Search Results

Search found 28590 results on 1144 pages for 'best of'.

Page 106/1144 | < Previous Page | 102 103 104 105 106 107 108 109 110 111 112 113  | Next Page >

  • How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?

    - by Imageree
    One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere I am connecting to the database so I dont think it is SQL injection. I have now removed the write permission on the folders. How can I find out what they did to hack the site and what to do to prevent it from happening again? The server is up to date with all Windows updates. What they have done is uploading 6 files (index.asp, index.html, index.htm,...) to the main directory for the website. What log files should I upload? I have log files for IIS from this folder: c:\winnt\system32\LogFiles\W3SVC1. I am willing to show it to some of you but don't think it is good to post on the Internet. Anyone willing to take a look at it? I have already searched on Google but the only thing I find there are other sites that have been hacked - I haven't been able to see any discussion about it. I know this is not strictly related to programming but this is still an important thing for programmers and a lot of programmers have been hacked like this.

    Read the article

  • Why avoid increment ("++") and decrement ("--") operators in JavaScript?

    - by artlung
    I'm a big fan of Douglas Crockford's writing on JavaScript, particularly his book JavaScript: The Good Parts. It's made me a better JavaScript programmer and a better programmer in general. One of his tips for his jslint tool is this : ++ and -- The ++ (increment) and -- (decrement) operators have been known to contribute to bad code by encouraging excessive trickiness. They are second only to faulty architecture in enabling to viruses and other security menaces. There is a plusplus option that prohibits the use of these operators. This has always struck my gut as "yes, that makes sense," but has annoyed me when I've needed a looping condition and can't figure out a better way to control the loop than a while( a < 10 )do { a++ } or for (var i=0;i<10;i++) { } and use jslint. It's challenged me to write it differently. I also know in the distant past using things, in say PHP like $foo[$bar++] has gotten me in trouble with off-by-one errors. Are there C-like languages or other languages with similarities that that lack the "++" and "--" syntax or handle it differently? Are there other rationales for avoiding "++" and "--" that I might be missing? UPDATE -- April 9, 2010: In the video Crockford on JavaScript -- Part 5: The End of All Things, Douglas Crockford addresses the ++ issue more directly and with more detail. It appears at 1:09:00 in the timeline. Worth a watch.

    Read the article

  • Is there a compelling reason to use quantifiers in Perl regular expressions instead of just repeatin

    - by Morinar
    I was performing a code review for a colleague and he had a regular expression that looked like this: if ($value =~ /^\d\d\d\d$/) { #do stuff } I told him he should change it to: if ($value =~ /^\d{4}$/) { #do stuff } To which he replied that he preferred the first for readability (I find the second more readable, but that's a religious debate I'll save for another day). My question: is there an actual benefit to one over the other?

    Read the article

  • Controls added in the designer are null during Page_Load

    - by mwright
    All of the names below are generic and not the actual names used. I have a custom UserControl with a Panel that contains a a couple Labels, both .aspx controls. .aspx: <asp:Panel runat="server"> <asp:Label ID="label1" runat="server"> </asp:Label> </asp:Panel> <asp:Panel runat="server"> <asp:Label ID="label2" runat="server"> </asp:Label> </asp:Panel> Codebehind: private readonly Object object; protected void Page_Load(object sender, EventArgs e) { // These are the lines that are failing // label1 and label2 are null label1.Text = object.Value1; label2.Text = object.Value2; } public ObjectRow(Object objectToDisplay) { object = objectToDisplay; } On another page, in the code behind, I create a new instance of the custom user control. protected void Page_Load(object sender, EventArgs e) { CustomControl control = new CustomControl(object); } The user control takes the parameter and attempts to set the labels based off of the object passed in. The labels that it tries to assign the values to are however, null. Is this an ASP.net lifecycle issue that I'm not understanding? My understanding based on the Microsoft ASP.net lifecycle page was that page controls were available after the Page_Initialization. What is the proper way to do this? Is there a better way?

    Read the article

  • What is your strategy to avoid dynamic typing errors in Python (NoneType has not attribute x)?

    - by Koen Bok
    Python is one of my favorite languages, but I really have a love/hate relationship with it's dynamicness. Apart from the advantages, it often results in me forgetting to check a type, trying to call an attribute and getting the NoneType (or any other) has no attribute x error. A lot of them are pretty harmless but if not handled correctly they can bring down your entire app/process/etc. Over time I got better predicting where these could pop up and adding explicit type checking, but because I'm only human I miss one occasionally and then some end-user finds it. So I'm interested in your strategy to avoid these. Do you use type-checking decorators? Maybe special object wrappers? Please share...

    Read the article

  • "Nearly divisible"

    - by bobobobo
    I want to check if a floating point value is "nearly" a multiple of 32. E.g. 64.1 is "nearly" divisible by 32, and so is 63.9. Right now I'm doing this: #define NEARLY_DIVISIBLE 0.1f float offset = fmodf( val, 32.0f ) ; if( offset < NEARLY_DIVISIBLE ) { // its near from above } // if it was 63.9, then the remainder would be large, so add some then and check again else if( fmodf( val + 2*NEARLY_DIVISIBLE, 32.0f ) < NEARLY_DIVISIBLE ) { // its near from below } Got a better way to do this?

    Read the article

  • How to connect remote EJB module from application client

    - by Zeck
    Hi guys, I have a EJB module in remote Glassfish server and application client in my computer. I want to connect from the application client to the remote EJB. Here is the my EJB interface: @Remote public interface BookEJBRemote { public String getTitle(); } Here is the my ejb: @Stateless public class BookEJB implements BookEJBRemote { @Override public String getTitle() { return "Twenty Thousand Leagues Under the Sea"; } } I have several questions : Can I use Dependency Injection in the remote application client to connect to the ejb? If so what can i do to achieve this. Do i need to configure in the sun-ejb-jar.xml and sun-application-client.xml? In other words, if i use DI like @EJB MyEJBRemote ejb; How application client container know what ejb to be injected? Where should i specify the information? How can i run the application client? I tried to run package-appclient in the glassfish server to get appclient.jar and copy it to my computer. Then i type appclient.jar -client myAppClient.jar . It didn't work. How do i point the target server? if i cannot use DI in the client then i guess i have to use JNDI lookup. Do i need to configure jndi name in sun-ejb-jar.xml or in the sun-application-client.xml? No matter how i try i never manage to run application client ? Can you guys put some working example? And thank you for every advises and examples?

    Read the article

  • Should I worry about reigning in namespace number/length/scope?

    - by Jay
    I've recently reorganized a solution-in-progress from 24 projects to 4. To keep the copious files organized in the "main" project, things are in folders in folders in folders. I think I've preserved a logical, discoverable arrangement of the solution content. As a result, of course, I end up with namespaces like AppName.DataAccess.NHibernate.Fluent.Mappings. Is there any compelling reason that I should care about flattening out the namespace hierarchy when my project has a somewhat deeply nested folder structure? (I am not concerned about resolving or managing using directives; I let ReSharper do all the heavy lifting here.)

    Read the article

  • What are the pros and cons of using an in memeory DB rather than a ThreadLocal

    - by Pangea
    we have been using ThreadLocal so far to carry some data so as to not clutter the API. However below are some of issues of using thread local that which I dont like 1) over the years the data items being carried in thread local has increased 2) Since we started using threads (for some light weight processing), we have also migrating these data to the threads in the pool and copying them back again I am thinking of using an in memory DB for these (we doesnt want to add this to the API). I wondering if this approach is good. What r the pros and cons. thx in advance.

    Read the article

  • Explaining to boss why we need to avoid horizontal scroll

    - by Bradley Herman
    I need help explaining to my boss why her design is poor on a clients website. She has no knowledge of web and it can be difficult as a web developer working with a woman who is a graphic designer (not even a web designer really). On a current site she has designed, an image bar "needs" to be like 1200px according to her, though it isn't necessary with the content. I'll show a quick sketch to illustrate what's going on: http://imgur.com/MNGOT.jpg As you see, the banner spills out past the 960px of the content and as wide as 1200px. This creates a horizontal scroll when all the content is viewable within the 960px wide viewport. I need to make this an img and not a css background because it's a jquery slideshow that fades from image to image. I think this is a big problem because a lot of people are going to get a horizontal scroll bar imposed in their browser when they're still able to see all the relevant content. How do I help her explain it. She thinks no one will notice and it'll be fine, I think it's very bad practice and confusing to the end user. Any help?

    Read the article

  • HELP!! Ruby & RoR Resources?

    - by aaroninfidel
    Hello, I've been a PHP Developer for a few years now and I've recently been interested in learning Ruby & Rails but I've found a lot of the resources I've found seem to be dated and not for Rails 2.0 or Ruby 1.8.6 etc... can anyone point me in the right direction? I'm running OSX 10.6 with the default ruby & rails installation. Thanks!

    Read the article

  • Java operator overloading

    - by nimcap
    Not using operators makes my code obscure. (aNumber / aNother) * count is better than aNumber.divideBy(aNother).times(count) After 6 months of not writing a single comment I had to write a comment to the simple operation above. Usually I refactor until I don't need comment. And this made me realize that it is easier to read and perceive math symbols and numbers than their written forms. For example TWENTY_THOUSAND_THIRTEEN.plus(FORTY_TWO.times(TWO_HUNDERED_SIXTY_ONE)) is more obscure than 20013 + 42*261 So do you know a way to get rid of obscurity while not using operator overloading in Java? Update: I did not think my exaggeration on comments would cause such trouble to me. I am admitting that I needed to write comment a couple of times in 6 months. But not more than 10 lines in total. Sorry for that. Update 2: Another example: budget.plus(bonusCoefficient.times(points)) is more obscure than budget + bonusCoefficient * points I have to stop and think on the first one, at first sight it looks like clutter of words, on the other hand, I get the meaning at first look for the second one, it is very clear and neat. I know this cannot be achieved in Java but I wanted to hear some ideas about my alternatives.

    Read the article

  • How to handle input and parameter validation between layers?

    - by developr
    If I have a 3 layer web forms application that takes user input, I know I can validate that input using validation controls in the presentation layer. Should I also validate in the business and data layers as well to protect against SQL injection and also issues? What validations should go in each layer? Another example would be passing a ID to return a record. Should the data layer ensure that the id is valid or should that happen in BLL / UI?

    Read the article

  • Common programming mistakes for Scala developers to avoid

    - by jelovirt
    In the spirit of Common programming mistakes for Java developers to avoid? Common programming mistakes for JavaScript developers to avoid? Common programming mistakes for .NET developers to avoid? Common programming mistakes for Haskell developers to avoid? Common programming mistakes for Python developers to avoid? Common Programming Mistakes for Ruby Developers to Avoid Common programming mistakes for PHP developers to avoid? what are some common mistakes made by Scala developers, and how can we avoid them? Also, as the biggest group of new Scala developers come from Java, what specific pitfalls they have to be aware of? For example, one often cited problem Java programmers moving to Scala make is use a procedural approach when a functional one would be more suitable in Scala. What other mistakes e.g. in API design newcomers should try to avoid.

    Read the article

  • What should a developer know before building a public web site?

    - by Joel Coehoorn
    What things should a programmer implementing the technical details of a web site address before making the site public? If Jeff Atwood can forget about HttpOnly cookies, sitemaps, and cross-site request forgeries all in the same site, what important thing could I be forgetting as well? I'm thinking about this from a web developer's perspective, such that someone else is creating the actual design and content for the site. So while usability and content may be more important than the platform, you the programmer have little say in that. What you do need to worry about is that your implementation of the platform is stable, performs well, is secure, and meets any other business goals (like not cost too much, take too long to build, and rank as well with Google as the content supports). Think of this from the perspective of a developer who's done some work for intranet-type applications in a fairly trusted environment, and is about to have his first shot and putting out a potentially popular site for the entire big bad world wide web. Also: I'm looking for something more specific than just a vague "web standards" response. I mean, HTML, JavaScript, and CSS over HTTP are pretty much a given, especially when I've already specified that you're a professional web developer. So going beyond that, Which standards? In what circumstances, and why? Provide a link to the standard's specification. This question is community wiki, so please feel free to edit that answer to add links to good articles that will help explain or teach each particular point.

    Read the article

  • Can per-user randomized salts be replaced with iterative hashing?

    - by Chas Emerick
    In the process of building what I'd like to hope is a properly-architected authentication mechanism, I've come across a lot of materials that specify that: user passwords must be salted the salt used should be sufficiently random and generated per-user ...therefore, the salt must be stored with the user record in order to support verification of the user password I wholeheartedly agree with the first and second points, but it seems like there's an easy workaround for the latter. Instead of doing the equivalent of (pseudocode here): salt = random(); hashedPassword = hash(salt . password); storeUserRecord(username, hashedPassword, salt); Why not use the hash of the username as the salt? This yields a domain of salts that is well-distributed, (roughly) random, and each individual salt is as complex as your salt function provides for. Even better, you don't have to store the salt in the database -- just regenerate it at authentication-time. More pseudocode: salt = hash(username); hashedPassword = hash(salt . password); storeUserRecord(username, hashedPassword); (Of course, hash in the examples above should be something reasonable, like SHA-512, or some other strong hash.) This seems reasonable to me given what (little) I know of crypto, but the fact that it's a simplification over widely-recommended practice makes me wonder whether there's some obvious reason I've gone astray that I'm not aware of.

    Read the article

  • To be effective on your home projects is it better using the same technologies used at work?

    - by systempuntoout
    To be more productive and effective, is it better to start developing an home project using the same technologies used at work? I'm not talking about a simple hello world web page but an home project with all bells and whistles that one day, maybe, you could sell on internet. This dilemma is often subject of flames between me and a friend. He thinks that if you want to make a great home-made project you need to use the same technologies used daily at work staying in the same scope too; for example, a c++ computer game programmer should develope an home-made c++ game. I'm pretty sure that developing using the same technologies used at work can be more productive at beginning, but surely less exciting and stimulating of working with other languages\ides\libraries out of your daily job. What's your opinion about that?

    Read the article

  • How convince other developers not to ignore Exceptions?

    - by Mnementh
    Recently I encountered a bug in an application I took over from another developer. I debugged for the reason and over an hour later I realized, that the problem wasn't the code producing the exception, but some code executed before this returning wrong data. If I dived into this, I encountered the following: try { ... } catch (XYException e){} If the Exception would have been propagated (a change I did), I would have found the reason for the bugs in a few minutes, as the stacktrace had pointed me to the problem. So how can I convince other developers to never catch and ignore exceptions in this way?

    Read the article

< Previous Page | 102 103 104 105 106 107 108 109 110 111 112 113  | Next Page >