Search Results

Search found 28590 results on 1144 pages for 'best pactice'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 109/1144 | < Previous Page | 105 106 107 108 109 110 111 112 113 114 115 116  | Next Page >

  • Session ID Rotation - does it enhance security?

    - by dound
    (I think) I understand why session IDs should be rotated when the user logs in - this is one important step to prevent session fixation. However, is there any advantage to randomly/periodically rotating session IDs? This seems to only provide a false sense of security in my opinion. Assuming session IDs are not vulnerable to brute-force guessing and you only transmit the session ID in a cookie (not as part of URLs), then an attacker will have to access your cookie (most likely by snooping on your traffic) to get your session ID. Thus if the attacker gets one session ID, they'll probably be able to sniff the rotated session ID too - and thus randomly rotating has not enhanced security.

    Read the article

  • When to use "property" builtin: auxiliary functions and generators

    - by Seth Johnson
    I recently discovered Python's property built-in, which disguises class method getters and setters as a class's property. I'm now being tempted to use it in ways that I'm pretty sure are inappropriate. Using the property keyword is clearly the right thing to do if class A has a property _x whose allowable values you want to restrict; i.e., it would replace the getX() and setX() construction one might write in C++. But where else is it appropriate to make a function a property? For example, if you have class Vertex(object): def __init__(self): self.x = 0.0 self.y = 1.0 class Polygon(object): def __init__(self, list_of_vertices): self.vertices = list_of_vertices def get_vertex_positions(self): return zip( *( (v.x,v.y) for v in self.vertices ) ) is it appropriate to add vertex_positions = property( get_vertex_positions ) ? Is it ever ok to make a generator look like a property? Imagine if a change in our code meant that we no longer stored Polygon.vertices the same way. Would it then be ok to add this to Polygon? @property def vertices(self): for v in self._new_v_thing: yield v.calculate_equivalent_vertex()

    Read the article

  • REST doesn't work with Sever-Client-Client setup

    - by drozzy
    I am having a problem with my current RESTful api design. What I have is a REST api which is consumed by Django web-server, which renders the HTML templates. REST api > Django webserver > HTML The problem I am encountering is that I have to reconstruct all the URLS like mysite.com/main/cities/<id>/streets/ into equivalent rest api urls on my web-server layer: api.com/cities/<id>/streets/ Thus I have a lot of mapping back and forth, but as far as I know REST says that the client (in this case my web-server) should NOT need to know how to re-construct the urls. Can REST be used for such a setup and how? Or is it only viable for Server-Client architecture. Thanks

    Read the article

  • Extending Throwable in Java

    - by polygenelubricants
    Java lets you create an entirely new subtype of Throwable, e.g: public class FlyingPig extends Throwable { ... } Now, very rarely, I may do something like this: throw new FlyingPig("Oink!"); and of course elsewhere: try { ... } catch (FlyingPig porky) { ... } My questions are: Is this a bad idea? And if so, why? What could've been done to prevent this subtyping if it is a bad idea? Since it's not preventable (as far as I know), what catastrophies could result? If this isn't such a bad idea, why not? How can you make something useful out of the fact that you can extends Throwable?

    Read the article

  • isPostBack as Query Parameter

    - by Steven
    I created an ASPX page with search controls to the left bound as controls for an AccessDataSource. I want the data grid to be blank on the first calling of the page, but show the results for subsequent page loads. I plan to achieve this by putting [pFirstRun] = False as my first WHERE condition with the parameter pFirstRun tied to the value isPostBack. How do I achieve this? Alternatively, is there a better way to achieve this goal?

    Read the article

  • Will asking users to upgrade their browser cause issues?

    - by John Isaacks
    Ok I am considering putting up something asking ie6 users to upgrade their browser. However, I am concerned that users will upgrade it, not like it. Then blame me. Is this a real concern? am I going to get people calling me asking me how to use their new browser or how to get their old one back? Whats your thought on this topic? Thanks!!

    Read the article

  • ASP.NET MVC PartialView generic ModelView

    - by Greg Ogle
    I have an ASP.NET MVC application which I want to dynamically pick the partial view and what data gets passed to it, while maintaining strong types. So, in the main form, I want a class that has a view model that contains a generically typed property which should contain the data for the partial view's view model. public class MainViewModel<T> { public T PartialViewsViewModel { get; set; } } In the User Control, I would like something like: Inherits="System.Web.Mvc.ViewUserControl<MainViewModel<ParticularViewModel>>" %> Though in my parent form, I must put Inherits="System.Web.Mvc.ViewPage<MainViewModel<ParticularViewModel>>" %> for it to work. Is there a way to work around this? The use case is to make the user control pluggable. I understand that I could inherit a base class, but that would put me back to having something like a dictionary instead of a typed view model.

    Read the article

  • controlling if exceptions are swallowed by a static boolean

    - by sandis
    So we are a few guys developing this product that is communicating with a really unstable server. It often returns very strange and corrupt data. During testing we want the resulting crashes to be loud, so we discover them. But every other day we need to demonstrate our product for a potential customer. To the customer the errors will go undiscovered if we just swallow them. I am thinking about implementing something like this around all server communication to quickly switch between swallowing exceptions and crashing: try { apiCall(); } catch (Exception e) { if(!SWALLOW_EXCEPTION) { throw e; } } Is this an awesome idea, or can it be done in a better way?

    Read the article

  • What should be the "trunk" development, or release

    - by Nix
    I have the unfortunate opportunity of source control via Borland's StarTeam. It unfortunately does very few things well, and one supreme weakness is its view management. I love SVN and come from an SVN mindset. Our issue is post production release we are spending countless hours merging changes into a "production support" environment. Please do not harass me this was not my doing, I inherited it and am trying to present a better way of managing the repository. It is not an option to switch to a different SCM tool. Current setup Product.1.0 (TRUNK, current production code, and at this level are pending bug fixes) Product.2.0(true trunk anything checked in gets tested, and then released next production cycle, a lot of changes occur in this view) My proposal is going to be to swap them, have all development be done on the trunk (Production), tag on releases, and as needed create child views to represent production support bug fixes. Production Production.2.0.SP.1 I can not find any documentation to support the above proposal so I am trying to get feedback on whether or not the change is a good idea and if there is anything you would recommend doing differently.

    Read the article

  • Auto-generating toString Method

    - by Gordon
    Is it good or bad practice auto-generating toString methods for some simple classes? I was thinking of generating something like bellow where it takes the variable names and produces a toString method that prints the name followed by it's value. private String name; private int age; private double height; public String toString(){ Formatter formatter = new Formatter(); return formatter.format("Name: %s, Age: %d, Height %f", name, age, height).toString(); }

    Read the article

  • PDO update with conditional?

    - by dmontain
    I have a PDO mysql that updates 3 fields. $update = $mypdo->prepare("UPDATE tablename SET field1=:field1, field2=:field2, field3=:field3 WHERE key=:key"); But I want field3 to be updated only when $update3 = true; Is this possible to accomplish with a single query? I could do it with 2 queries where I update field1 and field2 then check the boolean and update field3 if needed in a separate query. But hopefully there is a way to accomplish this in 1 query?

    Read the article

  • Using different languages in one project

    - by Tarbal
    I recently heard about the use of several different languages in a (big) project, I also read about famous services such as Twitter using Rails as frontend, mixed with some other languages, and Scala I think it was as backend. Is this common practice? Who does that? I'm sure there are disadvantages to this. I think that you will have problems with the different interpreters/compilers and seamlessly connecting the different languages. Is this true? Why is this actually done? For performance?

    Read the article

  • When should you use intermediate variables for expressions?

    - by froadie
    There are times that one writes code such as this: callSomeMethod(someClass.someClassMethod()); And other times when one would write the same code like this: int result = someClass.someClassMethod(); callSomeMethod(result); This is just a basic example to illustrate the point. My question isn't if you should use an intermediate variable or not, as that depends on the code and can sometimes be a good design decision and sometimes a terrible one. The question is - when would you choose one method over the other? What factors would you consider when deciding whether to use an intermediate step? (I'd assume length and understandability of the fully inlined code would have something to do with it...)

    Read the article

  • Is there a way to avoid debugger?

    - by Gabriel Šcerbák
    I don't like debugging in a debugger, because I think it is often below the abstraction layer of the programming language and it is often not reproducible. I favor usign unit tests when possible and I think they are a good way, but it is not always that easy to implement them. Do you know about any other alternative approaches to avoid the use of debugger?

    Read the article

  • Managing string resources in a Java application - singleton?

    - by Joe Attardi
    I seek a solution to the age-old problem of managing string resources. My current implementation seems to work well, but it depends on using singletons, and I know how often singletons can be maligned. The resource manager class has a singleton instance that handles lookups in the ResourceBundle, and you use it like so: MessageResources mr = MessageResources.getMessageResources(); // returns singleton instance ... JLabel helloLabel = new JLabel(mr.getString("label.hello")); Is this an appropriate use of a singleton? Is there some better, more universally used approach that I'm not aware of? I understand that this is probably a bit subjective, but any feedback I can get would be appreciated. I'd rather find out early on that I'm doing it wrong than later on in the process. Thanks!

    Read the article

  • Security implications of writing files using PHP

    - by susmits
    I'm currently trying to create a CMS using PHP, purely in the interest of education. I want the administrators to be able to create content, which will be parsed and saved on the server storage in pure HTML form to avoid the overhead that executing PHP script would incur. Unfortunately, I could only think of a few ways of doing so: Setting write permission on every directory where the CMS should want to write a file. This sounds like quite a bad idea. Setting write permissions on a single cached directory. A PHP script could then include or fopen/fread/echo the content from a file in the cached directory at request-time. This could perhaps be carried out in a Mediawiki-esque fashion: something like index.php?page=xyz could read and echo content from cached/xyz.html at runtime. However, I'll need to ensure the sanity of $_GET['page'] to prevent nasty variations like index.php?page=http://www.bad-site.org/malicious-script.js. I'm personally not too thrilled by the second idea, but the first one sounds very insecure. Could someone please suggest a good way of getting this done?

    Read the article

  • PostgreSQL 8.3 data types: xml vs varchar

    - by Sejanus
    There's xml data type in Postgres, I never used it before so I'd like to hear opinions. Downsides and upsides vs using regular varchar (or Text) column to store xml. The text I'm going to store is xml, well-formed, UTF-8. No need to search by it (I've read searching by xml is slow). This XML actually is data prepared for PDF generation with Apache FOP. XML can be generated dynamically from data found elsewhere (other Postgres tables), it's stored as is only so that I won't need to generate it twice. Kinda backup#2 for already generated PDF documents. Anything else to know? Good practices, performance, maintenance, etc?

    Read the article

  • How to build a JSON response by combining @foo.to_json(options) and @bars.to_json(options) in Rails

    - by smotchkkiss
    First, the desired result I have User and Item models. I'd like to build a JSON response that looks like this: { "user": {"username":"Bob!","foo":"whatever","bar":"hello!"}, "items": [ {"id":1, "name":"one", "zim":"planet", "gir":"earth"}, {"id":2, "name":"two", "zim":"planet", "gir":"mars"} ] } However, my User and Item model have more attributes than just those. I found a way to get this to work, but beware, it's not pretty... Please help... My hacks home_controller.rb class HomeController < ApplicationController def observe respond_to do |format| format.js { render :json => Observation.new(current_user, @items).to_json } end end end observation.rb # NOTE: this is not a subclass of ActiveRecord::Base # this class just serves as a container to aggregate all "observable" objects class Observation attr_accessor :user, :items def initialize(user, items) self.user = user self.items = items end # The JSON needs to be decoded before it's sent to the `to_json` method in the home_controller otherwise the JSON will be escaped... # What a mess! def to_json { :user => ActiveSupport::JSON.decode(user.to_json(:only => :username, :methods => [:foo, :bar])), :items => ActiveSupport::JSON.decode(auctions.to_json(:only => [:id, :name], :methods => [:zim, :gir])) } end end

    Read the article

  • Subversion Repository Layout

    - by Tim Long
    Most subversion tools create a default repository layout with /trunk, /branches and /tags. The documentation also recommends not using separate repositories for each project, so that code can be more easily shared. Following that advice has led to me having a repository with the following layout: /trunk /Project1 /Project2 /branches /Project1 /Project2 /tags /Project1 /Project2 and so on, you get the idea. Over time, I've found this structure a bit clumsy and it occurred to me that there's an alternative interpretation of the recommendations, such as: /Project1 /trunk /branches /tags /Project2 /trunk /branches /tags So, which layout do people use, and why? Or - is there another way to do things that I've completely missed?

    Read the article

  • How to get rid of the GUI access from shared library.

    - by Inso Reiges
    Hello, In my project i have a shared library with cross-platform code that provides a very convenient abstraction for a number of its clients. To be more specific, this library provides data access to encrypted files generated by main application on a number of platforms. There is a great deal of complicated code there that implements cryptographic protocols and as such is very error-prone and should be shared as much as possible across clients and platforms. However parsing all this encrypted stuff requires asking user for a number of different secrets ones in a while. The secret can be either a password, a number of shared passwords or a public key file and this list is a hot target for extension in the future. I can't really ask the user for any of those secrets beforehand from main application, because i really don't know what i need to ask for until i start working with the encrypted data directly in the library code. So i will have to create dialogs and call them from the library code. However i really see this as a bad idea, because (among other things) there is a possibility of a windows service using it and services can't have GUI access. The question is, are there any known ways or patterns to get rid of the GUI calls that are suitable for my case? Thank you.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 105 106 107 108 109 110 111 112 113 114 115 116  | Next Page >