I have been working with XPages searches for a long time. It has been a while since I have worked with XPages and I was almost happy to get my hands on it again. I had to create a search feature that would help my clients perform a decent search.
Since they were ok with performing an FTIndex on the application, XPage searches was a nice option that occured to me.
To my frustration, proving that I got a little rusty with XPages, it took me 4 hours to get this search feature complete. I was bombarded with errors and for some reason, my search was not working the way I expected it to work.
Following are the summary of the issues that took me time to identify and fix
#1. Enable "Display Xpage runtime error page" in the XPages tab in "Application Properties". Else you would end up debugging for a long time
#2. My XPage's view control lost its data source referance and was showing a 'red X' in the application navigator which I missed to notice oweing to large number of design elements.
#3. Check source code pane, now and then to find if there are any errors being displayed. It will exist there with out any warning and you would not notice it on the design pane of the XPage
#4. Enable FTIndex inorder to work with the native search feature available with XPages
#5. Be warned, in case of clustered server, were replicas of databases from multiple servers are used to render a webpage. Because, FTIndex dont ret replicated. They need to be enabled and updated across replicas separately.
My search worked like charm after I rediscovered all of these items again :(
Thursday, April 25, 2013
Wednesday, April 24, 2013
StartKey in View Url
I was working with StartKey argument in a view's url to help enable a search feature.
It was a headache. For some reason my startKey argrment was completely ignored by the browser.
EOD I found the following,
1. The first column in the view should show only simple text values. Date values with "/"s and other values with special characters are a head ache.
2. This wont work properly with views containing their first column as a hidden column
3. Your first column must be sorted for this argument to work.
I am not sure whether all of these are true or not. But its my understanding as per my experimentations so far.
It was a headache. For some reason my startKey argrment was completely ignored by the browser.
EOD I found the following,
1. The first column in the view should show only simple text values. Date values with "/"s and other values with special characters are a head ache.
2. This wont work properly with views containing their first column as a hidden column
3. Your first column must be sorted for this argument to work.
I am not sure whether all of these are true or not. But its my understanding as per my experimentations so far.
Friday, March 8, 2013
A nice data recovery/undelete software - RECUVA
I recently got into a scenario, which had cost me my data archives containing data for almost a couple of years now. The exitement was great and this happened at a really very good time. Some one from holland and another one from Phillipenes where going to give me hollaphino problems and this happened just to same my sorry face. :)
And to add to my luck I knew a few really good administrators who helped me a lot speaking about policy and **** that denies permissions for them to help me for an other 48 hours. And to add to my luck.... ok I guess you woud have already admitted to the fact that I am a really happy corporate fellow by now.
All this good life and sweet mares went away when I had to find "Recuva" and download it.
Are these guys crazy. They helped me find a file which I lot a couple of days ago. How dare they over take my admin guys. My admin guys are now wary cos of this and what to beat the **** of this one. What can a silly fellow like me do to save it. I had to give them a copy of this software.
My point is download the tool in the following website and see it for your self. :) It really works and it is free
http://www.piriform.com/recuva//download/standard
And to add to my luck I knew a few really good administrators who helped me a lot speaking about policy and **** that denies permissions for them to help me for an other 48 hours. And to add to my luck.... ok I guess you woud have already admitted to the fact that I am a really happy corporate fellow by now.
All this good life and sweet mares went away when I had to find "Recuva" and download it.
Are these guys crazy. They helped me find a file which I lot a couple of days ago. How dare they over take my admin guys. My admin guys are now wary cos of this and what to beat the **** of this one. What can a silly fellow like me do to save it. I had to give them a copy of this software.
My point is download the tool in the following website and see it for your self. :) It really works and it is free
http://www.piriform.com/recuva//download/standard
Saturday, February 9, 2013
Change native lotus notes database display format - view index on top and view in bottom
Every Lotus Notes Professional would be aware of the way lotus domino databases would be displayed on the notes client if no custom framet has been configured, It would be something like the following.
I just messed up the view names for personal reasons. So I think I make sense here. View index would be on the left margin and the view being displayed or selected will be displayed ont the right margin.
But did you ever know that we have an option to change that to the following silly format :)
Believe me I did not take two different screen shots and place them together. This is a screen shot as it is from the notes client. Yes view index is on top and the view being displayed or selected will be displayed in the bottom pane like a preview pane and yes you can have a separate preview pane for the view as well.
Its just that your display will be messed up and will be ackward. I sont recollect a scenario where this would be of advantage as far as lotus notes client applications are concerned. Atleast, I now know that I have such an option and can do it. May be I would use it to statle someone in the future hi hi :)
Yes I dream a lot :)
By the way, as far as I know you need to use the following @commands to get this done.
@Command([ViewBelowFolders])
and to get the display back to normal, you can use the following command
@Command([ViewBesideFolders])
But did you ever know that we have an option to change that to the following silly format :)
Its just that your display will be messed up and will be ackward. I sont recollect a scenario where this would be of advantage as far as lotus notes client applications are concerned. Atleast, I now know that I have such an option and can do it. May be I would use it to statle someone in the future hi hi :)
Yes I dream a lot :)
By the way, as far as I know you need to use the following @commands to get this done.
@Command([ViewBelowFolders])
and to get the display back to normal, you can use the following command
@Command([ViewBesideFolders])
Thursday, January 31, 2013
Fixed header for a html page
I was recently working with an application in which users requested for a fixed header that would not move with the web page as its users scroll left or right.
I went through a bunch of options to do it and every attempt I have made in the past with similar requests were kind of close and I had to include the usage of either quick javascrit functions that runs with a specified interval or I had to use the tag named "<!doctype>" and end up screwing my happiness with thanks to the different versions of the beautiful internet explorer.
I dont remember where I got the following stuff, but I really though that using "expression" with css is a no brainer. I also remember words from certain geeks advicing not to rely on them.
May be I dont understand the geeks yet, cos this 'expression' stuff with css seems to be good. Following is what I am taking about
<div style="left: 0px; left: expression(eval(document.body.scrollLeft)); position: fixed; top: 0px; top: expression(eval(document.body.scrollTop));">
My header contents </div>
I never knew that I had to use expression with eval of something. kriss... Thats some trick that I got to know better and remember. After all it makes life easier. Plus, this still has a few issues with the great internet explorer.Advanced users will eventually never use IE so better find a different browser to always work with.
On top of it, this code, I mean the usage of Expression keyword with Eval keyword is a trouble that you have to go through for IE alone. Because, "position:fixed" alone would do the work in Firefox and Chrome.
I went through a bunch of options to do it and every attempt I have made in the past with similar requests were kind of close and I had to include the usage of either quick javascrit functions that runs with a specified interval or I had to use the tag named "<!doctype>" and end up screwing my happiness with thanks to the different versions of the beautiful internet explorer.
I dont remember where I got the following stuff, but I really though that using "expression" with css is a no brainer. I also remember words from certain geeks advicing not to rely on them.
May be I dont understand the geeks yet, cos this 'expression' stuff with css seems to be good. Following is what I am taking about
<div style="left: 0px; left: expression(eval(document.body.scrollLeft)); position: fixed; top: 0px; top: expression(eval(document.body.scrollTop));">
My header contents </div>
I never knew that I had to use expression with eval of something. kriss... Thats some trick that I got to know better and remember. After all it makes life easier. Plus, this still has a few issues with the great internet explorer.Advanced users will eventually never use IE so better find a different browser to always work with.
On top of it, this code, I mean the usage of Expression keyword with Eval keyword is a trouble that you have to go through for IE alone. Because, "position:fixed" alone would do the work in Firefox and Chrome.
Thursday, January 17, 2013
List all ODBC Connections mapped with Lotus Notes using Lotusscript
A while ago I was given a very nice job of finding why a lotus script agent was not able to communicate with a DB2 server. And the nice stupid part about that is I never had acess to even view the log files of the server where the issue occurs. It was kind of frustrating for a while to understand/find the source of the issue with virtually no resources. It was that I was thinking about the most basic of the scenarios like, network problems, lan cable issues etc etc,
So eventually I just wanted to know if there is a way to list down the kind of connections that are prevalent with a lotus domino server and ended up discovering the following. Again I just discovered if for myself. It was always able on the innernet some how of the other.:)
The following code gives you a message box with something like,
"The usable connections are file, notes, odbc2, oledb"
Atleast this is what I got. Evidently db2 was missing in the list for me and hurray, administrators found it at last that db2 was not mapped properly with the lotusdomino servers after looking at the proof . What ever that means. :P
Dim session As New LCSession
Dim conName As String
Dim text_str As String
' list the connectors available
' the parameters for connector code, identity flags, and
' identity names are optional and omitted in this example
Call session.ListConnector(LCLIST_FIRST, conName)
text_str = conName
While session.ListConnector(LCLIST_NEXT, conName)
text_str = text_str + ", " + conName
Wend
Msgbox "The usable Connectors are " & text_str
So eventually I just wanted to know if there is a way to list down the kind of connections that are prevalent with a lotus domino server and ended up discovering the following. Again I just discovered if for myself. It was always able on the innernet some how of the other.:)
The following code gives you a message box with something like,
"The usable connections are file, notes, odbc2, oledb"
Atleast this is what I got. Evidently db2 was missing in the list for me and hurray, administrators found it at last that db2 was not mapped properly with the lotusdomino servers after looking at the proof . What ever that means. :P
Dim session As New LCSession
Dim conName As String
Dim text_str As String
' list the connectors available
' the parameters for connector code, identity flags, and
' identity names are optional and omitted in this example
Call session.ListConnector(LCLIST_FIRST, conName)
text_str = conName
While session.ListConnector(LCLIST_NEXT, conName)
text_str = text_str + ", " + conName
Wend
Msgbox "The usable Connectors are " & text_str
Thursday, January 3, 2013
Formula inMemory note - Web Hack
When researching about the _doClick related concepts, I found a hack that might possibly be a serializaied representation of the memory segment where a formula command will be stored in a server.
This sounds funny and frightening to me - "Yin and Yang" concept, if I am not wrong.
Well as usual try the following ridiculous stuff and tell me that I am not crazy.
1. Create/open a form in Lotus Notes
2. Create a button and put some formula code inside it as illustrated in the following screen shot.
3. Now navigate to the HTML tab of the button properties dialog and simply add "<>" in the 'Other' field as illustrated in the previous screen shot .
4. Now preview the form in browser and you will be able to see some thing like this
Discussion points in few forums say that these numbers are memory segment representation sort of stuffs in the server with the domino uses via "_click" field in post data or a &click argument in a url to trigger and execute these formula commands.
Man this stuff is crazy.
This sounds funny and frightening to me - "Yin and Yang" concept, if I am not wrong.
Well as usual try the following ridiculous stuff and tell me that I am not crazy.
1. Create/open a form in Lotus Notes
2. Create a button and put some formula code inside it as illustrated in the following screen shot.
4. Now preview the form in browser and you will be able to see some thing like this
Man this stuff is crazy.
_doClick in Lotus Notes - A javascript refresh trigger other than window.reload
This was a strange stuff that I have never encountered before. This is a nice stuff that one can use to screw your lotus domino based web pages with as well. Hope there are not too many hackers around.
I stumbled upon this when I had to avoid a page refresh that was triggered due to selection of the property named "Refresh fields on keyword change" for a combobox field type in the lotus notes form.
It was like there were no ways to impose a partial refresh of web page segments like the ones available with XPages. Eventually search for a desparate hack went in vain but I was able to discover the existence of this particular hack.
Hope this helps some one though I did not have any use for the same. Following is what I am speaking about.
1. Create a form. Include a dropdown "combo" field in it. Give it some options and select the property "Refresh fields on keyword change".
2. The property selection I am speaking about is illustrated as follows
5. Now preview the form on the web. Nothing big right. You see 2 simple fields just as expected
6. And if you change a value in the dropdown, you page will be refreshed because of the associated option "Refresh fields on keyword change". So eventually, you will be able to see a new time that is computed and displayed on the webpage
7. Now go back to the designer and uncheck the option "Refresh fields on keyword change" in your combobox properties window
8. And add the following code in the onchange event of the dropdown box.
_doClick('$Refresh', this, '_self', '#_RefreshKW',"myDropDown")
9. Now save and preview your webpage again and try changing the values in the dropdown again. You will be able to recognize that the page behaves in a simialr way and it is no different from the property selection on the dropdown field.
10. Interesting right.
Now my worry is I guess, I will be able to perform a few hacks with this. So more to think about when developing webpages in future :(
Hope this helps :)
I stumbled upon this when I had to avoid a page refresh that was triggered due to selection of the property named "Refresh fields on keyword change" for a combobox field type in the lotus notes form.
It was like there were no ways to impose a partial refresh of web page segments like the ones available with XPages. Eventually search for a desparate hack went in vain but I was able to discover the existence of this particular hack.
Hope this helps some one though I did not have any use for the same. Following is what I am speaking about.
1. Create a form. Include a dropdown "combo" field in it. Give it some options and select the property "Refresh fields on keyword change".
2. The property selection I am speaking about is illustrated as follows
3. Put a date time field near by the combo box and ensure that it displays time upto seconds at any point of its display
_doClick('$Refresh', this, '_self', '#_RefreshKW',"myDropDown")
9. Now save and preview your webpage again and try changing the values in the dropdown again. You will be able to recognize that the page behaves in a simialr way and it is no different from the property selection on the dropdown field.
10. Interesting right.
Now my worry is I guess, I will be able to perform a few hacks with this. So more to think about when developing webpages in future :(
Hope this helps :)
Thursday, November 22, 2012
A list of Mime Types
Following is a list of mime types of most used file types. I wish I had found this earlier
Hope this helps :)
| Extension | Mime Types | File Types |
| Audio formats | ||
| .snd | audio/basic | Sun/NeXT audio format |
| .au | audio/basic | Sun/NeXT audio format |
| .aiff | audio/x-aiff | Apple audio format |
| .aifc | audio/x-aiff | Apple audio format |
| .aif | audio/x-aiff | Apple audio format |
| .wav | audio/x-wav | Windows WAV format |
| .mid | audio/mid | Windows MIDI format |
| .rmi | audio/mid | Windows MIDI format |
| Image formats | ||
| .bmp | image/bmp | Windows bitmap format |
| .gif | image/gif | GIF |
| .ief | image/ief | Image Exchange format |
| .jpg | image/jpeg | JPEG |
| .jpe | image/jpeg | JPEG |
| .jpeg | image/jpeg | JPEG |
| .tif | image/tiff | TIFF |
| .tiff | image/tiff | TIFF |
| .ras | image/cmu-raster | CMU raster format |
| .png | image/png | PNG |
| .pnm | image/x-portable-anymap | PBM Anymap format |
| .pbm | image/x-portable-bitmap | PBM Pixmap format |
| .pgm | image/x-portable-graymap | PBM Graymap format |
| .ppm | image/x-portable-pixmap | PBM Pixmap format |
| .rgb | image/x-rgb | RGB format |
| .xbm | image/x-xbitmap | 7bit-X bitmap |
| .xpm | image/x-xpixmap | X pixmap format |
| .xwd | image/x-xwindowdump | X window dump (xwd) |
| .cmx | image/x-cmx | Corel CMX format |
| .ico | image/x-icon | X-Icon format |
| Video formats | ||
| .mpg | video/mpeg | MPEG |
| .mpe | video/mpeg | MPEG |
| .mpeg | video/mpeg | MPEG |
| .qt | video/quicktime | QuickTime |
| .mov | video/quicktime | QuickTime |
| .avi | video/avi | MS Video for Windows |
| .movie | video/x-sgi-movie | SGImovieplayer |
| .asf | video/x-ms-asf | MS Active streaming format |
| .asx | video/x-ms-asf | MS Active streaming format |
| .vdo | video/x-vdolive | VDOLive script |
| Message formats | ||
| .eml | message/rfc822 | Outlook Mail Message |
| .mht | message/rfc822 | Mail Message |
| .mhtml | message/rfc822 | Mail Message |
| Text formats | ||
| .html | text/html | 8bit-HTML |
| .htm | text/html | 8bit-HTML variant |
| .htmls | text/html | 8bit-HTML w/ Server-side includes |
| .shtml | text/html | 8bit-HTML w/ Server-side includes |
| .css | text/css | 8bit-Cascading Style Sheet |
| .xml | text/xml | 8bit-XML |
| .htc | text/x-component | 8bit-HTML component |
| .c | text/plain | 7bit-C source |
| .h | text/plain | 7bit-C headers |
| .cc | text/plain | 7bit-C++ source |
| .cpp | text/plain | 7bit-C++ source |
| .cxx | text/plain | 7bit-C++ source |
| .hh | text/plain | 7bit-C++ headers |
| .hxx | text/plain | 7bit-C++ headers |
| .m | text/plain | 7bit-Objective-C source |
| .f90 | text/plain | 7bit-Fortran 90 source |
| .txt | text/plain | 7bit-Plain text |
| .rtx | text/richtext | 7bit-MIME Richtext format |
| .tsv | text/tab-separated-values | 7bit-Tab-separated values |
| .etx | text/x-setext | 7bit-Structure Enhanced Text |
| .for | text/plain | 7bit-Fortran |
| .mar | text/plain | 7bit-MACRO |
| .log | text/plain | 7bit-logfiles9 |
| .com | text/plain | 7bit-scripts |
| .sdml | text/plain | 7bit-SDML |
| .list | text/plain | 7bit-listfiles |
| .lst | text/plain | 7bit-listfiles |
| .def | text/plain | 7bit-definition files |
| .conf | text/plain | 7bit-definition files |
| .cnf | text/plain | 7bit-definition files |
| .vcf | text/x-vcard | 7bit-VCard |
| .manifest | text/cache-manifest | 7bit-manifest file |
| Compressed file formats | ||
| .gz | application/x-gzip | GNU Zip |
| .zip | application/x-zip | PKZIP |
| .tar | application/x-tar | 4.3BSD tar |
| .ustar | application/x-ustar | POSIX tar |
| Lotus application formats | ||
| .123 | application/vnd.lotus-1-2-3 | Lotus 1-2-3 97 |
| .wk4 | application/vnd.lotus-1-2-3 | Lotus 1-2-3 97 |
| .wk3 | application/vnd.lotus-1-2-3 | Lotus 1-2-3 97 |
| .wk1 | application/vnd.lotus-1-2-3 | Lotus 1-2-3 97 |
| .wks | application/vnd.lotus-1-2-3 | Lotus 1-2-3 97 |
| .scm | application/vnd.lotus-screencam | Lotus ScreenCam Movie |
| .lwp | application/vnd.lotus-wordpro | Lotus Freelance 97 |
| .sam | application/vnd.lotus-wordpro | Lotus Freelance 97 |
| .prz | application/vnd.lotus-freelance | Lotus Freelance 97 |
| .pre | application/vnd.lotus-freelance | Lotus Freelance 97 |
| .imp | application/vnd.lotus-improv | Lotus Improv |
| .odt | application/vnd.oasis.opendocument.text | Lotus Symphony OpenDocument Text |
| .odp | application/vnd.oasis.opendocument.presentation | Lotus Symphony OpenDocument Presentation |
| .ods | application/vnd.oasis.opendocument.spreadsheet | Lotus Symphony Opendocument Spreadsheet |
| Microsoft application formats | ||
| .doc | application/msword | Microsoft Word |
| .dot | application/msword | Microsoft Word |
| .docx | application/vnd.openxmlformats-officedocument.wordprocessingml.document | |
| .dotx | application/vnd.openxmlformats-officedocument.wordprocessingml.template | |
| .docm | application/vnd.ms-word.document.macroEnabled.12 | |
| .dotm | application/vnd.ms-word.template.macroEnabled.12 | |
| .pub | application/x-mspublisher | Microsoft Publisher |
| .mpp | application/vnd.ms-project | Microsoft Project |
| .pot | application/vnd.ms-powerpoint | Microsoft Powerpoint |
| .ppt | application/vnd.ms-powerpoint | Microsoft Powerpoint |
| .pps | application/vnd.ms-powerpoint | Microsoft Powerpoint |
| .ppa | application/vnd.ms-powerpoint | |
| .pptx | application/vnd.openxmlformats-officedocument.presentationml.presentation | |
| .potx | application/vnd.openxmlformats-officedocument.presentationml.template | |
| .ppsx | application/vnd.openxmlformats-officedocument.presentationml.slideshow | |
| .ppam | application/vnd.ms-powerpoint.addin.macroEnabled.12 | |
| .pptm | application/vnd.ms-powerpoint.presentation.macroEnabled.12 | |
| .potm | application/vnd.ms-powerpoint.presentation.macroEnabled.12 | |
| .ppsm | application/vnd.ms-powerpoint.slideshow.macroEnabled.12 | |
| .scd | application/vnd.ms-schedule | Microsoft Schedule |
| .wcm | application/vnd.ms-works | Microsoft Works |
| .wdb | application/vnd.ms-works | Microsoft Works |
| .wps | application/vnd.ms-works | Microsoft Works |
| .wri | application/x-mswrite | Microsoft Write |
| .xla | application/vnd.ms-excel | Microsoft Excel |
| .xlc | application/vnd.ms-excel | Microsoft Excel |
| .xlm | application/vnd.ms-excel | Microsoft Excel |
| .xls | application/vnd.ms-excel | Microsoft Excel |
| .xlt | application/vnd.ms-excel | Microsoft Excel |
| .xlw | application/vnd.ms-excel | Microsoft Excel |
| .xlsx | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet | |
| .xltx | application/vnd.openxmlformats-officedocument.spreadsheetml.template | |
| .xlsm | application/vnd.ms-excel.sheet.macroEnabled.12 | |
| .xltm | application/vnd.ms-excel.template.macroEnabled.12 | |
| .xlam | application/vnd.ms-excel.addin.macroEnabled.12 | |
| .xlsb | application/vnd.ms-excel.sheet.binary.macroEnabled.12 | |
| Macromedia formats | ||
| .dcr | application/x-director | Shockwave for Director |
| .dir | application/x-director | Shockwave for Director |
| .dxr | application/x-director | Shockwave for Director |
| .swf | application/x-shockwave-flash | Shockwave Flash |
| .spl | application/futuresplash | Future Splash Animator |
| RealAudio formats | ||
| .rm | application/vnd.rn-realmedia | RealPlayer |
| .rpm | audio/x-pn-realaudio-plugin | RealAudio plug-in |
| .ra | audio/x-pn-realaudio | RealPlayer |
| .ram | audio/x-pn-realaudio | RealPlayer |
| .rv | video/vnd.rn-realvideo | RealPlayer |
| VRML formats | ||
| .wrl | x-world/x-vrml | VRML |
| .wrz | x-world/x-vrml | VRML |
| .xaf | x-world/x-vrml | VRML |
| .xof | x-world/x-vrml | VRML |
| Other application formats | ||
| .cdf | application/x-cdf | Channel file |
| .323 | application/h323 | H.323 Internet Telephony |
| .js | application/x-javascript | JavaScript |
| .class | application/octet-stream | Java class file |
| .bin | application/octet-stream | Uninterpreted binary |
| .wp5 | application/wordperfect5.1 | WordPerfect |
| .oda | application/oda | Open Document Architecture |
| application/pdf | Adobe Acrobat | |
| .ai | application/postscript | 8bit-Adobe Illustrator |
| .eps | application/postscript | 8bit-Encapulated PostScript |
| .ps | application/postscript | 8bit-PostScript |
| .rtf | application/x-rtf | 7bit-RTF |
| .csh | application/x-csh | 7bit-C-shell script |
| .dvi | application/x-dvi | TeX DVI |
| .hdf | application/x-hdf | NCSA HDF data file |
| .latex | application/x-latex | 8bit-LaTeX source |
| .nc | application/x-netcdf | Unidata netCDF data |
| .sh | application/x-sh | 7bit-Shell-script |
| .tcl | application/x-tcl | 7bit-TCL-script |
| .tex | application/x-tex | 8bit-TeX source |
| .texi | application/x-texinfo | 7bit-Texinfo |
| .texinfo | application/x-texinfo | 7bit-Texinfo |
| .t | application/x-troff | 7bit-Troff |
| .roff | application/x-troff | 7bit-Troff |
| .tr | application/x-troff | 7bit-Troff |
| .man | application/x-troff-man | 7bit-Troff with man macros |
| .me | application/x-troff-me | 7bit-Troff with me macros |
| .ms | application/x-troff-ms | 7bit-Troff with ms macros |
| .src | application/x-wais-source7bit | WAIS source |
| .bcpio | application/x-bcpio | Old binary CPIO |
| .cpio | application/x-cpio | POSIX CPIO |
| .gtar | application/x-gtar | Gnu tar |
| .shar | application/x-shar | 8bit-Shell archive |
| .sv4cpio | application/x-sv4cpio | SVR4 CPIO |
| .sv4crc | application/x-sv4crc | SVR4 CPIO with CRC |
| .ice | x-conference/x-cooltalk | Cooltalk |
| .rrf | application/x-InstallFromWeb | InstallFromTheWeb |
| .wis | application/x-InstallFromWeb | InstallFromTheWeb plug-in |
| .jnlp | application/x-java-jnlp-file | Java Web Start |
| .crl | application/pkix-crl | Certificate Revocation List |
XSS - Possible measures
I understand that there are some tools like Nessus and Nikto that would help detect such attacks. I have no idea about them though. Just came across these stuffs and hence though of sharing the same.
Following is a shame less copy and paste. Again just wanted to share what I read.
Following is a shame less copy and paste. Again just wanted to share what I read.
How to Protect Yourself
The primary defenses against XSS are described in the OWASP XSS Prevention Cheat Sheet.
Also, it's crucial that you turn off HTTP TRACE support on all webservers. An attacker can steal cookie data via Javascript even when document.cookie is disabled or not supported on the client. This attack is mounted when a user posts a malicious script to a forum so when another user clicks the link, an asynchronous HTTP Trace call is triggered which collects the user's cookie information from the server, and then sends it over to another malicious server that collects the cookie information so the attacker can mount a session hijack attack. This is easily mitigated by removing support for HTTP TRACE on all webservers.
The OWASP ESAPI project has produced a set of reusable security components in several languages, including validation and escaping routines to prevent parameter tampering and the injection of XSS attacks. In addition, the OWASP WebGoat Project training application has lessons on Cross-Site Scripting and data encoding.
And I guess you can get more ideas on the possible ways by which you can be exploited in http://ha.ckers.org/xss.html.
Hope this helps :)
Subscribe to:
Posts (Atom)