Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I am working on an online application that will also allow uploads of image files. The server handling the upload is written in C. So I was thinking if it was possible to upload malicious content. I am talking about viruses or malicious code or the like. I will only allow the upload of images so I can check the MIME-type and also the file suffix. But I am not sure if this is enough. The uploaded pictures will be delivered automatically via an HTML <img> tag.
I know that in the past images have been used to provoke buffer overflows and other unpleasant stuff. But maybe this isn't my responsibility to check but rather on the end of the browser to not allow image processing to expose vulnerabilities?
In short: When offering a service that depends on images provided by the users what can I do to prevent my server of becoming a distribution center of Malware? What are best practices regarding this concern? Would I go ahead and check the uploaded file via a certain algorithm or a certain library? Would that open vulnerabilities on my end? Is it my concern at all?
Edit: I may not have been specific of the mode of operation of the file uploading part. It is a module of nxweb a server written in C as is the module. So I am looking for ways to validate the file in that module.
Just test your file: Images (to confirm they are images) and executables (to discard them).
In order to test images, you can try open it with ImageMagick or OpenCV or FFmpeg or similar libraries that allow you to open several different formats! If the file can't be open as image, it's not an image!
Testing only images is just fine, but if you wanna test executables to get even more precision result, look for the PE format (Windows), Linux ELF, Mach-O (Mac OS X) and so on... they are not hard to parse. There's a lot of open source for this.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
How to offer multiple resolutions under device (v4l2loopback)?
Idea is that depending on what would be requested as read of stream, different command would be run.
Background is that v42loopback is fed by other stream and is to be used from browser level and browser dynamically changes resolution (Jitsi) or user would be the one selecting it.
Therefore preferably, if i.e. 1920x1080 is requested, v4l2loopback device is fed with such stream by the source and if other, then parameters are adjusted. At the same time request to v4l2loopback device (/dev/video42 or any number) could be 640x480 and there's no reason for to feed the loopback device with FHD at that time.
This might be more of RFE as might require some code changes. The resolution would have to be passed over and calling script with parameters. On the same tune, type of stream could be requested, i.e. h264, VP8, etc. and obviously it is impossible to feed multiple streams like this to loopback device in parallel.
Due to bandwidth/cpu power it is not possible to provide continuous feed with multiple resources, hence the need.
speaking as v4l2loopback upstream: you can't.
what you can do is create multiple devices with different resolutions.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I saw questions of this for other types of files but not batch. I don't know much about code, but I have an idea.
Open up the link in Microsoft Edge (because it's already logged into the website), and download it from there. I don't know how to make the batch file to OPEN and DOWNLOAD using Microsoft Edge though. Is this possible?
To open, I think it's this:
start microsoft-edge:http://www.cnn.com
How do I download it after opening Edge?
Not exactly batch file, but using tools that are already part of Windows, you can fetch web content with Powershell, which according to the article, can simulate the Unix curl command.
Another way, if you absolutely insist on using batch, is to install the curl command and then use the answers here to help you get further, using cookies to keep track of the login between multiple invocations of curl.
Basic usage is easy, but maybe you need a curl tutorial to help you do this.
There is another tool called wget that has similar functionality and may be a better or easier method for you. Mileage may vary.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
I have a Delphi application that I cannot recompile.
In the process of moving the database to a new SQL Server version, I want to change the database password so it's no longer blank. The problem is that the application has the database credentials embedded in the .exe.
Is there any way that I can change the password?
Server name and database name are configurable.
If the connection string was saved in the TADOConnection component in design mode, Your best choice is to use Resource editor such as Resource Hacker.
The forms or data modules DFM are found in the RCData section. just change the connection string and use "Compile script".
This will save your changes back to the EXE file without the worry of corrupting the EXE.
I assume your EXE is not packed (PE packer) or digitally signed.
Below is a screenshot of part of a D7 .Exe of mine showing the relevant part of its Ado ConnectionString.
I used an antique file viewer (from the example apps accompanying an old TurboPower library) to take the screenshot. I just loaded the file into it, entered "persist" as the search string and skipped a couple of TPersistent instances to locate it.
Of course, you could use any old hex file-editor to do similar and change it, provided the .Exe isn't compressed or protected against tampering by checksums, etc.
You'll probably need to experiment a bit, & compare with another app which has a non-blank password so that you can come up with some new credentials that'll fit into the space available in the .Exe's disk image.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I'm making a network manager program as a small project, and I want it to be able to access data on my Airport Extreme (most importantly, the DHCP client list).
There has to be a way of accessing the client list file from the Airport Extreme, after all, Airport Utility can do it. All I want to do is read the data from the file/list.
If anyone could even point me in the right direction, that would be great. I'm also hoping that I can get this program to run on all *nix machines, not just a mac (so any Airport utility hacks wouldn't really help).
You can do this via SNMP. Get hold of an SNMP browser such as GetIF and browse around the Airport via its address to see exactly what's in there, then use an SNMP library to get hold of the same information yourself in your application.
Network management essentially is SNMP. I'm surprised you hadn't come across it already.
I can't leave a comment so I will leave an answer. I don't have a solid answer but I have a few bread crumbs that might be helpful.
see the comment on page 5 — https://discussions.apple.com/thread/5101886?start=60&tstart=0 by user "_r_s_"
Also
1) Open airport utility
2) Double click your airport device from the window or click the device and then click the edit button.
3) Now go to File>Export Configuration File
4) Open the .baseconfig file in your favorite editor
5) Now go to http://aldentech.wnyric.org/webshare/mkempste/AirPort%20Utility%20copy.app/Contents/Resources/English.lproj/AirPortSettings.strings to help you sort out what all the strings mean.
6) Edit your base config file — Use the site below to find out the strings meaning in the .baseconfig file and edit the file to yield the result you are looking for.
7) Import the file back to your airport device and it should give you the features it is capable of.
I am posting these steps because Apple has removed SNMP for Airport Utility but they appear to be in the XML.
If you are willing please leave a link to your project.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I'm after a very tiny XML parser for an embedded project. It needs to compile down to 10-15k, doesn't need to validate, and needs to be simple and portable.
I was able to tweak the compilation flags of the following XML parser libraries for C, and cut down more than 50% of their size on my Ubuntu machine. Mini-XML is the only one close to what you requested:
Mini-XML (36K)
Expat (124K)
RXP (184K)
There's a good discussion here:
C XML library for Embedded Systems
I was searching for one recently and I found SimpleXML (http://simplexml.sourceforge.net/) and the slightly larger sxmlc(http://sourceforge.net/projects/sxmlc/)
I find SimpleXML more interesting because it's simpler, I didn't try it but it looks like it matches what I have in mind, a single file(well .h and .c) library that doesn't support exotic XML features.
The simple XML parser is a tiny parser for a subset of XML (everything except entities and namespaces). It uses a simple "one-handler per tag" interface and is suited for use with devices with limited resources.
Try yxml — it's really small and fast non–validating parser.
You can always roll your own implementation. I did this a few years ago, and just now added some interface documentation to the code at mercurial.intuxication.org/hg/cstuff.
Please note that the parser has never been used in a production environment or even been tested more than rudimentarily; comments are non-existent as well, so have fun grokking the code if you need to modify it ;)
I developed sxmlc ("Simple XML in C") exactly to be like that: as little files as possible. It's only one file, with an optional "search" file you can add if you need XPath-like search through the document.
It handles DOM-style loading (the whole document tree in memory) or SAX-style loading (calling callbacks whenever a node is read with its attributes, or text was read on a node). If memory is a concern you'll be interested in SAX.
Some people were also interested by the fact that it can parse either files or memory buffers (useful when you get XML as a web reply).
It handles Unicode files since version 4 through #define, so if you don't need Unicode, just don't define the SXMLC_UNICODE and there won't be any weight increase in the binary.
I also have to say it keeps comments when writing back XML to disk! I always felt sorry when people spend time explaining configuration syntax in XML files ("put 'true' to enable special compression..."), which are wiped when saved back by the application.
It compiles under Linux and Windows. I had good feedback from people happily embedding it in routers.
As I want to keep it as simple as possible, I will probably not add new functions but rather improve the existing ones (and correct bugs, of course! :)). I am not very active in its development, unless bugs are reported.