verification

Part of my site's application process is that a user must prove ownership of a website. I quickly threw together some code but until now didn't realize that there could be some vulnerabilities with it. Something like this: $generatedCode="9s8dfOJDFOIesdsa"; $url="http://anyDomainGivenByUser.com/verification.txt"; if(file_get_contents($url)==$generatedCode){ //verification complete! } Is there any threat to having a user-provided url for file_get_contents()? Edit: The code above is just an example. The generatedCode is obviously a bit more elaborate but still just a string. Yes, this could

I'm trying to write a heavily email-based application in the Python SDK of Google App Engine. I've noticed that Google allows you to receive email via its API , and that it easily gives you access to the standard fields like From, To, Body, etc. However, if I'm trying to verify that an email address came from who it said it came from (kind of in the way that Posterous does it for you), how can I? I don't have access to any of the email headers, so I can't check the MX record of the sending server's IP address or anything fancy like that. Any ideas? Actually, while not well documented, the

I have done the sim/mobile number verification (same like Whats APP) part in my app. something like: Send Message Part: SmsManager sm = SmsManager.getDefault(); sm.sendTextMessage(mobileNumber, null, "Welcome", null, null); Check the message received by the same/current device through BroadcastReceiver: private class SMSReceiver extends BroadcastReceiver{ @Override public void onReceive(Context context, Intent intent) { if(intent.getAction() != null && intent.getAction().equals("android.provider.Telephony.SMS_RECEIVED")){ Bundle extras = intent.getExtras(); if (extras == null){ _submit.setText

I'm looking at doing some verification work where I've got regular tree grammars as an underlying theory. Z3 lets you define your own stuff with uninterpreted functions, but that doesn't tend to work well any time your decision procedures are recursive. They used to allow for plugins but that has been depricated, I think. I'm wondering, does anybody have a recommendation of a decent SMT solver that allows you to write decision procedures for custom theories? There are several options given that most reasonable SMT solvers are open source you can integrate theory solvers in any detail depending

I recently changed my username on github (so that everything redirects to a new URL on my username) I got this error through a cmd line git push You must verify your email address Fatal: The request URL returned error: 403 However, github wouldn't let me resend email verification under account > settings I also did the following, per githubs guidelines on username change git remote set-url origin https://github.com/myNewUserName/repo-name on all my new repos. Then I ensured I had the emails set correctly on my .git/config file git config --global user.email "myGithubEmail@gmail.com" Still

I have a website where users can upload their files; these are stored on the server and their metadata recorded in a database. I'm implementing some simple integrity checks, i.e. "is the content of this file now byte-for-byte identical as when it was uploaded?" An example: for content of userfile.jpg , MD5 hash is 39f9031a154dc7ba105eb4f76f1a0fd4 and SHA-1 hash is 878d8d667721e356bf6646bd2ec21fff50cdd4a9 . If this file's content changes, but has the same MD5 hash before and after, is it probable that the SHA-1 hash will also stay the same? (With hashing, sometimes you can get a hash collision

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 7 years ago . My recollection from a past employer is that they distinguished between the two as follows: Validation is the process of checking that the data is appropriate in a very basic sense; for example that data in a date field can be converted