Search Results

Search found 97614 results on 3905 pages for 'online code editing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 662/3905 | < Previous Page | 658 659 660 661 662 663 664 665 666 667 668 669  | Next Page >

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

  • Building a Charts Dashboard with Google Apps Script

    Building a Charts Dashboard with Google Apps Script In this Google Developers Live show, join Kalyan Reddy as he talks about how to build a Charts dashboard in Google Apps Script. We'll be talking about the Charts Service and how to wire this up to data that's dynamically coming in from Google Spreadsheets and other sources. From: GoogleDevelopers Views: 97 7 ratings Time: 44:17 More in Science & Technology

    Read the article

  • Dartisans Ep 4 - Dart hangout with the Dart Editor team

    Dartisans Ep 4 - Dart hangout with the Dart Editor team This is Dartisans, the Hangout show that brings you interviews and access to the Dart team. This episode features the Dart Editor team, who will demo all the new features of the editor and will take your questions live. You'll love what the Dart Editor team has been up to. This episode was recorded on on Friday, 3/30, at 10am PDT / 6pm GMT. From: GoogleDevelopers Views: 68 3 ratings Time: 36:42 More in Science & Technology

    Read the article

  • LibrePlanet 2010 Completes Its Orbit

    <b>Bradley M. Kuhn:</b> "I met so many young people excited about software freedom. I can only imagine to be only 19 or 20 years old and have the opportunity meet other Free Software developers in person. At that age, I considered myself lucky to simply have Usenet access so that I could follow and participate in online discussions about Free Software..."

    Read the article

  • Tips For Hiring a Dedicated Web Developer

    Fed up by making pockets empty in order to successfully establish business in online market? Hire a dedicated web developer and give dimensions to business. Simply follow some useful guidelines given in this article to find out a highly skilled developer for business.

    Read the article

  • I'm using OpenAL, trying to load a .ogg file and having .dll troubles

    - by Brendan Webster
    I'm using OpenAL for my game's music, and it loads .wav files by default, but to load in Ogg files I had to download and setup a few .dlls and lib files. I have fixed all errors with dlls except for this: I need vorbis.dll, and it says it's missing vorbis_window. I just can't find the dll anywhere online that includes the vorbis_window, anyone have suggestions on how I should fix this problem with my dll?

    Read the article

  • Objective C - Aggro with Images

    - by Will
    I have three UIImageViews. enemy1, enemy1AggroBox and mainSprite. What I want to do is when mainSprite and enemy1AggroBox interect, I want enemy1 to start moving towards mainSprite. Basically creating aggro for a game. if(CGRectIntersectsRect(mainSprite.frame, enemy1AggroBox.frame)){ //Code here// } My plan would be to call this method in viewDidLoad. I'm not using any sort of framework like cocos2d or OpenGLES. If you need to see any more code just ask.

    Read the article

  • Google Top Geek E06

    Google Top Geek E06 In Spanish! Google Top Geek (GTG) es un show semanal que generamos desde México con noticias, las tendencias en búsquedas y YouTube en América Latina, así como referencias a apps y eventos interesantes. GTG se transmite los lunes al medio día, 12 pm, desde Google Developers Live. Guión del programa Esta semana 1. Campaña para mantener Internet libre y abierto (#freeandopen) 2. Gmail y Drive, una nueva manera de enviar documentos anexos. Puedes anexar archivos de hasta 10GB. Editar Google Sheets en tu dispositivo móvil con el app de Drive. 3. Google Maps Navigation (beta) disponible en México. Búsquedas de la semana Número uno: Cyber Monday (ciber lunes) Argentina: Vaya vicio Chile: Cyber Monday Colombia: Ciberlunes México: Miguel Ángel Calero Perú: Cyber Monday Uruguay: XO City Los vídeos más vistos en YouTube estuvieron encabezados por: Extremely Scary Ghost Elevator Prank en Brasil. Argentina: Donde estés, hay fest! - Playa → #PersonalFest2012! Chile: Hola, soy Germán en vivo Colombia: Documental "La mondá" (Video oficial) → Documental realizado a la palabra con más uso en la región caribe México: El gimnasio de guapas Perú: El retorno del Exorcista Entre las apps de Android más exitosas de la semana, tenemos: Pagadas: Swiftkey, Plants vs. Zombies, Where's my water? Gratis: WhatsApp Messenger, Facebook, Línea Noticias para desarrolladores 1. Google Developers Academy ahora en 5 idiomas: chino, inglés, japonés, coreano y español. From: GoogleDevelopers Views: 19 3 ratings Time: 23:02 More in Science & Technology

    Read the article

  • Using Extended Events in SQL Server Denali CTP1 to Map out the TransactionLog SQL Trace Event EventSubClass Values

    - by Jonathan Kehayias
    John Samson ( Blog | Twitter ) asked on the MSDN Forums about the meaning/description for the numeric values returned by the EventSubClass column of the TransactionLog SQL Trace Event.  John pointed out that this information is not available for this Event like it is for the other events in the Books Online Topic ( TransactionLog Event Class ), or in the sys.trace_subclass_values DMV.  John wanted to know if there was a way to determine this information.  I did some looking and found...(read more)

    Read the article

  • Operations Manager SQL monitoring issue?

    - by merrillaldrich
    We're in the early stages of implementing System Center Operations Manager 2007 R2, and from what I've see so far it looks really good. I am still interested to see the depth of performance counter information that it'll collect and store, but haven't been able to really dig into that just yet. There is one issue I am seeing and I don't know if others have come across this (could not find much online about it either): computing a database file free space alert rule is a little complicated, and it...(read more)

    Read the article

  • HTG Explains: How Do Noise Reducing Headphones Work?

    - by YatriTrivedi
    Passive noise reduction, active noise cancellation, sound isolation… The world of headphones has become quite advanced in giving you your own private sound bubble. Here’s how these different technologies work. Latest Features How-To Geek ETC Should You Delete Windows 7 Service Pack Backup Files to Save Space? What Can Super Mario Teach Us About Graphics Technology? Windows 7 Service Pack 1 is Released: But Should You Install It? How To Make Hundreds of Complex Photo Edits in Seconds With Photoshop Actions How to Enable User-Specific Wireless Networks in Windows 7 How to Use Google Chrome as Your Default PDF Reader (the Easy Way) WizMouse Enables Mouse Over Scrolling on Any Window Enhance GIMP’s Image Editing Power with Gimp Paint Studio Reclaim Vertical UI Space by Moving Your Tabs to the Side in Firefox Wind and Water: Puzzle Battles – An Awesome Game for Linux and Windows How Star Wars Changed the World [Infographic] Tabs Visual Manager Adds Thumbnailed Tab Switching to Chrome

    Read the article

  • GDL Presents: Women Techmakers with Pixability

    GDL Presents: Women Techmakers with Pixability Gretchen Howard and Amanda Surya speak candidly with Pixability Founder & CEO Bettina Hein about her experiences building successful technology businesses and activating the female tech community. Hosts: Gretchen Howard - Director of Global Social Solutions | Amanda Surya - Manager, Developer Relations Guest: Bettina Hein - Founder and CEO, Pixability From: GoogleDevelopers Views: 0 0 ratings Time: 30:00 More in Science & Technology

    Read the article

  • Google Chrome Extensions: Launch Event (part 3)

    Google Chrome Extensions: Launch Event (part 3) Video Footage from the Google Chrome Extensions launch event on 12/09/09. Erik Kay and Aaron Boodman, technical leads for the Google Chrome Extensions team demonstrate how to build, debug and share a Google Chrome extension. From: GoogleDevelopers Views: 2975 13 ratings Time: 08:28 More in Science & Technology

    Read the article

  • IE9 HTML5 Video Will Be H264 Only

    <b>OSNews:</b> "Other codecs often come up in these discussions. The distinction between the availability of source code and the ownership of the intellectual property in that available source code is critical."

    Read the article

  • La gran final del Developer Bus en Colombia, la innovación desde las tecnologías Google (spanish)

    La gran final del Developer Bus en Colombia, la innovación desde las tecnologías Google (spanish) Toda la innovación del Developer Bus en Colombia con la presentación de los proyectos, la devolución del jurado y el gran ganador de la edición de Bogotá.#DevBusLatAm #DevBusBogota +Desarrolla... From: GoogleDevelopers Views: 0 0 ratings Time: 00:00 More in Science & Technology

    Read the article

  • TraceTool 12.1: The Swiss-Army Knife of Trace

    A C#, C++, Delphi, ActiveX, JavaScript, and Java trace framework, a trace viewer (with Tail, OutputDebugString, and event log). The framework comes with support for Log4J, Log4Net, Microsoft Enterprise Instrumentation Framework (EIF), Pocket PC (C++ and .NET), and Silverlight.

    Read the article

  • Chrome Apps Office Hours: Building Apps with Web Intents

    Chrome Apps Office Hours: Building Apps with Web Intents Ask and vote for questions at: goo.gl Web Intents are the core mechanism for building interconnected apps on the Chrome platform. Join Paul Kinlan and Paul Lewis next week as we show you how to build client apps that send data to other web apps, and a service app that will receive input from any intent invocation. From: GoogleDevelopers Views: 0 0 ratings Time: 00:00 More in Science & Technology

    Read the article

  • Help, i cant reference my vars!

    - by SystemNetworks
    I have a sub-class(let's call it sub) and it contains all the function of an object in my game. In my main class(Let's call it main), i connect my sub to main. (Example sub Code: s = new sub(); Then I put my sub function at the update method. Code: s.myFunc(); Becuase in my sub, i have booleans, integers, float and more. The problem is that I don't want to connect my main class to use my main's int, booleans and others. If i connect it, it will have a stack overflow. This is what I put in my sub: Code: package javagame; import org.newdawn.slick.GameContainer; import org.newdawn.slick.Graphics; import org.newdawn.slick.Input; import org.newdawn.slick.state.StateBasedGame; public class Armory { package javagame; import org.newdawn.slick.GameContainer; import org.newdawn.slick.Graphics; import org.newdawn.slick.Input; import org.newdawn.slick.state.StateBasedGame; public class Store { public Integer wood; public Float probePositionX; public Float probePositionY; public Boolean StoreOn; public Boolean darkBought; public Integer money; public Integer darkEnergy; public Integer lifeLeft; public Integer powerLeft; public void darkStores(GameContainer gc, StateBasedGame sbg, GameContainer gc2) { Input input1 = gc.getInput(); //Player need wood to enter(200) If not there will be an error. if(wood>=200) { //Enter Store! if(input1.isKeyDown(Input.KEY_Q)) { //Player must be in this cord! if((probePositionX>393 && probePositionX<555) && (probePositionY< 271 && probePositionY>171)) { //The Store is On StoreOn=true; } } } } } In my main (update function) I put: Code: s.darkBought = darkBought; s.darkEnergy = darkEnergy; s.lifeLeft = lifeLeft; s.money = money; s.powerLeft = powerLeft; s.probePositionX = probePositionX; s.probePositionY = probePositionY; s.StoreOn = StoreOn; s.wood = wood; s.darkStores(gc, sbg, gc); The problem is when I go to the place, and I press q, nothing shows up. It should show another image. Is there anything wrong???

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 658 659 660 661 662 663 664 665 666 667 668 669  | Next Page >