Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I was reading this article on how to secure my website from attacker i stopped on these line and i was trying to figure out what they mean by it
you cannot rely on the file extension or the mime type to verify that the file is an image
as these can easily be faked. Even opening the file and reading the header, or using
functions to check the image size are not full proof. Most images formats allow storing a
comment section which could contain PHP code that could be executed by the server.
What do they mean by Most images formats allow storing a comment section ?
link : http://www.netmagazine.com/features/10-essential-security-tips-protect-your-site-hackers
Well, just like you can store a comment inside an MP3 file, a lot of image formats also make space for a comment. A comment is just a short bit of text to describe the file.
Lots of applications now are able to extract just a little bit of information from a lot of different file types, and the risk is that your PHP code, while extracting the comment from an image file (a relatively easy task) may run the risk of incorporating any PHP code stored in the comment into your PHP code.
Essentially, this exploited a bug in PHP, kind of similar to a SQL injection exploit. Most HTTP servers, however, when sending images, send them as binary so you needn't worry too much about image files on web-pages being a threat.
Just make sure that any image work you do doesn't try and interpret the comment section, instead pass it through a formatter/sanitizer to ensure that the content of an images' comment section, if retrieved, is not just inserted into the HTML at the point of displaying it.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 months ago.
Improve this question
Hail all:
Though I am 52, and active with computers since 1986 (those were more oversized calculators, to be correct), i have no idea what is meant with Form Data.
I know, I know, this is insane, but i just never came across this before.
Might be, I DO know it, but by a different name, maybe Dutch.
Still I am quite stuck, to be quite honest.
Tried to google it, got heaps on information as to how to clear it, restore it, save it, unsave it, ... , but nowhere an in-depth explanation of what is meant with form Data.
Now, I am building a Batch File, for speed-cleaning of certain data, when my Firefox starts to get slow ... .
Came across the "erase Form Data" command, but nae clue as to what Form Data is.
Thank you.
Ben
That rundll32 command only applies to Internet Explorer and will not touch Firefox.
Anyway, form data is data entered into html forms like your name, address and telephone etc. These form fields are edit boxes, check/radio buttons and drop-down selectors.
Firefox has its own setting to clear form data when you close the browser. Form data is very low on the list of what slows down your browser...
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
How to avoid mistakes 41 (DataBase.dct)? I work in FoksPro. My file is corrupted. How to save me my table?
On kompyuetere besides my other work tasks .Klient turns my task and work in another, then back at me and an error is 41, that is corrupt memo-file database. Sometimes peeled off the first file in the database and the file is checked.
In FoxPro (VisualFoxPro), if you have a database container, you will have files with the extensions of
.DBC -- The .dbf equivalent representing the database container
.DCX -- The .cdx equivalent representing the indexes for the database container
.DCT -- The .fpt equivalent (memo file content) for the database container.
So, if the database container is whacked, you may just need to go to backups as the database container really doesn't change much.
If you have a specific individual table (based on actual .dbf, .cdx, .fpt file extensions), then the memo file could be corrupt. I don't know of an easy way to repair corrupt memo files, but did write an answer out here on how the .FPT file is formatted to get the content out at low-level file handling.
That said, can you confirm if it is a database container corruption, or an individual table corruption... And also if an individual table, how large is the file and how critical is the content of the memo file content to the table vs something like generic notes that could be easily done via manual re-entry (in case partial recovery of memo is possible).
If a .FPT, .VCT or .DCT is missing, you must replace it. You might have to get it from a backup. If you can't get it from a backup, you will have to re-create the file.
If it is corrupted, you can look for a tool to repair it. It's hard, though.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
Am using golang as a programming tool of choice.
What i wanted to write is a program that downloads large files with resume support utilising range requests in the http headers
something similar to aria2c.
To do that you should study the part 14.16 — Content-Range — of the RFC document describing the HTTP/1.1 protocol and then apply that knowledge to manipulate the set of HTTP headers sent when the client request is executed — see the documentation and examples there.
To calculate the range to request, to continue downloading, you should get the current file's size. This can be found in the results returned by the Stat() function which can be called on an opened file — *os.File returned by a call to os.Open().
You should open your file in append mode and then use something like io.Copy() to stream the data from the Body HTTP response member to the file object.
Do your own research on how to read data from HTTP responses in Go — they are abundant on the Internet.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
Recently I attended an interview, where the interviewer asked me the following questions in technical face to face interview:
How does Sticky Notes works?
How Windows is able to preserver the data even though it is not saved explicitly?
How the data is preserved even when the system crashes?
I've no idea how does it works. Tried googling, but I couldn't find any useful information.
Can anyone explain or give some information?
I agree with #Vii's response. He has the right information about where the file is stored.
I have found some forensic background on this file here:
http://www.forensicswiki.org/wiki/Sticky_Notes
It seems like the SNT file has 3 datastreams, 0,1 and 3. Stream 0 stores information in RTF form and Steam 3 stores the actual text in Unicode format.
The Root Entry of the storage stream has a timestamp associated with it and you can use tools like MiTec Storage Viewer, Sticky7List to view the creation and modification times associated with the file. You can create a sticky note and observe when it creates the datastream and modify the sticky note and monitor how it modifies the file.
Some helpful references:
http://www.pcworld.com/article/191453/sticky_notes.html
https://superuser.com/questions/396698/how-to-retrieve-contents-of-stick-notes-directly-from-file-system
http://www.forensicswiki.org/wiki/Sticky_Notes
http://computer-forensics.sans.org/blog/2010/10/19/digital-forensics-stuck-stickies-2
http://windowsir.blogspot.com/2011/08/sticky-notes-analysis.html
Sticky notes are written to a file which you can find at '%appdata%\Microsoft\Sticky Notes\StickyNotes.snt' and since there is not an explicit 'save' option, it should be flushing the content to that file as you write it and hence the data is preserved in case of a system crash.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
We have to convert EVERYTHING to images for archiving purpose. DOC, HTML, email, ZIP, PDF, TXT and any document you can read/view on computer. In addition, it must recursive convent on all embed attachment and files in zip.
I know ImgMaker only. Is it the best or I can have something better?
My boss ask me to search that are there any alternative other then ImgMaker.
Any open source or profit suggestion are welcome.
There is a whole industry built around this type of function and numerous service providers that charge a fee per document to do this type of conversion. You are better off buying than building it on your own.
The idea of converting Everything is fundamentally a fool's errand as you would need a single program that could render every file type ever created (in essence recreating every piece of software that ever wrote a data file AND recreating every version of each). Also, not every file format has a format that has a direct rendered form. For example, what do you do with a database file, a DLL,an XML file, a WAV file?
If you are looking for something that does a reasonable job for a large number of formats, there are two main players with OEM toolkits, but both are extremely expensive and neither supports the Java platform directly. I use the former if you have any additional questions.
Stellent (now Oracle) OutsideIn: http://www.oracle.com/technologies/embedded/outside-in.html
Autonomy KeyView: http://www.autonomy.com/content/Products/idol-modules-keyview-viewing/index.en.html
Another possible option is an image print driver like Black Ice, but it has several issues including the need for a copy of every software application on the machine the code is running on, and an operator to dismiss all the inevitable dialogs that will come up when you open the files in the native application. Also, for things like Excel spreadsheets, you usually need some manual tweaking of the spreadsheet to make the printout look right (else you get 900 pages added to your tiff with that one extra column that wouldn't fit)
I don't know if this will help, because it sounds like you want something totally automated, but there are many pseudo-printer drivers that can create TIFF images as output. For example:
http://sourceforge.net/projects/pdfcreator/
Uh? How do you expect to convert a zip archive to an image? What should the pixels show? Should it be lossless, so you can convert back? If it's for archiving, I would guess that is a requirement, but it sounds weird.
What's going to happen to the tiff images afterwards? Assuming you want to manage them in some way, it seems to me you'd be better off looking for some complete documentation management product that can take these doc types as input and manage/archive the (presumably) large number of images that you'll have.
Otherwise you would seem to be re-inventing the wheel.
If you want open-source, something like Alfresco
Note the server based transformation feature below
Alfresco offers one integrated
repository to manage all formats of
content across image management,
document management, web content
management and email repositories. The
repository is a modern platform with:
One Repository for any Digital Asset
The industry’s most scalable, standards-based, JSR-170 content repository
Standards support for JSR-170, Web Services and REST
High-Availability, Fault Tolerance and Scalability – Auto failover and clustering
Secure Distributed Capture over Web Services, HTTP and HTTPS
Reuse of Alfresco Business Policy Rules
Server-based transformation between many formats including TIFF, JPEG, GIF, PNG, MS-Office, PDF and FLASH
Metadata Extraction and Management
Automatic Classification Framework
find to do the recursion in combination with convert from imagemagick tookit would get you pretty far. I guess to support all what you want, you'll need to write a script that calls the right program.
The question as asked cannot be answered sensibly. One obvious solution is to simply rename each file by attaching .tiff. E.g. you could get ringtone.mp3.tiff. Insane as it is, there are not many better ways to convert an .mp3 to a .tiff.
Note that this is not an IT problem. The business is assuming everything is an image, and music is the trivial example of something that isn't.
( To clarify - this was assuming an automated setting, e.g. to archive incoming email for legal reasons. If that's required, you MUST archive incoming MP3's too. If you've got humans in the loop, this question would not belong on a programming forum. )