Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Before I go crazy and try to script a way to lock folks out of their accounts on multiple failed attempts, is a captcha ideal? I've seen several sites that do this, but wasn't sure how effective it would be. Granted, if a human is indeed trying to "hack" into someone else's account, I would think blocking access for a few minnutes would be much better than having them input some random obscure characters.
CAPTCHAs are a common solution. They're rarely ideal.
One suggestion: Offer x chances (say 3) at which point you lock the account and then require some sort of email validation to unlock.
Otherwise, I think giving 1 or 2 freebie chances is fine and then switching over to a CAPTCHA'd login is acceptable.
If you aren't having spambot problems, CAPTCHA's are rarely a good solution. They are just annoying. I agree with DA's email verification idea.
Related
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
This is not a programming question but I have no idea why I did it.
Yesterday, I was going through a tutorial about ethical hacking and found a tutorial about SQL injection. It says, find an admin login.asp site and enter as follows:
Admin: Admin
Password: ' or '1'='1
I really don't know what is that and how it works. But, when I tried the same for a website, I was shocked by the result. It gave me a warning like "... your IP address ip xxx.xxx.xxx.xxx and you may be prosecuted for this action ... etc" I was really scared by the warning. I had no intention to do anything, I was just following the tutorial.
Can anyone tell me what will happen to me? I am really worried about this.
To sum up what happened:
You attempted to inject SQL through whatever method you tried.
Their website was smart enough to recognize your input.
They generated an automated threat and sent it back to your browser.
I doubt you have to be worried. Their website most likely gets these kinds of attacks quite often and the amount of money they need to spend to prosecute is pretty great and that is only IF it is considered illegal in your region.
You should send them an email where you describe that you wanted to study techniques to avoid SQL injection attacks on your side. You should apologize and I'm sure there will be no problems.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Does anyone know where I could find a list of safe-for-work (i.e. no porn, piracy sites, etc) domain names that I can use to stress test software that performs asynchronous DNS lookups without raising questions if my network admin happens to be watching?
At least several thousand would be ideal. Most lists I've found have not been filtered at all. So far, using "raw" lists for DNS queries have not raised any questions, but my next step is to create TCP connections.
EDIT: I've cleared everything with local network admin people, however, this would still be nice to have for future developers on the project.
I think you probably worry too much. Having said that how about doing a google search for 'interesting facts about butterflies', parsing all the resulting domains and using those?
Your network admin will probably be more concerned with the fact that you're stress testing a network service on his network on the order of thousands of domains. If you have any kind of decent corporate firewall it's inspecting DNS queries and could choke on a high rate of queries. If your requirement is a legitimate business requirement the best option is to have your boss talk to the head of the network department to CYA.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
How can I prove that images were stolen from a website?
Is there any way to check from when an another website have the same images? I have no any access to the server.
Thanks for any idea!
UPDATE:
No, I'm not the one who forgot watermark. An old client of mine just found me with this question. Actually found Google cached page which we can use, but still interested if any other solution is exist. Like any image format contains any date attribute in it?
If you're using a Unix-based operating system, you might have access to cURL. Try running
curl --remote-time --remote-name http://url-to-your-image/
and see if you get a timestamp that is different from the exact time you downloaded the file. Not all servers respond with the time, but it might be worth an attempt.
But generally, if it's your original work, then you should have a copy of the image with higher resolution and/or lower compression rate, right? That should be enough to prove which of the images is the stolen one. Intellectual property rights on the Internet is a mess, though, for several reasons. But even if you can't take legal actions, you might have better luck convincing an administrator to remove the content.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I am wondering about how to enable anonymous posting of question and answer in a OSQA website, like stackoverflow.com does. If OSQA does not support this feature yet, can you please give me a short brief on how can I implement a such feature like that?
Currently users, that are not authenticated cannot ask questions, post comments and answers. Actually the whole concept of Q&A community is based on user authorization. Just try to imagine a "community" where the one who asks is unknown (or call him a guest, if you like), and the ones who answer and comment are also unknown users.
Personally I don't think that the registration process is painful. Actually it's maximally simplified and users can get registered in less than a minute. Anyway, will be glad to hear how you think it can be improved.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 12 years ago.
Improve this question
I am very curious to find out how much money an e-commerce company is making.
Is there a way or ways to find this out (apart from techcrunch.com/) ?
Thanks
It is going to depend on if the company is public or private. Obviously with public companies, their earnings/profits are published each quarter. There are also many other metrics which show how well a public company is doing (ie. stocks, dividends). This information is available from a number of places. Private companies are a bit different, as they really don't need to tell you much. One can usually infer how well they are doing to a certain degree, however this has no guarantee of being accurate.
Disclaimer: I'm a developer, not an econ or business major :)
Not sure if this is a stackoverflow question but if they are publicly traded they have to submit forms to the sec and provide them to you upon request so you can go that route. If not then you might just be out of luck.