Search Results

Search found 29495 results on 1180 pages for 'cross site scripting'.

Page 833/1180 | < Previous Page | 829 830 831 832 833 834 835 836 837 838 839 840 | Next Page >

Gaming Community CMS, with forum integration [closed]

- by Tillman32

Possible Duplicate: Which Content Management System (CMS) should I use? I've had a simple website that I coded myself for a while now, the site is a gaming community. It's very forum and news driven. It was a HORRIBLE idea to take on coding this thing myself. Although we've used it for about a year now, we're just getting too big, and I need to streamline our work. I need writers to post news, etc. I've been doing it through code. ( A year ago I thought it would be a cool idea ) Anyway, I've been messing with just about every CMS out there, and I'm struggling to get something that I really like. The main issue I'm facing, is a good news system, and good forum integration. I'm sort of picky when it comes to looks, its a curse. Reading on here, I see a lot of people saying Drupal is the best for the 3 things I need, community interaction, and forums. I think the main issue that I ran into with drupal, was ease of use, and themes. I am not a web designer, and I need a good theme. For an idea of what I'm looking for, go check out http://www.clgaming.net, they have forums integrated, a nice news area on home page/news section, and nice user accounts. It looks very professional, and I doubt I'll get close to that with a free theme, but their functionality is exactly what I need. Any ideas would be greatly appreciated.

Read the article
ArchBeat Link-o-Rama for December 7, 2012

- by Bob Rhubart

From XaaS to Java EE – Which damn cloud is right for me in 2012? | Markus Eisele Oracle ACE Director Markus Eisele wrestles with a timely technical issue and shares his observations on several of the alternatives. WebLogic Servier Domain Browser App (Android) My colleague Jeff Davies, a frequent speaker at OTN Architect Day events and a genuinely nice guy, emailed me last night with this message: "I just came across this app on Google Play. It allows WebLogic administrators to browse WLS 12c domain information. I installed it on my phone and tried it out. Works very fast." I'm an iPhone guy, but I'm perfectly comfortable taking Jeff at his word.The app is called WLS Domain Browser. Follow the link for more info from the Google Play site. Exalogic 2.0.1 Tea Break Snippets - Creating a ModifyJeOS VirtualBox | The Old Toxophilist "One of the main advantages of this is that Templates can be created away from the Exalogic Environment," explains The Old Toxophilist. BTW: I had to look it up: a toxophilist is one who collects bows and arrows. Thought for the Day "All models are wrong; some models are useful." — George Box Source: SoftwareQuotes.com

Read the article
Blocking non-virtual host access in Apache?

- by cmbrnt

I'm running an apache-server, with a bunch of virtual hosts for about seven domain names. Now I'd like to disallow access for clients who try to access my server using only its IP-adress. So: When someone accesses my website through www.domain.com, they reach the site hosted in /var/www/domain.com/public_html/. When someone enters the ip-address of the server they reach a 403 Forbidden-message. The problem with this is that they are theoretically able to reach my other sites through bruteforce, when getting http://11.22.33.44/domain.com/public_html/. I rather want them to reach a 403 Forbidden all the time, as long as they don't access my server by a valid domain name. How do I solve this problem?

Read the article
How to understand cpu family/model/stepping fields in /proc/cpuinfo

- by Victor Sorokin

I have following in cpuinfo: processor : 0 vendor_id : AuthenticAMD cpu family : 15 model : 107 model name : AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ stepping : 2 According to Wikipedia page there are two kinds of 5600+ -- one of 90nm technology, another of 65nm. How can I understand which one I have? There seem to be no direct correspondence between contents of cpuinfo and info on Wikipedia page. AMD site seems to use some other naming scheme for processors too. How can I map values of family, model and stepping from cpuinfo to the data available on Wikipedia/AMD?

Read the article
SSL Certificate for local web server

- by Firefly

Is it at all possible to create a self-signed certificate for use on multiple machines on a local network which would stop the browser complaining it is not a trusted site? We have a product which is basically a computer running lighttpd to serve a web interface for configuring the computer (sort of how a router has a web interface). There can also be many of these machines running on the same network with dynamic IP's. What I basically want to do is enable SSL for extra security but I don't want people who are on the local network to be given a browser warning about the certificate not being trusted. Is this at all possible?

Read the article
Clean URLS with mod rewrite and URL Encoded characters causes 404?

- by Richard JP Le Guen

I have a web site using mod_rewrite to get some clean urls and custom 404 pages. My .htaccess file looks like this: <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php?clean_url=$1 [QSA,L] </IfModule> What puzzles me is that if the URL contains a %2F (url-encoded /) the server seems to force a 404. As an example, http://example.com/category/article would be a normal article, but then http://example.com/category%2farticle gives a server-generated 404 page. (not the custom 404 page) I wouldn't have expected this... why this is happening? Is there a way around it?

Read the article
Retrieve malicious IP addresses from Apache logs and block them with iptables

- by Gabriel Talavera

Im trying to keep away some attackers that try to exploit XSS vulnerabilities from my website, I have found that most of the malicious attempts start with a classic "alert(document.cookie);\" test. The site is not vulnerable to XSS but I want to block the offending IP addresses before they found a real vulnerability, also, to keep the logs clean. My first thought is to have a script constantly checking in the Apache logs all IP addresses that start with that probe and send those addresses to an iptables drop rule. With something like this: cat /var/log/httpd/-access_log | grep "alert(document.cookie);" | awk '{print $1}' | uniq Why would be an effective way to send the output of that command to iptables? Thanks in advance for any input!

Read the article
Firefox 3.6 performance increase tricks.......

- by metal gear solid

I use many Add-ons which helps me in Web development so i can't uninstall those addons. and usually I keep open lots of tabs in Firefox. And almost always keep Firefox on on my system. I use default profile only I always keep every addons and firefox itself updated. I found some addons to reduce memory use on Firefox addons site , but user reviews were not good for them still Is there any tested tricks to increase performance and reduce memory use of Firefox 3.6, which really works?

Read the article
<%: %>, HtmlEncode, IHtmlString and MvcHtmlString

- by Shaun

One of my colleague and friend, Robin is playing and struggling with the ASP.NET MVC 2 on a project these days while I’m struggling with a annoying client. Since it’s his first time to use ASP.NET MVC he was meetings with a lot of problem and I was very happy to share my experience to him. Yesterday he asked me when he attempted to insert a <br /> element into his page he found that the page was rendered like this which is bad. He found his <br /> was shown as a part of the string rather than creating a new line. After checked a bit in his code I found that it’s because he utilized a new ASP.NET markup supported in .NET 4.0 – “<%: %>”. If you have been using ASP.NET MVC 1 or in .NET 3.5 world it would be very common that using <%= %> to show something on the page from the backend code. But when you do it you must ensure that the string that are going to be displayed should be Html-safe, which means all the Html markups must be encoded. Otherwise this might cause an XSS (cross-site scripting) problem. So that you’d better use the code like this below to display anything on the page. In .NET 4.0 Microsoft introduced a new markup to solve this problem which is <%: %>. It will encode the content automatically so that you will no need to check and verify your code manually for the XSS issue mentioned below. But this also means that it will encode all things, include the Html element you want to be rendered. So I changed his code like this and it worked well. After helped him solved this problem and finished a spreadsheet for my boring project I considered a bit more on the <%: %>. Since it will encode all thing why it renders correctly when we use “<%: Html.TextBox(“name”) %>” to show a text box? As you know the Html.TextBox will render a “<input name="name" id="name" type="text"/>” element on the page. If <%: %> will encode everything it should not display a text box. So I dig into the source code of the MVC and found some comments in the class MvcHtmlString. 1: // In ASP.NET 4, a new syntax <%: %> is being introduced in WebForms pages, where <%: expression %> is equivalent to 2: // <%= HttpUtility.HtmlEncode(expression) %>. The intent of this is to reduce common causes of XSS vulnerabilities 3: // in WebForms pages (WebForms views in the case of MVC). This involves the addition of an interface 4: // System.Web.IHtmlString and a static method overload System.Web.HttpUtility::HtmlEncode(object). The interface 5: // definition is roughly: 6: // public interface IHtmlString { 7: // string ToHtmlString(); 8: // } 9: // And the HtmlEncode(object) logic is roughly: 10: // - If the input argument is an IHtmlString, return argument.ToHtmlString(), 11: // - Otherwise, return HtmlEncode(Convert.ToString(argument)). 12: // 13: // Unfortunately this has the effect that calling <%: Html.SomeHelper() %> in an MVC application running on .NET 4 14: // will end up encoding output that is already HTML-safe. As a result, we're changing out HTML helpers to return 15: // MvcHtmlString where appropriate. <%= Html.SomeHelper() %> will continue to work in both .NET 3.5 and .NET 4, but 16: // changing the return types to MvcHtmlString has the added benefit that <%: Html.SomeHelper() %> will also work 17: // properly in .NET 4 rather than resulting in a double-encoded output. MVC developers in .NET 4 will then be able 18: // to use the <%: %> syntax almost everywhere instead of having to remember where to use <%= %> and where to use 19: // <%: %>. This should help developers craft more secure web applications by default. 20: // 21: // To create an MvcHtmlString, use the static Create() method instead of calling the protected constructor. The comment said the encoding rule of the <%: %> would be: If the type of the content is IHtmlString it will NOT encode since the IHtmlString indicates that it’s Html-safe. Otherwise it will use HtmlEncode to encode the content. If we check the return type of the Html.TextBox method we will find that it’s MvcHtmlString, which was implemented the IHtmlString interface dynamically. That is the reason why the “<input name="name" id="name" type="text"/>” was not encoded by <%: %>. So if we want to tell ASP.NET MVC, or I should say the ASP.NET runtime that the content is Html-safe and no need, or should not be encoded we can convert the content into IHtmlString. So another resolution would be like this. Also we can create an extension method as well for better developing experience. 1: using System; 2: using System.Collections.Generic; 3: using System.Linq; 4: using System.Web; 5: using System.Web.Mvc; 6: 7: namespace ShaunXu.Blogs.IHtmlStringIssue 8: { 9: public static class Helpers 10: { 11: public static MvcHtmlString IsHtmlSafe(this string content) 12: { 13: return MvcHtmlString.Create(content); 14: } 15: } 16: } Then the view would be like this. And the page rendered correctly. Summary In this post I explained a bit about the new markup in .NET 4.0 – <%: %> and its usage. I also explained a bit about how to control the page content, whether it should be encoded or not. We can see the ASP.NET MVC gives us more points to control the web pages. Hope this helps, Shaun All documents and related graphics, codes are provided "AS IS" without warranty of any kind. Copyright © Shaun Ziyan Xu. This work is licensed under the Creative Commons License.

Read the article
Throttling apache downloads selectively

- by Synchro

I have a linux box running Debian Sarge (old I know) and apache 2.0.54. It serves two kinds of files - regular web pages and small images, and a lot of large podcast mp3s. The podcast downloads swamp the connection and make the rest of the site unresponsive, so I'm looking to throttle the data transfer rate (not the request rate) of just the podcasts. I've set up haproxy using this technique which does what it says it will, but solves a different problem - even only 5 simultaneous podcast downloads is enough to saturate the link. In a perfect world, haproxy would support per-connection throttling, but it doesn't. So far I've looked at mod_bw (won't compile for me, seems unsupported), mod_cband (unsupported, widely reported as problematic) and iptables using tc. The iptables approach would allow me to throttle things, but would not be at all selective, slowing down everything on the server, not just the podcasts, so would just move the bottleneck without changing overall behaviour. Ideas?

Read the article
ASP.NET MVC 3 (C#) Software Architecture

- by ryanzec

I am starting on a relatively large and ambitious ASP.NET MVC 3 project and just thinking about the best way to organize my code. The project is basically going to be a general management system that will be capable of supporting any type management system whether it be a blogging system, cms, reservation system, wikis, forums, project management system, etc…, each of them being just a separate 'module'. You can read more about it on my blog posted here : http://www.ryanzec.com/index.php/blog/details/8 (forgive me, the style of the site kinda sucks). For those who don't want to read the long blog post the basic idea is that the core system itself is nothing more than a users system with an admin interface to manage the users system. Then you just add on module as you need them and the module I will be creating is a simple blog post to test it out before I move on to the big module which is a project management system. Now I am just trying to think of the best way to structure this so that it is easy for users to add in there own modules but easy for me to update to core system without worrying about the user modifying the core code. I think the ideal way would be to have a number of core projects that user is specifically told not to modify otherwise the system may become unstable and future updates would not work. When the user wants to add in there own modules, they would just add in a new project (or multiple projects). The thing is I am not sure that it is even possible to use multiple projects all with their own controllers, razor view template, css, javascript, etc... in one web application. Ideally each module would have some of it own razor view templates, css, javascript, image files and also need access to some of the core razor view templates, css, javascript, image files which would is in a separate project. It is possible to have 1 web application run off of controllers, razor view templates, css, javascript, image files that are store in multiple projects? Is there a better was to structure this to allow the user to easily add in module with having to modify the core code?

Read the article
How can I configure Adobe Help so it doesn't chatter so much with Adobe's domain?

- by Michael Prescott

Adobe Help that came with Creative Suite 5 and/or Flash Builder Pro is constantly creating network traffic with an Adobe site, www.wip4.adobe.com In the Adobe Help application Preferences, I find that I can change the settings so that I must manually download updates, but apparently the application still likes to call home and chatter non-stop with www.wip4.adobe.com. I could use something like Little Snitch to block all this spyware-like behavior, but I'd really prefer to just change the application's behavior. Is there a hidden setting or configuration file to adjust this behavior to something more appropriate and polite?

Read the article
nginx rewrite rule for using domain host to redirect to specific internal directory

- by user85836

I'm new to Nginx rewrites and looking for help in getting a working and minimal rewrite code. We would like to use urls like 'somecity.domain.com' on campaign materials and have the result go to city-specific content within the 'www' site. So, here are use cases, if the customer enters: www.domain.com (stays) www.domain.com domain.com (goes to) www.domain.com www.domain.com/someuri (stays the same) somecity.domain.com (no uri, goes to) www.domain.com/somecity/prelaunch somecity.domain.com/landing (goes to) www.domain.com/somecity/prelaunch somecity.domain.com/anyotheruri (goes to) www.domain.com/anyotheruri Here's what I've come up with so far, and it partially works. What I can't understand is how to check if there is no path/uri after the host, and I'm guessing there is probably a way better way to do this. if ($host ~* ^(.*?)\.domain\.com) { set $city $1;} if ($city ~* www) { break; } if ($city !~* www) { rewrite ^/landing http://www.domain.com/$city/prelaunch/$args permanent; rewrite (.*) http://www.domain.com$uri$args permanent; }

Read the article
Google Chrome can't load too many tabs together!

- by tapan

This is an annoying problem that I face and friends of mine agree to this too. When using a site like Digg I tend to browse the page and open a lot of tabs simultaneously before reading each tab individually. Now what happens is, when there are 4-5 or more tabs loading up, all of them just stop loading.I can still see that annoying circle rotating (which means it is trying to load) but nothing happens. I have to stop the load and then refresh one tab at a time to see these pages. I never faced these problems on firefox or opera. What can the possible reasons for this be and how do I overcome this issue ? I'm using Ubuntu 10.04 and my Chrome Version is 5.0.375.55. PS: I use the internet from behind a proxy server at my college. I wonder if that could cause these problems. My friends in college also face the same problem.

Read the article
How to extend a window on 4 virtual desktops on Windows 7

- by Patrice

This site is very cool, and i often get many answers in it :) But today, I've a question for you. My Problem is: - I want to use a virtual desktop or resolution expander for windows 7 - I want to multiply per 2 a window resolution (i.e. seeing only 25% of one window on a screen) I tried simple tricks that didn't work for me, and installed a virtual desktop (Dexspot, a great one), but I can't manage to strech a window (Google chrome) over the 4 desktops simultaneously. Do you understand my problem, and have an answer to it? This would be great help ;-) See ya! Patrice

Read the article
Mobile Web Framework that will only control rendering and page transitions

- by rlemon

I have been using jQueryMobile for a bit now, and there are some things I like about it and others I do not. First I will give a bit of background. I have a light weight mobile application that has a few configurations and 6 pages. Ideally I Would like to load all pages into the DOM (they interact with each other quite often and pages will be switched in the same frequency). The application will post for some JSON every n seconds and refresh the values on the page (yes it is primarily a information display app). with the jQuery Mobile framework the only real thing I like is how easy it is to have a standardized UI a crossed all devices and browsers, I'm really not using too much else out of the framework other than the basic page navigation (if you are familiar with the framework; a bare-bone multi-page design is all i need). Why I want to step away from jQueryMobile is how weighty it is. Not only do you need to include the mobile library, but also the base jQuery libraries. This I do not like because I'm not using jQuery anywhere else on the site. Any suggestions on light-weight mobile frameworks that have a similar rendering as jQueryMobile?

Read the article
Windows 2008, 2 NICS, routing problem

- by Srodriguez

Dear all, I've some questions regarding basic routing, can't seem to relate to other questions posted in this site. My architecture: Windows 2008 server with 2 nics in the server. NIC1: IP 10.198.6.xxx, submask 255.255.252.0, gateway 10.198.4.xxx NIC2: IP 192.168.168.xxx, submask 255.255.255, no gateway defined both NICS are just connected to two separate switches, with other computers. I want to be able that all the requests that have a destination of 192.168.168.xxx are redirected to the NIC2, all the other to the NIC1. I know it's possible to do it with the route command, but normally we have to specify a gateway? (route ADD 192.168.168.0 MASK 255.255.255.0 ???) How can this be archived? Thanks a lot for your help!

Read the article
Logitech Mouse stopped working after changing batteries!

- by Martti Laine

I just changed batteries for my optical wireless Logitech mouse, but it stopped working; When I put it on, it waits a second and then keeps the green light for few seconds. After that it just stops responding and doesn't show the light even if I'm moving it. Does this have something to do with batteries? I took new, so they're not empty. And I think it cannot be on batteries, because it keeps the light first, but then just stops responding. Please help, I would be very very thankfull. This makes me mad to use this mousepad :D EDIT: Wow, what an fast answer!! Thank you, but you wanted to know this mouse? I think it's Logitech M205, watched from Logitech site, because have not the original package anymore :S I couldn't find any buttons in receiver, but mouse has button called "reset". Is that the right one?

Read the article
Forms Authentication across Sub-Domains on local IIS

- by Parminder

I asked this question at SO http://stackoverflow.com/questions/8278015/forms-nauthentication-across-sub-domains-on-local-iis Now asking it here. I know a cookie can be shared across multiple subdomains using the setting <forms name=".ASPXAUTH" loginUrl="Login/" protection="Validation" timeout="120" path="/" domain=".mydomain.com"/> in Web.config. But how to replicate same thing on local machine. I am using windows 7 and IIS 7 on my laptop. So I have sites localhost.users/ for my actual site users.mysite.com localhost.host/ for host.mysite.com and similar.

Read the article
How to know which revision or router I do have?

- by Rosamunda

I´m trying to update my D-link Dir-600 router with the dd-wrt firmware. I´ve searched for it at the site and found that: Revision A1, B1 and B2 are supported, while C isn´t. Now my router has this information on the back: P/N IIR600GNA .... C1G H/W Ver: C1 F/W Ver: 3.01 So I guess the H/W Ver is the revision, and it´s C... so it´s a lost cause? Or maybe because it´s not just C but C1 I could do something with it? Thanks!

Read the article
No Question mark suddenly É instead. Why?

- by Xavierjazz

Windows xp3. This happens occasionally. Today it happened in a calendar item in outlook 2003. As you can see from the title here, the question mark is working here (firefox). I am typing and suddenly the question mark is replaced by this character, É and I have no idea why. Can anyone answer this? I hope this is an appropriate site for this question. Thanks a lot.

Read the article
Microsoft releases Visual Studio 2010 SP1

- by brian_ritchie

Microsoft has been beta testing SP1 since December of last year. Today, it was released to MSDN subscribers and will be available for public download on March 10, 2011.The service pack includes a slew of fixes, and a number of new features: Silverlight 4 supportBasic Unit Testing support for the .NET Framework 3.5Performance Wizard for SilverlightIntelliTrace for 64-bit and SharePointIIS Express supportSQL CE 4 supportRazor supportHTML5 and CSS3 support (IntelliSense and validation)WCF RIA Services V1 SP1 includedVisual Basic Runtime embeddingALM Improvements Of all the improvements, IIS Express probably has the largest impact on web developer productivity. According to Scott Gu, it provides the following:It’s lightweight and easy to install (less than 10Mb download and a super quick install)It does not require an administrator account to run/debug applications from Visual Studio It enables a full web-server feature set – including SSL, URL Rewrite, Media Support, and all other IIS 7.x modules It supports and enables the same extensibility model and web.config file settings that IIS 7.x support It can be installed side-by-side with the full IIS web server as well as the ASP.NET Development Server (they do not conflict at all) It works on Windows XP and higher operating systems – giving you a full IIS 7.x developer feature-set on all OS platforms IIS Express (like the ASP.NET Development Server) can be quickly launched to run a site from a directory on disk. It does not require any registration/configuration steps. This makes it really easy to launch and run for development scenarios.Good stuff indeed. This will make our lives much easier. Thanks Microsoft...we're feeling the love!

Read the article
How can I copy the link in Google without openning the link and the "Google stuff" in the URL? [closed]

- by John Isaiah Carmona

I want to copy a link in Google without opening that link and without the "Google stuff". When I use my browser by right-clicking the link and selecting Copy Link Location, it copies a very long link because of the Google stuff. http://www.google.com.ph/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&cad=rja&ved=0CBwQFjAA&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2FC%2F0%2FA%2FC0AEF0CC-B969-406D-989A-4CDAFDBB3F3C%2FWin8_UXG_RTM.pdf&ei=1bWHULCyEZGQiQfl_IGIDA&usg=AFQjCNEtK1uai68ZKixTovFm2bwe7C9LGg&sig2=cPFFl4ARTTr7xHTHcr5k8A I just want the download.microsoft.com/.../C/0/A/.../Win8_UXG_RTM.pdf URL, but I can't see it in my browser even after opening the site with Google.

Read the article
Any good method for mounting Hadoop HDFS from another system?

- by Beel

I want to mount the Cloudera Hadoop as a Linux file system over the LAN. As a setup, I already have the hadoop cluster running on a set of Ubuntu machines. But now I need to be able to use it as a normal file system from a Fedora system over the LAN. I tried FUSe but two things: 1. Cloudera says FUSE loses data (click here for that comment by a Cloudera employee on the official Cloudera support site) 2. I've had no success making it work the way we want As a point of clarification, I am using Hadoop ONLY for the file system, not for its other capabilities.

Read the article
AdBlock Plus Advanced Element Hiding?

- by funkafied

I'm trying to block a certain element on a site using AdBlock Plus's element hiding feature. However the problem is that there are two elements with the same exact name and type that I'm trying to hide so there's no way to tell the filter which one to keep and which one not to keep. So I figure there might be a way to hide only the second element by telling it to only hide the second occurrence of an element that matches the filter. Like skip the first one and hide the second occurrence. Or alternatively maybe hide the one that also has a certain other element in front of it. Is there any way to do this? Like regular expressions or something?

Read the article

< Previous Page | 829 830 831 832 833 834 835 836 837 838 839 840 | Next Page >