Search Results

Search found 5048 results on 202 pages for 'safe browsing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 34/202 | < Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >

  • In mysql, is "explain ..." always safe?

    - by tye
    If I allow a group of users to submit "explain $whatever" to mysql (via Perl's DBI using DBD::mysql), is there anything that a user could put into $whatever that would make any database changes, leak non-trivial information, or even cause significant database load? If so, how? I know that via "explain $whatever" one can figure out what tables / columns exist (you have to guess names, though) and roughly how many records are in a table or how many records have a particular value for an indexed field. I don't expect one to be able to get any information about the contents of unindexed fields. DBD::mysql should not allow multiple statements so I don't expect it to be possible to run any query (just explain one query). Even subqueries should not be executed, just explained. But I'm not a mysql expert and there are surely features of mysql that I'm not even aware of. In trying to come up with a query plan, might the optimizer actual execute an expression in order to come up with the value that an indexed field is going to be compared against? explain select * from atable where class = somefunction(...) where atable.class is indexed and not unique and class='unused' would find no records but class='common' would find a million records. Might 'explain' evaluate somefunction(...)? And then could somefunction(...) be written such that it modifies data?

    Read the article

  • How to design authentication in a thick client, to be fail safe?

    - by Jay
    Here's a use case: I have a desktop application (built using Eclipse RCP) which on start, pops open a dialog box with 'UserName' and 'Password' fields in it. Once the end user, inputs his UserName and Password, a server is contacted (a spring remote-servlet, with the client side being a spring httpclient: similar to the approaches here.), and authentication is performed on the server side. A few questions related to the above mentioned scenario: If said this authentication service were to go down, what would be the best way to handle further proceedings? Authentication is something that I cannot do away with. Would running the desktop client in a "limited" mode be a good idea? For instance, important features/menus/views will be disabled, rest of the application will be accessible? Should I have a back up authentication service running on a different machine, working as a backup? What are the general best-practices in this scenario? I remember reading about google gears and how it would let you edit and do stuff offline - should something like this be designed? Please let me know your design/architectural comments/suggestions. Appreciate your help.

    Read the article

  • How do I create a safe local development environment?

    - by docgnome
    I'm currently doing web development with another developer on a centralized development server. In the past this has worked alright, as we have two separate projects we are working on and rarely conflict. Now, however, we are adding a third (possible) developer into the mix. This is clearly going to create problems with other developers changes affecting my work and vice versa. To solve this problem, I'm thinking the best solution would be to create a virtual machine to distribute between the developers for local use. The problem I have is when it comes to the database. Given that we all develop on laptops, simply keeping a local copy of the live data is plain stupid. I've considered sanitizing the data, but I can't really figure out how to replace the real data, with data that would be representative of what people actually enter with out repeating the same information over and over again, e.g. everyone's address becomes 123 Testing Lane, Test Town, WA, 99999 or something. Is this really something to be concerned about? Are there tools to help with this sort of thing? I'm using MySQL. Ideally, if I sanitized the db it should be done from a script that I can run regularly. If I do this I'd also need a way to reduce the size of the db itself. (I figure I could select all the records created after x and whack them and all the records in corresponding tables out so that isn't really a big deal.) The second solution I've thought of is to encrypt the hard drive of the vm, but I'm unsure of how practical this is in terms of speed and also in the event of a lost/stolen laptop. If I do this, should the vm hard drive file itself be encrypted or should it be encrypted in the vm? (I'm assuming the latter as it would be portable and doesn't require the devs to have any sort of encryption capability on their OS of choice.) The third is to create a copy of the database for each developer on our development server that they are then responsible to keep the schema in sync with the canonical db by means of migration scripts or what have you. This solution seems to be the simplest but doesn't really scale as more developers are added. How do you deal with this problem?

    Read the article

  • Is it safe to delete rotated MySQL binary logs?

    - by Milan Babuškov
    I have a MySQL server with binary logging active. Once a days logs file is "rotated", i.e. MySQL seems to stop writing to it and creates and new log file. For example, I currently have these files in /var/lib/mysql -rw-rw---- 1 mysql mysql 10485760 Jun 7 09:26 ibdata1 -rw-rw---- 1 mysql mysql 5242880 Jun 7 09:26 ib_logfile0 -rw-rw---- 1 mysql mysql 5242880 Jun 2 15:20 ib_logfile1 -rw-rw---- 1 mysql mysql 1916844 Jun 6 09:20 mybinlog.000004 -rw-rw---- 1 mysql mysql 61112500 Jun 7 09:26 mybinlog.000005 -rw-rw---- 1 mysql mysql 15609789 Jun 7 13:57 mybinlog.000006 -rw-rw---- 1 mysql mysql 54 Jun 7 09:26 mybinlog.index and mybinlog.000006 is growing. Can I simply take mybinlog.000004 and mybinlog.000005, zip them up and transfer to another server, or I need to do something else before? What info is stored in mybinlog.index? Only the info about the latest binary log? UPDATE: I understand I can delete the logs with PURGE BINARY LOGS which updates mybinlog.index file. However, I need to transfer logs to another computer before deleting them (I test if backup is valid on another machine). To reduce the transfer size, I wish to bzip2 the files. What will PURGE BINARY LOGS do if log files are not "there" anymore?

    Read the article

  • Why is it safe to use copy & paste in Flash but not in Javascript?

    - by Lenni
    I'm trying to use copy'n paste in one of my web apps and have read a few articles/SO questions about it. Most people say that using Flash is the only option since most browsers don't allow access to the system clipboard because of security concerns. I can understand this but I wonder why it is okay for Flash do this, but not for the browser. Or has it got nothing to do with security and it is simply to complicated to implement this for cross-platform browser vendors?

    Read the article

  • Are there really safe and legal resources for sound effects to use in applications?

    - by mystify
    For those who want to opt for "close" immediately: Great user interfaces need great sound effects, right? User interfaces are programmed by programmers, right? So this is a programming question, ok? I had a very hard time to find good and legal sound resources. I am not looking for free sounds. Proper licensing is absolutely crucial, and I don't want to get sued by multibilliondollar music companies, hollywood sound studios and their highly overpaid lawyers. They cry about people downloading their stuff in file sharing sites but when someone comes and wants to really license stuff, the market is so empty like an open and unwatched gold mine. Trust me, whatever I type into google, I always end up getting sort of opaque and strange music libraries that do charge money, but refuse to provide proper licensing evidence to the licensee. When you pay money and they only count how many files you downloaded, that can never be a valid license, nor any evidence for you that you did license the sounds. Imagine that contributor suing you and you say: "I licensed it at xy", and his lawyer just smiles: "Show me proof, mofo!". So you loose a million dollars, or 1 for every downloaded app. Congrats. But that's the way all those "hey we're the worlds largest sound effect library" libraries are doing it. It's really annoying. And I hope someone here is able to point out a sound effects ressource which is A) big B) used by professinals C) has a reasonable pricing and licensing model D) provides the licensee with proper legal evidence about licensed sounds You know, I'm not from the US and typically you US folks are the ones who invent the cool stuff on the net, and maybe I just missed a new great start up. So?

    Read the article

  • How do I make a defaultdict safe for unexpecting clients?

    - by ~miki4242
    Several times (even several in a row) I've been bitten by the defaultdict bug. d = defaultdict(list) ... try: v = d["key"] except KeyError: print "Sorry, no dice!" For those who have been bitten too, the problem is evident: when d has no key 'key', the v = d["key"] magically creates an empty list and assigns it to both d["key"] and v instead of raising an exception. Which can be quite a pain to track down if d comes from some module whose details one doesn't remember very well. I'm looking for a way to take the sting out of this bug. For me, the best solution would be to somehow disable a defaultdict's magic before returning it to the client.

    Read the article

  • Password verification; Is this way of doing it safe?

    - by Camran
    I have a classifieds website, where everybody may put ads of their products. For each classified, the user has to enter a password (so that they can delete the classified whenever they wish). So basically, when somebody wants to delete a classified, they click on the classified, click on the delete button, and enter the pass. I use MySql as a database. I use this code basically: if ($pass==$row['poster_password']) where row[poster_password] is fetched from MySql... What do you think? Thanks

    Read the article

  • Is it safe to use a subversion feature branch after reintegrate-merged to trunk?

    - by ripper234
    Must a feature branch be deleted after it's merged (reintegrated) back to trunk? I prefer to constantly merge changes back and forth from my feature branch - I believe this keeps the conflicts to a minimum. Yet I understand that once you use the reintegrate merge to trunk, a feature branch should be deleted. Is it so? Why? What can I do to circumvent this? Update I'm asking about technical problems that come from the tool, not "methodology concerns". I intend to keep working on the feature branch after the merge. Update the top answer indeed specifies a rather complex procedure (merge, delete & rebranch). Is there an easy way to accomplish this in TortoiseSVN? Shouldn't there be?

    Read the article

  • Is it safe to develop for older versions of Zend Framework?

    - by RenderIn
    Our vendor-supported server's O/S only supports PHP 5.1.6, which limits us to ZF 1.6. The current version of Zend Framework requires a higher version of PHP. We're struggling to decide whether to adopt ZF because of this incompatibility. Is it feasible to develop (indefinitely) in these older versions of ZF or should we hold off? Features, security, bugs, etc. Is this a path we don't want to go down or are these older versions perfectly usable in a production environment?

    Read the article

  • Is it safe to modify CCK tables by hand?

    - by LanguaFlash
    I'm not intimately familiar with CCK but I have a one-time custom setup and know that I could get some performance gains if I created indexes and changed the field type and length of some of the fields in my CCK table. Is it save to modify this table at all or will I end up destroying something in the process? Thanks

    Read the article

  • Ways to make (relatively) safe assumptions about the type of concrete subclasses?

    - by Kylotan
    I have an interface (defined as a abstract base class) that looks like this: class AbstractInterface { public: bool IsRelatedTo(const AbstractInterface& other) const = 0; } And I have an implementation of this (constructors etc omitted): class ConcreteThing { public: bool IsRelatedTo(const AbstractInterface& other) const { return m_ImplObject.has_relationship_to(other.m_ImplObject); } private: ImplementationObject m_ImplObject; } The AbstractInterface forms an interface in Project A, and the ConcreteThing lives in Project B as an implementation of that interface. This is so that code in Project A can access data from Project B without having a direct dependency on it - Project B just has to implement the correct interface. Obviously the line in the body of the IsRelatedTo function cannot compile - that instance of ConcreteThing has an m_ImplObject member, but it can't assume that all AbstractInterfaces do, including the other argument. In my system, I can actually assume that all implementations of AbstractInterface are instances of ConcreteThing (or subclasses thereof), but I'd prefer not to be casting the object to the concrete type in order to get at the private member, or encoding that assumption in a way that will crash without a diagnostic later if this assumption ceases to hold true. I cannot modify ImplementationObject, but I can modify AbstractInterface and ConcreteThing. I also cannot use the standard RTTI mechanism for checking a type prior to casting, or use dynamic_cast for a similar purpose. I have a feeling that I might be able to overload IsRelatedTo with a ConcreteThing argument, but I'm not sure how to call it via the base IsRelatedTo(AbstractInterface) method. It wouldn't get called automatically as it's not a strict reimplementation of that method. Is there a pattern for doing what I want here, allowing me to implement the IsRelatedTo function via ImplementationObject::has_relationship_to(ImplementationObject), without risky casts? (Also, I couldn't think of a good question title - please change it if you have a better one.)

    Read the article

  • What is better and why to use List as thread safe: BlockingCollection or ReaderWriterLockSlim or lock?

    - by theateist
    I have System.Collections.Generic.List _myList and many threads can read from it or add items to it simultaneously. From what I've read I should using 'BlockingCollection' so this will work. I also read about ReaderWriterLockSlim' and 'lock', but I don't figure out how to use them instead ofBlockingCollection`, so my question is can I do the same with: ReaderWriterLockSlim lock instead of using 'BlockingCollection'. If YES, can you please provide simple example and what pros and cons of using BlockingCollection, ReaderWriterLockSlim, lock?

    Read the article

  • Email server; Is this method spam-safe?

    - by Camran
    I have a classifieds website, and on each classified there is a tip-form where users may tip a friend about the classified. The tip-forms' action is set to a php-page, which mails the email after sanitizing etc... I have to filter away spam etc so that my email-server don't get blacklisted or anything... I have my own server (VPS, Linux) and have thought about a solution... How does this sound to you: 1- Install a mail-server 2- Configure Firewall to ONLY allow connections to the mail-server from my website 3- Configure the mail-server so that a maximum of 'x' emails may be sent every 5 minutes or so 4- Create a php filter before sending the mail, which checks for 'bad' words. 5- If necessary, as last resort, ask the user a question (ex 5+5) before submitting form I would rather preferr if I didn't have to implement the 5th implementation above... What do you think? Also, another q I have that you may answer is: If an email-server gets blacklisted, is there any way to un-blacklist it? Or whats the solution if this happens? Thanks

    Read the article

  • Casting/dereferencing member variable pointer from void*, is this safe?

    - by Damien
    Hi all, I had a problem while hacking a bigger project so I made a simpel test case. If I'm not omitting something, my test code works fine, but maybe it works accidentally so I wanted to show it to you and ask if there are any pitfalls in this approach. I have an OutObj which has a member variable (pointer) InObj. InObj has a member function. I send the address of this member variable object (InObj) to a callback function as void*. The type of this object never changes so inside the callback I recast to its original type and call the aFunc member function in it. In this exampel it works as expected, but in the project I'm working on it doesn't. So I might be omitting something or maybe there is a pitfall here and this works accidentally. Any comments? Thanks a lot in advance. (The problem I have in my original code is that InObj.data is garbage). #include <stdio.h> class InObj { public: int data; InObj(int argData); void aFunc() { printf("Inside aFunc! data is: %d\n", data); }; }; InObj::InObj(int argData) { data = argData; } class OutObj { public: InObj* objPtr; OutObj(int data); ~OutObj(); }; OutObj::OutObj(int data) { objPtr = new InObj(data); } OutObj::~OutObj() { delete objPtr; } void callback(void* context) { ((InObj*)context)->aFunc(); } int main () { OutObj a(42); callback((void*)a.objPtr); }

    Read the article

  • C++: is it safe to read an integer variable that's being concurrently modified without locking?

    - by Hongli
    Suppose that I have an integer variable in a class, and this variable may be concurrently modified by other threads. Writes are protected by a mutex. Do I need to protect reads too? I've heard that there are some hardware architectures on which, if one thread modifies a variable, and another thread reads it, then the read result will be garbage; in this case I do need to protect reads. I've never seen such architectures though. This question assumes that a single transaction only consists of updating a single integer variable so I'm not worried about the states of any other variables that might also be involved in a transaction.

    Read the article

  • Safe way of iterating over an array or dictionary and deleting entries?

    - by mystify
    I've heard that it is a bad idea to do something like this. But I am sure there is some rule of thumb which can help to get that right. When I iterate over an NSMutableDictionary or NSMutableArray often I need to get rid of entries. Typical case: You iterate over it, and compare the entry against something. Sometimes the result is "don't need anymore" and you have to remove it. But doing so affects the index of all the rows, doesn't it? So how could I safely iterate over it without accidently exceeding bounds or jumping over an element that hasn't been checked?

    Read the article

  • C# Add class instance with internal timer to a static List, is it safe?

    - by CodeMongo
    My program has a static list of type classA. ClassA implements a threading timer that executes a task. The list may contain as many instances of classA as desired. Is this technique causing threading issues where the class instances can block each other? It that is the case how can I solve the that problem. ex: static List<MyClassType> list=null; void static Main() { list = new List<MyClassType>(); var a = new MyClassType(); var b = new MyClassType(); list.Add(a); list.Add(b); Console.ReadKey(); } a and b will execute theire internal task based on the timer.Is it s bsd technique? Why?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 30 31 32 33 34 35 36 37 38 39 40 41  | Next Page >