Good Morning, I just set virtual directory at server and provide name for access main page, but there is a problem, if i access that page on my system it work but on other system in same network if you've any idea about that please tell me.
// member variables here// member functionthis.display_slide = display_slide;
// logic to display the next slide// To wait for 5 seconds and then call display_slide againsetTimeout(this.display_slide, 5000);
The problem is that this no longer refers to the slideshow object, but to the window object when the callback is made. Hence none of the code works the second time. The first time it works because it is directly invoked in the body onload event.
Is there a way to use setTimeout such that the function display_slide is called back in the correct context?
But no, I am not using it as a function; I am using it as an object as below.
var ss = new slideshow();
We are trying to do the URL encryption on all pages in our web application to prevent user modifying query string to do parameter tampering attacks. If we are building all URLs on the server side we certainly do not have any problems.
The only content that the server cannot encrypt are the ones that are in the control of the browser or entered by the user. If the user puts in enough effort, he can modify it, if the encryption is done at the client. Why? because he has the algorithm code, the key and the data. He just needs to modify the data and send it.
I agree this is a bit of a bad design, but if it must be done get on the Ajax bandwagon! Create a server-side method to be called via Ajax that will take some information and encrypt it into a URL, that way none of the encryption logic is on the client. Having said that, if the information needed to create the URL is sensitive this will expose it in the Ajax request, so not such a great idea.
Now I think about this, it seems the only way to solve this parameter tampering attack problem is to validate all user input.
Using SSL won't help to prevent parameter tampering because in this case the attacker is not someone who tries to intercept the data between end user and the server. The attacker is a valid user who just tries to gain access to certain data he does not have right to.
Using URL signing/encryption can work only if ALL the URLs can be built in the server side when the page is rendered.
Last Visit: 31-Dec-99 19:00 Last Update: 1-Dec-23 23:12