w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
stunnel is not accepting incoming request from other machine
127.0.0.1 is the local machine. You have restricted connections which can be accepted to the local machine only. You can run stunnel in inetd mode (inetd starts stunnel up when a connection attempt arrives), or the preferred daemon mode. Refer to the stunnel HOWTO for more details. Here's what you do for daemon mode. First add the following line to /etc/services: myconn 3500/tcp # name the service Stunnel configuration file needs at least the section name and accept option. For example: [myconn service] accept = myconn ...

Categories : Ssl

PHP protecting downloads
One solution could be to use SESSION or a similar temporary storage and generate download URLs at run-time. So clicking on the URL again may not work. Also, direct access to the files should not be allowed.

Categories : PHP

Protecting Cookies in ASP.NET and SSL
Does this mean that I don't have to worry about encrypting the cookies explicitly using the methods outlined in the following links in order to protect them? That will greatly depend on what information you are storing in those cookies and whether you care about the user being able to manipulate it. For example FormsAuthentication cookies are always encrypted because they contain the currently authenticated username. If they weren't encrypted the user could simply forge a request and replace his username with for example admin. The fact that the cookie is sent over SSL is absolutely not an obstacle for him. On the other hand if you are storing some user preferences such as background theme, you probably wouldn't care if the user forges a request in which he changes his background col

Categories : C#

Protecting from SQL injection
Use CodeIgniter's Active Record (Query Builder as of 3.0), or use query bindings. Active Record: $this->db->where('id', $id)->update($table, array('youtube' => $new_id)); Query Bindings: $this->db->query("UPDATE {$table} SET youtube = ? WHERE id = ?", array($new_id, $id)); You should also: Never trust user input. Verify and sanitize before it ever reaches a DB query. Not make the table name dynamic like this. While nothing technically "wrong" with doing that, it gives yourself more work. Don't repeat yourself, keep things simple.

Categories : PHP

Password Protecting a PDF
You need to update the call to: UIGraphicsBeginPDFContextToData(pdfData, aView.bounds, nil); by replacing the last parameter with myDictionary. UIGraphicsBeginPDFContextToData(pdfData, aView.bounds, myDictionary);

Categories : Objective C

Protecting directory in asp.net is not working
The ASP.NET security can only block requests made by ASP.NET, so it can only block the content within the directory, not block you from accessing the directory structure itself. You need to disable directory browsing as @Claudio recommended to fix that problem, and your security will block access to the individual files in the folder.

Categories : C#

Protecting stand-alone variables
This sounds like Singleton pattern: class Foo { protected static $instance = null; protected function __construct() { throw new Exception('use ::getInstance()'); } public static function getInstance() { if (!isset(static::$instance)) { static::$instance = new static; } return static::$instance; } } use: $bar = Foo::getInstance(); any one can redeclare $bar .. but if they wont the real Foo ... they need to get the instance;

Categories : PHP

Protecting backticks in substitution
The reason behind that is that mysql won't allow you to create databases with a name that include hyphens. The workaround to that is to enclose the DB name with backticks which have special meaning in MYSQL to escape the reserved words. Backticks have yet another meaning in the shell which serves for command substitution, hence in this case we need to resort to using the $() notation for the command or nested backticks, personally I prefer the former as it is more readable and also due to the fact that backticks are being deprecated in 2013 in favour of the $() syntax. I managed to reproduce the issue that you were facing and the following commands works fine for me. Here we are escaping the backticks so that the shell won't interpret them for command substitution while mysql would still

Categories : Bash

Protecting HLS streams using Playready
IIS Transform Manager creates HLS presentations that are designed to be played using IIS Media Services or Windows Azure Media Services. You are correct that basic HTTP servers are not capable of delivering such videos, as some server-side processing is required. It is possible to protect a stand-alone HLS video using PlayReady, though I am not aware of any freely available tools for this. If you are interested in commercial solutions, I may be able to help you via e-mail (saares@axinom.com).

Categories : Misc

protecting attributes using state_machine
This isn't the most elegant solution but you might throw on the dirty method state_changed? In combination it should give you the functionality you want. Proc.new { |log| log.completed? && !log.state_changed? } That way it will only fire if the completed state just changed. or validate :lock_down_attributes_when_published, :if => Proc.new { |log| log.completed? && !log.state_changed? }

Categories : Ruby On Rails

Protecting crypto keys in RAM?
There is no programmatical way. You can not stop an attacker from freezing your computer and removing the RAM chips for analysis. If someone gains access to your hardware - everything you have on it is in the hands of the attacker. Always keep in mind: http://cdn.howtogeek.com/wp-content/uploads/2013/03/xkcd-security.png

Categories : C

Java Regex for protecting xSS
Never do Html Encoding/Decoding/Validation yourself. If you ever encounter code that is manually validating html, xml etc... it is a bug. Always use a library that is well used and peer reviewed for these sorts of tasks. Don't be a cowboy coder and think you can do it well; it is much harder to get right than you might think. The OWASP site has everything you need to know about how to do this in JAVA.

Categories : Java

Looking into password protecting a settings screen
Here's a few suggestions... Get initial pw When the app is run the first time you have a pw entered into an EditText then saved to SharedPreferences with a save Button. Now this is stored. Compare When the user tries to bring up the parental screen, you show a Dialog maybe with a custom View or a dialog themed Activity for the user to enter the pw and compare that to what you have in SharedPreferences. Options You can store this in SharedPreferences if you aren't planning on having too much data stored. If you have multiple users, as long as it won't be a large amount, I would say SharedPrefs is fine. If the amount of users will be large and you may want to store more data then I would suggest using SQLLite DB. Suggested Links Storage Options SharedPrefs has a good example of ge

Categories : Android

protecting against CSRF in asp.net web application when using ajax
Here is what i have discovered. I ended up using the LosFormatter, as described by geedubb, by adding the following code to the MasterPage, and assigning the value to a hidden input which is posted back with the ajax request. I did not realise when I posted the question that HttpCookie.HttpOnly property still posts back the cookie on an ajax request, and so can be left set to false. internal string GetToken() { // call the static method to guarantee LosFormatter remains threadsafe return GetToken(_antiXsrfTokenValue); } private static string GetCurrentUserName() { var currentUser = HttpContext.Current.User.Identity; return (currentUser == null) ? string.Empty : currentUser.Name; } private static string GetToken(string token) { var los = new System.Web.UI.LosFormatter(

Categories : Asp Net

Protecting a directory using .htaccess and .htpasswd
You need to deny everything first. Try: Order Deny,Allow Deny from all AuthName "Page d'administration protégée" AuthType Basic AuthUserFile "/var/www/sec/.htpasswd" Require valid-user

Categories : PHP

Best practices of protecting published web app packages (MVC 4)
Once you package up your files and give them to a customer, what happens to these files is out of your control. Just about anything you can do could be reverse engineered, decompiled or unencrypted. Your best bet is to protect your assets legally by producing a robust license agreement between your company and your customers. You can then make your customers aware in the terms and conditions that any reproduction or modification of your work is illegal, you can then later pursue them legally for damages. Other than that, obfuscating your code and compiling your views would help a bit.

Categories : Asp Net Mvc

Protecting compiled source code
It can be done by sniffing the communication and resend the request with small modification. If you want to Encrypt your exe you can have a look here. Regards, Yossi

Categories : Vb.Net

Laravel 4: protecting routes provided by a controller
In your PostsController you can put a closure in the constructor to do the same before logic as the previous route. public function __construct() { $this->beforeFilter(function() { // }); }

Categories : PHP

protecting video hotlink by one time url path. (vk.com in example)
You could have a directory inaccessible from the outside world where you have all your video files. Then you could have a database table with a structure like: videos --------------- id uri temp_url timeout Where uri is the location of your real video file and temp_url is a random URL that you generate. The timeout field contains a timestamp describing when the temp_url expires and you have to generate a new one. You could set the timeout to 5 minutes from when you generate a new temp_url or 10 minutes. Up to you.

Categories : PHP

Protecting Excel Worksheet Data From Savvy User
There aren't any ways to safely protect access to anything in an Excel workbook. Passwords are much harder to crack in Excel versions 2007 and onward, but a user can simply save the workbook as a .xls file and then it becomes easy to crack. The best you can do is to make it a little tougher for somebody to get into. Password protect your file, and set any sheets that you don't want them to get to to xlSheetVeryHidden, which prevents users from unhiding the sheets through the Excel user interface. The commenters under your question are correct. If you want a secure application, Excel isn't the answer. Having said that, if you enforce security in the database layer, Excel makes a great UI. Just make sure you don't store or retrieve data that the user shouldn't see.

Categories : Excel

Is encryption a good method of protecting your java code?
the answer is: Not in java! When you pack your programm into a runnable jar-file, all your classes are in there. but as byte code! Reversing that byte-code to java file is possbile but not that easy to read.

Categories : Java

Security - Protecting an insert statement from malicious code
Use parameterised statements (as you appear to be doing) with parameters for all variables and you have nothing to worry about from SQL injection. HTML and JS injections are a concern to do with the page output phase, not database storage. Trying to do HTML escaping or validation in the database layer will be frustrating and fruitless: it's not the right place to be dealing with those concerns, you'll miss or mis-handle data, and the tools for string manipulation in SQL are weak. Don't think in terms of detecting “attacks”, because blacklists will always fail. Instead aim to handle all text correctly, and then you'll be secure as a side effect of being accurate. Variable text that you drop into an HTML file needs to be HTML-escaped; variable text that you drop into a JavaScript str

Categories : SQL

Protecting a html page from access (except for redirected users)
I don't think the cookie solution mentioned in a comment is good enough here. What you are dealing with here in general is identity management. Registration should result in an identity creation for the registering user and start a managed (logged in) session. Then, on your protected page, you must check for identity and session. You will have to utilise some server side scripting to achieve this.

Categories : HTML

(Servlets, Thread safety) Protecting the session and context state
And why are class (static) variables not thread-safe? Because all threads can access and modify (corrupt) that value? Correct. If a member is static, one thread can set a value and another thread can set differently. As static is shared variable, the value set by first thread will be the same for another thread also. Q. "The effect of implementing SingleThreadModel is virtually the same as synchronizing the service method. Both can bring a web app to its knees without protecting the session and context state." Even if you make some servlet implement SingleThreadModel, it will stop only those thread to executly simultaneoulsy which are trying to access that servlet. It can't stop all other servlets which do not implement SingleThreadModel from accessing context and session

Categories : Java

Protecting fields from Reflection - The strange case of the System.security
First, the way this was prevented from reflection was probably a dirty if in the JVM under the field getting mechanism: if (strcmp(field, "security") == 0 && strcmp(class, "java.lang.System")) { return NULL; (I am NOT meaning to imply that this is the actual code in the JVM!!) This obviously is not accesible to most users of java, so the only other option is to install a security manager that disallows private field and method access. This is possible, but I'm not sure how.

Categories : Java

Protecting private member return by reference from accidental reassignment
Because a sample says more than a thousand words, potentially: see it live #include <vector> #include <memory> typedef std::vector<int> CBuffer; static CBuffer& PostProcess(CBuffer& data) { for(auto& el : data) el /= 2; return data; } struct CSource { CSource() : _data(std::make_shared<CBuffer>(10)) {} std::shared_ptr<CBuffer> GetData() { return _data; } std::shared_ptr<const CBuffer> GetData() const { return _data; } private: std::shared_ptr<CBuffer> _data; }; struct CPlug { CPlug(bool postProcess = true) : m_postProcess(postProcess) { } std::shared_ptr<const CBuffer> ProcessData() const { /* get the data from the source, implicitely const */ auto

Categories : C++

Protecting against MitM (https) seeing password with encryption using included pub. key in iOS/Android app
To answer my own question, this is why clients implement Trusted Root Certification Authorities to verify certificates. My conclusion is that this is definitely not something I have to worry about.

Categories : IOS

Memory-Mapped Files, protecting individual view from overriding
Modern CPUs have an MMU. This device converts an address seen by the program to an address seen by the hardware. Example: The MMU can be programmed in a way that (char *)0x1000 actually accesses address 0x12345000 instead of 0x1000. Using the MMU in this way is absolutely essential for the memory management of modern operating systems! When you use MapViewOfFile in the way you do it then the MMU will be programmed in a way that both pMap and pMap2 are converted to the same hardware address. An example: pMap = (char *)0x1000 -> Hardware address 0x12345000 pMap2 = (char *)0x2000 -> Also hardware address 0x12345000 This means that pMap and pMap2 actually point to the same address (here 0x12345000). Therefore the program must behave the same way as if pMap and pMap2 contained the s

Categories : C++

AngularJS: Protecting routes with angularjs depending if the user is authorized?
Using resolves should help you out here: (code not tested) angular.module('app' []).config(function($routeProvider){ $routeProvider .when('/needsauthorisation', { //config for controller and template resolve : { //This function is injected with the AuthService where you'll put your authentication logic 'auth' : function(AuthService){ return AuthService.authenticate(); } } }); }).run(function($rootScope, $location){ //If the route change failed due to authentication error, redirect them out $rootScope.$on('$routeChangeError', function(event, current, previous, rejection){ if(rejection === 'Not Authenticated'){ $location.path('/'); }

Categories : Angularjs

protecting javascript code by placing in php code
it doesn't work that way - javascript code MUST be visible to client browser because browser parse and runs it + there is no way to "hide" it under .php file. With php file you can send/generate javascript code to the browser - just as you do with regular html

Categories : Javascript



© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.