|
ArtCollector wrote: I must make sure that the OTP generation process is secure, "impossible" to bypass and free of any bugs or loopholes.
Do you think it's a really good idea to publish secure code on a public website and ask people to comment on problems?
You do realize that access to the source code makes hackers jobs a whole load easier?
I've deleted the link, and I'd strongly suggest that you delete it from the remote end as well before your IT security department notice it and rightly come down on you like a ton of bricks...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Did the code let you know which bank it was for? Need to know where never to put my money....
|
|
|
|
|
And again...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
ArtCollector wrote: How could a hacker's job be a lot easier just because he can access the source code?
The fact that you work for a bank is scary. I wouldn't let you program my VCR.
|
|
|
|
|
Down vote countered.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Clearly, you have no idea about security...
Do you think that "not mentioning the bank" and then publicly publishing it's intellectual property anyway is going to be a good defence when higher ups find out? Suppose you wrote a game, and shortly before you released it to iTunes or Google Play I took a copy of your complete source and posted it on facebook. Would you be a happy bunny? Same thing.
And if you don't know how access to source code make it easier for people to work out ways round then frankly, I wouldn't let you program my calculator ...
It's worrying that someone so naive can be working on security systems to deal with real money: if my bank suddenly introduces a one-time-pin system in the next couple of months I'll be changing banks just in case it's some of your code.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
ArtCollector wrote: I must make sure that the OTP generation process is secure, "impossible" to bypass
Which rules out doing it on the client, then.
Unless you're using Node.js on the server, Javascript is not the way to go.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Stick to art collecting, you obviously do not have the first idea about banking security. But do let us know which bank it is as we all need some extra money.
|
|
|
|
|
Down vote countered - he clearly doesn't like the truth...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
|
Psalm 119:160
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
<script src="js/canvasjs.min.js"></script>
<div class="panel panel-default">
<div class="panel-heading">
<div class="panel-title-box">
<h3>Login Statistics</h3>
<%--<span>Visitors (last month)</span>--%>
</div>
<ul class="panel-controls" style="margin-top: 2px;">
<li><a href="#" class="panel-fullscreen"></a></li>
<li><a href="#" class="panel-refresh"></a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"></a>
<ul class="dropdown-menu">
<li><a href="#" class="panel-collapse"> Collapse</a></li>
<li><a href="#" class="panel-remove"> Remove</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown"></a>
<ul class="dropdown-menu" id="changeGraph">
<li id="line"><a href="#">Line Graph</a></li>
<li id="pie"><a href="#" >Pie Chart</a></li>
</ul>
</li>
</ul>
</div>
<script type="text/javascript">
var myLink = document.getElementById('changeGraph');
$("#changeGraph li").click(function(){
var ids=this.id;
var loginChartType= this.id;
var loginToday = 9;
var loginWeek = 20;
var loginMonth = 30;
chartScriptFunc(loginChartType);
}
);
</script>
<script>
function chartScriptFunc(loginChartType) {
var chart = new CanvasJS.Chart("divLoginStats", {
title: {
text: "Login Statistics"
},
data: [
{
type: loginChartType,height:600,width:150,
dataPoints: [
{ label: "Today", y: 9 },
{ label: "This Week", y: 20 },
{ label: "This Month", y: 8 }
]
}
]
});
chart.render();
};
</script>
<div class="panel-body padding-0">
<div id="divLoginStats" style="height: 200px; width: 100%;">
</div>
<script>
var canvas = $("#divLoginStats .canvasjs-chart-canvas").get(0);
var dataURL = canvas.toDataURL();
$("#exportButton").click(function () {
var pdf = new jsPDF();
pdf.addImage(dataURL, 'JPEG', 0, 0);
pdf.save("download.pdf");
});
</script>
<button id="exportButton" type="button">Export as PDF</button>
</div>
</div>
|
|
|
|
|
Do you have a question?
There are two kinds of people in the world: those who can extrapolate from incomplete data.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Hello,
Can some one help me with JavaScript to read the Each row data from GridView and store it in the Array to use after postback.
GridView has 7 columns , where column 4 and 6 has TextBox and RadioButton list controls respectively.
Before postback, i would like to store textbox values and radiobutton selected index.
Regards,
VK
|
|
|
|
|
Where are you stuck?
1. Create array
2. Loop through rows in gridview
3. Add values to array,
4. Write to cookie, localStorage, Session, something
5. Etc.
There are two kinds of people in the world: those who can extrapolate from incomplete data.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Hello everyone.
I just recently started coding and I thought a good first project would be to automate inventory at work.
I'm working on a chrome extension that loads inventory, asks for the asset tag, searches for the tag, and then clicks the results of the search.
So far everything is great except for when I try to click the results of the search.
It doesn't matter what I try the click function always runs before everything else.
It doesn't make sense to me; here's what I have.
function getInfo() {
chrome.storage.sync.get('state', function (value) {
if (value.state == 'start'){
chrome.storage.sync.set({'state': 'noRun'})
getTag()
}
})
}
function getTag() {
var tagNum = prompt('Enter Asset Tag')
searchTag(tagNum)
}
function searchTag(search) {
document.getElementById('serial').value = search
document.forms.form1.submit()
setTimeout(function(){clickResults(), 15000})
}
function clickResults() {
document.getElementsByClassName('resultheader')[1].click()
}
getInfo()
If I move the setTimeout() to inside the clickResults() it breaks.
Any help is appreciated.
Thank you!
|
|
|
|
|
hexcypher wrote: what I try the click function always runs before everything else. What is "everything else?"
hexcypher wrote: If I move the setTimeout() to inside the clickResults() it breaks. That's because you create infinite recursion.
There are two kinds of people in the world: those who can extrapolate from incomplete data.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Hi all,
I am trying to execute javascript in a PDF that will allow the form to be submitted via email with a subject line that will pull a value from a field in the form. I am able to get the email portion to work, but I have not been able to customize the subject line to pull from the field. Below is the base script I am using to send the email without the customized subject line:
this.submitForm({
cURL: "mailto:aamos@lrrc.com?subject=TSC Form&body=",
cSubmitAs: "PDF"
});
The field I am wanting to pull from is labeled "Name". Below was one of my attempts, all of which have not worked.
Failed Script:
this.submitForm({
var Name = this.getField("Name").value;
cURL: "mailto:aamos@lrrc.com?subject=TSC Form (Name)&body= ) ",
cSubmitAs: "PDF"
});
Can someone point me in the right direction or help me with where I went wrong in the script? I am new to this and glad I was able to execute the first script successfully but I feel I am in over my head with the customization.
Thanks in advance for your assistance.
AA
|
|
|
|
|
As your entire text is in quotes
"mailto:aamos@lrrc.com?subject=TSC Form (Name)&body= ) "
it's taken as a literal piece of text. How does js know that when you say "Form" it means the word "Form" but when you say "Name" it means the value of a variable called "Name"? Instead you need to use string concatination to construct the string you want;
"mailto:aamos@lrrc.com?subject=TSC Form (" + Name + ")&body= ) "
|
|
|
|
|
That makes sense, I revised the script but now I am getting the following error.
SyntaxError: missing } after property list
line 7: cSubmitAs: "PDF"
The script I was using:
var name = this.getField("Name").value;
this.submitForm({
cURL: "mailto:aamos@lrrc.com?subject=TSC Form (" + Name + ")&body= ) "
cSubmitAs: "PDF"
});
I added a comma, a semicolon, a curly bracket... didn't change the error. This was not an error previously and that syntax worked when I wasn't trying to do anything complex with the subject line. Do I have to change the syntax because of what I am trying to accomplish with the subject line?
|
|
|
|
|
You need a comma after the end quote
var name = this.getField("Name").value;
this.submitForm({
cURL: "mailto:aamos@lrrc.com?subject=TSC Form (" + Name + ")&body= ) ",
cSubmitAs: "PDF"
});
|
|
|
|
|
MIND BLOWN !
Thank you so very much! I just yelped with joy, the people around me think I'm crazy. Thank you, thank you, thank you!!!!
|
|
|
|
|
Go to Parent-------------------------------------index.jsp-----------------------------------------
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<script type="text/javascript">
var req;
function initReq(){
if(window.XMLHttpRequest){
req=new XMLHttpRequest;
}else if(window.ActiveXObject){
req=new ActiveXObject("Microsoft.XMLHTTP");
}
}//initReq
function verifyUname(){
initReq();
var sid=document.getElementById("uname").value;
var url="checkunm.jlc?uname="+escape(uname);
req.open("GET",url);
req.onreadystatechange=processResponse;
req.send();
}
function processResponse(){
var st=req.readyState;
var resSt=req.status;
if(st==4 && resSt==200){
displayResult();
}
}//processResponse
function displayResult(){
document.getElementById("error").innerHTML="";
document.getElementById("result").innerHTML="";
var array=req.responseText;
var data=eval('('+array+')');
if(data.length==0){
document.getElementById("error").innerHTML="<font color='red' size='5'>no student found</font>";
}//if
else
{
for(var i=0;i<data.length;i++){
var jsob=data[i]; <<<<<<<<<<<<<< ----here value is not coming it is getting 0 each time input----------------
document.write(jsob.msg);
}
}
}
</script>
<body>
<form action="register.jlc" method="post">
<div id="result"></div>
<div id="error"></div>
<table>
<tr>
<td align="center" colspan="2">REGISTER HERE</td>
</tr>
<tr>
<td>
ENTER USERNAME
</td>
<td>
<input type="text" name="uname" id="uname" onkeyup="verifyUname()"/>
</td>
</tr>
<tr>
<td>
ENTER PASSWORD
</td>
<td>
<input type="password" name="password" id="password" onkeyup="verifyUname()"/>
</td>
</tr>
<tr>
<td align="center" colspan="2">
<input type="submit" value="REGISTER"/>
</td>
</tr>
</table>
</form>
</body>
</html>
------------------------------CheckUnameServlet-------------------------------------------------
package com.jlcindia.ajax;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.json.JSONException;
import org.json.JSONObject;
import org.json.simple.JSONArray;
import java.io.IOException;
import java.util.*;
public class CheckUnameServlet extends HttpServlet {
/**
*
*/
private static final long serialVersionUID = 1L;
ArrayList<String> unames=new ArrayList<String>();
public void init(ServletConfig config) throws ServletException{
unames.add("sri");
unames.add("lucky");
unames.add("piyush");
unames.add("ujjawal");
super.init(config);
}
protected void service(HttpServletRequest req,HttpServletResponse res) throws ServletException,IOException
{
String uname=req.getParameter("uname");
String msg="";
JSONArray array=new JSONArray();
if(uname!=null && uname.trim().length()>0){
JSONObject jobj=new JSONObject();
if(unames.contains(uname)){
try {
jobj.put(msg); <<<<<<<< -------------// here may be am doing wrong --------------
} catch (JSONException e) {
e.printStackTrace();
}
array.add(jobj);// <<<<<<<<< -------------// here may be am doing wrong --------------
System.out.println(array);
}
}
System.out.println(array.toJSONString());
res.setContentType("application/json");
res.getWriter().write(array.toString());
}
}
-----------------------web.xml------------------------
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" id="WebApp_ID" version="3.1">
<display-name>Test2</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>cuServlet</servlet-name>
<servlet-class>com.jlcindia.ajax.CheckUnameServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>cuServlet</servlet-name>
<url-pattern>/checkunm.jlc</url-pattern>
</servlet-mapping>
</web-app>
|
|
|
|
|
What part of "don't just dump your unformatted code and expect us to figure out what it's supposed to be doing" did you not understand?
Edit your post. Remove any code that isn't relevant. Add a clear description of what the code is supposed to be doing, what the code is actually doing, and the full details of any errors and exceptions. Remember to tell us which line of code the error is thrown from.
And while you're at it, remove the duplicate copy of this post from QA.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
i think you are not understanding the code properly just read the subject first and chk the code where i mentioned DID YOU NOT UNDERSTAND .dont just copy and paste your statements
|
|
|
|