Search Results

Search found 1191 results on 48 pages for 'elevated privileges'.

Page 35/48 | < Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42 | Next Page >

XSS as attack vector even if XSS data not stored?

- by Klaas van Schelven

I have a question about XSS Can forms be used as a vector for XSS even if the data is not stored in the database and used at a later point? i.e. in php the code would be this: <form input="text" value="<?= @$_POST['my_field'] ?>" name='my_field'> Showing an alert box (demonstrate that JS can be run) on your own browser is trivial with the code above. But is this exploitable across browsers as well? The only scenario I see is where you trick someone into visiting a certain page, i.e. a combination of CSRF and XSS. "Stored in a database and used at a later point": the scenario I understand about CSS is where you're able to post data to a site that runs JavaScript and is shown on a page in a browser that has greater/different privileges than your own. But, to be clear, this is not wat I'm talking about above.

Read the article
iPhone tethering app source

- by jamone

I know there are a few apps that allow a jail broken iPhone to tether over WiFi to a computer so the computer can use the iPhone's 3G. What I want to know is if anyone knows of any open source apps that do this, or partial code to handle the majority of this that I could make in to a minimal app? I don't want to jail break since I do official development, but would like to be able to compile and sideload an app on my personal phone to do this. Even without jail broken privileges an app could use an existing wifi connection (adhoc created by the computer) to share its 3G.

Read the article
Inject Html Into a View Programmatically

- by madcapnmckay

Hi, I have a tricky problem and I'm not sure where in the view rendering process to attempt this. I am building a simple blog/CMS in MVC and I would like to inject a some html (preferably a partial view) into the page if the user is logged in as an admin (and therefore has edit privileges). I obviously could add render partials to master pages etc. But in my system master pages/views are the "templates" of the CMS and therefore should not contain CMS specific <% % markup. I would like to hook in to some part of the rendering process and inject the html myself. Does anyone have any idea how to do this in MVC? Where would be the best point, ViewPage, ViewEngine? Thanks, Ian

Read the article
What causes subprocess.call to output blank file when attempting db export with mysqldump?

- by caldazar

I am having some problems using subprocess.call to export a database using mysqldump. I'm using Python 3.1 installed on Windows 7. from time import gmtime, strftime import subprocess DumpDir = "c:/apps/sqlbackup/"; DumpFile = "mysqldump-" + strftime("%Y-%m-%d-%H-%M-%S", gmtime()) + ".sql"; params = [r"mysqldump --user root --password=mypassword --force --flush-privileges --compress --comments mydatabase --result-file=" + DumpDir + DumpFile]; subprocess.call(params, shell=True); The above code causes a blank file to be created in the DumpDir. I've tried getting python to print the command so I can test it via the CMD prompt using: print(subprocess.list2cmdline(params)); If I paste the output to the CMD prompt and execute it, everything works fine. Any ideas? I'm new to Python, so I am sure the answer is simple but I've tried so many variations to get this working that I just can't figure this out.

Read the article
Parallel port no longer accessible even though no changes to system.

- by marcusw

I have an old Dell Dimension 8200 running Gentoo which I use solely to control various things using the parallel port. After shutting it down a few weeks ago, I started it up again today and tried to access the parallel port like I usually do. Unfortunately, my code bombed out when it tried to call ioperm(888,1,1) to grab the parallel port which returned an error code of -1. There have been no changes to the system be it hardware or software, no updates, no tweaking, no dropping the case, no over-amping the data pins, nothing. The port and the software have been working fine for months with no changes, and were working fine when I shut it down last. Running my code with root privileges changes nothing. What is breaking this and how can I fix it?

Read the article
What is the safest way for a PHP script to connect to a local PostgreSQL instance on Linux?

- by Botond Balázs

I think if I granted the apache user appropriate privileges and used the ident authentication method, that would make the connection more secure because then the password wouldn't need to be stored in a connection string. Also, that way the security of the connection would depend on how secure the host system is. I disabled root login over ssh and only permit public key authentication so I think it is pretty secure. Does this have any significant security benefits or is it just wishful thinking? Is it necessary at all?

Read the article
Running external php files or snippets with starting session in Modx?

- by moogeek

I want to include an external php script or modx snippet to the index.php but it causes the blank screen instead (and no document parser errors). Probably the problem is that this script i want to include contains starting session functions and set_include_path function that might somehow conflict with Modx parser.. I tried to use the Modx API but it doesn't seem to work. I use Modx 0.9.2.6 yet.. How can I overcome the issue? My script checks the session and database if the user is logged-in on the site (logging system is not modx-based) and then prints the menu depends on the user privileges...

Read the article
IE error with jquery counter plugin

- by Mankey

I've implemented a jquery counter script (count up from say 50 to 100 with different increments) that I found from this question: jQuery counter to count up to a target number The scripts works great except for in Internet Explorer 8 (and possibly other IE versions?). Here's an error message from IE with the URL to the creator of the script's demo. Message: 'undefined' is null or not an object Line: 32 Char: 17 Code: 0 URI: http://www.ulmanen.fi/stuff/counter.php I'm just wondering if anyone know how this can be fixed. I'm guessing it has to do with el.html() not finding any data but I can't really figure this out. Thanks for any help ^^ I would reply to that post if I could but I can't seem to find any way of doing so (I'm new to stackoverflow, I think I lack privileges).

Read the article
Windows 7 Public Documents Folder - how to move it to drive d: [closed]

- by Bazza Formez

Hi, I've just bought a new pc, and it is running Windows 7. I'm wanting to set up all of the documents folders such that they point to folders on a second drive partition (ie. disk D:) so that I have a nice separation of os from docs. I have managed to do this for each user on the machine (by opening up properties for documents folder and changing location). Hwoever, this procedure doesn't seem to work for the public documents folder. I cannot change the location for that one (even though I have administrator privileges). It is greyed out and cannot be changed. Any ideas ? Thanks!!

Read the article
Connecting Ingres from C

- by avesus

I need to connect to an Ingres supplied demodb through OpenAPI, both Ingres and C application running on windows. What i have done: Created a "node" in the Ingres Network Utility named "usernode". created user accounts in the Ingres installation (named "user" password "user") and in the Windows user management (the same creds.) Granted necessary privileges to the user in the database. In C code i have called IIapi_connect() function with an IIAPI_CONNPARM structure. Used members: co_target = "usernode::demodb", co_username = "user", co_password = "user" But IIapi_connect() call returns an error: "User provided a vnode as part of the database name (vnode::dbname), but connection information for that vnode is missing. Enter connection information for the vnode using NETUTIL." Anybody knows something that is a weird concept "node"? What are the minimum steps (in the database administration and the function parameters passing) necessary for the successful connect?

Read the article
How to make a remote connection to a MySQL Database Server?

- by MLB

Hello: I am trying to connect to a MySQL database server (remote), but I can't. I am using an user with grant privileges (not root user). The error message is the following: Can't obtain database list from the server. Access denied for user 'myuser'@'mypcname' (using password: YES) "myuser" is an user I created with grant access. This user allows me to connect locally to every database. I am using the same software versions in both hosts: MySQL Server 4.1 (server) and EMS SQL Manager 2005 for MySQL, edition 3.7.0.1 (client). The point is that I need to connect to the remote server using a different user, not root user. So, how to make the connection? Thanks.

Read the article
internet explorer, google chrome injection

- by Volim Te

I wrote code that injects a function in Internet Explorer/Chrome but it doesn't work with these processes. Basically, it fills one big structure with all the APIs my function needs, strings, and other data, then it opens a process to get a handle, virtualallocex to allocate enough memory to store a function and structure there, and it writes the function and the structure in allocated memory. It then runs createremotethread there with the function as a starting address and structure as parameter. It works all great with calc/notepad/winamp processes but I have problems with browser injection. I'm wondering what could it be, I'm using these APIs. x.xCreateFile x.xWriteFile x.xCloseHandle x.xSleep x.xVirtualAlloc x.xVirtualFree x.xMessageBox x.xLoadLibrary x.xShellExecute Is it because browsers are protected now and they're running with lowest privileges?

Read the article
Determining a location's side of the road position with MapKit

- by idStar

Is there a way to use MapKit in iOS7 to not only get geocoding for an address, but determine what side of the road it is on? I'm not trying to build a full function navigation app, but similar to navigation apps that tell you things like "Your destination is in 100 feet on the right", I'd like to be able to obtain this information. Does MapKit give one a way to do this? Do I need to adopt routing privileges to access such, or is this just not available in the SDK period? If not available in the iOS7 SDK, knowing what options exist as services, would be a helpful pointer.

Read the article
Installed Redmine on Ubuntu; But i have no clue how to use it to create Users/Projects/Roles/Tracking etc.....

- by Ronnie

Hi all, Im new to Redmine. I installed redmine(with mysql) on Ubuntu 10.04. The following were the installation steps i did: $ sudo apt-get install redmine redmine-mysql subversion $ ln -s /usr/share/redmine/public /var/www/redmine In /etc/apache2/mods-available/passenger.conf, added a PassengerDefaultUser www-data directive. Configured the /var/www/redmine location in /etc/apache2/sites-available/default: RailsBaseURI /redmine PassengerResolveSymlinksInDocumentRoot on $ sudo a2enmod passenger I then restarted the apache2 server. Thats it. Now i typed http://localhost/redmine/ in my browser and accessed my redmine instance. So from here on, how do i create different users with with different privileges, create different projects, also update the issues and other project management related stuff..... I know this sounds silly, but i couldnt find anythin to proceed....

Read the article
Can you hide tables from a MySQL user in phpMyAdmin?

- by AK

I have a MySQL user added to a database that I would like to prevent from viewing certain tables. I can limit their privileges through MySQL by preventing them from running statements like DROP or ALTER. But is it possible to prevent them from viewing certain tables in phpMyAdmin? If there isn't a MySQL privilege that controls this (I wouldn't imagine there would be), is there a configuration in phpMyAdmin that allows this? I understand one workaround here is to move the tables to a new database that they're not added to. This isn't an option for my application.

Read the article
VMWare Tools StartUp Script

- by Horst Walter

I am on the latest version of VMWare Workstation. In my VMWareTools I have configrued an individual script file (start.bat) to be started when the (guest) OS is booted. Unfortuantely it does not run when starting the guest system as intended. When pressing "run now" it works Running the script from CMD works as well I have changed the service (VMWareTools service) to run under different users - no success All Users (of the service) have had Administrator privileges I have no idea what is going wrong. Maybe someone is having an idea ....

Read the article
What video codecs have most amount of content and thus popular at present/in future?

- by goldenmean

Hi, I want to find out if I can get some data on the percentage wise distribution of video content, for different video codecs currently used for video encoding. I know there are different applications/use-case scenarios which have different encoder used but i want to consdier all that and have a overall usage number(%) My guess is(highest to lowest % of content) - H.264(AVC) DivX MPEG2 VP6 Where do H.263, MPEG4, VC-1, RV, Theora, etc. fit in here. How may this look like in future? PS:I would like this to be community wiki to have get wider range of inputs, if someone with privileges can do it for me please. thank you. -AD

Read the article
Delete MSMQ Queue During Uninstall

- by Todd Kobus

Is it possible to delete a private message queue that was created by the service user? During uninstallation, we would like to clean up any message queues created by our application. For security purposes, access to these queues has been restricted to the current user (ServiceUser). During uninstall, we have admin privileges, but still get an access denied MessageQueueException when we attempt to delete the queue or modify the privs on the queue. Here is the cleanup code: public void DeleteAppQueues() { List<string> trash = new List<string>(); var machineQueues = MessageQueue.GetPrivateQueuesByMachine("."); foreach (var q in machineQueues) { if (IsAppQueue(q.QueueName)) { trash.Add(".\\" + q.QueueName); } q.Dispose(); } foreach (var queueName in trash) { try { using (MessageQueue delQueue = new MessageQueue(queueName)) { delQueue.SetPermissions("Everyone", MessageQueueAccessRights.FullControl, AccessControlEntryType.Allow); } MessageQueue.Delete(queueName); } catch (MessageQueueException ex) { // ex.Message is "Access to Message Queuing system is denied." } } }

Read the article
In a client-server relationship, should the server always rethrow the exception to the client?

- by dotnetdev

I have a set of web services (the server), and an app which consumes this (client). In this sort of relationship, should the server always throw exceptions (ie in the throw block, rethrow the caught exception), and the client catch this. Exceptions which the server can handle, it will deal with and not rethrow, but everything else will be thrown to the calling layer for further action (the consuming app can raise a msg box or whatever). Is this a good example of an exception that can be dealt with: A file cannot be written because the directory requires special privileges, so if this raises an exception, the file is written somewhere which does not require admin rights. Thanks

Read the article
Why does this VBS scheduled task (to call a URL) not work in Windows Server 2008?

- by user303644

This same script worked in older server OS environments, and even on my desktop; and allows me to kick off a nightly process on my website's URL. It simply will not execute the URL in my Windows Server 2008 environment. It does not generate any errors, claiming task completion I can pull the same URL up just fine in the server's web browser I have the script running with "highest privileges" I even tried to create a batch file which executes it, so I can explicitly "Run as Administrator" and it still will not execute the URL (but will not generate any errors either). I'm baffled as to why the task claims to have completed successfully, yet the script never reaches the URL. Call LogEntry() Sub LogEntry() 'Force the script to finish on an error. On Error Resume Next 'Declare variables Dim objRequest Dim URL Set objRequest = CreateObject("MSXML2.ServerXMLHTTP") 'Put together the URL link appending the Variables. URL = "http://myURL/AutorunNightlyTasks.aspx" 'Open the HTTP request and pass the URL to the objRequest object objRequest.open "GET", URL, False 'Send the HTML Request objRequest.send() 'Set the object to nothing Set objRequest = Nothing End Sub

Read the article
NHibernate MySQL Enum

- by LnDCobra

I am trying to access the "MYSQL" database tables to create a GUI for adding users and privileges. Doing this, I have run into my first NHibernate problem. How do i map MySQL Enum's to a C# Boolean? Or if not possible then to at least a Enum? The database fields are delcared as enum('N', 'Y') These are all of the privilege fields in the database. Now is there anyway of getting this into an enum or even better, boolean in C#/NHibernate? Edit #1: In C# if I need to declare an enum it will be the following: enum YesNoEnum { Yes, No }

Read the article
Deploying plugins for Internet Explorer

- by Techpriester

Hi everybody. I'm looking for a way to deploy an Internet Explorer plugin for SVG-rendering without manually installing it on every client machine. Is there a way to use some ActiveX voodoo stuff to automatically install a plugin? I have no reliable information about the IE versions that are used on the client side so I assume the worst: IE6. To make things even harder, the users probably don't have administrator privileges on the client machines. The whole thing happens in an enclosed local network, so security considerations are entirely secondary. It also does not really matter which actual plugin it will be, anything that can render SVG and run Javascript on it will do just fine. I can't think of anything to make this work so I'm desperate for help here...

Read the article
Injecting a dependancy into a base class

- by Jamie Dixon

Hey everyone, I'm on a roll today with questions. I'm starting out with Dependency Injection and am having some trouble injecting a dependency into a base class. I have a BaseController controller which my other controllers inherit from. Inside of this base controller I do a number of checks such as determining if the user has the right privileges to view the current page, checking for the existence of some session variables etc. I have a dependency inside of this base controller that I'd like to inject using Ninject however when I set this up as I would for my other dependencies I'm told by the compiler that: Error 1 'MyProject.Controllers.BaseController' does not contain a constructor that takes 0 argument This makes sense but I'm just not sure how to inject this dependency. Should I be using this pattern of using a base controller at all or should I be doing this in a more efficient/correct way?

Read the article
Disadvantages of hard coding credentials? What's the resolution?

- by SeeBees

I am building a Sharepoint web part that will be used by all users. The web part connects to a web service which needs credentials with higher privileges than common users. I hard coded credentials in the web part's code. query.Credentials = new System.Net.NetworkCredential("username", "password", "domain"); query is an instance of the web service class This may not be a good approach. In regard with security, source code of the web apart is available to people who are not allowed to see the credential. This is bad enough, But is there any other drawback of this approach? How to prevent hard coding credentials into the source code? Thanks

Read the article
Web based interface for open SSL client certificates

- by Felix

Hi there! We are currently developing a apache2-based web application and want to invite some beta testers to give it a try. To be on the safe side, access should be provided by individual browser certificates (.p12) which are issued using a (fake) CA. Our users should be passing a complete register/login process and some of them will be granted administrative privileges within the application. That's why a preceding simple web-based authentication won't be sufficient. Atm, I using a serverside shellscript to generate the certificates each time. Do you know about a small, web-based tool to simplify the process of generating / revoking those certificates? Maybe an overview of the CA's index.txt plus the option to revoke a cert and a link to download them directly?

Read the article

< Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42 | Next Page >