I have a question. Why are your rate1 to rate4 the same numbers as I see in a 2010 discussion at
https://www.dreamincode.net/forums/topic/196758-java-shipping-program/ ?

It would be incredibly coincidental if these were the same. If you are seeking homework help, just say so and share where we can find the assignment and remember that no one will write your homework for you. But you can get help on errors and more.

Any thought about using the while statement?


There appears to be missing code or steps in your post. Read https://docs.microsoft.com/en-us/sql/ssms/visual-db-tools/create-union-queries-visual-database-tools?view=sql-server-2017 for an example of the UNION but you may need to redo your query (I don't see that here) to use the UNION ALL as the error calls out.

bckelley commented: since this is the only place I can comment! [customerName] is a string from the database i.e. George, Fred, Alice whatever, that was a placeholder +0

Here's the exploit. Let's say you make FOSS of say Opera.

Evil person now takes that and makes an version that keylogs and sends files from the system to some other place.
Evil persons make fake web sites claiming we have the real Opera for download or "version 65 - Newest out today!"

Oh wait, that is exactly what is happening out there.

I feel this is far off topic but it's a real problem out there.

With py files being text what stops me from editing the app and showing what these variables are?

This is why I thought you could compile, and maybe do work in hiding the variables, XOR, and more with Pyarmor.

If you give up the source, where is this secure?

"Bamboozled again."

At some point the code has to exist somewhere. Let's say you distribute your .pyc files for others to run, they decompile, add prints and more?

  1. Security is an illusion?
  2. Now to fix this, make a a software as a service? (SAAS!)

As a test, take your .pyc and decompile it to see if your work at hiding the value is exposed with a decompiler.


This is why, if there is a secret number or string we can't just assign it to anything directly.

IOW, I don't know how deeply you think about all this but variables with secrets are dangerous as they live for a time where as something transitory will be short lived and not in long term memory. I'm a season microprocessor user (think embedded micros) so back to thinking about how to keep the secrets from being used for a variable directly is one thing then another is if said secret is used to make a system API call which can be exposed with most debuggers.

This rabbit hole goes deep.

While you are not looking for obfuscation, it's still possible to get at those values as noted in my last link using the tools and inspections they note.

I'm reminded of this old saying. "Any code devised by humans can be decoded by humans." So if you are looking for value security then you never place the final value in a single variable. Use as much security as you see fit for the task.

In parting I'm reminded again of where there was a secret value but the programmer passed it from a web service and they picked it off with a packet sniffer. This was one determined attacker so about all they could have done was to make it a few steps harder by adding some XOR or encryption to the value so it never lives in a variable. Also, Python and the security level you appear to want is something you'll have to work at. I also would take bet few consider this a bug.

I think a lot of what you are noting is indirectly covered at https://wiki.python.org/moin/Asking%20for%20Help/How%20do%20you%20protect%20Python%20source%20code%3F

You have to read nearly to the bottom where it writes about Pyarmor and:

  • Encrypt code object by DES to protect constants and literal strings.
  • Obfuscate byte code of each code object when code object completed execution.
  • Clear f_locals of frame as soon as code object completed execution.

So backing up all the way to the top and running at this again, old Python does not secure your internal constants, literal strings and more. It's not what Python does so you have to think of ways such as that XOR use or other ways if you want to obfuscate secrets in Python or for that matter almost all other languages.

Out on a walk I recall something we did long ago to hide values that were at the time IN PLAIN SIGHT if you looked at the compiled code.

Let's say the secret number was coded like:

secret_number = 12345; // Hey that's my luggage combination too.

Since we had to distribute the compiled exe we would then do another operation on the variable so it wasn't so easy to pick off.

answer = value * (secret_number xor magic); // Not terrible secure but better.

Since Python is usually some plain text file, if the server was compromised then all secrets are laid bare but at least we have no real exposure of internal variables and constants from say Python scripts that run on the server and the client that is getting the output in their web browser.

Then again we could broach SQL injection which by now you know how to mitigate.

I'm going to stay on the topic of access of privates inside our app. You did expand your questions to what may be web security and more.

Since your code is in Python and that is not on the client but the web server then the client can't access most of the variables and classes in your Python code.

As to all the NEW issues you bring up in your reply, well, that needs its own discussion.

As a primer I refreshed my view on privates at https://en.wikipedia.org/wiki/Law_of_Demeter

As to insta. at some point during debugging and more you will need access to all things. I don't consider this to be a big deal.

I'll avoid supplying the answer since you must code it yourself or I'd be doing your homework.

I take it you want to decrement by 2. SO... THINK about.

--i means i-=1; return i

So to decrement by 2, change the 1 to 2.

Please supply exactly what is broken. Error messages along with what you expected to happen.

I get the feeling you expected this to help your SEO or rank but from what I know, this feature is not about that.

-> Write more. Tell the forum what you felt should happen.

xenexmedia commented: If you see the results as the attached links so you will find out what I am trying to say. Please visit the attached links of images. +0

A few steps. First check your DANIWEB settings about emails. Once that is done you automatically get email when you create a new discussion or reply to an existing discussion.

To get a notification without posting a reply, click the Watch Topic icon.


PS. Adding note. This only gives you notifications of new replies to a topic that is open. To monitor for new discussions, you have to craft such with ideas from Dani.

To me it should appear to hang on line 57. Why? "The accept method waits until a client starts up and requests a connection on the host" is right out of the documentation. This app will sit there, waiting.

After decades of software development I start where I can. Agile seems to toss out the old ways of writing your software design specifications and more. You iterate and move to your goal without the docs. I have yet to see this when money is involved. They want docs, presentations before code.

While you would need an attorney to weigh in I think https://github.com/PhilJay/MPAndroidChart/blob/master/LICENSE covers the licensed use very well as it looks to be the bog standard Apache 2.0 license.

Lines 123 to 128 are interesting as it may impact what you write in your own license agreement. Remember that I did not read all 201 lines but you should.

PS. As to your top question I could spend a day going over that question but given no one can code it all, you should use code and content so you can build your apps. Imagine trying to start over from say a single board computer, assembly language to OS to apps written all by you. While I applaud such efforts, at some point we have to move beyond "I wrote every line of code."

Which is why we use conversion functions like https://www.w3schools.com/python/ref_func_int.asp

Did you notice you are not comparing numbers? Read https://www.google.com/search?q=python+single+quote+use&gl=US

Thanks Grant. I entered in the root and toor username+password and it seems to work.

In your top post you wrote "some trouble" but here it worked so you'll have to detail how to break it.

So I took the next step and put your 67 lines of code into https://repl.it/languages/python3 and it didn't get past line 1.

As such I can't see what you are seeing and must wait for some valid code.

These are examples of the bad methods you used to see in school. There are many articles about passwords today so I can't guess if this will be exposed to the world or not.

What I want you to understand is this is OK for a prototype but never to be released or used as a learning tool about user and password systems. Just last week another breach in a Smarthome system where they didn't salt the user and password database.

The Orvibo incident went one step further when it comes to diluting the security value of MD5 hashing: the passwords and reset codes were hashed but not salted. By adding a unique value, or salt, to the end of every password before hashing you produce a different hash value. This additional security layer is vital if you want to protect against a brute force attack that tries every known alphanumeric combination until the password is revealed.

No code yet here but let's hope there is no password in the clear stored in your database. That was taught in classrooms for years (decades?) and has proven to be at the root of a lot of data leaks.

If one were to hold an open ended W10 discussion, it would never end. While you should ask questions, place each in its own discussion so they can be addressed. If you add a question in the middle or end, folk won't find it and you may never get an answer.

@cambalinho. Sorry but I don't see what Windows Defender has to do with your issues to this point. If you are trying to squeeze in a NEW QUESTION then you should start a NEW DISCUSSION.


Let's say you install a working driver but W10 replaces it. For this PC you need to disable W10's Automatic Driver Update system.

I do not write how as it's best you pick the article you like for that from https://www.google.com/search?q=disable+W10%27s+Automatic+Driver+Update+system&gl=US

I hope in the future you can make your discussion title match the post content.

Anyhow, what I'm encountering are folk that expected Microsoft to go get drivers for them. And get the settings right. Sorry, no. Microsoft has yet to perfect that aspect of Windows. "Driver Hell" is real. Microsoft has slightly improved since 1995 but barely.

For your laptop, try the laptop maker's web site for the drivers.

I have purchased refurbs on Amazon but they came with a product key sticker so I could complete the activation.

There were some refurbs that used a cracked W10 OS so when you reloaded you might trigger the issue you have now. W10 and all Windows have a license to deal with so in your case you would check your case for the sticker and use that key to activate.

All that said I occasionally run into folk that were ripped off by the refurd seller and even if so, you are not entitled to a free CDKEY.

If you were ripped off, then you talk to the seller.

PS. My project is to drive around, geocode a location, add my observations, and then have a map with my addresses and notes.

As a realtor what good is Lat+Long doing us here? All the realtor/realty sites use/display addresses. Maybe the Lat+Long is complicating the project.

I rarely see folk here code for the members. Only discuss, try to sort out an error and redesign. That said, it sounds almost like you want to duplicate Zillow or Redfin which should be a long endeavor as your programming skills improve.

My PS. Don't get stuck on just Google APIs. Use any solution. Such as https://www.google.com/search?q=street+address+to+lat+long&gl=US

Gloak commented: Thank you. +0