Search Results

Search found 1458 results on 59 pages for 'protect from forgery'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 37/59 | < Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44  | Next Page >

  • Prevent SQL injection from form-generated SQL - NO PreparedStmts

    - by Markos Fragkakis
    Hi all, I have a search table where user will be able to filter results with a filter of the type: Field [Name], Value [John], Remove Rule Field [Surname], Value [Blake], Remove Rule Field [Has Children], Value [Yes], Remove Rule Add Rule So the user will be able to set an arbitrary set of filters, which will result essentially in a completely dynamic WHERE clause. In the future I will also have to implement more complicated logical expressions, like Where (name=John OR name=Nick) AND (surname=Blake OR surname=Bourne), Of all 10 fields the user may or may not filter by, I don't know how many and which filters the user will set. So, I cannot use a prepared statement (which assumes that at least we know the fields in the WHERE clause). This is why prepared statements are unfortunately out of the question, I have to do it with plain old, generated SQL. What measures can I take to protect the application from SQL Injection (REGEX-wise or any other way)?

    Read the article

  • Korn Shell code to send attachments with mailx and uuencode?

    - by Nano Taboada
    I need to attach a file with mailx but at the moment I'm not having a lot of success. Here's my code: subject="Something happened" to="[email protected]" body="Attachment Test" attachment=/path/to/somefile.csv uuencode $attachment | mailx -s "$subject" "$to" << EOF The message is ready to be sent with the following file or link attachments: somefile.csv Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled. EOF Any feedback would be highly appreciated. Update I've added the attachment var to avoid having to use the path every time.

    Read the article

  • Three coworkers Riddle Problem

    - by John S
    This isn't homework, I've got a solution, however it doesn't protect against cheaters. Three coworkers would like to know their average salary. However, they are self-conscious and don't want to tell each other their own salaries, for fear of either being ridiculed or getting their houses robbed. How can they find their average salary, without disclosing their own salaries? Now, a solution that requires the last person to tell the group the sum isn't allowed because that person could cheat. Solution: http://karavi.wordpress.com/2009/12/18/solutions-to-wu%E2%80%99s-puzzles-and-riddles-ghetto-encryption-2-medium/

    Read the article

  • Hardware Lossless Compression for Hard Drives?

    - by GeoffreyF67
    I happened across this article about hardware based hard drive encryption and realized that not only would this give a great way to protect your data but it would also speed up the applications that we use to encrypt that data. This lead me to wonder... Would it be possible to do the same thing for compression so that all of the data is compressed or uncompressed appropriately as it is read and written to the drive? I haven't done any firmware programming in quite some time so I'm not even sure this is technically possible. If it were, however, it could probably give quite a bit more storage space to folks. What are the pros and cons of programming such an approach to be used in the firmware? G-Man

    Read the article

  • An expression of non-boolean type specified in a context where a condition is expected, near 'END'.

    - by Mike Keller
    So maybe someone can point me in the right direction of what is causing this error? I've been fighting with this for a couple of hours and searching the web, and I can't figure out what I'm doing wrong here. It's included as part of a stored procedure, I don't know if that matters, if it does I can include that as well. Tables and field names have been changed to protect the innocent... meaning my job. Thanks. SELECT /* The fields are here*/ FROM /* my joins are here */ WHERE (Table.Field = stuff) AND (Table.Field2 = otherstuff) AND (Table2.Field3 = someotherstuff) AND CASE @param1 WHEN 0 THEN 'Table.Field IS NULL' WHEN 1 THEN 'Table.Field2 IS NOT NULL' ELSE '' END

    Read the article

  • Datanucleus/JDO Level 2 Cache on Google App Engine

    - by Thilo
    Is it possible (and does it make sense) to use the JDO Level 2 Cache for the Google App Engine Datastore? First of all, why is there no documentation about this on Google's pages? Are there some problems with it? Do we need to set up limits to protect our memcache quota? According to DataNucleus on Stackoverflow, you can set the following persistence properties: datanucleus.cache.level2.type=javax.cache datanucleus.cache.level2.cacheName={cache name} Is that all? Can we choose any cache name? Other sources on the Internet report using different settings. Also, it seems we need to download the DataNucleus Cache support plugin. Which version would be appropriate? And do we just place it in WEB-INF/lib or does it need more setup to activate it?

    Read the article

  • double checked locking - objective c

    - by bandejapaisa
    I realised double checked locking is flawed in java due to the memory model, but that is usually associated with the singleton pattern and optimizing the creation of the singleton. What about under this case in objective-c: I have a boolean flag to determine if my application is streaming data or not. I have 3 methods, startStreaming, stopStreaming, streamingDataReceived and i protect them from multiple threads using: - (void) streamingDataReceived:(StreamingData *)streamingData { if (self.isStreaming) { @synchronized(self) { if (self.isStreaming) { - (void) stopStreaming { if (self.isStreaming) { @synchronized(self) { if (self.isStreaming) { - (void) startStreaming:(NSArray *)watchlistInstrumentData { if (!self.isStreaming) { @synchronized(self) { if (!self.isStreaming) { Is this double check uneccessary? Does the double check have similar problems in objective-c as in java? What are the alternatives to this pattern (anti-pattern). Thanks

    Read the article

  • Activities In Rational ClearCase

    - by kadaba
    Hello All, We are thinking of implementing Rational ClearQuest for Change Management and Defect tracking. When we integrate Rational ClearQuest and Rational ClearCase, the activities will be coming from the Rational ClearQuest. Now since the implementation of Rational ClearQuest will take time due to the process, we are thinking of removing the activity creation from the developer side. We are thinking of making the admin create the activities for each developer. Now I have a few concerns, If the admin creates the activities and changes the owner for the activity and the group using the protect command, Is it enough? Would this activity used by other developer too? Since activity is a work can this be shared? I need some clarity on this. Thanks.

    Read the article

  • When/why does Internet Explorer block installation of a (signed) ActiveX control?

    - by Geoff
    When the user visits a page that contains a signed ActiveX control that has never been seen before, I'd expect IE to ask the user for permission to install the control. But sometimes IE puts up a security warning instead. For example, consider this site, which has a test control: http://www.pcpitstop.com/testax.asp I'd expect to get this message -- and sometimes, I do: "The website wants to run the following add-on: 'XXX' from 'YYY'. If you trust the the website and the add-on and want to allow it to run, click here..." But under IE8 on XP, I usually get this instead: "To help protect your security, Internet Explorer has restricted this site from showing certain content. Click here for options..." What's going on? Any ideas? Thanks!

    Read the article

  • Storing Configurations into Active Direcotry Application Mode

    - by Khurram Aziz
    I have a network devices polling and do actions kind of app; currently it keeps the configuration (which devices to poll, what kind of device, ip, login, password etc) in the database. My network administrator wants that this information is stored in some LDAP server so that he maintain single store of configuration which he himself can use in other apps/scripts etc. I am looking for some article that walks me through setting up ADAM/AD LDS for storing configuration by authoring custom schema etc and how to setup some authentication infrastructure to protect the data.

    Read the article

  • Need an encrypted online source code backup service.

    - by camelCase
    Please note this is not a question about online/hosted SVN services. I am working on a home based, solo developer, project that now has commercial significance and it is time to think about remote source code backup. There is no need for file level check in/out, all I need is once a day or once a week directory level snapshot to remote storage. Automatic encryption would be a bonus to protect my IP. What I have in mind is some sort of GUI interface app that will squirt a source code snapshot off to an Amazon S3 bucket on an automatic schedule. (My development PC runs on MS Windows.)

    Read the article

  • Are there any differences between SQL Server and MySQL when it comes to preventing SQL injection?

    - by Derek Adair
    I am used to developing in PHP/MySQL and have no experience developing with SQL Server. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about. For example, with MySQL I utilize the function mysql_real_excape_string(). Is there a similar function with PHP/SQL Server? What steps do I need to take in order to protect against SQL injection with SQL Server? What are the differences between SQL Server and MySQL pertaining to SQL injection prevention? also - is this post accurate? is the escape string character for SQL Server a single quote?

    Read the article

  • PHP: PDOStatement simple MySQL Select doesn't work.

    - by Alan
    Hi I have the following PHP code doing a very simple select into a table. $statement = $db->prepare("SELECT * FROM account WHERE fbid = :fbid"); $statement->bindParam(":fbid",$uid, PDO::PARAM_STR,45); $out = $statement->execute(); $row = $statement->fetch(); $out is true (success) yet $row is null. If I modify the code as follows: $statement = $db->prepare("SELECT * FROM account WHERE fbid = $uid"); $out = $statement->execute(); $row = $statement->fetch(); $row contains the record I'm expecting. I'm at a loss. I'm using the PDO::prepare(), bindParams() etc to protect against SQL Injection (maybe I'm mistaken on that). Please halp.

    Read the article

  • Windows and system processes

    - by jemper
    Note: I've asked this question in a similiar format on superuser but it seems like it may fit here on SO better. It definitely also is about programming as it concerns parts of the Win32 API, Windows in general and process management. So there are these processes that can't be terminated with taskkill - system processes in general. But there also is, for example my Anti Virus program that makes itself "unterminateable". How can I access and mainly terminate system processes under windows? (kill.exe by Microsoft doesn't work) How do processes like anti-virus programs protect themselves? How can you turn them off again, then?

    Read the article

  • How are SaaS applications organized?

    - by tomekw
    Consider web (MVC, for example Rails) application for multiple clients as a service. How to design this? one application instance per client? (+ one database per client) one instance for all clients (+ one database for all clients) Former one is simple, but... "inefficient". How about the latter? (best practises, design patterns) How to separate client data? For example: worker "A" of client "1" has two documents, worker "B" of client "2" has three documents. How to build model associations to protect other users (and clients) data? I think joining every query with Client model is not a good solution.

    Read the article

  • Accessing protected REST endpoint with JQuery

    - by Andy
    I have a site where members login to their account (FormsAuth). I would like to set up a RESTful service that I can access using jQuery. I would like to protect these services using the same FormsAuth. How would a third-party site be able to access these services? They would need to pass in the Principal/Identity to the service, right? I've only seen examples of Basic Authentication (which Twitter uses and jQuery supports). I'm very new to WCT/REST, so not sure how this should be done.

    Read the article

  • Building two executables in one project

    - by Rui Pacheco
    Hi, I've a project that must produce two executables: the main application and an executable that is called by a separate process. I've created the second file in Xcode and added a second target of type Cocoa Shell Tool. I can now build the second executable but when I try to build my project normally I get an error saying there's two executables present: ld: duplicate symbol _main in <path>/SecondExecutable.o and <path>/main.o (<path> was added by me to protect the innocent and their intelectual property). How can I configure Xcode to build both at the same time?

    Read the article

  • Prevent SQL injection from form-generated SQL.

    - by Markos Fragkakis
    Hi all, I have a search table where user will be able to filter results with a filter of the type: Field [Name], Value [John], Remove Rule Field [Surname], Value [Blake], Remove Rule Field [Has Children], Value [Yes], Remove Rule Add Rule So the user will be able to set an arbitrary set of filters, which will result essentially in a completely dynamic WHERE clause. In the future I will also have to implement more complicated logical expressions, like Where (name=John OR name=Nick) AND (surname=Blake OR surname=Bourne), Of all 10 fields the user may or may not filter by, I don't know how many and which filters the user will set. So, I cannot use a prepared statement (which assumes that at least we know the fields in the WHERE clause). This is why prepared statements are unfortunately out of the question, I have to do it with plain old, generated SQL. What measures can I take to protect the application from SQL Injection (REGEX-wise or any other way)?

    Read the article

  • Error while creating a table style in excel

    - by Rashmi Pandit
    Hi, I am using the following function to create a TableStyle: Public Function CreateTableStyle() ActiveWorkbook.Unprotect Dim objTS As TableStyle On Error Resume Next Set objTS = ActiveWorkbook.TableStyles("MyTableStyle") On Error GoTo err_CreateTableStyle If Not objTS Is Nothing Then Exit Function End If Set objTS = ActiveWorkbook.TableStyles.Add("MyTableStyle") With ActiveWorkbook.TableStyles("MyTableStyle") .ShowAsAvailablePivotTableStyle = True .ShowAsAvailableTableStyle = False End With With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlHeaderRow).Font .FontStyle = "Bold" .TintAndShade = 0 .ThemeColor = xlThemeColorDark1 End With With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlHeaderRow).Interior .ThemeColor = xlThemeColorLight2 .TintAndShade = -0.249946592608417 End With With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlTotalRow).Font .FontStyle = "Bold" .TintAndShade = 0 .ThemeColor = xlThemeColorDark1 End With With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlTotalRow).Interior .ThemeColor = xlThemeColorLight2 .TintAndShade = -0.249946592608417 End With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlSubtotalRow1).Font.FontStyle = "Bold" With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlSubtotalRow1).Interior .Color = 16764828 .TintAndShade = 0 End With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlSubtotalRow2).Font.FontStyle = "Bold" With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlSubtotalRow2).Interior .Color = 16777164 .TintAndShade = 0 End With ActiveWorkbook.Protect Exit Function err_CreateTableStyle: Call Common.ErrRaise(Erl, "Common", "CreateTableStyle", "CreateTableStyle") End Function At the line below: With ActiveWorkbook.TableStyles("MyTableStyle").TableStyleElements( _ xlHeaderRow).Font .FontStyle = "Bold" I am getting an error: Run-time error '1004' Unable to set the FontStyle property of the Font class. Can someone please identify the issue? I am not able to figure why it is not letting me set the property.

    Read the article

  • Force VSProps settings to override project settings

    - by Steve
    I have a vsprops file that defines the optimizations all of our projects should be built with for Visual Studio 2008. If I set the properties for the project to "inherit from parent of project defaults" it works, and fills them in the vcproj file. However, this doesn't protect me from a developer checking in a project file that changes the optimizations. In this case, the project settings are used over the vsprops settings. I need to make it so that vsprops always takes precedence over what is in the vcproj file. Is this possible? Other workarounds are also welcome.

    Read the article

  • How to secure authorization of methods

    - by Kurresmack
    I am building a web site in C# using MVC.Net How can I secure that no unauthorized persons can access my methods? What I mean is that I want to make sure that only admins can create articles on my page. If I put this logic in the method actually adding this to the database, wouldn't I have business logic in my data layer? Is it a good practise to have a seperate security layer that is always in between of the data layer and the business layer to make? The problem is that if I protect at a higher level I will have to have checks on many places and it is more likely that I miss one place and users can bypass security. Thanks!

    Read the article

  • Web.config encryption/decryption

    - by Akshay
    In my applications we.config file I have a connection string stored. I encrypted it using '---open the web.config file Dim config As Configuration = _ ConfigurationManager.OpenWebConfiguration( _ Request.ApplicationPath) '---indicate the section to protect Dim section As ConfigurationSection = _ config.Sections("connectionStrings") '---specify the protection provider section.SectionInformation.ProtectSection(protectionProvider) '---Apple the protection and update config.Save() Now I can decrypt it using the code Dim config As Configuration = _ ConfigurationManager.OpenWebConfiguration( _ Request.ApplicationPath) Dim section As ConfigurationSection = _ config.Sections("connectionStrings") section.SectionInformation.UnProtectSection() config.Save() I want to know where is the key stored. Also If somehow my web.config file is stolen, will it be possible for him/her to decrypt it using thhe code above.

    Read the article

  • MSI File/Registry failures to Windows Server 2008/Windows 7

    - by Luca
    I'm trying to deploy an application on Windows Server 2008 (SP2 x64) and Windows 7 (x64), using VS2005 Installer Project. The MSI version (I think) it the 2.0. Everything works fine, except that some registry keys and some files are not copied on the install machine. The MSI system doesn't notify about nothing (and I don't know whether MSI logs its operations). Are there incompatibilities between my MSI installer project and these new OSes? It seems to me that the OS protect itself for being modified in some part. For example, I'm trying to set the registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\WinLogon\SpecialAccounts\UserList\User but it is not created. In the same installer there are many other keys, which are created like expected (as they always did before on Windows XP and Windows Server 2003). What's going on?

    Read the article

  • PHP urlencode() tacking on ?SID=xxx ... Why?

    - by retailevolved
    I am trying to output a simple link. This works great: $url = 'http://www.google.com'; echo $url; This doesn't work great: $url = 'http://www.google.com'; echo urlencode($url); The second example tacks on "?SID=xxx" to the end of the URL for some reason. How do I prevent this from happening? Note: The code to generate the URL has been changed to protect the innocent.

    Read the article

  • Help setup my .git/config file for Heroku AND my Unfuddle Account

    - by 05WRXSTi
    Ok, I have three different computers that I work from and right now their configurations are all different so I have to push/pull a certain on each and its very bothersome. What I want to do is have ONE config file that I can use for all three that will allow me to do the following: git push unfuddle git pull heroku git push unfuddle git pull heroku And I'm new to git, so I know that maybe I need heroku master or 'heroku origin` or somethign? Here is what my config file looks like right now: [core] repositoryformatversion = 0 filemode = true bare = false logallrefupdates = true [remote "origin"] fetch = +refs/heads/*:refs/remotes/origin/* url = [email protected]:HEROKU-APP.git [branch "master"] remote = origin merge = refs/heads/master [remote "unfuddle"] fetch = +refs/heads/*:refs/remotes/origin/* url = [email protected]:UNFUDDLE-APP/UNFUDDLE-APP.git obviously the git urls were changed to protect the innocent. What should I change so that I can easily push and pull to/from both of these repos? Thanks!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44  | Next Page >