Search Results

Search found 32953 results on 1319 pages for 'access secret'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 522/1319 | < Previous Page | 518 519 520 521 522 523 524 525 526 527 528 529  | Next Page >

  • Dealing with Try/Catch Exceptions in Java bytecode? ("stack height inconsistent")

    - by Cogwirrel
    I am trying to do some error handling in java bytecode. I first tried to implement some catch-like subroutines, where I would check for the error condition, and jump to the appropriate subroutine, a little like: iconst_1 iconst_0 dup ifeq calldiverr goto enddivtest calldiverr: jsr divError enddivtest: idiv ...More instructions... divError: getstatic java/lang/System/out Ljava/io/PrintStream; ldc "Oh dear you divided by 0!" invokevirtual java/io/PrintStream/print(Ljava/lang/String;)V The problem with the above is that when I have multiple instructions that jump to this subroutine, I get an error message when running the bytecode, saying that the stack height is inconsistent. Perhaps using exceptions is the best way to get around this? From some googling I have found that you can create instances of Exception classes and initialise them with something like: new java/lang/Exception dup ldc "exception message!" invokespecial java/lang/Exception/<init>(Ljava/lang/String;)V I have also found that you can throw them with athrow and this seems ok. What is confusing me however is exactly how exceptions are caught. There seems to be a magical "Exception table" which glues the throwing and catching of exceptions together, but I do not know how to define one of these when writing bytecode from scratch (and assembling using Jasmin). Can somebody tell me the secret of creating an exception table? And possibly give me an example of exception handling that will assemble with jasmin?

    Read the article

  • How can I validate/secure/authenticate a JavaScript-based POST request?

    - by Bungle
    A product I'm helping to develop will basically work like this: A Web publisher creates a new page on their site that includes a <script> from our server. When a visitor reaches that new page, that <script> gathers the text content of the page and sends it to our server via a POST request (cross-domain, using a <form> inside of an <iframe>). Our server processes the text content and returns a response (via JSONP) that includes an HTML fragment listing links to related content around the Web. This response is cached and served to subsequent visitors until we receive another POST request with text content from the same URL, at which point we regenerate a "fresh" response. These POSTs only happen when our cached TTL expires, at which point the server signifies that and prompts the <script> on the page to gather and POST the text content again. The problem is that this system seems inherently insecure. In theory, anyone could spoof the HTTP POST request (including the referer header, so we couldn't just check for that) that sends a page's content to our server. This could include any text content, which we would then use to generate the related content links for that page. The primary difficulty in making this secure is that our JavaScript is publicly visible. We can't use any kind of private key or other cryptic identifier or pattern because that won't be secret. Ideally, we need a method that somehow verifies that a POST request corresponding to a particular Web page is authentic. We can't just scrape the Web page and compare the content with what's been POSTed, since the purpose of having JavaScript submit the content is that it may be behind a login system. Any ideas? I hope I've explained the problem well enough. Thanks in advance for any suggestions.

    Read the article

  • Fast CGI, Lighttpd, Ubuntu

    - by Gosh
    Is this log file familiar to someone of UBUNTU users? Lighttpd log file: > 2009-08-30 21:37:45: (log.c.75) server started > 2009-08-30 21:37:45: (mod_fastcgi.c.1029) the fastcgi-backend php5-cgi *failed* to start: > 2009-08-30 21:37:45: (mod_fastcgi.c.1033) *child exited with status 9 php5-cgi* > 2009-08-30 21:37:45: (mod_fastcgi.c.1036) If you're trying to run PHP as a FastCGI backend, make sure you're using the FastCGI-enabled version. > You can find out if it is the right one by executing 'php -v' and it should display '(cgi-fcgi)' in the output, NOT '(cgi)' NOR '(cli)'. > For more information, check http://trac.lighttpd.net/trac/wiki/Docs%3AModFastCGI#preparing-php-as-a-fastcgi-programIf this is PHP on Gentoo, add 'fastcgi' to the USE flags. > 2009-08-30 21:37:45: (mod_fastcgi.c.1340) [ERROR]: *spawning fcgi failed*. > 2009-08-30 21:37:45: (server.c.908) Configuration of plugins failed. Going down. Please open a secret how did you solved fcgi problem and made lighttpd to start, if you did. Thx, Gosh.

    Read the article

  • Facebook Application with PHP running loosing session

    - by ArneRie
    Iam trying to build an Facebook Application based on PHP. The Application is running under php on my own Webhost inside an Canvas as iFrame. I have included the newest Client Library for PHP from Facebook: facebook-php-sdk-94fcb13 To Authorize the user inside my application iam trying to use Facebook Connect, like the example shipped with the Client. Everything works fine the 1st Login, but when i hit the F5 Key to reload the page, the session is lost and i have to login again. When i call my application outside of the Facebook Canvas everything is fine. Iam not sure, but i think my Browser (Chrome/FireFox - Ubuntu) is not allowing to store an cookie inside an iFrame. Does someone knows an solution for this Problem? Here are some Parts of the Sourcecode: $facebook = new Facebook(array( 'appId' => 'x', 'secret' => 'x', 'cookie' => 'true', )); $session = $facebook->getSession(); $facebook->setSession($session); $me = null; // Session based API call. if ($session) { try { $uid = $facebook->getUser(); $me = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); } } // login or logout url will be needed depending on current user state. if ($me) { $logoutUrl = $facebook->getLogoutUrl(); } else { $loginUrl = $facebook->getLoginUrl(); }

    Read the article

  • facebook: why I can't send email from app to user?

    - by flybywire
    I can't send email to my app users, even though I have the permissions. I am working with the java library, although I don't think it is related to that. long uid = ...; Collection<Long> uids = new ArrayList<Long>(); uids.add(uid); FacebookXmlRestClient client = new FacebookXmlRestClient(api, secret); boolean sendEmailPerm = client.users_hasAppPermission(Permission.EMAIL,uid); System.out.println("Can send email: "+ sendEmailPerm); Collection<String> sent = client.notifications_sendTextEmail(uids, "subject", "body"); System.out.println("Succesfully sent email to: "+sent); sent = client.notifications_sendFbmlEmail(uids, "subject", "body"); System.out.println("Succesfully sent email to: "+sent); I am trying both with fbml and text email. I can also obtain the user's proxied_email property but when I send email to that address with my regular mail client is doesn't arrive. The output is: Can send email: true Succesfully sent email to: [] Succesfully sent email to: []

    Read the article

  • Automated testing for Facebook SDK wrapper

    - by Andree
    Hi there! In my Facebook application, I have one Facebook wrapper class to encapsulates some call to Facebook API. I want to to write a unit test for this wrapper class, but since it depends on a so called "access token", which we should get from Facebook dynamically, I'm not sure if it's possible to write one. But apparently the Facebook SDK itself has a PHPUnit test class. After studying the test code for a while, I know that involves a creation of dummy cookie-based session key. private static $VALID_EXPIRED_SESSION = array( 'access_token' => '254752073152|2.I_eTFkcTKSzX5no3jI4r1Q__.3600.1273359600-1677846385|uI7GwrmBUed8seZZ05JbdzGFUpk.', 'expires' => '1273359600', 'secret' => '0d9F7pxWjM_QakY_51VZqw__', 'session_key' => '2.I_eTFkcTKSzX5no3jI4r1Q__.3600.1273359600-1677846385', 'sig' => '9f6ae89510b30dddb3f864f3caf32fb3', 'uid' => '1677846385' ); . . . $cookieName = 'fbs_' . self::APP_ID; $session = self::$VALID_EXPIRED_SESSION; $_COOKIE[$cookieName] = '"' . http_build_query($session) . '"'; What I don't understand is, how do I get the "access_token", "sig", "session_key" etc? As far as I'm concerned, it should be dynamically exchanged from Facebook and involves user action (logging in).

    Read the article

  • HTML5 Shiv not parsing quick enough

    - by Mikey Hogarth
    One of our web designers is working on a site at the moment and is using HTML5 elements, which she styles up in older browsers using the well documented Html5Shiv; http://css-tricks.com/html5-innershiv/ She reported some pretty weird behavior today and it looks like this is the cause. Initially it was very confusing, and went something along the lines of; "The page looks fine, I refresh it looks fine, refresh several times and occasionally it will not apply my styles to the HTML5 elements" Current best theory is that the shiv is not kicking in quick enough, and the page loads before the new elements have been registered. I was wondering if anyone could suggest a surefire way of including the shiv and making sure it's loaded and been parsed BEFORE the rest of the elements, so they will definitely get styled. EDIT (more info) Shiv is being included in the head, directly below the title/meta tags; <!--[if IE]> <script type="text/javascript" src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script> <![endif]--> The bit that is being styled is in the footer and is cross-site. Many of the pages will change in size as they're being powered by a CMS that our marketing team will use so I am unable to give an exact page size. All I would say is that if page size is an issue and there is no workaround, can someone let me know as this will mean we basically can't use HTML5 on this project (or at the very least we'll need to add superflous markup such as divs to ensure that the layout doesn't go crazy) EDIT 2 There is no chance of me posting the code unfortunately - it's only re-creatable under really obscure circumstances and the project is marked "top secret" at the moment :( If nobody knows then I'm guessing it's either a case of "everyone knows it happens but kinda ignores it" or just that it's something else other than the shiv.

    Read the article

  • 401 Unauthorized returned on GET request (https) with correct credentials

    - by Johnny Grass
    I am trying to login to my web app using HttpWebRequest but I keep getting the following error: System.Net.WebException: The remote server returned an error: (401) Unauthorized. Fiddler has the following output: Result Protocol Host URL 200 HTTP CONNECT mysite.com:443 302 HTTPS mysite.com /auth 401 HTTP mysite.com /auth This is what I'm doing: // to ignore SSL certificate errors public bool AcceptAllCertifications(object sender, System.Security.Cryptography.X509Certificates.X509Certificate certification, System.Security.Cryptography.X509Certificates.X509Chain chain, System.Net.Security.SslPolicyErrors sslPolicyErrors) { return true; } try { // request Uri uri = new Uri("https://mysite.com/auth"); HttpWebRequest request = (HttpWebRequest)WebRequest.Create(uri) as HttpWebRequest; request.Accept = "application/xml"; // authentication string user = "user"; string pwd = "secret"; string auth = "Basic " + Convert.ToBase64String(System.Text.Encoding.Default.GetBytes(user + ":" + pwd)); request.Headers.Add("Authorization", auth); ServicePointManager.ServerCertificateValidationCallback = new System.Net.Security.RemoteCertificateValidationCallback(AcceptAllCertifications); // response. HttpWebResponse response = (HttpWebResponse)request.GetResponse(); // Display Stream dataStream = response.GetResponseStream(); StreamReader reader = new StreamReader(dataStream); string responseFromServer = reader.ReadToEnd(); Console.WriteLine(responseFromServer); // Cleanup reader.Close(); dataStream.Close(); response.Close(); } catch (WebException webEx) { Console.Write(webEx.ToString()); } I am able to log in to the same site with no problem using ASIHTTPRequest in a Mac app like this: NSURL *login_url = [NSURL URLWithString:@"https://mysite.com/auth"]; ASIHTTPRequest *request = [ASIHTTPRequest requestWithURL:login_url]; [request setDelegate:self]; [request setUsername:name]; [request setPassword:pwd]; [request setRequestMethod:@"GET"]; [request addRequestHeader:@"Accept" value:@"application/xml"]; [request startAsynchronous];

    Read the article

  • What is the optimum way to secure a company wide wiki?

    - by Mark Robinson
    We have a wiki which is used by over half our company. Generally it has been very positively received. However, there is a concern over security - not letting confidential information fall into the wrong hands (i.e. competitors). The default answer is to create a complicated security matrix defining who can read what document (wiki page) based on who created it. Personally I think this mainly solves the wrong problem because it creates barriers within the company instead of a barrier to the external world. But some are concerned that people at a customer site might share information with a customer which then goes to the competitor. The administration of such a matrix is a nightmare because (1) the matrix is based on department and not projects (this is a matrix organisation), and (2) because in a wiki all pages are by definition dynamic so what is confidential today might not be confidential tomorrow (but the history is always readable!). Apart from the security matrix, we've considered restricting content on the wiki to non super secret stuff, but off course that needs to be monitored. Another solution (the current) is to monitor views and report anything suspicious (e.g. one person at a customer site having 2000 views in two days was reported). Again - this is not ideal because this does not directly imply a wrong motive. Does anyone have a better solution? How can a company wide wiki be made secure and yet keep its low threshold USP? BTW we use MediaWiki with Lockdown to exclude some administrative staff.

    Read the article

  • jQuery $.getJSON - How do I parse a flickr.photos.search REST API call?

    - by Chad
    Trying to adapt the $.getJSON Flickr example: $.getJSON("http://api.flickr.com/services/feeds/photos_public.gne?tags=cat&tagmode=any&format=json&jsoncallback=?", function(data){ $.each(data.items, function(i,item){ $("<img/>").attr("src", item.media.m).appendTo("#images"); if ( i == 3 ) return false; }); }); to read from the flickr.photos.search REST API method, but the JSON response is different for this call. Click here to see the JSON response. This is what I've done so far: var url = "http://api.flickr.com/services/rest/?method=flickr.photos.search&api_key=9322c53dde3b36bda33f79c16bb99104&tags=yokota+air+base&safe_search=1&per_page=20"; var src; $.getJSON(url + "&format=json&jsoncallback=?", function(data){ $.each(data.photos, function(i,item){ src = "http://farm"+ item.photo.farm +".static.flickr.com/"+ item.photo.server +"/"+ item.photo.id +"_"+ item.photo.secret +"_m.jpg"; $("<img/>").attr("src", src).appendTo("#images"); if ( i == 3 ) return false; }); }); I guess I'm not building the image src correctly. Couldn't find any documentation on how to build the image src, based on what the JSON response is. How do you parse a flickr.photos.search REST API call?

    Read the article

  • Did anyone have this issue with a simple Facebook app or know how to solve it?

    - by Jian Lin
    I have a really simple few lines of Facebook app, using the new Facebook API: <pre> <?php require 'facebook.php'; // Create our Application instance. $facebook = new Facebook(array( 'appId' => '117676584930569', 'secret' => '**********', // hidden here on the post... 'cookie' => true, )); var_dump($facebook); ?> but it is giving me the following output: http://apps.facebook.com/woolaladev/i2.php would give out object(Facebook)#1 (6) { ["appId:protected"]=> string(15) "117676584930569" ["apiSecret:protected"]=> string(32) "**********" <--- just hidden on this post ["session:protected"]=> NULL ["sessionLoaded:protected"]=> bool(false) ["cookieSupport:protected"]=> bool(true) ["baseDomain:protected"]=> string(0) "" } Session is NULL for some reason, but I am logged in and can access my home and profile and run other apps on Facebook (to see that I am logged on). I am following the sample on: http://github.com/facebook/php-sdk/blob/master/examples/example.php http://github.com/facebook/php-sdk/blob/master/src/facebook.php (download using raw URL: wget http://github.com/facebook/php-sdk/raw/master/src/facebook.php ) Trying on both hosting companies at dreamhost.com and netfirms.com, and the results are the same.

    Read the article

  • Facebook Application with PHP running losing session

    - by ArneRie
    Iam trying to build an Facebook Application based on PHP. The Application is running under php on my own Webhost inside an Canvas as iFrame. I have included the newest Client Library for PHP from Facebook: facebook-php-sdk-94fcb13 To Authorize the user inside my application iam trying to use Facebook Connect, like the example shipped with the Client. Everything works fine the 1st Login, but when i hit the F5 Key to reload the page, the session is lost and i have to login again. When i call my application outside of the Facebook Canvas everything is fine. Iam not sure, but i think my Browser (Chrome/FireFox - Ubuntu) is not allowing to store an cookie inside an iFrame. Does someone knows an solution for this Problem? Here are some Parts of the Sourcecode: $facebook = new Facebook(array( 'appId' => 'x', 'secret' => 'x', 'cookie' => 'true', )); $session = $facebook->getSession(); $facebook->setSession($session); $me = null; // Session based API call. if ($session) { try { $uid = $facebook->getUser(); $me = $facebook->api('/me'); } catch (FacebookApiException $e) { error_log($e); } } // login or logout url will be needed depending on current user state. if ($me) { $logoutUrl = $facebook->getLogoutUrl(); } else { $loginUrl = $facebook->getLoginUrl(); }

    Read the article

  • Android AES and init vector

    - by Donald_W
    I have an issue with AES encryptio and decryption: I can change my IV entirely and still I'm able to decode my data. public static final byte[] IV = { 65, 1, 2, 23, 4, 5, 6, 7, 32, 21, 10, 11, 12, 13, 84, 45 }; public static final byte[] IV2 = { 65, 1, 2, 23, 45, 54, 61, 81, 32, 21, 10, 121, 12, 13, 84, 45 }; public static final byte[] KEY = { 0, 42, 2, 54, 4, 45, 6, 7, 65, 9, 54, 11, 12, 13, 60, 15 }; public static final byte[] KEY2 = { 0, 42, 2, 54, 43, 45, 16, 17, 65, 9, 54, 11, 12, 13, 60, 15 }; //public static final int BITS = 256; public static void test() { try { // encryption Cipher c = Cipher.getInstance("AES"); SecretKeySpec keySpec = new SecretKeySpec(KEY, "AES"); c.init(Cipher.ENCRYPT_MODE, keySpec, new IvParameterSpec(IV)); String s = "Secret message"; byte[] data = s.getBytes(); byte[] encrypted = c.doFinal(data); String encryptedStr = ""; for (int i = 0; i < encrypted.length; i++) encryptedStr += (char) encrypted[i]; //decryoption Cipher d_c = Cipher.getInstance("AES"); SecretKeySpec d_keySpec = new SecretKeySpec(KEY, "AES"); d_c.init(Cipher.DECRYPT_MODE, d_keySpec, new IvParameterSpec(IV2)); byte[] decrypted = d_c.doFinal(encrypted); String decryptedStr = ""; for (int i = 0; i < decrypted.length; i++) decryptedStr += (char) decrypted[i]; Log.d("", decryptedStr); } catch (Exception ex) { Log.d("", ex.getMessage()); } } Any ideas what I'm doing wrong? How can I get 256 bit AES encryption (only change key to 32-byte long array?) Encryption is a new topic for me so please for newbie friendly answers.

    Read the article

  • Trying to create a .NET DLL to be used with Non-.NET Application

    - by Changeling
    I am trying to create a .NET DLL so I can use the cryptographic functions with my non .NET application. I have created a class library so far with this code: namespace AESEncryption { public class EncryptDecrypt { private static readonly byte[] optionalEntropy = { 0x21, 0x05, 0x07, 0x08, 0x27, 0x02, 0x23, 0x36, 0x45, 0x50 }; public interface IEncrypt { string Encrypt(string data, string filePath); }; public class EncryptDecryptInt:IEncrypt { public string Encrypt(string data, string filePath) { byte[] plainKey; try { // Read in the secret key from our cipher key store byte[] cipher = File.ReadAllBytes(filePath); plainKey = ProtectedData.Unprotect(cipher, optionalEntropy, DataProtectionScope.CurrentUser); // Convert our plaintext data into a byte array byte[] plainTextBytes = Encoding.ASCII.GetBytes(data); MemoryStream ms = new MemoryStream(); Rijndael alg = Rijndael.Create(); alg.Mode = CipherMode.CBC; alg.Key = plainKey; alg.IV = optionalEntropy; CryptoStream cs = new CryptoStream(ms, alg.CreateEncryptor(), CryptoStreamMode.Write); cs.Write(plainTextBytes, 0, plainTextBytes.Length); cs.Close(); byte[] encryptedData = ms.ToArray(); return Convert.ToString(encryptedData); } catch (Exception ex) { return ex.Message; } } } } } In my VC++ application, I am using the #import directive to import the TLB file created from the DLL, but the only available functions are _AESEncryption and LIB_AES etc I don't see the interface or the function Encrypt. When I try to instantiate so I can call the functions in my VC++ program, I use this code and get the following error: HRESULT hr = CoInitialize(NULL); IEncryptPtr pIEncrypt(__uuidof(EncryptDecryptInt)); error C2065: 'IEncryptPtr': undeclared identifier error C2146: syntax error : missing ';' before identifier 'pIEncrypt'

    Read the article

  • How to (kindly) ask your users to upgrade from IE6?

    - by nickf
    It's no secret at all that IE6 has been a major roadblock to the advancement of the web over the last few years. I couldn't count the number of hours I've spent bashing my head against a wall trying to fix or debug IE6 issues. The way I see it, there are two types of IE6 user. a) the poor corporate schmoe whose IT department doesn't want to upgrade in case something breaks, and b) the mums and dads of the world who think the internet is the blue E on their desktop (and I don't mean that in a nasty way). There's probably a couple of people who know about all the other browsers, but still choose to run IE6. They get what they deserve, IMO. Anyway, getting to the point, I'd say that 90% of my IE6-using visitors are in the the mums and dads category - they're not stupid, they just don't know WHY they should upgrade to IE7 or Firefox or whatever. How do I educate these people without pissing them off? Is there a nice and friendly website I can direct these people to, which explains the reasons for upgrading in plain language? Any mention of "security" or "web standards" I think would just come across as scary. I've just seen http://www.whatbrowser.org which seems to fit the bill nicely. It explains in very basic terms: what a web browser is why you'd want to upgrade it how old your current browser is (subtle hint to those with a 9 year old browser) ..aaaand it's in 22 languages. It's from Google but displays no bias (it links to Firefox, Chrome, Opera, Safari, Internet Explorer displayed in a random order).

    Read the article

  • Did we always have to register to download the Java 5 JDK, or is this new Oracle fun?

    - by Ukko
    I could swear that just a couple of months ago I downloaded a copy of the Java 1.5 SE JDK and I did not have to give them information on my first born. Today, I had to go through the register-and-we-will-send-you-a-link-someday dance. I have not received the link yet, so I thought I would ask about it here. What is special about the Java 5 JDK? I can get 6 just by clicking, is this a stick to get us to migrate to Java 6? Am I just not remembering doing this before? What marketing genius thought this would be a value add for Java? "If we make them sweat for the JDK they won't just delete it willy-nilly the next time?" Does everyone picture the people designing systems like this as mustache twirling Snidely Whiplash clones like I do? Did I just miss the link for the Secret Squirrel route to the download page? Finally, I am in the U.S. so I should not have to worry about export restrictions. Any thoughts?

    Read the article

  • Error creating Google Calendar

    - by Don
    Hi, I'm trying to use the Google Calendar Java API to create a secondary calendar for a Google apps user. The relevant code is: // Initialise the API client CalendarService googleCalendar = new GCalendarService("canimo.ca"); googleCalendar.setUserCredentials("[email protected]", "secret"); // Create the calendar CalendarEntry cal = new CalendarEntry(); cal.title = new PlainTextConstruct(user.email); cal.summary = new PlainTextConstruct("Collection calendar"); cal.timeZone = new TimeZoneProperty("America/Montreal"); cal.hidden = HiddenProperty.FALSE; googleCalendar.insert(CALENDAR_URL, calendar); The call to insert() above results in com.google.gdata.util.ServiceException: Internal Server Error and no calendar is created. If I try and perform the same operation through the Google calendar website, it also fails with the error message: We could not save changes. Please try again in a few minutes. An obvious conclusion is that there's some problem on Google's side, but this has been going on for several days now. Strangely, if I create a new user, everything works fine for a while. I can create calendars via the website, and download them via the API. But as soon as I try and create a new calendar using the API, I get the exception above, and thereafter can't create new calendars using either the website or the API. Thanks, Don

    Read the article

  • Rate Limit Calls To Api Using Cache

    - by namtax
    Hi I am using coldfusion to call the last.fm api, using a cfc bundle sourced from here I am concerned about going over the request limit, which is 5 requests per originating IP address per second, averaged over a 5 minute period. The cfc bundle has a central component which calls all the other components, which are split up into sections like "artist", "track" etc...This central component "lastFmApi.cfc." is initiated in my application, and persisted for the lifespan of the application // Application.cfc example <cffunction name="onApplicationStart"> <cfset var apiKey = '[your api key here]' /> <cfset var apiSecret = '[your api secret here]' /> <cfset application.lastFm = CreateObject('component', 'org.FrankFusion.lastFm.lastFmApi').init(apiKey, apiSecret) /> </cffunction> Now if I want to call the api through a handler/controller, for example my artist handler...I can do this <cffunction name="artistPage" cache="5 mins"> <cfset qAlbums = application.lastFm.user.getArtist(url.artistName) /> </cffunction> I am a bit confused towards caching, but am caching each call to the api in this handler for 5 mins, but does this make any difference, because each time someone hits a new artist page wont this still count as a fresh hit against the api? Wondering how best to tackle this Thanks

    Read the article

  • How to store session values with Node.js and mongodb?

    - by Tirithen
    How do I get sessions working with Node.js, [email protected] and mongodb? I'm now trying to use connect-mongo like this: var config = require('../config'), express = require('express'), MongoStore = require('connect-mongo'), server = express.createServer(); server.configure(function() { server.use(express.logger()); server.use(express.methodOverride()); server.use(express.static(config.staticPath)); server.use(express.bodyParser()); server.use(express.cookieParser()); server.use(express.session({ store: new MongoStore({ db: config.db }), secret: config.salt })); }); server.configure('development', function() { server.use(express.errorHandler({ dumpExceptions: true, showStack: true })); }); server.configure('production', function() { server.use(express.errorHandler()); }); server.set('views', __dirname + '/../views'); server.set('view engine', 'jade'); server.listen(config.port); I'm then, in a server.get callback trying to use req.session.test = 'hello'; to store that value in the session, but it's not stored between the requests. It probobly takes something more that this to store session values, how? Is there a better documented module than connect-mongo?

    Read the article

  • Sharing runtime variables between files

    - by nightcracker
    I have a project with a few files that all include the header global.hpp. Those files want to share and update information that is relevant for the whole program during runtime (that data is gathered progressively during the program runs but the fields of data are known at compile-time). Now my idea was to use a struct like this: global.hpp #include <string> #ifndef _GLOBAL_SESSION_STRUCT #define _GLOBAL_SESSION_STRUCT struct session_struct { std::string username; std::string password; std::string hostname; unsigned short port; // more data fields as needed }; #endif extern struct session_struct session; main.cpp #include "global.hpp" struct session_struct session; int main(int argc, char* argv[]) { session.username = "user"; session.password = "secret"; session.hostname = "example.com"; session.port = 80; // other stuff, etc return 0; } Now every file that includes global.hpp can just read & write the fields of the session struct and easily share information. Is this the correct way to do this? NOTE: For this specific project no threading is used. But please (for future projects and other people reading) clarify in your answer how this (or your proposed) solution works when threaded. Also, for this example/project session variables are shared. But this should also apply to any other form of shared variables.

    Read the article

  • Why is "origin/HEAD" shown when running "git branch -r"?

    - by Ben Hamill
    When you run git branch -r why the blazes does it list origin/HEAD? For example, there's a remote repo on GitHub, say, with two branches: master and awesome-feature. If I do git clone to grab it and then go into my new directory and list the branches, I see this: $ git branch -r origin/HEAD origin/master origin/awesome-feature Or whatever order it would be in (alpha? I'm faking this example to keep the identity of an innocent repo secret). So what's the HEAD business? Is it what the last person to push had their HEAD pointed at when they pushed? Won't that always be whatever it was they pushed? HEADs move around... why do I care what someone's HEAD pointed at on another machine? I'm just getting a handle on remote tracking and such, so this is one lingering confusion. Thanks! EDIT: I was under the impression that dedicated remote repos (like GitHub where no one will ssh in and work on that code, but only pull or push, etc) didn't and shouldn't have a HEAD because there was, basically, no working copy. Not so?

    Read the article

  • HttpsCookieFilter - IllegalStateException: getOutputStream() has already been called for this response

    - by Mat Banik
    Following exception is thrown every once in a while and it shows up in localhost log file in tomcat log directory. If anyone know how to get rid of it, all help would be appreciated. BTW the filter is working fine I just don't know why this exception is happening. Stack trace: java.lang.IllegalStateException: getOutputStream() has already been called for this response at org.apache.catalina.connector.Response.getWriter(Response.java:611) at org.apache.catalina.connector.ResponseFacade.getWriter(ResponseFacade.java:198) at javax.servlet.ServletResponseWrapper.getWriter(ServletResponseWrapper.java:112) at javax.servlet.ServletResponseWrapper.getWriter(ServletResponseWrapper.java:112) at org.springframework.web.servlet.view.freemarker.FreeMarkerView.processTemplate(FreeMarkerView.java:366) at org.springframework.web.servlet.view.freemarker.FreeMarkerView.doRender(FreeMarkerView.java:283) at org.springframework.web.servlet.view.freemarker.FreeMarkerView.renderMergedTemplateModel(FreeMarkerView.java:233) at org.springframework.web.servlet.view.AbstractTemplateView.renderMergedOutputModel(AbstractTemplateView.java:167) at org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:250) at org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1047) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:817) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:644) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:549) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.opensymphony.sitemesh.webapp.SiteMeshFilter.doFilter(SiteMeshFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.orm.hibernate3.support.OpenSessionInViewFilter.doFilterInternal(OpenSessionInViewFilter.java:198) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) at org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) at org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:381) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:368) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:57) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:109) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:109) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) //Here is the servlet I suspect is trowing the exception. at package.HttpsCookieFilter.doFilter(HttpsCookieFilter.java:38) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:886) at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:721) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2256) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) at java.lang.Thread.run(Thread.java:717) The HttpsCookieFilter class: public class HttpsCookieFilter implements Filter { private static Logger log = Logger.getLogger(HttpsCookieFilter.class); @Override public void destroy() { } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { final HttpServletRequest req = (HttpServletRequest) request; final HttpServletResponse res = (HttpServletResponse) response; final HttpSession session = req.getSession(false); if (session != null) { setCookie(req, res); } try{ chain.doFilter(request, response); // <- Exception thrown from here }catch (IllegalStateException e){ log.warn("HttpsCookieFilter redirect problem! ", e); } } @Override public void init(FilterConfig arg0) throws ServletException { } private void setCookie( HttpServletRequest request, HttpServletResponse response) { Cookie cookie = new Cookie("JSESSIONID", request.getSession(false).getId()); cookie.setMaxAge(-1); cookie.setPath(getCookiePath(request)); cookie.setSecure(false); response.addCookie(cookie); } private String getCookiePath(HttpServletRequest request) { String contextPath = request.getContextPath(); return contextPath.length() > 0 ? contextPath : "/"; } } web.xml <?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd"> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener> <listener> <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class> </listener> <filter> <filter-name>httpsCookieFilter</filter-name> <filter-class>com.iteezy.server.web.servlet.HttpsCookieFilter</filter-class> </filter> <filter-mapping> <filter-name>httpsCookieFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>filterChainProxy</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>filterChainProxy</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> ... The reason for integrating this filter comes from Spring security FAQs: I'm using Tomcat (or some other servlet container) and have enabled HTTPS for my login page, switching back to HTTP afterwards. It doesn't work - I just end up back at the login page after authenticating. This happens because sessions created under HTTPS, for which the session cookie is marked as “secure”, cannot subsequently be used under HTTP. The browser will not send the cookie back to the server and any session state will be lost (including the security context information). Starting a session in HTTP first should work as the session cookie won't be marked as secure.

    Read the article

  • authorise user from mysql database

    - by Jacksta
    I suck at php, and cant find the error here. The script gets 2 variables "username" and "password" from a html from then check them against a MySQL databse. When I run this I get the follow error "Query was empty" <? if ((!$_POST[username]) || (!$_POST[password])) { header("Location: show_login.html"); exit; } $db_name = "testDB"; $table_name = "auth_users"; $connection = @mysql_connect("localhost", "admin", "pass") or die(mysql_error()); $db = @mysql_select_db($db_name, $connection) or die(mysql_error()); $slq = "SELECT * FROM $table_name WHERE username ='$_POST[username]' AND password = password('$_POST[password]')"; $result = @mysql_query($sql, $connection) or die(mysql_error()); $num = mysql_num_rows($result); if ($num != 0) { $msg = "<p>Congratulations, you're authorised!</p>"; } else { header("Location: show_login.html"); exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Secret Area</title> </head> <body> <? echo "$msg"; ?> </body> </html>

    Read the article

  • Am I going the right way to make login system secure with this simple password salting?

    - by LoVeSmItH
    I have two fields in login table password salt And I have this little function to generate salt function random_salt($h_algo="sha512"){ $salt1=uniqid(rand(),TRUE); $salt2=date("YmdHis").microtime(true); if(function_exists('dechex')){ $salt2=dechex($salt2); } $salt3=$_SERVER['REMOTE_ADDR']; $salt=$salt1.$salt2.$salt3; if(function_exists('hash')){ $hash=(in_array($h_algo,hash_algos()))?$h_algo:"sha512"; $randomsalt=hash($hash,md5($salt)); //returns 128 character long hash if sha512 algorithm is used. }else{ $randomsalt=sha1(md5($salt)); //returns 40 characters long hash } return $randomsalt; } Now to create user password I have following $userinput=$_POST["password"] //don't bother about escaping, i have done it in my real project. $static_salt="THIS-3434-95456-IS-RANDOM-27883478274-SALT"; //some static hard to predict secret salt. $salt=random_salt(); //generates 128 character long hash. $password =sha1($salt.$userinput.$static_salt); $salt is saved in salt field of database and $password is saved in password field. My problem, In function random_salt(), I m having this FEELING that I'm just making things complicated while this may not generate secure salt as it should. Can someone throw me a light whether I m going in a right direction? P.S. I do have an idea about crypt functions and like such. Just want to know is my code okay? Thanks.

    Read the article

  • Omit return type in C++0x

    - by Clinton
    I've recently found myself using the following macro with gcc 4.5 in C++0x mode: #define RETURN(x) -> decltype(x) { return x; } And writing functions like this: template <class T> auto f(T&& x) RETURN (( g(h(std::forward<T>(x))) )) I've been doing this to avoid the inconvenience having to effectively write the function body twice, and having keep changes in the body and the return type in sync (which in my opinion is a disaster waiting to happen). The problem is that this technique only works on one line functions. So when I have something like this (convoluted example): template <class T> auto f(T&& x) -> ... { auto y1 = f(x); auto y2 = h(y1, g1(x)); auto y3 = h(y1, g2(x)); if (y1) { ++y3; } return h2(y2, y3); } Then I have to put something horrible in the return type. Furthermore, whenever I update the function, I'll need to change the return type, and if I don't change it correctly, I'll get a compile error if I'm lucky, or a runtime bug in the worse case. Having to copy and paste changes to two locations and keep them in sync I feel is not good practice. And I can't think of a situation where I'd want an implicit cast on return instead of an explicit cast. Surely there is a way to ask the compiler to deduce this information. What is the point of the compiler keeping it a secret? I thought C++0x was designed so such duplication would not be required.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 518 519 520 521 522 523 524 525 526 527 528 529  | Next Page >