appending code like this could be a js vulnerability?

Advertisements html = ` <div class="ai-message loading"> <img src="<?php echo get_template_directory_uri()."/assets/images/icon.png"?>"> <svg class="message-container ai-bg" id="dots" width="66px" height="29px" viewBox="0 0 132 58" version="1.1"> <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd" sketch:type="MSPage"> <g id="dots" sketch:type="MSArtboardGroup" fill="#ffa3fc"> <circle id="dot1" sketch:type="MSShapeGroup" cx="25" cy="30" r="13"></circle> <circle id="dot2" sketch:type="MSShapeGroup" cx="65" cy="30" r="13"></circle> <circle id="dot3" sketch:type="MSShapeGroup" cx="105" cy="30" r="13"></circle> </g> </g> </svg> </div>… Read More appending code like this could be a js vulnerability?

March 29, 2023 MRLeave a comment

When making a form, what's the difference between required in html and checking it later in php?

Advertisements I’m new to web development and I don’t know whether it’s better to check that user filled out all the fields in a form by using "required" or to check it later using php with empty() and then return user to the front page. What are the upsides and downsides of each method? I… Read More When making a form, what's the difference between required in html and checking it later in php?

January 27, 2023 MRLeave a comment

MessageDigest in Java to C#

Advertisements I am trying to translate java code to c#. I’m kind of stuck on this exercise below: MessageDigest md = MessageDigest.getInstance("MD5"); md.reset(); md.update(pass.getBytes()); byte[] enc = md.digest(); StringBuilder hex = new StringBuilder(); for (int i = 0; i < enc.length; i++) { String h = Integer.toHexString(0xFF & enc[i]); hex.append((h.length() == 2) ? h :… Read More MessageDigest in Java to C#

November 6, 2022 MRLeave a comment

are using django q objects (complex queries) with user input secure?

Advertisements Is it possible to inject a SQL attack in these queries? is it okay to insert user input in the query directly like below or it need a validation etap in advance : query = self.request.GET.get(‘q’) query_result= Consultant.objects.filter( Q(first_name__icontains=query) | Q(last_name__icontains=query) | Q(group__title_techGroup__contains=query) | Q(practices__title_practice__contains=query) ) >Solution : Yes, they’re just as secure as… Read More are using django q objects (complex queries) with user input secure?

September 5, 2022 MRLeave a comment

what are the dangers of letting website members upload js for other members to use?

Advertisements for example CodePen and Khan Academy programming projects. they let their users upload js scripts that will run on other computers, codepen even lets users with pro account use 3rd libraries. I want to do the same thing on my site, how dangerous is this ? how to minimise risks ? >Solution : It’s… Read More what are the dangers of letting website members upload js for other members to use?

June 1, 2022 MRLeave a comment

I have this error System.ServiceModel.Security.MessageSecurityException

Advertisements For what I read and understood, this happens when I’m not sending the authentication. But I tried to send it in two ways: string userN = "username"; string _pasw = "password"; BasicHttpBinding binding = new BasicHttpBinding(); Endpoint wsdl = new Endpoint("MyEndpoint"); SoapClient client = new SoapClient(binding, wsdl); client.ClientCredentials.UserName.UserName = userN; client.ClientCredentials.UserName.Password = _pasw; await… Read More I have this error System.ServiceModel.Security.MessageSecurityException

May 26, 2022 MRLeave a comment

Why does it print the same log twice?

Advertisements I have to do an .upperCase() through a formatter, but I don’t understand why it prints the same message but without the upper, since I have established that it uses only that. I am using java util test. public DatabaseAccessProxy(String pass, DatabaseAccess database) throws SecurityException, IOException { this.logged = false; this.pass = pass; this.database… Read More Why does it print the same log twice?

May 26, 2022 MRLeave a comment

CORS Issue with Angular 10 and net6.0 API project

Advertisements From angular project when I send to GET request in my backend it works fine but if I send POST request with body that time it’s not work. Angular Code login(email: string, password: string) { return this.http.post<any>(`${baseUrl}/authenticate`, { email, password }, { withCredentials: true }) .pipe(map(account => { this.accountSubject.next(account); this.startRefreshTokenTimer(); return account; })); }… Read More CORS Issue with Angular 10 and net6.0 API project

May 25, 2022 MRLeave a comment

SQL Developer "Edit User" has incomplete DDL

Advertisements I’m logged in as "SYS as SYSDBA" and am inspecting a user with SQL Developer 21.4.3. The user has some system privileges set: But the SQL tab does not have any system privileges in the DDL: Why? >Solution : Edit User…find a priv, CHECK (enable) it. Then click on SQL page – If you… Read More SQL Developer "Edit User" has incomplete DDL

May 24, 2022 MRLeave a comment

How do I write a JSON file using GSON in the resources folder without using src/main/resources?

Advertisements I’m trying to write a JSON file with GSON in the resources folder without using src/main/resources: package repository; import com.google.gson.Gson; import com.google.gson.GsonBuilder; import com.google.gson.reflect.TypeToken; import org.tinylog.Logger; import java.io.*; import java.util.List; public class GsonRepository<T> extends Repository<T> { private static final Gson GSON = new GsonBuilder().setPrettyPrinting().create(); public GsonRepository(Class<T> elementType) { super(elementType); } public void saveToFile(String resourceName)… Read More How do I write a JSON file using GSON in the resources folder without using src/main/resources?

May 23, 2022 MRLeave a comment

Dev solutions

Solutions for development problems

Tag: security