Search Results

Search found 22139 results on 886 pages for 'security testing'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 78/886 | < Previous Page | 74 75 76 77 78 79 80 81 82 83 84 85  | Next Page >

  • Using JavaScript eval to parse JSON

    - by Quandary
    Question: I'm using eval to parse a JSON return value from one of my WebMethods. I prefer not to add jquery-json because the transfer volume is already quite large. So I parse the JSON return value with eval. Now rumors go that this is insecure. Why ? Nobody can modify the JSOn return value unless they hack my server, in which case I would have a much larger problem anyway. And if they do it locally, JavaScript only executes in their browser. So I fail to see where the problem is. Can anybody shed some light on this, using this concrete example? function OnWebMethodSucceeded(JSONstrWebMethodReturnValue) { var result=eval('(' + JSONstrWebMethodReturnValue + ')') ... // Adding result.xy to a table }

    Read the article

  • Should integration testing of DAOs be done in an application server?

    - by HDave
    I have a three tier application under development and am creating integration tests for DAOs in the persistence layer. When the application runs in Websphere or JBoss I expect to use the connection pooling and transaction manager of those application servers. When the application runs in Tomcat or Jetty, we'll be using C3P0 for pooling and Atomikos for transactions. Because of these different subsystems, should the DAO's be tested in a fully configured application server environment or should we handle those concerns when integration testing the service layer? Currently we plan on setting up a simple JDBC data source with non-JTA (i.e. resource-local) transactions for DAO integration testing, thus no application server is involved....but this leaves me wondering about environmental problems we won't uncover.

    Read the article

  • What are best practices for securing the admin section of a website?

    - by UpTheCreek
    I'd like to know what people consider best practice for securing the Admin sections of websites, specifically from an authentication/access point of view. Of course there are obvious things, such as using SSL and logging all access, but I'm wondering just where above these basic steps people consider the bar to be set. For example: Are you just relying on the same authentication mechanism that you use for normal users? If not, what? Are you running the Admin section in the same 'application domain'? What steps do you take to make the admin section undiscovered? (or do you reject the while 'obscurity' thing)

    Read the article

  • How secure is a PostgreSQL database if my server is stolen?

    - by orokusaki
    If I have a server with a database if top secret data in PostgreSQL and my password is practically impossible to crack (128 character string of all sorts of weird chars, generated by hand). The server password is also uncrackable in theory (basically, ignore the possibility of a password crack on the DB). Aside from a password crack, how easy is it to get the data out of this database? Assumptions: Only the DB exists on the server. There is no password in a PHP script or anything like that The person who has the server is a computer / DB / hard-drive recovery expert I'm not using any hard-drive encryption or anything out of the norm for protection I'm trying to understand the risks involved with somebody gaining physical access to my server's hard-drives.

    Read the article

  • Web Application Scanner

    - by rajesh
    I want to develop a Web applications to collect or exchange sensitive or personal data, this system would give user a detailed automated report on : • How secure user's website is? • How easily it can be hacked? • Where exactly is the problem and • What are the remedies? Any suggestions????

    Read the article

  • can you use proxies to do load/stress testing on a server, with proxy serving as a sort of mirror?

    - by EndangeringSpecies
    suppose I want to test a server's and its web application's ability to handle many simultaneous connections well and show decent latency. So ideally I would want a thousand machines to bombard it with usage requests, but that's not practicable. So instead, can I just make a testing script with a thousand threads to run on the same server and have them perform the testing, connecting to the server via a geographically far-away proxy? My reasoning here is that the signal will have to travel realistically big distances to the proxy and back, so that sort of emulates the reality of real clients accessing the server. Then again, to take this one step further, are there prepackaged emulators/frameworks that could perform a similar test without using internet at all, just simulating the latency of the network, realistically creating all the socket connections and other resource intensive stuff etc?

    Read the article

  • Automated Testing tools for HTML5 Canvas

    - by user432195
    I'm looking for a tool to do some automated GUI testing on a HTML5 canvas component we're developing. Basically I'm looking for a tool that is able to record the clicks and events on the canvas component and is able to replay those events. So far most of the testing tools like Telerik WebUI Testing Suite, Selenium, TestSwarm, qUnit, Jasmine, Hudson seems that they don't fully support HTML5 canvas testing. Would you guys know a testing tool that already supports that ? If not, would you know how companies are doing automated testing of HTML5 canvas ? Thanks, Andy N.

    Read the article

  • Unit Testing User Interface. What is an effective way ?

    - by pierocampanelli
    I have an accounting & payroll client/server application where there are several input form with complex data validation rules. I am finding an effective way to perform unit testing of user interface. For complex validation rules I mean: "Disable button X if I Insert a value in textfield Y" "Enable a combobox if I insert a value in a textfield" ...... ...... Most promising pattern i have found is suggested by M. Fowler (http://martinfowler.com/eaaDev/ModelViewPresenter.html). Have you any experience about Unit Testing of User Interface? As technology stack I am using: .NET 3.5 & Windows Forms Widget Library.

    Read the article

  • HMAC URLs instead of login?

    - by Tres
    In implementing my site (a Rails site if it makes any difference), one of my design priorities is to relieve the user of the need to create yet another username and password while still providing useful per-user functionality. The way I am planning to do this is: User enters information on the site. Information is associated with the user via server-side session. User completes entering information, server sends an access URL via e-mail to the user roughly in the form of: http://siteurl/<user identifier>/<signature: HMAC(secret + salt + user identifier)> User clicks URL, site looks up user ID and salt and computes the HMAC with the server-stored secret and authenticates if the computed HMAC and signature match. My question is: is this a reasonably secure way to accomplish what I'm looking to do? Are there common attacks that would render it useless? Is there a compelling reason to abandon my desire to avoid a username/password? Is there a must-read book or article on the subject? Note that I'm not dealing with credit card numbers or anything exceedingly private, but I would still like to keep the information reasonably secure.

    Read the article

  • Which are the best techniques to protect a 'homemade' framework from unlogged visitors?

    - by Hermet
    First of all, I would like to say that I have used the search box looking for a similar question unsuccessfully, maybe because of my poor english skills. The way I currently do this is checking in every single page that a session has been opened. If not, the user gets redirected to a 404 page, to seem like the file which has been requested doesn't exist. I really don't know if this is sure or there's a better and more safety way and I'm currently working with kind of confidential data that should never become public. Could you give me some tips? Or leave a link where I could find some? Thank you very much, and again excuse me for kicking the dictionary.

    Read the article

  • What's the best technique to protect my framework from visitors who are not logged in?

    - by Hermet
    First of all, I would like to say that I have used the search box looking for a similar question and was unsuccessful, maybe because of my poor english skills. I have a a 'homemade' framework. I have certain PHP files that must only be visible for the admin. The way I currently do this is check within every single page to see if a session has been opened. If not, the user gets redirected to a 404 page, to seem like the file which has been requested doesn't exist. I really don't know if this is guaranteed to work or if there's a better and more safe way because I'm currently working with kind of confidential data that should never become public. Could you give me some tips? Or leave a link where I could find some? Thank you very much, and again excuse me for kicking the dictionary. EDIT What I usually write in the top of each file is something like this <?php include("sesion.php"); $rs=comprueba(); //'check' if ($rs==1) { ?> And then, at the end <?php } ?> Is it such a butched job, isn't it? EDIT Let's say I have a customers list in a file named customers.php That file may be currently on http://www.mydomain.com/admin/customers.php and it must only be visible for the admin user. Once the admin user has been logged in, I create a session variable. That variable is what I check on the top of each page, and if it exists, the customers list is shown. If not, the user gets redirected to the 404 page. Thank you for your patience. I really appreciate.

    Read the article

  • Does Ruby/Rails require more unit testing than say a PHP app?

    - by Blankman
    I don't find the unit testing push in the PHP market like I see/read in the ruby/rails arena. Could one just as easily NOT unit test in ruby/rails as in php, or is ruby just too bendable and breakable that it "more" recommended to test in ruby than in php? Meaning there are large code bases like vBulletin, and from what I can tell, they don't unit test. I hope you understand what I am asking here, not the pros/cons of testing, or whether one should test or not, but rather, does one language need to be tested more than another? maybe its easy to write buggy code, or break during refactoring etc.

    Read the article

  • Unit Testing Framework for XQuery

    - by Knut Vatsendvik
    This posting provides a unit testing framework for XQuery using Oracle Service Bus. It allows you to write a test case to run your XQuery transformations in an automated fashion. When the test case is run, the framework returns any differences found in the response. The complete code sample with install instructions can be downloaded from here. Writing a Unit Test You start a new Test Case by creating a Proxy Service from Workshop that comes with Oracle Service Bus. In the General Configuration page select Service Type to be Messaging Service           In the Message Type Configuration page link both the Request & Response Message Type to the TestCase element of the UnitTest.xsd schema                 The TestCase element consists of the following child elements The ID and optional Name element is simply used for reference. The Transformation element is the XQuery resource to be executed. The Input elements represents the input to run the XQuery with. The Output element represents the expected output. These XML documents are “also” represented as an XQuery resource where the XQuery function takes no arguments and returns the XML document. Why not pass the test data with the TestCase? Passing an XML structure in another XML structure is not very easy or at least not very human readable. Therefore it was chosen to represent the test data as an loadable resource in the OSB. However you are free to go ahead with another approach on this if wanted. The XMLDiff elements represents any differences found. A sample on input is shown here. Modeling the Message Flow Then the next step is to model the message flow of the Proxy Service. In the Request Pipeline create a stage node that loads the test case input data.      For this, specify a dynamic XQuery expression that evaluates at runtime to the name of a pre-registered XQuery resource. The expression is of course set by the input data from the test case.           Add a Run stage node. Assign the result of the XQuery, that is to be run, to a context variable. Define a mapping for each of the input variables added in previous stage.     Add a Compare stage. Like with the input data, load the expected output data. Do a compare using XMLDiff XQuery provided where the first argument is the loaded output test data, and the second argument the result from the Run stage. Any differences found is replaced back into the test case XMLDiff element. In case of any unexpected failure while processing, add an Error Handler to the Pipeline to capture the fault. To pass back the result add the following Insert action In the Response Pipeline. A sample on output is shown here.

    Read the article

  • A Reusable Builder Class for .NET testing

    - by Liam McLennan
    When writing tests, other than end-to-end integration tests, we often need to construct test data objects. Of course this can be done using the class’s constructor and manually configuring the object, but to get many objects into a valid state soon becomes a large percentage of the testing effort. After many years of painstakingly creating builders for each of my domain objects I have finally become lazy enough to bother to write a generic, reusable builder class for .NET. To use it you instantiate a instance of the builder and configuring it with a builder method for each class you wish it to be able to build. The builder method should require no parameters and should return a new instance of the type in a default, valid state. In other words the builder method should be a Func<TypeToBeBuilt>. The best way to make this clear is with an example. In my application I have the following domain classes that I want to be able to use in my tests: public class Person { public string Name { get; set; } public int Age { get; set; } public bool IsAndroid { get; set; } } public class Building { public string Street { get; set; } public Person Manager { get; set; } } The builder for this domain is created like so: build = new Builder(); build.Configure(new Dictionary<Type, Func<object>> { {typeof(Building), () => new Building {Street = "Queen St", Manager = build.A<Person>()}}, {typeof(Person), () => new Person {Name = "Eugene", Age = 21}} }); Note how Building depends on Person, even though the person builder method is not defined yet. Now in a test I can retrieve a valid object from the builder: var person = build.A<Person>(); If I need a class in a customised state I can supply an Action<TypeToBeBuilt> to mutate the object post construction: var person = build.A<Person>(p => p.Age = 99); The power and efficiency of this approach becomes apparent when your tests require larger and more complex objects than Person and Building. When I get some time I intend to implement the same functionality in Javascript and Ruby. Here is the full source of the Builder class: public class Builder { private Dictionary<Type, Func<object>> defaults; public void Configure(Dictionary<Type, Func<object>> defaults) { this.defaults = defaults; } public T A<T>() { if (!defaults.ContainsKey(typeof(T))) throw new ArgumentException("No object of type " + typeof(T).Name + " has been configured with the builder."); T o = (T)defaults[typeof(T)](); return o; } public T A<T>(Action<T> customisation) { T o = A<T>(); customisation(o); return o; } }

    Read the article

  • What PHP configuration and extensions are recommended for speed, efficiency and security?

    - by Sanoj
    I am setting up an Ubuntu server with nginx and PHP. I have read about many different configurations and extensions that could be added and it is pretty hard to know about all of them. I would like to hear from you, sysadmins, what PHP configuration and extensions do you recommend? I have read about: Suhosin for security Alternative PHP Cache for speed and efficiency Memcache for speed and efficiency PHP FastCGI Process Manager for speed and efficiency But I have no idea if they are good or not, and if I should use them together.

    Read the article

  • What PHP configuration and extensions are recommended for efficiency and security?

    - by Sanoj
    I am setting up an Ubuntu VPS server with nginx and PHP. I have read about many different configurations and extensions that could be added and it is pretty hard to know about all of them. I would like to hear from you, sysadmins, what PHP configuration and extensions do you recommend? I have read about: Suhosin for security Alternative PHP Cache for efficiency PHP FastCGI Process Manager for efficiency But I have no idea if they are good or not, and if I should use them together.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 74 75 76 77 78 79 80 81 82 83 84 85  | Next Page >