Search Results

Search found 2118 results on 85 pages for 'trust metric'.

Page 74/85 | < Previous Page | 70 71 72 73 74 75 76 77 78 79 80 81  | Next Page >

• Backdoor in OpenBSD how is it that no developer saw it ? And what about other Linux ? [closed]

  - by user310291

  It had been revealed that there have been backdoor implanted in OpenBSD http://www.infoworld.com/d/developer-world/software-security-honesty-the-best-policy-285 OpenBSD is opensource, how is it that nobody in the community developper could see it in the source code ? So how can one trust all the other "opensource" Linux Of course OpenBSD is only a case, the point is not about OpenBSD, it is about opensource in general. my question is not about Openbsd per se it's about source code os inspection especially c/c++ since most are written in these languages. Also once the source is compiled how one can be sure that it really reflects the source code ? If a law requires that a backdoor being implanted and obliges to deny that kind of action under the guise of security, how can you be sure that the system has not been corrupted by some tools ? As said there is there is a "nondisclosure agreement" My guess is that 99.99% of developpers in the world are just incapable of understanding os source code and won't even bother to look at it. And above all nobody wonders about why the gov wants such massive backdoor, and that of course they will pressure medias to deny.

  Read the article

• Unattended Install of SQL Server 2005 Express with LOCAL Server InstanceName

  - by Jeff

  I'm creating an install package using InnoSetup and installing SQL Server 2005 Express. Here's the code below that appears in my RUN section: Filename: "{app}\SQL Server 2005 Express\SQLEXPR.exe" ; Parameters: "-q /norebootchk /qn reboot=ReallySuppress addlocal=all INSTANCENAME=(LOCAL) SCCCHECKLEVEL=IncompatibleComponents:1;MDAC25Version:0 ERRORREPORTING=2 SQLAUTOSTART=1 SAPWD=passwordhere SECURITYMODE=SQL"; WorkingDir: {app}\SQL Server 2005 Express; StatusMsg: Installing Microsoft SQL Server 2005 Express... Please Wait...;Check:SQLVerifyInstall What I'm trying to accomplish is have the SQL Server package install but only have the instance name itself reference the name of the machine name and nothing more. What I'm receiving instead is a named instance instead of local such as MachineName\SQLEXPRESS which is not what I want to receive. I need a local instance instead of a named instance due to the way my code is written to be able to install and talk with the databases in question. I would change it, trust me, were it not the fact that this install package is a replacement to a previous package that used the MSDE installer. I have to be able to support both through code. Any suggestions are welcome but a clear and concise method to get the installer to quietly install using only the machine name is my main goal. Thanks for the help and support!

  Read the article

• SSL signed certificates for internal use

  - by rogueprocess

  I have a distributed application consisting of many components that communicate over TCP (for examle JMS) and HTTP. All components run on internal hardware, with internal IP addresses, and are not accessible to the public. I want to make the communication secure using SSL. Does it make sense to purchase signed certificates from a well-known certificate authority? Or should I just use self-signed certs? My understanding of the advantage of trusted certs is that the authority is an entity that can be trusted by the general public - but that is only an issue when the general public needs to be sure that the entity at a particular domain is who they say they are. Therefore, in my case, where the same organization is responsible for the components at both ends of the communication, and everything in between, a publicly trusted authority would be pointless. In other words, if I generate and sign a certificate for my own server, I know that it's trustworthy. And no one from outside the organization will ever be asked to trust this certificate. That is my reasoning - am I correct, or is there some potential advantage to using certs from a known authority?

  Read the article

• Is there a methode to linarize a Document?

  - by M.R.

  A webservice response with a message which is not linarized. This produces a problem, when trying to access a (as an example) the root element with getSOAPBody().getFirstChlid(). In a linarized document this call would return the first element inside the the body. If the message is not properly formated, you may get the the line break between the soap body and the first element. The problem should be easy to solve with a recursive method, but I was wondering, if there is a method for it? Like normalize etc. Edit: XML Response: ... XMLSchema-instance"><soapenv:Body> <wst:RequestSecurityTokenResponse xmlns:wst="http://schemas.xmlsoap.org/ws/200/02/trust">... JAVA CODE: final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); DocumentBuilder db = factory.newDocumentBuilder(); Document result = db.newDocument(); //messResult is the response result.appendChild(result.importNode(messResult.getSOAPBody().getFirstChild(),true)); Error Log: HIERARCHY_REQUEST_ERR: An attempt was made to insert a node where it is not permitted.

  Read the article

• XBAP Browser Control - Invoking Click event of the html Input type button

  - by maharaj

  Hi, Here is what I have. 1.XBAP application with WPF Browser control, hosted on Page1.xaml 2.XBAP in Full Trust, certificate installed in client browser 3.Once the XBAP loaded, the browser control is navigated to some third party site. 4.We are using MVVM for XAML stuff So, when a certain page is loaded, I attach click event handler to the input button with id="submit" on the html page displayed in the browser control (used the code similar to whats in this URL http://social.msdn.microsoft.com/Forums/en-US/wpf/thread/a4f0e4d0-78bf-44c5-a3fe-8faf2e7a0568/). It works just fine as long as I dont make a wcf web service call in my ViewModel, before or after I attach this event hander. Idea is to invoke the click event for the html button and grab the data from the html page before calling the webservice to save data from the page. Here is the issue: When I make the wcf webservice call (sync or async, it doesnt matter) the click event doesnt happen but if I comment out the the code for wcf service call the click event of the html input of type button gets invoked. Any help would be appreciated. Thanks, Salil

  Read the article

• How to detect if a file is PDF or TIFF ?

  - by eviljack

  Please bear with me as I've been thrown into the middle of this project without knowing all the background. If you've got WTF questions, trust me, I have them too. Here is the scenario: I've got a bunch of files residing on an IIS server. They have no file extension on them. Just naked files with names like "asda-2342-sd3rs-asd24-ut57" and so on. Nothing intuitive. The problem is I need to serve up files on an ASP.NET (2.0) page and display the tiff files as tiff and the PDF files as PDF. Unfortunately I don't know which is which and I need to be able to display them appropriately in their respective formats. For example, lets say that there are 2 files I need to display, one is tiff and one is PDF. The page should show up with a tiff image, and perhaps a link that would open up the PDF in a new tab/window. The problem: As these files are all extension-less I had to force IIS to just serve everything up as TIFF. But if I do this, the PDF files won't display. I could change IIS to force the MIME type to be PDF for unknown file extensions but I'd have the reverse problem. http://support.microsoft.com/kb/326965 Is this problem easier than I think or is it as nasty as I am expecting?

  Read the article

• Check if file is locked or catch error for trying to open

  - by Duncan Matheson

  I'm trying to handle the problem where a user can try to open, with an OpenFileDialog, a file that is open by Excel. Using the simple FileInfo.OpenRead(), it chucks an IOException, "The process cannot access the file 'cakes.xls' because it is being used by another process." This would be fine to display to the user except that the user will actually get "Debugging resource strings are unavailable" nonsense. It seems not possible to open a file that is open by another process, since using FileInfo.Open(FileMode.Open, FileAccess.Read, FileShare.ReadWrite) chucks a SecurityException, "File operation not permitted. Access to path 'C:\whatever\cakes.xls' is denied.", for any file. Rather unhelpful. So it's down to either finding some way of checking if the file is locked, or trying to catch the IOException. I don't want to catch all IOExceptions and assume they're all locked file errors, so I need some sort of way of classifying this type of exception as this error... but the "Debugging resource strings" nonsense along with the fact that that message itself is probably localized makes it tricky. I'm partial trust, so I can't use Marshal.GetHRForException. So: Is there any sensible way of either check if a file is locked, or at least determining if this problem occurred without just catching all IOExceptions?

  Read the article

• How to generate XML from an Excel VBA macro?

  - by SuperNES

  So, I've got a bunch of content that was delivered to us in the form of Excel spreadsheets. I need to take that content and push it into another system. The other system takes its input from an XML file. I could do all of this by hand (and trust me, management has no problem making me do that!), but I'm hoping there's an easy way to write an Excel macro that would generate the XML I need instead. This seems like a better solution to me, as this is a job that will need to be repeated regularly (we'll be getting a LOT of content in Excel sheets) and it just makes sense to have a batch tool that does it for us. However, I've never experimented with generating XML from Excel spreadsheets before. I have a little VBA knowledge but I'm a newbie to XML. I guess my problem in Googling this is that I don't even know what to Google for. Can anyone give me a little direction to get me started? Does my idea sound like the right way to approach this problem, or am I overlooking something obvious? Thanks StackOverflow!

  Read the article

• GNU Make - Dependencies on non program code

  - by Tim Post

  A requirement for a program I am writing is that it must be able to trust a configuration file. To accomplish this, I am using several kinds of hashing algorithms to generate a hash of the file at compile time, this produces a header with the hashes as constants. Dependencies for this are pretty straight forward, my program depends on config_hash.h, which has a target that produces it. The makefile looks something like this : config_hash.h: $(SH) genhash config/config_file.cfg > $(srcdir)/config_hash.h $(PROGRAM): config_hash.h $(PROGRAM_DEPS) $(CC) ... ... ... I'm using the -M option to gcc, which is great for dealing with dependencies. If my header changes, my program is rebuilt. My problem is, I need to be able to tell if the config file has changed, so that config_hash.h is re-generated. I'm not quite sure how explain that kind of dependency to GNU make. I've tried listing config/config_file.cfg as a dependency for config_hash.h, and providing a .PHONY target for config_file.cfg without success. Obviously, I can't rely on the -M switch to gcc to help me here, since the config file is not a part of any object code. Any suggestions? Unfortunately, I can't post much of the Makefile, or I would have just posted the whole thing.

  Read the article

• Replacement for Hamachi for SVN access

  - by Piers

  My company has been using Hamachi to access our SVN repository for a number of years. We are a small yet widely distributed development team with each programmer in a different country working from home. The server is hosted by a non-techie in our central office. Hamachi is useful here since it has a GUI and supports remote management. This system worked well for a while, but recently I have moved to a country with poor internet speeds. Hamachi will no longer connect 99% of the time - instead I get a "Probing..." message that doesn't resolve. It's certain to be a latency issue, as the same laptop will connect without problems when I cross the border and connect using a different ISP with better speeds. So I really need to replace Hamachi with some other VPN/protocol that handles latency better. The techie managing the repository is not comfortable installing and configuring Apache or IIS, so it looks like HTTP is out. I tried to convince my boss to go for a web hosting company, but he doesn't trust a 3rd party with our source. Any other recommended options / experiences out there for accessing our SVN repos that would be as simple as Hamachi for setup; but be more tolerant of network latency issues?

  Read the article

• Block facebook from my website

  - by Joseph Szymborski

  I have a secure link direction service I'm running (expiringlinks.co). If I change the headers in php to redirect my visitors, then facebook is able to show a preview of the website I'm redirecting to when users send links to one another via facebook. I wish to avoid this. Right now, I'm using an AJAX call to get the URL and javascript to redirect, but it's causing problems for users who don't use javascript. Here are a number of ways I'd like to block facebook, but I can't seem to get working: I've tried blocking the facebook bot (facebookexternalhit/1.0 and facebookexternalhit/1.1) but it's not working, I don't think they're using them for this functionality. I'm thinking of blocking the facebook IP addresses, but I can't find all of them, and I don't think it'll work unless I get all of them. I've thought of using a CAPTCHA or even a button, but I can't bring myself to do that to my visitors. Not to mention I don't think anyone would use the site. I've searched the facebook docs for meta tags that would "opt-me out", but haven't found one, and doubt that I would trust it if I had. Any creative ideas or any idea how to implement the ones above? Thank you so much in advance!

  Read the article

• Not able to connect to TFS Server from TFS Proxy

  - by GV India

  In our office we have setup TFS for project development. The TFS Server is WIN 2003 server SP2 with VSTFS 2008 and is running fine. Now we need to setup a TFS Proxy server on client site for client to access. Before going for the client setup, I wanted to build and test proxy in our office on a dummy server (will call it Proxy server hereon) by keeping it on a different domain. OS configuration of the Proxy server is the same as TFS server. I have installed and configured TFS proxy on Proxy server to connect to TFS Server. Also we have built trust between the two different domains to enable communication. Now problem is that I am not able to at all connect to TFS server. I am trying to connect from Internet Explorer of proxy server using proxy service account. It gives me error: The page cannot be displayed. HTTP 500 - Internal server error. The page I was browsing was http://tfs:8080/VersionControl/v1.0/ProxyStatistics.asmx. I think I have done all the required steps correctly to configure proxy as described in MSDN and also TFS installation guide. Here Proxy service account is a member of ‘Team Foundation Valid Users’ group. I am able to connect to TFS Server (specifying port) using Telnet from command prompt on proxy server as suggested by few sites. The TFS server web sites have been configured to use Integration Windows Authentication. Event Logs on both the servers are also not giving any error. Overall I’m not able to get it done. Any ideas on what might be the problem???

  Read the article

• How to Connect to a web service (SSL enabled and proxy interface)

  - by blgnklc

  There is a web service running on tomcat on a server. It is built on Java Servlet. It is listening others to call itself on a SSL enabled http port. so its web service adreess looks like: https://172.29.12.12/axis/services/XYZClient?wsdl On the other hand I want to connect the web service above from a windows application which is built on .NET frame work. Finally, when I want to connect the web service from my computer; I get some specific erros; Firstly I get; Proxy authentication error; then I added some new line to my code; Dim cr As System.Net.NetworkCredential = New System.Net.NetworkCredential("xname", "xsurname", "xdomainname") Dim myProxy As New WebProxy("http://mar.xxxyyy.com", True) myProxy.Credentials = cr Secondly, after this modifications It says that bad request. I did not get over this error. Moreover I did try to connect the web server on the same computer. I copied my executable program to the computer where the web service runs. The error was like; The underlying connection was closed: Could not establish trust relationship for SSL/TLS secure channel PS: When I try to connect to web service by using Internet Explorer; I see firstly some warnings about accepting an unknown certificate and I click take me to web service an I get there clearly. I want to know what are the basic elements to connect a web service, could you please tell me the requirements that I have to use on my windows project. regards bk

  Read the article

• Why do I get a security warning in visual studio 2008 when creating a project?

  - by MikeG

  This is the error, it's basically a security warning (And here's the text grabbed off the dialog box) Security Warning for WindowsApplication4 __________________________I The WindowsApplication4 project file has been customized and could present a security risk by executing custom build steps when opened in Microsoft Visual Studio. If this project came from an untrustwoithy source, it could cause damage to your computer or compromise your private information. More Details Project load options 0 Load project for browsing Opens the project in Microsoft Visual Studio with increased security. This option allows you to browse the contents of the project, but some functionality, such as IntelliSense, is restricted, When a project is loaded for browsing, actions such as building, cleaning, publishing, or opening designers could still remain unsafe. Load project normally Opens the project normally in Microsoft Visual Studio. Use this option if you trust the source and understand the potential risks involved. Microsoft Visual Studio does not restrict any project functionality and will not prompt you again for this project. Ask me for every project in this solution OK L Cancel When click the more details button get this: Microsoft Visual Studio __ An item referring to the file was found in the project file “C:\Users\mgriffiths\Documents\Visual Studio 2008\ProjectATemp\Win dowsApplication4\WindowsApplicdtion4\W in dowsApplication4.vbproj”. Since this file is located within a system directory, root directory, or network share, it could be harmful to write to this file. OK

  Read the article

• GetAccessControl error with NTAccount

  - by Adam Witko

  private bool HasRights(FileSystemRights fileSystemRights_, string fileName_, bool isFile_) { bool hasRights = false; WindowsIdentity WinIdentity = System.Security.Principal.WindowsIdentity.GetCurrent(); WindowsPrincipal WinPrincipal = new WindowsPrincipal(WinIdentity); AuthorizationRuleCollection arc = null; if (isFile_) { FileInfo fi = new FileInfo(@fileName_); arc = fi.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount)); } else { DirectoryInfo di = new DirectoryInfo(@fileName_); arc = di.GetAccessControl().GetAccessRules(true, true, typeof(NTAccount)); } foreach (FileSystemAccessRule rule in arc) { if (WinPrincipal.IsInRole(rule.IdentityReference.Value)) { if (((int)rule.FileSystemRights & (int)fileSystemRights_) > 0) { if (rule.AccessControlType == AccessControlType.Allow) hasRights = true; else if (rule.AccessControlType == AccessControlType.Deny) { hasRights = false; break; } } } } return hasRights; } The above code block is causing me problems. When the WinPrincipal.IsInRole(rule.IdentityReference.Value) is executed the following exception occurs: "The trust relationship between the primary domain and the trusted domain failed.". I'm very new to using identities, principles and such so I don't know what's the problem. I'm assuming it's with the use of NTAccount? Thanks

  Read the article

• ASP.NET MVC 2 user input to SQL 2008 Database problems

  - by Rob

  After my publish in VS2010 the entire website loads and pulls data from the database perfectly. I can even create new users through the site with the correct key code, given out to who needs access. I have two connection strings in my web.config file The first: <add xdt:Transform="SetAttributes" xdt:Locator="Match(name)" name="EveModelContainer" connectionString="metadata=res://*/Models.EdmModel.EveModel.csdl|res://*/Models.EdmModel.EveModel.ssdl|res://*/Models.EdmModel.EveModel.msl;provider=System.Data.SqlClient;provider connection string=&quot;Data Source=localhost;Initial Catalog=fleet;Persist Security Info=True;User ID=fleet;Password=****&quot;" providerName="System.Data.EntityClient" /> The second: <add xdt:Transform="SetAttributes" xdt:Locator="Match(name)" name="ApplicationServices" connectionString="Data Source=localhost;Initial Catalog=fleet;Persist Security Info=True;User ID=fleet;Password=****;MultipleActiveResultSets=True" /> The first one is the one that is needed to post data with the main application, EveModelContainer. Everything else is pulled using the standard ApplicationServices connection. Do you see anything wrong with my connectionstring? I'm at a complete loss here. The site works perfectly on my friends server and not on mine... Could it be a provider issue? And if I go to iis 7's manager console, and click .net users I get a pop up message saying the custom provider isn't a trusted provider do I want to allow it to run at a higher trust level. I'm at the point where I think its either my string or this trusted provider error... but I have no clue how to add to the trusted provider list... Thank you in advance!!!

  Read the article

• How to configure C# Typed Datasets when calling OracleDataAdapter.Update() on Oracle Stored Procedur

  - by John_D

  I am writing a C# Windows Forms application which calls Oracle stored procedures. I chose to use typed datasets in the application, these correctly populate various datagrids, but I am having trouble when invoking the UpdateCommand or the InsertCommand. I have manually coded these commands because a) I am using Oracle stored procedures and b) I don't trust CommandBuilder ;) I am using VS2008 and Oracle 9i I don't have trouble executing stored procedures in SQL Server or Oracle when simply calling them from the .ExecuteNonQuery command; neither do I have problems executing SQL statements directly and updating the database. The problems only arise when executing the changed rows with OracleDataAdapter.Update(). I am specifying the correct set of rows (added, changed etc.) The main error I am getting (after a lot of experimentation with increasingly simpler SPs finishing with just one int parameter) is "PLS-00306: wrong number or type of arguments in call to 'PROCNAME'" I have tried prefixing the Oracle parameter both with ':' and without. Suffice to say I am losing the will to live. Has anyone any more ideas I could try next? Thanks

  Read the article

• Determine whether app is communicating with APNS sandbox or production environment

  - by goldierox

  I have push notifications set up in my app. I'm trying to determine whether the device token I've received from APNS in the application:didRegisterForRemoteNotificationsWithDeviceToken: method came from the sandbox or development environment. If I can distinguish which environment initialized the token, I'll be able to tell my server to which environment to send the push notification. I've tried using the DEBUG macro to determine this, but I've seen some strange behavior with this and don't trust it to be 100% correct. #ifdef DEBUG BOOL isProd = YES; #else BOOL isProd = NO; #endif Ideally, I'd be able to examine the aps-environment entitlement (value is Development or Production) in code, but I'm not sure if this is even possible. What's the proper way to determine whether your app is communicating with the APNS sandbox or production environments? I'm assuming that the server needs to know this in the first place. Please correct me if this is assumption is incorrect. Edited: Apple's documentation on Provider Communication with APNS details the difference between communicating with the sandbox and production. However, the documentation doesn't give information on how to be consistent with registering the token (from the iOS client app) and communicating with the server.

  Read the article

• A public struct inside a class

  - by Koning Baard

  I am new to C++, and let's say I have two classes: Creature and Human: /* creature.h */ class Creature { private: public: struct emotion { /* All emotions are percentages */ char joy; char trust; char fear; char surprise; char sadness; char disgust; char anger; char anticipation; char love; }; }; /* human.h */ class Human : Creature { }; And I have this in my main function in main.cpp: Human foo; My question is: how can I set foo's emotions? I tried this: foo->emotion.fear = 5; But GCC gives me this compile error: error: base operand of '-' has non-pointer type 'Human' This: foo.emotion.fear = 5; Gives: error: 'struct Creature::emotion' is inaccessible error: within this context error: invalid use of 'struct Creature::emotion' Can anyone help me? Thanks P.S. No I did not forget the #includes

  Read the article

• Are the formatted addresses of a Google location unique?

  - by Hans

  I want our users of a web site to be able to either search and pick an address or mark a location on a map decide how accurate this address/location is I am in the process of implementing the first part with jquery, jquery ui's autocomplete, google map, and google geocoder. For the second part I will generate a radiobutton list based on the address elements/alternatives of the first part on the client side with jquery. My concern, however, is how to convey the choices to the server side. The Google geocoder includes a number of useful metadata that I want to store. A possibility is to store the complete json object in a hidden form field, but I can't trust the users. Such a solution would enable an unfriendly insertion of spam in the data. If the addresses/locations would have a unique identifyer I could store just these and let the server refetch/evaluate the data. The alternative geonames.org web service has such ids. But are for example the formatted addresses of a Google location unique? Any tips?

  Read the article

• iPhone Custom CA certificate for an application which uses NSURLConnection?

  - by jr

  I have an application which is communicating with many different sites and each site has its own SSL certificate signed by our own internal CA. Doing this prevents us the need from purchasing SSL certificates for each site (hundreds or thousands) and is more secure then using a wildcard certificate with a shared key on each of those sites. So, basically using a CA certificate is the only way. Right now, I have a mobileprovision file which will install the CA certificate as a profile on the phone. When our iPhone application launches if it gets an SSL Certificate error it redirects to a this mobile provision file via Safari and the user will be prompted to install the CA. The problem is that I am concerned that the Apple AppStore might deny my app for doing this (Just some feedback from other developers at this point), and I wanted to research other ways to accomplish this. Basically what I need to accomplish is allow an SSL connection which will verify against a custom CA certificate which will be embedded in my application. This will make the CA certificate active for only the calls I make. I am using the standard NSURLConnection methods in order to communicate with the service. Is this possible? Can someone show me how to load the CA (what form PEM?) and add it to the list of trusted CA certificates for my application? If that is not possible what other options do I have? Just trusting all certificates isn't really any option, we want to prevent man in the middle attacks and only trust our CA issued certificates. Thanks!

  Read the article

• Valid javascript object property names

  - by hawkettc

  I'm trying to work out what is considered valid for the property name of a javascript object. For example var b = {} b['-^colour'] = "blue"; // Works fine in Firefox, Chrome, Safari b['colour'] = "green"; // Ditto alert(b['-^colour']); // Ditto alert(b.colour); // Ditto for(prop in b) alert(prop); // Ditto //alert(b.-^colour); // Fails (expected) This post details valid javascript variable names, and '-^colour' is clearly not valid (as a variable name). Does the same apply to object property names? Looking at the above I'm trying to work out if b['-^colour'] is invalid, but works in all browsers by quirk, and I shouldn't trust it to work going forward b['-^colour'] is completely valid, but it's just of a form that can only be accessed in this manner - (it's supported so Objects can be used as maps perhaps?) Something else As an aside, a global variable in javascript might be declared at the top level as var abc = 0; but could also be created (as I understand it) with window['abc'] = 0; the following works in all the above browsers window['@£$%'] = "bling!"; alert(window['@£$%']); Is this valid? It seems to contradict the variable naming rules - or am I not declaring a variable there? What's the difference between a variable and an object property name? Cheers, Colin

  Read the article

• Security considerations processing emails

  - by Timmy O' Tool

  I have process that will be reading emails from an account. The objective of the process is saving to a database those emails with image(s) as attachments. I will be saving sender, subject body and image path (the image will be saved on the process). I will be showing this information on a page so I would like to know all (or most of them :) ) security aspects to cover. I plan to sanitize the subject and body of the email. I can remove most of the tags, probably it would be enough keeping the <p> tag. I'm not sure if I can trust just in a sanitizer. I would like to HTML encode everything except for the <p> tag after sanitize, just in case. Any suggestion? I'm only accepting images as attachment as I said above, any security risk I have to take into account in relation to the attachment? Thanks!

  Read the article

• Are there really safe and legal resources for sound effects to use in applications?

  - by mystify

  For those who want to opt for "close" immediately: Great user interfaces need great sound effects, right? User interfaces are programmed by programmers, right? So this is a programming question, ok? I had a very hard time to find good and legal sound resources. I am not looking for free sounds. Proper licensing is absolutely crucial, and I don't want to get sued by multibilliondollar music companies, hollywood sound studios and their highly overpaid lawyers. They cry about people downloading their stuff in file sharing sites but when someone comes and wants to really license stuff, the market is so empty like an open and unwatched gold mine. Trust me, whatever I type into google, I always end up getting sort of opaque and strange music libraries that do charge money, but refuse to provide proper licensing evidence to the licensee. When you pay money and they only count how many files you downloaded, that can never be a valid license, nor any evidence for you that you did license the sounds. Imagine that contributor suing you and you say: "I licensed it at xy", and his lawyer just smiles: "Show me proof, mofo!". So you loose a million dollars, or 1 for every downloaded app. Congrats. But that's the way all those "hey we're the worlds largest sound effect library" libraries are doing it. It's really annoying. And I hope someone here is able to point out a sound effects ressource which is A) big B) used by professinals C) has a reasonable pricing and licensing model D) provides the licensee with proper legal evidence about licensed sounds You know, I'm not from the US and typically you US folks are the ones who invent the cool stuff on the net, and maybe I just missed a new great start up. So?

  Read the article

• Understanding Security Certificates (and thier pricing)

  - by John Robertson

  I work at a very small company so certificate costs need to be absolutely minimal. However for some applications we do Need to have our customers get that warm fuzzy not-using-a-self-signed certificate feeling. Since creating a "certificate authority" with makecert really just means creating a public/private key pair, it seems pretty clear that creating a public/private key pair FROM such a "certificate authority" really just means generating a second public/private key pair and signing both with the private key that belongs to the "certificate authority". Since the keys are signed anyone can verify they came from the certificate authority I created, or if verisign gave me the pair they sign it with one of their own private keys, and anyone can use verisigns corresponding public key to confirm verisign as the source of the keys. Given this I don't understand when I go to verisign or godaddy why they have rates only for yearly plans, when all I really want from them is a single public/private key pair signed with one of their private keys (so that anyone else can use their public keys to confirm that, yes, they gave me that public/private key pair and they confirmed I was who I said I was so you can trust my public/private key pair as belonging to a legitimate third party). Clearly I am misunderstanding something, what is it? Does verisign retire their public/private key pairs periodically so that my verisign signed key pair "expires" and I need new ones?

  Read the article

< Previous Page | 70 71 72 73 74 75 76 77 78 79 80 81  | Next Page >