Search Results

Search found 68155 results on 2727 pages for 'data security'.

Page 412/2727 | < Previous Page | 408 409 410 411 412 413 414 415 416 417 418 419 | Next Page >

cc1plus: error: include: Value too large for defined data type when compiling with g++

- by Android

I am making a project that should compile on Windows and Linux. I have made the project in Visual Studio and then made a makefile for linux. I created all the files in Windows with VS. It compiles and runs perfectly in VS but when I run the makefile and it runs g++ I get $ g++ -c -I include -o obj/Linux_x86/Server.obj src/Server.cpp cc1plus: error: include: Value too large for defined data type cc1plus: error: src/Server.cpp: Value too large for defined data type The code is nothing more than a Hello World atm. I just wanted to make sure that everything was working before I started development. I have tried searching but to no avail. Any help would be appreciated.

Read the article
Sorting the data returned by a database

- by Rishabh Ohri

hi all, In our project we have a requirement that when a set of records are returned by the database the records should be sorted with respect to the TITLE field in the record. The records will have to be sorted alphabetically but if the title of a record has a number in it then it should come after the records whose title only consists of alphabets. Details: we are using SQL Server , and c#. The data from the database comes to an Entity class whic forwards the data to other layers. So, What will be the possible and effective solution for this requirement.

Read the article
Are there any differences between MSSQL and MySQL when it comes to preventing SQL injection?

- by Derek Adair

I am used to developing in PHP/MySQL and have no experience developing with MSSQL. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about. For example, with MySQL I utilize the function mysql_real_excape_string(). Is there a similar function with PHP/MSSQL? What steps do I need to take in order to protect against SQL injection with MSSQL? What are the differences between MSSQL and MySQL pertaining to SQL injection prevention?

Read the article
IE6 Not submitting POST Data?!

- by Abs

Hello all, I have just tested my site on an old IE6 browser on a windows server. The problem I have is when I submit a form, the POST data I get on the other page is empty. Array(). This site has worked on IE6 on a different windows server, it has worked on my laptop and works on all other major browsers (Firefox, Chrome, IE6,7,8, Safari) etc. Its just this one machine. Is there a setting not to allow post data on IE6? Thanks all

Read the article
Post ASP.Net Form data to another page

- by william

I have an ASP.Net Page, aspx with its default form. I have a Submit Button for it. Upon clicking, it will post the data to itself. In other words, Button Click Event() from code behind will execute the necessary. After that, I would like to post the same data to another ASp.Net Page, aspx from another domain. So, how can I do it? I tried creating a Form in Button Click Event and a javascript to Submit the Form so that it will post. But the Form is not appearing hence there is already aForm` on the page. Is there anyway to do it?

Read the article
Accessing Linq data in telerik grid ItemCreated method

- by Jack

Not sure if the title of this question makes sense, but here's my problem: I have a telerik grid bound to a Linq data object, however, I limit the fields returned: <IQueryable>filter = data.Select(x => new {x.ID, x.Name, x.Age}); I would like to access these fields in the ItemCreated method of the grid: protected void rgPeople_ItemCreated(object sender, GridItemEventArgs e) { Telerik.Web.UI.GridDataItem item = (GridDataItem)e.Item; ?????? Person = (???????)e.Item.DataItem; } What do I declare ?????? as so that I can use: String ID = Person.ID; String Name = Person.Name; etc

Read the article
Top techniques to avoid 'data scraping' from a website database

- by Addsy

I am setting up a site using PHP and MySQL that is essentially just a web front-end to an existing database. Understandably my client is very keen to prevent anyone from being able to make a copy of the data in the database yet at the same time wants everything publicly available and even a "view all" link to display every record in the db. Whilst I have put everything in place to prevent attacks such as SQL injection attacks, there is nothing to prevent anyone from viewing all the records as html and running some sort of script to parse this data back into another database. Even if I was to remove the "view all" link, someone could still, in theory, use an automated process to go through each record one by one and compile these into a new database, essentially pinching all the information. Does anyone have any good tactics for preventing or even just dettering this that they could share. Thanks

Read the article
Should I be worried about a ReDOS attack?

- by PeeHaa

Can the following code be use to ReDOS attack my site? Or will it just be ended when the max_execution_time is exceeded or is it a problem of the past? I use the following code to validate emailaddresses on my sites (by Douglas Lovell): function validate_email($email) { $isValid = true; $atIndex = strrpos($email, "@"); if (is_bool($atIndex) && !$atIndex) { $isValid = false; } else { $domain = substr($email, $atIndex+1); $local = substr($email, 0, $atIndex); $localLen = strlen($local); $domainLen = strlen($domain); if ($localLen < 1 || $localLen > 64) { // local part length exceeded $isValid = false; } else if ($domainLen < 1 || $domainLen > 255) { // domain part length exceeded $isValid = false; } else if ($local[0] == '.' || $local[$localLen-1] == '.') { // local part starts or ends with '.' $isValid = false; } else if (preg_match('/\\.\\./', $local)) { // local part has two consecutive dots $isValid = false; } else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain)) { // character not valid in domain part $isValid = false; } else if (preg_match('/\\.\\./', $domain)) { // domain part has two consecutive dots $isValid = false; } else if(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/', str_replace("\\\\","",$local))) { // character not valid in local part unless // local part is quoted if (!preg_match('/^"(\\\\"|[^"])+"$/', str_replace("\\\\","",$local))) { $isValid = false; } } if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A"))) { // domain not found in DNS $isValid = false; } } return $isValid; }

Read the article
How to populate an array with recordset data

- by Curtis Inderwiesche

I am attempting to move data from a recordset directly into an array. I know this is possible, but specifically I want to do this in VBA as this is being done in MS Access 2003. Typically I would do something like the following to archive this: Dim vaData As Variant Dim rst As ADODB.Recordset ' Pull data into recordset code here... ' Populate the array with the whole recordset. vaData = rst.GetRows What differences exist between VB and VBA which makes this type of operation not work? What about performance concerns? Is this an "expensive" operations?

Read the article
Is it possible to create a file with a given size and MD5 hash?

- by m.bagattini

Of course I know is possible to create a file with a certain size and how to do it. But is it possible to create a file with a certain size and also a certain MD5 fingerprint?

Read the article
UnknownHostException for server java

- by nilesh

I am not able to connect to an remote known server through Java code; the exception while connecting is java.net.NoRouteToHostException: No route to host. But strangely, I am able to connect to same server through ssh. Details: Simple Java client when tries to establish connection with Java standalone server, while conneting the exception occurs at following statement: Socket socket = new Socket(ServerIP ServerPort); The port needed is open on server so that externally request can come in. Again the following is returns false InetAddress.getByName(SERVER_IP).isReachable(1000) The Server is running on Fedora, Java 5. FYI: Java cannot resolve DNS address from AIX: UnknownHostException is almost same to my question, but somehow this is not AIX related; moreover I feel the issue to be more of Network or firewall issue. Please guide me.

Read the article
Load data from CSV to mySQL database Java+hibernate+spring

- by mona

I am trying to load a CSV file in to mySQL database using Java+Hibernate+Spring. I am using the following query in the DAO to help me load in to the database: entityManager.createQuery("LOAD DATA INFILE :fileName INTO TABLE test").setParameter("fileName", "C:\\samples\\test\\abcd.csv").executeUpdate(); I got some idea to use this from http://dev.mysql.com/doc/refman/5.1/en/load-data.html and how to import a csv file into a mysql from an hibernate+spring application? But I am getting the error: java.lang.IllegalArgumentException: node to traverse cannot be null! Please help! Thanks

Read the article
Can this be improved? Scrubbing of dangerous html tags.

- by chobo2

I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); } Edit 2 people have suggested whitelisting. I actually like the idea of whitelisting but never actually did it because no one can actually tell me how to do it in C# and I can't even really find tutorials for how to do it in c#(the last time I looked. I will check it out again). How do you make a white list? Is it just a list collection? How do you actual parse out all html tags, script tags and every other tag? Once you have the tags how do you determine which ones are allowed? Compare them to you list collection? But what happens if the content is coming in and has like 100 tags and you have 50 allowed. You got to compare each of those 100 tag by 50 allowed tags. Thats quite a bit to go through and could be slow. Once you found a invalid tag how do you remove it? I don't really want to reject a whole set of text if one tag was found to be invalid. I rather remove and insert the rest. Should I be using html agility pack?

Read the article
Will client JVM for a web service(https) throw an SSL Exception when the server is having a valid ce

- by ring bearer

I have a web service deployed on tomcat hosted on a remote server. I have set it up such that it can be accessed only via HTTPS. For this, I generated a Certificate Signing Request (CSR) and used it to get a temporary certificate from VeriSign. My web service client is on my local machine. If I try to access the service it will throw a javax.net.ssl.SSLHandshakeException:unable to find valid certification path to requested target If I install the certificate in to local Java's keystore, the issue will be resolved. My question is if I install a valid SSL certificate from a CA in to my tomcat server, will I get this client-side error even if I do not import the certificate to local key store?

Read the article
Java Client .class File Protection

- by Zac

I am in the requirements phase of building a JEE application that will most likely run on a GlassFish/JBoss backend (doesn't matter for now). I know I shouldn't be thinking about architecture at requirements time, but one can't help but start to imagine how the components would all snap together :-) Here are some hard, non-flexible requirements on the client-side: (1) The client application will be a Swing box (2) The client is free to download, but will use a subscription model (thus requiring a login mechanism with server-side authentication/authorization, etc.) (3) Yes, Java is the best platform solution for the problem at hand for reasons outside the scope of this post (4) The client-side .class files need safeguarding against decompiling That last (4th) requirement is the basis of this post. I'm not really worried about someone actually decompiling and getting at my source code: in the end, it's just Swing controls driven by some lightweight business logic. I'm worried about a scenario where someone decompiles my code, modifies it to exploit/attack the server, re-compiles, and fires it up. I've envisioned all sorts of nasty solutions, but didn't know if this was a common problem with a common solution for JEE developers. Any thoughts? Not interested in "code obfuscation" techniques! Thanks for any input!

Read the article
Prime Number - Data while loading

- by Emroot

Hi, I was trying in Ruby on Rails how to find a prime number. Here is my code : helper : app/helpers/test_helper.rb module TestHelper def prime_number? number index = 2 tmp = 0 while index <= number if tmp < 1 if (number % index) == 0 tmp += 1 end else return false end index += 1 end return true end end and my view : app/views/test/index.html.erb <% (2..100).each do |i| -%> <% if prime_number? i %> <%= i %> <% end -%> <% end -%> So my question is : How can you load data while it's calculating ? I mean if I replace 100 by 100000 in my view, how can I see data on my view while my helper method is calculating ? Do I need to use ajax or rails provide a tool for that ? Thank you.

Read the article
How to securely communicate with a database using a java applet

- by WarmWaffles

I have been writing web applications for quite sometime in PHP with MySQL. I always stored my database connection information into a configuration variable and connected to the database that way. A client wants a java applet for their website to communicate with their database. I'm very hesitant on this because the applet is going to be public and I am not sure how I would go about storing the database connection information. I'm paranoid that someone would decompile my application or find some way to extract my database connection information and use it maliciously. Any suggestions on how to do this securely?

Read the article
How to keep multiple connectionString passwords safe, separate, and easy to deploy?

- by Funka

I know there are plenty of questions here already about this topic (I've read through as many as I could find), but I haven't yet been able to figure out how best to satisfy my particular criteria. Here are the goals: The ASP.NET application will run on a few different web servers, including localhost workstations for development. This means encrypting web.config using a machine key is out. The application will decide which connection string to use based on the server name (using a switch statement). For example, "localhost" and "dev.example.com" will use the DevDatabaseConnectionString, "test.example.com" will use the TestDatabaseConnectionString, and "www.example.com" will use the ProdDatabaseConnectionString, for example. Ideally, the exact same executables and web.config should be able to run on any of these environments, without needing to tailor or configure each environment separately every time that we deploy (something that seems like it would be easy to forget/mess up one day during a deployment, which is why we moved away from having just one connectionstring that has to be changed on each target). Deployment is currently accomplished via FTP. We will not have command-line access to the production web server. This means using aspnet_regiis.exe is out. (I could run on localhost, however, if this would still work.) We would prefer to not have to recompile the application whenever a password changes, so using web.config (or db.config or whatever) seems to make the most sense. A developer should not be able to decrypt the production database password. If a developer checks the source code out onto their localhost laptop (which would determine that it should be using the DevDatabaseConnectionString, remember?) and the laptop gets lost or stolen, it should not be possible to get at the other connection strings. Thus, having a single RSA private key to un-encrypt all three passwords cannot be considered. (Contrary to #3 above, it does seem like we'd need to have three separate key files if we went this route; these could be installed once per machine, and should the wrong key file get deployed to the wrong server, the worst that should happen is that the app can't decrypt anything---and not allow the wrong host to access the wrong database!) I know this is probably a subjective question (asking for a "best" way to do something), but given the criteria I've mentioned, I'm hoping that a single best answer will indeed arise. Thank you!

Read the article
Reading Windows ACLs from Java

- by Matt Sheppard

From within a Java program, I want to be able to list out the Windows users and groups who have permission to read a given file. Obviously Java has no built-in ability to read the Windows ACL information out, so I'm looking for other solutions. Are there any third party libraries available which can provide direct access to the ACL information for a Windows file? Failing that, maybe running cacls and capturing and then processing the output would be a reasonable temporary solution - Is the output format of cacls thoroughly documented anywhere, and is it likely to change between versions of Windows?

Read the article
X.509 certificate based authentication with OpenSSL (without using sockets)

- by hartem

Hi, Is there an alternative in OpenSSL to SSL_set_connect_state()/SSL_set_accept_state() for X.509 certificate based authentication? The problem is that in my application the client and server do not communicate using sockets, and the establishment of direct connection between them is not possible. So what I want from OpenSSL is to 'expose' the intermediate SSL context establishment messages which I would then convey to the party at the other end. Thanks for your help!

Read the article
Pros and Cons of Java HTML to XML cleaners

- by cjavapro

I am looking to allow HTML emails (and other HTML uploads) without letting in scripts and stuff. I plan to have a white list of safe tags and attributes as well as a whitelist of CSS tags and value regexes (to prevent automatic return receipt). I asked a question: Parse a badly formatted XML document (like an HTML file) I found there are many many ways to do this. Some systems have built in sanitizers (which I don't care so much about). I will post some answers and say Community Wiki. Please post any other options you like and say Community Wiki so they can be voted on. Also any comments or wiki edits on what part of a certain product is better and what is not would be greatly appreciated. This page is a very nice listing page but I get kinda lost http://java-source.net/open-source/html-parsers

Read the article
(php) how to properly 'save' info in forms completed thus far

- by hatorade

So i have a form that on paper is 40 pages long. I was going to take the natural sections of this form, and make separate html forms for each section, with the idea that on the first page there would be a first form, then you hit 'Continue to next section' which essentially is the 'submit' button, which moves the user to section two, etc, until they hit the last section. i am not actually storing the results of the form in a database, but rather sending an email. the idea then is to store the separate form answers (one html form per section in the real form) as arrays or objects in the session, so that if they go back to a section in the form, it repopulates the values they entered since they are stored in the session. the result would be an array in the session storing the results for each of my forms, and i have one form for each section. my question is: is it secure to temporarily store things like SSNs or driver's license numbers as session variables? why or why not?

Read the article
How to secure WCF service with public private ket pair without using any certificated

- by malik

I want to secure my wcf service. For example if i want to generate public private key pair without involving any third part certifation authority. What is the way and method to do it? Any idea or any other approach.

Read the article
Spooling data to CSV truncates

- by Steve

Hi, I am using the below script to output data to a csv file: set heading off set linesize 10000 set pagesize 0 set echo off set verify off spool D:\OVERNIGHT\TEMP_FILES\PFRA_DETAIL_VIXEN_OUTPUT.txt SELECT TRIM(T4.S_ORG_ID)||','|| TRIM(T4.NAME)||','|| TRIM(T3.CREATION_TIME)||','|| TRIM(T5.X_HOUSE_NUMBER)||','|| TRIM(T5.X_FLAT_NUMBER)||','|| TRIM(T5.ADDRESS)||','|| TRIM(T5.CITY)||','|| TRIM(T5.ZIPCODE)||','|| TRIM(T3.NOTES) FROM TABLE_CASE T1 INNER JOIN TABLE_QUEUE T2 ON T1.CASE_CURRQ2QUEUE = T2.OBJID INNER JOIN TABLE_PHONE_LOG T3 ON T1.OBJID = T3.CASE_PHONE2CASE INNER JOIN TABLE_BUS_ORG T4 ON T1.X_CASE2X_BUS_ORG = T4.OBJID INNER JOIN TABLE_ADDRESS T5 ON T1.CASE2ADDRESS = T5.OBJID WHERE case_currq2queue IN(422); / spool off; exit; However the data is being truncated to 80 characters. The t3.notes field is in CLOB format. Does anyone know how I can spool this out to csv? I only have access to SQL*Plus. Thanks in advance, Steve

Read the article
Prevent Cross-site request forgery - Never Rely on The SessionID Sent to Your Server in The Cookie H

- by Yan Cheng CHEOK

I am reading the tutorial at http://code.google.com/p/google-web-toolkit-incubator/wiki/LoginSecurityFAQ It states Remember - you must never rely on the sessionID sent to your server in the cookie header ; look only at the sessionID that your GWT app sends explicitly in the payload of messages to your server. Is it use to prevent http://en.wikipedia.org/wiki/Cross-site_request_forgery#Example_and_characteristics With this mythology, is it sufficient enough to prevent to above attack?

Read the article

< Previous Page | 408 409 410 411 412 413 414 415 416 417 418 419 | Next Page >