w3hello.com logo
Home PHP C# C++ Android Java Javascript Python IOS SQL HTML videos Categories
Linux command not working when changing servers
Either you can write a shell script new_ls calling ls and removing the lines that end with "~" Or when you process the results in java you can also ignore lines read from the BufferedReader by checking each String read if line.endsWith("~");

Categories : Java

SQL Server Agent job step - changing the name of the "run as" account
I usually do not rename accounts, so it is a good question. Does the AD account still work as a login for SQL Server? Do you still have access to the database as a user? What type of job step are you running? Answers to these questions will help you/me figure it out.

Categories : Sql Server

Do I have to create an Account, Merchant Account, or just a customer to Credit a Balanced Bank Account?
Your workflow is correct. The Customer resource abstracts away from you the pain the Account resource had when dealing with underwriting a merchant. Underwriting is required as part of the KYC (Know Your Customer) operation requirements Balanced needs to follow. Each Customer has an attribute named is_identity_verified where you can know if the Customer's identity was verified. Ideally you want to make sure the identity is verified for each Customer to which you will be crediting. While you can still perform credits (I believe up to a certain limit) to Customers whose identity is not verified, you run the risk of increased fraud and there may eventually be consequences to your marketplace. Also, feel free to stop by #balanced on IRC. You'll probably get much faster answers to your questi

Categories : Misc

CreateUserWizard step changing issue after account creation
You are getting that exception because you need to use the Wizard.MoveTo method. Like this: CreateUserWizard1.MoveTo(WizardStep1); Where "WizardStep1" is the ID of the asp:WizardStep that you want to go back to (the "start" step).

Categories : C#

XML Risks and Mitigations
Recently I conducted a 1-day course on "XML Risks and Mitigations." The material for the course may be found here: http://www.mitre.org/work/tech_papers/2013/13_2445/

Categories : Xml

Security risks of PermitUserEnvironment in ssh
It's for cases where you restrict the user in some way by using a custom shell - if the user is able to set LD_PRELOAD then they could execute code as their user on the remote machine by intercepting a standard library call. A simple example of this might be if you disable login for an SFTP-only user by setting their shell to a dynamically linked /bin/false - if they're able to modify ~/.ssh/environment or ~/.ssh/authorized_keys then they could add LD_PRELOAD=nefarious.so

Categories : Security

Risks in using Neo4j as a stand-alone database
Entirely depends of how much metadata you want to store. 10 primitive / short String properties per node is absolutely fine. 1000 large JSON documents per node... not so much. It isn't a document store. What sort of numbers are we talking about? I would suggest you generate a random graph with similar number of properties and similar values that you wish to have in your product. See how it performs. Otherwise no caveats I would say. Oh, don't refer to internal Neo4j node IDs anywhere; unlike in a relational database, these get re-used.

Categories : Mysql

Risks of loading Assemblies via reflection
You can mitigate some of this by loading the assembly in reflection only mode: The reflection-only load context allows you to examine assemblies compiled for other platforms or for other versions of the .NET Framework. Code loaded into this context can only be examined; it cannot be executed. This means that objects cannot be created, because constructors cannot be executed. You can do this using Assembly.ReflectionOnlyLoad() and Assembly.ReflectionOnlyLoadFrom(). See here for more information - http://msdn.microsoft.com/en-us/library/ms172331.aspx

Categories : C#

TCP network communication security risks
If you open a console and type command ; rm -rf /*, something bad would likely happen. It's because commands are processed by the shell. It parses text output, e.g. splits commands by ; delimiter and splits arguments by space, then it executes parsed commands with parsed arguments using system API. However, when you use process->start("command", QStringList() << "; rm -rf /*");, there is no such danger. QProcess will not execute shell. It will execute command directly using system API. The result will be similar to running command "; rm -rf /*" in the shell. So, you can be sure that only your command will be executed and the parameter will be passed to it as it is. The only danger is the possibility for an attacker to call the command with any file path he could construct. Conse

Categories : Qt

Refactoring public API to reduce security risks
I think the first step in refactoring this code is to wrap your calls to the Accept and Decline operations in some kind of integration test. This will allow you to muck about with the composition of the service with the knowledge that you are not regressing or compromising the overall process. This process looks as if it models some kind of business process, so to munge this into a set of consolidated public operations I guess you'll need to work out the following: Does each step need to execute successfully for the overall operation to succeed? Does each step have to execute in a specific order? How will you handle failure/recovery in one or more of the steps? Does it even make sense to combine what were separate functions? Do the overall business processes need to be called synchr

Categories : C#

jQueryMobile and javascript file inclusion: potential risks
You don't need to be worry. Let me explain you how jQuery Mobile works. What you have is called multi HTML page template. In this case only initial HTML can have more then one data-role="page" page inside, every other subsequent page can have only one data-role="page" page inside. One first page is initialized it is fully loaded into the DOM. That HTML page becomes a skeleton for a future page loading. Because it is fully loaded it can hold more then one data-role="page" page inside. When next page is initialized jQuery Mobile will strip everything and load only data-role="page" content. Everything else is going to be discarded, including the HEAD content. Even more only first data-role="page" page is going to be loaded, which means you can't have more then one data-role="page" page in

Categories : Javascript

What security risks are associated with exposing SQL schema in error messages?
I think accepted practice is to log the error messages to a central place (could be the database) and have a routine that sanitizes message that gets shown to users to ensure that no sensitive information is shared. Bad people can use knowledge about your system for nefarious purposes such as SQL Injection Attacks, Denial of Server attacks, etc. https://www.securecoding.cert.org/confluence/display/java/ERR01-J.+Do+not+allow+exceptions+to+expose+sensitive+information

Categories : SQL

Does the following use of JavaScript to handle html pose any risks?
To do what you want, use input field placeholder: <input type="password" placeholder="Password"> It will will work just fine in all modern browsers. Have a look at DEMO in jsFiddle

Categories : Javascript

Storing Google map iframe to ASP.net MVC Application without security risks
We need Black-List for using Iframe due to control input. An easy way is to get Latitude and Longitude as input variables by API. So using them like below: <script type="text/javascript" src="http://maps.google.com/maps/api/js?sensor=false"></script> <script type="text/javascript"> function initialize() { var latlng = new google.maps.LatLng(-34.397, 150.644); var myOptions = { zoom: 8, center: latlng, mapTypeId: google.maps.MapTypeId.ROADMAP }; var map = new google.maps.Map(document.getElementById("map_canvas"), myOptions); } </script> Or Using something more useful like This resource.

Categories : Asp Net Mvc

Mitigating security risks of javascript objects using require.js
No you can't. Even if you don't have any global variable the user can still go through your source code and add break points, then when the code reach the breakpoint he can manipulate all the variables that are accessible in the actual scope. Take a look at this gamedev question which has some advices on how to make it harder (but not impossible) for users to cheat your code.

Categories : Security

Security issuses and risks concerning debugging production environment
1) Most obvious issue is related to private data exposure. Using debuggers we have access to all data which was earlier loaded to process memory. This means that we are ignoring build in software access control logic. In many countries there are also legal issues with exposing private data to unauthorized people. This is also an concern with logging, we should be careful what information we are logging, so that we have enough data to investigate bug cause but do not store vulnerable data (financial records, health-care records) in logs. There is also other general issue that usually our security level is not consistent regarding security of production database and log files. .NET is addressing this issue with SecureSting class, but it is not eliminating the problem it only minimize data

Categories : Security

Does Django-Python satisfy OWASP top 10 Application security risks?
Building secure web apps: Python vs the OWASP Top 10 http://www.youtube.com/watch?feature=player_embedded&v=sra9x44lXgU

Categories : Python

Disable silent access to account in account manager from 3rd party apps
Ok so the answer is rather simple..The certificate matter! If those apps are signed with different certificates, the screen appears.

Categories : Android

Account Activity and Account Usage access not working
I've been having the same problem, at it seems that IAM users are not allowed to see the account activity even if they have the permissions set. Found a mention of this problem on the amazon forum, see https://forums.aws.amazon.com/thread.jspa?threadID=86391 Update: I've since found that it can be done. As well as setting the required permissions to the user in IAM, you also need to enable that option within the main AWS account. Login using the main AWS credentials, and go to 'Manage your account'. On that page there is a section to do with enabling access to the account activity, make sure that both boxes are ticked and click the button to enable/activate these permissions. Once that has been done, IAM users will then be able to see the account activity.

Categories : Amazon

Do we have to have a real bank account for paypal developer's account?
1) Not a whole lot. In most cases people use Personal accounts in the sandbox as payer accounts, and use business accounts for seller accounts. You need a business account setup for things like Payment Pro, Payments Advanced, etc. 2) No, when you create your developer sandbox accounts they will get setup with a fake bank account and credit card number. 3) No, any transactions made in the sandbox are completely fake, but it does allow you to complete transactions all the way through so you can see the entire flow, and then also see what it looks like in each user's PayPal account. 4) Answered in #3. 5) Not exactly sure what you're asking here. Just login to http://developer.paypal.com and go into the Documentation section. Everything you need is in there.

Categories : Paypal

AdMob account migration and AdSense account
As I understand, if you have failed to use AdSense on your account, you cannot use that e-mail address as your new Admob account. I faced the same issue and the following scenario succeeded: Create a new gmail account. Create a new admob account using that e-mail address. Link your new admob and legacy admob. (This is described on the new admob and google support pages) Import your data on legacy admob to the new admob. To be honest, I am reluctant to perform that last step because of the new policies of new admob: Payment methods are changed: As I understand, paypal is no longer a valid payment method. EFT and western union checks are valid forms of payment. To select the payment method, one has to reach $10 balance. More information may be required to select the payment meth

Categories : Android

Remove my app from android account manager "add account"
As far as I understand, you do not want users to have multiple accounts of your service in a device. I see two options here: Manage if user has already added an account. When user navigates to Settings > Accounts > Add account and choose your service, you will check if there is any registered account on the device. If there is, reject the new authentication. Disable "myPackage.authenticator.AuthenticationService" right after user adds her first account (may not be safe), so that system (Settings app) will not be able to locate your service when it is parsing for authentication providers.

Categories : Android

How do I change my Sandbox account into a live account?
Currently you are having PayPalMode,PayPalApiUsername,PayPalApiPassword,and PayPalApiSignature for test or sandbox mode. But to run on LIVE mode you need to again grab all the above mentioned details from the Real LIVE PayPal account. Do let us know the Payment method you are using ! I am assuming for DoDirect Payment Method. Just set PayPalMode = 'live';

Categories : Api

Are there performance risks for using static_cast to deal with a vector of mixed (base & derived) objects? (aka "it this a dumb idea?")
static_cast is not the right tool for the job, unless you know that the pointer goes to an animatedGameObject and not a gameObject. What data structure are you using to store that information? Determining the type of a derived object after a base pointer is the job of dynamic dispatch or dynamic_cast. In your example, the call GameObjects[1]->draw() should work with no cast because draw should be a virtual function. Otherwise you can use dynamic_cast< animatedGameObject & >( * GameObjects[1] ) to assert that the object is an animatedGameObject, and throw a std::bad_cast exception if it's not. (This would still require a virtual function in class gameObject , usually its destructor.) But doing static_cast to a polymorphic derived type is a code smell. Also you ask whether

Categories : C++

How can I use one Windows account for ASP.Net impersonation, and a different windows account for a Sql Server trusted connection in the same app?
Ultimately I wanted to be sure that the same rules apply now, that Identity Impersonation on a web app will pass user credentials to a sql database using Windows AD authentication. Based on the comments above, that seems to be the case. Thanks everyone for their time, should any future readers see this Q&A and say "Eric's wrong and he's an idiot!", please feel free to correct me accordingly

Categories : Asp Net

Dynamically changing background color of specific text without changing other attributes
Give your selected span a specific namespaced classname like <span class="gs-text-selected"> or whatever, then write CSS that targets that. You might have to add !important to your styles if you get cascade issues, but be careful with !important.

Categories : Javascript

Changing HiddenField value in codebehind no changing in Javascript function in order to use showModalDialog
Watch the casing on your Parameters variable. Also try using RegisterStartupScript instead of RegisterClientScriptBlock. The difference is the former will put your javascript at the bottom of the page while the latter puts it at the top. This will cause the script to run before the document it fully loaded. ScriptManager.RegisterStartupScript(Page, Page.GetType, DateTime.Now.ToString, "<script type='text/javascript'> ShowWindow(); </script>", False)

Categories : Javascript

Weird behavior when changing line separator and then changing it back
The problem you're having is that your input ends with END . Ruby sees the END, and there's still a left in the buffer. You do successfully set the input record separator back to , so that character is immediately consumed by the second gets. You therefore have two easy options: Set the input record separator to END (use double quotes in order to have the newline character work): $/ = "END " Clear the buffer with an extra call to gets: $/ = 'END' answer = gets gets # Consume extra ` ` I consider option 1 clearer. This shows it working on my system using option 1: $ ruby multiline_input_test.rb this is a multiline awesome input string FTW!! END "this is a multiline awesome input string FTW!! END " test "t

Categories : Ruby

Default MVC4 Template changing dbcontext without changing database name
The context and the database don't always have to be the same name. You can define the name of your database in your connection string by using Initial Catalog=DbNameGoesHere. This way you can rename your context all you want and the database name is always the same.

Categories : C#

Changing the order of creation of instances is changing their behaviour Python
In Python, declare instance variables within the constructor What you're actually doing is declaring class variables. If you want instance variables in Python, you will need to declare them them in your constructor: class Delish: # This is a class variable. # All instances can refer to this as self.foo foo = 42 def __init__(self,array): self.ing = [] # This is an instance variable self.rmax = [] self.rmin = [] self.lmax = [] self.lmin = [] self.answer = 0 self.ing = list(array) self.rightmax() self.rightmin() self.leftmax() self.leftmin() self.calculate()

Categories : Python

Changing absolute positioned text div through jQuery, without changing it's position
I would start with this: #block_contact { position: relative; } Any absolutely positioned child elements will start from the top-left corner of #block_contact, instead of the top-left corner of the window. Try it and see if it fixes anything, I don't have any other ideas.

Categories : Jquery

Changing line width of CGContext while changing the image colour?
You set the line width with CGContextSetLineWidth(context, width). The reason why you're seeing no effect from this is because you aren't stroking anything. Line width applies to the line painted by stroking. You're filling, not stroking, and a fill has no line to give width to. If you want to put a border around the rectangle, you need to stroke it. That's what draws a line all the way around the perimeter of some shape. You have three options: Call CGContextSetLineWidth, then CGContextStrokeRect. Call CGContextStrokeRectWithWidth. Call CGContextSetLineWidth, then CGContextAddRect (to add the rectangle to the current path), then CGContextDrawPath with kCGPathFillStroke. (Or call AddRect before SetLineWidth if you prefer—they only need to both happen before DrawPath.) Note that a

Categories : IOS

payment from paypal account to another paypal account using php
You can use the MassPay API or the Adative Payments (Pay) API to do this. When you say "i am try to use the mass payment but this not accept to all users, only to specific users", I am not sure what you mean by this. Can you explain this a bit more.

Categories : PHP

Changing a cell in a row of a DataGrid(WPF) is changing cells in rows below
Try using this: <DataGrid Name="SimpleDataGrid" ScrollViewer.CanContentScroll="False" ... /> for scrolls in terms of physical units. It DataGrid CanContentScroll it is enabled by default. For more information see MSDN.

Categories : C#

How to use two servers in one sql statement?
You need to set up the remote server as a linked server using sp_addlinkedserver. Then you can refer to the remote table using the linked_server_name.catalog.schema.object_name syntax. You can find more information here.

Categories : SQL

2 Servers 2 Different Companies
DNS failover should do what you want. If you use reasonable short TTL for your CNAME or A/AAAA records. You have to design the failover scenario: * how the primary site failure is detected * how the state of the web app is transfered to the backup location * how DNS records are changed * how is the system restored back to primary site

Categories : Misc

WCF Services across servers
This depends on the binding you are using and any firewall / network route rules on and between the two machines. If you are using a namedPipeBinding, the answer is no because named pipes are bound to a machine. However, if you are using any of the other bindings like webHttp, basicHttp, etc you should be ok. The beauty of WCF is that you should be able to just spin up another service endpoint using a different binding if necessary -- so even if you are using named pipes, it should be pretty straight forward to swap that out with a different binding. A WCF service can certainly be a client to another WCF service.

Categories : C#

MultiThreaded Servers
Let me preface this with the fact that I haven't worked in Java in a long time, but I just wrote a simple client/server chat program in C#. Hopefully the concepts are all still the same. A few things I'm noticing about your Server class : You "return" from the constructor. Not sure if this is legal in Java (or a good idea), but the way it looks, it will shut down the server as soon as a client connections. For example: client makes connection, server assigns "user" to array, server returns from constructor, main exits, program terminates. I'd suggest having your constructor get everything set up, then having a "start" method that loops infinitely and adds new clients. In native code (C/C++) "accept()" blocks - I'm not sure if this is the case in Java but you can use it to your advantage

Categories : Java

IIS 8 and ARR with multiple other servers
Ok so the trick was with this rewriteRule : ^(.*)/youtrack/(.*), Thanks man you really helped me. Only i have to rewrite to localhost:81/{R:2} then. Also as Malvin said there is a par wher you have to enable Application request routing in hidden menu and that was whole trick.

Categories : Iis

Mongodb on SGI servers
There shouldn't be any problem with getting MongoDB to run on a UV. 1) The UV uses Xenon processors, so this shouldn't be a problem, provided the addressed area of memory doesn't change from under the application. That is, when trying to access area A of memory, and the data has been moved to area B by another process, MongoDB will not like that. 2) Yes. You can use Debian without an issue - I have done this many times in production. The UV is a fairly exotic machine to be running MongoDB on, so my reply is an educated guess having briefly used a UV before for testing.

Categories : Mongodb

© Copyright 2017 w3hello.com Publishing Limited. All rights reserved.