Search Results

Search found 6690 results on 268 pages for 'worst practices'.

Page 104/268 | < Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111  | Next Page >

  • Make a Method of the Business Layer secure. best practice / best pattern [.net/c#]

    - by gsharp
    Hi We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-) Thanks for you help.

    Read the article

  • How to test a site rigorously?

    - by Sarfraz
    Hello, I recently created a big portal site. It's time for putting it to test. How do you guys test a site rigorously? What are the ways and tools for that? Can we sort of mimic hundreds of virtual users visiting the site to see its load handling? The test should be for both security and speed Thanks in advance.

    Read the article

  • Prims vs Polys: what are the pros and cons of each?

    - by Richard Inglis
    I've noticed that most 3d gaming/rendering environments represent solids as a mesh of (usually triangular) 3d polygons. However some examples, such as Second Life, or PovRay use solids built from a set of 3d primitives (cube, sphere, cone, torus etc) on which various operations can be performed to create more complex shapes. So my question is: why choose one method over the other for representing 3d data? I can see there might be benefits for complex ray-tracing operations to be able to describe a surface as a single mathematical function (like PovRay does), but SL surely isn't attempting anything so ambitious with their rendering engine. Equally, I can imagine it might be more bandwidth-efficient to serve descriptions of generalised solids instead of arbitrary meshes, but is it really worth the downside that SL suffers from (ie modelling stuff is really hard, and usually the results are ugly) - was this just a bad decision made early in SL's development that they're now stuck with? Or is it an artefact of what's easiest to implement in OpenGL?

    Read the article

  • Are there any downsides in using C++ for network daemons?

    - by badcat
    Hey guys! I've been writing a number of network daemons in different languages over the past years, and now I'm about to start a new project which requires a new custom implementation of a properitary network protocol. The said protocol is pretty simple - some basic JSON formatted messages which are transmitted in some basic frame wrapping to have clients know that a message arrived completely and is ready to be parsed. The daemon will need to handle a number of connections (about 200 at the same time) and do some management of them and pass messages along, like in a chat room. In the past I've been using mostly C++ to write my daemons. Often with the Qt4 framework (the network parts, not the GUI parts!), because that's what I also used for the rest of the projects and it was simple to do and very portable. This usually worked just fine, and I didn't have much trouble. Being a Linux administrator for a good while now, I noticed that most of the network daemons in the wild are written in plain C (of course some are written in other languages, too, but I get the feeling that 80% of the daemons are written in plain C). Now I wonder why that is. Is this due to a pure historic UNIX background (like KISS) or for plain portability or reduction of bloat? What are the reasons to not use C++ or any "higher level" languages for things like daemons? Thanks in advance! Update 1: For me using C++ usually is more convenient because of the fact that I have objects which have getter and setter methods and such. Plain C's "context" objects can be a real pain at some point - especially when you are used to object oriented programming. Yes, I'm aware that C++ is a superset of C, and that C code is basically C++. But that's not the point. ;)

    Read the article

  • Constructor Overload Problem in C++ Inherrentance

    - by metdos
    Here my code snippet: class Request { public: Request(void); ……….. } Request::Request(void) { qDebug()<<"Request: "<<"Hello World"; } class LoginRequest :public Request { public: LoginRequest(void); LoginRequest(QDomDocument); …………… } LoginRequest::LoginRequest(void) { qDebug()<<"LoginRequest: "<<"Hello World"; requestType=LOGIN; requestId=-1; } LoginRequest::LoginRequest(QDomDocument doc){ qDebug()<<"LoginRequest: "<<"Hello World with QDomDocument"; LoginRequest::LoginRequest(); xmlDoc_=doc; } When call constructor of Overrided LoginRequest LoginRequest *test=new LoginRequest(doc); I came up with this result: Request: Hello World LoginRequest: Hello World with QDomDocument Request: Hello World LoginRequest: Hello World Obviously both constructor of LoginRequest called REquest constructor. Is there any way to cape with this situation? I can construct another function that does the job I want to do and have both constructors call that function. But I wonder is there any solution?

    Read the article

  • C# 4.0 Named Parameters - should they always be used when calling non-Framework methods?

    - by David Neale
    I really this is a hugely subjective topic but here is my current take: When calling methods which do not form part of the .NET BCL named parameters should always be used as the method signatures may well change, especially during the development cycle of my own applications. Although they might appear more verbose they are also far clearer. Is the above a reasonable approach to calling methods or have I overlooked something fundamental?

    Read the article

  • jQuery: Stopping a periodic ajax call?

    - by Legend
    I am writing a small jQuery plugin to update a set of Divs with content obtained using Ajax calls. Initially, let's assume we have 4 divs. I am doing something like this: (function($) { .... .... //main function $.fn.jDIV = { init: function() { ... ... for(var i = 0; i < numDivs; i++) { this.query(i); } this.handlers(); }, query: function(divNum) { //Makes the relevant ajax call }, handlers: function() { for(var i = 0; i < numDivs; i++) { setInterval("$.fn.jDIV.query(" + i + ")", 5000); } } }; })(jQuery); I would like to be able to enable and disable a particular ajax query. I was thinking of adding a "start" and "stop" instead of the "handlers" function and subsequently storing the setInterval handler like this: start: function(divNum) { divs[divNum] = setInterval("$.fn.jDIV.query(" + i + ")", 5000); }, stop: function(divNum) { clearInterval(divs[divNum]); } I did not use jQuery to setup and destroy the event handlers. Is there a better approach (perhaps using more of jQuery) to achieve this?

    Read the article

  • HTTP headers: Last-Modified - how can it mimimize server load?

    - by gotts
    Imagine the following use case: I use an AJAX request for getting some info about Item and use this URL: http://domain/items/show/1 In my database all items have a field called modified_at where we store the moment when this item was previously modified. How can Last-Modified server HTTP header in response can minimize load/reduce requests/increase responsiveness if we need to process this request every time on the server side? It looks like we don't reduce the number of HTTP requests with that response and we don't reduce the load on server. Who needs this anyway?

    Read the article

  • Multiple REPLACE function in Oracle

    - by Adnan
    I am using the REPLACE function in oracle to replace values in my string like; SELECT REPLACE('THE NEW VALUE IS #VAL1#','#VAL1#','55') from dual So this is OK to replace one value, but what about 20+, should I use 20+ REPLACE function or is there a more practical solution. All ideas are welcome.

    Read the article

  • SQL Server error handling: exceptions and the database-client contract

    - by gbn
    We’re a team of SQL Servers database developers. Our clients are a mixed bag of C#/ASP.NET, C# and Java web services, Java/Unix services and some Excel. Our client developers only use stored procedures that we provide and we expect that (where sensible, of course) they treat them like web service methods. Some our client developers don’t like SQL exceptions. They understand them in their languages but they don’t appreciate that the SQL is limited in how we can communicate issues. I don’t just mean SQL errors, such as trying to insert “bob” into a int column. I also mean exceptions such as telling them that a reference value is wrong, or that data has already changed, or they can’t do this because his aggregate is not zero. They’d don’t really have any concrete alternatives: they’ve mentioned that we should output parameters, but we assume an exception means “processing stopped/rolled back. How do folks here handle the database-client contract? Either generally or where there is separation between the DB and client code monkeys. Edits: we use SQL Server 2005 TRY/CATCH exclusively we log all errors after the rollback to an exception table already we're concerned that some of our clients won't check output paramaters and assume everything is OK. We need errors flagged up for support to look at. everything is an exception... the clients are expected to do some message parsing to separate information vs errors. To separate our exceptions from DB engine and calling errors, they should use the error number (ours are all 50,000 of course)

    Read the article

  • The Java interface doesn't declare any exception. How to manage checked exception of the implementat

    - by Frór
    Let's say I have the following Java interface that I may not modify: public interface MyInterface { public void doSomething(); } And now the class implementing it is like this: class MyImplementation implements MyInterface { public void doSomething() { try { // read file } catch (IOException e) { // what to do? } } } I can't recover from not reading the file. A subclass of RuntimeException can clearly help me, but I'm not sure if it's the right thing to do: the problem is that that exception would then not be documented in the class and a user of the class would possibly get that exception an know nothing about solving this. What can I do?

    Read the article

  • Should I make sure arguments aren't null before using them in a function.

    - by Nathan W
    The title may not really explain what I'm really trying to get at, couldn't really think of a way to describe what I mean. I was wondering if it is good practice to check the arguments that a function accepts for nulls or empty before using them. I have this function which just wraps some hash creation like so. Public Shared Function GenerateHash(ByVal FilePath As IO.FileInfo) As String If (FilePath Is Nothing) Then Throw New ArgumentNullException("FilePath") End If Dim _sha As New Security.Cryptography.MD5CryptoServiceProvider Dim _Hash = Convert.ToBase64String(_sha.ComputeHash(New IO.FileStream(FilePath.FullName, IO.FileMode.Open, IO.FileAccess.Read))) Return _Hash End Function As you can see I just takes a IO.Fileinfo as an argument, at the start of the function I am checking to make sure that it is not nothing. I'm wondering is this good practice or should I just let it get to the actual hasher and then throw the exception because it is null.? Thanks.

    Read the article

  • Representing xml through a single class

    - by Charles
    I am trying to abstract away the difficulties of configuring an application that we use. This application takes a xml configuration file and it can be a bit bothersome to manually edit this file, especially when we are trying to setup some automatic testing scenarios. I am finding that reading xml is nice, pretty easy, you get a network of element nodes that you can just go through and build your structures quite nicely. However I am slowly finding that the reverse is not quite so nice. I want to be able to build a xml configuration file through a single easy to use interface and because xml is composed of a system of nodes I am having a lot of struggle trying to maintain the 'easy' part. Does anyone know of any examples or samples that easily and intuitively build xml files without declaring a bunch of element type classes and expect the user to build the network themselves? For example if my desired xml output is like so <cook version="1.1"> <recipe name="chocolate chip cookie"> <ingredients> <ingredient name="flour" amount="2" units="cups"/> <ingredient name="eggs" amount="2" units="" /> <ingredient name="cooking chocolate" amount="5" units="cups" /> </ingredients> <directions> <direction name="step 1">Preheat oven</direction> <direction name="step 2">Mix flour, egg, and chocolate</direction> <direction name="step 2">bake</direction> </directions> </recipe> <recipe name="hot dog"> ... How would I go about designing a class to build that network of elements and make one easy to use interface for creating recipes? Right now I have a recipe object, an ingredient object, and a direction object. The user must make each one, set the attributes in the class and attach them to the root object which assembles the xml elements and outputs the formatted xml. Its not very pretty and I just know there has to be a better way. I am using python so bonus points for pythonic solutions

    Read the article

  • Delphi: How to avoid EIntOverflow underflow when subtracting?

    - by Ian Boyd
    Microsoft already says, in the documentation for GetTickCount, that you could never compare tick counts to check if an interval has passed. e.g.: Incorrect (pseudo-code): DWORD endTime = GetTickCount + 10000; //10 s from now ... if (GetTickCount > endTime) break; The above code is bad because it is suceptable to rollover of the tick counter. For example, assume that the clock is near the end of it's range: endTime = 0xfffffe00 + 10000 = 0x00002510; //9,488 decimal Then you perform your check: if (GetTickCount > endTime) Which is satisfied immediatly, since GetTickCount is larger than endTime: if (0xfffffe01 > 0x00002510) The solution Instead you should always subtract the two time intervals: DWORD startTime = GetTickCount; ... if (GetTickCount - startTime) > 10000 //if it's been 10 seconds break; Looking at the same math: if (GetTickCount - startTime) > 10000 if (0xfffffe01 - 0xfffffe00) > 10000 if (1 > 10000) Which is all well and good in C/C++, where the compiler behaves a certain way. But what about Delphi? But when i perform the same math in Delphi, with overflow checking on ({Q+}, {$OVERFLOWCHECKS ON}), the subtraction of the two tick counts generates an EIntOverflow exception when the TickCount rolls over: if (0x00000100 - 0xffffff00) > 10000 0x00000100 - 0xffffff00 = 0x00000200 What is the intended solution for this problem? Edit: i've tried to temporarily turn off OVERFLOWCHECKS: {$OVERFLOWCHECKS OFF}] delta = GetTickCount - startTime; {$OVERFLOWCHECKS ON} But the subtraction still throws an EIntOverflow exception. Is there a better solution, involving casts and larger intermediate variable types?

    Read the article

  • Debugging a Browser Redirect Loop

    - by just_wes
    Hi all, I am using CakePHP with the Auth and ACL components. My page loads fine for non-registered users, but if I try to log in as a registered user I get an infinite redirect loop in the browser. I am sure that this is some sort of permissions problem, but the problem exists even for users who have permissions for everything. The only way to prevent this behavior is to allow '*' in my AppController's beforeFilter method. What is the best way to debug this sort of problem? Thanks!

    Read the article

  • What are the principles of developing web-applications with action-based java frameworks?

    - by Roman
    Background I'm going to develop a new web-application with java. It's not very big or very complex and I have enough time until it'll "officially" start. I have some JSF/Facelets development background (about half a year). And I also have some expirience with JSP+JSTL. In self-educational purpose (and also in order to find the best solution) I want to prototype the new project with one of action-based frameworks. Actually, I will choose between Spring MVC and Stripes. Problem In order to get correct impression about action-based frameworks (in comparison with JSF) I want to be sure that I use them correctly (in bigger or lesser extent). So, here I list some most-frequent tasks (at least for me) and describe how I solve them with JSF. I want to know how they should be solved with action-based framework (or separately with Spring MVC and Stripes if there is any difference for concrete task). Rendering content: I can apply ready-to-use component from standard jsf libraries (core and html) or from 3rd-party libs (like RichFaces). I can combine simple components and I can easily create my own components which are based on standard components. Rendering data (primitive or reference types) in the correct format: Each component allow to specify a converter for transforming data in both ways (to render and to send to the server). Converter is, as usual, a simple class with 2 small methods. Site navigation: I specify a set of navigation-cases in faces-config.xml. Then I specify action-attribute of a link (or a button) which should match one or more of navigation cases. The best match is choosen by JSF. Implementing flow (multiform wizards for example): I'm using JSF 1.2 so I use Apache Orchestra for the flow (conversation) scope. Form processing: I have a pretty standard java-bean (backing bean in JSF terms) with some scope. I 'map' form fields on this bean properties. If everything goes well (no exceptions and validation is passed) then all these properties are set with values from the form fields. Then I can call one method (specified in button's action attribute) to execute some logic and return string which should much one of my navigation cases to go to the next screen. Forms validation: I can create custom validator (or choose from existing) and add it to almost each component. 3rd-party libraries have sets of custom ajax-validators. Standard validators work only after page is submitted. Actually, I don't like how validation in JSF works. Too much magic there. Many standard components (or maybe all of them) have predefined validation and it's impossible to disable it (Maybe not always, but I met many problems with it). Ajax support: many 3rd-party libraries (MyFaces, IceFaces, OpenFaces, AnotherPrefixFaces...) have strong ajax support and it works pretty well. Until you meet a problem. Too much magic there as well. It's very difficult to make it work if it doesn't work but you've done right as it's described in the manual. User-friendly URLs: people say that there are some libraries for that exist. And it can be done with filters as well. But I've never tried. It seems too complex for the first look. Thanks in advance for explaning how these items (or some of them) can be done with action-based framework.

    Read the article

  • Asp.Net MVC Handle Drop Down Boxes that are not part of the Model

    - by Pino
    I have a small form which the user must fill in and consists of the following fields. Name (Text) Value (Text) Group (Group - Is a list of option pulled from a database table) Now the Model for this View looks like so, public string Name { get; set; } public string Value { get; set; } public int GroupID { get; set; } Now the view is Strongly Typed to the above model. What method would one use to populate the drop down list? Since the data is not contained within the Model (It could be contained in the Model) should we be using Temp/View data? A HTML Helper? What would be the ideal way to achieve this.

    Read the article

  • C++ Matrix class hierachy

    - by bpw1621
    Should a matrix software library have a root class (e.g., MatrixBase) from which more specialized (or more constrained) matrix classes (e.g., SparseMatrix, UpperTriangluarMatrix, etc.) derive? If so, should the derived classes be derived publicly/protectively/privately? If not, should they be composed with a implementation class encapsulating common functionality and be otherwise unrelated? Something else? I was having a conversation about this with a software developer colleague (I am not per se) who mentioned that it is a common programming design mistake to derive a more restricted class from a more general one (e.g., he used the example of how it was not a good idea to derive a Circle class from an Ellipse class as similar to the matrix design issue) even when it is true that a SparseMatrix "IS A" MatrixBase. The interface presented by both the base and derived classes should be the same for basic operations; for specialized operations, a derived class would have additional functionality that might not be possible to implement for an arbitrary MatrixBase object. For example, we can compute the cholesky decomposition only for a PositiveDefiniteMatrix class object; however, multiplication by a scalar should work the same way for both the base and derived classes. Also, even if the underlying data storage implementation differs the operator()(int,int) should work as expected for any type of matrix class. I have started looking at a few open-source matrix libraries and it appears like this is kind of a mixed bag (or maybe I'm looking at a mixed bag of libraries). I am planning on helping out with a refactoring of a math library where this has been a point of contention and I'd like to have opinions (that is unless there really is an objective right answer to this question) as to what design philosophy would be best and what are the pros and cons to any reasonable approach.

    Read the article

  • I don't like Python functions that take two or more iterables. Is it a good idea?

    - by Xavier Ho
    This question came from looking at this question on Stackoverflow. def fringe8((px, py), (x1, y1, x2, y2)): Personally, it's been one of my pet peeves to see a function that takes two arguments with fixed-number iterables (like a tuple) or two or more dictionaries (Like in the Shotgun API). It's just hard to use, because of all the verbosity and double-bracketed enclosures. Wouldn't this be better: >>> class Point(object): ... def __init__(self, x, y): ... self.x = x ... self.y = y ... >>> class Rect(object): ... def __init__(self, x1, y1, x2, y2): ... self.x1 = x1 ... self.y1 = y1 ... self.x2 = x2 ... self.y2 = y2 ... >>> def fringe8(point, rect): ... # ... ... >>> >>> point = Point(2, 2) >>> rect = Rect(1, 1, 3, 3) >>> >>> fringe8(point, rect) Is there a situation where taking two or more iterable arguments is justified? Obviously the standard itertools Python library needs that, but I can't see it being pretty in maintainable, flexible code design.

    Read the article

  • what's wrong in File.Exist() method?

    - by Arseny
    Reading some answers with code samples I notice that those where this method mentioned are subjected to criticism. I'm using this method in my code. So I'd like to know if someone give me detailed response whuy this method is not recomemnded and what alternative approaches are?

    Read the article

  • Make a Method of the Business Layer secure. best practice / best pattern

    - by gsharp
    We are using ASP.NET with a lot of AJAX "Page Method" calls. The WebServices defined in the Page invokes methods from our BusinessLayer. To prevent hackers to call the Page Methods, we want to implement some security in the BusinessLayer. We are struggling with two different issues. First one: public List<Employees> GetAllEmployees() { // do stuff } This Method should be called by Authorized Users with the Role "HR". Second one: public Order GetMyOrder(int orderId) { // do sutff } This Method should only be called by the owner of the Order. I know it's easy to implement the security for each method like: public List<Employees> GetAllEmployees() { // check if the user is in Role HR } or public Order GetMyOrder(int orderId) { // check if the order.Owner = user } What I'm looking for is some pattern/best practice to implement this kind of security in a generic way (without coding the the if then else every time) I hope you get what i mean :-)

    Read the article

  • small scale web site - global javascript file style/format/pattern - improving maintainability

    - by yaya3
    I frequently create (and inherit) small to medium websites where I have the following sort of code in a single file (normally named global.js or application.js or projectname.js). If functions get big, I normally put them in a seperate file, and call them at the bottom of the file below in the $(document).ready() section. If I have a few functions that are unique to certain pages, I normally have another switch statement for the body class inside the $(document).ready() section. How could I restructure this code to make it more maintainable? Note: I am less interested in the functions innards, more so the structure, and how different types of functions should be dealt with. I've also posted the code here - http://pastie.org/999932 in case it makes it any easier var ProjectNameEnvironment = {}; function someFunctionUniqueToTheHomepageNotWorthMakingConfigurable () { $('.foo').hide(); $('.bar').click(function(){ $('.foo').show(); }); } function functionThatIsWorthMakingConfigurable(config) { var foo = config.foo || 700; var bar = 200; return foo * bar; } function globallyRequiredJqueryPluginTrigger (tooltip_string) { var tooltipTrigger = $(tooltip_string); tooltipTrigger.tooltip({ showURL: false ... }); } function minorUtilityOneLiner (selector) { $(selector).find('li:even').not('li ul li').addClass('even'); } var Lightbox = {}; Lightbox.setup = function(){ $('li#foo a').attr('href','#alpha'); $('li#bar a').attr('href','#beta'); } Lightbox.init = function (config){ if (typeof $.fn.fancybox =='function') { Lightbox.setup(); var fade_in_speed = config.fade_in_speed || 1000; var frame_height = config.frame_height || 1700; $(config.selector).fancybox({ frameHeight : frame_height, callbackOnShow: function() { var content_to_load = config.content_to_load; ... }, callbackOnClose : function(){ $('body').height($('body').height()); } }); } else { if (ProjectNameEnvironment.debug) { alert('the fancybox plugin has not been loaded'); } } } // ---------- order of execution ----------- $(document).ready(function () { urls = urlConfig(); (function globalFunctions() { $('.tooltip-trigger').each(function(){ globallyRequiredJqueryPluginTrigger(this); }); minorUtilityOneLiner('ul.foo') Lightbox.init({ selector : 'a#a-lightbox-trigger-js', ... }); Lightbox.init({ selector : 'a#another-lightbox-trigger-js', ... }); })(); if ( $('body').attr('id') == 'home-page' ) { (function homeFunctions() { someFunctionUniqueToTheHomepageNotWorthMakingConfigurable (); })(); } });

    Read the article

  • Removing a pattern from the beggining and end of a string in ruby

    - by seaneshbaugh
    So I found myself needing to remove <br /> tags from the beginning and end of strings in a project I'm working on. I made a quick little method that does what I need it to do but I'm not convinced it's the best way to go about doing this sort of thing. I suspect there's probably a handy regular expression I can use to do it in only a couple of lines. Here's what I got: def remove_breaks(text) if text != nil and text != "" text.strip! index = text.rindex("<br />") while index != nil and index == text.length - 6 text = text[0, text.length - 6] text.strip! index = text.rindex("<br />") end text.strip! index = text.index("<br />") while index != nil and index == 0 text = test[6, text.length] text.strip! index = text.index("<br />") end end return text end Now the "<br />" could really be anything, and it'd probably be more useful to make a general use function that takes as an argument the string that needs to be stripped from the beginning and end. I'm open to any suggestions on how to make this cleaner because this just seems like it can be improved.

    Read the article

< Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111  | Next Page >