Search Results

Search found 4028 results on 162 pages for 'mysqld safe'.

Page 32/162 | < Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39  | Next Page >

  • Is using advanced constructs (function, new, function calls) in JSON safe?

    - by Vilx-
    JSON is a nice way to pass complex data from my server side code to client side JavaScript. For example, in PHP I can write: <script type="text/javascript> var MyComplexVariable = <?= BigFancyObjectGraph.GetJSON() ?>; DoMagic(MyComplexVariable); </script> This is pretty cool, but sometimes you want to pass more than basic date, like dates or even function definitions. There is a simple and straightforward way of doing it too, like: <script type="text/javascript> var MyComplexVariable = { 'SimpleProperty' : 42, 'FunctionProperty' : function() { return 6*7; }, 'DateProperty' : new Date(989539200000), 'ArbitraryProperty' : GetTheMeaningOfLifeUniverseAndEverything() }; DoMagic(MyComplexVariable); </script> And this works like a charm on all browsers I've seen so far. But according to JSON.org such syntax is invalid. On the other hand, I've seen this syntax being used in very many places, including some popular JavaScript frameworks. So... Can I expect any problems if I use "unsupported" JSON features like the above? Why is it wrong or not?

    Read the article

  • In mysql, is "explain ..." always safe?

    - by tye
    If I allow a group of users to submit "explain $whatever" to mysql (via Perl's DBI using DBD::mysql), is there anything that a user could put into $whatever that would make any database changes, leak non-trivial information, or even cause significant database load? If so, how? I know that via "explain $whatever" one can figure out what tables / columns exist (you have to guess names, though) and roughly how many records are in a table or how many records have a particular value for an indexed field. I don't expect one to be able to get any information about the contents of unindexed fields. DBD::mysql should not allow multiple statements so I don't expect it to be possible to run any query (just explain one query). Even subqueries should not be executed, just explained. But I'm not a mysql expert and there are surely features of mysql that I'm not even aware of. In trying to come up with a query plan, might the optimizer actual execute an expression in order to come up with the value that an indexed field is going to be compared against? explain select * from atable where class = somefunction(...) where atable.class is indexed and not unique and class='unused' would find no records but class='common' would find a million records. Might 'explain' evaluate somefunction(...)? And then could somefunction(...) be written such that it modifies data?

    Read the article

  • How to design authentication in a thick client, to be fail safe?

    - by Jay
    Here's a use case: I have a desktop application (built using Eclipse RCP) which on start, pops open a dialog box with 'UserName' and 'Password' fields in it. Once the end user, inputs his UserName and Password, a server is contacted (a spring remote-servlet, with the client side being a spring httpclient: similar to the approaches here.), and authentication is performed on the server side. A few questions related to the above mentioned scenario: If said this authentication service were to go down, what would be the best way to handle further proceedings? Authentication is something that I cannot do away with. Would running the desktop client in a "limited" mode be a good idea? For instance, important features/menus/views will be disabled, rest of the application will be accessible? Should I have a back up authentication service running on a different machine, working as a backup? What are the general best-practices in this scenario? I remember reading about google gears and how it would let you edit and do stuff offline - should something like this be designed? Please let me know your design/architectural comments/suggestions. Appreciate your help.

    Read the article

  • How do I create a safe local development environment?

    - by docgnome
    I'm currently doing web development with another developer on a centralized development server. In the past this has worked alright, as we have two separate projects we are working on and rarely conflict. Now, however, we are adding a third (possible) developer into the mix. This is clearly going to create problems with other developers changes affecting my work and vice versa. To solve this problem, I'm thinking the best solution would be to create a virtual machine to distribute between the developers for local use. The problem I have is when it comes to the database. Given that we all develop on laptops, simply keeping a local copy of the live data is plain stupid. I've considered sanitizing the data, but I can't really figure out how to replace the real data, with data that would be representative of what people actually enter with out repeating the same information over and over again, e.g. everyone's address becomes 123 Testing Lane, Test Town, WA, 99999 or something. Is this really something to be concerned about? Are there tools to help with this sort of thing? I'm using MySQL. Ideally, if I sanitized the db it should be done from a script that I can run regularly. If I do this I'd also need a way to reduce the size of the db itself. (I figure I could select all the records created after x and whack them and all the records in corresponding tables out so that isn't really a big deal.) The second solution I've thought of is to encrypt the hard drive of the vm, but I'm unsure of how practical this is in terms of speed and also in the event of a lost/stolen laptop. If I do this, should the vm hard drive file itself be encrypted or should it be encrypted in the vm? (I'm assuming the latter as it would be portable and doesn't require the devs to have any sort of encryption capability on their OS of choice.) The third is to create a copy of the database for each developer on our development server that they are then responsible to keep the schema in sync with the canonical db by means of migration scripts or what have you. This solution seems to be the simplest but doesn't really scale as more developers are added. How do you deal with this problem?

    Read the article

  • Is it safe to delete rotated MySQL binary logs?

    - by Milan Babuškov
    I have a MySQL server with binary logging active. Once a days logs file is "rotated", i.e. MySQL seems to stop writing to it and creates and new log file. For example, I currently have these files in /var/lib/mysql -rw-rw---- 1 mysql mysql 10485760 Jun 7 09:26 ibdata1 -rw-rw---- 1 mysql mysql 5242880 Jun 7 09:26 ib_logfile0 -rw-rw---- 1 mysql mysql 5242880 Jun 2 15:20 ib_logfile1 -rw-rw---- 1 mysql mysql 1916844 Jun 6 09:20 mybinlog.000004 -rw-rw---- 1 mysql mysql 61112500 Jun 7 09:26 mybinlog.000005 -rw-rw---- 1 mysql mysql 15609789 Jun 7 13:57 mybinlog.000006 -rw-rw---- 1 mysql mysql 54 Jun 7 09:26 mybinlog.index and mybinlog.000006 is growing. Can I simply take mybinlog.000004 and mybinlog.000005, zip them up and transfer to another server, or I need to do something else before? What info is stored in mybinlog.index? Only the info about the latest binary log? UPDATE: I understand I can delete the logs with PURGE BINARY LOGS which updates mybinlog.index file. However, I need to transfer logs to another computer before deleting them (I test if backup is valid on another machine). To reduce the transfer size, I wish to bzip2 the files. What will PURGE BINARY LOGS do if log files are not "there" anymore?

    Read the article

  • Why is it safe to use copy & paste in Flash but not in Javascript?

    - by Lenni
    I'm trying to use copy'n paste in one of my web apps and have read a few articles/SO questions about it. Most people say that using Flash is the only option since most browsers don't allow access to the system clipboard because of security concerns. I can understand this but I wonder why it is okay for Flash do this, but not for the browser. Or has it got nothing to do with security and it is simply to complicated to implement this for cross-platform browser vendors?

    Read the article

  • mysql timeout - c/C++

    - by user1262876
    Guys i'm facing a problem with this code, the problem is the timeout by timeout i mean the time it takes the program to tell me if the server is connected or not. If i use my localhost i get the answer fast, but when i connect to outside my localhost it takes 50sc - 1.5 min to response and the program frezz until it done. HOw can i fix the frezzing, or make my own timeout, like if still waiting after 50sc, tell me connection failed and stop? please use codes as help, becouse i would understand it better, thanks for any help i get PS: USING MAC #include "mysql.h" #include <stdio.h> #include <stdlib.h> // Other Linker Flags: -lmysqlclient -lm -lz // just going to input the general details and not the port numbers struct connection_details { char *server; char *user; char *password; char *database; }; MYSQL* mysql_connection_setup(struct connection_details mysql_details) { // first of all create a mysql instance and initialize the variables within MYSQL *connection = mysql_init(NULL); // connect to the database with the details attached. if (!mysql_real_connect(connection,mysql_details.server, mysql_details.user, mysql_details.password, mysql_details.database, 0, NULL, 0)) { printf("Conection error : %s\n", mysql_error(connection)); exit(1); } return connection; } MYSQL_RES* mysql_perform_query(MYSQL *connection, char *sql_query) { // send the query to the database if (mysql_query(connection, sql_query)) { printf("MySQL query error : %s\n", mysql_error(connection)); exit(1); } return mysql_use_result(connection); } int main() { MYSQL *conn; // the connection MYSQL_RES *res; // the results MYSQL_ROW row; // the results row (line by line) struct connection_details mysqlD; mysqlD.server = (char*)"Localhost"; // where the mysql database is mysqlD.user = (char*)"root"; // the root user of mysql mysqlD.password = (char*)"123456"; // the password of the root user in mysql mysqlD.database = (char*)"test"; // the databse to pick // connect to the mysql database conn = mysql_connection_setup(mysqlD); // assign the results return to the MYSQL_RES pointer res = mysql_perform_query(conn, (char*) "SELECT * FROM me"); printf("MySQL Tables in mysql database:\n"); while ((row = mysql_fetch_row(res)) !=NULL) printf("%s - %s\n", row[0], row[1], row[2]); // <-- Rows /* clean up the database result set */ mysql_free_result(res); /* clean up the database link */ mysql_close(conn); return 0; }

    Read the article

  • Are there really safe and legal resources for sound effects to use in applications?

    - by mystify
    For those who want to opt for "close" immediately: Great user interfaces need great sound effects, right? User interfaces are programmed by programmers, right? So this is a programming question, ok? I had a very hard time to find good and legal sound resources. I am not looking for free sounds. Proper licensing is absolutely crucial, and I don't want to get sued by multibilliondollar music companies, hollywood sound studios and their highly overpaid lawyers. They cry about people downloading their stuff in file sharing sites but when someone comes and wants to really license stuff, the market is so empty like an open and unwatched gold mine. Trust me, whatever I type into google, I always end up getting sort of opaque and strange music libraries that do charge money, but refuse to provide proper licensing evidence to the licensee. When you pay money and they only count how many files you downloaded, that can never be a valid license, nor any evidence for you that you did license the sounds. Imagine that contributor suing you and you say: "I licensed it at xy", and his lawyer just smiles: "Show me proof, mofo!". So you loose a million dollars, or 1 for every downloaded app. Congrats. But that's the way all those "hey we're the worlds largest sound effect library" libraries are doing it. It's really annoying. And I hope someone here is able to point out a sound effects ressource which is A) big B) used by professinals C) has a reasonable pricing and licensing model D) provides the licensee with proper legal evidence about licensed sounds You know, I'm not from the US and typically you US folks are the ones who invent the cool stuff on the net, and maybe I just missed a new great start up. So?

    Read the article

  • How do I make a defaultdict safe for unexpecting clients?

    - by ~miki4242
    Several times (even several in a row) I've been bitten by the defaultdict bug. d = defaultdict(list) ... try: v = d["key"] except KeyError: print "Sorry, no dice!" For those who have been bitten too, the problem is evident: when d has no key 'key', the v = d["key"] magically creates an empty list and assigns it to both d["key"] and v instead of raising an exception. Which can be quite a pain to track down if d comes from some module whose details one doesn't remember very well. I'm looking for a way to take the sting out of this bug. For me, the best solution would be to somehow disable a defaultdict's magic before returning it to the client.

    Read the article

  • Is it safe to develop for older versions of Zend Framework?

    - by RenderIn
    Our vendor-supported server's O/S only supports PHP 5.1.6, which limits us to ZF 1.6. The current version of Zend Framework requires a higher version of PHP. We're struggling to decide whether to adopt ZF because of this incompatibility. Is it feasible to develop (indefinitely) in these older versions of ZF or should we hold off? Features, security, bugs, etc. Is this a path we don't want to go down or are these older versions perfectly usable in a production environment?

    Read the article

  • Password verification; Is this way of doing it safe?

    - by Camran
    I have a classifieds website, where everybody may put ads of their products. For each classified, the user has to enter a password (so that they can delete the classified whenever they wish). So basically, when somebody wants to delete a classified, they click on the classified, click on the delete button, and enter the pass. I use MySql as a database. I use this code basically: if ($pass==$row['poster_password']) where row[poster_password] is fetched from MySql... What do you think? Thanks

    Read the article

  • Is it safe to use a subversion feature branch after reintegrate-merged to trunk?

    - by ripper234
    Must a feature branch be deleted after it's merged (reintegrated) back to trunk? I prefer to constantly merge changes back and forth from my feature branch - I believe this keeps the conflicts to a minimum. Yet I understand that once you use the reintegrate merge to trunk, a feature branch should be deleted. Is it so? Why? What can I do to circumvent this? Update I'm asking about technical problems that come from the tool, not "methodology concerns". I intend to keep working on the feature branch after the merge. Update the top answer indeed specifies a rather complex procedure (merge, delete & rebranch). Is there an easy way to accomplish this in TortoiseSVN? Shouldn't there be?

    Read the article

  • Issue changing innodb_log_file_size

    - by savageguy
    I haven't done much tweaking in the past so this might be relatively easy however I am running into issues. This is what I do: Stop MySQL Edit my.cnf (changing innodb_log_file_size) Remove ib_logfile0/1 Start MySQL Starts fine however all InnoDB tables have the .frm file is invalid error, the status shows InnoDB engine is disabled so I obviously go back, remove the change and everything works again. I was able to change every other variable I've tried but I can't seem to find out why InnoDB fails to start even after removing the log files. Am I missing something? Thanks. Edit: Pasting of the log below - looks like it still seems to find the log file even though they are not there? Shutdown: 090813 10:00:14 InnoDB: Starting shutdown... 090813 10:00:17 InnoDB: Shutdown completed; log sequence number 0 739268981 090813 10:00:17 [Note] /usr/sbin/mysqld: Shutdown complete Startup after making the changes: InnoDB: Error: log file ./ib_logfile0 is of different size 0 5242880 bytes InnoDB: than specified in the .cnf file 0 268435456 bytes! 090813 11:00:18 [Warning] 'user' entry '[email protected]' ignored in --skip-name-resolve mode. 090813 11:00:18 [Note] /usr/sbin/mysqld: ready for connections. Version: '5.0.81-community-log' socket: '/var/lib/mysql/mysql.sock' port: 3306 MySQL Community Edition (GPL) 090813 11:00:19 [ERROR] /usr/sbin/mysqld: Incorrect information in file: './XXXX/User.frm' 090813 11:00:19 [ERROR] /usr/sbin/mysqld: Incorrect information in file: './XXXX/User.frm' 090813 11:00:19 [ERROR] /usr/sbin/mysqld: Incorrect information in file: './XXXX/User.frm' Its just a spam of the same error until I correct it When it did start after it recreated the log files so it must be looking in the same spot I am.

    Read the article

  • Is it safe to modify CCK tables by hand?

    - by LanguaFlash
    I'm not intimately familiar with CCK but I have a one-time custom setup and know that I could get some performance gains if I created indexes and changed the field type and length of some of the fields in my CCK table. Is it save to modify this table at all or will I end up destroying something in the process? Thanks

    Read the article

  • Ways to make (relatively) safe assumptions about the type of concrete subclasses?

    - by Kylotan
    I have an interface (defined as a abstract base class) that looks like this: class AbstractInterface { public: bool IsRelatedTo(const AbstractInterface& other) const = 0; } And I have an implementation of this (constructors etc omitted): class ConcreteThing { public: bool IsRelatedTo(const AbstractInterface& other) const { return m_ImplObject.has_relationship_to(other.m_ImplObject); } private: ImplementationObject m_ImplObject; } The AbstractInterface forms an interface in Project A, and the ConcreteThing lives in Project B as an implementation of that interface. This is so that code in Project A can access data from Project B without having a direct dependency on it - Project B just has to implement the correct interface. Obviously the line in the body of the IsRelatedTo function cannot compile - that instance of ConcreteThing has an m_ImplObject member, but it can't assume that all AbstractInterfaces do, including the other argument. In my system, I can actually assume that all implementations of AbstractInterface are instances of ConcreteThing (or subclasses thereof), but I'd prefer not to be casting the object to the concrete type in order to get at the private member, or encoding that assumption in a way that will crash without a diagnostic later if this assumption ceases to hold true. I cannot modify ImplementationObject, but I can modify AbstractInterface and ConcreteThing. I also cannot use the standard RTTI mechanism for checking a type prior to casting, or use dynamic_cast for a similar purpose. I have a feeling that I might be able to overload IsRelatedTo with a ConcreteThing argument, but I'm not sure how to call it via the base IsRelatedTo(AbstractInterface) method. It wouldn't get called automatically as it's not a strict reimplementation of that method. Is there a pattern for doing what I want here, allowing me to implement the IsRelatedTo function via ImplementationObject::has_relationship_to(ImplementationObject), without risky casts? (Also, I couldn't think of a good question title - please change it if you have a better one.)

    Read the article

  • What is better and why to use List as thread safe: BlockingCollection or ReaderWriterLockSlim or lock?

    - by theateist
    I have System.Collections.Generic.List _myList and many threads can read from it or add items to it simultaneously. From what I've read I should using 'BlockingCollection' so this will work. I also read about ReaderWriterLockSlim' and 'lock', but I don't figure out how to use them instead ofBlockingCollection`, so my question is can I do the same with: ReaderWriterLockSlim lock instead of using 'BlockingCollection'. If YES, can you please provide simple example and what pros and cons of using BlockingCollection, ReaderWriterLockSlim, lock?

    Read the article

  • Email server; Is this method spam-safe?

    - by Camran
    I have a classifieds website, and on each classified there is a tip-form where users may tip a friend about the classified. The tip-forms' action is set to a php-page, which mails the email after sanitizing etc... I have to filter away spam etc so that my email-server don't get blacklisted or anything... I have my own server (VPS, Linux) and have thought about a solution... How does this sound to you: 1- Install a mail-server 2- Configure Firewall to ONLY allow connections to the mail-server from my website 3- Configure the mail-server so that a maximum of 'x' emails may be sent every 5 minutes or so 4- Create a php filter before sending the mail, which checks for 'bad' words. 5- If necessary, as last resort, ask the user a question (ex 5+5) before submitting form I would rather preferr if I didn't have to implement the 5th implementation above... What do you think? Also, another q I have that you may answer is: If an email-server gets blacklisted, is there any way to un-blacklist it? Or whats the solution if this happens? Thanks

    Read the article

  • Casting/dereferencing member variable pointer from void*, is this safe?

    - by Damien
    Hi all, I had a problem while hacking a bigger project so I made a simpel test case. If I'm not omitting something, my test code works fine, but maybe it works accidentally so I wanted to show it to you and ask if there are any pitfalls in this approach. I have an OutObj which has a member variable (pointer) InObj. InObj has a member function. I send the address of this member variable object (InObj) to a callback function as void*. The type of this object never changes so inside the callback I recast to its original type and call the aFunc member function in it. In this exampel it works as expected, but in the project I'm working on it doesn't. So I might be omitting something or maybe there is a pitfall here and this works accidentally. Any comments? Thanks a lot in advance. (The problem I have in my original code is that InObj.data is garbage). #include <stdio.h> class InObj { public: int data; InObj(int argData); void aFunc() { printf("Inside aFunc! data is: %d\n", data); }; }; InObj::InObj(int argData) { data = argData; } class OutObj { public: InObj* objPtr; OutObj(int data); ~OutObj(); }; OutObj::OutObj(int data) { objPtr = new InObj(data); } OutObj::~OutObj() { delete objPtr; } void callback(void* context) { ((InObj*)context)->aFunc(); } int main () { OutObj a(42); callback((void*)a.objPtr); }

    Read the article

  • C++: is it safe to read an integer variable that's being concurrently modified without locking?

    - by Hongli
    Suppose that I have an integer variable in a class, and this variable may be concurrently modified by other threads. Writes are protected by a mutex. Do I need to protect reads too? I've heard that there are some hardware architectures on which, if one thread modifies a variable, and another thread reads it, then the read result will be garbage; in this case I do need to protect reads. I've never seen such architectures though. This question assumes that a single transaction only consists of updating a single integer variable so I'm not worried about the states of any other variables that might also be involved in a transaction.

    Read the article

< Previous Page | 28 29 30 31 32 33 34 35 36 37 38 39  | Next Page >