Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 658/886 | < Previous Page | 654 655 656 657 658 659 660 661 662 663 664 665  | Next Page >

• Validating/Allowing YouTube Embed Code

  - by mellowsoon

  Hi, hopefully this is a simple question. I have a simple custom forum on my site written in PHP. For security reasons I don't allow any HTML in the forum posts. I only allow certain BBCode tags. I would however like to allow embedded YouTube videos. So my question is this: What's the best (most secure) way to validate the YouTube embed code? YouTube is currently using iframes to embed videos, but obviously I can't just allow the iframe tag. I also need to ensure the src of the iframe is a YouTube URL, and ensure there's no other malicious bits of code in the iframe code.

  Read the article

• How to escape/strip special characters in the LaTeX document?

  - by Igor

  We implemented the online service where it is possible to generate PDF with predefined structure. User can choose a LaTeX template and then compile it with an appropriate inputs. The question we worry about is the security, that the malicious user was not able to gain shell access through the injection of special instruction into latex document. We need some workaround for this or at least a list of special characters that we should strip from the input data. Preferred language would be PHP, but any suggestions, constructions and links are very welcomed. PS. in few word we're looking form mysql_real_escape_string for LaTeX

  Read the article

• Agile version control?

  - by Paul Dixon

  I'm trying to work out a good method to manage code changes on a large project with multiple teams. We use subversion at the moment, but I want more flexibility in building a new release than I seem to be able to get with subversion. Here's roughly I want: for each developer to create easily identifiable patches for the project. Each patch delivers a complete user story (a releasable feature or fix). It might encompass many changes to many files. developers are able to easily apply and remove their own and other patches to facilitate testing release manager selects the patches to be used in the next release into a new branch branch is tested, fixes merged in, and ultimately merged into live teams can then pull these changes back down into their sandboxes. I'm looking at stacked git as a way of achieving this, but what other tools or techniques can deliver this sort of workflow?

  Read the article

• Force IOException during file reading

  - by DixonD

  I have the piece of code that reads data from file. I want to force IOException in this code for testing purpose (I want to check if code throws correct custom exception in this case). Is there a some way to create a file which is protected from being read, for example? Maybe dealing with some security checks can help? Please, note that passing name to not-existent file cannot help, because FileNotFoundException has separate catch clause. Here peace of code for better undestanding of question: BufferedReader reader = null; try { reader = new BufferedReader(new FileReader(csvFile)); String rawLine; while ((rawLine = reader.readLine()) != null) { // some work is done here } } catch (FileNotFoundException e) { throw new SomeCustomException(); } catch (IOException e) { throw new SomeCustomException(); } finally { // close the input stream if (reader != null) { try { reader.close(); } catch (IOException e) { // ignore } } }

  Read the article

• Parsing NTFS Partition in C

  - by DooriBar

  Hello all, I'm just a beginner and I have a need to parse a NTFS partition for the purpose of extracting Security Descriptors. (I been trying to use the native functions of the Windows API, but my conclusion is that something is seriously wrong with the functions' behavior, or their documentation.) I was wondering if anybody here experienced with such requirement, and could give me few hints, references, guidance... where to begin? (I've found www.ntfs.com, seems to have NTFS structure information, but I'm afraid I'll need something more to get started...) My intention is to use it under Windows XP. Thanks in advanced, Doori Bar

  Read the article

• Storing and retrieving CGPoints inside NSMutableArray

  - by Matt Dice

  I've looked through countless questions on here and elsewhere and cannot for the life of me figure out what I'm doing wrong. I'm trying to store an array of CGPoints as NSValues inside of an NSMutableArray named points like so on the iPhone: NSValue *point = [NSValue valueWithCGPoint:firstTouch]; NSLog(@"NSValue *point = %@", point); [points addObject:point]; NSLOG OUTPUT NSValue *point = NSPoint: {120, 221} Everything is going smooth converting from the CGPoint to NSValue. But when I try to retrieve the point I get nothing. NSValue *getPoint = [points objectAtIndex:0]; CGPoint thePoint = [getPoint CGPointValue]; NSLog(@"Point = %@", NSStringFromCGPoint(thePoint)); NSLOG OUTPUT Point = {0, 0} The points should be the same but I'm getting a null result. For testing purposes this is happening in the touchesBegan method. Does anyone have any idea where I'm going wrong? Thanks in advance.

  Read the article

• Using WiX, how do I change a property of a subfolder of a virtual directory?

  - by Joergen Bech

  I have a hierarchy of Directory elements in a WiX script. I also have a component that creates a virtual directory (using IIS:WebVirtualDir), which points to the root of my Directory hierarchy. How do I change a property (e.g. AnonymousAccess) of a subfolder of the virtual directory, e.g. MyVirtualDir <<< this is the virtual directory root MyVirtualDir\MySubFolder <<< this is the subfolder for which I wish to change a property using WebDirProperties Please note that I do not wish to create a new virtual directory for the subfolder. I only wish to change a few security settings. The current script is too big to post here, but take a look at the WiX tutorial: 5.3 Web Directory. Suppose in that example that there was another Directory element named "MySubFolder" nested within the "InstallDir" element. What would then be the next step in order to set properties for "MySubFolder" without turning it into a virtual directory?

  Read the article

• Gridview with row being edited causing error when form submitted

  - by Chris Phelps

  Using ASP.NET VB, I have a form with some text boxes and a Gridview. If a user clicks the Edit button on a row in the gridview, and then tries to submit the form with a row still in edit mode on the Gridview, this error is generated - "Invalid postback or callback argument. Event validation is enabled using in configuration or <%@ Page EnableEventValidation="true" % in a page. For security purposes, this feature verifies that arguments to postback or callback events originate from the server control that originally rendered them. If the data is valid and expected, use the ClientScriptManager.RegisterForEventValidation method in order to register the postback or callback data for validation. " Any idea how to prevent this error??

  Read the article

• Why is url not registered?(Drupal 6.x)

  - by Andrew

  I'm using hook_menu to register new url so that accessing this url would return some data to ajax function. As title suggested, this url is not registered. How do I know that? I've tried typing this in address bar but, drupal, return main template only rather than the tests string that I created. I'm positive that my module is working for php issues error if I intentionally write wrong syntax. And, yes, I clear cache whenever I make changes. Here's the code - function test_menu() { $my_form['test'] = array( 'title' => 'Test address', 'page callback' => 'test', 'access arguments' => array('access content'), 'type' => MENU_CALLBACK, ); return $my_form; } function test(){ $a= "testing"; return $a; }

  Read the article

• CouchDB read authorization

  - by mdikici

  In couchdb website - technical overview - security and validation - http://couchdb.apache.org/docs/overview.html - it writes that (on reader access part) "To protect document contents, CouchDB documents can have a reader list. This is an optional list of reader-names allowed to read the document. When a reader list is used, protected documents are only viewable by listed users." I searched about how to use it but i found nothing. So is it actually used and if it is how? Thanks. -- Mustafa

  Read the article

• Howto read system informations in C++ on windows and linux?

  - by f4

  I need to read system information like cpu/ram/disks usage in C++. Maybe swap, network and process too but that's less important. It has probably been done thousand of times before so I first tried to search for a library. Someone here suggested SIGAR, which seems to fit my needs but is GPL and it is for inclusion in a proprietary product. So it's not an option here. I feel like it's something not that easy to implement, as it'll need testing on several platforms. So a library would be welcome. If you don't know of any library, could you point me in the right direction for both platforms?

  Read the article

• Pre-packaged Rails applications

  - by Craig

  Seems like most Rails applications have similar 'base' functionality. As such, it seems that there would be value in having pre-build Rails applications at various functionality points such as: basic User model with authentication using Authlogic #1 + openid integration #2 + authorization using declarative_authorization #3 + Administration module #4 + a Profile model Themes (useful stylesheets and such) Friendship model Geocoding ... In addition to the basic MVC stuff, these applications would include: testing harnesses seed data git support One could choose start from any of these functionality points. Other than the sample application that are available with the various gems/plugins, are there projects such as these? If not, I would certainly be willing to contribute what I have.

  Read the article

• Execute a dll function in ASP.Net Bin not working, II7.

  - by Wayne Lo

  I am developing a remote control application where a client (aspx page in a browser) can request a server to "launch a notepad" (for testing purpose, for real life, turning off a light bulb, etc). So I created a dll with a simple function for launching the notepad (on the server side) and dropped this dll in the root bin folder. It worked fine when the aspx page is running under ASP.NET development server (launched from Visual Studio). But when I tested the same aspx page under a FireFox browser, it did not work (launch the notepad) even though it did call for the same function (I stepped through in debugger). Is this a permission issue? How do I set this up in IIS manager, or even better in web.config? Please help.

  Read the article

• Setting ownership/permissions for symfony2 and other web projects

  - by Handonam

  I've been very confused as to how to set permissions and user/groups for my sites. It is particularly one of my weakest suits My curent problem is that I often find myself running into a situation where if i view a particular page, it won't have permissions to write to cache or logs. At this point I'll set the ownership towards apache. Then, in other cases, if i try to run internal scripts, for example, I can't write to these cache/log files because i set them for apache. Currently, my symfony2 files are all registered to me as a part of staff (Handonam:Staff). I've seen various people creating groups such as www-data, apache, etc, and using users such as theirselves (e.g. Handonam) or www as a part of those groups. So my question is: For symfony2 and other web projects, what's generally the best setup for user/group setup so that both apache and myself can interact with these files, while maintaining decent security?

  Read the article

• Execute VBA Macro via C# Interop?

  - by Jon Artus

  Hi all, just wondering if anyone could suggest why I might be getting an error? I'm currently trying to execute a macro in a workbook by calling the Application.Run method that the interop exposes. It's currently throwing the following COM Exception: {System.Runtime.InteropServices.COMException (0x800A03EC): Cannot run the macro Macro1'. The macro may not be available in this workbook or all macros may be disabled. I've put the containing workbook in a trusted location, set all of the security settings to their minimum values, and trusted programmatic access to my object model. I'm entirely out of ideas and Google's failed me so far! Has anyone done this, or can you suggest anything which I could try? Many thanks!

  Read the article

• Problem with commit in sharpsvn

  - by zhangxiaoning

  Hi,I'm a programmer in china. I want to commit the changes of a working copy in my computer to the repository. The repository is in an URL and i´m doing this now: using (SvnClient client = new SvnClient()){ string path = @"C:\testdelete\test.java"; client.Delete(path); client.Authentication.Clear(); // Clear predefined handlers client.Authentication.UserNamePasswordHandlers += delegate(object obj, SharpSvn.Security.SvnUserNamePasswordEventArgs args) { args.UserName = "username"; args.Password = "password"; }; var uri = client.GetUriFromWorkingCopy(path); if (uri != null) { SvnCommitArgs args = new SvnCommitArgs(); args.ThrowOnError = true; args.ThrowOnCancel = true; client.Commit(path, args);//here throw a SvnOperationCanceledException } } But it doesn´t work,Why?Thanks!

  Read the article

• jquery $.ajax not working in firefox against rails (406 response) (works in chrome & IE)

  - by phil swenson

  I have a rails backend and am testing the following jquery code against it: var content = $("#notification_content").val(); var data = new Object(); data.content = content; $.ajax({ url: "/notifications/detect_type.json", type:"POST", data: data, success: function(result ){updateTypeDropDown(result)}}); This code works fine in Chrome and IE. However in Firefox (using Firebug), I see this: http://localhost:3000/notifications/detect_type.json 406 Not Acceptable here is a chrome request in the log: Processing NotificationsController#detect_type (for 127.0.0.1 at 2010-12-21 17:05:59) [POST] Parameters: {"action"="detect_type", "content"="226 south emerson denver co 80209", "controller"="notifications"} User Columns (2.0ms) SHOW FIELDS FROM users User Load (37.4ms) SELECT * FROM users WHERE (users.id = '1') LIMIT 1 Completed in 58ms (View: 1, DB: 40) | 406 Not Acceptable [http://localhost/notifications/detect_type.json] here is a firefox request in the log: Processing NotificationsController#detect_type (for 127.0.0.1 at 2010-12-21 17:06:41) [POST] Parameters: {"action"="detect_type", "content"="226 south emerson 80209", "controller"="notifications"} User Columns (2.1ms) SHOW FIELDS FROM users User Load (30.4ms) SELECT * FROM users WHERE (users.id = '1') LIMIT 1 Completed in 100ms (View: 1, DB: 33) | 200 OK [http://localhost/notifications/detect_type.json] I'm stumped. Ideas?

  Read the article

• FOSUserBundle: embedding the login form and choosing its template

  - by tirengarfio

  i want to insert the login form of FOSUserBundle in my template like this: <div id="sidebar"> {% render "FOSUserBundle::Security::login" %} </div> but not to render the template that is been calling in the code of loginAction() originally. I have thought I'd find useful the possibility of passing the template I want to render as a parameter as 'max' in this example: <div id="sidebar"> {% render "AcmeArticleBundle:Article:recentArticles" with {'max': 3} %} </div> Is that possible in symfony2? If not.. should I create another action for my bundle with the same code inside of loginAction? or should I modify the original loginAction code and write control structures? if(currentPage == 'home') renderResponse('template1') else renderResponse('template2')

  Read the article

• Do we really need a safe release macro?

  - by Ian1971

  Quite a lot of people seem to use a macro such as #define SAFE_RELEASE(X) [X release]; X = nil; (myself included). I've been reassessing why I am using it and wanted to canvas some opinion. The purpose (I think) for using this macro is so that if you were to accidentally use your object after releasing it then you won't get a bad access exception because objective-c will quite happily ignore it when the object is nil. It strikes me that this has the potential to mask some obscure bugs. Maybe it would actually be preferable for the program to crash when you try to use X again. That way during testing you can find the issue and improve the code. Does this macro encourage lazy programming? Thoughts?

  Read the article

• PHP readdir() not returning files in alphabetical order

  - by Buggabill

  I am reading through a directory with some pictures and such using a pretty simple implementation of readdir() like the following: if ($handle = opendir($path)) { while (false !== ($szFilename = readdir($handle))) { if ($szFilename[0] !== '.') { if (is_file($path.$szFilename)) { // do stuff } } } } The problem that I am having is that the files are not being read in alphabetical order as the docs for readdir() state: Returns the filename of the next file from the directory. The filenames are returned in the order in which they are stored by the filesystem. Another weird thing is that, on the local testing server, the same code works great. This is running on a server using the LAMP stack in both cases. I know that I can build an array and just sort it, but I was wondering if I was missing something in what I was doing. Thanks for any insight!

  Read the article

• how to get apache mod_cache work with mod_wsgi (django)?

  - by harmv

  I thought i'd speed up my django projects, by letting apache doing some caching for me. Unfortunately I see that apache never caches my dynamic pages. Has mod_cache problems with mod_wsgi served code ? My apache config: <VirtualHost *:80 ServerName myserver.com CacheEnable mem / # for testing only CacheIgnoreQueryString On CacheIgnoreCacheControl On WSGIDaemonProcess aname processes=1 threads=25 WSGIProcessGroup aname Alias /media/ /home/harm/projects/test/media/ WSGIScriptAlias / /home/harm/projects/test/wsgi.py The response does have the correct caching headers: Content-Length 2647 Content-Encoding gzip Vary Accept-Encoding Cache-Control public, max-age=3600 Keep-Alive timeout=15, max=100 Connection Keep-Alive Content-Type application/x-javascript Am I missing something ?

  Read the article

• Application.Idle causes high CPU usage

  - by Neal

  Hello, I use the Application.Idle event to handle toolbar status (enable/disable) etc. quite extensively. As I'm beta testing Norton AntiVirus 2011, it brought to my attention that my app that I'm developing triggered a high CPU usage warning on at least one CPU. Sure enough, I opened the task manager and watched one of the four CPU's (quad core system) go to near 100%. I thought Application.Idle was the way to handle things when the application wasn't performing CPU tasks. Why is Application.Idle spiking the CPU? Here is how I attach to the event: AddHandler Application.Idle, AddressOf OnAppIdle Been using Application.Idle for a long time, never knew it would have this issue. Using VS 2010 .NET 4 Thank you.

  Read the article

• How can I know if a file has been changed in .NET C#?

  - by Anthony D

  I have an application that requires a secure way to store its configuration. There are users that can change the configuration. I need some sort of signature scheme where I can verify that the config file has not changed with out a valid user. I had thought about using RSA, where the private key is encrypted with the users password, and the public key is used to sign the config. However there is nothing to prevent someone from changing the user file and adding their own public key, thus circumventing my security. Any ideas?

  Read the article

• Android::Confused about image sizes in a website

  - by Legend

  I was testing my website inside the Android emulator with the Droid Skin (240 dpi). I have the following css: #container { position: relative; width: 854px; height: 480px; background: #000; margin: auto; } #container li { position: relative; list-style: none; width: 201px; height: 110px; padding-left: 10px; padding-top:10px; padding-bottom:10px; overflow: hidden; float: left; z-index: 2; } The display is not what I expected obviously because I am defining everything in px (when I should have been using dip but css does not allow dip). How can I convert my px to something that is suitable for Android? Any suggestions?

  Read the article

• Html how to make a part on iframe, unvisible and unclickable externally? (my idea)

  - by ozan

  I have a page (A) including a BUTTON with a function close_window() , however when I embed A to my main page (B) using iframe, the close_window() can't work as expected since there is no more window anymore, and I am not able to remove the button from the iframe since A is on another domain (Security issues prevents). What I want to do is make this button label invisible. And the only way I think is to put a white image just to the place where that button exists on my iframe, externally. is Smthing like that possible? I want the image to be on the top of iframe? Or do you have any other idea ? Thanks for helps.

  Read the article

< Previous Page | 654 655 656 657 658 659 660 661 662 663 664 665  | Next Page >