments? i.e. (a simple example - designed to illustrate the question): int getStatusValue(jobject jStatus) { return (*jenv)->CallIntMethod(jenv,jStatus,statusMethod); } int function1() { int status; jobject aObj = (*jenv)->NewObject (jenv, aDefinedClass, aDefinedCtor); jobject j = (*jenv)->CallObjectMethod (jenv, aObj, aDefinedObjGetMethod) status = getStatusValue(j); (*jenv)->DeleteLocalRef(jenv,aObj); (*jenv)->DeleteLocalRef(jenv,j); return status; } Thanks.

    Read the article

  • Is there a safe / standard way to manage unstructured memory in C++?

    - by andand
    I'm building a toy VM that requires a block of memory for storing and accessing data elements of different types and of different sizes. I've done this by writing a wrapper class around a uint8_t[] data block of the needed size. That class has some template methods to write / read typed data elements to / from arbitrary locations in the memory block, both of which check to make certain the bounds aren't violated. These methods use memmove in what I hope is a more or less safe manner. That said, while I am willing to press on in this direction, I've got to believe that other with more expertise have been here before and might be willing to share their wisdom. In particular: 1) Is there a class in one of the C++ standards (past, present, future) that has been defined to perform a function similar to what I have outlined above? 2) If not, is there a (preferably free as in beer) library out there that does? 3) Short of that, besides bounds checking and the inevitable issue of writing one type to a memory location and reading a different from that location, are there other issues I should be aware of? Thanks.-&&

    Read the article

  • C++: is it safe to work with std::vectors as if they were arrays?

    - by peoro
    I need to have a fixed-size array of elements and to call on them functions that require to know about how they're placed in memory, in particular: functions like glVertexPointer, that needs to know where the vertices are, how distant they are one from the other and so on. In my case vertices would be members of the elements to store. to get the index of an element within this array, I'd prefer to avoid having an index field within my elements, but would rather play with pointers arithmetic (ie: index of Element *x will be x - & array[0]) -- btw, this sounds dirty to me: is it good practice or should I do something else? Is it safe to use std::vector for this? Something makes me think that an std::array would be more appropriate but: Constructor and destructor for my structure will be rarely called: I don't mind about such overhead. I'm going to set the std::vector capacity to size I need (the size that would use for an std::array, thus won't take any overhead due to sporadic reallocation. I don't mind a little space overhead for std::vector's internal structure. I could use the ability to resize the vector (or better: to have a size chosen during setup), and I think there's no way to do this with std::array, since its size is a template parameter (that's too bad: I could do that even with an old C-like array, just dynamically allocating it on the heap). If std::vector is fine for my purpose I'd like to know into details if it will have some runtime overhead with respect to std::array (or to a plain C array): I know that it'll call the default constructor for any element once I increase its size (but I guess this won't cost anything if my data has got an empty default constructor?), same for destructor. Anything else?

    Read the article

  • How to write a "thread safe" function in C ?

    - by Andrei Ciobanu
    Hello I am writing some data structures in C, and I've realized that their associated functions aren't thread safe. The i am writing code uses only standard C, and I want to achieve some sort of 'synchronization'. I was thinking to do something like this: enum sync_e { TRUE, FALSE }; typedef enum sync_e sync; struct list_s { //Other stuff struct list_node_s *head; struct list_node_s *tail; enum sync_e locked; }; typedef struct list_s list; , to include a "boolean" field in the list structure that indicates the structures state: locked, unlocked. For example an insertion function will be rewritten this way: int list_insert_next(list* l, list_node *e, int x){ while(l->locked == TRUE){ /* Wait */ } l->locked = TRUE; /* Insert element */ /* -------------- */ l->locked = FALSE; return (0); } While operating on the list the 'locked' field will be set to TRUE, not allowing any other alterations. After operation completes the 'locked' field will be again set to 'TRUE'. Is this approach good ? Do you know other approaches (using only standard C).

    Read the article

  • Is this a safe way to release resources in Java?

    - by palto
    Usually when code needs some resource that needs to be released I see it done like this: InputStream in = null; try{ in = new FileInputStream("myfile.txt"); doSomethingWithStream(in); }finally{ if(in != null){ in.close(); } } What I don't like is that you have to initialize the variable to null and after that set it to another value and in the finally block check if the resource was initialized by checking if it is null. If it is not null, it needs to be released. I know I'm nitpicking, but I feel like this could be done cleaner. What I would like to do is this: InputStream in = new FileInputStream("myfile.txt"); try{ doSomethingWithStream(in); }finally{ in.close(); } To my eyes this looks almost as safe as the previous one. If resource initialization fails and it throws an exception, there's nothing to be done(since I didn't get the resource) so it doesn't have to be inside the try block. The only thing I'm worried is if there is some way(I'm not Java certified) that an exception or error can be thrown between operations? Even simpler example: Inputstream in = new FileInputStream("myfile.txt"); in.close(); Is there any way the stream would be left open that a try-finally block would prevent?

    Read the article

  • Type-safe generic data structures in plain-old C?

    - by Bradford Larsen
    I have done far more C++ programming than "plain old C" programming. One thing I sorely miss when programming in plain C is type-safe generic data structures, which are provided in C++ via templates. For sake of concreteness, consider a generic singly linked list. In C++, it is a simple matter to define your own template class, and then instantiate it for the types you need. In C, I can think of a few ways of implementing a generic singly linked list: Write the linked list type(s) and supporting procedures once, using void pointers to go around the type system. Write preprocessor macros taking the necessary type names, etc, to generate a type-specific version of the data structure and supporting procedures. Use a more sophisticated, stand-alone tool to generate the code for the types you need. I don't like option 1, as it is subverts the type system, and would likely have worse performance than a specialized type-specific implementation. Using a uniform representation of the data structure for all types, and casting to/from void pointers, so far as I can see, necessitates an indirection that would be avoided by an implementation specialized for the element type. Option 2 doesn't require any extra tools, but it feels somewhat clunky, and could give bad compiler errors when used improperly. Option 3 could give better compiler error messages than option 2, as the specialized data structure code would reside in expanded form that could be opened in an editor and inspected by the programmer (as opposed to code generated by preprocessor macros). However, this option is the most heavyweight, a sort of "poor-man's templates". I have used this approach before, using a simple sed script to specialize a "templated" version of some C code. I would like to program my future "low-level" projects in C rather than C++, but have been frightened by the thought of rewriting common data structures for each specific type. What experience do people have with this issue? Are there good libraries of generic data structures and algorithms in C that do not go with Option 1 (i.e. casting to and from void pointers, which sacrifices type safety and adds a level of indirection)?

    Read the article

  • Is this method of static file serving safe in node.js? (potential security hole?)

    - by MikeC8
    I want to create the simplest node.js server to serve static files. Here's what I came up with: fs = require('fs'); server = require('http').createServer(function(req, res) { res.end(fs.readFileSync(__dirname + '/public/' + req.url)); }); server.listen(8080); Clearly this would map http://localhost:8080/index.html to project_dir/public/index.html, and similarly so for all other files. My one concern is that someone could abuse this to access files outside of project_dir/public. Something like this, for example: http://localhost:8080/../../sensitive_file.txt I tried this a little bit, and it wasn't working. But, it seems like my browser was removing the ".." itself. Which leads me to believe that someone could abuse my poor little node.js server. I know there are npm packages that do static file serving. But I'm actually curious to write my own here. So my questions are: Is this safe? If so, why? If not, why not? And, if further, if not, what is the "right" way to do this? My one constraint is I don't want to have to have an if clause for each possible file, I want the server to serve whatever files I throw in a directory.

    Read the article

  • php Mail function; Is this way of using it safe?

    - by Camran
    I have a classifieds website, and inside each classified, there is a small form. This form is for users to be able to tip their "friends": <form action="/bincgi/tip.php" method="post" name="tipForm" id="tipForm"> Tip: <input name="email2" id="email2" type="text" size="30 /> <input type="submit" value="Skicka Tips"/> <input type="hidden" value="<?php echo $ad_id;?>" name="ad_id2" id="ad_id2" /> <input type="hidden" value="<?php echo $headline;?>" name="headline2" id="headline2" /> </form> The form is then submitted to a tip.php page, and here is my Q, is this below code safe, ie is it good enough or do I need to make some sanitations and more safety details? $to = filter_var($_POST['email2'], FILTER_SANITIZE_EMAIL); $ad_id = $_POST['ad_id2']; $headline = $_POST['headline2']; $subject = 'You got a tip'; $message ='Hi. You got a tip: '.$headline.'.\n'; $headers = 'From: [email protected]\r\n'; mail($to, $subject, $message, $headers); I haven't tested the above yet.

    Read the article

  • Running mysql 5.5 on centos 5.9

    - by gerrytan
    I installed mysql using yum install mysql-server on centos 5.9 and realized it's version 5.0. I need version 5.5 so then I did yum install mysql55-server however I couldn't find a way to start server version 5.5 instead of 5.0. service mysqld start will start 5.0 server and removing mysql 5.0 doesn't help either because service mysqld start fail to find mysqld service Update 1 Nov 2013: I noticed mysql55 package was being installed to /opt/rh/mysql55/root/usr/bin, so I appended that into the start of my PATH env var but service mysqld start still runs 5.0 server. If I tried running the server using mysqld_safe located on above mysql55 path but it says [root@***** bin]# mysqld_safe Use "scl enable mysql55 'service ...'" invocation Not quite sure what it means. I checked the running mysql version by connecting to it using mysql command line client. [root@***** bin]# mysql Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.0.95 Source distribution

    Read the article

< Previous Page | 23 24 25 26 27 28 29 30 31 32 33 34  | Next Page >