Search Results

Search found 41147 results on 1646 pages for 'database security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 365/1646 | < Previous Page | 361 362 363 364 365 366 367 368 369 370 371 372  | Next Page >

  • Multiple ID's in database

    - by eric
    I have a database that contains a few tables such as person, staff, member, and supporter. The person table contains information about every staff, member, and supporter. The information it contains is name,address,email, and telephone. I also created an id that is the primary key. My issue is that I also have an primary key ID for staff, member, and supporter. For instance, in the person table is John with id 1. He is a supporter so in the supporter table is pID(for person id)to reference back to John with all his information and ID(for supporter ID). pID references to the person table and every person has an ID incremented by 1 starting at 1. supporter ID is for every supporter and also starts at 1 and is incremented by 1. Is it possible to have in the supporter table pID = 1 and supporter ID = 1? Another person may have a pID = 26 and supporter ID = 5. Or will supporter ID have to be different than the pID and be something like "sup"? So you would have pID = 1 and supporter ID = sup1 or pID = 26 and supporter ID = sup5

    Read the article

  • Creating dynamic icons based on data entered into database from django forms

    - by John Hoke
    So I'm using Django to create a projects page with multiple forms for each project. Let's call them form 1, 2, 3, and 4. Once you create a project you can fill out any of these forms. I want to create "buttons" or links for each one of the forms that would show up on the main page. Now this is the part I need help with: Step 1. I want it so that if you click on a button for a form (say form 1) and none exists for that project yet a pop up would come up saying "This form does not exist yet, are you sure you want to create one?". And if you'd answer yes you would be directed to the form page. Step 2. But if that form does exist, I don't want any pop up to open and I want the link to take the user directly to that page. Step 3. My next problem is this. These forms are in order, so if you didn't create form 1 but created form 2, I don't want to give the user access to form 1. So in this scenario, if you click on form 1 I want a pop up to open and say "This form can no longer be created", and the link wouldn't function anymore. Basically the button will have 3 function. First it should look at the database and if data for that specific form exists it should do "Step 2", if data for that form and the proceeding forms don't exist it should do "Step 1", and if data for that form doesn't exist but data for proceeding form's does exist is should do "Step 3". Is this possible? Please help as I need to find a solution to this soon. Any help would be highly appreciated. Thank you

    Read the article

  • get the right id of a record in database in each click on the edit button

    - by kawtousse
    hi every one, i am facing a big problem right now. I have a html table in each row i have a button called edit allowing user to relod the form with parameter that he has selected. for this i define a hidden type to get the id of the record in database to access to various colonne and to refresh the form with those parameters. My challenge now is how to get the right id in every click on the edit button to let me after to get the right record and to update it in the data base. I am preceeding like the following: retour.append("<td style=border-right:#FFF bordercolor=#FFFFFF>"); retour.append("<input type=\"hidden\" id=\"id_"+nomTab+"_"+compteur+"\" value=\""+object.getIdDailyTimeSheet()+"\" name=\"hd"+compteur+"\" />"); retour.append("<button id=edit name=edit type=button onClick= editarow()>"); retour.append("<img src=edit.gif />"); retour.append("</button>"); retour.append("</td>"); i realise the submit in javascript and i want to get the idDailyTimesheet everyonce the user click the submit button. thanks for help.

    Read the article

  • Trigger alert when database entries are added, not when they are removed

    - by Jeremy
    I have a jQuery script running that makes a periodic AJAX call using the following code. var a = moment(); var dayOfMonth = a.format("MMM Do"); var timeSubmitted = a.format("h:mm a"); var count_cases = -1; var count_claimed = -1; setInterval(function(){ //check if new lead was added to the db $.ajax({ type : "POST", url : "inc/new_lead_alerts_process.php", dataType: 'json', cache: false, success : function(response){ $.getJSON("inc/new_lead_alerts_process.php", function(data) { if (count_cases != -1 && count_cases != data.count) { window.location = "new_lead_alerts.php?id="+data.id; } count_cases = data.count; }); } }); This is the PHP that runs with each call: $count = mysql_fetch_array(mysql_query("SELECT count(*) as count FROM leads")); $client_id = mysql_fetch_array(mysql_query("SELECT id, client_id FROM leads ORDER BY id DESC LIMIT 1")); echo json_encode(array("count" => $count['count'], "id" => $client_id['id'], "client_id" => $client_id['client_id'])); I need to change the code so that the alert only triggers when a new entry is added to the database, not when an existing entry is removed. As it stands, the alert fires on both events. Any help is greatly appreciated.

    Read the article

  • How to store a captured image into MySQL database using JavaScript

    - by R J.
    I am capturing image using canvas and i want to store a captured image in MySQL Database using Javascript. This is my code: <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, maximum-scale=1.0"> <style> body {width: 100%;} canvas {display: none;} </style> <title>Instant Camera - Remote</title> <script> var video, canvas, msg; var load = function () { video = document.getElementById('video'); canvas = document.getElementById('canvas'); msg = document.getElementById('error'); if( navigator.getUserMedia ) { video.onclick = function () { var context = canvas.getContext("2d"); context.drawImage(video, 0, 0, 240, 320); var image1 = canvas.toDataURL("image/png"); document.write('<img src="' + image1 + '" />'); }; } else { msg.innerHTML = "Native web camera not supported :("; } }; window.addEventListener('DOMContentLoaded', load, false); </script> </head> <body> <video id="video" width="240" height="320" autoplay> </video> <p id="error">Click on the video to send a snapshot to the receiving screen</p> <canvas id="canvas" width="240" height="320"> </canvas> </body> </html>

    Read the article

  • Page does update with details from the database after i hit a button

    - by swathi
    I have a code and the way it should work is,when they click on NEW CUSTOMER,it takes them to test1.php where in they enter the details and they hit submit.it saves all the details in properly in the database and when i go back and hit REFRESH ,it should come up with the customer details which they had entered in previously. But what happens is, when i click on the REFRESH,it refreshes the same old page which is empty.I wanted to find out where am i missing the logic.Thanks in advance. The sample code would be <tr> <td class="tdvisitbig" colspan="5">THIS IS A TEST</td> </tr> <tr> <td class='tdvisitbig' colspan="5"><input type="button" onClick="openVisit('test1.php?id=<?=$key?>&name=<?=$name?>');return false;" value="NEW CUSTOMER" class="submit">&nbsp;<input type="button" value="REFRESH" name="add_xyz" class="submit" onClick="document.add.target='_self';document.add.action='test3.php?redirect=visit&section=test page';document.add.submit();"></td> </tr> <? $q = "SELECT address,customernum,status FROM customer WHERE name='$name' ORDER BY customernum"; $r = mysql_query( $q , $Link ); while( $rw = mysql_fetch_assoc( $r ) ) { extract( $rw ); ?> <tr> <? } ?>

    Read the article

  • input type file alternative and file upload best practice

    - by Ioxp
    Background: I am working on a file upload page that will extend an existing web portal. This page will allow for an end user to upload files from there local computer to our network (the files will not be stored on the web server, rather a remote workstation). The end user will have the ability to view the data that they have submitted by hyper-linking the files that have been uploaded on this page. Question 1: Is there an ASP.net alternative to the <input type="file" runat="server" /> HTML tag? The reason for asking is i would rather use an image button and display the file as an asp label on the portal to keep with a consistent style. Question 2: So i understand that giving the end user the ability to upload files to the server and then turn around to show them the data that they posted poses a security threat. So far i am using the id.PostedFile.ContentType and the file extension to reject the data if its not an accepted format (i.e. "text/plain", "application/pdf", "application/vnd.ms-excel", or "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"). Also the location where the files are uploaded to has a sufficient amount of virus and malware protection and this is not a concern. What, from the C# point of view, additional steps should i take to ensure that the end user cant take advantage and compromise the system in regards to allowing them to upload files?

    Read the article

  • How to authenticate a Windows Mobile client calling web services in a Web App

    - by cdonner
    I have a fairly complex business application written in ASP.NET that is deployed on a hosted server. The site uses Forms Authentication, and there are about a dozen different roles defined. Employees and customers are both users of the application. Now I have the requirement to develop a Windows Mobile client for the application that allows a very specialized set of tasks to be performed from a device, as opposed to a browser on a laptop. The client wants to increase productivity with this measure. Only employees will use this application. I feel that it would make sense to re-use the security infrastructure that is already in place. The client does not need offline capability. My thought is to deploy a set of web services to a folder of the existing site that only the new role "web service" has access to, and to use Forms Authentication (from a Windows Mobile 5/.Net 3.5 client). Can I do that, is that a good idea, and are there any code examples/references that you can point me to?

    Read the article

  • How to secure Add child record functionality in MVC on Parent's view?

    - by RSolberg
    I'm trying to avoid some potential security issues as I expose some a new set of functionality into the real world. This is basically functionality that will allow for a new comment to be added via a partialview on the "Parent" page. My comment needs to know a couple of things, first what record is the comment for and secondly who is making the comment. I really don't like using a hidden field to store the ID for the Parent record in the add comment form as that can be easily changed with some DOM mods. How should I handle this? PARENT <% Html.RenderPartial("AddComment", Model.Comments); %> CHILD <%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<CommentsViewModel>" %> <% using (Html.BeginForm("AddComment", "Requests")) {%> <fieldset> <legend>New Comment</legend> <%= Html.HiddenFor(p => p.RequestID) %> <%= Html.TextBoxFor(p => p.Text) %> &nbsp; <input type="submit" value="Add" /> </fieldset> <% } %> CONTROLLER [AcceptVerbs(HttpVerbs.Post)] public void AddComment(CommentsViewModel commentsModel) { var user = GetCurrentUser(); commentsModel.CreatedByID = user.UserID; RequestsService.AddComment(commentsModel); }

    Read the article

  • WCF Service Impersonation

    - by robalot
    Good Day Everyone... Apparently, I'm not setting-up impersonation correctly for my WCF service. I do NOT want to set security on a method-by-method basis (in the actual code-behind). The service (at the moment) is open to be called by everyone on the intranet. So my questions are… Q: What web-config tags am I missing? Q: What do I need to change in the web-config to make impersonation work? The Service Web.config Looks Like... <configuration> <system.web> <authorization> <allow users="?"/> </authorization> <authentication mode="Windows"/> <identity impersonate="true" userName="MyDomain\MyUser" password="MyPassword"/> </system.web> <system.serviceModel> <services> <service behaviorConfiguration="wcfFISH.DataServiceBehavior" name="wcfFISH.DataService"> <endpoint address="" binding="wsHttpBinding" contract="wcfFISH.IFishData"> <identity> <dns value="localhost"/> </identity> </endpoint> <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> </service> </services> <behaviors> <serviceBehaviors> <behavior name="wcfFISH.DataServiceBehavior"> <serviceMetadata httpGetEnabled="false"/> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors> </system.serviceModel> </configuration>

    Read the article

  • Clipboard Copy-Paste doesn't work on Win Server 2008/Vista 64bit

    - by Itay Levin
    Hi, I am trying to use Clipboard API (in Delphi) to extract images from Word documents. my code works OK in Windows XP/2003 but in windows 2008 64 bit it doesn't work. in win 2008 i get an error saying that Clipboard.Formats is empty and doesn't contain any format. The image seems to be copied to the Clipboard (i can see it in the clipboard via Word) but when i try to ask the clipboard what format does he have it said it doesn't have any formats. how can i access the clipboard programmatically on win 2008/Vista? from what i know of 2008 64 bit, it might be a security issue... here is the code snippet: This is how i am trying to copy the Image to the clipboard: W.ActiveDocument.InlineShapes.Item(1).Select; // W is a word ole object W.Selection.Copy; and this is how i try to paste it. Clipboard.Open; Write2DebugFile('FormatCount = ' + IntToStr(Clipboard.FormatCount)); // FormatCount=0 For JJ := 1 to Clipboard.FormatCount Do Write2DebugFile('#'+ IntToStr(JJ) + ':' + IntToStr(Clipboard.Formats[JJ])); If (Clipboard.HasFormat(CF_BITMAP)) or (Clipboard.HasFormat(CF_PICTURE)) or (Clipboard.HasFormat(CF_METAFILEPICT)) then // all HasFormat calls returns false. Begin Jpeg := TJPEGImage.Create; Bitmap := TBitmap.Create; Bitmap.LoadFromClipboardFormat(cf_BitMap,ClipBoard.GetAsHandle(cf_Bitmap),0); Jpeg.Assign(Bitmap); Jpeg.SaveToFile(JpgFileN); try Jpeg.Free; except; end; ResizeImage(JpgFileN,750); Write2DebugFile('Saving ' + JpgFileN); End else Write2DebugFile('Doesnt have the right format'); Thanks in advance, Itay

    Read the article

  • Is an LSA MSV1_0 subauthentication package needed for some impersonation use cases?

    - by Chris Sears
    Greetings, I'm working with a vendor who has implemented some code that uses a Windows LSA MSV1_0 subauthentication package (MSDN info if you're interested: http://msdn.microsoft.com/en-us/library/aa374786(VS.85).aspx ) and I'm trying to figure out if it's necessary. As far as I can tell, the subauthentication routine and filter allow for hooking or customizing the standard LSA MSV1_0 logon event processing. The issue is that I don't understand why the vendor's product would need these capabilities. I've asked them and they said they use it to perform impersonation. The product definitely does need to do impersonation, but based on my limited win32 knowledge, they could get the functionality they need using the normal auth APIs (LsaLogonUser, ImpersonateLoggedOnUser, etc) without the subauthentication package. Furthermore, I've worked with a number of similar products that all do impersonation, and this is the only one that's used a subauthentication package. If you're wondering why I would care, a previous version of the product had a bug in the subauthentication package dll that would cause lockups or bluescreens. That makes me rather nervous and has me questioning the use of such a low-level, kernel sensitive interface. I'd like to go back to the vendor and say "There's no way you could need an LSA subauth package for impersonation - take it out", but I'm not sure I understand the use cases and possible limitations of the standard win32 authentication/impersonation APIs well enough to make that claim definitively. So, to the win32 security gurus out there, is there any reason you would need an LSA MSV1_0 subauthentication package if all you were doing is impersonation? Thanks in advance for any thoughts!

    Read the article

  • ACL architechture for a Software As a service in Spring 3.0

    - by geoaxis
    I am making a software as a service using Spring 3.0 (Spring MVC, Spring Security, Spring Roo, Hibernate) I have to come up with a flexible access control list mechanism.I have three different kinds of users System (who can do any thing to the system, includes admin and internal daemons) Operations (who can add and delete users, organizations, and do maintenance work on behalf of users and organizations) End Users (they belong to one or more organization, for each organization, the user can have one or more roles, like being organization admin, or organization read-only member) (role like orgadmin can also add users for that organization) Now my question is, how should i model the entity of User? If I just take the End User, it can belong to one or more organizations, so each user can contain a set of references to its organizations. But how do we model the users role for each organization, So for example User UX belongs to organizations og1, og2 and og3, and for og1 he is both orgadmin, and org-read-only-user, where as for og2 he is only orgadmin and for og3 he is only org-read-only-user I have the possibility of making each user belong to one organization alone, but that's making the system bounded and I don't like that idea (although i would still satisfy the requirement) If you have a better extensible ACL architecture, please suggest it. Since its a software as a service, one would expect that alot of different organizations would be part if the same system. I had one concern that it is not a good idea to keep og1 and og2 data on the same DB (if og1 decides to spawn a 100 reports on the system, og2 should not suffer) But that is some thing advanced for now and is not directly related to ACL but to the physical distribution of data and setup of services based on those ACLs This is a community Wiki question, please correct any thing which you wish to do so. Thanks

    Read the article

  • How to get my list of rows from database to show while using Zend-Paginator

    - by Matto
    I'm fairly new to the world of Zend-Framework, and have taken over a site that is in zend-framework. There is a bug on one of the pages right now and I can not figure it out. I think it has something to do with Zend Paginator, but not sure. This is the code in the controller for the section I am having a problem with: $currentPage = $this->_getParam('page'); $numWebsitesFullOnline = $websites->getWebsitesFullOnline(); $select = $websites->select(); $select->setIntegrityCheck(false); $select->from(array('w' => 'websites'), array('id', 'online', 'kw_adjective', 'kw_name', 'kw_location', 'url', 'email', 'address', 'ftp_server', 'ftp_username', 'ftp_password', 'ftp_folder', 'phone_number', 'indexed', 'youtube_position', 'twitter_user', 'facebook_id', 'video_made', 'image1_id', 'image2_id', 'image3_id', 'bg_color', 'dark_color', 'light_color', 'links_color', 'text_color', 'google_account', 'ganalytics', 'gmaps_status', 'google_position', 'gmap_position', 'hp1', 'hp2', 'hp3', 'hp4', 'hp5', 'hp6', 'hp7', 'hp8', 'hp9', 'hp10', 'about1_id', 'about2_id', 'about3_id', 'tip1_id', 'tip2_id', 'tip3_id', 'contact_texts_id', 'quote_texts_id', 'demographics_id')) ->join(array('d' => 'demographics'), 'w.demographics_id = d.id', array('total_population')) ->order(array('total_population DESC', 'kw_location')); $paginator = new Zend_Paginator(new Zend_Paginator_Adapter_DbSelect($select)); $paginator->setItemCountPerPage(50); $paginator->setCurrentPageNumber($currentPage); $paginator->setPageRange(($paginator->getTotalItemCount() / 50) + 1); $this->view->paginator = $paginator; $numWebsitesOnline = $websites->getWebsitesOnline(); On the php page I have this code to call the websites that are in the database to a list: <p class="red"> Websites online: <?php echo $this->numOnline; ?> </p> <?php print_r(count($this->paginator)); ?> <?php if(count($this->paginator)): ?> <table class="table-list"> <?php foreach($this->paginator as $item): ?> <tr> <?php if($this->userIsAllowedAction('websites', 'reload')): ?> <td class="center noborder w30"> <img class="hidden" src="<?php echo $this->baseUrl() . '/images/loader.gif' ?>" alt="Loading..."/><a class="reload" title="refresh" href="<?php echo $this->baseUrl(); ?>/utils/ui/refresh-website.php" rel="<?php echo urlencode('http://' . $item['url'] . '/install.php'); ?>,<?php echo urlencode($item['ftp_server']); ?>,<?php echo $item['ftp_username']; ?>,<?php echo $item['ftp_password']; ?>,<?php echo $item['ftp_folder']; ?>,<?php echo $this->baseUrl(); ?>,<?php echo $item['id']; ?>"><img src="<?php echo $this->baseUrl(); ?>/images/icon-refresh.png" alt="Refresh"/></a> </td> <?php endif; ?> <td class="center noborder w30"> <?php if($this->userIsAllowedAction('websites', 'edit')): ?><a title="Edit" href="<?php echo $this->url(array('controller' => 'websites', 'action' => 'edit', 'id' => $item['id'])); ?>"><img src="<?php echo $this->baseUrl(); ?>/images/icon-edit.png" alt="Edit"/></a><?php endif; ?> </td> <td class="center noborder w30"> <?php if($this->userIsAllowedAction('websites', 'remove')): ?><a title="Remove" href="<?php echo $this->url(array('controller' => 'websites', 'action' => 'remove', 'id' => $item['id'])); ?>"><img src="<?php echo $this->baseUrl(); ?>/images/icon-delete.png" alt="Remove"/></a><?php endif; ?> </td> <td> <?php if($item['online']): ?> <span class="hidden"><?php echo trim($this->escape($item['kw_adjective'] . $item['kw_name'])); ?></span><a class="goto-website" href="http://<?php echo $item['url']; ?>" target="_blank"><?php echo $this->escape($item['kw_location']); ?></a> <?php else: ?> <?php echo $this->escape($item['kw_location']); ?> <?php endif; ?> </td> <td class="center population"> <?php if($item['total_population'] >= 0) echo $item['total_population']; ?> </td> <td class="center"> <?php if(!empty($item['url'])): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if(!empty($item['email'])): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if($item['demographics_id']): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if($item['hp1'] && $item['hp2'] && $item['hp3'] && $item['hp4'] && $item['hp5'] && $item['hp6'] && $item['hp7'] && $item['hp8'] && $item['hp9'] && $item['hp10'] && $item['about1_id'] && $item['about2_id'] && $item['about3_id'] && $item['tip1_id'] && $item['tip2_id'] && $item['tip3_id'] && $item['contact_texts_id'] && $item['quote_texts_id']): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if(file_exists($_SERVER['DOCUMENT_ROOT'] . $this->baseUrl() . Zend_Registry::get('assets_base_path') . '/' . $item['id'] . '/header.jpg')): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if(($item['bg_color'] != '' && $item['bg_color'] != 'e6e6e6') || ($item['dark_color'] != '' && $item['dark_color'] != '003e75') || ($item['light_color'] != '' && $item['light_color'] != '3073ad') || ($item['links_color'] != '' && $item['links_color'] != '255593') || ($item['text_color'] != '' && $item['text_color'] != '4f4f4f')): ?> <img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/> <?php endif; ?> </td> <td class="center"> <?php if($item['image1_id'] && $item['image2_id'] && $item['image3_id']): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if(!empty($item['twitter_user'])): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if(!empty($item['facebook_id'])): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if(!empty($item['phone_number'])): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if($item['google_account']): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if($item['video_made']): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if($item['youtube_position']) { echo $item['youtube_position']; }; ?> </td> <td class="center"> <?php if(!empty($item['address'])): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if($item['gmaps_status'] == 1): ?><img src="<?php echo $this->baseUrl(); ?>/images/icon-gmapspending.png" alt="Pending"/><?php elseif($item['gmaps_status'] == 2): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if(!empty($item['ganalytics'])): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark.png" alt="DONE"/><?php endif; ?> </td> <td class="center"> <?php if($item['online']): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark_red.png" alt="Online!"/><?php endif; ?> </td> <td class="center"> <?php if($item['indexed']): ?><img src="<?php echo $this->baseUrl(); ?>/images/check_mark_red.png" alt="Online!"/><?php endif; ?> </td> <td class="center"> <?php if($item['gmap_position']) { echo $item['gmap_position']; }; ?> </td> <td class="center"> <?php if($item['google_position']) { echo $item['google_position']; }; ?> </td> </tr> <?php endforeach; ?> </table> <?php endif; ?> The print_r(count($this-paginator)); line is returning "0", and the $this-numOnline; line is returning 1. So it sees that there is one row in the websites table of the database, but it is not returning anything to page and listing out the rows in the websites table. Not sure if this is the paginator that is causing this cause it is returning 0 or something else I don't know about.

    Read the article

  • Secure Password Storage and Transfer

    - by Andras Zoltan
    I'm developing a new user store for my organisation and am now tackling password storage. The concepts of salting, HMAC etc are all fine with me - and want to store the users' passwords either salted and hashed, HMAC hashed, or HMAC salted and hashed - not sure what the best way will be - but in theory it won't matter as it will be able to change over time if required. I want to have an XML & JSON service that can act as a Security Token Service for client-side apps. I've already developed one for another system, which requires that the client double-encrypts a clear-text password using SHA1 first and then HMACSHA1 using a 128 unique key (or nonce) supplied by the server for that session only. I'd like to repeat this technique for the new system - upgrading the algo to SHA256 (chosen since implementations are readily available for all aforementioned platforms - and it's much stronger than SHA1) - but there is a problem. If I'm storing the password as a salted hash in the user-store, the client will need to be sent that salt in order to construct the correct hash before being HMACd with the unique session key. This would completely go against the point of using a salt in the first place. Equally, if I don't use salt for password storage, but instead use HMAC, it's still the same problem. At the moment, the only solution I can see is to use naked SHA256 hashing for the password in the user store, so that I can then use this as a starting point on both the server and the client for a more secure salted/hmacd password transfer for the web service. This still leaves the user store vulnerable to a dictionary attack were it ever to be accessed; and however unlikely that might be - assuming it will never happen simply doesn't sit well with me. Greatly appreciate any input.

    Read the article

  • What are the attack vectors for passwords sent over http?

    - by KevinM
    I am trying to convince a customer to pay for SSL for a web site that requires login. I want to make sure I correctly understand the major scenarios in which someone can see the passwords that are being sent. My understanding is that at any of the hops along the way can use a packet analyzer to view what is being sent. This seems to require that any hacker (or their malware/botnet) be on the same subnet as any of the hops the packet takes to arrive at its destination. Is that right? Assuming some flavor of this subnet requirement holds true, do I need to worry about all the hops or just the first one? The first one I can obviously worry about if they're on a public Wifi network since anyone could be listening in. Should I be worried about what's going on in subnets that packets will travel across outside this? I don't know a ton about network traffic, but I would assume it's flowing through data centers of major carriers and there's not a lot of juicy attack vectors there, but please correct me if I am wrong. Are there other vectors to be worried about outside of someone listening with a packet analyzer? I am a networking and security noob, so please feel free to set me straight if I am using the wrong terminology in any of this.

    Read the article

  • Autologin for web application

    - by Maulin
    We want to AutoLogin feature to allow user directly login using link into our Web Application. What is the best way achieve this? We have following approches in our mind. 1) Store user credentials(username/password) in cookie. Send cookie for authentication. e.g. http: //www.mysite.com/AutoLogin (here username/password will be passed in cookie) OR Pass user credentials in link URL. http: //www.mysite.com/AutoLogin?userid=<&password=< 2) Generate randon token and store user random token and user IP on server side database. When user login using link, validate token and user IP on server. e.g. http: //www.mysite.com/AutoLogin?token=< The problem with 1st approach is if hacker copies link/cookie from user machine to another machine he can login. The problem with 2nd approach is the user ip will be same for all users of same organization behind proxy. Which one is better from above from security perspective? If there is better solution which is other than mentioned above, please let us know.

    Read the article

  • Designing secure consumer blackberry application

    - by Kiran Kuppa
    I am evaluating a requirement for a consumer blackberry application that places high premium on security of user's data. Seems like it is an insurance company. Here are my ideas on how I could go about it. I am sure this would be useful for others who are looking for similar stuff Force the user to use device password. (I am guessing that this would be possible - though not checked it yet). Application can request notifications when the device is about to be locked and just after it has been unlocked. Encryption of application specific data can be managed at those times. Application data would be encrypted with user's password. User's credentials would be encrypted with device password. Remote backup of the data could be done over HTTPS (any better ideas are appreciated) Questions: What if the user forgets his device password. If the user forgets his application password, what is the best and secure way to reset the password? If the user losses the phone, remote backup must be done and the application data must be cleaned up. I have some ideas on how to achieve (3) and shall share them. There must be an off-line verification of the user's identity and the administrator must provide a channel using which the user must be able to send command to the device to perform the wiping of application data. The idea is that the user is ALWAYS in control of his data. Without the user's consent, even the admin must not be able to do activities such as cleaning up the data. In the above scheme of things, it appears as if the user's password need not be sent over the air to server. Am I correct? Thanks, --Kiran Kumar

    Read the article

  • How to safely let users submit custom themes/plugins for a Rails app

    - by Brian Armstrong
    In my rails app I'd like to let users submit custom "themes" to display data in various ways. I think they can get the data in the view using API calls and I can create an authentication mechanism for this. Also an authenticated API to save data. So this is probably safe. But i'm struggling with the best way to let users upload/submit their own code for the theme. I want this to work sort of like Wordpress themes/plugins where people can upload the thing. But there are some security risks. For example, if I take the uploaded "theme" a user submits and put it in it's own directory somewhere inside the rails app, what are the risks of this? If the user inserts any rails executable code in their theme, even though it's the view they have full access at that point to all the models, everyone's data, etc. Even from other users. So that is not good. I need some way to let the uploaded themes exist in a sandbox of the rails app, but I haven't seen a good way to do this. Any ideas?

    Read the article

  • firefox reading web page from local JS file -- access to restricted URI denied, code: 1012, nsresult

    - by macias
    My problem is -- I have a html file which is really JS program, which reads web pages and show them in customized manner (i.e. it displays the same content in a different way). Basically, I create XMLHttpRequest object and then req.open("GET", web_page_address, false); req.send(""); This gives me (in firefox) an error: Error: uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" I already googled, and looked at SO but all other issues are very similar with those two exceptions: the file I open in firefox is a local file, opened directly in browser -- I don't have www server running at localhost I don't have any control over the web pages I am reading stuff from So, several solutions I've seen so far (like adding PHP proxy, changing the way external server sends data) cannot be applied here. What else can be done in such case? Another story is I am wondering if such strict security for directly local file has any sense. Thank you in advance for tips/links/etc. Have a nice day!

    Read the article

  • running .net application over a network

    - by Marlon
    Hello, I need some advice please. I need to enable a .Net application to run over a network share, the problem is that this will be on clients network shares and so the path will not be identical. I've had a quick look at ClickOnce and the publish options in VS2008 but it wants a specific network share location - and I'm assuming this location gets stored somewhere when it does its thing. At the moment the job is being done with a old VB6 application and so gets around all these security issues, but that application is poorly written and almost impossible to maintain so it really needs to go. Is it possible for the domain controller to be set up to allow this specific .Net application to execute? Any other options would be welcomed as I want to get this little application is very business critical. I aught to say that the client networks are schools, and thus are often quite locked down as are the client machines, so manually adding exceptions to each client machine is a big no no. Marlon --Edit-- Apologies, I forgot to mention we're restricted to .net 2.0 for the moment, we are planning to upgrade this to 4.0 but that won't be immediate.

    Read the article

  • navigateToURL with GET parameters in local SWF

    - by Michael Brewer-Davis
    I'm running a Flex application locally (local-with-filesystem or local-trusted), and I'm trying to call navigateToURL to a local page using GET parameters. Flash Player seems to be ignoring the parameters when opening the local page, though. I've been scouring the Flash security pages to find a documented prohibition for this, but haven't found anything. Pointers? How would you work around this issue? My Flex app: <?xml version="1.0" encoding="utf-8"?> <mx:Application xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute"> <mx:Script> <![CDATA[ private function onClick(event:MouseEvent):void { var request:URLRequest = new URLRequest("target.html"); request.data = new URLVariables(); request.data.text = "stackoverflow.com"; navigateToURL(request); } ]]> </mx:Script> <mx:Button label="Go" click="onClick(event)" /> </mx:Application> And my target.html: <html> <head> <script language="JavaScript"> <!-- function showURL() { alert(window.location.href); } //--> </script> </head> <body onload="showURL()" /> </html>

    Read the article

  • Payment Processors - What do I need to know if I want to accept credit cards on my website?

    - by Michael Pryor
    This question talks about different payment processors and what they cost, but I'm looking for the answer to what do I need to do if I want to accept credit card payments? Assume I need to store credit card numbers for customers, so that the obvious solution of relying on the credit card processor to do the heavy lifting is not available. PCI Data Security, which is apparently the standard for storing credit card info, has a bunch of general requirements, but how does one implement them? And what about the vendors, like Visa, who have their own best practices? Do I need to have keyfob access to the machine? What about physically protecting it from hackers in the building? Or even what if someone got their hands on the backup files with the sql server data files on it? What about backups? Are there other physical copies of that data around? Tip: If you get a merchant account, you should negotiate that they charge you "interchange-plus" instead of tiered pricing. With tiered pricing, they will charge you different rates based on what type of Visa/MC is used -- ie. they charge you more for cards with big rewards attached to them. Interchange plus billing means you only pay the processor what Visa/MC charges them, plus a flat fee. (Amex and Discover charge their own rates directly to merchants, so this doesn't apply to those cards. You'll find Amex rates to be in the 3% range and Discover could be as low as 1%. Visa/MC is in the 2% range). This service is supposed to do the negotiation for you (I haven't used it, this is not an ad, and I'm not affiliated with the website, but this service is greatly needed.) This blog post gives a complete rundown of handling credit cards (specifically for the UK).

    Read the article

  • ACL architechture for a Software As a service in Sprgin 3.0

    - by geoaxis
    I am making a software as a service using Spring 3.0 (Spring MVC, Spring Security, Spring Roo, Hibernate) I have to come up with a flexible access control list mechanism.I have three different kinds of users System (who can do any thing to the system, includes admin and internal daemons) Operations (who can add and delete users, organizations, and do maintenance work on behalf of users and organizations) End Users (they belong to one or more organization, for each organization, the user can have one or more roles, like being organization admin, or organization read-only member) (role like orgadmin can also add users for that organization) Now my question is, how should i model the entity of User? If I just take the End User, it can belong to one or more organizations, so each user can contain a set of references to its organizations. But how do we model the users role for each organization, So for example User UX belongs to organizations og1, og2 and og3, and for og1 he is both orgadmin, and org-read-only-user, where as for og2 he is only orgadmin and for og3 he is only org-read-only-user I have the possibility of making each user belong to one organization alone, but that's making the system bounded and I don't like that idea (although i would still satisfy the requirement) If you have a better extensible ACL architecture, please suggest it. Since its a software as a service, one would expect that alot of different organizations would be part if the same system. I had one concern that it is not a good idea to keep og1 and og2 data on the same DB (if og1 decides to spawn a 100 reports on the system, og2 should not suffer) But that is some thing advanced for now and is not directly related to ACL but to the physical distribution of data and setup of services based on those ACLs This is a community Wiki question, please correct any thing which you wish to do so. Thanks

    Read the article

  • How to set WS-SecurityPolicy in an inbound CXF service in Mule?

    - by Brakara
    When configuring the service for handling UsernameToken and signatures, it's setup like this: <service name="serviceName"> <inbound> <cxf:inbound-endpoint address="someUrl" protocolConnector="httpsConnector" > <cxf:inInterceptors> <spring:bean class="org.apache.cxf.binding.soap.saaj.SAAJInInterceptor" /> <spring:bean class="org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor"> <spring:constructor-arg> <spring:map> <spring:entry key="action" value="UsernameToken Timestamp Signature" /> <spring:entry key="passwordCallbackRef" value-ref="serverCallback" /> <spring:entry key="signaturePropFile" value="wssecurity.properties" /> </spring:map> </spring:constructor-arg> </spring:bean> </cxf:inInterceptors> </cxf:inbound-endpoint> </inbound> </service> But how is it possible to create a policy of what algorithms that are allowed, and what parts of the message that should be signed?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 361 362 363 364 365 366 367 368 369 370 371 372  | Next Page >