Search Results

Search found 2872 results on 115 pages for 'packet injection'.

Page 85/115 | < Previous Page | 81 82 83 84 85 86 87 88 89 90 91 92  | Next Page >

• How to efficiently SELECT rows from database table based on selected set of values

  - by Chau Chee Yang

  I have a transaction table of 1 million rows. The table has a field name "Code" to keep customer's ID. There are about 10,000 different customer code. I have an GUI interface allow user to render a report from transaction table. User may select arbitrary number of customers for rendering. I use IN operator first and it works for few customers: SELECT * FROM TRANS_TABLE WHERE CODE IN ('...', '...', '...') I quickly run into problem if I select few thousand customers. There is limitation using IN operator. An alternate way is create a temporary table with only one field of CODE, and inject selected customer codes into the temporary table using INSERT statement. I may then using SELECT A.* FROM TRANS_TABLE A INNER JOIN TEMP B ON (A.CODE=B.CODE) This works nice for huge selection. However, there is performance overhead for temporary table creation, INSERT injection and dropping of temporary table. Do you aware of better solution to handle this situation?

  Read the article

• What would you like to see in an beginner's ASP.NET security book

  - by blowdart

  This is a shameless information gathering exercise for my own book. One of the talks I give in the community is an introduction to web site vulnerabilities. Usually during the talk I can see at least two members of the audience go very pale; and this is basic stuff, Cross Site Scripting, SQL Injection, Information Leakage, Cross Site Form Requests and so on. So, if you can think back to being one, as a beginning web developer (be it ASP.NET or not) what do you feel would be useful information about web security and how to develop securely? I will already be covering the OWASP Top Ten (And yes this means stackoverflow will be in the acknowledgements list if someone comes up with something I haven't thought of yet!) It's all done now, and published, thank you all for your responses

  Read the article

• Separation of interfaces and implementation

  - by bonefisher

  From assembly(or module) perspective, what do you think of separation of Interface (1.assembly) and its Implementation (2.assembly)? In this way we can use some IoC container to develop more decoupling desing.. Say we have an assembly 'A', which contains interfaces only. Then we have an assembly 'B' which references 'A' and implements those interfaces..It is dependent only on 'A'. In assembly 'C' then we can use the IoC container to create objects of 'A' using dependency injection of objects from 'B'. This way 'B' and 'C' are completely unaware (not dependent) of themselves..

  Read the article

• How to gain greater control of network packets on Android

  - by mauvehead

  I'm looking to design an application that will require some deep control over IP packets. Looking over the reference guide on the developers site at Android I see very limited control over packets from java.net:SocketOptions and java.net:DatagramPacket. Specifically I'm looking to control the individual bits within the packet to set TCP Flags, SYN/ACK/RST, and so forth. Based on the docs I am assuming I cannot do this within the Java API provided by Android and I'm guessing I'll have to do it some other way? Anyone have any insight on this?

  Read the article

• Is it OK to reference 'this' when initializing a field?

  - by parxier

  Is it OK to reference this when initializing a field? public class MainClass { private SomeFieldClass field = new SomeFieldClass(this); public MainClass() {} } Or is it better to do that in constructor? public class MainClass { private SomeFieldClass field; public MainClass() { this.field = new SomeFieldClass(this); } } What is the best practice? I believe first option is better for unit testing and dependency injection. Are there any problems with it?

  Read the article

• How Can I Learn when to build my own Interfaces

  - by BDotA

  I am using C# and I know what are the interfaces and how syntatically use them,etc. but what I have not learned yet is that when I am tasked to write a project, create a component,... How should I learn better about interfaces so when I want to do something I be able to Think about using them in my design...or for example I want to learn about dependency injection or even using mocking objects for testing, these are all related to good understanding of interfaces and know when and how to use them ... Can you plase provide me some good advice, reading,... then can help me with that?

  Read the article

• .NET values lookup

  - by Maciej

  Hi, I have a feeling of missing something obvious. UDP receiver application. It holds a collection of valid UDP sender IPs - only guys with IP on that list will be considered. Since that list must be looked at on every packet and UDPs are so volatile, that operation must be maximum fast. Good choice is Dictionary but it is a key-value structure and what I actually need here is a dictionary-like (hash lookup) key only structure. Is there something like that? Small annoyance rather than a bug but still. I can still use Dictionary Thanks, M.

  Read the article

• Top techniques to avoid 'data scraping' from a website database

  - by Addsy

  I am setting up a site using PHP and MySQL that is essentially just a web front-end to an existing database. Understandably my client is very keen to prevent anyone from being able to make a copy of the data in the database yet at the same time wants everything publicly available and even a "view all" link to display every record in the db. Whilst I have put everything in place to prevent attacks such as SQL injection attacks, there is nothing to prevent anyone from viewing all the records as html and running some sort of script to parse this data back into another database. Even if I was to remove the "view all" link, someone could still, in theory, use an automated process to go through each record one by one and compile these into a new database, essentially pinching all the information. Does anyone have any good tactics for preventing or even just dettering this that they could share. Thanks

  Read the article

• Ninject: Abstract Class

  - by Pickels

  Hello, Do I need to do something different in an abstract class to get dependency injection working with Ninject? I have a base controller with the following code: public abstract class BaseController : Controller { public IAccountRepository AccountRepository { get; set; } } My module looks like this: public class WebDependencyModule : NinjectModule { public override void Load() { Bind<IAccountRepository>().To<AccountRepository>(); } } And this is my Global.asax: protected override void OnApplicationStarted() { Kernel.Load(new WebDependencyModule()); } protected override IKernel CreateKernel() { return new StandardKernel(); } It works when I decorate the IAccountRepository property with the [Inject] attribute. Thanks in advance.

  Read the article

• Function that copies into byte vector reverses values

  - by xeross

  Hey, I've written a function to copy any variable type into a byte vector, however whenever I insert something it gets inserted in reverse. Here's the code. template <class Type> void Packet::copyToByte(Type input, vector<uint8_t>&output) { copy((uint8_t*) &input, ((uint8_t*) &input) + sizeof(Type), back_inserter(output)); } Now whenever I add for example a uint16_t with the value 0x2f1f it gets inserted as 1f 2f instead of the expected 2f 1f. What am I doing wrong here ? Regards, Xeross

  Read the article

• What risks are there in using extracted PHP superglobals?

  - by Zephiro

  Hola usando estas funciones, que riesgo corro en tener problemas de seguridad, es necesesario usar extract() o hay alguna manera mejor de convertir las variables superglobales (array) en trozos de variables. Good, there is some risk in using the function extract in the superglobal variables as $_POS and $_GET, I work of the following way. There is risk of SQL INJECTION or there is an alternative to extract if ( get_magic_quotes_gpc() ) { $_GET = stripslashes( $_GET ); $_POST =stripslashes( $_POST ); } function vars_globals($value = '') { if (is_array ( $value )) $r = &$value; else parse_str ( $value, $r ); return $r; } $r = vars_globals( $_GET ); extract($r, EXTR_SKIP);

  Read the article

• Stored Procedure with ALTER TABLE

  - by psayre23

  I have a need to sync auto_increment fields between two tables in different databases on the same MySQL server. The hope was to create a stored procedure where the permissions of the admin would let the web user run ALTER TABLE [db1].[table] AUTO_INCREMENT = [num]; without giving it permissions (That just smells of SQL injection). My problem is I'm receiving errors when creating the store procedure. Is this something that is not allowed by MySQL? DROP PROCEDURE IF EXISTS sync_auto_increment; CREATE PROCEDURE set_auto_increment (tableName VARCHAR(64), inc INT) BEGIN ALTER TABLE tableName AUTO_INCREMENT = inc; END;

  Read the article

• Unit testing UDP socket handling code

  - by JustJeff

  Are there any 'good' ways to cause a thread waiting on a recvfrom() call to become unblocked and return with an error? The motivation for this is to write unit tests for a system which includes a unit that reads UDP datagrams. One of the branches handles errors on the recvfrom call itself. The code isn't required to distinguish between different types of errors, it just has to set a flag. I've thought of closing the socket from another thread, or do a shutdown on it, to cause recvfrom to return with an error, but this seems a bit heavy handed. I've seen mention elsewhere that sending an over-sized packet would do it, and so set up an experiment where a 16K buffer was sent to a recvfrom waiting for just 4K, but that didn't result in an error. The recvfrom just return 4096, to indicate it had gotten that many bytes.

  Read the article

• Excel data connection - remove header row?

  - by ekoner

  The excel spreadsheet is connecting to SQL server 2005 using the connection string below: Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=True;Initial Catalog=XXXXXX;Data Source=XXXXXX;Extended Properties="HDR=No";Use Procedure for Prepare=1;Auto Translate=True;Packet Size=4096;Workstation ID=XXXXXX;Use Encryption for Data=False;Tag with column collation when possible=False It then pulls data from a view into Excel. The business user wants this information without a header row. This will allow her to review then save as a "headless" csv in SAGE file format. I attempted to alter the connection string by adding HDR=No but that hasn't worked. Additionally, I can't delete the header row. Deleting the content replaces the column names with "Column 1" etc. Any ideas appreciated!

  Read the article

• Learning SQL White hat Hacking

  - by user301751

  Well here goes a sligtly arwkward question, I have changed job roles from Network Admin to SQL Server DBA thus having to learn SQL server 2005. I am quite self motivated and have learned the basics of Transac and a little about Reporting services. The only thing is I need to set senarios as theres not much coming in at work in the way of SQL tasks. I have always kept my interest in networking by setting little "Hacking tasks", I have has a look at some crackme's but can find nothing to play with. I understand the SQL injection is some sort of SQL hack but found not much on the subject. I know my way of learning might be a bit different from others but it is all White Hat and keeps my interest. Thanks

  Read the article

• Building a webserver, client doesn't acknowledge HTTP 200 OK frame.

  - by Evert

  Hi there, I'm building my own webserver based on a tutorial. I have found a simple way to initiate a TCP connection and send one segment of http data (the webserver will run on a microcontroller, so it will be very small) Anyway, the following is the sequence I need to go through: receive SYN send SYN,ACK receive ACK (the connection is now established) receive ACK with HTTP GET command send ACK send FIN,ACK with HTTP data (e.g 200 OK) receive FIN,ACK <- I don't recieve this packet! send ACK Everything works fine until I send my acknowledgement and HTTP 200 OK message. The client won't send an acknowledgement to those two packages and thus no webpage is being displayed. I've added a pcap file of the sequence how I recorded it with wireshark. Pcap file: http://cl.ly/5f5 (now it's the right data) All sequence and acknowledgement numbers are correct, checksum are ok. Flags are also right. I have no idea what is going wrong.

  Read the article

• How to implement blocking request-reply using Java concurrency primitives?

  - by Uri

  My system consists of a "proxy" class that receives "request" packets, marshals them and sends them over the network to a server, which unmarshals them, processes, and returns some "response packet". My "submit" method on the proxy side should block until a reply is received to the request (packets have ids for identification and referencing purposes) or until a timeout is reached. If I was building this in early versions of Java, I would likely implement in my proxy a collection of "pending messages ids", where I would submit a message, and wait() on the corresponding id (with a timeout). When a reply was received, the handling thread would notify() on the corresponding id. Is there a better way to achieve this using an existing library class, perhaps in java.util.concurrency? If I went with the solution described above, what is the correct way to deal with the potential race condition where a reply arrives before wait() is invoked?

  Read the article

• Writing email sniffer

  - by Rampage

  Hello, I am interested in writing an email sniffer that saves all emails sent via web based clients to hd, but I can't work out how to do this. How can I catch HTTPS mail before it is encrypted? I would really appriciate some useful info. I cannot find anything information on the web. There's a program called HTTP Analyzer V5 that does the exact thing I want to make. How should I start? If I make a packet sniffer, it's useless because all data is encrypted. Is there any other option?

  Read the article

• Invalidating session before iPhone application quits

  - by tartox

  Hello I would like to tell the server to invalidate an ongoing session when the user quits the iPhone application. In the app delegate, I send a request to the server in the (void)applicationWillTerminate:(UIApplication *)application method. I am not waiting for a server answer, I just want to send the request and quit. However I cant see any packet leaving the application. The same code in another place works fine. Session has a limited duration anyway and the server will invalidate it after a while, but I would prefer to do it nicely when leaving application. Is it normal that no NSURLConnection can be established from the applicationWillTerminate method ? Thank you.

  Read the article

• How can a hacker put a file on my server root (apache, php, 1and1)

  - by mike-sav

  Hi there, I have a site hosted on 1and1 and a couple of weeks ago I noticed a hacker had put a .php file on the server that when viewed in a browser exposed my DB schema, DB connection strings, FTP account (for file uploads using a form), etc, etc. Naturally I panicked and I wiped the server and reuploaded my files. Fortunatley I encrypt passwords using MD5 and I don't store things like credit card details, etc, etc. Now I checked my files and with all user input I use a clean function (htmlentities, sql_real_escape_string, etc, etc) that strips the input of any XSS or SQL injection. I have also made sure that the session key gets re-engineered when a user status changes (like they log into their account) to prevent session hijacking, my folder permissions are set to 755 and file permission are 644. Has anyone got any idea how this could have happened? Or if I'm missing something

  Read the article

• What is the sense of permiting the user to use no passwords longer than xx chars?

  - by reox

  Its more like a usability question or maybe database, or even maybe security (consider injection attacks) but what is the sense of permiting the user's password to a be not longer than xx chars? It does not make any sense to me, because longer passwords are mostly considered better and even harder to crack, and some users use password safes, so the password length should not matter. I understand that passwords with more than 20 chars are hardly to remember, but if you use diceware or password safe you dont have any problem with that. I really cant understand why there are sites that say "your password need to be between 5 and 8 chars"... also should the password saved as hash, so the length of the field in the database is fixed, so where is the problem? i think that most of the sites where the password is has to be a fixed length are not even using any hashing method...

  Read the article

• C# Socket Server

  - by Snoopy

  In .NET 3.5 a new socket classes was released: http://msdn.microsoft.com/en-us/library/bb968780.aspx i found a sample but some questions regarding best practicses are remaining: http://code.msdn.microsoft.com/nclsamples/Wiki/View.aspx?title=Socket%20Performance m_numConnections (the maximum number of connections the sample is designed to handle simultaneously) is probably equal to the amount of cpu cores i have. m_receiveBufferSize is the size for one packet? like 8kb? how should i handle a length byte? opsToPreAlloc i dont understand. is this if i code a transparent proxy? Regarding the multithreading, what should be used? The reactive extension seem to be a good choice. Has anyone tried this in a real world project? Are there better options? I had bad experiences with the .NET thread pool in the past.

  Read the article

• .Net 4.0 Is There a Business Layer "Technology" ?

  - by Ronny

  Hi, I have a theoretical question about the .net framework. As I see it Microsoft gave us bunch of technologies for different layers. We have the ADO.NET and with the more improved Entity Framework for Data Access. And ASP.NET for WEB UI. And even WCF for Facade and SOA. But what in the middle, what do we have for the Business Layer? Is it just Referenced DLLs? How do we deal with the Application Pulling this days? I remember using COM+ 10 yeas ago because the IIS couldn't handle the pressure. Is Spring.Net is the best option available for injection? Thanks, Ronny

  Read the article

• Is php fileinfo sufficient to prevent upload of malicious files?

  - by Scarface

  Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.

  Read the article

• Java Spring 3.0 MVC Annotation vs COC. Whats the preferred method in the Java community?

  - by Athens

  I am using Spring's MVC framework for an application I'm hosting on Google's App Engine. So far, my controllers are registered via the @Controller annotation; however, prior to getting into Spring, I evaluated ASP.net MVC 2 which requires no configuration and is based on convention. Is convention over configuration (COC) the current and preferred method in the Java community to implement MVC with Spring. Also, this may be a result of my limited knowledge so far but i noticed that i could only instantiate my Controllers the required constuctor injection if i use the COC method via the ControllerClassNameHandlerMapping. For instance the following controller bean config will fail if i use the defaultannotationhandlermapping. <bean id="c" class="com.domain.TestController"> <constructor-arg ref="service" /> </bean> <bean id="service" class="com.domain.Service" /> My com.domain.TestController controller works fine if i use ControllerClassNameHandlerMapping/COC but it results in an error when i use defaultannotationhandlermapping/Annotations.

  Read the article

< Previous Page | 81 82 83 84 85 86 87 88 89 90 91 92  | Next Page >