|
-
Long posty
Date: 12/27/05
(C Sharp) Keywords: security, microsoft
This is a long post about one problem I have with Microsoft Report Viewer reports for .NET 2.0. Please don't skip it :)
ok, I have a simple windows form with report viewer control placed on it. The datasource for my reports is an object described in a class. Most of the fields are pretty simple like:
public string ObjectOperationType { get { return ent.Offer.OfferType.ToString(); } }
where "ent" is a business object the application uses.
Some fields, though, are bit more complex and return List<> of things, like:
public List ObjectCloseLocations() { List items = new List(); foreach (DirectoryEntry de in ent.Attributes[31].AvailableItemsList) { if (((ListDirectoryEntries)ent.Attributes[31]).Contains(de)) { items.Add(new CloseLocations(de.Term, true)); } else { items.Add(new CloseLocations(de.Term, false)); } } return items; }
The CloseLocations type is a class with two public fields (Key and Value) that are filled by my method and then passed into the report as a list and the report will show the list in a table quite happily.
It all works fine, as long as you don't have to include the ListsTypes() on your reports. Originally, the code to get the proper BindingSource running looked like this: ViewObject MyData = new ViewObject(vid, HidePD); this.ViewObjectBindingSource.DataSource = MyData; this.comfortAndSecurityBindingSource.DataSource = MyData.ObjectComfortAndSecurity(); this.closeLocationsBindingSource.DataSource = MyData.ObjectCloseLocations(); this.propPhotoBindingSource.DataSource = MyData.PropertyImages(); reportViewer1.RefreshReport();
Now, when I pass List to my primary BindingSource, the other binding sources have to be List<> or List types. I tried this: List myData = new List(); ... fill the list... List> comfort = new List>(); foreach(ViewObject vo in mydata) { comfort.Add(vo.Comfort()); } this.comfortAndSecurityBindingSource.DataSource = comfort();
the problem now is that the comfort List<> is not "bount" to it's parent object that shall be getting data from it. How can I fix this?
Has anyone dealed with this?
Source: http://www.livejournal.com/community/csharp/44980.html
-
Code review advice sought!
Date: 12/29/05
(PHP Community) Keywords: php, html, security, web, linux, apache
Greetings all, new reader on the community here.
I'm one of the co-administrators of a small private co-op site, and we recently had our webserver hacked. :( We're still trying to figure out why, but there is some suspicion that PHP vulnerabilities might have been the vector of attack. As a result I am planning to upgrade to the latest and greatest version of PHP, but before we go live again with that, I want to review the PHP that runs on a few sites we host and make sure that I've taken care of as many holes as reasonably possible.
We run Debian Linux, and I've just upgraded us to Apache 2.0 as well. (We plan to upgrade to 2.2 as soon as we have a Debian package for that.) And I plan to put PHP 5.0.5 up off of backports.org.
The questions I would like to pose to the community are:
1) Since PHP 5.1.1 is not available in package form yet, are there any known big problems with 5.0 that might make it necessary for me to build 5.1.1 by hand?
2) I've been reading up in the Security chapter of the docs on php.net, as well as the SecurePHP wiki, and have come up with a list of things I know I'd like to look at. Can anyone recommend things besides these items that I ought to look at?
- Use .htaccess to control who gets to look at source code - Take sensitive data, e.g., passwords, out of public web space - Verify that register_globals is OFF - Validate all user data - Initialize variables - Turn off magic quotes - Use addslashes and stripslashes as needed - Set expose_php = off in php.ini - Log errors out to files not in public space rather than displaying them on the page - Use $_POST, $_GET, $_COOKIE, and $_SESSION for global variables - Use htmlspecialchars() for hidden form values - For URL stuff, use both htmlspecialchars() AND urlencode(); the latter should be for specific variables in the URL, and the former for the entire URL
Thank you very much in advance for any pointers!
Source: http://www.livejournal.com/community/php/384514.html
-
How To Fix Strange Problems with Internet Explorer December Security Update
Date: 12/31/05
(Java Web) Keywords: browser, security
Users reported experiencing odd browser behavior after installing the most recent security update which has been identified as being caused by a registry key.
Problem:
Some reported opening a browser window that promptly hangs IE, others have reported opening links that render blank. There are also reports of multiple windows opening when initiating a browser session.
When:
This [...]
Source: http://blog.taragana.com/index.php/archive/how-to-fix-strange-problems-with-internet-explorer-december-security-update/
-
File upload control issues with ASP.NET (playing with fire)
Date: 01/03/06
(C Sharp) Keywords: html, asp, security, web
Heya all,
I'm working on a web-based application (using ASP.NET and C# on .NET 1.1.4322, supporting only IE6 for Windows) that allows for file uploads. It seems to be a universally agreed that the file upload control is as ugly as they come, so I want to set its style to "display: none;" and interact only with the standard file upload dialog (which can be summoned by firing the click() method of the control, which is exposed under IE6 but not recent versions of Mozilla).
Attempting programmatic access of a file upload control is generally playing with fire, and this time is apparently no exception. Once I call the click() method, it seems, the page is no longer able to post back. When I attempt to submit the form, the value of the file upload control is cleared and the page just sits there. However, if I make the file upload control visible and manually click its "Browse..." button, the page posts back correctly.
For those of you familiar with Gmail's attachment upload interface, this is very close to the effect I am trying to achieve, but something about ASP.NET is apparently interfering (perhaps for my own protection) with the process. Has anybody experienced similar behavior under the same platform, and if so, explain the behavior or point to a KB article or security documentation that might be enlightening ?
Thanks greatly for your time. Toy code can be found after the cut.
Codeahead:
<%@ Page language="c#" Codebehind="Foo.aspx.cs" AutoEventWireup="false" Inherits="FooApp.Foo" %>
Codebehind:
using System;
using System.Collections;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Web;
using System.Web.SessionState;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.UI.HtmlControls;
namespace FooApp
{
public class Foo : System.Web.UI.Page
{
protected HtmlInputFile f;
protected HtmlGenericControl s;
private void Page_Load(object sender, System.EventArgs e)
{
if (this.IsPostBack)
{
s.InnerText = String.Format("{0} file(s) posted", Request.Files.Count);
if (1 == Request.Files.Count) { s.InnerText += String.Format(", content length: {0}", Request.Files[0].ContentLength); }
}
}
override protected void OnInit(EventArgs e)
{
InitializeComponent();
base.OnInit(e);
}
private void InitializeComponent()
{
this.Load += new System.EventHandler(this.Page_Load);
}
}
}
Source: http://www.livejournal.com/community/csharp/45787.html
-
Marriott loses data on 200,000 customers
Date: 01/03/06
(Security) Keywords: security
Computer tapes containing bank details, Social Security numbers of Marriott Vacation Club clients have gone missing.
Source: http://news.zdnet.com/2100-1009_22-6015768.html
-
Symantec buys IMlogic in all-cash deal
Date: 01/04/06
(Security) Keywords: security
Security giant continues acquisition spree and can now offer protection for IM systems.
Source: http://news.zdnet.com/2100-1009_22-6016780.html
-
H&R Block blunder exposes consumer data
Date: 01/04/06
(Security) Keywords: security
Company inadvertently prints Social Security numbers on promotional mailings, but says security risk is low.
Source: http://news.zdnet.com/2100-1009_22-6016720.html
-
Firms urged to use unofficial Windows patch
Date: 01/04/06
(Security) Keywords: security, microsoft
In absence of a fix from Microsoft, security experts advise companies to use unauthorized patch for latest WMF flaw.
Source: http://news.zdnet.com/2100-1009_22-6016649.html
-
oh god where do I start?
Date: 01/05/06
(Computer Help) Keywords: software, security, virus, microsoft
(xposted to computersupport in hopes of getting all these problems solved!)
I just got my computer back online, and I've run into a few troubles in the last 6 months of no internet.
first off. I got a digital camera, installed the software, then installed photoshop. When I hook up my camera, the computer recognizes it and opens my photoshop, uploading my pictures. So is the Kodak Easyshare software even necessary? if I took it off, will my computer still recognize my camera? The software is little more than a nuesence right now.
also, the kodak software somehow messed with my thumbnail-to-full-size option when clicking on a picture in my files. it used to be the picture would take up the majority of the screen, and I could still do the whole next/previous options. This is what my computer was like when I bought it... but now when I click on a thumbnail of a picture, the whole thing takes up my screen except for 2 blue buttons saying "add to collection" or "done." How do I change this back to the original state?
Now for virus protection... I had Norton Internet Security 2004, and it expired. my computer prompted me to buy online a new subscription, but instead I went out and bought the same disc of 2005, thinking I could just enter the new product key. I even tried uninstalling the whole thing, then re-installing it with the new product key. no such luck. my computer still recognizes this as an expired 2004 virus protection and gives me popups every 20 seconds telling me to buy a new subscription online. Their tech support charges per minute so I was hoping to find help on here.
It still sends me warnings when my computer tries to access the internet though. So while using Music Match Jukebox's option to find track tags online, my computer asked if it was okay to allow "MIM" to access the internet... I didn't know Music Match Jukebox would be called MIM so I said Block, and now I can't figure out how to allow it to connect! (I'm a total software illiterate) any ideas?
I'm still having a problem of my computer telling me that it can't find "mkbdata.dat" at startup. I think it's a mouse software, but I can't figure out how to delete it, or what the old mouse would be called on my computer. I had this problem months ago but never solved it.
I need a software that allows me to edit audio and video tracks. like for songs on CD's that have 20 minutes of silence before playing a hidden track. it's taking up WAY too much room on my computer. anything free available?
now my last two problems (for now.) I deleted some annoying mail thing that was on my computer when I got it, because I never used the program. but now when I click on an "email me" link on people's pages, it tells me "could not complete because you do not have a default mail client set up." PLEASE help me re-download whatever I deleted or help me find a new program that even I could understand. And lastly, I REALLY miss Microsoft Works... like Wordpad but with more options of what you can do with the page. Anyone know where I can download this for free?
Source: http://www.livejournal.com/community/computer_help/560509.html
-
help!! annoying security prompts
Date: 01/06/06
(Computer Help) Keywords: html, security, ebay
I run: windows 98 SE, IE 6.0
For some reason, just today, when I log into sites, I can't STAY logged in, and I get annoying security certifcate prompts everytime I go to ebay and gmail ..
I can't access the 'standard' view of gmail, and the 'html' version of gmail wont let me delete messages.
I looked in my internet options >> advanced tab, and 'warn about invalid site certifates' is UNCHECKED, (I never had it checked in the first place, nor did I change any security settings to make it this way, so I have no idea what is going on.)
I cleared ALL cookies, my cache, my temp internet files, ran hijackthis, and spybot, and nothing showed any problems or fixed anything.
wtf is going on?
thanks alot for your help.
Source: http://www.livejournal.com/community/computer_help/561595.html
-
ISPs asked to help clean up Sober worm
Date: 01/09/06
(Security) Keywords: security
Security company says ISPs should warn customers with infected PCs so they can disinfect the machines.
Source: http://news.zdnet.com/2100-1009_22-6024727.html
-
php frameworks and such
Date: 01/09/06
(PHP Community) Keywords: cms, php, html, database, security, web
Hey all,
I know there's been a couple posts about this recently, so if I'm asking redundant questions, sorry.
A friend of mine has come up with a pretty novel idea for a MySpace-ish site, but for a specific niche market (kind of like those CatSpace and DogSpaces that exist) - users will have profiles, photos, a blog, message boards, send friend requests, yadda yadda yadda, you've seen it all before. I'm going to be developing the initial setup myself (since we have no money), and this is a somewhat long term project that I'll be picking at casually for a little while.
Right now I'm trying to figure out if I should give this a go coding from scratch, or use an existing CMS type solution (like Mambo, Joomla, Drupal, etc). I'd really like to code it myself, as I think it could be a fun project to work on. I'm a pretty solid PHP programmer, but as I have a feeling that this idea could jump in popularity pretty quick, I really want to make sure I keep this thing as efficient as possible for a large user base. For instance, I don't want to go making another MySpace which I think runs horribly as a web app compared to even LiveJournal.
Currently I use PEAR's DB_DataObject or my database interactions and I've just gotten into Smarty for templating, though I'm sure I'm not using either to their fullest potential. I saw mention of a couple of development environments and frameworks in someone's recent post looking for a visual studio-esque PHP environment - http://www.livejournal.com/community/php/388602.html but I've never used any of these.
I'm not really concerned here with using a "rapid development" framework - I don't mind coding, I like it - but what I'm really concerned with is stability, efficiency and security - I know of course that these also rely heavily on how well I code, and using a good coding environment or framework won't do the coding for me, but there have to be some tools/frameworks/etc out there that pros are using that I just haven't moved onto yet, and I wanted to see what you guys (and gals) are using on some of your bigger projects.
- I know this comes up a bunch, but does anyone else think would it be handy at all for us as a community to maybe organize some of the more useful threads and frequently asked (and answered) questions in the php community at a separate location? Doing just a search on the community doesn't necessarily give you anything about the quality of the responses, and it may even be nice to be able to 'browse' solutions/posts by categories or something; maybe we could have some sort of quality ranking on posts, or some way to identify posts that contain questions that get asked all the time. I don't think this would be too tricky to put together, and I'd be willing to work on it, but I don't know if anyone would even use it?
Source: http://www.livejournal.com/community/php/392457.html
-
Fixes in for Windows, Microsoft e-mail flaws
Date: 01/10/06
(Security) Keywords: security
Two "critical" security bugs in Windows, Outlook and Exchange could allow an attacker to hijack vulnerable PCs, company says.
Source: http://news.zdnet.com/2100-1009_22-6025413.html
-
McAfee president jumps to Websense
Date: 01/10/06
(Security) Keywords: security
Gene Hodges, who worked at McAfee since 1995, resigns to take posts of CEO, president at rival security company.
Source: http://news.zdnet.com/2100-1009_22-6025122.html
-
QuickTime bugs open door to attack
Date: 01/11/06
(Security) Keywords: security
Several security flaws in Apple Computer's media player could put computers running Windows and Mac OS X at risk of hijack.
Source: http://news.zdnet.com/2100-1009_22-6025626.html
-
Homeland Security helps secure open-source code
Date: 01/11/06
(Security) Keywords: software, security
The government department is giving millions of dollars to a project that will comb open-source software for security bugs.
Source: http://news.zdnet.com/2100-1009_22-6025579.html
-
most images, thumbnails, placeholders not loading
Date: 01/11/06
(Mozilla) Keywords: java, security, web
After switching to FF 1.5, iam facing these annoying problems.
1) Most times when i load web pages, most placeholders like image links, thumbs, even smaller icons etc simply dont load. All are blank. Reloading doesnt really help much, still many places are blank. Its a big annoyance seeing blank even after successive reloads. when only the image resource is loaded, that single thing loads perfectly. bloody flash objects, adds all load, images,thumbnails dont.
2) Not a big annoyance, still some pages fail giving the error message, 'unable load could not connect'.. when i reload it problem is solved. Its annoyance at times to keep reloading.
Regard to first problem, I use a laptop, in it all pages load perfectly with IE. Also both IE,FF work perfect in a desktop(same connection). So it should not be a problem with the connection.
Also i tried in another user, another profile, a completely new profile all these with no extensions, the same problem persists there also. So its not because of extensions either.
info : options->contents-> all image settings are correct with no filters. javascript, java enabled.
I run windows XP (with all latest security).
Can anybody help.. its big big nuisance.
Thanks in advance
cross posted to firefoxusers
Source: http://www.livejournal.com/community/mozilla/347293.html
-
Is it safe yet? Not really
Date: 01/11/06
(Security) Keywords: software, security
Q&A Check Point Software Technologies CEO Gil Shwed takes a hard look at the changing face of cybersecurity.
Source: http://news.zdnet.com/2100-1009_22-6025784.html
-
QuickTime patch hits trouble
Date: 01/13/06
(Security) Keywords: security
Recent security update to Apple's popular media player is causing system problems, some Mac OS X and Windows users complain.
Source: http://news.zdnet.com/2100-1009_22-6026745.html
-
paypal/ebay scam
Date: 01/13/06
(Computer Geeks) Keywords: asp, security, ebay
So here is the deal. I was selling this laptop on ebay. Retails about $850. So I get an email in ebay from this guy say he needs it right away and it for his son, blah blah blah. I will pay you $4,000 if you can ship it to me right away and if we can do the transaction through western union. So here is the emails. Just be careful, I am very security minded and almost fell for it. If it wasn't for my distrust in most things, I wouldn't of call western union and found out it was fake.
From: "ade taiwo" | Block Address | Add to Contacts To: lordsaibat Date: 11 Jan 2006, 05:55:09 AM Subject: Congratulations Your Payment Is In Progress !!!
-------------------------------------------------------------------------------- Dear Seller,
This is to inform you that your payment has been made and is currently under processing, I am very sure you are in receipt of the notification of my payment from Western Union.
Anyway, I want the package to be shipped out as soon as you received the approval of your money order from Western Union so that my Son can be able meet up with the need for this package .
Kindly get back to me with the shipment tracking number immediately you shipped my package.
I WANT THIS PACKAGE TO BE SHIPPED AS SOON AS THE PAYMENT APPROVED FROM Western Union AND SHIPPED IT THROUGH Global Express mail 3-5days USPS POST ONLY PLS.
I will be looking forward to hearing from you soonest because the Package is urgently needed.
Regards, Ade
-- _______________________________________________ Get your free email from http://fastermail.com
From: "Western Union Transfer" | Block Address | Add to Contacts To: lordsaibat@gawab.com Date: 11 Jan 2006, 05:54:36 AM Subject: MONEY ORDER PENDING (7650980937)***DO NOT REPLY***
-------------------------------------------------------------------------------- ========================================================================================================== ========================================================================================================== THIS IS AN AUTOMATED MESSAGE, PLEASE DO NOT REPLY ========================================================================================================== ========================================================================================================== *AUCTION PAYMENT NOTIFICATION*
Western Union ® Order Number: 7650980937
Dear Tobias Mccurry,
This is to notify you that Western Union® Accounts Payments has received an order placed by Mr.Ade Tawio, of your auction item to have a Western Union® branded Money OrderSM sent to you as payment for the auction item. The order is currently being processed.
The details of the transaction are stated below: ---------------------------------------------------------------------------------------------------- *AUCTION DETAILS* AUCTION SITE : Ebay Inc. AUCTION ITEM : HP PAVILION Laptop ---------------------------------------------------------------------------------------------------- *FINANCIAL DETAILS* ---------------------------------------- AUCTION AMOUNT : $ 3,800.00 SHIPPING AMOUNT : $ 200.00 ---------------------------------------- TOTAL : $ 4,000.00 ---------------------------------------- Once the order is processed successfully, you will receive another email from Western Union ® informing you that the money order has been approved.The Money OrderSM will be delivered to the address below, Please verify that the name and address (As entered by the buyer)are correct: ------------------------------------------------------------------------------------------------------- NAME : Tobias Mccurry ADDRESS : 7101 C Mcnickle CITY : TAFB STATE : Ok POST CODE : 73145 COUNTRY : USA EMAIL : lordsaibat@gawab.com ------------------------------------------------------------------------------------------------------- Seller Should Not ship until you recieve another email informing you that your money order has been APPROVED, also seller must ship the item upon receipt of the confirmation email that your money order has been APPROVED in other not to delay your money order from being shipped to the designated address provided by the buyer.
Seller must ship the item to the buyer when the money order has been approved and send the tracking number to our agent email address:(helpdesks@consultant.com) DO NOT forget to include Order number,your full name and address. -------------------------------------------------------------------------------------------------------- PLEASE NOTE: This is only a notification informing you that the buyer Has made payment to Western Union®, The payment is currently being processed and is regarded as PENDING as it is still subject to APPROVAL after being successfully processed.Western Union® hereby advises you NOT to ship the item until you have received another message from Western Union® stating that, the order has been APPROVED.Please exercise some patience as the process usually approved within 1 to 24 hours. -------------------------------------------------------------------------------------------------------- Thank you for using Western Union® Accounts Payments. We look forward to serving your online auction payment needs better in the future.
Western Union Team, Accounts Payments.
============================================================================================================= THIS IS AN AUTOMATED MESSAGE, PLEASE DO NOT REPLY =============================================================================================================
From: "Western Union Transfer" | Block Address | Add to Contacts To: lordsaibat@gawab.com Date: 11 Jan 2006, 01:09:31 PM Subject: MONEY ORDER HAS BEEN APPROVED***(7650980937)***DO NOT REPLY
-------------------------------------------------------------------------------- ========================================================================================================== ========================================================================================================== THIS IS AN AUTOMATED MESSAGE, PLEASE DO NOT REPLY ========================================================================================================== ========================================================================================================== *AUCTION PAYMENT NOTIFICATION*
Western Union® Order Number: 7650980937
Dear Tobias Mccurry,
Congratulations! The order placed by Mr.Ade Tawio, of your auction item to have a Western Union Accounts® branded Money OrderSM sent to you as payment for the item has been successfully processed and has consequently been APPROVED. The financial details of the transaction are stated below: --------------------------------------------------------------------------------------- *FINANCIAL DETAILS* ---------------------------------------- AUCTION AMOUNT : $ 3,800.00 SHIPPING AMOUNT : $ 200.00 ---------------------------------------- TOTAL : $ 4,000.00 ---------------------------------------- -------------------------------------------------------------------- ***PLEASE NOTE*** The Money OrderSM will be delivered to the address below, Please verify if the name and address (As entered by the buyer)are correct: ----------------------------------------------------------------------------------------------------------------------------- NAME : Tobias Mccurry ADDRESS : 7101 C Mcnickle CITY : TAFB STATE : Ok POST CODE : 73145 COUNTRY : USA EMAIL : lordsaibat@gawab.com ----------------------------------------------------------------------------------------------------------------------------- ***ATTENTION** The order has been APPROVED, you CAN NOW ship the Item to the buyer shipping address. You are expected to make the shipment within 48 hours of receiving this Payment Approval Notification. This is the buyer shipping information: ----------------------------------------------------------------------------------------------------------------------------- Name : Mr. Ade Tawio Address : 40 queen cinema street City : IBADAN State : OYO STATE Zip : 20001 Country : NIGERIA ----------------------------------------------------------------------------------------------------------------------------- If the buyer has requested that the item be sent to any address other than the one provided above, please ship the item OUT and notify us immediately. Go to http://www.Westernunion.com Be sure to include the Western Union Accounts Payments order number and the change of address the buyer has requested. Also, include the change of address as the subject of your mail. ----------------------------------------------------------------------------------------------------------------------------- ***PLEASE NOTE*** The Money OrderSM will NOT be dispatched until shipment has been verified. This measure is taken in order to protect both seller and buyer interests and to reduce the occurrence of fraudulent activities. ----------------------------------------------------------------------------------------------------------------------------- *SHIPMENT VERIFICATION* You can have the shipment confirmed/verified in any of the following ways:
1. Shipment should be made to the buyer and the TRACKING NUMBER of the shipment should be sent to our agent email address : helpdesks@consultant.com Once the verification of shipment is confirmed, you will be notified and your money order will be shipped out to your designated address immediately.
2. Your money order will be delayed until you send the SHIPMENT TRACKING NUMBER of the item been shipped to our agent as a Confirmation.
3. Your money order will be shipped out immediately you send the shipment notification to our agent. PLEASE ON NO ACCOUNT MUST YOU ALLOW THE BUYER GAIN ACCESS TO THIS MAIL.
Thanks for using Western Union. Looking forward to serve your future Online needs.
Western Union Team, Accounts Payments.
============================================================================================================= THIS IS AN AUTOMATED MESSAGE, PLEASE DO NOT REPLY =============================================================================================================
Source: http://www.livejournal.com/community/computergeeks/859697.html
|