Search Results

Search found 1426 results on 58 pages for 'risk'.

Page 48/58 | < Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >

  • How do I keep users from spoofing data through a form?

    - by Jonathan
    I have a site which has been running for some time now that uses a great deal of user input to build the site. Naturally there are dozens of forms on the site. When building the site, I often used hidden form fields to pass data back to the server so that I know which record to update. an example might be: <input type="hidden" name="id" value="132" /> <input type="text" name="total_price" value="15.02" /> When the form is submitted, these values get passed to the server and I update the records based on the data passed (i.e. the price of record 132 would get changed to 15.02). I recently found out that you can change the attributes and values via something as simple as firebug. So...I open firebug and change the id value to "155" and the price value to "0.00" and then submit the form. Viola! I view product number 155 on the site and it now says that it's $0.00. This concerns me. How can I know which record to update without either a query string (easily modified) or a hidden input element passing the id to the server? And if there's no better way (I've seen literally thousands of websites that pass the data this way), then how would I make it so that if a user changes these values, the data on the server side is not executed (or something similar to solve the issue)? I've thought about encrypting the id and then decrypting it on the other side, but that still doesn't protect me from someone changing it and just happening to get something that matches another id in the database. I've also thought about cookies, but I've heard that those can be manipulated as well. Any ideas? This seems like a HUGE security risk to me.

    Read the article

  • (Rails) Creating multi-dimensional hashes/arrays from a data set...?

    - by humble_coder
    Hi All, I'm having a bit of an issue wrapping my head around something. I'm currently using a hacked version of Gruff in order to accommodate "Scatter Plots". That said, the data is entered in the form of: g.data("Person1",[12,32,34,55,23],[323,43,23,43,22]) ...where the first item is the ENTITY, the second item is X-COORDs, and the third item is Y-COORDs. I currently have a recordset of items from a table with the columns: POINT, VALUE, TIMESTAMP. Due to the "complex" calculations involved I must grab everything using a single query or risk way too much DB activity. That said, I have a list of items for which I need to dynamically collect all data from the recordset into a hash (or array of arrays) for the creation of the data items. I was thinking something like the following: @h={} e = Events.find_by_sql(my_query) e.each do |event| @h["#{event.Point}"][x] = event.timestamp @h["#{event.Point}"][y] = event.value end Obviously that's not the correct syntax, but that's where my brain is going. Could someone clean this up for me or suggest a more appropriate mechanism by which to accomplish this? Basically the main goal is to keep data for each pointname grouped (but remember the recordset has them all). Much appreciated. EDIT 1 g = Gruff::Scatter.new("600x350") g.title = self.name e = Event.find_by_sql(@sql) h ={} e.each do |event| h[event.Point.to_s] ||= {} h[event.Point.to_s].merge!({event.Timestamp.to_i,event.Value}) end h.each do |p| logger.info p[1].values.inspect g.data(p[0],p[1].keys,p[1].values) end g.write(@chart_file)

    Read the article

  • Is there any point in using a volatile long?

    - by Adamski
    I occasionally use a volatile instance variable in cases where I have two threads reading from / writing to it and don't want the overhead (or potential deadlock risk) of taking out a lock; for example a timer thread periodically updating an int ID that is exposed as a getter on some class: public class MyClass { private volatile int id; public MyClass() { ScheduledExecutorService execService = Executors.newScheduledThreadPool(1); execService.scheduleAtFixedRate(new Runnable() { public void run() { ++id; } }, 0L, 30L, TimeUnit.SECONDS); } public int getId() { return id; } } My question: Given that the JLS only guarantees that 32-bit reads will be atomic is there any point in ever using a volatile long? (i.e. 64-bit). Caveat: Please do not reply saying that using volatile over synchronized is a case of pre-optimisation; I am well aware of how / when to use synchronized but there are cases where volatile is preferable. For example, when defining a Spring bean for use in a single-threaded application I tend to favour volatile instance variables, as there is no guarantee that the Spring context will initialise each bean's properties in the main thread.

    Read the article

  • Reducing Dimension For SVM in Sensor Network

    - by iinception
    Hi Everyone, I am looking for some suggestions on a problem that I am currently facing. I have a set of sensor say S1-S100 which is triggered when some event E1-E20 is performed. Assume, normally E1 triggers S1-S20, E2 triggers S15-S30, E3 triggers S20-s50 etc and E1-E20 are completely independent events. Occasionally an event E might trigger any other unrelated sensor. I am using ensemble of 20 svm to analyze each event separately. My features are sensor frequency F1-F100, number of times each sensor is triggered and few other related features. I am looking for a technique that can reduce the dimensionality of the sensor feature(F1-F100)/ or some techniques that encompasses all of the sensor and reduces the dimension too(i was looking for some information theory concept for last few days) . I dont think averaging, maximization is a good idea as I risk loosing information(it did not give me good result). Can somebody please suggest what am I missing here? A paper or some starting idea... Thanks in advance.

    Read the article

  • Schema for storing "binary" values, such as Male/Female, in a database

    - by latentflip
    Intro I am trying to decide how best to set up my database schema for a (Rails) model. I have a model related to money which indicates whether the value is an income (positive cash value) or an expense (negative cash value). I would like separate column(s) to indicate whether it is an income or an expense, rather than relying on whether the value stored is positive or negative. Question: How would you store these values, and why? Have a single column, say Income, and store 1 if it's an income, 0 if it's an expense, null if not known. Have two columns, Income and Expense, setting their values to 1 or 0 as appropriate. Something else? I figure the question is similar to storing a person's gender in a database (ignoring aliens/transgender/etc) hence my title. My thoughts so far Lookup might be easier with a single column, but there is a risk of mistaking 0 (false, expense) for null (unknown). Having seperate columns might be more difficult to maintain (what happens if we end up with a 1 in both columns? Maybe it's not that big a deal which way I go, but it would be great to have any concerns/thoughts raised before I get too far down the line and have to change my code-base because I missed something that should have been obvious! Thanks, Philip

    Read the article

  • What are some arguments to support the position that the Dojo JavasScript library is secure, accessi

    - by LES2
    We have developed a small web application for a client. We decided on the Dojo framework to develop the app (requirements included were full i18n and a11y). Originally, the web app we developed was to be a "prototype", but we made the prototype production quality anyway, just in case. It turns out that the app we developed (or a variant of it) is going to production (many months hence), but it's so awesome that the enterprise architecture group is a little afraid. 508c compliant is a concern, as is security for this group. I now need to justify the use of Dojo to this architecture group, explicitly making the case that Dojo does not pose a security risk and that Dojo will not hurt accessibility (and that Dojo is there to help meet core requirements). Note: the web app currently requires JavaScript to be turned on and a stylesheet to work. We use a relatively minor subset of Dojo: of course, dojo core, and dijit.form.Form, ValidationTextBox and a few others. We do use dojox.grid.DataGrid (but no drag N drop or editable cells, which are not fully a11y). I have done some research of my own, of course, but I any information or advice you have would be most helpful. Regards, LES2

    Read the article

  • Screenscraping and reverse engineering health based web tool

    - by ArbInv
    Hi There is a publicly available free tool which has been built to help people understand the impact of various risk factors on their health / life expectancy. I am interested in understanding the data that sits behind the tool. To get this out it would require putting in a range of different socio-demographic factors and analyzing the resulting outputs. This would need to be done across many thousand different individual profiles. The tool was probably built on some standard BI platorm. I have no interest in how the tool was built but do want to get to the data within it. The site has a Terms of Use Agreement which includes: Not copying, distribute, adapt, create derivative works of, translate, or otherwise modify the said tool Not decompile, disassemble, reverse assemble, or otherwise reverse engineer the tool. The said institution retains all rights, title and interest in and to the Tool, and any and all modifications thereof, including all copyright, copyright registrations, trade secrets, trademarks, goodwill and confidential and proprietary information related thereto. Would i be in effect breaking the law if i were to point a screen scraping tool which downloaded the data that sits behind the tool in question?? Any advice welcomed? THANKS

    Read the article

  • Unable to diligently close the excel process running in memory

    - by NewAutoUser
    I have developed a VB.Net code for retrieving data from excel file .I load this data in one form and update it back in excel after making necessary modifications in data. This complete flow works fine but most of the times I have observed that even if I close the form; the already loaded excel process does not get closed properly. I tried all possible ways to close it but could not be able to resolve the issue. Find below code which I am using for connecting to excel and let me know if any other approach I may need to follow to resolve this issue. Note: I do not want to kill the excel process as it will kill other instances of the excel Dim connectionString As String connectionString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & ExcelFilePath & "; Extended Properties=excel 8.0; Persist Security Info=False" excelSheetConnection = New ADODB.Connection If excelSheetConnection.State = 1 Then excelSheetConnection.Close() excelSheetConnection.Open(connectionString) objRsExcelSheet = New ADODB.Recordset If objRsExcelSheet.State = 1 Then objRsExcelSheet.Close() Try If TestID = "" Then objRsExcelSheet.Open("Select * from [" & ActiveSheet & "$]", excelSheetConnection, 1, 1) Else objRsExcelSheet.Open("Select Test_ID,Test_Description,Expected_Result,Type,UI_Element,Action,Data,Risk from [" & ActiveSheet & "$] WHERE TEST_Id LIKE '" & TestID & ".%'", excelSheetConnection, 1, 1) End If getExcelData = objRsExcelSheet Catch errObj As System.Runtime.InteropServices.COMException MsgBox(errObj.Message, , errObj.Source) Return Nothing End Try excelSheetConnection = Nothing objRsExcelSheet = Nothing

    Read the article

  • What prevents a user from adding controls to an ASP.NET page client side?

    - by Curtis White
    This goes back to my other question which I thought was sufficiently answers but upon reflect am not sure that it was (sorry). Backgrounder: I am generating a form dynamically. I am pulling from the database the controls. I must associate each control with a database ID which is not the user's session id. I do this currently by storing my ID in the ID for the web control with some other stuff to make it unique/clear what I am doing. On the post back, I iterate through all the controls on my web page checking for my special identifier, ie, MyGeneratedTextBox_ID_Unique. This process enables for 2 important steps, identifying the control was one I generated and also getting the ID for this input field. And, all of this works but I'm still concerned about the security of it. I do not see a security issue with showing the actual database ID's in this case, although agree it is not desirable. However, I am concerned of the following possibilities: If a user could add a nefarious control to my collection and use that for a SQL injection attack. More academic, but if a user could somehow store data for fields they do not have access too by changing the id's. I agree this is a "hack" of a way to do it. But my question is, is it a security risk and is there an 'easy' way to do it in a less hack way? I assume that only the controls that are created/instantiated on the page are added to the controls list.. thus all controls must be created server side and thus the security issue is address but just wanted to validate. Thanks again. PS: I could see adding a property for each control and encrypting the viewstate would be a little more secure.

    Read the article

  • Should I have one dll or multiple for Business Logic?

    - by Brian
    In my situation, my company services many types of customers. Almost every customer requires their own Business Logic. Of course, there will be a base layer that all business logic should inherit from. However, I'm going back and forth on architecting this--either in one dll for all customers or one dll for each. My biggest point of contention deals with upgrading the software. We have about 12 data entry personnel that work with 20 companies and it's critical that they have little down time. My concern is that if I deploy everything in one dll, I could introduce a bug in company A's logic while only intending to update Company B's logic. I believe I could reduce the risk if each company's logic had their own dll, so then, I could deploy Company B's update w/o harming Company A's. -- I will be the only one supporting this. That said, this also seems like a nightmare to manage 20 different .dll's -- that's for the BLL alone. I also need to create a View layer and ViewModel layer. So, potentially, I could have 20 (companies) * 3 (layers) which would equate to 60 .dll's. Thank You.

    Read the article

  • Security considerations processing emails

    - by Timmy O' Tool
    I have process that will be reading emails from an account. The objective of the process is saving to a database those emails with image(s) as attachments. I will be saving sender, subject body and image path (the image will be saved on the process). I will be showing this information on a page so I would like to know all (or most of them :) ) security aspects to cover. I plan to sanitize the subject and body of the email. I can remove most of the tags, probably it would be enough keeping the <p> tag. I'm not sure if I can trust just in a sanitizer. I would like to HTML encode everything except for the <p> tag after sanitize, just in case. Any suggestion? I'm only accepting images as attachment as I said above, any security risk I have to take into account in relation to the attachment? Thanks!

    Read the article

  • "Abstract static" method - how?

    - by polyglot
    There are already several SO questions on why there is not abstract static method/field as such, but I'm wondering about how one would go about implementing the following psuedo-code: class Animal { abstract static int getNumberOfLegs(); // not possible } class Chicken inherits Animal { static int getNumberOfLegs() { return 2; } class Dog inherits Animal { static int getNumberOfLegs() { return 4; } Here is the problem: Assuming that I want make sure that every class that inherits Animal to contain getNumberOfLegs() method (i.e. almost like an interface, except I do want the abstract class to implement several methods that are common to all child classes, hence pure interface does not work here). getNumberOfLegs() obviously should be a static method (assuming that in a perfect world we dont' have crippled chicken and dogs so getNumberOfLegs is not instance-dependent). Without an "abstract static" method/field, one can either leave the method out from Animal class, then there is the risk that some child class do not have that method. Or one can make getNumberOfLegs an instance method, but then one would have to instantiate a class to find out how many legs that animal has - even though it is not necessary. How do one usually go about implementing this situation?

    Read the article

  • best web database solution for scala for a high traffic site?

    - by egervari
    I am in charge of a rebuilding a website that gets about 250,000 visitors a day. We'd like to use Scala, but it does not work very well with Spring (in some minor cases) and Hibernate (there is a major and very annoying mismatch here if you want to use scala collections, which we do). The application itself is going to have about 40-50 tables. Other than Hibernate, is there an ORM that works awesome with Scala and is as performant and reliable as Hibernate? Does it also have the same capabilities, or are we going to run into leaky-abstractions if we don't use Hibernate? It would be a big risk for us to go with a framework that is newer and doesn't seem to have a lot of industry backing... and at the same time, Hibernate is a real pain to program against when using Scala. 1) The Java Collection <- Scala Collection is absolutely painful. There is a lot more boilerplate and crap to write. 2) The IDE doesn't import JavaConversions and java interfaces automatically... so we this needs to be done manually. Optimizing Imports in IDEA is going to destroy all the manual work. 3) There is also a performance cost to converting back and forth all the time in your domain objects and your dao classes. 4) Not to mention there needs to be a lot of casting, which produces code ugly as sin. I actually would love to write my own orm that is 100% tailored to scala, but obviously this is really outside of the scope of our project for now. So what is the best approach?

    Read the article

  • I just discovered why all ASP.Net websites are slow, and I am trying to work out what to do about it

    - by James
    I just discovered that every request in an ASP.Net web application gets a Session lock at the begging of a request, and then releases it at the end of the request!!! I mean, WTF Microsoft! In case the implication is lost on you, as it was from me at first, this basically means the following: Anytime an ASP.Net webpage is taking a long time to load (maybe due to a slow database call or whatever), and the user decides they want to navigate to a different page because they are tired of waiting, THEY CANT! The ASP.Net session lock forces the new page request to wait until the original request has finished its painfully slow load. Arrrgh. Anytime an UpdatePanel is loading slowly, and the user decides to navigate to a different page before the UpdadePanel has finished updating... THEY CANT! The ASP.Net session lock forces the new page request to wait until the original request has finished its painfully slow load. Double Arrrgh! So what are the options? So far I have come up with: Implement a Custom SessionStateDataStore, which ASP.Net supports. I haven't found too many out there to copy, and it seems kind of high risk and easy to mess up. Keep track of all requests in progress, and if a request comes in from the same user, cancel the original request. Seems kind of extreme, but it would work (I think) Don't user Session! When I need some kind of state for the user, I could just user Cache instead, and key items on the authenticated user's name, or some such thing. Again seems kind of extreme I really can't believe that the ASP.Net Microsoft team would have left such a huge performance bottleneck in the framework at version 4.0! Am I missing something obvious? How hard would it be to use a ThreadSafe collection for the Session? Arrrrghhhhhh. Any advice much appreciated.

    Read the article

  • How to avoid mouse move on Touch

    - by VirtualBlackFox
    I have a WPF application that is capable of being used both with a mouse and using Touch. I disable all windows "enhancements" to just have touch events : Stylus.IsPressAndHoldEnabled="False" Stylus.IsTapFeedbackEnabled="False" Stylus.IsTouchFeedbackEnabled="False" Stylus.IsFlicksEnabled="False" The result is that a click behave like I want except on two points : The small "touch" cursor (little white star) appears where clicked an when dragging. Completely useless as the user finger is already at this location no feedback is required (Except my element potentially changing color if actionable). Elements stay in the "Hover" state after the movement / Click ends. Both are the consequences of the fact that while windows transmit correctly touch events, he still move the mouse to the last main-touch-event. I don't want windows to move the mouse at all when I use touch inside my application. Is there a way to completely avoid that? Notes: Handling touch events change nothing to this. Using SetCursorPos to move the mouse away make the cursor blink and isn't really user-friendly. Disabling the touch panel to act as an input device completely disable all events (And I also prefer an application-local solution, not system wide). I don't care if the solution involve COM/PInvoke or is provided in C/C++ i'll translate. If it is necessary to patch/hook some windows dlls so be it, the software will run on a dedicated device anyway. I'm investigating the surface SDK but I doubt that it'll show any solution. As a surface is a pure-touch device there is no risk of bad interaction with the mouse.

    Read the article

  • Reordering columns (fields) in a ADO Recordset

    - by Sukotto
    I have a classic asp webpage written in vbscript that outputs the results from a third-party stored procedure. My user wants the page to display the columns of data in a different order than they come in from the database. Is there an easy and safe way to re-order the columns in an ADO recordset? I did not write this page and cannot change the SP. What is the minimum change I can make here to get the job done and not risk screwing up all the other stuff in the page? The code looks something like dim Conn, strSQL, RS Set Conn = Server.CreateObject("ADODB.Connection") Conn.Open ServerName Set strSQL = "EXEC storedProc @foo = " & Request("fooParam") 'This stored procedure returns a date column, an arbitrary ' ' number of data columns, and two summation columns. We ' ' want the two summation columns to move so they appear ' ' immediately after the data column ' Set RS = Server.CreateObject("ADODB.RecordSet") RS.ActiveConnection = Nothing RS.CursorLocation = adUseClient RS.CursorType = adOpenStatic RS.LockType = adLockBatchOptimistic RS.Open strSQL, Conn, adOpenDynamic, adLockOptimistic dim A ' ----- ' ' Insert some code here to move the columns of the RS around ' ' to suit the whim of my user ' ' ----- ' ' Several blocks of code that iterate over the RS and display it various ways ' RS.MoveFirst For A = 0 To RS.Fields.Count -1 ' do stuff ' Next ... RS.MoveFirst For A = 0 To RS.Fields.Count -1 ' do more stuff ' Next RS.Close : Set RS = Nothing Conn.Close : Set Conn = Nothing

    Read the article

  • Is there a case for parameterising using Abstract classes rather than Interfaces?

    - by Chris
    I'm currently developing a component based API that is heavily stateful. The top level components implement around a dozen interfaces each. The stock top-level components therefore sit ontop of a stack of Abstract implementations which in turn contain multiple mixin implementations and implement multiple mixin interfaces. So far, so good (I hope). The problem is that the base functionality is extremely complex to implement (1,000s of lines in 5 layers of base classes) and therefore I do not wish for component writers to implement the interfaces themselves but rather to extend my base classes (where all the boiler plate code is already written). If the API therefore accepts interfaces rather than references to the Abstract implementation that I wish for component writers to extends, then I have a risk that the implementer will not perform the validation that is both required and assumed by other areas of code. Therefore, my question is, is it sometimes valid to paramerise API methods using an abstract implementation reference rather than a reference to the interface(s) that it implements? Do you have an example of a well-designed API that uses this technique or am I trying to talk myself into bad-practice?

    Read the article

  • What could the negative effects be of attaching to a process as a debugger?

    - by I_like_traffic_lights
    Background A client of mine has a major problem. They have a CRM system, which was created by a single person over a period of 9 years. Unfortunatelly, a few weeks ago, this person died. I believe the company has learned their lesson, and they have started a project of rewriting the CRM system to a modern platform. I have been hired to create a solution in the meantime to make adaptations to the CRM system. I have given up understanding the code, as this would take too long. My solution, is therefore, to make a window and show this on top of the CRM system, whenever this CRM system is showing. This part works fine, but my major problem is extracting the data from the CRM system. Proposed solution After excluding 6 approaches, including runtime code injection, memory searching, database integration, I have arrived at attaching to the process as a debugger, so I get notified about event, and use this in combination with reading from process memory. This approach seems to work, but I am worried about possible side-effects of this approach. Question What are the dangers of using this in a production environment, where there are 250 employees utilizing the system. Needless to say, I cannot risk reducing the already shaky stability of the system.

    Read the article

  • Doing a virus check on a file from a build script

    - by the_mandrill
    I would like to be be able to invoke a virus check as the final stage of the build process (please don't question why a dev machine would get a virus, it's just a belt-and-braces approach to avoid the risk of getting sued by customers...). Also I'd like the option of having AV on a machine but switching the auto file system protection off (at least for the build directories). What I would like is a generic way of scanning a file using whatever AV system is in place. I'm assuming that there's an Windows API to do this, given that Windows detects the presence of an AV system, and browsers such as Firefox invoke a virus scan whenever a file is downloaded. So what's the API that they're using? There's the Microsoft AntiVirus API but that seems to be specific to Office documents. Does the approach involve using WMI? (and if you can detect the AV provider from there, how do you then invoke it to scan a file?) I know that I could write the script to manually call the AV scanner that I know to be installed, but as an intellectual exercise I'm more interested to know how apps like Firefox are doing this.

    Read the article

  • Passing XML data and user from coldfusion page to .NET page

    - by Mark Rullo
    I'd appreciate some input on this situation, I can't figure out the best way to do this. I have some data that's being prepared for me in a ColdFusion app and in an IFrame within the CF app we want to display some graphs (not strictly an image, it's an entire page) being generated on the .NET side of things. I'd like to pass XML data from the CF side to .NET as well as the user. On the .NET side I'm putting the data in a session so the user can sift through it without the need to have it re-queried and re-passed from CF. What I've tried: Generating XML with CF, putting it in a hidden form field, auto-submitting (with JS) a the form to the .NET side. The issue I'm having with this approach is the encoding being done on the form post. The data has entries like <entry data="hello &amp; goodbye">. It's an issue because it's being URL encdeded, Posted, and when I get it on the .NET side I get <entry data="hello & goodbye"> which isn't properly formed XML. What I'd like to avoid: An intermediary DB approach (dropping the data in a DB on CF, picking it up with .NET) I'd like to only display what is passed to the page. I have security concerns with the data, it's very sensitive. Passing the data to a webservice, returning a GUID, forwarding the user with a URL Parameter to access the passed in data. I think that'd be risky if someone happened on a link to that data. I can't take that risk. I was thinking of passing the data with JSON, but I'm very unfamiliar with it. Thoughts? Thanks for your time folks.

    Read the article

  • How to strongly type properties in JavaScript that map to models in C# ?

    - by Roberto Sebestyen
    I'm not even sure if I worded the question right, but I'll try and explain as clearly as possible with an example: In the following example scenario: 1) Take a class such as this: public class foo { public string firstName {get;set;} public string lastName {get;set} } 2) Serialize that into JSON, pass it over the wire to the Browser. 3) Browser de-serializes this and turns the JSON into a JavaScript object so that you can then access the properties like this: var foo = deSerialize("*******the JSON from above**************"); alert(foo.firstName); alert(foo.lastName); What if now a new developer comes along working on this project decides that firstName is no longer a suitable property name. Lets say they use ReSharper to rename this property, since ReSharper does a pretty good job at finding (almost) all the references to the property and renaming them appropriately. However ReSharper will not be able to rename the references within the JavaScript code (#3) since it has no way of knowing that these also really mean the same thing. Which means the programmer is left with the responsibility of manually finding these references and renaming those too. The risk is that if this is forgotten, no one will know about this error until someone tests that part of the code, or worse, slip through to the customer. Back to the actual question: I have been trying to think of a solution to this to some how strongly type these property names when used in javascript, so that a tool like ReSharper can successfully rename ALL usages of the property? Here is what I have been thinking for example (This would obviously not work unless i make some kind of static properties) var foo = deSerialize("*******the JSON from above**************"); alert(foo.<%=foo.firstName.GetPropertyName()%>) alert(foo.<%=foo.lastName.GetPropertyName()%>) But that is obviously not practical. Does anyone have any thoughts on this? Thanks, and kudos to all of the talented people answering questions on this site.

    Read the article

  • Should I change $_REQUEST to $_POST

    - by Scarface
    Hey guys quick question, I have a checkbox system where a list of items can be checked and deleted on the click of a button. I currently use request and it does the job but I was wondering if $_REQUEST was some sort of security risk or improper. If anyone has any advice I would appreciate it. Should I change to $_POST? If so, what is the best way to go about it? foreach ($_REQUEST as $key=>$value) { if (substr($key,0,3)==="img") { $id = substr($key,3); if(isset($_REQUEST['Delete'])) { $sql = 'SELECT file_name,username FROM images WHERE id=?'; $stmt = $conn->prepare($sql); $result=$stmt->execute(array($id)); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $image=$row['file_name']; $user=$row['username']; $myFile = "$user/images/$image"; unlink($myFile); } <input id=\"img".$id."\" name=\"img".$id."\" type=\"checkbox\">

    Read the article

  • Passing huge amounts of data as an hexadecimal (0x123AB...) parameter of a clr stored procedure in s

    - by user193655
    I post this question has followup of This question, since the thread is not recieving more answers. I'm trying to understand if it is possible to pass as a parameter of a CLR stored procedure a large amount of data as "0x5352532F...". This is to avoid to send the data directly to the CLR stored procedure, instead of sending ti to a temporary DB field and from there passing it as varbinary(max) parmeter to the CLR stored procedure. I have a triple question: 1) is it possible, if yes how? Let's say i want to pass a pdf file to the CLR stored procedure (not the path, the full bits that make up the file). Something like: exec MyCLRStoredProcs.dbo.insertfile @file_remote_path ='c:\temp\test_file.txt' , @file_contents=0x4D5A90000300000004000.... --(this long list is the file content) where insertfile is a stored proc that writes to the server path (at file_remote_path) the binary data I pass as (file_contents). 2) is it there corruption risk of adopting this approach (or it is the same approach that sql server uses behind the scenes)? 3) how to convert the content of a file into the "0x23423..." hexadecimal representation

    Read the article

  • How to limit Access-Control-Allow-Origin to a specific path?

    - by coderama
    I have a website that servies ads via javascript. So, I basically allow the user to include my script.... : <script src="http://www.example.com/ads.js" ></script> <script> MYADDS.insertAdvert(); </script> The problem is, I kept getting: "No Access-Control-Allow-Origin" Errors. That was until I added this to my htaccess file: <IfModule mod_headers.c> Header set Access-Control-Allow-Origin "*" </IfModule> Problem is, this opens up my entire site and is probably a security risk. So, seeing as the ads.js file actually only does an ajax request to: http://www.example.com/place/where/my/adds/are/fed/from How can I make the above htaccess rule only apply to that path? Keep in mind, it's not an actualy directory, so I can't put the htaccess file in that folder. It's actually a "virtual path". The site is built using Laravel and therefore does the typical laravel path rewriting. Here's teh full htaccess file: <IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews </IfModule> RewriteEngine On # Redirect Trailing Slashes... RewriteRule ^(.*)/$ /$1 [L,R=301] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php/$1 [L] </IfModule> Any ideas how to do this?

    Read the article

  • What is a good layout for a somewhat advanced home network and storage solution?

    - by Shaun
    My home network/storage needs are changing and I am searching for some opinions and starting points on what a good network/storage layout would be that can serve my needs for a few years into the future. I think I have a decent starting point for equipment, but I am also willing to invest fairly heavily in a solution that can last me for a while. I am a bit of a tech nerd and I have a moderate tolerance for setup of the solution. I would prefer if maintenance of the system is somewhat low once it is setup, but I am willing to accept some tradeoffs. Existing equipment: Router - Netgear WNDR3700 (gigabit) Router - DLink Gamerlounge DGL-4300 (gigabit) Switch - 16 port Trendnet green switch (gigabit) Switch - 5 port Trendnet green (gigabit) Computer - i7-950 office computer (gigabit ethernet) Computer - Q6600 quad core media center, hooked up to TV, records shows (gigabit ethernet) Computer - Acer 1810T ultraportable laptop (gigabit and N ethernet) NAS - Intel SS4200-E (gigabit) External hard drive - 2TB WD Green drive (esata) All kinds of miscellaneous network connected TV, Bluray, Verizon network extender, HDhomerun TV tuners, etc. Requirements: -Robust backup solution for a growing collection of huge family picture files and personal files, around 1.5TB. (Including offsite backup) -Central location for all user's files, while also keeping them secure from each other. -Storage for terabytes of movie backups and recorded TV, and access to them from all computers (maybe around 4TB eventually) -Possibility to host files to friends and family easily Nice to have: -Backup of terabytes of movie backups Intriguing possibilities: -Capability to have users' Windows desktops and files look the same from all network computers I am not sure if the new Windows Home Server 2011 would fit into this well, if I need a domain server, how best to organize my backups, or how to most effectively use RAID. Currently I am simply backing up all computers to a RAID 1 on the NAS box, which I was thinking could prevent a situation where I reach for a backup and find that the disk is corrupt. One possibility that I am thinking about now is simply using my media center PC with a huge RAID of hard drives on which all files are stored. Pseudo-backup of all files would be present because of the RAID, but important files would also be backed up off site via carrying hard drives to work. But what if corruption seeps into the files and the corrupted data is then backed up? Does RAID protect against this? I really want to take next to zero risks with the irreplaceable files. I can handle some degree of risk with the movies and other files. I'm looking for critiques on this idea as well as other possibilities. To summarize, my goal is high functionality, media capable, and robust backup of irreplaceable files.

    Read the article

< Previous Page | 44 45 46 47 48 49 50 51 52 53 54 55  | Next Page >