Search Results

Search found 1138 results on 46 pages for 'formal verification'.

Page 29/46 | < Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36 | Next Page >

Potential for SQL injection here?

- by Matt Greer

This may be a really dumb question but I figure why not... I am using RIA Services with Entity Framework as the back end. I have some places in my app where I accept user input and directly ask RIA Services (and in turn EF and in turn my database) questions using their data. Do any of these layers help prevent security issues or should I scrub my data myself? For example, whenever a new user registers with the app, I call this method: [Query] public IEnumerable<EmailVerificationResult> VerifyUserWithEmailToken(string token) { using (UserService userService = new UserService()) { // token came straight from the user, am I in trouble here passing it directly into // my DomainService, should I verify the data here (or in UserService)? User user = userService.GetUserByEmailVerificationToken(token); ... } } (and whether I should be rolling my own user verification system is another issue altogether, we are in the process of adopting MS's membership framework. I'm more interested in sql injection and RIA services in general)

Read the article
How do I properly implement Unicode passwords?

- by Sorin Sbarnea

Adding support for Unicode passwords it an important feature that should not be ignored by the developpers. Still adding support for Unicode in the passwords it's a tricky job because the same text can be encoded in different ways in Unicode and this is not something you may want to prevent people from logging in due to this. Let's say that you'll store the passwords os UTF-8. Now the question is how you should normalize the Unicode data? You had to be sure that you'll be able to compare it. You need to be sure that when the next Unicode standard will be released it will not invalidate your password verification. Note: still there are some places where Unicode passwords are probably never be used, but this question is not about why or when to use Unicode passwords, is about how to implement them the proper way.

Read the article
How to write async background workers that work on WPF flowdocument

- by iBe

I'm trying to write a background worker that processes a flowdocument. I can't access the properties of flowdocument objects because of the thread verification. I tried to serialize the document and loaded it on the worker thread which actually solved the thread verfication issue. However, once the processing is complete I also need to use things like TextPointer objects. Those objects now point to a objects in the copy not the original. Can anyone suggest the best way to approach such background processing in WPF?

Read the article
how to automate / script processes like signups .

- by silverkid

which is the best tool for this - Automation of signup process to a website , e.g an email signup The tool should be able to take data from an external data file like an excel of csv file this data file would contain data such as first name , last name , username, password etc. basic data required during an email signup . I am imagining the data file to contain of each field in a seperate column and each row to contain data for different registration / user. At the places where manual intervention is required like image verification etc. the tool should be able to pause the script until manual bit is done then continue with the script. What is the best way to do this - an automation tool , or any scripting language - please suggest .

Read the article
Get the ID of user that like my page.

- by jon

Hello I would like to know if there is any API feature that can tell me which users liked my application page. I know that it is possible to check if a user is a fan of any given Page using page.isFan verification or to get the number of fans. But is it possible to get the fans' User ID? If so, is it possible to get that data ordered by the date they became fans of the page? For exemple usign FQL i can get the user ID of someone o like an facebook object like post or photo. http://developers.facebook.com/docs/reference/fql/like Can i do this for the people who liked my page? Thanks for any help or guideline .

Read the article
ASP.NET MVC UpdateModel - fields vs properties??

- by mrjoltcola

I refactored some common properties into a base class and immediately my model updates started failing. UpdateModel() and TryUpdateModel() did not seem to update inherited public properties. I cannot find detailed info on MSDN nor Google as to the rules or semantics of these methods. The docs are terse (http://msdn.microsoft.com/en-us/library/dd470933.aspx), simply stating: Updates the specified model instance using values from the controller's current value provider. SOLVED: MVC.NET does indeed handle inherited properties just fine. This turned out to have nothing to do with inheritance. My base class was implemented with public fields, not properties. Switching them to formal properties (adding {get; set; }) was all I needed. This has bitten me before, I keep wanting to use simple, public fields. I would argue that fields and properties are syntactically identical, and could be argued to be semantically equivalent, for the user of the class.

Read the article
Grand Central Strategy for Opening Multiple Files

- by user276632

I have a working implementation using Grand Central dispatch queues that (1) opens a file and computes an OpenSSL DSA hash on "queue1", (2) writing out the hash to a new "side car" file for later verification on "queue2". I would like to open multiple files at the same time, but based on some logic that doesn't "choke" the OS by having 100s of files open and exceeding the hard drive's sustainable output. Photo browsing applications such as iPhoto or Aperture seem to open multiple files and display them, so I'm assuming this can be done. I'm assuming the biggest limitation will be disk I/O, as the application can (in theory) read and write multiple files simultaneously. Any suggestions? TIA

Read the article
"Unable to find a version of the runtime to run this application" running .NET app in virtual XP mac

- by Pete

I've written a few winform apps in .net 2.0 which won't run in a virtual XP (running from VirtualBox). I get the error "unable to find a version of the runtime to run this application" (.NET Framework Initialization Error). I've tried fixing the installation of .net and also installing v3.5. I think it's probably a security issue rather than a framework problem, but i'm running under an administrator account. Other .net apps (2.0) run ok, so it might be a strong name/signing problem. I've tried compiling them completely unsigned and also delay signing them with a key and turning on verification skipping with the sn tool. help greatly appreciated!

Read the article
Are there such things as Email Hooks?

- by viatropos

After hearing about git commit hooks, I was thinking maybe there are such things as email hooks... Is it possible for me to build a program that says "hey, you just received an email, now run this ruby script"? Something like a GMail Web Hook. Is there anything out there like that? I mean I could build a cron thing that checked my email all the time, but maybe there's a more formal way. Looking for an online email system to do this with, not say my Mac Mail.

Read the article
Does DataType DataAnnotation Check the Expression?

- by Jason

I am currently using DataAnnotations within my ASP.NET MVC website to ensure data is properly validated. One question I wanted to verify (I think I know the answer, but I can't find verification online) - does the DataType DataAnnotation perform regular expression checks to ensure that you have received a valid e-mail/phone/currency/etc? [Required(ErrorMessage = "Price required")] [DataType(DataType.Currency, ErrorMessage = "Not a valid price")] [Range(0, double.MaxValue, ErrorMessage = "Price must be greater than 0.")] public decimal Price { get; set; } I believe the answer is no (meaning I have to provide my own, custom, RegularExpressionAttribute), but I wanted to double check before I do that for various field types.

Read the article
What is more interesting or powerful: Curry/Mercury/Lambda-Prolog/your suggestion.

- by Bubba88

Hi! I would like to ask you about what formal system could be more interesting to implement from scratch/reverse engineer. I've looked through some existing and rather open (open in the sense of free/open-source) projects of logical/declarative programming systems. I've decided to make up something similar in my free time, or at least to catch the general idea of implementation. It would be great if some of these systems would provide most of the expressive power and conciseness of modern academic investigations in logic and it's relation with computational models. What would you recommend to study at least at the conceptual level? For example, Lambda-Prolog is interesting particularly because it allows for higher order relations, but AFAIK (I might really be mistaken :)) is based on intuitionist logic and therefore lack the excluded-middle principle; that's generally a disatvantage for me.. I would also welcome any suggestions about modern logical programming systems which are less popular but more expressive/powerful. I guess, this question will need refactoring, but thank you in advance! :)

Read the article
tool for adding parentheses to equations?

- by jedierikb

Is there an online tool for adding parentheses to simple math equations? For example, a + b * c into a + (b * c) Those who paid more attention in math class might be able to tackle order of operations for huge equations in their head, but I could often use some help (and verification of my thinking). I often encounter other people's libraries having equations and functions I need for my code, and this would be kind of helpful for debugging and understanding. I was hoping Wolfram Alpha would do this, but the output is not easy to plug back into most programming languages e.g. a + (bc)

Read the article
What's the best way to clear the slate with your team

- by Jonathan

I work largely as an architect, and have developed a pretty big enterprise application based on SOA. Turns out my teamleader has been skilling up the indians behind my back even though I've been spending time and effort preparing a formal handover (to describe the design decisions and why). It just breeds lack of trust and sends the wrong message about the value of my work. Now I'm too furious to even talk to anyone. Do I sit in silence for the next 3 weeks waiting for my transfer?

Read the article
Rails app + gmail smtp + heroku hosting + godaddy domain

- by sagivo

i'm trying to define a way to send emails using gmail. it all works fine on localhost but when i deploy to heroku nothing happens. i guess it has something to do with GoDaddy MX records? here is what i tried: ActionMailer::Base.smtp_settings = { :address => "smtp.gmail.com", :port => 587, :domain => "gmail.com", :user_name => "my_user", :password => "my_pass", :authentication => "plain", :enable_starttls_auto => true } i can't change the GoDaddy MX records since i'm forwording some emails from there to my Gmail account. am i missing something? EDIT- it turns out the problem was with my Gmail account. all i needed to turn off the 2-step verification. Problem solved.

Read the article
Forbid developer to commit code because of making weekly build

- by Xinwang

Our development team (about 40 developers) has a formal build every two weeks. We have a process that in the "build day", every developers are forbiden to commit code into SVN. I don't think this is a good idea because: Build will take days (even weeks in bad time) to make and BVT. People couldn't comit code as they will, they will not work. People will comit all codes in a hurge pack, so the common is hard to write. I want know if your team has same policy, and if not how do you take this situation. Thanks

Read the article
Right recursive grammar or left recursive?

- by user2485710

I have little to no knowledge of what I'm about to ask, so I would like a suggestion based on the level of skills required to implemented a parser for the given grammar ( since I'm a beginner in this kind of formal approach to parsers and languages ). Just by going back of a couple of years, this situation reminds me a little of Pascal grammar vs C/C++ grammar, this left vs right stuff. But I'm not going to do any of that, my purpose is to implement a simple parser for a markup language for documents like Markdown. So considering that I'm starting with a markup language in mind, I want to keep things simple, which is the easiest one to handle between this 2 options and why . Another kind of grammar could be an easier option for me ? If yes which one do you suggest ?

Read the article
Problem compiling bison & flex program under vc++

- by Eric

I'm using bison & flex (downloaded via cygwin) with vc++. When I compile the program I got an error: ...: fatal error C1083: Cannot open include file: 'unistd.h': No such file or directory The corresponding code in the flex-generated file is: #ifndef YY_NO_UNISTD_H /* Special case for "unistd.h", since it is non-ANSI. We include it way * down here because we want the user's section 1 to have been scanned first. * The user has a chance to override it with an option. */ /* %if-c-only */ #include <unistd.h> /* %endif */ /* %if-c++-only */ /* %endif */ #endif If I define YY_NO_UNISTD_H in the flex file(.l) this error will disappear, but I get several other errors: ...: error C2447: '{' : missing function header (old-style formal list?) ...: warning C4018: '<' : signed/unsigned mismatch ...: error C3861: 'isatty': identifier not found How can I fix this problem?

Read the article
Signature of Collections.min/max method

- by Marco

In Java, the Collections class contains the following method: public static <T extends Object & Comparable<? super T>> T min(Collection<? extends T> c) Its signature is well-known for its advanced use of generics, so much that it is mentioned in the Java in a Nutshell book and in the official Sun Generics Tutorial. However, I could not find a convincing answer to the following question: Why is the formal parameter of type Collection<? extends T>, rather than Collection<T>? What's the added benefit?

Read the article
Fitch Format Proofs - any resources around?

- by devoured elysium

I am currently studying Fitch Format first order logic proofs. My lecturer follows closely Language, Proof and Logic by Jon Barwise. I am trying to do some proofs but I am having some trouble getting to understand how to do these proofs. As I have already read what Language Proof and Logic has to offer, I'd like to know if there are any other books or resources around that use the Fitch format for their formal proofs. Plus, having solved exercises would be of great(!) help. Thanks

Read the article
How to verify a digital signature with openssl

- by Aaron Carlino

I'm using a thirdparty credit card processing service (Paybox) that, after a successful transaction, redirects back to the website with a signature in the URL as a security measure to prevent people from manipulating data. It's supposed to prove that the request originated from this service. So my success URL looks something like this: /success.php?signature=[HUGE HASH] I have no idea where to start with verifying this signature. This service does provide a public key, and I assume I need to create a private key, but I don't know much beyond that. I'm pretty good with linux, and I know I'll have to run some openssl commands. I'm writing the verification script in PHP, which also has native openssl() functions. If anyone could please push me in the right direction with some pseudo code, or even functional code, I'd be very grateful. Thanks.

Read the article
Where is Google Wallet Merchant PostBack Settings

- by kstubs

This is part rant part question. The rant is: I am so confused with Google Wallet/Checkout/InApp/Store/blah blah blah.. And, I find it incredibly difficult to not only login but to navigate my way around. Logging in is a quest in itself, I often find myself logging into Google Wallet, but I need the Sell/Merchant site usually. Enough Rant Can someone please tell me how to find my PostBack Url setting for an InApp Google Wallet purchase verification? Right now I'm logged into wallet.google.com/merchant and I swear this setting is no where to be found. I'm looking for this equivelant: https://sandbox.google.com/checkout/inapp/merchant/settings.html Thanks, Karl..

Read the article
.NET Recaptcha https

- by TygerKrash

We've started using the ASP.NET recaptcha control and it works fine. but one of the requirements we have is that all outbound traffic goes over Https. I know that recaptcha supports https, but It's not clear how to configure (or even if it is configurable) when using the ASP.NET plugin option. has anyone got any experience of this? I'll expand a little on what I've found so far.... The Recaptcha package contains 3 public classes RecaptchaControl, RecaptchaValidator and RecaptchaResponse RecaptchaControl is an Asp.NET control, the recaptcha specific methods on there seem to be concerning themes/look and feel. An instance of the Validator has a RemoteIP field (which I presume would represent the verification server), but I can't a way of binding that to the control. RecaptchaResponse seems to more or less represent an enum with possible responses (valid/invalid/failed to connect).

Read the article
How to Format Code in Research Reports

- by RoseOfJericho

I am currently writing a formal research report, and I'll be including code with this report. Question: Is there an accepted way of displaying code in research reports? I'm thinking both in terms of font, spacing, et cetera, and whether the code should be displayed inside the document, or in an appendix. The code will be JavaScript and PHP. None of the sections of code will be more than 25 lines (so they're mere snippets). There will be approx. half a dozen snippets. Each of the snippets will have a couple of paragraphs explaining what is happening in the code, and a discussion on its pros/cons. I have no contact with the body the report will be submitted to, and they have no published guidelines on how to format code (please do not question these points). Any help considered and appreciated.

Read the article
Creating lib file from java jar using mingw/gcj

- by Xinus

I am trying to convert jar file to native lib file using mingw-gcj under windows platform it is thrown me the error as C:\testDir\libs>gcj -o glassfish-embedded-all-3.1-SNAPSHOT.lib glassfish-embedde d-all-3.1-SNAPSHOT.jar com/sun/codemodel/JAnonymousClass.java: In class 'com.sun.codemodel.JAnonymousCl ass': com/sun/codemodel/JAnonymousClass.java: In constructor '(com.sun.codemodel.JClas s,com.sun.codemodel.JCodeModel)': In file included from com/sun/codemodel/CodeWriter.java:15, from <built-in>:3: com/sun/codemodel/JAnonymousClass.java:21: error: verification failed at PC=3: c onstant pool index out of range com/sun/codemodel/JAnonymousClass.java:21: confused by earlier errors, bailing o ut Is it related to some java 1.6 issue or bug in gcj /

Read the article
Where can I find a proper JavaScript beautifier

- by Ernelli

I have used http://jsbeautifier.org/ successfully using Rhino and ant, but the problem is that it is not deterministic. If you run the beautifier twice on a file the result is different from each time, e.g. each pass inserts additional array intendation on some lines. I have spent a lot of time debugging the code in beautify.js and have made some workarounds for comment handling, but the array indentation bug is annoying. Is there a correct and properly working JS code formatter anywhere that can be used as part of a source code indentation verification system? EDIT I have now tested with preserve-array-formating disabled, and it seems that it solves the problem. Too bad, since preserve-array-formating is quite useful with large array constructs.

Read the article

< Previous Page | 25 26 27 28 29 30 31 32 33 34 35 36 | Next Page >