Search Results

Search found 3867 results on 155 pages for 'cross forest'.

Page 60/155 | < Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67  | Next Page >

  • What would you like to see in an beginner's ASP.NET security book

    - by blowdart
    This is a shameless information gathering exercise for my own book. One of the talks I give in the community is an introduction to web site vulnerabilities. Usually during the talk I can see at least two members of the audience go very pale; and this is basic stuff, Cross Site Scripting, SQL Injection, Information Leakage, Cross Site Form Requests and so on. So, if you can think back to being one, as a beginning web developer (be it ASP.NET or not) what do you feel would be useful information about web security and how to develop securely? I will already be covering the OWASP Top Ten (And yes this means stackoverflow will be in the acknowledgements list if someone comes up with something I haven't thought of yet!) It's all done now, and published, thank you all for your responses

    Read the article

  • Is using GET with a tokenID for security a good idea?

    - by acidzombie24
    I was thinking about this and it appears POST only a little less vulnerable and somewhat harder (do to requiring the user to click something). I read about token ids and double submitted cookies and i am not sure what the difference is http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Disclosure_of_Token_in_URL http://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet#Double_Submit_Cookies Right now i have the user id (PK in my table) and a session id so you cant simply change your cookie ID and act like someone else. Now it seems like i put the session id as a token in each of my forms and check them bc attackers cant guess these tokens. However i dislike the idea of putting the session id into the page for ppl to see. But really, is there a problem with that? short of having the user copy/pasting the html is there any attacks that can happen due to the session id being in plain view in html?

    Read the article

  • Best toolkit for new Web application (odd requirements)

    - by ireadit
    I need to write a new application, and have no experience with any new technology, framework, or language. Here are the requirements: HTML front end (best if it's cross-browser friendly) Web deployable, but also ideally want to be able to install as standalone on a desktop SQL Server database Ideally, would like to use a good (and easy) AJAX toolkit with widgets Ideally, would like to be able to write in ASP.Net but later (or concurrently) also write in Java. This is a big concern, as I would like to not have to rewrite the whole thing. Is there a toolkit I can use that makes this cross-platform requirement easier? All suggestions and comments are much appreciated. Thank you.

    Read the article

  • How to display all the dates between two given dates in SQL

    - by Gopal
    Using SQL server 2000. If the Start date is 06/23/2008 and End date is 06/30/2008 Then I need the Output of query as 06/23/2008 06/24/2008 06/25/2008 . . . 06/30/2008 I Created a Table names as Integer which has 1 Column, column values are 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 then I used the below mentioned query Tried Query SELECT DATEADD(d, H.i * 100 + T .i * 10 + U.i, '" & dtpfrom.Value & "') AS Dates FROM integers H CROSS JOIN integers T CROSS JOIN integers U order by dates The above query is displaying 999 Dates only. 999 Dates means (365 + 365 + 269) Dates Only. Suppose I want to select more than 3 Years (01/01/2003 to 01/01/2008). The above query should not suitable. How to modify my query? Or any other query is available for the above condition. Please kindly provide me the Query.

    Read the article

  • Trouble getting Flash socket policy file to work.

    - by Alex
    Basically I'm using Flash to connect to a Java server. Despite my Java application replying to the , in the Flash debug log it lists (not sure about the order as there are lots): * Security Sandbox Violation * Connection to 192.168.1.86:4049 halted - not permitted from http://127.0.0.1:8888/Current/wander.swf Warning: Timeout on xmlsocket://192.168.1.86:4049 (at 3 seconds) while waiting for socket policy file. This should not cause any problems, but see http://www.adobe.com/go/strict_policy_files for an explanation. Error: Request for resource at xmlsocket://192.168.1.86:4049 by requestor from http://127.0.0.1:8888/Current/wander.swf is denied due to lack of policy file permissions. What I don't understand is, the server (port 4049) receives the request, outputs the policy file and then closes the connection, surely it shouldn't time out? The policy file I'm using is: <?xml version="1.0"?> <cross-domain-policy><allow-access-from domain="*" to-ports="*" /> </cross-domain-policy>

    Read the article

  • ffmpeg libavcodec.so missing while compile with cygwin

    - by nick
    I am building ffmpeg for android by following this tutorial now i got android folder inside the ffmpeg2.0.1 folder but there is no libavcodec-55.so file. instead of that i have lib/libavcodec.a how can i get libavcodec.so file? build_android.sh #!/bin/bash NDK=$HOME/Desktop/adt/android-ndk-r9 SYSROOT=$NDK/platforms/android-9/arch-arm/ TOOLCHAIN=$NDK/toolchains/arm-linux-androideabi-4.8/prebuilt/windows-x86_64 function build_one { ./configure \ --prefix=$PREFIX \ --enable-shared \ --disable-static \ --disable-doc \ --disable-ffmpeg \ --disable-ffplay \ --disable-ffprobe \ --disable-ffserver \ --disable-avdevice \ --disable-doc \ --disable-symver \ --cross-prefix=$TOOLCHAIN/bin/arm-linux-androideabi- \ --target-os=linux \ --arch=arm \ --enable-cross-compile \ --sysroot=$SYSROOT \ --extra-cflags="-Os -fpic $ADDI_CFLAGS" \ --extra-ldflags="$ADDI_LDFLAGS" \ $ADDITIONAL_CONFIGURE_FLAG make clean make make install } CPU=arm PREFIX=$(pwd)/android/$CPU ADDI_CFLAGS="-marm" build_one

    Read the article

  • Tabbed javascript widget for a Rails app

    - by neilc
    A user registers on our Rails app and they're given javascript to embed a widget in their website. The widget has a tabbed interface, like the JQuery tabs http://stilbuero.de/jquery/tabs_3/. iFrames have been tested, but the widget form factor and cross-domain policy negates the use of iframes. The widget is very dynamic and will often update the DOM with new content - and because of cross-domain policy, it looks as though JSONP is necessary. I understand that 'widget.js.erb' needs to create the widget layout, reference a stylesheet, render the tabs, etc - but once a tab is clicked, how does the widget request the content from the Rails app and render it in the DOM?

    Read the article

  • How to overlay a small page on a html page?

    - by Usman Ajmal
    Hi, I have a webpage underconstruction. I want to notify the people who visit it about its under-construction nature. For that I wanted to show a small transparent or transluscent page on the above page as shown here http://img17.imageshack.us/i/normalpagewithasmallpag.png/ You may notice that i want that page to appear at the center of the webpage overlayed on the original page with a cross at top-right corner. Clicking on that cross may close this small page revealing the page behind it so that the users may see what has been developed so far. I hope you guys have some suggestions for me. I know its possible with javascript but don't know how...any tutorial if available will also help. Thanks a lot.

    Read the article

  • What XSS/CSRF attacks (if any) to be aware of when allowing video embeds?

    - by fireeyedboy
    I've been assigned a project for a website where users will be allowed to upload video's (using a YouTube API) but more importantly (for me) they will also be allowed to submit video embed codes (from numerous video sites, YouTube, Vimeo, etc. etc.). Having no experience with allowing users to embed video: How can I best protect against cross site scripting and/or cross site request forgery attacks specifically for video embedding? What are some of the common pitfalls to watch for? At a minumum I would think to strip all tags except <object> and <embed>. But I have a feeling this will not be enough, will it? If it is of importance, the environment will be: PHP/Zend Framework MySQL Bonuspoints: Is there a common minimum golden rule/code template for video embed codes that are valid across all video sites that I could use to filter the input?

    Read the article

  • iphone - Can't uninstall app on device

    - by wallou
    hey guys, I am testing my app on my jailbreaked iPhone and i noticed something strange. When i want to uninstall it on device i got no cross to delete the app. All the other apps (not mines) have the white circled cross. Whereas on the simulator i am able to delete my app. Is it because i run it on a jailbreak with a codesign workaround? Or maybe i am missing something in the app plist. Let me know if you have a clue. Wallou

    Read the article

  • Ajax Post Request Returns JSON but Deferred Fails

    - by imrane
    I have a cross-domain POST request to http://api.local/user/auth - my API endpoint. I allow Cross Domain requests in my api with CORS. Using Chrome if that makes a difference. I get a valid server JSON response with 200 Status Code but I am using deferreds from a backbone model like so: @model.save() .fail(-> console.log 'sync fail') .success -> console.log 'sync OK' And I consistently get a 'sync fail' instead of the expected 'sync OK' Thoughts?

    Read the article

  • strtod() and sprintf() inconsistency under GCC and MSVC

    - by Dmitry Sapelnikov
    I'm working on a cross-platform app for Windows and Mac OS X, and I have a problem with two standard C library functions: strtod() - string-to-double conversion sprintf() - when used for outputting double-precision floating point numbers) Their GCC and MSVC versions return different results. I'm looking for a well-tested cross-platform open-source implementation of those functions, or just for a pair of functions that would correctly and consistently convert double to string and back. I've already tried the clib GCC implementation, but the code is too long and too dependent on other source files, so I expect the adaptation to be difficult. What implementations of string-to-double and double-to-string functions would you recommend?

    Read the article

  • C++: Most common way to talk to one application from the other one

    - by MInner
    In bare outlines, I've got an application which looks through the directories at startup and creates special files' index - after that it works like daemon. The other application creates such 'special' files and places them in some directory. What way of informing the first application about a new file (to index it) is the most common, simple (the first one is run-time, so it shouldn't slow it too much), and cross-platform if it is possible? I've looked through RPC and IPC but they are too heavy (also non-cross-platform and slow (need a lot of features to work - I need a simple light well-working way), probably).

    Read the article

  • SQL Server deadlock issue

    - by George2
    Hello everyone, I am using SQL Server 2008 Enterprise. I am wondering whether dead lock issue is only caused by cross dependencies (e.g. task A has lock on L1 but waits on lock on L2, and at the same time, task B has lock on L2 but waits on lock on L1)? Are there any other reasons and scenarios which will cause deadlock? Are there any other way which will causes dead lock -- e.g. timeout (a S/I/D/U statement do not return for a very long time, and deadlock error will be returned) or can not acquire lock for a long time but not caused by cross-dependencies (e.g. task C needs to get lock on table T, but another task D acquire the lock on table T without releasing the lock, which causes task C not be able to get lock on table T for a long time)? thanks in advance, George

    Read the article

  • Help to run it in the background

    - by AlexPolo
    Here's a simple python daemon I can't manage to run as a background process: #!/usr/bin/env python import socket host = '' port = 843 backlog = 5 size = 1024 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind((host,port)) s.listen(backlog) while 1: client, address = s.accept() data = client.recv(size) if data == '<policy-file-request/>\0': client.send('<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*" to-ports="*"/></cross-domain-policy>') client.close() It's a socket policy file server (you may have heard of the restiction Adope put on socket connection - http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html); that works well when gets run like an "ordinary" process - "python that_server.py", - but I get problem to run it in the background. Running like so: "that_server.py &", - does not work.

    Read the article

  • Getting meaningful error messages from fstream's in C++

    - by Hassan Syed
    What is the best way to get meaningful file access error messages, in a portable way from std::fstreams ? The primitiveness of badbits and failbits is getting to be bit annoying. I have written my own exception hierarchies against win32 and POSIX before, and that was far more flexible than the way the STL does it. I am getting "basic::ios_clear" as an error message from the what method of a downcasted catch (std::exception) of a fstream which has exceptions enabled. This doesn't mean much to me, although I do know what the problem is I'd like my program to be a tad more informative so that when I start deployment a few months later my life will be easier. Is there anything in Boost to extract meaningful messages out of the ofstream's implementation cross platform and cross STL implementation ?

    Read the article

  • Why don't scripting languages output Unicode to the Windows console?

    - by hippietrail
    The Windows console has been Unicode aware for at least a decade and perhaps as far back as Windows NT. However for some reason the major cross-platform scripting languages including Perl and Python only ever output various 8-bit encodings, requiring much trouble to work around. Perl gives a "wide character in print" warning, Pythong gives a charmap error and quits. Why on earth after all these years do they not just simply call the Win32 -W APIs that output UTF-16 Unicode instead of forcing everything through the ANSI/codepage bottleneck? Is it just that cross-platform performance is low priority? Is it that the languages use UTF-8 internally and find it too much bother to output UTF-16? Or are the -W APIs inherently broken to such a degree that they can't be used as-is?

    Read the article

  • how to use proxy with JSON

    - by Dele
    I have a php page called 'dataFetch.php' which sits on one webserver. On another webserver, I have a JS file which issues JSON calls to dataFetch. dataFetch connects to a database, retrieves data and puts it in a JSON format which is fed back to the calling program. In IE, this works fine. In other browsers it does not because of the cross domain restriction. To get across the cross-domain restriction, I make a call to a file, proxy.php, which then makes the call to dataFetch. My problem now is that proxy.php retrieves the file from dataFetch but the JS script file no longer sees the response from proxy.php as a JSON format and so I can't process it. Can anybody help me out?

    Read the article

  • C++: FFMPEG and SDL resources

    - by advs89
    I'm looking for resources (preferably books, but websites are fine too) for using FFMPEG and/or SDL with C++. Stuff I'd like to be able to do (eventually): Decode and play videos in realtime to a QT widget (the QT part isn't a problem) Overlay text and images on the video (in realtime) Loop video Cross-fade from one video to another (in realtime) Some kind of DVD functionality LIVE sources? (i.e. webcam, stream, etc.) So far I've looked at (and consider helpful) the following resources: FFMPEG and SDL Tutorial by Dranger (extremely helpful) StackOverflow: ffmpeg C API documentation/tutorial (not a duplicate, btw) Sample code bundled with FFMPEG libraries (I'll try and update this list with anything helpful below) Thanks for any help... Also: Operating System is Windows (but maybe one day cross-platform) Also 2: Resources using alternatives are welcome too... i.e. DirectShow, VFW, etc.

    Read the article

  • Is the situation with Java ME improving?

    - by mike g
    It seems to be the consensus that developing for Java ME is not as cross platform as you might expect, particularly compared to say java SE, but it is difficult to assess how the situation is evolving. Is the situation improving significantly? Are problematic implementations being patched? Are problematic implementations dying out as a proportion of mobile devices? Is the tool chain improving? Are there ways to identify at least some cross platform 'errors' without necessarily deploying to each and every device?

    Read the article

  • Method for SharePoint list/item locking across processes/machines?

    - by Steve
    In general, is there a decent way in SharePoint to control race conditions due to two processes or even two machines in the farm operating on the same list or list item at the same time? That is, is there any mechanism either built in or that can be fabricated via the Object Model for doing cross-process or cross-machine locking of individual list items? I want to write a timer job that performs a bunch of manipulations on a list. This list is written to by the SharePoint UI and then read by the UI. I want to be able to make sure that the UI doesn't either write to or read from the list when it is in an inconsistent state due to the timer job being in the middle of a manipulation. Is there any way to do this? Also, I want to allow for multiple instances of the timer job to run simultaneously. This, again, will require a lock to be sure that the two jobs don't attempt to operate on the same list/item at the same time. TIA for any help!

    Read the article

< Previous Page | 56 57 58 59 60 61 62 63 64 65 66 67  | Next Page >