Search Results

Search found 12541 results on 502 pages for 'secure the world'.

Page 36/502 | < Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >

  • Using Geo APIs to pick a random town from anywhere in the world

    - by Dan Forys
    Hi all, I'm trying to use Yahoo's excellent GeoPlanet API: http://developer.yahoo.com/geo/geoplanet/guide/api-reference.html I would like to pick a random town from anywhere in the world but can't see an easy way to do it. I have tried querying by country and asking for children of type 'town', but can't seem to do that directly. Can anyone think of a way to pluck out a random town WOEID without having to query the country, then the admin regions, then the admin 2, then the admin 3 etc. I have also experimented using YQL, but don't have enough of an understanding about the available APIs.

    Read the article

  • How to save the world from your computer?

    - by Francisco Garcia
    Sometimes I miss the "help other people" factor within computer related careers. Sure that out there I could find many great projects improving society, but that is not common. However there are little things that we all can do to make this a better place beyond trying to erradicate annoynig stuff such as Visual Basic. You could join a cloud computing network such as World Community Grid to fight cancer. Write a charityware application such as Vim, improve an office IT infrastructure to support telecommuting and reduce CO2 emissions, use an ebook reader for saving paper... what else would you? which projects do you think can have an impact?

    Read the article

  • Building a world matrix

    - by DeadMG
    When building a world projection matrix from scale, rotate, translate matrices, then the translation matrix must be the last in the process, right? Else you'll be scaling or rotating your translations. Do scale and rotate need to go in a specific order? Right now I've got std::for_each(objects.begin(), objects.end(), [&, this](D3D93DObject* ptr) { D3DXMATRIX WVP; D3DXMATRIX translation, rotationX, rotationY, rotationZ, scale; D3DXMatrixTranslation(&translation, ptr->position.x, ptr->position.y, ptr->position.z); D3DXMatrixRotationX(&rotationX, ptr->rotation.x); D3DXMatrixRotationY(&rotationY, ptr->rotation.y); D3DXMatrixRotationZ(&rotationZ, ptr->rotation.z); D3DXMatrixScaling(&translation, ptr->scale.x, ptr->scale.y, ptr->scale.z); WVP = rotationX * rotationY * rotationZ * scale * translation * ViewProjectionMatrix; });

    Read the article

  • Phonegap 2.1 for Android - Hello World App 3 errors at launch

    - by noway
    I developed something with Phonegap for iOS, but this is my first trial for Android. I created my hello world application with CLI sth like this mentioned here: $ /path/to/cordova-android/bin/create /path/to/my_new_cordova_project com.example.cordova_project_name CordovaProjectName Even though I created this app in Eclipse Workspace, I needed to import it to Eclipse. I created two AVDs. One for API level 8, one for API level 16. When I try to build, it gives me these three errors and a warning. What is wrong with my setup? Description Resource Path Location Type error: No resource identifier found for attribute 'hardwareAccelerated' in package 'android' AndroidManifest.xml /com.example.test.testprojectname line 20 Android AAPT Problem error: No resource identifier found for attribute 'xlargeScreens' in package 'android' AndroidManifest.xml /com.example.test.testprojectname line 22 Android AAPT Problem error: Error: String types not allowed (at 'configChanges' with value 'orientation|keyboardHidden|keyboard|screenSize|locale'). AndroidManifest.xml /com.example.test.testprojectname line 51 Android AAPT Problem The import android.app.Activity is never used testprojectname.java /com.example.test.testprojectname/src/com/example/test line 22 Java Problem

    Read the article

  • How to step into the world of J2EE?

    - by Michael Lai
    I am new to J2ee. I have experience in Java core, JSP,Servlet, XML, HTML, What should i learn to step into the world of J2EE? Framework(Spring, Hibernate, Struts)? But the framework is too abstract for me.I saw lots of job post which requires frameworks, some jobs require EJB,JPA. I do not where to start. Any experts can give me hints on that? I found the tutorial of J2EE 5 published by ORACLE is not easy to understand. Too much jargon....

    Read the article

  • Why is this simple hello world code segfaulting?

    - by socks
    Excuse the beginner level of this question. I have the following simple code, but it does not seem to run. It gets a segmentation fault. If I replace the pointer with a simple call to the actual variable, it runs fine... I'm not sure why. struct node { int x; struct node *left; struct node *right; }; int main() { struct node *root; root->x = 42; printf("Hello world. %d", root->x); getchar(); return 0; } What is wrong with this code?

    Read the article

  • Weird certificate error when trying to generate web service client from secure site

    - by Vlad
    Dear stack overflow. I get a weird error when trying to use AXIS1.4 Wsdl2Java tool to generate client code for the web service that is installed on the secure IIS site. When I run the tool I get the following SSL exception: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching XXXXXXX.net found at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1 591) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien tHandshaker.java:975) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa ndshaker.java:123) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:5 16) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav a:454) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.j ava:884) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS LSocketImpl.java:1096) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm pl.java:1123) Weird thing is that this error only occurs when I run WSDL2Java, and only for this particular server. I have another web server with the identical set-up and everything works fine there. I triple checked all the keystores and it looks like all the CA certificates are loaded correctly. I tried using another server with the identical setup, and was able to generate the client proxy code without any problems. Weird thing is that if I use the code generated from the other server against the weird server everything works fine. It is only Wsdl2Java that is giving me a problem.

    Read the article

  • Secure Password Storage and Transfer

    - by Andras Zoltan
    I'm developing a new user store for my organisation and am now tackling password storage. The concepts of salting, HMAC etc are all fine with me - and want to store the users' passwords either salted and hashed, HMAC hashed, or HMAC salted and hashed - not sure what the best way will be - but in theory it won't matter as it will be able to change over time if required. I want to have an XML & JSON service that can act as a Security Token Service for client-side apps. I've already developed one for another system, which requires that the client double-encrypts a clear-text password using SHA1 first and then HMACSHA1 using a 128 unique key (or nonce) supplied by the server for that session only. I'd like to repeat this technique for the new system - upgrading the algo to SHA256 (chosen since implementations are readily available for all aforementioned platforms - and it's much stronger than SHA1) - but there is a problem. If I'm storing the password as a salted hash in the user-store, the client will need to be sent that salt in order to construct the correct hash before being HMACd with the unique session key. This would completely go against the point of using a salt in the first place. Equally, if I don't use salt for password storage, but instead use HMAC, it's still the same problem. At the moment, the only solution I can see is to use naked SHA256 hashing for the password in the user store, so that I can then use this as a starting point on both the server and the client for a more secure salted/hmacd password transfer for the web service. This still leaves the user store vulnerable to a dictionary attack were it ever to be accessed; and however unlikely that might be - assuming it will never happen simply doesn't sit well with me. Greatly appreciate any input.

    Read the article

  • Designing secure consumer blackberry application

    - by Kiran Kuppa
    I am evaluating a requirement for a consumer blackberry application that places high premium on security of user's data. Seems like it is an insurance company. Here are my ideas on how I could go about it. I am sure this would be useful for others who are looking for similar stuff Force the user to use device password. (I am guessing that this would be possible - though not checked it yet). Application can request notifications when the device is about to be locked and just after it has been unlocked. Encryption of application specific data can be managed at those times. Application data would be encrypted with user's password. User's credentials would be encrypted with device password. Remote backup of the data could be done over HTTPS (any better ideas are appreciated) Questions: What if the user forgets his device password. If the user forgets his application password, what is the best and secure way to reset the password? If the user losses the phone, remote backup must be done and the application data must be cleaned up. I have some ideas on how to achieve (3) and shall share them. There must be an off-line verification of the user's identity and the administrator must provide a channel using which the user must be able to send command to the device to perform the wiping of application data. The idea is that the user is ALWAYS in control of his data. Without the user's consent, even the admin must not be able to do activities such as cleaning up the data. In the above scheme of things, it appears as if the user's password need not be sent over the air to server. Am I correct? Thanks, --Kiran Kumar

    Read the article

  • Fast, easy, and secure method to perform DB actions with GET

    - by rob - not a robber
    Hey All, Sort of a methods/best practices question here that I am sure has been addressed, yet I can't find a solution based on the vague search terms I enter. I know starting off the question with "Fast and easy" will probably draw out a few sighs, so my apologies. Here is the deal. I have a logged in area where an ADMIN can do a whole host of POST operations to input data relating to their profile. The way I have data structured is pretty distinct and well segmented in most tables as it relates to the ID of the admin. Now, I have a table where I dump one type of data into and differentiate this data by assigning the ADMIN's unique ID to each record. In other words, all ADMINs have this one type of data writing to this table. I just differentiate by the ADMIN ID with each record. I was planning on letting the ADMIN remove these records by clicking on a link with a query string - obviously using GET. Obviously, the query structure is in the link so any logged in admin could then exploit the URL and delete a competitor's records. Is the only way to safely do this through POST or should I pass through the session info that includes password and validate it against the ADMIN ID that is requesting the delete? This is obviously much more work for me. As they said in the auto repair biz I used to work in... there are 3 ways to do a job: Fast, Good, and Cheap. You can only have two at a time. Fast and cheap will not be good. Good and cheap will not have fast turnaround. Fast and good will NOT be cheap. haha I guess that applies here... can never have Fast, Easy and Secure all at once ;) Thanks in advance...

    Read the article

  • Which is more secure GET or POST sending parameters with cURL at PHP

    - by Steve
    I want to connect in a secure way with an API and I am using cURL to do it using HTTPS and SSL. Now, i was wondering what is better in terms of security, sending the data through GET or POST: $ch = curl_init("http://api.website.com/connect.php?user=xxx&pass=xxxx); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); $result = curl_exec($ch); curl_close($ch); Or $param['user'] = 'xxxx'; $param['pass'] = 'xxxx'; $ch = curl_init("http://api.website.com/connect.php); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $Parameters); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); $result = curl_exec($ch); curl_close($ch); I also realized that POST is much more slower retrieving the data.

    Read the article

  • Working with PHP and MySQL - need a good and secure design with OO design

    - by Andrew
    I am new to PHP- first time developer. I am working on my web application and it is nearly done; nevertheless, most of my sql was done directly via code using direct mysql requests. This is the way I approached it: In classes_db.php I declared the db settings and created methods that I use to open and close DB connections. I declare those objects on my regular pages: class classes_db { public $dbserver = 'server; public $dbusername = 'user'; public $dbpassword = 'pass'; public $dbname = 'db'; function openDb() { $dbhandle = mysql_connect($this->dbserver, $this->dbusername, $this->dbpassword); if (!$dbhandle) { die('Could not connect: ' . mysql_error()); } $selected = mysql_select_db($this->dbname, $dbhandle) or die("Could not select the database"); return $dbhandle; } function closeDb($con) { mysql_close($con); } } On my regular page, I do this: <?php require 'classes_db.php'; session_start(); //create instance of the DB class $db = new classes_db(); //get dbhandle $dbhandle = $db->openDb(); //process query $result = mysql_query("update user set username = '" . $usernameFromForm . "' where iduser= " . $_SESSION['user']->iduser); //close the connection if (isset($dbhandle)) { $db->closeDb($dbhandle); } ?> My questions is: how to do it right and make it OO and secure? I know that I need incorporate prepared queries- how to do it the best way? Please provide some code

    Read the article

  • Box2dx: Usage of World.QueryAABB?

    - by Rosarch
    I'm using Box2dx with C#/XNA. I'm trying to write a function that determines if a body could exist in a given point without colliding with anything: /// <summary> /// Can gameObject exist with start Point without colliding with anything? /// </summary> internal bool IsAvailableArea(GameObjectModel model, Vector2 point) { Vector2 originalPosition = model.Body.Position; model.Body.Position = point; // less risky would be to use a deep clone AABB collisionBox; model.Body.GetFixtureList().GetAABB(out collisionBox); // how is this supposed to work? physicsWorld.QueryAABB(x => true, ref collisionBox); model.Body.Position = originalPosition; return true; } Is there a better way to go about doing this? How is World.QueryAABB supposed to work? Here is an earlier attempt. It is broken; it always returns false. /// <summary> /// Can gameObject exist with start Point without colliding with anything? /// </summary> internal bool IsAvailableArea(GameObjectModel model, Vector2 point) { Vector2 originalPosition = model.Body.Position; model.Body.Position = point; // less risky would be to use a deep clone AABB collisionBox; model.Body.GetFixtureList().GetAABB(out collisionBox); ICollection<GameObjectController> gameObjects = worldQueryEngine.GameObjectsForPredicate(x => ! x.Model.Passable); foreach (GameObjectController controller in gameObjects) { AABB potentialCollidingBox; controller.Model.Body.GetFixtureList().GetAABB(out potentialCollidingBox); if (AABB.TestOverlap(ref collisionBox, ref potentialCollidingBox)) { model.Body.Position = originalPosition; return false; // there is something that will collide at this point } } model.Body.Position = originalPosition; return true; }

    Read the article

  • Aspect-Oriented Programming in OOP world - breaking rules ?

    - by Maksim Kondratyuk
    Hi 2 all! When I worked on asp.net mvc web site project, I investigated different approaches for validation. Some of them were DataAnotation validation and Validation Block. They use attributes for setting up rules for validation. Like this: [Required] public string Name {get;set;} I was confused how this approach combines with SRP (single responsibilty principle) from OOP world. Also I don't like any business logic in business objects, I prefer "poor business objects" model, but when I decorate my business objects with validation attributes for real requirements, they become ugly (Has a lot of attributes / with localization logic and so on). Idea with attributes realy simple, but in my opinion the validation decoration should be separated from object. I'm not sure is the approach to separate validation rules to xml files or to another objects, maybe it is a solution. Another bad side of AOP - problems with unit testin such code. When I decorated some controller actions with custom attributes for example to import/export TempData between actions or initialize some required services I can't to write proper unit test for testing this actions. Do you think that attributes don't break srp or you just disregard this and think that it's simplest , is not worst way ? P.S. I read some likes articles and discussions and I just want to put things in proper order. P.P.S. sorry for my "fluent" english :=)

    Read the article

  • Android SDK: hello world does not run

    - by Alex
    I have installed Java x64, Eclipse Classic Judo x64 + ADT Pluggin. OS win 7 x64. I did installation everything according to the manual. Then created first application and launched it. Emulator was launched but hello world was not. I have not idea what doing wrong. Do anyone knows of such error and my problem as a whole? thx Console log: [2012-10-06 13:35:42 - test] ------------------------------ [2012-10-06 13:35:42 - test] Android Launch! [2012-10-06 13:35:42 - test] adb is running normally. [2012-10-06 13:35:42 - test] Performing com.example.test.MainActivity activity launch [2012-10-06 13:35:42 - test] Automatic Target Mode: launching new emulator with compatible AVD 'AVD_41' [2012-10-06 13:35:42 - test] Launching a new emulator with Virtual Device 'AVD_41' [2012-10-06 13:35:42 - Emulator] Failed to create Context 0x3005 [2012-10-06 13:35:42 - Emulator] emulator: WARNING: Could not initialize OpenglES emulation, using software renderer. [2012-10-06 13:35:42 - Emulator] WARNING: Data partition already in use. Changes will not persist! [2012-10-06 13:35:42 - Emulator] WARNING: SD Card image already in use: C:\Users\Zewisa\.android\avd\AVD_41.avd/sdcard.img [2012-10-06 13:35:42 - Emulator] WARNING: Cache partition already in use. Changes will not persist! [2012-10-06 13:35:42 - Emulator] could not get wglGetExtensionsStringARB [2012-10-06 13:35:42 - Emulator] could not get wglGetExtensionsStringARB [2012-10-06 13:35:42 - Emulator] could not get wglGetExtensionsStringARB [2012-10-06 13:35:42 - Emulator] could not get wglGetExtensionsStringARB [2012-10-06 13:35:42 - Emulator] could not get wglGetExtensionsStringARB [2012-10-06 13:35:42 - Emulator] could not get wglGetExtensionsStringARB [2012-10-06 13:35:42 - Emulator] could not get wglGetExtensionsStringARB [2012-10-06 13:35:42 - Emulator] could not get wglGetExtensionsStringARB [2012-10-06 13:35:42 - Emulator] emulator: warning: opening audio input failed [2012-10-06 13:35:42 - Emulator]

    Read the article

  • OSGI, Servlets and JPA hello world / tutorial / example

    - by Kamil
    I want to build a web application which basically is a restful web-service serving json messages. I would like it to be as simple as possible. I was thinking about using servlets (with annotations). JPA as a database layer is a must - Toplink or Hibernate. Preferably working on Tomcat. I want to have app divided into modules serving different functionality (auth service, customer service, etc..). And I would like to be able to update those modules without reinstalling whole application on the server - like eclipse plugins, user is notified (when he enters webapp's home url) that update is available, clicks it, and app is downloading and installing updated module. I think this functionality can be made with OSGI, but I can't find any example code, or tutorial with simple hello world updatable servlet providing some data from database through jpa. I'm looking for an advice: - Is OSGI the right tool for this or it can be done with something simpler? - Where can I find some examples covering topic (or topics) which I need for this project. - Which OSGI implementation would be best-simplest for this task. *My knowledge of OSGI is basic. I know how bundles are described, I understand concept of OSGI container and what it does. I have never created any OSGI app yet.

    Read the article

  • Android SDK: Hello World won't run !

    - by RedRoses
    Hello, This is a very very beginner question regarding Android Development I am trying to create and run the Hello world example from the Android SDK website, but I can't see anything appearing on the screen. It appears to me that Eclipse just hangs at this point: [2010-11-05 09:55:47 - HelloAndroid] ------------------------------ [2010-11-05 09:55:47 - HelloAndroid] Android Launch! [2010-11-05 09:55:47 - HelloAndroid] adb is running normally. [2010-11-05 09:55:47 - HelloAndroid] Performing com.example.helloandroid.HelloAndroid activity launch [2010-11-05 09:55:48 - HelloAndroid] Automatic Target Mode: launching new emulator with compatible AVD 'AVD2' [2010-11-05 09:55:48 - HelloAndroid] Launching a new emulator with Virtual Device 'AVD2' [2010-11-05 09:55:51 - HelloAndroid] New emulator found: emulator-5554 [2010-11-05 09:55:51 - HelloAndroid] Waiting for HOME ('android.process.acore') to be launched... [2010-11-05 09:57:10 - HelloAndroid] WARNING: Application does not specify an API level requirement! [2010-11-05 09:57:10 - HelloAndroid] Device API version is 8 (Android 2.2) [2010-11-05 09:57:10 - HelloAndroid] HOME is up on device 'emulator-5554' [2010-11-05 09:57:10 - HelloAndroid] Uploading HelloAndroid.apk onto device 'emulator-5554' [2010-11-05 09:57:12 - HelloAndroid] Installing HelloAndroid.apk... [2010-11-05 09:59:33 - HelloAndroid] Success! [2010-11-05 09:59:33 - HelloAndroid] Starting activity com.example.helloandroid.HelloAndroid on device emulator-5554 So it says "Starting activity ..." but nothing ever starts and it's already been more than 30 mins. What could be wrong?? Thanks !

    Read the article

  • Secure WS client with UsernameToken(SOAP security header)

    - by user79163
    Hi, I'm trying to secure my WS client to be able to call the WS. My code looks like this: SendSmsService smsService = new SendSmsService(); SendSms sendSMS = smsService.getSendSms(); BindingProvider stub = (BindingProvider)sendSMS; //Override endpoint with local copy of wsdl. String URL ="";//here is the wsdl url Map<String,Object> requestContext = stub.getRequestContext(); requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, URL); //Set usernametoken URL fileURL = loader.getResource("client-config.xml"); File file = new File(fileURL.getFile()); FileInputStream clientConfig = null; try { clientConfig = new FileInputStream(file); } catch (FileNotFoundException e) { e.printStackTrace(); } XWSSecurityConfiguration config = null; try { config = SecurityConfigurationFactory.newXWSSecurityConfiguration(clientConfig); } catch (Exception e) { e.printStackTrace(); log.warn("Exception: "+e.getMessage()); } requestContext.put(XWSSecurityConfiguration.MESSAGE_SECURITY_CONFIGURATION, config); //Invoke the web service String requestId = null; try { requestId = sendSMS.sendSms(addresses, senderName, charging, message, receiptRequest); } catch (PolicyException e) { // TODO Auto-generated catch block e.printStackTrace(); } catch (ServiceException e) { // TODO Auto-generated catch block e.printStackTrace(); } and the config file looks like this: <xwss:JAXRPCSecurity xmlns:xwss="http://java.sun.com/xml/ns/xwss/config" optimize="true"> <xwss:Service> <xwss:SecurityConfiguration dumpMessages="true" xmlns:xwss="http://java.sun.com/xml/ns/xwss/config"> <xwss:UsernameToken name="username" password="password> </xwss:SecurityConfiguration> </xwss:Service> <xwss:SecurityEnvironmentHandler> util.SecurityEnvironmentHandler </xwss:SecurityEnvironmentHandler> </xwss:JAXRPCSecurity> The SecurityEnviromentHandler is a dummy class that implements javax.security.auth.callback.CallbackHandler. Authentication must be in compliance with Oasis Web Services Security Username Token Profile 1.0. But I'm constantly getting "Security header not valid" error. Where am I going wrong, can anyone tell me. I used wsimport(JAX_WS 2.1 to generate classes for my client) Note:Only thing I know about this WS is WSDL URL and user&pass for authentication

    Read the article

  • How do I choose the scaling factor of a 3D game world?

    - by concept3d
    I am making a 3D tank game prototype with some physics simulation, am using C++. One of the decisions I need to make is the scale of the game world in relation to reality. For example, I could consider 1 in-game unit of measurement to correspond to 1 meter in reality. This feels intuitive, but I feel like I might be missing something. I can think of the following as potential problems: 3D modelling program compatibility. (?) Numerical accuracy. (Does this matter?) Especially at large scales, how games like Battlefield have huge maps: How don't they lose numerical accuracy if they use 1:1 mapping with real world scale, since floating point representation tend to lose more precision with larger numbers (e.g. with ray casting, physics simulation)? Gameplay. I don't want the movement of units to feel slow or fast while using almost real world values like -9.8 m/s^2 for gravity. (This might be subjective.) Is it ok to scale up/down imported assets or it's best fit with a world with its original scale? Rendering performance. Are large meshes with the same vertex count slower to render? I'm wondering if I should split this into multiple questions...

    Read the article

  • Google App Engine - Secure Cookies

    - by tponthieux
    I'd been searching for a way to do cookie based authentication/sessions in Google App Engine because I don't like the idea of memcache based sessions, and I also don't like the idea of forcing users to create google accounts just to use a website. I stumbled across someone's posting that mentioned some signed cookie functions from the Tornado framework and it looks like what I need. What I have in mind is storing a user's id in a tamper proof cookie, and maybe using a decorator for the request handlers to test the authentication status of the user, and as a side benefit the user id will be available to the request handler for datastore work and such. The concept would be similar to forms authentication in ASP.NET. This code comes from the web.py module of the Tornado framework. According to the docstrings, it "Signs and timestamps a cookie so it cannot be forged" and "Returns the given signed cookie if it validates, or None." I've tried to use it in an App Engine Project, but I don't understand the nuances of trying to get these methods to work in the context of the request handler. Can someone show me the right way to do this without losing the functionality that the FriendFeed developers put into it? The set_secure_cookie, and get_secure_cookie portions are the most important, but it would be nice to be able to use the other methods as well. #!/usr/bin/env python import Cookie import base64 import time import hashlib import hmac import datetime import re import calendar import email.utils import logging def _utf8(s): if isinstance(s, unicode): return s.encode("utf-8") assert isinstance(s, str) return s def _unicode(s): if isinstance(s, str): try: return s.decode("utf-8") except UnicodeDecodeError: raise HTTPError(400, "Non-utf8 argument") assert isinstance(s, unicode) return s def _time_independent_equals(a, b): if len(a) != len(b): return False result = 0 for x, y in zip(a, b): result |= ord(x) ^ ord(y) return result == 0 def cookies(self): """A dictionary of Cookie.Morsel objects.""" if not hasattr(self,"_cookies"): self._cookies = Cookie.BaseCookie() if "Cookie" in self.request.headers: try: self._cookies.load(self.request.headers["Cookie"]) except: self.clear_all_cookies() return self._cookies def _cookie_signature(self,*parts): self.require_setting("cookie_secret","secure cookies") hash = hmac.new(self.application.settings["cookie_secret"], digestmod=hashlib.sha1) for part in parts:hash.update(part) return hash.hexdigest() def get_cookie(self,name,default=None): """Gets the value of the cookie with the given name,else default.""" if name in self.cookies: return self.cookies[name].value return default def set_cookie(self,name,value,domain=None,expires=None,path="/", expires_days=None): """Sets the given cookie name/value with the given options.""" name = _utf8(name) value = _utf8(value) if re.search(r"[\x00-\x20]",name + value): # Don't let us accidentally inject bad stuff raise ValueError("Invalid cookie %r:%r" % (name,value)) if not hasattr(self,"_new_cookies"): self._new_cookies = [] new_cookie = Cookie.BaseCookie() self._new_cookies.append(new_cookie) new_cookie[name] = value if domain: new_cookie[name]["domain"] = domain if expires_days is not None and not expires: expires = datetime.datetime.utcnow() + datetime.timedelta( days=expires_days) if expires: timestamp = calendar.timegm(expires.utctimetuple()) new_cookie[name]["expires"] = email.utils.formatdate( timestamp,localtime=False,usegmt=True) if path: new_cookie[name]["path"] = path def clear_cookie(self,name,path="/",domain=None): """Deletes the cookie with the given name.""" expires = datetime.datetime.utcnow() - datetime.timedelta(days=365) self.set_cookie(name,value="",path=path,expires=expires, domain=domain) def clear_all_cookies(self): """Deletes all the cookies the user sent with this request.""" for name in self.cookies.iterkeys(): self.clear_cookie(name) def set_secure_cookie(self,name,value,expires_days=30,**kwargs): """Signs and timestamps a cookie so it cannot be forged""" timestamp = str(int(time.time())) value = base64.b64encode(value) signature = self._cookie_signature(name,value,timestamp) value = "|".join([value,timestamp,signature]) self.set_cookie(name,value,expires_days=expires_days,**kwargs) def get_secure_cookie(self,name,include_name=True,value=None): """Returns the given signed cookie if it validates,or None""" if value is None:value = self.get_cookie(name) if not value:return None parts = value.split("|") if len(parts) != 3:return None if include_name: signature = self._cookie_signature(name,parts[0],parts[1]) else: signature = self._cookie_signature(parts[0],parts[1]) if not _time_independent_equals(parts[2],signature): logging.warning("Invalid cookie signature %r",value) return None timestamp = int(parts[1]) if timestamp < time.time() - 31 * 86400: logging.warning("Expired cookie %r",value) return None try: return base64.b64decode(parts[0]) except: return None uid=1234|1234567890|d32b9e9c67274fa062e2599fd659cc14 Parts: 1. uid is the name of the key 2. 1234 is your value in clear 3. 1234567890 is the timestamp 4. d32b9e9c67274fa062e2599fd659cc14 is the signature made from the value and the timestamp

    Read the article

  • Newbie Android question

    - by DanyW
    Hi folks, I have just started with Android with the usual Hello World project template in Eclipse. I modified the layout XML and removed the label that says "Hello World, !", and added a couple of other controls. However, these are not reflected in the app, within the emulator. When I run this app from Eclipse again it is still showing the Hello World label! I'm sure it's something terribly simple that I have completely missed. Can someone please point me in the right direction? Many thanks, Dany.

    Read the article

  • Asynchronous Silverlight 4 call to the World of Warcraft armoury streaming XML in C#

    - by user348446
    Hello - I have been stuck on this all weekend and failed miserably! Please help me to claw back my sanity!! Your challenge For my first Silverlight application I thought it would be fun to use the World of Warcraft armoury to list the characters in my guild. This involves making an asyncronous from Silverlight (duh!) to the WoW armoury which is XML based. SIMPLE EH? Take a look at this link and open the source. You'll see what I mean: http://eu.wowarmory.com/guild-info.xml?r=Eonar&n=Gifted and Talented Below is code for getting the XML (the call to ShowGuildies will cope with the returned XML - I have tested this locally and I know it works). I have not managed to get the expected returned XML at all. Notes: If the browser is capable of transforming the XML it will do so, otherwise HTML will be provided. I think it examines the UserAgent I am a seasoned asp.net web developer C# so go easy if you start talking about native to Windows Forms / WPF I can't seem to set the UserAgent setting in .net 4.0 - doesn't seem to be a property off the HttpWebRequest object for some reason - i think it used to be available. Silverlight 4.0 (created as 3.0 originally before I updated my installation of Silverlight to 4.0) Created using C# 4.0 Please explain as if you talking to a web developer and not a proper programming lol! Below is the code - it should return the XML from the wow armoury. private void button7_Click(object sender, RoutedEventArgs e) { // URL for armoury lookup string url = @"http://eu.wowarmory.com/guild-info.xml?r=Eonar&n=Gifted and Talented"; // Create the web request HttpWebRequest httpWebRequest = (HttpWebRequest)WebRequest.Create(url); // Set the user agent so we are returned XML and not HTML //httpWebRequest.Headers["User-Agent"] = "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)"; // Not sure about this dispatcher thing - it's late so i have started to guess. Dispatcher.BeginInvoke(delegate() { // Call asyncronously IAsyncResult asyncResult = httpWebRequest.BeginGetResponse(ReqCallback, httpWebRequest); // End the response and use the result using (HttpWebResponse httpWebResponse = (HttpWebResponse)httpWebRequest.EndGetResponse(asyncResult)) { // Load an XML document from a stream XDocument x = XDocument.Load(httpWebResponse.GetResponseStream()); // Basic function that will use LINQ to XML to get the list of characters. ShowGuildies(x); } }); } private void ReqCallback(IAsyncResult asynchronousResult) { // Not sure what to do here - maybe update the interface? } Really hope someone out there can help me! Thanks mucho! Dan. PS Yes, I have noticed the irony in the name of the guild :)

    Read the article

  • "Could not establish secure channel for SSL/TLS" in .NET CF application on smart phone

    - by Stefan Mohr
    I have a stubborn communications issue with an application running on the .NET Compact Framework 3.5 on Windows Mobile smartphones. I am constructing a web request using this code: UTF8Encoding encoding = new System.Text.UTF8Encoding(); byte[] Data = encoding.GetBytes(HttpUtility.ConstructQueryString(parameters)); httpRequest = WebRequest.Create((domain)) as HttpWebRequest; httpRequest.Timeout = 10000000; httpRequest.ReadWriteTimeout = 10000000; httpRequest.Credentials = CredentialCache.DefaultCredentials; httpRequest.Method = "POST"; httpRequest.ContentType = "application/x-www-form-urlencoded"; httpRequest.ContentLength = Data.Length; Stream SendReq = httpRequest.GetRequestStream(); SendReq.Write(Data, 0, Data.Length); SendReq.Close(); HttpWebResponse httpResponse = (HttpWebResponse)httpRequest.GetResponse(); return httpResponse.GetResponseStream(); The web service functions by receiving a JSON-encoded document as part of the URL (eg. https://site.com/ws/sync??document={"version":"1.0.0","items":[{"item_1":"item1"}]}&user=usr&password=pw), and as a response receives another JSON document as response data. This code runs fine on all emulators and PDAs running WM 5 and 6. We have seen an issue with a couple of customers running Treo smartphones (and only on the Sprint network). We have tested the code on an identical device on the AT&T network (via DeviceAnywhere) and once again the code worked as we expected. This has to be some sort of security policy on the phone, but we've been unable to determine a workaround or diagnose it thoroughly as we cannot reproduce it in house and have had to resort to getting users to assist with running test drivers for us. When this code executes, the user's device throws the following exception: System.Net.WebException Could not establish secure channel for SSL/TLS Stack trace: at System.Net.HttpWebRequest.finishGetRequestStream() at System.Net.HttpWebRequest.GetRequestStream() at OurApp.GetResponseStream(String domain, Hashtable parameters) inner exception: System.IO.IOException Authentication failed because the remote party has closed the transport stream. Stack trace: at System.Net.SslConnectionState.ClientSideHandshake() at System.Net.SslConnectionState.PerformClientHandShake() at System.Net.Connection.connect(Object ignored) at System.Threading.ThreadPool.WorkItem.doWork(Object o) at System.Threading.Timer.ring() Examining the server Apache logs shows no hits from the user's IP - I don't think the device is even attempting to send a packet before failing. If relevant, the server is running Apache on Linux and is written using the TurboGears Python framework. The server certificate is issued by a CA and is still valid. The test driver where this error was copied from was not code signed, however the same error (without the error messages) is signed with a GeoTrust certificate so we don't believe this is a code signing issue. The application installs and launches without issue on all phones - it's just establishing this SSL connection that is breaking for these users. One significant issue in troubleshooting is that there is a substantial inconvenience each time we try out a solution (need to find a "volunteer" customer), so we're really looking for a silver bullet or a better understanding of the handshaking process so we can be reasonably confident we only need to ask the user to test it one or two more times. One final mention: we have tried the sync both over ActiveSync and also over GPRS with identical results. Any thoughts would be greatly appreciated!

    Read the article

  • How do you unit test the real world?

    - by Kim Sun-wu
    I'm primarily a C++ coder, and thus far, have managed without really writing tests for all of my code. I've decided this is a Bad Idea(tm), after adding new features that subtly broke old features, or, depending on how you wish to look at it, introduced some new "features" of their own. But, unit testing seems to be an extremely brittle mechanism. You can test for something in "perfect" conditions, but you don't get to see how your code performs when stuff breaks. A for instance is a crawler, let's say it crawls a few specific sites, for data X. Do you simply save sample pages, test against those, and hope that the sites never change? This would work fine as regression tests, but, what sort of tests would you write to constantly check those sites live and let you know when the application isn't doing it's job because the site changed something, that now causes your application to crash? Wouldn't you want your test suite to monitor the intent of the code? The above example is a bit contrived, and something I haven't run into (in case you haven't guessed). Let me pick something I have, though. How do you test an application will do its job in the face of a degraded network stack? That is, say you have a moderate amount of packet loss, for one reason or the other, and you have a function DoSomethingOverTheNetwork() which is supposed to degrade gracefully when the stack isn't performing as it's supposed to; but does it? The developer tests it personally by purposely setting up a gateway that drops packets to simulate a bad network when he first writes it. A few months later, someone checks in some code that modifies something subtly, so the degradation isn't detected in time, or, the application doesn't even recognize the degradation, this is never caught, because you can't run real world tests like this using unit tests, can you? Further, how about file corruption? Let's say you're storing a list of servers in a file, and the checksum looks okay, but the data isn't really. You want the code to handle that, you write some code that you think does that. How do you test that it does exactly that for the life of the application? Can you? Hence, brittleness. Unit tests seem to test the code only in perfect conditions(and this is promoted, with mock objects and such), not what they'll face in the wild. Don't get me wrong, I think unit tests are great, but a test suite composed only of them seems to be a smart way to introduce subtle bugs in your code while feeling overconfident about it's reliability. How do I address the above situations? If unit tests aren't the answer, what is? Thanks!

    Read the article

  • mouse to Three.js world coordinates during TrackballControls

    - by PanChan
    I know there are a lot of answers how to translate the mouse coordinates to the Three.js world coordinates (I prefere this one). But I have troubles on calculating when using TrackballControls. First what I expect to do: I want to add a zoom function to my scene. Not by the mouse wheel, the user should be able to draw a rectangular and by lifting the mouse button, the camera is zooming on this rectangular. I've implemented all and it works, but only when the user didn't rotate/zoom/pan with TrackballControls! If the camera was manipulated, I get wrong coordinates for my drawn rectangular. I really can't figure out why... I only know that it's an issue with TrackballControls, because without them, it works. Does anyone see my mistake? I'm sitting here for two days now and can't find it.... :( var onZoomPlaneMouseDown = function(event){ event.preventDefault(); var plane = document.getElementById("zoomPlane"); var innerPlane = document.getElementById("innerZoomPlane"); var mouseButton = event.keyCode || event.which; mouse.x = ( event.clientX / WIDTH ) * 2 - 1; mouse.y = - ( event.clientY / HEIGHT ) * 2 + 1; if(mouseButton === 1){ var vector = new THREE.Vector3( mouse.x, mouse.y, 0.5 ); projector.unprojectVector( vector, camera ); var dir = vector.sub( camera.position ).normalize(); var distance = - camera.position.z / dir.z; zoomPlaneUpperCorner = camera.position.clone().add( dir.multiplyScalar( distance ) ); innerPlane.style.display = "block"; innerPlane.style.top = event.clientY + "px"; innerPlane.style.left = event.clientX + "px"; } if(mouseButton === 3){ plane.style.display = "none"; innerPlane.style.display = "none"; } }; var onZoomPlaneMouseUp = function(event){ event.preventDefault(); var plane = document.getElementById("zoomPlane"); var innerPlane = document.getElementById("innerZoomPlane"); var mouseButton = event.keyCode || event.which; mouse.x = ( event.clientX / WIDTH ) * 2 - 1; mouse.y = - ( event.clientY / HEIGHT ) * 2 + 1; var vector = new THREE.Vector3( mouse.x, mouse.y, 0.5 ); projector.unprojectVector( vector, camera ); var dir = vector.sub( camera.position ).normalize(); var distance = - camera.position.z / dir.z; zoomPlaneLowerCorner = camera.position.clone().add( dir.multiplyScalar( distance ) ); if(mouseButton === 1){ plane.style.display = "none"; innerPlane.style.display = "none"; var center = new THREE.Vector3(); center.subVectors(zoomPlaneLowerCorner, zoomPlaneUpperCorner); center.multiplyScalar( 0.5 ); center.add(zoomPlaneUpperCorner); var rayDir = new THREE.Vector3(); rayDir.subVectors(center, camera.position ).normalize(); controls.target = center; var height = zoomPlaneUpperCorner.y - zoomPlaneLowerCorner.y; var distanceToCenter = camera.position.distanceTo(center); var minDist = (height / 2) / (Math.tan((camera.fov/2)*Math.PI/180)); camera.translateOnAxis(rayDir, (distanceToCenter - minDist)); } };

    Read the article

< Previous Page | 32 33 34 35 36 37 38 39 40 41 42 43  | Next Page >