Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Okay, I am working on an admin panel right now, so I came across stumbling, kind of.
Form: http://pastebin.com/D8Dt6zP5
Processing Page: http://pastebin.com/FpXSziPM
Now, onto the problem, I just used 403 Forbidden header when the expected values weren't found in the $_GET, but, when thought for, it isn't really an action that requires login(not for this, ofcourse a user have to login to view the admin panel in the first place), it's more like an unexpected value input.
So I have gone and made a research, in the brief explanations of each, I elected these headers which might be suitable.
I refer from this, looking out by groups of each status code, this should belong in 4XX codes.
So going deeper, and I elect these two:
400 Bad Request: The request cannot be fulfilled due to bad syntax
417 Expectation Failed: The server cannot meet the requirements of the Expect request-header field
Now, I cannot be really sure which one to use, I have seen 400 Bad Request being used alot, however, whatI get from explanation is that the error is due to an unexistent request rather than an illegal input.
On the other side 417 Expectation Failed seems to just fit for my use, however, I have never seen or experimented this header status before.
As I side note, as of the explanation in Wikipedia for 403, I can see it's extremely wrong for this, like I thought, I should probably be using 401 for the views without login, and 403 for a logged user which doesn't have access to a certain area.
So I really need your opinions, thanks by now.
Regards, TheDeadLike.
I have found my answer; thanks for the interest.
You can see the answer here.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
First of all, this is obviously for learning porpoises only. Don't be afraid to answer.
So anyway, is there a way for a man to hack a computer logging in, for example, to a garry's mod server hosted on my PC?
If there is, I am very interested on how this is working. Explanations will be welcome.
In general terms, yes, it's possible. Game clients receive data from their servers, which they expect to be in a particular format. If the server is modified to send mis-formatted data, the result could easily be to trigger a buffer overflow or other exploitable bug in the client.
See for example http://threatpost.com/researchers-discover-dozens-of-gaming-client-and-server-vulnerabilities/100744
Not sure about your locale, but most countries have a similar law to the UK's Computer Misuse Act. Which pretty much means 'hacking back' is illegal.
If you want to learn about exploits, and how to use them ethically - www.google.com is the place to start, try looking for 'ethical hacking course'
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 8 years ago.
Improve this question
Not able to get more than 100 posts in single Rest API Call for the linkedin Company updates.
Is there anyway which we can get more than 100 updates.
https://developer.linkedin.com/reading-company-shares
The count parameter has a limit on the number of comments you can fetch in one call. Try setting this to a very high number, e.g. 500. If you still get 100 results, it means hundred is the maximum you can get. In that case, you need to play with the start parameter, but it won't be all in one API call.
So here is how it goes
start=0&count=100 - Fetches the first 100 results
start=100&count=100 - Fetches the second 100 results
This is impossible using one API call as you can see, but better than nothing.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have been asked to design a website for a client as a "side job". I am trying to write up a statement of work for the project. In the past, I have done similar work, and often run into a situation where I believe the work is "done", but the client wants endless tweaks and changes. (As you know, websites are perpetually "under construction").
When you have requirements such as "Design a Home page, design a Contact Us page" how you define a page as "done"?
Don't put anything live, until they accept your work is complete. This should be enough of an incentive for them not to string you along, and allows them to have the quality website they require.
Ask the client to set up a requirements specification for version 1. When you met the requirements contained in this document is your job completed. Everything else belongs to the next version.
In the same situations, I tell my client "you want A, B, C and D. OK, sign here, and we are agreed that the end of application is A-D. Now if you wanted something more in future, it is not a part of our contract, so we'll deal with that in future and of course it has it's own price." This way you make them think before signing and lot's of things become clearer, and lots of needs show up suddenly, but in future they'll either pay more for more needs or won't talk any more :)
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
There are some conventional issue status in almost issue tracker systems:
New, In Progress, Resolved, Feedback, Closed and Rejected.
New: A new issue to be resolved.
In progress: Someone is working on this issue.
Resolved: After resolving the issue, set the status to Resolved, close the issue after the verification (ex. Project manager).
Feedback: ???
Closed: The final status to every issues.
Rejected: ???
I want to know in what situation should I change the status of an issue into Feedback or Rejected?
I was not able to locate content of much value describing "Feedback." However, I could imagine an issue going into "Feedback" status either at some point before it is resolved, or once it is resolved. Pre-resolution, it could possibly indicate the person assigned to work on the issue is seeking clarification of the issue's description, or possibly the person who reported the issue has some afterthought whether implementation could cause some other aspect of the project to break and is looking for input to support or refute the concern. Post-resolution, "Feedback" may be to request a little bit of extra tuning before closing the issue, or perhaps to suggest the implementation is totally flawed! Generally, I would say think of the "Feedback" status as indicating some form of, well, feedback is going on in either direction between the reporter and the assignee.
In terms of "Rejected," I suppose situations where one would use it include closing a bug that turned out to not actually be a bug. Think of it as a way of closing an issue unresolved.
Resolved: is used when programmer fix issue and issue is going to CodeReview or testing.
Rejected: is used, when tester or code review fails and it's returned to programmer for fix problems.
Invalid: when bug is not valid (missing relevant parts, is not replicable, ...)
Feedback: can be reopened issue (IMHO, but not sure)
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
So we have an unsubscribe link - this is by it's nature an HTTP GET.
The appropriate RFC says this should be idempotent but to my mind the user expectation will be that they are clicking a link to take an action.
I've implemented this so that the link takes you to a page that has a big confirm button which then updates your subscription, confirms that and displays the final state of your account (we have more than one type of subscription)
But I wonder if it would not be a better UX if the person simply skipped the confirm button stage...
The answer to the question "Am I overthinking this?" is definitely yes but I wondered what people's views were on balancing the best practice of an idempotent GET with the best practice of not confounding user's expectations...
I'd say it doesn't matter what RFC2616 section 9.1.2 says, because you're already violating the much more important definition in seciton 9.1.1:
In particular, the convention has been established that the GET and
HEAD methods SHOULD NOT have the significance of taking an action
other than retrieval.
Imagine the effect of a web-crawler (e.g., Google) following all the links from one of your pages that contains this link. Do you really want that to cause an unsubscribe operation? That would certainly be a bad user experience!
Idempotent means, in this context, that no matter how many times you click on the link it will do the same thing, i.e. unsubscribe you. There have been some solutions that will resubscribe you if you return, a kind of flip-flop approach, i.e. non-idempotent. Whether you implement this as an immediate unsubscribe (my preferred approach as a user who's motivated enough to click the link is sure that's what they want to do) or a page with a confirm is up to you. Just make sure that no matter how many times a user clicks your link and completes the process that they are, at the end of it, still unsubscribed from your list.
The interesting question is not whether it's idempotent, but whether it's safe. It is not, thus a simple GET (which, for instance, might be prefetched), is wrong.