Search Results

Search found 13653 results on 547 pages for 'old school'.

Page 476/547 | < Previous Page | 472 473 474 475 476 477 478 479 480 481 482 483  | Next Page >

• Best Practice: Protecting Personally Identifiable Data in a ASP.NET / SQL Server 2008 Environment

  - by William

  Thanks to a SQL injection vulnerability found last week, some of my recommendations are being investigated at work. We recently re-did an application which stores personally identifiable information whose disclosure could lead to identity theft. While we read some of the data on a regular basis, the restricted data we only need a couple of times a year and then only two employees need it. I've read up on SQL Server 2008's encryption function, but I'm not convinced that's the route I want to go. My problem ultimately boils down to the fact that we're either using symmetric keys or assymetric keys encrypted by a symmetric key. Thus it seems like a SQL injection attack could lead to a data leak. I realize permissions should prevent that, permissions should also prevent the leaking in the first place. It seems to me the better method would be to asymmetrically encrypt the data in the web application. Then store the private key offline and have a fat client that they can run the few times a year they need to access the restricted data so the data could be decrypted on the client. This way, if the server get compromised, we don't leak old data although depending on what they do we may leak future data. I think the big disadvantage is this would require re-writing the web application and creating a new fat application (to pull the restricted data). Due to the recent problem, I can probably get the time allocated, so now would be the proper time to make the recommendation. Do you have a better suggestion? Which method would you recommend? More importantly why?

  Read the article

• Extend legacy site with another server-side programming platform best practice

  - by Andrew Florko

  Company I work for have a site developed 6-8 years ago by a team that was enthusiastic enough to use their own private PHP-based CMS. I have to put dynamic data from one intranet company database on this site in one week: 2-3 pages. I contacted company site administrator and she showed me administrative part - CMS allows only to insert html blocks & manage site map (site is deployed on machine that is inside company & fully accessible & upgradeable). I'm not a PHP-guy & I don't want to dive into legacy hardly-who-ever-heard-about CMS engine I also don't want to contact developers team, 'cos I'm not sure they are still present and capable enough to extend this old days site and it'll take too much time anyway. I am about to deploy helper asp.net site on IIS with 2-3 pages required & refer helper site via iframe from present site. New pages will allow to download some dynamic content from present site also. Is it ok and what are the pitfalls with iframe approach?

  Read the article

• Reflection and Operator Overloads in C#

  - by TenshiNoK

  Here's the deal. I've got a program that will load a given assembly, parse through all Types and their Members and compile a TreeView (very similar to old MSDN site) and then build HTML pages for each node in the TreeView. It basically takes a given assembly and allows the user to create their own MSDN-like library for it for documentation purposes. Here's the problem I've run into: whenever an operator overload is encounted in a defined class, reflection returns that as a "MethodInfo" with the name set to something like "op_Assign" or "op_Equality". I want to be able to capture these and list them properly, but I can't find anything in the MethodInfo object that is returned to accurately identify that I'm looking at an operator. I definitely don't want to just capture everything that starts with "op_", since that will most certainly (at some point) will pick up a method it's not supposed to. I know that other methods and properties that are "special cases" like this one have the "IsSpecialName" property set, but appearantly that's not the case with operators. I've been scouring the 'net and wracking my brain to two days trying to figure this one out, so any help will be greatly appreciated.

  Read the article

• Transfering a set with a Wildcarded Generic to a List in Java

  - by Daniel Bingham

  I have a data type that contains a set and a method that expects List<? extends MyClass>. The data type has Set<? extends MyClass>. I need to be able to move the stuff out of the set and into the List. The order it goes into the list doesn't matter, it just needs to start keeping track of it so that it can be reordered when displayed. Suffice to say that changing the Set into a List in the data type is out of the question here. This seems pretty easy at first. Create a new method that takes a Set instead of a List, changes it into a list and then passes it on to the old method that just took a list. The problem comes in changing the set to a list. public void setData(Set<? extends MyClass> data) { List<? extends Myclass> newData = ArrayList< /* What goes here? */ >(); for(ConcordaEntityBean o : data) { newData.add(o); } setData(newData); } Obviously, I can't instantiate an ArrayList with a wildcard, it chokes. I don't know the type at that point. Is there some way to pull the type out of data and pass it to ArrayList? Can I just instantiate it with MyClass? Is there some other way to do this?

  Read the article

• Using $.post for simple ajax test, what am I missing?

  - by Cortopasta

  Playing with jquery for the first time, and I'm trying to get a simple AJAX set up working so I can better understand how things work. Unfortunately, I don't know a whole lot. Here's the HTML with the script: <html> <head> <title>AJAX attempt with jQuery</title> <script type="text/javascript" src="jquery.js"></script> <script type="text/javascript"> function ajax(str){ $("document").ready(function(){ $.post("ajaxjquerytest.php",str,function(){ $("p").html(response); }); }); </script> </head> <body> <input type="text" onchange="ajax(this.value)"></input> <p>Age?</p> </body> </html> And here is the PHP it's talking to: <?php $age = $_POST['age']; if ($age < 30) { echo "Young"; } else if ($age > 30) { echo "Old"; } else { echo "you're 30"; } ?>

  Read the article

• PHP preg_match: a pattern which satisfies all MySQL field names (including 'table.field' formations)

  - by gsquare567

  i need a pattern which satisfies mysql field names, but also with the option of having a table name before it examples: mytable.myfield myfield my4732894__7289FiEld here's what i tried: $pattern = "/^[a-zA-Z0-9_]*?[\.[a-zA-Z0-9_]]?$/"; this worked for what i needed before, which was just the field name: $pattern = "/^[a-zA-Z0-9_]*$/"; any ideas why my addition isnt working? maybe i'm making up regex, so i'll explain what i added... the first '?' is to say that it isn't greedy, ie. it will stop if the next part, namely "[.[a-zA-Z0-9_]]?" is satisfied. now, that second part is just the same as the first except it is optional (hence the '?' at the end) and it starts with a period (hence the '[.' and ']' wrapping my old clause. and obviously, the "^" and "$" rep the beginning and end of the string so... any ideas? (also, i'm a tad confused as to why i need to put in those "/"s in the begining/end anyways, so if you could tell me why it's required, that'd be awesome) thanks a lot! (and thanks for reading this all if you actually did... it's quite a ramble)

  Read the article

• How can I concisely copy multiple SQL rows, with minor modifications?

  - by Steve Jessop

  I'm copying a subset of some data, so that the copy will be independently modifiable in future. One of my SQL statements looks something like this (I've changed table and column names): INSERT Product( ProductRangeID, Name, Weight, Price, Color, And, So, On ) SELECT @newrangeid AS ProductRangeID, Name, Weight, Price, Color, And, So, On FROM Product WHERE ProductRangeID = @oldrangeid and Color = 'Blue' That is, we're launching a new product range which initially just consists of all the blue items in some specified current range, under new SKUs. In future we may change the "blue-range" versions of the products independently of the old ones. I'm pretty new at SQL: is there something clever I should do to avoid listing all those columns, or at least avoid listing them twice? I can live with the current code, but I'd rather not have to come back and modify it if new columns are added to Product. In its current form it would just silently fail to copy the new column if I forget to do that, which should show up in testing but isn't great. I am copying every column except for the ProductRangeID (which I modify), the ProductID (incrementing primary key) and two DateCreated and timestamp columns (which take their auto-generated values for the new row). Btw, I suspect I should probably have a separate join table between ProductID and ProductRangeID. I didn't define the tables. This is in a T-SQL stored procedure on SQL Server 2008, if that makes any difference.

  Read the article

• Why can't I open a JBoss vfs:/ URL?

  - by skiphoppy

  We are upgrading our application from JBoss 4 to JBoss 6. A couple of pieces of our application get delivered to the client in an unusual way: jars are looked up inside of our application and sent to the client from a servlet, where the client extracts them in order to run certain support functions. In JBoss 4 we would look these jars up with the classloader and find a jar:// URL which would be used to read the jar and send its contents to the client. In JBoss 6 when we perform the lookup we get a vfs:/ URL. I understand that this is from the org.jboss.vfs package. Unfortunately when I call openStream() on this URL and read from the stream, I immediately get an EOF (read() returns -1). What gives? Why can't I read the resource this URL refers to? I've tried trying to access the underlying VFS packages to open the file through the JBoss VFS API, but most of the API appears to be private, and I couldn't find a routine to translate from a vfs:/ URL to a VFS VirtualFile object, so I couldn't get anywhere. I can try to find the file on disk within JBoss, but that approach sounds very failure prone on upgrade. Our old approach was to use Java Web Start to distribute the jars to the client and then look them up within Java Web Start's cache to extract them. But that broke on every minor upgrade of Java because the layout of the cache changed.

  Read the article

• Pattern for version-specific implementations of a Java class

  - by Mike Monkiewicz

  So here's my conundrum. I am programming a tool that needs to work on old versions of our application. I have the code to the application, but can not alter any of the classes. To pull information out of our database, I have a DTO of sorts that is populated by Hibernate. It consumes a data object for version 1.0 of our app, cleverly named DataObject. Below is the DTO class. public class MyDTO { private MyWrapperClass wrapper; public MyDTO(DataObject data) { wrapper = new MyWrapperClass(data); } } The DTO is instantiated through a Hibernate query as follows: select new com.foo.bar.MyDTO(t1.data) from mytable t1 Now, a little logic is needed on top of the data object, so I made a wrapper class for it. Note the DTO stores an instance of the wrapper class, not the original data object. public class MyWrapperClass { private DataObject data; public MyWrapperClass(DataObject data) { this.data = data; } public String doSomethingImportant() { ... version-specific logic ... } } This works well until I need to work on version 2.0 of our application. Now DataObject in the two versions are very similar, but not the same. This resulted in different sub classes of MyWrapperClass, which implement their own version-specific doSomethingImportant(). Still doing okay. But how does myDTO instantiate the appropriate version-specific MyWrapperClass? Hibernate is in turn instantiating MyDTO, so it's not like I can @Autowire a dependency in Spring. I would love to reuse MyDTO (and my dozens of other DTOs) for both versions of the tool, without having to duplicate the class. Don't repeat yourself, and all that. I'm sure there's a very simple pattern I'm missing that would help this. Any suggestions?

  Read the article

• Publish Git repository to SVN

  - by Ken Williams

  I and my small team work in Git, and the larger group uses Subversion. I'd like to schedule a cron job to publish our repositories current HEADs every hour into a certain directory in the SVN repo. I thought I had this figured out, but the recipe I wrote down previously doesn't seem to be working now: git clone ssh://me@gitserver/git-repo/Projects/ProjX px2 cd px2 svn mkdir --parents http://me@svnserver/svn/repo/play/me/fromgit/ProjX git svn init -s http://me@svnserver/svn/repo/play/me/fromgit/ProjX git svn fetch git rebase trunk master git svn dcommit Here's what happens when I attempt: % git clone ssh://me@gitserver/git-repo/Projects/ProjX px2 Cloning into 'ProjX'... ... % cd px2 % svn mkdir --parents http://me@svnserver/svn/repo/play/me/fromgit/ProjX Committed revision 123. % git svn init -s http://me@svnserver/svn/repo/play/me/fromgit/ProjX Using higher level of URL: http://me@svnserver/svn/repo/play/me/fromgit/ProjX => http://me@svnserver/svn/repo % git svn fetch W: Ignoring error from SVN, path probably does not exist: (160013): Filesystem has no item: File not found: revision 100, path '/play/me/fromgit/ProjX' W: Do not be alarmed at the above message git-svn is just searching aggressively for old history. This may take a while on large repositories % git rebase trunk master fatal: Needed a single revision invalid upstream trunk I could have sworn this worked previously, anyone have any suggestions? Thanks.

  Read the article

• T-SQL: Dynamic Query by Selected Column in ASP.NET GridView

  - by jp2code

  I'm trying to modify a stored procedure used in an ASP.NET page. By default, the stored procedure returns all of the data, which can be overwhelming for employees in the plant. I want to add a drop down menu item for the column name and a text box for a value to allow our employees to search the data for their specific items. What I would like to add is the ability to pass in a Column Name and Column Value to search, similar to the following: DECLARE @colName nVarChar(50), @colValue nVarChar(50) SET @colName='EmployeeID' SET @colValue='007135' SELECT Column1, Column2, Column3, Column4, Column5, Column6, Column7 FROM viewNum1 WHERE ((@colName IS NULL) OR (@colValue IS NULL) OR ('['+@colName+']'=@colValue)) If all values passed in (@colValue and @colName), all records return; however, if I try specifying that @colName=EmployeeID and @colValue='007135' (a value that does exist in the database), no records are returned. Next is the problem that I am running an old SQL Server 2000 database that does not allow the stored procedure to access the table column names, and the whole technique looks prone to SQL Injection. Finally, I don't see how to bind my GridView control to this and still have the ability to display all records. How would I write such a filtering stored procedure?

  Read the article

• Resumable Upload in Ruby on Rails

  - by user253011

  Hi, I have been searching for a way for resumable file upload in RoR. In conclusion, I found out other than Java Applet no client-side-and-cross-platform agent can access the file system in such a way that to request the file from the position where the upload got terminated (due to any reason) with some exceptions like http://github.com/taf2/resume-up/tree/master (built in native Ruby, but requires google gears which is not "reliable" yet when it comes to cross platform almost same story as of ActiveX!) Since the only reliable option left is java applet, is there any good tutorial/forum/documentation for those paid java applets, such as "thin slice upload" etc. to make it work with rails application. I have found one http : // github . com / dassi / mediaclue , its a non-multi-ligual-German-Application in which they used jumploader. But in that application, I am unable to see resumable functionality. Scratching my head against their documentation, i found out http : // jumploader.com / doc_resume.html It tells that jumploader has resume functionality in Cross session resume, the one i am looking for (if the user close the browser the new session gets hold on uncompleted uploaded files from the old session against the user id). But I cant find any example on their demos page which actually pause/RESUME functionality in a continuous manner! Is it even possible to achieve that kind of resumable functionality. Please tell me about any options/example/demos preferable deployed in rails. I shall be very much obliged. ~ Thanks

  Read the article

• Help with this compile error

  - by Scott

  I just picked up an old project and I'm not sure what the following error could mean. g++ -o BufferedReader.o -c -g -Wall -std=c++0x -I/usr/include/xmms2 -Ijsoncpp/include/json/ -fopenmp -I/usr/include/ImageMagick -I/usr/include/xmms2 -I/usr/include/libvisual-0.4 -D_GNU_SOURCE=1 -D_REENTRANT -I/usr/include/SDL -DQT_CORE_LIB -DQT_GUI_LIB -DQT_SCRIPT_LIB -DQT_SHARED -I/usr/include/QtCore -I/usr/include/QtGui -I/usr/include/QtScript BufferedReader.cpp In file included from BufferedReader.cpp:23: /usr/include/string.h:36:42: error: missing binary operator before token "(" In file included from /usr/lib/gcc/i686-redhat-linux/4.4.3/../../../../include/c++/4.4.3/cwchar:47, from /usr/lib/gcc/i686-redhat-linux/4.4.3/../../../../include/c++/4.4.3/bits/postypes.h:42, from /usr/lib/gcc/i686-redhat-linux/4.4.3/../../../../include/c++/4.4.3/iosfwd:42, from /usr/lib/gcc/i686-redhat-linux/4.4.3/../../../../include/c++/4.4.3/ios:39, from /usr/lib/gcc/i686-redhat-linux/4.4.3/../../../../include/c++/4.4.3/istream:40, from /usr/lib/gcc/i686-redhat-linux/4.4.3/../../../../include/c++/4.4.3/sstream:39, from BufferedReader.cpp:24: At line 24 of BufferedReader.cpp is #include <string.h>. I've tried it with just <string> but get the same thing. Any clue? Here's the snippet of code from string.h /* Tell the caller that we provide correct C++ prototypes. */ #if defined __cplusplus && __GNUC_PREREQ (4, 4) //line 36 # define __CORRECT_ISO_CPP_STRING_H_PROTO #endif Does that mean __GNUC_PREREQ isn't defined?

  Read the article

• How should approach allowing users to create notes with revisions?

  - by Magicked

  I'm working on a Rails project where I want to allow users to create individual notes, which are really just text fields at this time. With each note, the user can edit what they have previously written, but the old version is kept in a revision table. I'm trying to figure out the best way to approach this. My initial thoughts are to have the following relationships: class User < ActiveRecord::Base has_many :notes end class Note < ActiveRecord::Base has_many :note_revisions belongs_to :user end class NoteRevision < ActiveRecord::Base belongs_to :note_revision end The Note model will only contain a timestamp of when the note was first created. The NoteRevision model will contain the text, as well as a timestamp for each revision. This way, every time a new revision is made, a new entry is created into the NoteRevision table which is tracked through the Note table. Hopefully this makes sense! First, does this look like a good way to do this? If so, I'm having trouble figuring out how the controller and view will present this information in one form. Are there any good tutorials or has someone seen anything similar that can point me in the right direction? Thanks in advance!

  Read the article

• GPG error occurs while using "deb file:/local-path-to-repo ..." in /etc/apt/sources.list

  - by Chandler.Huang

  I need to install packages within non-internet connection environment. My plan is to download dist structure from Internet and then add file path to /etc/apt/sources.list. So I download related structure includes ubunt/dists/precise, precise-backports, precise-proposed, precise-security, precise-updates from a ftp mirror server. And then I remove original source and add the following to my /etc/apt/sources.list. deb file:path-to-local-ubuntu-directory/ precise main restricted multiverse universe deb-src file:path-to-local-ubuntu-directory/ precise main restricted multiverse universe Then I got GPG error as following after apt-get update. root@openstack:/~# apt-get update Ign file: precise InRelease Get:1 file: precise Release.gpg [198 B] Get:2 file: precise Release [50.1 kB] Ign file: precise Release Get:3 file: precise/main TranslationIndex [3,761 B] Get:4 file: precise/multiverse TranslationIndex [2,716 B] Get:5 file: precise/restricted TranslationIndex [2,636 B] Get:6 file: precise/universe TranslationIndex [2,965 B] Reading package lists... Done W: GPG error: file: precise Release: The following signatures were invalid: BADSIG 0976EAF437D05B5 Ubuntu Archive Automatic Signing Key <[email protected]> I had tried use the following steps after google but in vain. sudo apt-get clean cd /var/lib/apt sudo mv lists lists.old sudo mkdir -p lists/partial sudo apt-get update Is there any way to resolve this? And why this error occurs? Thanks a lot.

  Read the article

• Get active window title in X

  - by dutt

  I'm trying to get the title of the active window. The application is a background task so if the user has Eclipse open the function returns "Eclipse - blabla", so it's not getting the window title of my own window. I'm developing this in Python 2.6 using PyQt4. My current solution, borrowed and slightly modified from an old answer here at SO, looks like this: def get_active_window_title(): title = '' root_check = '' root = Popen(['xprop', '-root'], stdout=PIPE) if root.stdout != root_check: root_check = root.stdout for i in root.stdout: if '_NET_ACTIVE_WINDOW(WINDOW):' in i: id_ = i.split()[4] id_w = Popen(['xprop', '-id', id_], stdout=PIPE) for j in id_w.stdout: if 'WM_ICON_NAME(STRING)' in j: if title != j.split()[2]: return j.split("= ")[1].strip(' \n\"') It works for most windows, but not all. For example it can't find my kopete chat windows, or the name of the application i'm currently developing. My next try looks like this: def get_active_window_title(self): screen = wnck.screen_get_default() if screen == None: return "Could not get screen" window = screen.get_active_window() if window == None: return "Could not get window" title = window.get_name() return title; But for some reason window is always None. Does somebody have a better way of getting the current window title, or how to modify one of my ways, that works for all windows? Edit: In case anybody is wondering this is the way I found that seems to work for all windows. def get_active_window_title(self): root_check = '' root = Popen(['xprop', '-root'], stdout=PIPE) if root.stdout != root_check: root_check = root.stdout for i in root.stdout: if '_NET_ACTIVE_WINDOW(WINDOW):' in i: id_ = i.split()[4] id_w = Popen(['xprop', '-id', id_], stdout=PIPE) id_w.wait() buff = [] for j in id_w.stdout: buff.append(j) for line in buff: match = re.match("WM_NAME\((?P<type>.+)\) = (?P<name>.+)", line) if match != None: type = match.group("type") if type == "STRING" or type == "COMPOUND_TEXT": return match.group("name") return "Active window not found"

  Read the article

• Jquery find first visible element after horizontal scroll

  - by lolo flores

  I’m new (only two weeks old) in Jquery, so please bear with me. I know that a very similar question was asked some time ago but I do not know how to adapt the answer to my problem. I have a very wide multicolumn layout something like this: | aaaa | bbbb | cccc | … | | aaaa | b | cc | … | | aaa | cccc | ddd | … | The code looks like: <div id="container"> <p>aaaaaaaaaaa</p> <p>bbbbb</p> <p>ccccccccccc</p> <p>dddddddddd</p> ... <p>xxxxxx</p> </div> There is no vertical scrolling and the container width is set in such a way that only two columns are shown. The user scrolls left or right to see the relevant text. What I want is to get the position currently on display, store it (maybe in a cookie) and retrieve it the next time the user opens the page. I think that I need a way of finding out what paragraph is currently the left-top most, but other suggestions are very welcome. Any ideas? btw: this is an internal project, so Mozilla only :-) Thanks Lolo

  Read the article

• CDN for Images in ASP.NET

  - by Chris

  I am in the process of moving all of the images in my web application over to a CDN but I want to easily be able to switch the CDN on or off without having to hard code the path to the images. My first thought was to add an HttpHandler for image extensions that depending whether a variable in the web.config (something like ) will serve the image from the server or from the CDN. But after giving this a little though I think I've essentially ruled this out as it will cause ASP.NET to handle the request for every single image, thus adding overhead, and it might actually completely mitigate the benefits of using a CDN. An alternative approach is, since all of my pages inherit from a base page class, I could create a function in the base class that determines what path to serve the files from based off the web.config variable. I would then do something like this in the markup: <img src='<%= GetImagePath()/image.png' /> I think this is probably what I'll have to end up doing, but it seems a little clunky to me. I also envision problems with the old .NET error of not being able to modify the control collection because of the "<%=" though the "<%#" solution will probably work. Any thoughts or ideas on how to implement this?

  Read the article

• Difference in calling redefined functions in F# and Clojure

  - by Michiel Borkent

  In F#: > let f x = x + 2;; val f : int -> int > let g x = f x;; val g : int -> int > g 10;; val it : int = 12 > let f x = x + 3;; val f : int -> int > g 10;; val it : int = 12 In Clojure: (defn f [x] (+ x 2)) (defn g [x] (f x)) (g 10) ;; => 12 (defn f [x] (+ x 3)) (g 10) ;; => 13 Note that in Clojure the most recent version of f gets called in the last line. In F# however still the old version of f is called. Why is this?

  Read the article

• Not able to insert data in the database from a form in php

  - by Prashant Baid

  I am not able to insert data into my data, i dont know what the problem is. Here is the code: mysql_select_db("mitestore", $con); */ if ((isset($_POST['product_name'])) && (strlen(trim($_POST['product_name'])) 0)) { $product_name = stripslashes(strip_tags($_POST['product_name'])); $sql="INSERT INTO sell (product_name) VALUE ('$_POST[product_name]')"; } else {$product_name = 'Please enter the product name.';} if ((isset($_POST[''])) && (strlen(trim($_POST['how_old'])) 0)) { $how_old = stripslashes(strip_tags($_POST['how_old'])); $sql="INSERT INTO sell (how_old) VALUE ('$_POST[how_old]')"; } else {$how_old = 'Please enter how old your product is';} if ((isset($_POST['which_block'])) && (strlen(trim($_POST['which_block'])) 0)) { $which_block = stripslashes(strip_tags($_POST['which_block'])); $sql="INSERT INTO sell (which_block) VALUE ('$_POST[which_block]')"; } else {$which_block = 'Please enter which block are you from';} if ((isset($_POST['room_no'])) && (strlen(trim($_POST['room_no'])) 0)) { $room_no = stripslashes(strip_tags($_POST['room_no'])); $sql="INSERT INTO sell (room_no) VALUE ('$_POST[room_no]')"; } else {$room_no = 'Please enter the room no:';} if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "Success!"; mysql_close($con) ? Initially i had this code and it worked for me. mysql_select_db("database", $con); $sql="INSERT INTO sell ( product_name, how_old , selling_price, negotiable, which_block, room_no) VALUES ('$_POST[product_name]','$_POST[how_old]','$_POST[selling_price]','$_POST[negotiable]','$_POST[which_block]','$_POST[room_no]')"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } echo "Your product is added."; mysql_close($con) ? But i don't know how to validate each field individually.

  Read the article

• Is it possible to spoof or reuse VIEWSTATE or detect if it is protected from modification?

  - by Peter Jaric

  Question ASP and ASP.NET web applications use a value called VIEWSTATE in forms. From what I understand, this is used to persist some kind of state on the client between requests to the web server. I have never worked with ASP or ASP.NET and need some help with two questions (and some sub-questions): 1) Is it possible to programmatically spoof/construct a VIEWSTATE for a form? Clarification: can a program look at a form and from that construct the contents of the base64-encoded VIEWSTATE value? 1 a) Or can it always just be left out? 1 b) Can an old VIEWSTATE for a particular form be reused in a later invocation of the same form, or would it just be luck if that worked? 2) I gather from http://msdn.microsoft.com/en-us/library/ms972976.aspx#viewstate_topic12 that it is possible to turn on security so that the VIEWSTATE becomes secure from spoofing. Is it possible for a program to detect that a VIEWSTATE is safeguarded in such a way? 2 a) Is there a one-to-one mapping between the occurrence of EVENTVALIDATION values and secure VIEWSTATEs? Regarding 1) and 2), if yes, can I have a hint about how I would do that? For 2) I am thinking I could base64-decode the value and search for a string that always is found in unencrypted VIEWSTATEs. "First:"? Something else? Background I have made a small tool for detecting and exploiting so called CSRF vulnerabilities. I use it to quickly make proof of concepts of such vulnerabilities that I send to the affected site owners. Quite often I encounter these forms with a VIEWSTATE, and these I don't know if they are secure or not. Edit 1: Clarified question 1 somewhat. Edit 2: Added text in italics.

  Read the article

• Why does this code sample produce a memory leak?

  - by citronas

  In the university we were given the following code sample and we were being told, that there is a memory leak when running this code. The sample should demonstrate that this is a situation where the garbage collector can't work. As far as my object oriented programming goes, the only codeline able to create a memory leak would be items=Arrays.copyOf(items,2 * size+1); The documentation says, that the elements are copied. Does that mean the reference is copied (and therefore another entry on the heap is created) or the object itself is being copied? As far as I know, Object and therefore Object[] are implemented as a reference type. So assigning a new value to 'items' would allow the garbage collector to find that the old 'item' is no longer referenced and can therefore be collected. In my eyes, this the codesample does not produce a memory leak. Could somebody prove me wrong? =) import java.util.Arrays; public class Foo { private Object[] items; private int size=0; private static final int ISIZE=10; public Foo() { items= new Object[ISIZE]; } public void push(final Object o){ checkSize(); items[size++]=o; } public Object pop(){ if (size==0) throw new ///... return items[--size]; } private void checkSize(){ if (items.length==size){ items=Arrays.copyOf(items,2 * size+1); } } }

  Read the article

• sendto is returning ENOBUF

  - by user338159

  Hi, I am currently running an old system on Tru64 which involves lots of UDP sockets using the sendto() function. The sockets are used in our code to send messages to/from various processes and then eventually on to a thick client app that is connected remotely. Occasionally the socket to the thick client gets stuck, this can cause some of these messages to get built up. My question is how can I determine the current buffer size, and how do I determine the maximum message buffer. The code below gives a snippet of how I set up the port and use the sendto function. /* need to adjust the maximum size we can send on this / / as it needs to be able to cope with the biggest / / messages we send / lenlen = sizeof(len) ; / allow double for when the system is under load */ len = 2 * C_MAX_MESSAGE_DATA_SIZE ; lpos_setsockopt(FATAL, msg_socket,SOL_SOCKET, SO_SNDBUF, &len, lenlen, &error_no) ; result = sendto( msg_socket, (char *)message, (int)message_len, flags, dest_addr, addrlen); Note. We have ported this application to Linux and the problem does not seem to appear there. Any help would be greatly appreciated. Regards

  Read the article

• Problem updating collection using JPA

  - by FarmBoy

  I have an entity class Foo foo that contains Collection<Bar> bars. I've tried a variety of ways, but I'm unable to successfully update my collection. One attempt: foo = em.find(key); foo.getBars().clear(); foo.setBars(bars); em.flush; \\ commit, etc. This appends the new collection to the old one. Another attempt: foo = em.find(key); bars = foo.getBars(); for (Bar bar : bars) { em.remove(bar); } em.flush; At this point, I thought I could add the new collection, but I find that the entity foo has been wiped out. Here are some annotations. In Foo: @OneToMany(cascade = { CascadeType.ALL }, mappedBy = "foo") private List<Bar> bars; In Bar: @ManyToOne(optional = false, cascade = { CascadeType.ALL }) @JoinColumn(name = "FOO_ID") private Foo foo; Has anyone else had trouble with this? Any ideas?

  Read the article

• Suggestion on Database structure for relational data

  - by miccet

  Hi there. I've been wrestling with this problem for quite a while now and the automatic mails with 'Slow Query' warnings are still popping in. Basically, I have Blogs with a corresponding table as well as a table that keeps track of how many times each Blog has been viewed. This last table has a huge amount of records since this page is relatively high traffic and it logs every hit as an individual row. I have tried with indexes on the fields that are included in the WHERE clause, but it doesn't seem to help. I have also tried to clean the table each week by removing old ( 1.weeks) records. SO, I'm asking you guys, how would you solve this? The query that I know is causing the slowness is generated by Rails and looks like this: SELECT count(*) AS count_all FROM blog_views WHERE (created_at >= '2010-01-01 00:00:01' AND blog_id = 1); The tables have the following structures: CREATE TABLE IF NOT EXISTS 'blogs' ( 'id' int(11) NOT NULL auto_increment, 'name' varchar(255) default NULL, 'perma_name' varchar(255) default NULL, 'author_id' int(11) default NULL, 'created_at' datetime default NULL, 'updated_at' datetime default NULL, 'blog_picture_id' int(11) default NULL, 'blog_picture2_id' int(11) default NULL, 'page_id' int(11) default NULL, 'blog_picture3_id' int(11) default NULL, 'active' tinyint(1) default '1', PRIMARY KEY ('id'), KEY 'index_blogs_on_author_id' ('author_id') ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ; And CREATE TABLE IF NOT EXISTS 'blog_views' ( 'id' int(11) NOT NULL auto_increment, 'blog_id' int(11) default NULL, 'ip' varchar(255) default NULL, 'created_at' datetime default NULL, 'updated_at' datetime default NULL, PRIMARY KEY ('id'), KEY 'index_blog_views_on_blog_id' ('blog_id'), KEY 'created_at' ('created_at') ) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

  Read the article

< Previous Page | 472 473 474 475 476 477 478 479 480 481 482 483  | Next Page >