Search Results

Search found 89214 results on 3569 pages for 'code statistics'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 560/3569 | < Previous Page | 556 557 558 559 560 561 562 563 564 565 566 567  | Next Page >

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

  • Objective C - Aggro with Images

    - by Will
    I have three UIImageViews. enemy1, enemy1AggroBox and mainSprite. What I want to do is when mainSprite and enemy1AggroBox interect, I want enemy1 to start moving towards mainSprite. Basically creating aggro for a game. if(CGRectIntersectsRect(mainSprite.frame, enemy1AggroBox.frame)){ //Code here// } My plan would be to call this method in viewDidLoad. I'm not using any sort of framework like cocos2d or OpenGLES. If you need to see any more code just ask.

    Read the article

  • Building a Charts Dashboard with Google Apps Script

    Building a Charts Dashboard with Google Apps Script In this Google Developers Live show, join Kalyan Reddy as he talks about how to build a Charts dashboard in Google Apps Script. We'll be talking about the Charts Service and how to wire this up to data that's dynamically coming in from Google Spreadsheets and other sources. From: GoogleDevelopers Views: 97 7 ratings Time: 44:17 More in Science & Technology

    Read the article

  • GDL Presents: Women Techmakers with Pixability

    GDL Presents: Women Techmakers with Pixability Gretchen Howard and Amanda Surya speak candidly with Pixability Founder & CEO Bettina Hein about her experiences building successful technology businesses and activating the female tech community. Hosts: Gretchen Howard - Director of Global Social Solutions | Amanda Surya - Manager, Developer Relations Guest: Bettina Hein - Founder and CEO, Pixability From: GoogleDevelopers Views: 0 0 ratings Time: 30:00 More in Science & Technology

    Read the article

  • Google Top Geek E06

    Google Top Geek E06 In Spanish! Google Top Geek (GTG) es un show semanal que generamos desde México con noticias, las tendencias en búsquedas y YouTube en América Latina, así como referencias a apps y eventos interesantes. GTG se transmite los lunes al medio día, 12 pm, desde Google Developers Live. Guión del programa Esta semana 1. Campaña para mantener Internet libre y abierto (#freeandopen) 2. Gmail y Drive, una nueva manera de enviar documentos anexos. Puedes anexar archivos de hasta 10GB. Editar Google Sheets en tu dispositivo móvil con el app de Drive. 3. Google Maps Navigation (beta) disponible en México. Búsquedas de la semana Número uno: Cyber Monday (ciber lunes) Argentina: Vaya vicio Chile: Cyber Monday Colombia: Ciberlunes México: Miguel Ángel Calero Perú: Cyber Monday Uruguay: XO City Los vídeos más vistos en YouTube estuvieron encabezados por: Extremely Scary Ghost Elevator Prank en Brasil. Argentina: Donde estés, hay fest! - Playa → #PersonalFest2012! Chile: Hola, soy Germán en vivo Colombia: Documental "La mondá" (Video oficial) → Documental realizado a la palabra con más uso en la región caribe México: El gimnasio de guapas Perú: El retorno del Exorcista Entre las apps de Android más exitosas de la semana, tenemos: Pagadas: Swiftkey, Plants vs. Zombies, Where's my water? Gratis: WhatsApp Messenger, Facebook, Línea Noticias para desarrolladores 1. Google Developers Academy ahora en 5 idiomas: chino, inglés, japonés, coreano y español. From: GoogleDevelopers Views: 19 3 ratings Time: 23:02 More in Science & Technology

    Read the article

  • Dartisans Ep 4 - Dart hangout with the Dart Editor team

    Dartisans Ep 4 - Dart hangout with the Dart Editor team This is Dartisans, the Hangout show that brings you interviews and access to the Dart team. This episode features the Dart Editor team, who will demo all the new features of the editor and will take your questions live. You'll love what the Dart Editor team has been up to. This episode was recorded on on Friday, 3/30, at 10am PDT / 6pm GMT. From: GoogleDevelopers Views: 68 3 ratings Time: 36:42 More in Science & Technology

    Read the article

  • Google Chrome Extensions: Launch Event (part 3)

    Google Chrome Extensions: Launch Event (part 3) Video Footage from the Google Chrome Extensions launch event on 12/09/09. Erik Kay and Aaron Boodman, technical leads for the Google Chrome Extensions team demonstrate how to build, debug and share a Google Chrome extension. From: GoogleDevelopers Views: 2975 13 ratings Time: 08:28 More in Science & Technology

    Read the article

  • TraceTool 12.1: The Swiss-Army Knife of Trace

    A C#, C++, Delphi, ActiveX, JavaScript, and Java trace framework, a trace viewer (with Tail, OutputDebugString, and event log). The framework comes with support for Log4J, Log4Net, Microsoft Enterprise Instrumentation Framework (EIF), Pocket PC (C++ and .NET), and Silverlight.

    Read the article

  • La gran final del Developer Bus en Colombia, la innovación desde las tecnologías Google (spanish)

    La gran final del Developer Bus en Colombia, la innovación desde las tecnologías Google (spanish) Toda la innovación del Developer Bus en Colombia con la presentación de los proyectos, la devolución del jurado y el gran ganador de la edición de Bogotá.#DevBusLatAm #DevBusBogota +Desarrolla... From: GoogleDevelopers Views: 0 0 ratings Time: 00:00 More in Science & Technology

    Read the article

  • IE9 HTML5 Video Will Be H264 Only

    <b>OSNews:</b> "Other codecs often come up in these discussions. The distinction between the availability of source code and the ownership of the intellectual property in that available source code is critical."

    Read the article

  • Simple SST Unhooker

    This article includes description of simple unhooker that restores original SST hooked by unknown rootkits, which hide some services and processes.

    Read the article

  • Google I/O 2012 - It's a Startup World

    Google I/O 2012 - It's a Startup World Erik Hersman, Eden Shochat, Jon Bradford, Jeffery Paine, Jehan Ara Tech innovators and entrepreneurs across the world are building technologies that delight users, solve problems, and result in scaled local and global businesses. The web is a global platform, and as a developer or entrepreneur your audience is tool. Hear the unique perspectives from a panel of entrepreneurs and VCs around the world who have succeeded in creating, launching, and scaling unique endeavors from Israel, the UK, Kenya, Singapore to Pakistan. For all I/O 2012 sessions, go to developers.google.com From: GoogleDevelopers Views: 54 2 ratings Time: 59:54 More in Science & Technology

    Read the article

  • Chrome Apps Office Hours: Building Apps with Web Intents

    Chrome Apps Office Hours: Building Apps with Web Intents Ask and vote for questions at: goo.gl Web Intents are the core mechanism for building interconnected apps on the Chrome platform. Join Paul Kinlan and Paul Lewis next week as we show you how to build client apps that send data to other web apps, and a service app that will receive input from any intent invocation. From: GoogleDevelopers Views: 0 0 ratings Time: 00:00 More in Science & Technology

    Read the article

  • Google I/O 2012 - What's New in the Google Drive SDK

    Google I/O 2012 - What's New in the Google Drive SDK Josh Hudgins, John Day-Richter In this talk, we will introduce a number of major new features and platforms to the Google Drive SDK. We will discuss what we feel is a revolution in the way developers write collaborative applications. We will also announce a new API to make managing files in Google Drive even easier for developers, replacing some legacy APIs in the process. For all I/O 2012 sessions, go to developers.google.com From: GoogleDevelopers Views: 556 6 ratings Time: 55:14 More in Science & Technology

    Read the article

  • Help, i cant reference my vars!

    - by SystemNetworks
    I have a sub-class(let's call it sub) and it contains all the function of an object in my game. In my main class(Let's call it main), i connect my sub to main. (Example sub Code: s = new sub(); Then I put my sub function at the update method. Code: s.myFunc(); Becuase in my sub, i have booleans, integers, float and more. The problem is that I don't want to connect my main class to use my main's int, booleans and others. If i connect it, it will have a stack overflow. This is what I put in my sub: Code: package javagame; import org.newdawn.slick.GameContainer; import org.newdawn.slick.Graphics; import org.newdawn.slick.Input; import org.newdawn.slick.state.StateBasedGame; public class Armory { package javagame; import org.newdawn.slick.GameContainer; import org.newdawn.slick.Graphics; import org.newdawn.slick.Input; import org.newdawn.slick.state.StateBasedGame; public class Store { public Integer wood; public Float probePositionX; public Float probePositionY; public Boolean StoreOn; public Boolean darkBought; public Integer money; public Integer darkEnergy; public Integer lifeLeft; public Integer powerLeft; public void darkStores(GameContainer gc, StateBasedGame sbg, GameContainer gc2) { Input input1 = gc.getInput(); //Player need wood to enter(200) If not there will be an error. if(wood>=200) { //Enter Store! if(input1.isKeyDown(Input.KEY_Q)) { //Player must be in this cord! if((probePositionX>393 && probePositionX<555) && (probePositionY< 271 && probePositionY>171)) { //The Store is On StoreOn=true; } } } } } In my main (update function) I put: Code: s.darkBought = darkBought; s.darkEnergy = darkEnergy; s.lifeLeft = lifeLeft; s.money = money; s.powerLeft = powerLeft; s.probePositionX = probePositionX; s.probePositionY = probePositionY; s.StoreOn = StoreOn; s.wood = wood; s.darkStores(gc, sbg, gc); The problem is when I go to the place, and I press q, nothing shows up. It should show another image. Is there anything wrong???

    Read the article

  • How do you exclude yourself from Google Analytics on your website using cookies?

    - by Cold Hawaiian
    I'm trying to set up an exclusion filter with a browser cookie, so that my own visits to my don't show up in my Google Analytics. I tried 3 different methods and none of them have worked so far. I would like help understanding what I am doing wrong and how I can fix this. Method 1 First, I tried following Google's instructions, http://www.google.com/support/analytics/bin/answer.py?hl=en&answer=55481, for excluding traffic by Cookie Content: Create a new page on your domain, containing the following code: <body onLoad="javascript:pageTracker._setVar('test_value');"> Method 2 Next, when that didn't work, I googled around and found this Google thread, http://www.google.com/support/forum/p/Google%20Analytics/thread?tid=4741f1499823fcd5&hl=en, where the most popular answer says to use a slightly different code: SHS Analytics wrote: <body onLoad="javascript:_gaq.push(['_setVar','test_value']);"> Thank you! This has now set a __utmv cookie containing "test_value", whereas the original: pageTracker._setVar('test_value') (which Google is still recommending) did not manage to do that for me (in Mac Safari 5 and Firefox 3.6.8). So I tried this code, but it didn't work for me. Method 3 Finally, I searched StackOverflow and came across this thread, http://stackoverflow.com/questions/3495270/exclude-my-traffic-from-google-analytics-using-cookie-with-subdomain, which suggests that the following code might work: <script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setVar', 'exclude_me']); _gaq.push(['_setAccount', 'UA-xxxxxxxx-x']); _gaq.push(['_trackPageview']); // etc... </script> This script appeared in the head element in the example, instead of in the onload event of the body like in the previous 2 examples. So I tried this too, but still had no luck with trying to exclude myself from Google Analytics. Re-iterate question So, I tried all 3 methods above with no success. Am I doing something wrong? How can I exclude myself from my Google Analytics using an exclusion cookie for my browser? Update I've been testing this for several days now, and I've confirmed that the 2nd method of excluding yourself from tracking does indeed work. The problem was that the filter settings weren't properly applied to my profile, which has been corrected. See the accepted answer below.

    Read the article

  • Google Chrome Extensions: Launch Event (part 1)

    Google Chrome Extensions: Launch Event (part 1) Video Footage from the Google Chrome Extensions launch event on 12/09/09. In this part, Brian Rakowski, product management director, provides an update on Google Chrome and explains why extensions are important for the Google Chrome team. From: GoogleDevelopers Views: 5167 17 ratings Time: 04:39 More in Science & Technology

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 556 557 558 559 560 561 562 563 564 565 566 567  | Next Page >