Related
What is the proper format for html hyperlink code that will cause a file to download to the phone and not have the browser try to open it? I have files that are text, they are GPS files, but they don't have a TXT extension and IE keeps opening the files as text.
If it matters (but I don't think so) I'm running a reasonably stock HTC WM 6.0 ROM on a Hermes.
Regards,
GPSGary
You want to do this server-side? Or client-side?
FTP download code
I'm trying to write html code that will cause a file on my web site to download directly to the phone file directory without the browser trying to open it. It would be extra useful if I could make it download to a specific existing directory.
Regards,
GPSGary
Well, I hate to say this but you can't. That's the simple answer.
The complicated answer is that you need to set up some sort of server-side script to place the headers manually, or you need to modify some of the settings for your server's remote access handler. On Apache servers, this can be done via a file called .htaccess.
If you have a .htaccess file that you can modify, just enter this at the top of it:
Code:
RewriteEngine on
RewriteCond %{REQUEST_URI} \.(gps|cab)$
RewriteRule .* - [T=application/octet-stream,L]
Note that I didn't know the extension you're talking about so I put "gps" up there. I also added "cab" because many servers have a tendency to not send the proper headers for cab files. Feel free to add other extensions using this same method.
Again, this is assuming you have an Apache server, and you have the privileges to modify a .htaccess file.
Forcing ftp type download
No Apache server so isn't there some other way?
Anyone got a good Java script?
Regards,
GPSGary
Hi there,
as far as I know, you don't need java:
ftp-links are always proposed to "Save File", so your link should be ftp://www.domain.com/folder/filename.txt
This will cause any browser to download the file instead of opening it.
In that case, you definitely need an real ftp access to your file ... (ftp = FIleTransferProtocol).
Best regards,
I've encountered this before and resorted to zipping the file. You can also spoof the system by renaming the file to *.AAA The user, of course, will have to rename the file on their end. I have better luck with .zip unless it's for my own use. Any file which is recognized natively by the browser will open within the browser. This includes .txt, .htm, .html, and any other file associations you've successfully loaded.
gepp said:
No Apache server so isn't there some other way?
Anyone got a good Java script?
Regards,
GPSGary
Click to expand...
Click to collapse
That's what I'm tellin' ya. It's IMPOSSIBLE to do this with client-side scripting, i.e., Javascript.
I'd like to help you get this resolved. Can you clarify some things for me?
Are you using Geocities, Fortunecity, Google Pages, or one of the other free site services out there?
Do you understand the distinction I'm making between client-side and server-side scripting?
What server software are you using, if not Apache?
Are you able to utilize a PHP or Perl engine? (I can tell you how to send the file headers manually through either of those.)
I promise I'm not trying to be rude or anything. I just want to make sure we're both on the same page here. I can tell you the best way of getting this resolved, but I need to know where you stand, and I need to know the extent of your web development knowledge.
PHP or Perl will work
I'm on a Yahoo small business server. I've used PHP so that will work on my site and I know enough to fiddle with it if need be. Less proficient with Perl but have some exposure.
Regards,
GPSGary
Awesome. That works. Here is what you will basically be doing with PHP then.
PHP:
ob_start()
$GPSFile = '/path/to/file.gps'; //This is where the file is located on your Yahoo Business server
$DownloadName = "File.gps"; //This is the name that pops up when you're prompted to download the file (it can be different than the name above).
$TypeOfFile = 'text/plain'; //If you still have issues, change this to 'application/octet-stream'
header("Cache-Control: public, must-revalidate");
header("Pragma: hack");
header("Content-Type: " . $TypeOfFile);
header("Content-Length: " .(string)(filesize($GPSFile)) );
header('Content-Disposition: attachment; filename=' . $DownloadName);
header("Content-Transfer-Encoding: binary\n");
od_end_clean();
readfile($GPSFile);
I'm working on developing my first WM 6 App using SQL CE 3.5 . I'm sure there are other apps out there that do what mine does, but I'm just wanting the experience of developing it.
I'm working on a fairly simple app to track gas mileage and such. But, for some reason, whenever I debug it, the app can't seem to find the database file. I get an error saying: "The database file cannot be found. Check the path to the database. [ Data Source = .\GasTrackerDB.sdf ]"
I can browse with file explorer on the device and find the database in the same directory as the deployed application, so I'm not really sure where to go from here..
I'm doing everything through the IDE, so all of the code is generated for me to connect to the database.
Anybody experienced enough to help me troubleshoot this stupid problem?
i have been looking for an app that does the same thing as the one you are working on.
when it is finished please pm me. i wish i knew more programing, if i did i would help you.
Try
Code:
string database = string.Format(@"{0}\GasTrackerDB.sdf", GetApplicationPath());
public static string GetApplicationPath()
{
string path = System.IO.Path.GetDirectoryName(System.Reflection.Assembly.GetExecutingAssembly().GetName().CodeBase);
return path;
}
I did figure it out after messing around with it. I think it has to do with the way VS2008 deploys the app on the emulator...
When I hard-code the path to the database file, it works. So, my app will just have to be installed on the local device and not the SD card
Don't hard-code the path! The method GetApplicationPath() returns the application path. This is also important when installing on OS with different language.
heliosdev said:
Don't hard-code the path! The method GetApplicationPath() returns the application path. This is also important when installing on OS with different language.
Click to expand...
Click to collapse
How is that possible when the Connection String was generated by the IDE? Here's what the .xsd says:
Code:
<Connection ConnectionStringObject="Data Source=\program files\gastracker\GasTrackerDB.sdf" IsAppSettingsProperty="false" Modifier="Assembly" Name="GasTrackerDBConnectionString" ParameterPrefix="@" Provider="Microsoft.SqlServerCe.Client.3.5" />
On application start create the connection string "Data Source = " + database (like post #3)
This connection string can then be passed wherever you need to connect to the database.
That's the problem.. the IDE created all the stuff for the connection string and I don't know enough about it to create everything needed manually.
How do you connect to the db? What are you calling for retrieving data from db? How do you insert data to the db? All these actions need an object which somehow knows the connectionstring. And this string can/must be changed.
Hmm.. That doesn't seem to be a valid function name. I'm using .NET CF 3.5 .I'll keep looking.
Well, I wrote my own function to get the execution path, but I still can't figure out how to modify the connection string at runtime.
This crap is ridiculous. I don't understand why it doesn't "just work" when I let the IDE do everything...
Well, I FINALLY made it work.. i ended up going through the xsd file and changing all the code that creates queries. I had to replace every instance of:
Code:
CType(Me._commandCollection(0), Global.System.Data.SqlServerCe.SqlCeCommand).Connection = New Global.System.Data.SqlServerCe.SqlCeConnection("Data Source=.\GasTrackerDB.sdf;")
With:
Code:
CType(Me._commandCollection(0), Global.System.Data.SqlServerCe.SqlCeCommand).Connection = New Global.System.Data.SqlServerCe.SqlCeConnection("Data Source=" & GetAppPath() & "\GasTrackerDB.sdf;")
That had to be done for every one of my queries created through the designer. Thankfully I only had 5!
Great! Keep in mind that changes in generated code can get lost when the ide is recreating the code. Just keep an eye on it when doing changes in this area!
heliosdev said:
Great! Keep in mind that changes in generated code can get lost when the ide is recreating the code. Just keep an eye on it when doing changes in this area!
Click to expand...
Click to collapse
Yeah, I already ran into that one If it gets to be too much of a pain, I'll see if I can create some sort of compile time script to do a find and replace.. But I haven't spent enough time going back and fixing it yet
go to
http://www.connectionstrings.com/
They have everything you need to build your connection string. From my experience, it's okay to let the IDE build everything EXCEPT the connection string....
I am researching the possibility of using MSXML to update XML records on Windows CE devices using only pocket internet explorer. I was able to open and edit XML files using a local web page, but could not successfully save the results of an update. I tried the "save" method of a ActiveXObject("Microsoft.XMLDom") object. This works fine on a PC as long as I save the webpage with the .hta extension, but results in a Permission Denied error when I save the web page with the .htm/.html extension. Win CE doesn't seem to support the .hta extension.
The two biggest restrictions for my project are:
1) Cannot "install" software (.cab,.exe) on the devices due to security policy and
2) There is no data connectivity on the devices.
So my questions are, "Is it possible to save a file using javascript inside a local web page on a Win CE/Windows Mobile device? If so, how?" The file happens to be XML, but the solution need not involve only XML objects as I can readily access the content as plain text.
My best guess is that it is not possible without some sort of windows CE equivalent of the pc .hta file. Anyone? I appreciate any hints/comments that can help.
Thanks,
Dan
By the help of FPDI library, I tried to write some exsiting pdf files but able to wirte only single page of pdf.
Below is my code:
PHP:
require_once '../includes/fpdf/fpdf.php';
require_once '../includes/fpdf/fpdi.php';
$pdf = new FPDI();
$pageCount = $pdf->setSourceFile("contractFinalTrans.pdf");
$tplIdx = $pdf->importPage(1);
$pdf->addPage();
$pdf->useTemplate($tplIdx, 10, 10, 200);
//set position in pdf document
// now write some text above the imported page
//$pdf->SetFont('Arial');
$pdf->SetFontSize(10);
$pdf->SetTextColor(255,0,0);
$pdf->SetXY(50, 50);
$pdf->Write(0, "page 1");///print this output
$pdf->SetAutoPageBreak(true,22);
$pdf->addPage();
$tplIdx = $pdf->importPage(2);
//$pdf->addPage();
$pdf->useTemplate($tplIdx, 10, 10, 200);
//set position in pdf document
// now write some text above the imported page
//$pdf->SetFont('Arial');
$pdf->SetFontSize(10);
$pdf->SetTextColor(255,0,0);
$pdf->SetXY(100 , 100);
$pdf->Write(0, "page 2");
$pdf->Output();
Can anyone suggest me how to Edit Existing multiple pdf using fpdf Library in PHP
I have explored many php developer forum related to this issue but I am unable to get satisfactory solutions. Hope this forum help me out for the same issue.
How to connect MySQL database in Java ?
I am coding a module in java that need a database connection with MySQL. I heard about DriverManager but I think it is pretty old method for database connection. Is there any newer and efficient way of doing the same. This Java questions and answers forum comprises of large number of tech and coding expert, So I expect quick and satisfactory solution or full set of instruction/ code require for this.
Connect mysql Java, Java mysql connection, DB connection in Java
http://findnerd.com/askquestion/java
I am coding a module in java that need a database connection with MySQL. I heard about DriverManager but I think it is pretty old method for database connection. Is there any newer and efficient way of doing the same. This Java questions and answers forum comprises of large number of tech and coding expert, So I expect quick and satisfactory solution or full set of instruction/ code require for this.
Hi all,
As part of a class I'm doing, we are required to post some content to a forum to engage in discussion on security:
.
Cross Site Scripting (XSS)
OWAPS describes Cross Site Scripting (XSS) where a website has been marked as a trusted website, which for some reason, can run malicious code or scripts through inputs such as forms. As the end user’s browser sees this site as trusted, it allows the malicious script or code to execute, which can give access to client side information before it is encrypted (such as usernames, passwords, session IDs, cookies, etc).
In PHP for example, a normal input box where a user would enter their name, would be able to enter the following:
When PHP prints this back out after submission, it will execute the script between the script tags (In this case, just a simple popup).
In this scenario, this can be solved by wrapping the input value with htmlentities:
This would print any script as literal text rather then executing it.
In Java,
XSS is still a major issue, both due to some sites not implementing simple work around such as htmlentities or htmlspecialchars, or for reasons where these cant be used. XSS affects PHP applications by as much as 86% - its PHPs biggest vulnerability.
In Java, the easiest method is to simply validate inputs and to encode special characters (<>[email protected]#$%^&*). Alternativley, OWASP have a XSS class which includes easy methods to best prevent against certain types of XSS.
Code Injection
Code injection is where using the sites scripting language, you can inject (rather, have the site pull) code from somewhere else.
For example, php can call one of its own pages like so:
however, if we replace the contact.php page with an external hosted script:
This will cause the enduser to execute that script. This all comes down to PHP validation which is coded within the PHP to ensure only valid respsonses are accepted.
This is unlike command injection. Command Injection is an attack which is designed to execute commands on the PHP hosted system (server). This can be done where most parameters are passed (headers, input boxes, etc) and will typically display any output on the returned webpage.
For example, to return a password for a certain user, you could use a command like:
Typically, to prevent such commands from executing, a whitelist of command can be made, whereby only those listed are allowed to be executed on the server. Alternativly, it is recommend where the application needs to invoke system side commands, to do this through local python scripts, rather then PHP calling the commands.
CRLF injection
CRLF injection comes from the elements CR (Carriage Return) and LF (Line Feed) – together (CRLF) this denotes a new line (done simply by pressing the enter button). If a website for example, allows you to upload a file, an attacker may name this file as follows:
This would result in a system command being carried out to delete everything in the /bin folder.
It also allows an attacker to write to the log file, by creating it own new line. If the logs are configured in such a way that they will email out any WARNINGS or ERRORS, an attacker may add these to a new log line repetitively, backing up the email and bandwidth.
The simple way around this is for JAVA to sanitise any input strings, either through substituting known commands, or through methods such as
SQL Injection
.NET SQL Injection allows an authorised SQL command to be sent to the SQL server and executed.
An SQL string may be built using inputs from a form. A possible example of this is:
Code:
SELECT email, passwd, login_id, full_name FROM members WHERE email = 'formemail';
where the red is the text from an input field.
However, we can modify this string which can allow some malicious stuff to happen:
Code:
SELECT email, passwd, login_id, full_name FROM members WHERE email = 'formemail'; DROP DATABASE members --';
Adding the red text to the email input box, would allow us to delete the whole table, or alternatively insert a new record into a table, or possible delete records, modify records (change passwords), or even delete whole tables.
To prevent this, you can limit the damage an SQL injection can do you using proper database permissions (deleting records, tables, etc), and to also use good sanitisation – look for -- or ; in any field and invalidate the data if it has these characters.
Directory Traversal
Directory traversal can also be referred to as a “dot dot slash” attack.
In php, a resource (page) can be called as follows:
However, it may be possible to get other files, not even part of the web directory using the following examples:
The easiest way to prevent this is to assign proper permission on the server itself. However, many web developers do not own the server, therefore, another layer of protection is fully qualify the file path, with the root being where the webpage sits.
Connection String Injection
Also known as connection string pollution, it is possible for an attacker to inject parameters into a connection string to a database. Typically a connection string is built by delimiting each value with a comma. In an injection attack, strings can be built using semi colons as a delimiter.
A typical connection string to a windows SQL server may look like the following:
Code:
Data source = SQL2005; initial catalog = db1; integrated security=no; user id=+’User_Value’+; Password=+’Password_Value’+;
However, if an attacker places a rouge windows SQL server on the internet, and then uses a connection string like follows:
Code:
Data source = SQL2005; initial catalog = db1; integrated security=no; user id=;Data Source=Rogue Server; Password=; Integrated Security=true;
This allows the target windows SQL server to connect to the rouge server using its own Windows credentials, exposing much data.
Backdoors
Backdoors can be common within applications and web applications and can occur across many types of frameworks, however, it’s the security around the knowledge of backdoors, and what they allow, which can be of concern. All modems, routers and some managed network infrastructure have administrator usernames and passwords. However, sometimes, the network vendor (CISCO, NETGEAR, etc) or ISP may choose to put a backdoor access onto these devices. This may be in case a user forgets their administrator credentials, for automatic firmware updates, or for remote troubleshooting. Some of these backdoors may allow for more settings then what is normally shown to an end user.
For example, some older Optus supplied modems had the hidden user: Admin, and a password of: Y3S0ptus. This was standard across thousands of supplied modems. The problem was, the end user had no way of changing the default setting for remote web access from Enabled to Disabled, which meant anyone that knew of their IP address or domain name, could now remote access their modem router, add port redirects, and now connect to devices within their LAN.
In the case of ISP provided modems, it might be safer to simply by something else, not supplied by the ISP.