Search Results

Search found 30819 results on 1233 pages for 'software security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 324/1233 | < Previous Page | 320 321 322 323 324 325 326 327 328 329 330 331  | Next Page >

  • Do you take the pain of learning it or use an out of the box solution?

    - by Mantorok
    Hi all What I'm getting at here is being presented with a control or framework that does 95% of what you want but has its shortcomings when opposed to learning how to do it yourself. To give a good example (ASP.Net) UpdatePanel vs DIY JS/JSON. The UpdatePanel gives you AJAX instantly without doing anything additional, however I've come to learn that its shortcomings are mainly that it's a bit of a hack and performs badly on busy pages and I've found myself having to scrap UpdatePanels in favour of rolling my own JS, and I've now made it a habit to fully investigate any shortcomings in out-of-the-box solutions, as I've been stung by this experience. So I guess what I'm asking is: Is it better to find out how to DIY or is it considered a better approach to try the available solution and risk going a full circle? Obviously I've only targetted a single control, but it is a very attractive control to people learning AJAX - I'm sure there are others out there. Sorry if dupliate. Thanks

    Read the article

  • Is a class that is hard to unit test badly designed?

    - by Extrakun
    I am now doing unit testing on an application which was written over the year, before I started to do unit-testing diligently. I realized that the classes I wrote are hard to unit test, for the following reasons: Relies on loading data from database. Which means I have to setup a row in the table just to run the unit test (and I am not testing database capabilities). Requires a lot of other external classes just to get the class I am testing to its initial state. On the whole, there don't seem to be anything wrong with the design except that it is too tightly coupled (which by itself is a bad thing). I figure that if I have written automated test cases with each of the class, hence ensuring that I don't heap extra dependencies or coupling for the class to work, the class might be better designed. Does this reason holds water? What are your experiences?

    Read the article

  • How secure is my website?

    - by Doug
    As a beginning web developer, I try my best to clean up all the user inputs through checks and what not. However, today, I found out my website was hacked (I'll share their website on request) and it really made my wonder how did they do it. I'm in the process of getting my website back together. What should I do to prevent these things? Is there people I should talk to and ask how secure my website is? What can I do to to keep my website safe?

    Read the article

  • javascript on twitter to prevent embedding the html page.

    - by Reginald
    This is the javascript that you can find in www.twitter.com (just click to see the source code) I have just reformatted it for clarity: if (window.top !== window.self) { document.write = ""; window.top.location = window.self.location; setTimeout(function() { document.body.innerHTML = ''; }, 1); window.self.onload = function(evt) { document.body.innerHTML = ''; }; } now I understand this trick is to prevent other sites to wrap twitter in other iframes. but what I want to ask is do we really need all of this code ? what's the need of setting a function to execute in 1 millisecond, one to execute at 'onload' and one now. is that paranoia or is it really worth ? Many THanks in advance Reg

    Read the article

  • Solutions for redundant server and client code?

    - by Fragsworth
    In our system, the code which exists on the client side (in Flash and Javascript) mirrors the code that exists on the server side (e.g. in Python or PHP), normally with respect to the models, the methods available for those models, and the unit tests written for them. This becomes a problem in systems where you want to minimize data transfer (e.g. multiplayer games). I do not want to write the same code and unit tests redundantly for both the client and server, but I don't know of any standard solutions to deal with this. Basically, I want a language/compiler which can produce models and methods for three main languages: Actionscript, Javascript, and any server language. Does something like this exist?

    Read the article

  • Packaging an application that uses the ImageMagick C API

    - by John Gardeniers
    I've created a little Windows app that uses the ImageMagick C API but have run into a bit of a brick wall. The app works fine and I'm ready to share it with a few others in our organisation but I can't find documentation on distributing such an app without installing ImageMagick on the target machine. Does anyone here have information, or a link to information, that details how to package this up for distribution? What DLLs are required and which one(s) need to registered with Windows? The target users will be on a mix of XP and Win7.

    Read the article

  • .Net 2.0 ServiceController.GetServices()

    - by Miles
    I've got a website that has windows authentication enable on it. From a page in the website, the users have the ability to start a service that does some stuff with the database. It works fine for me to start the service because I'm a local admin on the server. But I just had a user test it and they can't get the service started. My question is: Does anyone know of a way to get a list of services on a specified computer by name using a different windows account than the one they are currently logged in with? I really don't want to add all the users that need to start the service into a windows group and set them all to a local admin on my IIS server..... Here's some of the code I've got: public static ServiceControllerStatus FindService() { ServiceControllerStatus status = ServiceControllerStatus.Stopped; try { string machineName = ConfigurationManager.AppSettings["ServiceMachineName"]; ServiceController[] services = ServiceController.GetServices(machineName); string serviceName = ConfigurationManager.AppSettings["ServiceName"].ToLower(); foreach (ServiceController service in services) { if (service.ServiceName.ToLower() == serviceName) { status = service.Status; break; } } } catch(Exception ex) { status = ServiceControllerStatus.Stopped; SaveError(ex, "Utilities - FindService()"); } return status; } My exception comes from the second line in the try block. Here's the error: System.InvalidOperationException: Cannot open Service Control Manager on computer 'server.domain.com'. This operation might require other privileges. --- System.ComponentModel.Win32Exception: Access is denied --- End of inner exception stack trace --- at System.ServiceProcess.ServiceController.GetDataBaseHandleWithAccess(String machineName, Int32 serviceControlManaqerAccess) at System.ServiceProcess.ServiceController.GetServicesOfType(String machineName, Int32 serviceType) at TelemarketingWebSite.Utilities.StartService() Thanks for the help/info

    Read the article

  • MVC and conditional formatting - strategies for implementation

    - by Extrakun
    Right now I am writing a simulation program which output is formatted according to certain factors. The question is in a MVC architecture, where is the conditional formatting to be taken place? What are some strategies for implement this feature? FYI, The platform I am using is rather bare-bone in its GUI/front-end execution. To change color and formatting, it requires a change to the formatting state (much like OpenGL).

    Read the article

  • Is it safe to put reference to current user in User model in Rails?

    - by Art Shayderov
    You know, I think I have to check current user in the model callbacks (like before_update). Rather than rely solely on adding where ('something.user_id = ?', 'current_user.id') in the controllers. I need something like Thread.CurrentPrincipal in .NET Is it safe to put reference to current user in User model? I'm sorry I don't really understand how it works under the hood yet. Or how you do it The Rails way? Sorry if this a silly question.

    Read the article

  • Asp.net membership salt?

    - by chobo2
    Hi Does anyone know how Asp.net membership generates their salt key and then how they encode it(ie is it salt + password or password + salt)? I am using sha1 with my membership but I would like to recreate the same salts so the built in membership stuff could hash the stuff the same way as my stuff can. Thanks Edit 2 Never Mind I mis read it and was thinking it said bytes not bit. So I was passing in 128 bytes not 128bits. Edit I been trying to make it so this is what I have public string EncodePassword(string password, string salt) { byte[] bytes = Encoding.Unicode.GetBytes(password); byte[] src = Encoding.Unicode.GetBytes(salt); byte[] dst = new byte[src.Length + bytes.Length]; Buffer.BlockCopy(src, 0, dst, 0, src.Length); Buffer.BlockCopy(bytes, 0, dst, src.Length, bytes.Length); HashAlgorithm algorithm = HashAlgorithm.Create("SHA1"); byte[] inArray = algorithm.ComputeHash(dst); return Convert.ToBase64String(inArray); } private byte[] createSalt(byte[] saltSize) { byte[] saltBytes = saltSize; RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider(); rng.GetNonZeroBytes(saltBytes); return saltBytes; } So I have not tried to see if the asp.net membership will recognize this yet the hashed password looks close. I just don't know how to convert it to base64 for the salt. I did this byte[] storeSalt = createSalt(new byte[128]); string salt = Encoding.Unicode.GetString(storeSalt); string base64Salt = Convert.ToBase64String(storeSalt); int test = base64Salt.Length; Test length is 172 what is well over the 128bits so what am I doing wrong? This is what their salt looks like vkNj4EvbEPbk1HHW+K8y/A== This is what my salt looks like E9oEtqo0livLke9+csUkf2AOLzFsOvhkB/NocSQm33aySyNOphplx9yH2bgsHoEeR/aw/pMe4SkeDvNVfnemoB4PDNRUB9drFhzXOW5jypF9NQmBZaJDvJ+uK3mPXsWkEcxANn9mdRzYCEYCaVhgAZ5oQRnnT721mbFKpfc4kpI=

    Read the article

  • is it safe to call "plink.exe" in an application

    - by EBAGHAKI
    i want to use "plink.exe -u username -pw securepassword" on my windows visual c++ program. will username and password remain safe while calling this command? I mean can a hacker steal or sniff the username and password? (consider hacker can't get to the password directly from the exe file)

    Read the article

  • What problems do you find with this view on domain-driven design?

    - by Bozho
    I just wrote a long (and messy) blogpost about my view on domain-driven design at present day, with frameworks like spring and hibernate massively in use. I'd ask you to spot any problems with my views on the matter - why this won't work, why it isn't giving the benefits of DDD, why it is not a good idea in general. The blogpost is here (I don't think I need to copy-paste it on SO - if you think I should, tell me). I know the question is subjective, but it is aimed at gathering the most predominant opinions. (I'm tagging Java, since the frameworks discussed are Java frameworks)

    Read the article

  • PHP/MySQL - Working with two databases, one shared and one local to an instance of application

    - by Extrakun
    The situation: Using a off-the-shelf PHP application, I have to add in a new module for extra functionality. Today, it is made known that eventually four different instances of the application are to be deployed, but the data from the new functionality is to be shared among those 4 instances. Each instance should still have their own database for users, content and etc. So the data for the new functionality goes into a 'shared' database. The data for the application (user login, content, uploads) go into a 'local' database To make things more complex, the new module I am writing will fetch data from the local DB and the shared DB at the same time. A re-write of the base application will take too long. I only have control over the new module which I am writing. The ideal solution: Is there a way to encapsulate 2 databases into one name using MySQL? I do not wish to switch DB connections or specifically name the DB to query from inside my SQL statements. The application uses a DB wrapper, so I am able to change it somehow so I can invisibly attempt to read/write to two different DB. What is the best way to handle this problem?

    Read the article

  • Feature Driven Development Model (SDLC)

    - by j-t-s
    Hi All I've been searching all over the internet for days. Does anybody have, or know of, and can share sample Feature Driven Development documents? I keep coming across gazillions of "samples" with absolutely no useful information whatsoever. Thank you jt

    Read the article

  • Is it impossible to secure .net code (intellectual property) ?

    - by JL
    I used to work in JavaScript a lot and one thing that really bothered my employers was that the source code was too easy to steal. Even with obfuscation, nothing really helped, because we all knew that any competent developer would be able to read that code if they wanted to. JS Scripts are one thing, but what about SOA projects that have millions invested in IP (Intellectual Property). I love .net, and especially C#, but I recently again had to answer the question "If we give this compiled program over to our clients, can their developers reverse engineer it?" I had gone out of my way to obfuscate the code, but I knew it wouldn't take that much for another determined C# developer to get at the code. So I earnestly pose the question, is it impossible to secure .net code? The considerations I have as as follows: Even regular native executables can be reversed, but not every developer has the skill to be able to do this. Its a lot harder to disassemble a native executable than a .net assembly. Obfuscation will only get you so far, but it does help a little. Why have I never seen any public acknowledgement by Microsoft that anything written in .net is subject to relatively easy IP theft? Why have I never seen a scrap of counter measure training on any Microsoft site? Why does VS come with a community obfuscater as an optional component? Ok maybe I have just had my head in the sand here, but its not exactly high on most developers priority list. Are there any plans to address my concerns in any future version of .net? I'm not knocking .net, but I would like some realistic answers, thank you, question marked as subjective and community!

    Read the article

  • What design pattern shall I use in this question?

    - by iyad al aqel
    To be frank, this is a homework question, so I'll tell you my opinion. Can you let me know my mistakes rather than giving me the solution? This is the question : Assume a restaurant that only offers the following two types of meals: (a) a full meal and (b)an economic meal. The full meal consists of the following food items and is served in the following order: 1. Appetizer 2. Drink 3. Main dish 4. Dessert Meanwhile the economic meal consists of the following food items and is served in the following order: 1. Drink 2. Main dish Identify the most appropriate design pattern that can be used to allow a customer to only order using one of the two types of meals provided and that the meal components must be served in the given order. I'm confused between the Factory and the Iterator and using them both together. Using the factory Pattern we can create the two meals full and economic and provide the user with with a base object class that will decide upon. But how can we enforce the ordering of the elements, I thought of using the iterator along that will iterate through the the composite of the two created factories sort of speak. What do you think?

    Read the article

  • Which parts of the client certificate to use when uniquely identifying users?

    - by miha
    I'm designing a system where users will be able to register and afterward authenticate with client certificates in addition to username/password authentication. The client certificates will have to be valid certificates issued by a configured list of certificate authorities and will be checked (validated) when presented. In the registration phase, I need to store part(s) of the client certificate in a user repository (DB, LDAP, whatever) so that I can map the user who authenticates with client certificate to an internal "user". One fairly obvious choice would be to use certificate fingerprint; But fingerprint itself is not enough, since collisions may occur (even though they're not probable), so we need to store additional information from the certificate. This SO question is also informative in this regard. RFC 2459 defines (4.1.2.2) that certificate serial number must be unique within a given CA. With all of this combined, I'm thinking of storing certificate serial number and certificate issuer for each registered user. Given that client certificates will be verified and valid, this should uniquely identify each client certificate. That way, even when client certificate is renewed, it would still be valid (serial number stays the same, and so does the issuer). Did I miss something?

    Read the article

  • Developing "Command Line" in .NET?

    - by Sergey Malyan
    Imagine a "search box" on the right top side of the UI Windows Application. When user types a desired action, a matching functionality is executed. Screen gets opened, or action gets performed. For example: user types "create" and intellisence offered next word options "client"/"product", user picks "client", and "Create New Client" screen opens up. So what I am looking for if there is a framework support for this. I assume that framework shall bind together text commands names, commands and show in intellisense. Same framework possibly could have been used in alternative "Command Line interface". I recall Microsoft had some recent framework that helps to setup "command Line Interface" environmental. It is hard to search on web for this keywords, so relying on intelligent help from you guys. Thanks in advance.

    Read the article

  • Can this be imporved? Scrubing of dangerous html tags.

    - by chobo2
    Hi I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • How to write mod_security friendly PHP code?

    - by KPL
    Hello people, I made a theme in WordPress which hit the mod_security rule on HostGator and gave 403 error. I contacted people there(at HostGator) and they fixed it for me. But I don't want my theme to work like this. I just wanted to know if there are any guides/blog post/tutorials telling about writing PHP code which is mod_security friendly? I tried Google, but didn't find anything helpful.

    Read the article

  • Disabling javascript in specific block/div (containing suspect HTML) ?

    - by T4NK3R
    Is it, in any way, possible to disable the browsers execution of script inside a block/section/element ? My scenario is, that I'm letting my (future) users create "rich content" (using CK-editor). Content that wil later be shown to other users - with all the dangers that imply: xss, redirection, identity theft, spam and what not... I've, more or less, given up on trying to "sanitize" the incomming XHTML, after seeing how many known "vectors of attack" there are: http://ha.ckers.org/xss.html What I'm really looking for is something like: < div id="userContent"< scriptOFF suspect HTML < /scriptOFF< /div

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 320 321 322 323 324 325 326 327 328 329 330 331  | Next Page >