|
ROTFL - that's brilliant.
You *can* run C# on the client, if you create controls and embedd them in the page. It just opens security hassles, and would be stupid to do for something as simple as a media player.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
|
|
|
|
|
Hey,
What do you know about C#, ASP.NET and web development in general to have the guts to answer this guy?
Thomas
modified 29-Aug-18 21:01pm.
|
|
|
|
|
Not a thing, apparently..... :P
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
|
|
|
|
|
Hi!
I have to implement CSS in my C# asp.net web application.
I made a Css class and used it in my aspx form. But formatting is applied only on backgroud of the form. formatting on the web controls like buttons and labels is not applied. Can anyone guide me to solve this problem.
Thanx
|
|
|
|
|
Please don't just keep asking the same questions. What are you hoping for, if you're not going to post the code in question, and you don't respond when people answer you ?
Your CSS is obviously broken. ASP.NET and C# have nothing to do with it. Post some code, so people can help you.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
|
|
|
|
|
Thanx alot we have done it ourself
|
|
|
|
|
Hi,
This is Ashok Varma V. S. working with Cibernet, India.
I found you the right person to answer my question.
I have XSD, XML files and want to validate the XML against the XSD and then only proceed with parsing the XML file.
I used XML::SAX::ParserFactory, XML::Validator::Schema modules but following is the issues i faced ...
1. Failed with this reason --- elementFormDefault in <schema> must be 'unqualified', 'qualified' is not supported.
I modified the attribute 'elementFormDefault' value to 'unqualified' and it worked (practically, i should not do this).
2. The module that i am currently using(give below in code snippet) is not supporting <import> tag.
Can any one please suggest me a better module which does the above.
code snippet i used
------------------
use XML::SAX::ParserFactory;
use XML::Validator::Schema;
my $xsd_file = '/Users/vashokvarma/EID/xmlfile/EID.xsd';
my $xml_file = '/Users/vashokvarma/EID/xmlfile/EID.xml';
my $validator = XML::Validator::Schema->new(file => $xsd_file);
my $parser = XML::SAX::ParserFactory->parser(Handler => $validator);
eval { $parser->parse_uri($xml_file) };
if ($@) {
print "File failed validation: $@"
} else {
print "proceed with parsing XML\n";
}
------------------
Let me know if anyone need any additional information. Any kind of help is greatly appreciated.
Thanks in advance,
Ashok
Do what i do but dont do what i say ...
|
|
|
|
|
The technology i am using is CGI-Perl.
Do what i do but dont do what i say ...
|
|
|
|
|
Has anyone done much development using Iframes?
Is there any good resources aroung for Iframes?
Has anyone done any Iframe development using sharepoint?
Thanks,
macca
|
|
|
|
|
macca24 wrote: Has anyone done much development using Iframes?
Yes
macca24 wrote: Is there any good resources aroung for Iframes?
What do you mean? IFrames are just Frames for the most part so any DHTML/Javascript resources for Frames will mostly apply.
macca24 wrote: Has anyone done any Iframe development using sharepoint?
I have not done any Sharepoint anything. However the more you framework you use the less control and flexability you have.
led mike
|
|
|
|
|
Is there a way to do the following on a PHP web page hosted on an Apache server?
1) Limit the number of users that can download a given file at any given time
2) Throttle the download speed so that even though the same bandwidth is used on a download, coupled with a concurrent user limit (described above) it would effectively reduce the bandwidth per day.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
|
|
|
|
|
I'm no expert in PHP or Apache but the following could be one way:
Firstly the URL for the file should point to a PHP script.
Using a text file with simply a number in it, each time the script runs it will open the file at the start of the script and check the number. If its over the limit script execution will end. If not it'll incriment the number and continue (at this point you'd also have to close the file handle to enable other requests to open it).
Set the Content-Type header to the type of file so the browser handles it correctly. Also set the content length to the size of the file.
To throttle the download speed, open the file to download in the script and read a limited number of bytes (I think the maximum you can actually read at a time is 4096, not sure on that though). Flush those bytes to the response and then suspend the script for a few hundred miliseconds, and repeat until the whole file has been sent. Not 100% sure on how this should be done to enable several multiple requests, it might be a case of reading the whole file at once into a byte array and closing the file handle before sending any response (ofcourse this depends on the size of the file and the amount of memory).
Open the text file again and decriment the number.
Thats just a rough guess, hope it helps!
|
|
|
|
|
|
I have been in an argument at work involving this and I just want other people to hopefully back me up, but if I am wrong PLEASE let me know.
The current belief is that if you check for enabled scripting and deny anyone without that turned on as well as to disable the "Mouse Right Click" and "CTRL-N" that you can prevent users from seeing the source of the page. This would matter because like I asked before, information would be stored in hidden variables due to not using session variables. I am pushing for this change but for the time being that is what the mindset is. What I am asking is will this work, will it not work, and if not what can I tell these guys to convince them that they are wrong?
Thanks!
Cleako
|
|
|
|
|
That is so wrong it is not even funny. If I ever saw a security module like that actually being implemented I would recommend the developer by downgraded to chasis shiner. There is a rule to web development, If you trust your client your software will not be secure.
Sorry but anything on the client side will NEVER be secure.
Brad
Australian
- Christian Graus on "Best books for VBscript"
A big thick one, so you can whack yourself on the head with it.
|
|
|
|
|
i am agree with Brad.
You cant secure ur data by using javascript...
for example...
open any of ur page which is having hidden fields ooand text fields
and then copy this code and paste it on to address and press enter.
javascript:var x=document.getElementsByTagName("input");alert(x.length); for(var i=0;i<x.length;i++){alert(x[i].type);if(x[i].type=="text"){alert(x[i].value)}}
what have="" u="" seen...
this="" is="" very="" simple="" you="" can="" do="" much="" more="" then="" this...
bu="" now="" thing="" i="" will="" like="" to="" mention..="" am="" also="" using="" js="" in="" my="" current="" project="" and="" used="" heavily...="" but="" who="" gona="" crack="" it..="" knows="" the="" architecture="" of="" project..="" from="" where="" data="" comming..="" more...
who="" that="" when="" element="" being="" created="" it="" destroyed...
and="" tell="" what="" no="" body="" read="" or="" scan="" ur="" code...="" becuse="" time="" design="" twice..
so="" r="" not="" wrong="" want="" difficult...="" either="" this="" any="" other="" mean...
and="" end="" customer="" see="" which="" technology="" used...="" he="" look="" on="" time..
hope="" understand="" whats="" say...
=""
<div="" class="ForumSig">Ravi Kant Srivastava
(System Analyst)
HandsOn Technology & Engineering
Gurgaon
(India)
e-mail:ravikant@hte.co.in
|
|
|
|
|
I agree with the ability to use Java Script but to simply check for client scripting enabled, disabling the right mouse button click, and disabling the CTRL-N for new page which would contain the address bar seems like a bad way to control if someone can see, say, the SSN that someone might store as a hidden variable.
Even if you implement this, if someone can use some cross-site scripting somehow, couldnt they get all of those values or some reference to them and then exploit that?
Cleako
|
|
|
|
|
ANYTHING client-side can be seen and tempered with, end of story (this includes javascript, hidden form fields, cookies, session IDs, HTTP headers etc.). Javascript is not secure and in terms of security/validation should only be used to enhance the user experience by not requiring a server trip, server-side validation should still be implemented.
Besides, what if a perfectly authentic user comes along with no javascript? They won't be able to use the application!
|
|
|
|
|
JavaScript can extend and enrich the user experience. There should be a resilent serverside component to check the integretity of data against any tampering as well as hijacking.
|
|
|
|
|
That is why I try to tell these folks but there is a developer that has been here for a while whose every word is trusted. I have had argument after argument about doing things like straight SQL in the site code, Java Script to control every action, using Java Script as the only means of validation but requiring that client scripting be enabled, etc etc etc...
Cleako
|
|
|
|
|
Here are the arguments you need.
1. You can see the source of any web page, no matter what you do on the browser. If you managed to lock down the browser, the data can still be seen using a packet sniffer like Wireshark.
2. Since the browser and the transmission media cannot be trusted, the incoming data has to checked at the first point where you can check it and be sure that no one can modify it further. That point is your web server. So, you have to make sure that all data conforms to expected ranges and that no *bad* characters make it through in the parameters that will be used in generating SQL statements.
3. If the incoming data is not sanitized, hackers can send in SQL fragments in such a manner that they can compromise your SQL server. This mechanism is called SQL injection.
So, if you really care about security, please use TLS/SSL to encrypt the channel (only needed if sensitive data is involved), validate user input at the server, and use javascript to enhance user experience.
Thomas
modified 29-Aug-18 21:01pm.
|
|
|
|
|
That sounds great, now the question is will they believe me the guy that has worked there for 9 years that believes and has convinced others that JavaScript is a good model for security.
Cleako
|
|
|
|
|
cleako wrote: The current belief is that if you check for enabled scripting and deny anyone without that turned on as well as to disable the "Mouse Right Click" and "CTRL-N" that you can prevent users from seeing the source of the page.
That's ridiculous.
Any check for having Javascript enabled has to be done using Javascript, and the only way that the server will know the result is from what the browser sends in the next request, so the server can easily be fooled that the client has Javascript enabled.
Also, here are just some of the ways that you can get around the checks:
:: Select the "View Source" option in the menu.
:: Press Ctrl+U to view source (in Firefox).
:: Enable Javascript but disable replacing of the context menu.
:: Open the file in the browser cache.
:: View the form data in Page info (in Firefox).
:: Use a DOM inspector plugin to view the code.
:: Use a program other than a browser to request the page.
:: Intercept the network traffic to get the source before the browser does.
---
single minded; short sighted; long gone;
|
|
|
|
|
Hi,
I'm having this error,
'Bsc_Test1.src.controls.cont' does not contain a definition for 'ChartTitle'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'gcolors'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'XAxisTitle'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'YAxisItems'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'YAxisValues'
There definition is not writen in the back end code but it's in HTML of cont and cont is in folder src/controls. Please help me solve this.
Thanks.
|
|
|
|
|
first of all tell me what is this...
describe ur problem to get right answers, and quick help...
Ravi Kant Srivastava
(System Analyst)
HandsOn Technology & Engineering
Gurgaon
(India)
e-mail:ravikant@hte.co.in
|
|
|
|