Search Results

Search found 1306 results on 53 pages for 'csrf protection'.

Page 38/53 | < Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45 | Next Page >

Check whether Excel file is Password protected

- by Torben Klein

I am trying to open an Excel (xlsm) file via VBA. It may or may not be protected with a (known) password. I am using this code: On Error Resume Next Workbooks.Open filename, Password:=user_entered_pw opened = (Err.Number=0) On Error Goto 0 Now, this works fine if the workbook has a password. But if it is unprotected, it can NOT be opened. Apparently this is a bug in XL2007 if there is also workbook structure protection active. (http://vbaadventures.blogspot.com/2009/01/possible-error-in-excel-2007.html). On old XL2003, supplying a password would open both unprotected and password protected file. I tried: Workbooks.Open filename, Password:=user_entered_pw If (Err.Number <> 0) Then workbooks.open filename This works for unprotected and protected file. However if the user enters a wrong password it runs into the second line and pops up the "enter password" prompt, which I do not want. How to get around this?

Read the article
My multithread program works slowly or appear deadlock on dual core machine, please help

- by Shangping Guo

I have a program with several threads, one thread will change a global when it exits itself and the other thread will repeatedly poll the global. No any protection on the globals. The program works fine on uni-processor. On dual core machine, it works for a while and then halt either on Sleep(0) or SuspendThread(). Would anyone be able to help me out on this? The code would be like this: Thread 1: do something... while(1) { ..... flag_thread1_running=false; SuspendThread(GetCurrentThread()); continue; } Thread 2 .... while(flag_thread1_running==false) Sleep(0); ....

Read the article
Looking for a safe, portable password-storage method

- by Maciek

Hello, I'm working on C++ project that is supposed to run on both Win32 and Linux, the software is to be deployed to small computers, usually working in remote locations. Recently, our client has requested that we introduce access control via password protection. We are to meet the following criteria : Support remote login Support remote password change Support remote password retrieval Support data retrieval on accidental/purposeful deletion Support secure storage I'm capable of meeting the "remote" requirements using an existing library, however what I do need to consider is a method of storing this data, preferably in a way that will work on both platforms and will not let the user see it/read it, encryption is not the issue here - it's the storage method itself. Can anyone recommend a sage storage method that could help me meet those criteria?

Read the article
Check wether Excel file is Password protected

- by Torben Klein

I am trying to open an Excel (xlsm) file via VBA. It may or may not be protected with a (known) password. I am using this code: On Error Resume Next Workbooks.Open filename, Password:=user_entered_pw opened = (Err.Number=0) On Error Goto 0 Now, this works fine if the workbook has a password. But if it is unprotected, it can NOT be opened. Apparently this is a bug in XL2007 if there is also workbook structure protection active. (http://vbaadventures.blogspot.com/2009/01/possible-error-in-excel-2007.html). On old XL2003, supplying a password would open both unprotected and password protected file. I tried: Workbooks.Open filename, Password:=user_entered_pw If (Err.Number <> 0) Then workbooks.open filename This works for unprotected and protected file. However if the user enters a wrong password it runs into the second line and pops up the "enter password" prompt, which I do not want. How to get around this?

Read the article
How secure is a PostgreSQL database if my server is stolen?

- by orokusaki

If I have a server with a database if top secret data in PostgreSQL and my password is practically impossible to crack (128 character string of all sorts of weird chars, generated by hand). The server password is also uncrackable in theory (basically, ignore the possibility of a password crack on the DB). Aside from a password crack, how easy is it to get the data out of this database? Assumptions: Only the DB exists on the server. There is no password in a PHP script or anything like that The person who has the server is a computer / DB / hard-drive recovery expert I'm not using any hard-drive encryption or anything out of the norm for protection I'm trying to understand the risks involved with somebody gaining physical access to my server's hard-drives.

Read the article
Is it a good idea to use .Net for commercial software?

- by user146780

I was playing around with .Net reflector today and realized that Miicrosoft's entire Expression suite is written in .Net. As a result I was pretty much able to see the underlying code for expression. This makes it far easier than binary to break copy protection. I think that that's a big deal. Is it generally recommended to make commercial software in .Net where it is fairly easy to see the source code down to the variable names? I was surprised that Microsoft didn't at least dotfescate it. Thanks

Read the article
Rails3 and safe nl2br !

- by arkannia

Hi, I have a system for the users to be able to post comments. The comments are grasped into a textarea. My problem is to format the comments with br tag to replace \n In fact, i could do something like that s.gsub(/\n/, '<br />') But the xss protection including in rails escapes br tags. So i could do this s.gsub(/\n/, '<br />').html_safe But then, all the tags are accepted even script.... causing a big security problem So my question is : how to format text with br safely ? Thanks EDIT: For now, i have add this def sanitaze self.gsub(/(<.*?>)/, '') end def nl2br self.sanitaze.gsub(/\n/, '<br />').html_safe end

Read the article
Access <body element from content page via a nested master page

- by danwellman

All I want to do is access the <body element from the code-behind of a content page and add a class name to it. I have a top-level master page with the <body element in it. Then I have a nested master page which is the master page for the content page. From the code behind of the content page I want to add a class name to the body element. That's all. I have this in the top-level master: <body id="bodyNode" runat="server"> I added this to the code-behind for the content page: Master.bodyNode.Attributes.add("class", "home-page"); And I get a message that: System.Web.UI.MasterPage' does not contain a definition for 'bodyNode If I add this to the aspx content page: <% @ MasterType VirtualPath="~/MasterPage.master"%> The message then changes to: bodyNode is inaccessible due to its protection level Please advise, I've wasted like 2 hours on what feels like something that should be really simple to do :(

Read the article
Multiple formsauthentifications in the same application

- by citronas

Hi there, I was wondering if it is possible to use two different formsauthentification logins with the following directory structure: /default.aspx /login.aspx /web.config /subdirectory/sublogin.aspx /subdirectory/subdefault.aspx /subdirectory/web.config The web.config in the root contains the following settings: <authentication mode="Forms"> <forms protection="All" slidingExpiration="true" loginUrl="~/login.aspx" path="/"/> </authentication> <authorization> <deny users="?"/> </authorization> What I want to achieve is, that all directories except 'subdirectory' are protected by the login.aspx in the root. 'subdirectory' has its own login.aspx (sublogin.aspx) How would the correct content of the web.config in subdirectory look like?

Read the article
Protecting websites from the attack of malicious scripts and viruses

- by tibin mathew

Hi friends, I'm developing a website using php, i want to know how can i protect my site from the attack of virus, like malicious scripts, hackers etc. which are the ways this will happen, and how can i avooid such situations. is there any protecting facilities in Curl or any technologies. I'm more concerned about this because one of my site is affected with virus for some reason and i'm using data from my database all the time. so please tell me about this virus protection. when i look into google i got this url but not sure what they are meant by that. http://blog.unitedheroes.net/curl/ can any one tell me about the protective measures.... Thanks

Read the article
Practicing buffer overflow attack in Ubuntu

- by wakandan

I am trying to learn to use buffer overflow attack in Ubuntu. Unfortunately, I cannot turn off Address Space Layout Randomization (ASLR) feature in this OS, which is turned on by default. I have tried some work around found in some fedora books: echo "0" > /proc/sys/kernel/randomize_va_space but for some reason the protection's still there. Please give me some suggestions. Thanks. [edit]Actually the above command was not successful, it said "Permission Denied", even with sudo. How can I fix that? [adding] I kept on getting segmetation fault error when it shows an address in stack. Is it related to non-executable stack in ubuntu :(?

Read the article
How do I render a partial to a string from within a filter attached to a controller

- by Tristan Havelick

I have some code I need to use in multiple controllers in a rails 1.0 application (I can't, for strange reasons upgrade to a newer rails). I've extracted the relevant code into a filer object, and I'm using the around_filter construct to execute it. Before the extract, I was using the method render_to_string() to get the contents of a rendered partial into a string. However, this method is protected, so I am unable to access it from within my Filter object. As a workaround, I tried adding this to my ApplicationController: def render_to_string(*a) super(*a) end this seems to have remedied the protection level issue, but now I get the error: Can only render or redirect once per action When no such error occurred before the extraction. Why? Is there a different approach I should take here?

Read the article
The implicit function __strcpy_chk() call

- by Summer_More_More_Tea

Hi everyone: I'm now performing a stack buffer overflow attack test on my own PC( Ubuntu 9.10, gcc-4.4.1 ) based on the article http://www.tenouk.com/Bufferoverflowc/Bufferoverflow4.html. Yet I haven't achieved the goal. Each time a segfault is thrown accompanied with some error informaiton. I compile the source code, and wanna get further information using objdump. Function __strcpy_chk is invoked in the assembly code dumped out, and it's said that "The __strcpy_chk() function is not in the source standard; it is only in the binary standard." Does this the mechanism a compiler employed to protect runtime stack? To finish my test, how can I bypass the protection? Regards.

Read the article
Should a protected property in a C# child class hide access to a public property on the parent?

- by Tim

I have the following code: public class Parent { public string MyField { get; set; } } public class Child : Parent { protected new int MyField { get; set; } } I try and access this with: static void Main(string[] args) { Child child = new Child(); child.MyField = "something"; } Visual studio 2008 compiles this without comment, but under Mono (2.4.2, Ubuntu) I get the error message 'HideTest.Child.MyField' is inaccessible due to its protection level (CS0122) Is one implementation or the other more compliant with the standard here?

Read the article
How do I automatically delete an Excel file after creating it on a server and returning it to the us

- by David A Gibson

Hello, I am creating an Excel file on a web server, using OleDb to connect the the physical (well as physical as it can be) file and appending records. I am then returning a FilePathResult to the user via MVC, and would like to delete the physical file afterwards due to data protection concerns over the appended records. I have tried using a File.Delete in a Finally clause but I get a File Not Found error which must mean the file has gone when MVC is trying to send the file to the user. I thought about creating the File as a MemoryStream but I think OleDb needs a physical file to connect to so this isn't an option. Any suggestions on how to delete the file after returning it in one operation? Thanks

Read the article
Codeigniter deny access to directory of controllers with apache config

- by MAZUMA

I’d like to restrict access to a folder of controllers that are used for admin purposes only. I’ve tried a number of ways and not coming up with a solution. These controllers are behind password protection. But, I’d like to just remove it from view if someone happens to stumble upon the right directory. Can this be done? I’d rather not do it from htaccess. I have access to the apache config files, so I’d like to handle it there. Does it have anything to do with the way Codeigniter routes? Or, am I just way off? This what I’m using that doesn’t work <Directory /var/www/application/controllers/folder/> Order deny,allow Deny from all Allow from xxx.xxx.xxx.xxx </Directory>

Read the article
EXCEL - Locking a Cell from User input whilst allowing a Linked combobox?

- by Christopher Leach

I have a Protected Worksheet which is a checklist with a series of checkpoints. Each row has Item and Description cells that are locked. Each row has several columns with its contents to be set by a ComboBox and a text input column. Both i have left unlocked. I have Locked the the Item and Description columns and left only the 'Select Unlocked Cells' checked via Sheet Protection. I have one ComboBox on the worksheet that moves around and adjusts its LinkedCell and its Content list using the worksheets SelectionChanged event. When the user selects a cell to bring up the drop down list, the user is able to type into the cell and the Drop Down Box disappears. What is the best way to keep the cell unlocked so it can be selectable(as 'Select Locked Cells" is unchecked) however stop the user from being able to type in the cell and to allow the cells contents to become modifiable only via the ComboBox?

Read the article
Apple HTML5 progressive streaming

- by seanc

Is there a copy of the file saved to the ipad/ipod when using progressive http download (apple segmented) that the user could potentially copy off the device? meaning, is this scenario considered 'safe' from a content protection pov: 1. user comes to websites with movies behind paywall 2. user selects a movie to watch online (progressively downloaded or 'pseudo-streamed') 3. segments are downloaded seamlessly by html5 video tag as part of .m3u8 4. movie plays/ends. is there any full copy of this movie on the device that can be transferred off? anyone know apple's stance on this?

Read the article
Why do virtual memory addresses for linux binaries start at 0x8048000?

- by muteW

Disassembling an ELF binary on a Ubuntu x86 system I couldn't help but notice that the code(.text) section starts from the virtual address 0x8048000 and all lower memory addresses seem to be unused. This seems to be rather wasteful and all Google turns up is either folklore involving STACK_TOP or protection against null-pointer dereferences. The latter case looks like it can be fixed by using a single page instead of leaving a 128MB gap. So my question is this - is there a definitive answer to why the layout has been fixed to these values or is it just an arbitrary choice?

Read the article
File System Types in .Net

- by Avi

I don't get the abstractions and the terminology :-( For example, DirectoryInfo.FullName is defined as the full path of the directory or file, but it's a string! So is DirectoryInfo.Name, FileInfo.FullName, Path.GetDirectoyName and so on. This means that in .Net there is no "depth" (or "meat" - my English isn't so good) for the file system objects. There's no protection from a type system. I can't, for example, define two Path objects and ask if one of them is "above" the other - I have to manipulate the strings. I can't differentiate between a Path that identifies a directory and a path that identifies a file. I can't do anything!-( Just manipulate strings. Is this correct (or am I simply missing something). If correct, are there any alternatives?

Read the article
druapal content image not showing

- by tibin mathew

hi, I'm doing a drupal site. i want show a facebook image in my page content in home page. i have edited content of that page. i have edited the body of that content through admin and put the text in body like this The BikeGlow™ Safety Light runs on 2-AA batteries. Light tube length is 10'. Complete unit weighs under 2 oz (without batteries). Light tube attaches to frame with included attachment strips. "It's like magic cycling protection from cars!" < img src='bikeglow_com/sites/default/files/5u84f48n.gif' alt="facebook" / but after saving image is not showing there even that alt tag is not coming. can any one help me, what will be reason for his

Read the article
Communication between web applications, 1 SSL certificate, other has none

- by Rickjaah

This the situation: I have one webservice without SSL, which provides two pages for the other web application. When the user submits these pages, an XML file with private information is sent to the webservice. How can I provide the necessary privacy protection on the XML file? Is the one certificate good enough to give the appropriate security? I'm not sure about this one, and am in the preparation phase of a project... So need to know the involved work on this part...

Read the article
drupal content image not showing

- by tibin mathew

hi, I'm doing a drupal site. i want show a facebook image in my page content in home page. i have edited content of that page. i have edited the body of that content through admin and put the text in body like this The BikeGlow™ Safety Light runs on 2-AA batteries. Light tube length is 10'. Complete unit weighs under 2 oz (without batteries). Light tube attaches to frame with included attachment strips. "It's like magic cycling protection from cars!" < img src='bikeglow_com/sites/default/files/5u84f48n.gif' alt="facebook" / but after saving image is not showing there even that alt tag is not coming. can any one help me, what will be reason for his

Read the article
Reason for different segments in Linux on x86

- by anjruu

Hey all, So, I know that Linux uses four default segments for an x86 processor (kernel code, kernel data, user code, user data), but they all have the same base and limit (0x00000000 and 0xfffff), meaning each segment maps to the same set of linear addresses. Given this, why even have user/kernel segments? I understand why there should be separate segments for code and data (just due to how the x86 processor deals with the cs and ds registers), but why not have a single code segment and a single data segment? Memory protection is done through paging, and the user and kernel segments map to the same linear addresses anyway. Thanks! anjruu

Read the article
How to address thread-safety of service data used for maintaining static local variables in C++?

- by sharptooth

Consider the following scenario. We have a C++ function with a static local variable: void function() { static int variable = obtain(); //blahblablah } the function needs to be called from multiple threads concurrently, so we add a critical section to avoid concurrent access to the static local: void functionThreadSafe() { CriticalSectionLockClass lock( criticalSection ); static int variable = obtain(); //blahblablah } but will this be enough? I mean there's some magic that makes the variable being initialized no more than once. So there's some service data maintained by the runtime that indicates whether each static local has already been initialized. Will the critical section in the above code protect that service data as well? Is any extra protection required for this scenario?

Read the article

< Previous Page | 34 35 36 37 38 39 40 41 42 43 44 45 | Next Page >