Search Results

Search found 2872 results on 115 pages for 'packet injection'.

Page 83/115 | < Previous Page | 79 80 81 82 83 84 85 86 87 88 89 90 | Next Page >

Best Practices for Sanitizing SQL inputs Using JavaScript?

- by Greg Bulmash

So, with HTML5 giving us local SQL databases on the client side, if you want to write a select or insert, you no longer have the ability to sanitize third party input by saying $buddski = mysql_real_escape_string($tuddski) because the PHP parser and MySQL bridge are far away. It's a whole new world of SQLite where you compose your queries and parse your results with JavaScript. But while you may not have your whole site's database go down, the user who gets his/her database corrupted or wiped due to a malicious injection attack is going to be rather upset. So, what's the best way, in pure JavaScript, to escape/sanitize your inputs so they will not wreak havoc with your user's built-in database? Scriptlets? specifications? Anyone?

Read the article
Generating a Call Hierarchy for dynamicly invoked method

- by Maxim Veksler

Hello, Today's world of dynamic invoke, reflection and runtime injection just doesn't play well with traditional tools such as ctags, doxygen and CDOC. I am searching for a method call hierarchy visualization tool that can display both static and dynamic method invocations. It should be easy to use, light during execution and provide helpful detailed information about the recorded runtime session. Now I guess Callgrind could be considered a valid solution for the family C. What tool / technique could you suggest to create a call graph for both static and dynamic method invocation for JVM based bytecode? The intended end result is a graphical display (preferably interactive) which can show path from main() to each method that was invoked. During research for this post I stumbled upon javashot, it seems that this is the kind of approach I'm aiming at, I would prefer that this would be integrated into a kind of profiler or alike which than can be used from within my IDE (Eclipse, IntelliJ, Netbeans and alike). Thank you, Maxim.

Read the article
ASP.NET MVC ViewModelBuilder Suggestions

- by Marco

For anything but trival view models, I use a view model builder that handles the responsibility of generating the view model object. Right now, I use constructor injection of the builders into my controllers but this smells a little since the builder is really dependent upon which action method is being executed. I have two ideas in mind. The first one would involve a custom ActioFilter allowing me to decorate each action method with the appropriate builder to use. The second would be to add an override of the View method that is open to accepting a generic. This is what my code currently looks like. Note, the builder get injected via the ctor. [HttpGet, ImportModelStateFromTempData, Compress] public ActionResult MyAccount() { return View(accountBuilder.Build()); } Here is what option one would look like: [HttpGet, ImportModelStateFromTempData, Compress, ViewModelBuilder(typeof(IMyAccountViewModelBuilder)] public ActionResult MyAccount() { return View(accountBuilder.Build()); } Or option two: [HttpGet, ImportModelStateFromTempData, Compress] public ActionResult MyAccount() { return View<IMyAccountViewModelBuilder>(); } Any thoughts or suggestions would be great!

Read the article
Is preg_match safe enaught in input satinization?

- by DaNieL

Im building a new web-app, LAMP environment... im wondering if preg_match can be trusted for user's input validation (+ prepared stmt, of course) for all the text-based fields (aka not html fields; phone, name, surname, etc..). For example, for a classic 'email field', if i check the input like: $email_pattern = "/^([a-zA-Z0-9_\-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)" . "|(([a-zA-Z0-9\-]+\.)+))([a-zA-Z]{2,4}" . "|[0-9]{1,3})(\]?)$/"; $email = $_POST['email']; if(preg_match($email_pattern, $email)){ //go on, prepare stmt, execute, etc... }else{ //email not valid! do nothing except warn the user } can i sleep easy against the sql/xxs injection? I write the regexp to be the more restrictive as they can.

Read the article
Using ELMAH and URLRewritingNet Together

- by Chris Laythorpe

I have ELMAH setup on my production server and it has done a fantastic job of letting me know about any niggles - as well as any creative SQL injection! I've decided to introduce URl Rewriting and went for http://www.urlrewriting.net/ in the end. It was nice and easy to setup and it's doing exactly what I want with the customer-facing site. The problem is ELMAH. Because I've set the urlrewritingnet node in my config like so: <urlrewritingnet rewriteOnlyVirtualUrls="true" contextItemsPrefix="QueryString" defaultPage = "default.aspx" defaultProvider="RegEx" xmlns="http://www.urlrewriting.net/schemas/config/2006/07" > ...ELMAH likes to do this to it's axd links; http://www.mydomain.com/elmah.axd/stylesheet/default.aspx Does anyone have any idea how to either a) stop the re-writer following the .axd; or b) add rules to the re-writer to get ELMAH to work Any ideas? I'm happy to hack about with the httpHandlers...

Read the article
linux: disable using loopback and send data via wire between 2 eth cards of one comp

- by osgx

Hello I have a comp with 2 eth cards, connected with patch-cord (direct eth. cable from 1st to 2nd). The linux is installed, I want to send data from 1st network card to 2nd. And I want to force the packet to pass via cable. I can set up any ip on cards. With ping I get counters on cards constant. Is it possible with tcp/ip sockets? PS. I need to write a program. which will send packets via eth, so stackoverflow-related question. There can be some OS-dependent way, they will help me too

Read the article
Injecting raw TCP packets with Python

- by Evgeniy Arbatov

Hello! What would be a suitable way to inject a raw TCP packet with Python? For example, I have the payload consisting of hexadecimal numbers and I want to send that sequence of hexadecimal numbers to a network daemon: so that if I choose to send 'abcdef', I see 'abcdef' on the wire too. But not '6162636566' as in the case of: new = socket.socket(socket.AF_INET, socket.SOCK_STREAM) new.connect(('127.0.0.1', 9999)) new.send('abcdef') Can I use Python's SOCK_RAW for this purpose? If so, can you give me an example of sending raw TCP packets with SOCK_RAW (since I did not get it working myself) Thanks! Evgeniy

Read the article
Tools to test softwares against any attacks for programmers ?

- by berkay

in these days, i'm interested in software security. As i'm reading papers i see that there are many attacks and researchers are trying to invent new methods for softwares to get more secure systems. this question can be a general including all types of attacks.There are many experienced programmers in SO, i just want to learn what are using to check your code against these attacks ? Is there any tools you use or you don't care ? For example i heard about,static,dynamic code analysis, fuzz testing. SQL injection attacks Cross Site Scripting Bufferoverflow attacks Logic errors Any kind of Malwares Covert Channels ... ... thanks

Read the article
IoC and Design Time

- by benPearce

I have a WPF application which I am using to learn MVVM and IoC. The problem is that the Model used by one of the Views expects to pull one of its dependancies in the constructor from an IoC container. When working on this View in the Visual Studio designer it cannot show the design because an exception is being raised in the model. Is there a way around this? Am I pulling my dependancies in the wrong place in code or is there a way I can pass in constructed dependancies, perhaps through Constructor injection. At present the IoC container is setup in code in App.xaml.cs. The IoC container is a roll-your-own taken from this article on MSDN - http://msdn.microsoft.com/en-us/magazine/cc337885.aspx

Read the article
iOS Efficiency File Saving Efficiency

- by Guvvy Aba

I was working on my iOS app and my goal is to save a file that I am receiving from the internet bit by bit. My current setup is that I have a NSMutableData object and I add a bit of data to it as I receive my file. After the last "packet" is received, I write the NSData to a file and the process is complete. I'm kind of worried that this isn't the ideal way to do it because of the limitations of RAM in a mobile device and it would be problematic to receive large files. My next thought was to implement a NSFileHandle so that as the file arrives, it would be saved to the disk, rather than the virtual memory. In terms of speed and efficiency, which method do you think will work decently on an iOS device. I am currently using the first, NSMutableData approach. Is it worth changing my app to use the NSFileHandle? Thanks in advance, Guvvy

Read the article
Tomcat6 MySql JDBC Datasource configuration

- by Bob

Hi, I've always used Spring's dependency injection to get datasource objects and use them in my DAOs, but now, I have to write an app without that. With Spring I can write something like this: <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver" /> <property name="url" value="jdbc:mysql://127.0.0.1/app?characterEncoding=UTF-8" /> <property name="username" value="u" /> <property name="password" value="p" /> </bean> But how can I use datasource in my DAOs without Spring or anything? I'm using servlets and JSPs only. Performance is very important factor. Thanks in advance!

Read the article
Ant target for compile-time code instrumentation with Spring aspects

- by alecswan

I have developed a web application using Netbeans 6.7 and Ant. The webapp works, but I would like to refactor the code to use @Configurable Spring annotation for cleaner dependency injection. I was able to get load-time weaving (LTW) of Spring aspects to work intermittently (see http://forum.springsource.org/showthread.php?t=86904). At this point I would like to use compile-time weaving with my tool set. Could anybody provide an Ant target that I can use to weave Spring aspects at compile time? An extra credit will be given to anybody who explains how to configure Netbeans to execute the new Ant target right after code compilation. Thanks.

Read the article
How to make a structure map powered viewengine in asp.net mvc

- by Andrew Bullock

My views extend a base view class ive made: public class BaseView : ViewPage At the moment im calling ObjectFactory.GetInstance inside this class' constructor to get some interface implementations but id like to use structuremap to inject them as constructor arguments. Im using a structuremapcontrollerfactory to create my controllers, but how can i do the same for views? I know i can implement a custom ViewEngine, but using reflector to look at the mvc default viewengine and its dependencies, it seems to go on and on and i'd rather not have to re-implement stuff thats already there. Has anyone got a cunning idea how to solve this? I know i could make things easier with setter instead of constructor injection but id rather avoid that if possible.

Read the article
How do you unit test web page authorization using ASP.NET MVC?

- by Kevin Pang

Let's say you have a profile page that can only be accessed by the owner of that profile. This profile page is located at: User/Profile/{userID} Now, I imagine in order to prevent access to this page by other users, you could structure your UserController class's Profile function to check the current session's identity: HttpContext.Current.User.Identity.Name If the id matches the one in the url, then you proceed. Otherwise you redirect to some sort of error page. My question is how do you unit test something like this? I'm guessing that you need to use some sort of dependency injection instead of the HttpContext in the controller to do the check on, but I am unclear what the best way to do that is. Any advice would be helpful.

Read the article
How to get hold of the current NHibernate.Cfg.Configuration instance.

- by Sandor Drieënhuizen

My C# project has repositories that are instantiated using dependency injection. One of the repository methods needs access to the NHibernate.Cfg.Configuration instance (to generate the database schema) that was returned when initializing NHibernate. I cannot pass the configuration to the repository however, because that would break the persistence ignorance principle -- I really don't want to expose any implementation details through the repository interface. So what I'm looking for is a way of getting hold of the current NHibernate.Cfg.Configuration instance from within my repository. I have no trouble getting hold of the current session, it's just the configuration that I cannot get hold of.

Read the article
Using Active Objects and BLOBs

- by Andrew L.

I am in a group of people who are creating a Defect Tracking program as a project. We have been using Active Objects and have run into some issues. Currently maximum file size for the blob is approx. 2Mb but we want to be able to increase it up to 2Gb. We currently have been looking at many sites and have not been able to find out how to increase the size. We are currently storing the blob as an array of bytes. Our current error says, Packet for Query is too large? We don't know how to set the variable, and we don't know how to set it using AO. We are programming this in Java, too. We are wondering if anyone has a solution to this problem. Thanks for the Help.

Read the article
AudioQueueOfflineRender returning empty data

- by hyn

I'm having problems using AudioQueueOfflineRender to decode AAC data. When I examine the buffer after the call, it is always filled with empty data. I made sure the input buffer is valid and packet descriptions are provided. I searched and found that a few others have had the same problem: http://lists.apple.com/archives/Coreaudio-api/2008/Jul/msg00119.html Also, the inTimestamp argument doesn't make sense to me. Why should the renderer care where in the audio the beginning of the buffer corresponds to? The function throws an error if I pass in NULL, so I pass in the timestamp anyway.

Read the article
Calculation of charged traffic in GPRS network

- by TyBoer

I am working with a distributed application communicating over GPRS. I use UDP packets to send business data and ICMP pings to verify connectivity. And now I have a problem with calculating a traffic for which I will be charged by the provider. I have to consider following factors: UDP payload: that is obvious. UDP overhead: UDP header + IP header = 8 + 20 bytes. ICMP echo request without data: IP header + ICMP payload = 28 bytes. ICMP echo reply: as in 3. Above means that for evey data packet I am charged for payload + 28 bytes and for every ping 56 bytes. Am I right or I am missing/misunderstanding something?

Read the article
Useful Eclipse Java Code Templates

- by Jon

You can create various Java code templates in Eclipse via the Window->Preferences->Java -> Editor -> Templates e.g. sysout is expanded to: System.out.println(${word_selection}${});${cursor} You can activate this by typing sysout followed by CTRL+SPACE What useful Java code templates do you currently use? Include the name and description of it and why it's awesome. There's an open bounty on this for an original/novel use of a template rather than a built-in existing feature. Create Log4J logger Get swt color from display Syncexec - Eclipse Framework Singleton Pattern/Enum Singleton Generation Readfile Const Traceout Format String Comment Code Review String format Try Finally Lock Message Format i18n and log Equalsbuilder Hashcodebuilder Spring Object Injection Create FileOutputStream

Read the article
Catch database exception in Kohana

- by danilo

I'm using Kohana 2. I would like to catch a database exception to prevent an error page when no connection to the server can be established. The error displayed is system/libraries/drivers/Database/Mysql.php [61]: mysql_connect() [function.mysql-connect]: Lost connection to MySQL server at 'reading initial communication packet', system error: 110 The database server is not reachable at all at this point. I'm doing this from a model. I tried both public function __construct() { // load database library into $this->db try { parent::__construct(); } catch (Exception $e) { die('Database error occured'); } } as well as try { $hoststatus = $this->db->query('SELECT x FROM y WHERE z;'); } catch (Exception $e) { die('Database error occured'); } ...but none of them seemed to work. It seems as if no exception gets passed on from the main model. Is there another way to catch the database error and use my own error handling?

Read the article
can I override/redefine "global" Javascript functions, like confirm() and alert()?

- by EndangeringSpecies

I want to do some browser automation, and those pesky confirm/alert boxes are a real pain. Disabling javascript completely in this case is not an option, unfortunately. Well, so I was wondering, can I just change the definition of those methods as seen by my browser's javascript interpreter to basically do nothing and return true? Note that I do know about redefining them in the Javascript code directly, e.g. putting in function alert(message) { return true; } but AFAIK this is not a viable approach for this situation because when doing browser automation I have to work with other people's Javascript. Moreover, my program actually begins manipulating these websites already after the page has fully loaded into the browser, so I cannot just first automatically rewrite the javascript and then load the page. Well, so I was wondering if I could instead just "permanently" modify the way alert/confirm are implemented and executed in my browser. Sort of like the equivalent of dll injection and so forth in the realm of windows apps.

Read the article
How do the routers communicate with each other ?

- by Berkay

Let's say that i want make a request a to a web page which is hosted in Europe (i live in USA).My packets only consist the IP address of the web page, first the domain name to ip address transformation is done, then my packets start their journey through to europe. i assume that MAC addresses never used in this situation? are they? First, my packets deal with many routers on way how these routers communicate with each other?, are router addresses added to my packet headers ? Second, is there a specific path router to router comminication or which conditions affect this route? Third to cross the Atlantic Ocean, are cables used or... ?

Read the article
ASP.NET MVC 3 - What features do you want to see?

- by user299592

I know a bunch of people that are really enjoying the improvements that ASP.NET MVC 2 made over the first release. I have just started to migrate our MVC 1 project over and so far areas has totally cleaned up the subfolder mess we had in our large scale application. As I dive deeper into all the improvements and changes that were made I still keep thinking to myself man it would be nice if they had x in this release. For isntance, I would love it if they had some sort of dependency injection built in instead of having to use third party solutions. My real question is now that ASP.NET MVC 2 is out in the wild, what features do want/wish the team had implemented and hope they will implement for ASP.NET MVC 3?

Read the article
conversion of a varchar to a smalldatetime results in an out-of-range value

- by michael

The code: strSql = "insert into table2 (transactiondate) values ('" & transactiondate & "')" seems to be giving me the runtime error: The conversion of a varchar data type to a smalldatetime data type resulted in an out-of-range value In the code, strSql is a String object and transactiondate is a Date object. In the SQL database however, transactiondate is a smalldatetime object. I've tried changing the smalldatetime to a datetime (in the database) and I've tried transactiondate.toString() but with no success. How can this be fixed? Note: I know about the dangers of inline SQL. I am looking for a quick fix solution here and not a discussion about SQL injection.

Read the article
Chrome plugin removal

- by kambamsu

Hi, I'm writing an NPAPI plugin. In every webpage that the browser goes to, I inject my plugin with an object tag. Something like: <object id="myplugin" type="plugin-mime-type" > In some pages where i dont want it, after injection i remove it by finding the element using the id and doing a document.removeChild. From my logging i found that in firefox and opera, doing this automatically calls the plugin destroy method NPP_Destroy (NPAPI). But in chrome, it doesnt seem to call it. Is there any special way that i should remove a plugin in chrome that i am missing?? Any help would be appreciated. Thanks

Read the article

< Previous Page | 79 80 81 82 83 84 85 86 87 88 89 90 | Next Page >