 |
|
|
I just finished installing Win7. I opened IE8 and was testing it. One thing led to another and before I knew it I was on one of well known magicians' website.
They have a menu called "cool stuffs", hmmm that sounds interesting and my eyes caught a sub menu called "tricks". I thought I will get a lesson or two on some simple magic tricks. I clicked on the menu and up comes the page. It has "Enter password protected area" button. The page has a pointer where to get the password. I didn't have password, but went ahead and clicked on the button anyway. In a blink of an eye, I was taken back to the site where I was before I entered their website. I thought they played a trick on me. Rubbed my eye and went back to their web site again and for the second time I got the same thing. I got curious and went for the third time, but this time I did page view and this is what I found
So, what happen is scripted window functionality is disabled by default on IE8 ( at least on my setup) and that prevented prompt from showing. So, when the code run, it got blocked and never got to prompt me for input. That shot testV over the roof and kicked incorrect password.
I am sure the magicians did not intend it, nonetheless, it turns out to be nice trick.  
After seeing the code I didn't need the secret password, just type the secret page and boom I was in.
p.s. to protect the innocent I have changed the prompt text and redirect page.
|
|
|
|
|
|
|
Was the real password "xyzzy"?
|
|
|
|
|
|
|
When I look at it, it shows "*****".
Luc Pattyn [Forum Guidelines] [My Articles]
I only read code that is properly indented, and rendered in a non-proportional font; hint: use PRE tags in forum messages
|
|
|
|
|
|
|
Luc Pattyn wrote: When I look at it, it shows "*****".
where did you look at?
|
|
|
|
|
|
|
Ian Shlasko wrote: Was the real password "xyzzy"?
No, it was simple everyday word. If you think of magician not too difficut to guess the word.
|
|
|
|
|
|
|
|
|
|
PIEBALDconsult wrote: Rabbit? Sleeve? Hat?
Passwords shouldn't be nullable...
Luc Pattyn [Forum Guidelines] [My Articles]
I only read code that is properly indented, and rendered in a non-proportional font; hint: use PRE tags in forum messages
|
|
|
|
|
|
|
|
|
|
|
|
|
that is from the walls of the cave
|
|
|
|
|
|
|
 peace & serenity
|
|
|
|
|
|
|
I got burned by this once. As you know, the strxxx_s functions are the secure versions of strxxx, which check the buffer size to prevent overruns. When porting old code to VS2005 or later, I usually replace all these functions more or less mechanically. However, there strncpy has changed in a way which sometimes breaks code in a puzzling manner.
From MSDN documentation
strncpy
char *strncpy(
char *strDest,
const char *strSource,
size_t count
);
The strncpy function copies the initial count characters of strSource to strDest and returns strDest. If count is less than or equal to the length of strSource, a null character is not appended automatically to the copied string.
strncpy_s
errno_t strncpy_s(
char *strDest,
size_t numberOfElements,
const char *strSource,
size_t count
);
These functions try to copy the first D characters of strSource to strDest, where D is the lesser of count and the length of strSource. If those D characters will fit within strDest (whose size is given as numberOfElements) and still leave room for a null terminator, then those characters are copied and a terminating null is appended; otherwise, strDest[0] is set to the null character and ...
Now under ordinary circumstances, this is fine, but in a few cases, the source string was being copied to the middle of the destination (overwriting part of the existing string). The old specification meant that the remaining string is left intact, but with the new secure version, the string gets truncated.
Using memcpy instead has fixed the issue (for now, at least, until I can rewrite the spaghetti that I've inherited...  )
|
|
|
|
|
|
|
Tricky, but:
std::wstring is your friend.
(And worth the extra lines, even if surrounded by spaghetti.)
........................
Life is too shor
|
|
|
|
|
|
|
In the spirit of the new charter of this forum - "wicked code" - I see this as wicked code...
I started programming long before many of the rest of you. Over the years, I've grown to have a huge distrust of not only users and their antics, but also other programmers and their seeming apathy regarding ensuring that data is valid before trying to use it. One of the problems I encountered was storing and retrieving enumerator values in data sources, and preparing the code to gracefully handle manually values - either modified by the user, or incorrectly set or interpreted by the programmer. So I came up with this method that I have include i pretty much every program I write:
public static T IntToEnum<T>(int value, T defaultValue)
{
T enumValue = (Enum.IsDefined(typeof(T), value)) ? (T)(object)value : defaultValue;
return enumValue;
}
The purpose of the method is to allow the programmer to initialize a data member of a specified enumerator type to a value contained in the ordinal list. The problem this method addresses is that if the programmer retrieves an enum ordinal value as an int type, and wants to initialize an enum data member, he really has no programmatic idea if the value represents a valid ordinal. He simply tries to set it, and hope for the best (handling an exception if the assignment goes sideways on him).
This method allows the programmer to make the same attempt, but with controlled results and thereby avoiding the inevitable exception generated when an invalid ordinal value is used. Usage goes something like this:
enum SomeEnum { Zero=0, Five=5, Six=6, Eight=8 };
SomeEnum value = IntToEnum(5, SomeEnum.Zero);
value = IntToEnum(4, SomeEnum.Zero);
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001
|
|
|
|
|
|
|
John Simmons / outlaw programmer wrote: I started programming long before many of the rest of you.
I first programmed on this actual system[^] using machine code, fed in from the buttons on the front panel, or boot-loaded from paper tape; great fun!
|
|
|
|
|
|
|
I did say "many" of the rest of you. 
.45 ACP - because shooting twice is just silly
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass..." - Dale Earnhardt, 1997
-----
"The staggering layers of obscenity in your statement make it a work of art on so many levels." - J. Jystad, 2001
|
|
|
|
|
|
|
|
|
|
Actually I've inferred the age of that machine from the grainy black and white photos.
Chris Meech
I am Canadian. [heard in a local bar]
In theory there is no difference between theory and practice. In practice there is. [Yogi Berra]
|
|
|
|
|
|
|
Chris Meech wrote: I've inferred the age of that machine from the grainy black and white photos.
To say nothing of the dress sense of those of us in the computer room. The pictures were taken round about 1965 and although I am not in any of them, I do remember the names of a few of my colleagues that are pictured.
|
|
|
|
|
|
|
You could apply generics to this as well to reduce how many times you have to create this in your code. 
public static U ToEnum<T, U>(T value, U defaultValue)
{
return (Enum.IsDefined(typeof(U), value)) ? (U)((object)value) : defaultValue;
}And made into an extension method, if you so choose.
|
|
|
|
|
|
|
What's the point of type T? You might as well just use object and remove the unnecessary cast.
Personally, I would also eliminate the repeated typeof(U) and cache the Type, but that's just me.
|
|
|
|
|
|
|
True, you could just drop that. I just got generic happy.
As for caching the typeof(U), since that is going to change per method instance - I don't know if you'd get anything by caching that. Plus, I'm not sure how you'd simply do that without adding a bit of overhead to the whole process. Typeof would be done at compile time, so it should be fairly efficient as is.
|
|
|
|
|
|
|
Oh, right, this is a method, not a class; I usually write a generic class and cache the Type.
|
|
|
|
|
|
|
I am interested in the caching concept...
Can you give us a small sample on how its implemented.
Do you write two blocks of code, like a singleton - where you save a reference to the type and return it every other time... I am not entirely sure how its done... please share
|
|
|
|
|
|
|
Singleton schmingleton; static classes are what Singletons hope to be when they grow up.
I hold a static reference to the Type; see here[^].
|
|
|
|
|
RSS feed
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin