I have to implement CSS in my C# asp.net web application.
I made a Css class and used it in my aspx form. But formatting is applied only on backgroud of the form. formatting on the web controls like buttons and labels is not applied. Can anyone guide me to solve this problem.
This is Ashok Varma V. S. working with Cibernet, India.
I found you the right person to answer my question.
I have XSD, XML files and want to validate the XML against the XSD and then only proceed with parsing the XML file.
I used XML::SAX::ParserFactory, XML::Validator::Schema modules but following is the issues i faced ...
1. Failed with this reason --- elementFormDefault in <schema> must be 'unqualified', 'qualified' is not supported.
I modified the attribute 'elementFormDefault' value to 'unqualified' and it worked (practically, i should not do this).
2. The module that i am currently using(give below in code snippet) is not supporting <import> tag.
Can any one please suggest me a better module which does the above.
code snippet i used
my $xsd_file = '/Users/vashokvarma/EID/xmlfile/EID.xsd';
my $xml_file = '/Users/vashokvarma/EID/xmlfile/EID.xml';
my $validator = XML::Validator::Schema->new(file => $xsd_file);
my $parser = XML::SAX::ParserFactory->parser(Handler => $validator);
Is there a way to do the following on a PHP web page hosted on an Apache server?
1) Limit the number of users that can download a given file at any given time
2) Throttle the download speed so that even though the same bandwidth is used on a download, coupled with a concurrent user limit (described above) it would effectively reduce the bandwidth per day.
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997 ----- "...the staggering layers of obscenity in your statement make it a work of art on so many levels." - Jason Jystad, 10/26/2001
I'm no expert in PHP or Apache but the following could be one way:
Firstly the URL for the file should point to a PHP script.
Using a text file with simply a number in it, each time the script runs it will open the file at the start of the script and check the number. If its over the limit script execution will end. If not it'll incriment the number and continue (at this point you'd also have to close the file handle to enable other requests to open it).
Set the Content-Type header to the type of file so the browser handles it correctly. Also set the content length to the size of the file.
To throttle the download speed, open the file to download in the script and read a limited number of bytes (I think the maximum you can actually read at a time is 4096, not sure on that though). Flush those bytes to the response and then suspend the script for a few hundred miliseconds, and repeat until the whole file has been sent. Not 100% sure on how this should be done to enable several multiple requests, it might be a case of reading the whole file at once into a byte array and closing the file handle before sending any response (ofcourse this depends on the size of the file and the amount of memory).
Open the text file again and decriment the number.
I have been in an argument at work involving this and I just want other people to hopefully back me up, but if I am wrong PLEASE let me know.
The current belief is that if you check for enabled scripting and deny anyone without that turned on as well as to disable the "Mouse Right Click" and "CTRL-N" that you can prevent users from seeing the source of the page. This would matter because like I asked before, information would be stored in hidden variables due to not using session variables. I am pushing for this change but for the time being that is what the mindset is. What I am asking is will this work, will it not work, and if not what can I tell these guys to convince them that they are wrong?
That is so wrong it is not even funny. If I ever saw a security module like that actually being implemented I would recommend the developer by downgraded to chasis shiner. There is a rule to web development, If you trust your client your software will not be secure.
Sorry but anything on the client side will NEVER be secure.
- Christian Graus on "Best books for VBscript"
A big thick one, so you can whack yourself on the head with it.
I agree with the ability to use Java Script but to simply check for client scripting enabled, disabling the right mouse button click, and disabling the CTRL-N for new page which would contain the address bar seems like a bad way to control if someone can see, say, the SSN that someone might store as a hidden variable.
Even if you implement this, if someone can use some cross-site scripting somehow, couldnt they get all of those values or some reference to them and then exploit that?
That is why I try to tell these folks but there is a developer that has been here for a while whose every word is trusted. I have had argument after argument about doing things like straight SQL in the site code, Java Script to control every action, using Java Script as the only means of validation but requiring that client scripting be enabled, etc etc etc...
1. You can see the source of any web page, no matter what you do on the browser. If you managed to lock down the browser, the data can still be seen using a packet sniffer like Wireshark.
2. Since the browser and the transmission media cannot be trusted, the incoming data has to checked at the first point where you can check it and be sure that no one can modify it further. That point is your web server. So, you have to make sure that all data conforms to expected ranges and that no *bad* characters make it through in the parameters that will be used in generating SQL statements.
3. If the incoming data is not sanitized, hackers can send in SQL fragments in such a manner that they can compromise your SQL server. This mechanism is called SQL injection.
The current belief is that if you check for enabled scripting and deny anyone without that turned on as well as to disable the "Mouse Right Click" and "CTRL-N" that you can prevent users from seeing the source of the page.
Also, here are just some of the ways that you can get around the checks:
:: Select the "View Source" option in the menu.
:: Press Ctrl+U to view source (in Firefox).
:: Open the file in the browser cache.
:: View the form data in Page info (in Firefox).
:: Use a DOM inspector plugin to view the code.
:: Use a program other than a browser to request the page.
:: Intercept the network traffic to get the source before the browser does.
single minded; short sighted; long gone;
Last Visit: 31-Dec-99 19:00 Last Update: 27-Nov-22 18:57