Search Results

Search found 10115 results on 405 pages for 'coding practices'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 114/405 | < Previous Page | 110 111 112 113 114 115 116 117 118 119 120 121  | Next Page >

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • Overcoming C limitations for large projects

    - by Francisco Garcia
    One aspect where C shows its age is the encapsulation of code. Many modern languages has classes, namespaces, packages... a much more convenient to organize code than just a simple "include". Since C is still the main language for many huge projects. How do you to overcome its limitations? I suppose that one main factor should be lots of discipline. I would like to know what you do to handle large quantity of C code, which authors or books you can recommend.

    Read the article

  • Checking for nil in view in Ruby on Rails

    - by seaneshbaugh
    I've been working with Rails for a while now and one thing I find myself constantly doing is checking to see if some attribute or object is nil in my view code before I display it. I'm starting to wonder if this is always the best idea. My rationale so far has been that since my application(s) rely on user input unexpected things can occur. If I've learned one thing from programming in general it's that users inputting things the programmer didn't think of is one of the biggest sources of run-time errors. By checking for nil values I'm hoping to sidestep that and have my views gracefully handle the problem. The thing is though I typically for various reasons have similar nil or invalid value checks in either my model or controller code. I wouldn't call it code duplication in the strictest sense, but it just doesn't seem very DRY. If I've already checked for nil objects in my controller is it okay if my view just assumes the object truly isn't nil? For attributes that can be nil that are displayed it makes sense to me to check every time, but for the objects themselves I'm not sure what is the best practice. Here's a simplified, but typical example of what I'm talking about: controller code def show @item = Item.find_by_id(params[:id]) @folders = Folder.find(:all, :order => 'display_order') if @item == nil or @item.folder == nil redirect_to(root_url) and return end end view code <% if @item != nil %> display the item's attributes here <% if @item.folder != nil %> <%= link_to @item.folder.name, folder_path(@item.folder) %> <% end %> <% else %> Oops! Looks like something went horribly wrong! <% end %> Is this a good idea or is it just silly?

    Read the article

  • What are great _specific_ usability guidelines?

    - by Jilles
    Usability is extremely important, and yet there are so many products that violate a lot of rules. There are several questions on StackOverflow that are about usability (see: link1, link2, link3), however what I feel is missing still is a comprehensive list of usability "tactics": concrete examples of what (not) to do for a web application. Please don't add references to books. Please list one example per answer so that we can use the voting to actually prioritize the list.

    Read the article

  • C# using the "this" keyword in this situation?

    - by Alex
    Hi, I've completed a OOP course assignment where I design and code a Complex Number class. For extra credit, I can do the following: Add two complex numbers. The function will take one complex number object as a parameter and return a complex number object. When adding two complex numbers, the real part of the calling object is added to the real part of the complex number object passed as a parameter, and the imaginary part of the calling object is added to the imaginary part of the complex number object passed as a parameter. Subtract two complex numbers. The function will take one complex number object as a parameter and return a complex number object. When subtracting two complex numbers, the real part of the complex number object passed as a parameter is subtracted from the real part of the calling object, and the imaginary part of the complex number object passed as a parameter is subtracted from the imaginary part of the calling object. I have coded this up, and I used the this keyword to denote the current instance of the class, the code for my add method is below, and my subtract method looks similar: public ComplexNumber Add(ComplexNumber c) { double realPartAdder = c.GetRealPart(); double complexPartAdder = c.GetComplexPart(); double realPartCaller = this.GetRealPart(); double complexPartCaller = this.GetComplexPart(); double finalRealPart = realPartCaller + realPartAdder; double finalComplexPart = complexPartCaller + complexPartAdder; ComplexNumber summedComplex = new ComplexNumber(finalRealPart, finalComplexPart); return summedComplex; } My question is: Did I do this correctly and with good style? (using the this keyword)?

    Read the article

  • Using an image file vs data URI in the CSS

    - by fudgey
    I'm trying to decide the best way to include an image that is required for a script I've written. I discovered this site and it made me think about trying this method to include the image as a data URI since it was so small - it's a 1x1 pixel 50% opacity png file (used for a background) - it ends up at 2,792 bytes as an image versus 3,746 bytes as text in the CSS. So would this be considered good practice, or would it just clutter up the CSS unnecessarily?

    Read the article

  • call my web services from other app with javascript?

    - by Dejan.S
    Hi. I got .asmx a web service on my app. I need to call a method from an other app to get statistics from my app. I need it to return XML. the call to the webmethod is done with javascript soap. There is a default hellow world webmethod and calling that work but it seem that when i try to call a method where i need to pass parameters and it need to execute code it wont work and just return my error message. any ideas on what can be wrong. am I using the wrong web method?

    Read the article

  • IF-block brackets: best practice

    - by MasterPeter
    I am preparing a short tutorial for level 1 uni students learning JavaScript basics. The task is to validate a phone number. The number must not contain non-digits and must be 14 digits long or less. The following code excerpt is what I came up with and I would like to make it as readable as possible. if ( //set of rules for invalid phone number phoneNumber.length == 0 //empty || phoneNumber.length > 14 //too long || /\D/.test(phoneNumber) //contains non-digits ) { setMessageText(invalid); } else { setMessageText(valid); } A simple question I can not quite answer myself and would like to hear your opinions on: How to position the surrounding (outermost) brackets? It's hard to see the difference between a normal and a curly bracket. Do you usually put the last ) on the same line as the last condition? Do you keep the first opening ( on a line by itself? Do you wrap each individual sub-condition in brackets too? Do you align horizontally the first ( with the last ), or do you place the last ) in the same column as the if? Do you keep ) { on a separate line or you place the last ) on the same line with the last sub-condition and then place the opening { on a new line? Or do you just put the ) { on the same line as the last sub-condition? Community wiki.

    Read the article

  • Custom User Management for Google App Engine Java

    - by Gopi
    I am using GAE Java for a multi-user application. There are multiple users with different roles. Each user can login, do some operations and logout. The business restricts me from using Google User Service and I need to implement my own for authentication and session management. Can anyone please share with me how should I go about implementing my own user management? I have read its very tricky to implement own user management. Any pointers in terms of best approaches/ design / existing frameworks if any ? I could see some similar posts but they are for python.

    Read the article

  • Suggestions: Anti-Pattern counter-examples

    - by Tom W
    It doesn't seem that this exact question has been asked before, so I'll fire away: Most of us are familiar with the concept of an anti-pattern. However, avoiding implementation of anti-patterns can in principle swing too far the other way and cause problems itself. As an example, "Design by Committee" has a counter-example that I'd call "Design by Maverick" - wherein the design of an important feature is handed off to an individual to do what they think best, with the intention of reviewing their work later and deciding whether it should be finalised or go through another iteration. This takes much longer in practice as the rest of the team are occupied by other things, and can end up with a feature that's useful to nobody, particularly if the Maverick is not themselves an experienced end-user. Does anyone have any more examples of anti-pattern counter-examples?

    Read the article

  • Should I use custom exceptions to control the flow of application?

    - by bonefisher
    Is it a good practise to use custom business exceptions (e.g. BusinessRuleViolationException) to control the flow of user-errors/user-incorrect-inputs??? The classic approach: I have a web service, where I have 2 methods, one is the 'checker' (UsernameAlreadyExists()) and the other one is 'creator' (CreateUsername())... So if I want to create a username, I have to do 2 roundtrips to webservice, 1.check, 2.if check is OK, create. What about using UsernameAlreadyExistsException? So I call only the 2. web service method (CrateUsername()), which contains the check and if not successfull, it throws the UsernameAlreadyExistsException. So the end goal is to have only one round trip to web service and the checking can be contained also in other web service methods (so I avoid calling the UsernameAlreadyExists() all the times..). Furthermore I can use this kind of business error handling with other web service calls completely avoiding the checking prior the call.

    Read the article

  • Rank Source Control Options-VSS vs CVS vs none vs your own hell

    - by Roman A. Taycher
    It seems like a lot of people here and on many programmer wikis/blogs/ect. elsewhere really dislike VSS. A lot of people also have a serious dislike for cvs. In many places I have heard a lot of differing opinions on whether or not using VSS or cvs is better or worse then using no source control, please rate the worst and explain why!!!!! you rated them this way. Feel free to throw in your own horrible system in the rankings. If you feel it depends on the circumstances try to explain the some of the different scenarios which lead to different rankings. (note:I see a lot of discussion of what is better but little of what is worse.) second note: while both answers are nice I'm looking less for good replacements and more for a comparison of which is worse and more importantly why!

    Read the article

  • What policies are standard for programmers?

    - by Shehket's Apprentice
    My office is about has proposed implementing some extremely strict (I would consider them draconian) policies regarding programmers, and our access due to security concerns (note, we have never had a security breach). While I can theoretically get used to them, I'd like to ask about what is considered good security policy for programmers, specifically in the area of access policies, and what is too much? Any answers to this question are greatly appreciated as they directly relate to my ability to write code, and I can't find anything so far on Google. Edit: Most of the security policies that concern me are about access to my machine and to the code. According to these proposed policies, I'd need management approval to access either, which means that I'd be forced to get management to unlock my computer anytime I leave my desk as my computer is always locked when I'm not at my desk.

    Read the article

  • Using explicitly numbered repetition instead of question mark, star and plus

    - by polygenelubricants
    I've seen regex patterns that use explicitly numbered repetition instead of ?, * and +, i.e.: Explicit Shorthand (something){0,1} (something)? (something){1} (something) (something){0,} (something)* (something){1,} (something)+ The questions are: Are these two forms identical? What if you add possessive/reluctant modifiers? If they are identical, which one is more idiomatic? More readable? Simply "better"?

    Read the article

  • Do you have health checks in your web app or web site?

    - by Pekka
    I have built PHP based "health check" scripts for several projects, but they were always custom-made for the occasion and not written for abstraction as an independent product. I would like to know whether such a solution exists. What I meam by "health check" is a protected web page that functions much like a suite of unit tests, but on a more operational level, showing red/yellow/green statuses for things like Are the cache directories writable? Is the PHP version correct, are required extensions installed? Is the configuration file protected from writing? Is the database server reachable? Do the key tables exist in the database? Is there enough disk space available? Is the site's front page reachable and renders fully ( = no PHP errors)? Do the project's libraries' MD5 checksums match the original ones? Do you do this - or parts of it - in your applications and web sites? Are there any standardized tools for this that bring along all the functionality to perform the tests (ideally as plugins), and just need to be configured accordingly? Is there a way to set this up using one of the Unit Testing frameworks available for PHP (preferably PHPUnit)? If so, do you know any resources / tutorials outlining how?

    Read the article

  • What is the best way to organize directories within a large grails application?

    - by egervari
    What is the best way to organize directories within a large grails application? In a typical Spring application, we'd have myproject/domain/ and myproject/web/controllers and myproject/services Since grails puts these artifacts in their own directories... and then just uses the same base project package for everything, what is the best practice? Use the same sub package name for domain objects, controllers, services too? Ken

    Read the article

  • Allow for modular development while still running in same JVM?

    - by Marcus
    Our current app runs in a single JVM. We are now splitting up the app into separate logical services where each service runs in its own JVM. The split is being done to allow a single service to be modified and deployed without impacting the entire system. This reduces the need to QA the entire system - just need to QA the interaction with the service being changed. For inter service communication we use a combination of REST, an MQ system bus, and database views. What I don't like about this: REST means we have to marshal data to/from XML DB views couple the systems together which defeats the whole concept of separate services MQ / system bus is added complexity There is inevitably some code duplication between services You have set up n JBoss server configurations, we have to do n number of deployments, n number of set up scripts, etc, etc. Is there a better way to structure an internal application to allow modular development and deployment while allowing the app to run in a single JVM (and achieving the associated benefits)?

    Read the article

  • What's the best practice to "look up" Java Enums?

    - by Marcus
    We have a REST API where clients can supply parameters representing values defined on the server in Java Enums. So we can provide a descriptive error, we add this lookup method to each Enum. Seems like we're just copying code (bad). Is there a better practice? public enum MyEnum { A, B, C, D; public static MyEnum lookup(String id) { try { return MyEnum.valueOf(id); } catch (IllegalArgumentException e) { throw new RuntimeException("Invalid value for my enum blah blah: " + id); } } } Update: The default error message provided by valueOf(..) would be No enum const class a.b.c.MyEnum.BadValue. I would like to provide a more descriptive error from the API.

    Read the article

  • Combine hash values in C#

    - by Chris
    I'm creating a generic object collection class and need to implement a Hash function. I can obviously (and easily!) get the hash values for each object but was looking for the 'correct' way to combine them to avoid any issues. Does just adding, xoring or any basic operation harm the quality of the hash or am I going to have to do something like getting the objects as bytes, combining them and then hashing that? Cheers in advance

    Read the article

  • How to release a simple program

    - by Zenya
    What is the best practice for releasing a simple software? Suppose I created a very small simple and useful program or a tool and would like to share it with everyone by uploading it to my web-site. Do I need a license and which one? (I read http://www.gnu.org/ and http://www.fsf.org/ but still cannot decide - there are too many of them.) Do I need to put somewhere a copyright and what is the basic principles of creating "Copyright" string? How can I make a user, who is going to download and install my program, to believe that my program doesn't contain viruses or a malicious code?

    Read the article

  • best practice for passing many arguments to method ?

    - by Tony
    Occasionally , we have to write methods that receive many many arguments , for example : public void doSomething(Object objA , Object objectB ,Date date1 ,Date date2 ,String str1 ,String str2 ) { } When I encounter this kind of problem , I often encapsulate arguments into a map. Map<Object,Object> params = new HashMap<Object,Object>(); params.put("objA",ObjA) ; ...... public void doSomething(Map<Object,Object> params) { // extracting params Object objA = (Object)params.get("objA"); ...... } This is not a good practice , encapsulate params into a map is totally a waste of efficiency. The good thing is , the clean signature , easy to add other params with fewest modification . what's the best practice for this kind of problem ?

    Read the article

  • How do I put an ASP.NET website project and class library projects in one .sln file on Subversion

    - by JustinP8
    My company has several class libraries we use in multiple website projects (not web application projects). Website projects don't have .sln files, but I'm sure I've read in my past research that you can make a blank solution and put your website and class library projects in it. After answers to my previous questions, this is the direction that I'm going (based slightly on [http://amadiere.com/blog/2009/06/multiple-subversion-projects-in-one-visual-studio-solution-using-svnexternals/][1]: /websites /website1 /trunk /website1 /libraries /library1 /trunk /library1 /library2 /trunk /library2 /etc... Then I planed on using svn:externals to copy /library1, /library2, and so on into the working_copy/websites/website1/ folder. I want my team members to be able to checkout the /trunk folder for website1 and get a .sln file, /library1 external, /library2 external, etc. I want that .sln file to contain the website1 website project, and all of the library external projects. Hopefully that would look something like: /working_copy /websites /website1 /trunk /website1 /library1 (svn:external of libraries/library1/trunk/library1) /library2 (svn:external of libraries/library2/trunk/library2) /etc. website1.sln So, at the end of all of this, the goal is that my teammates check out the trunk, open the solution, and everyone has the exact same solution. When we commit, everything is committed appropriately to subversion (the website code, and the libraries are committed to their appropriate place on the repo). How have others solved these issues? How can I make a .sln file that my team members and I can share in this manner? [1]: "This Article"

    Read the article

  • How do I know if I'm being truly clever and not just "clever"?

    - by Covar
    If there's one thing I've learned from programming is that there are clever solutions to problems, and then there are "clever" solutions to problems. One is an intelligent solution to a difficult problem that results in improved efficiency and a better way to to do something and the other will wind up on The Daily WTF, and result in headaches and pain for anyone else involved. My question is how do you distinguish between one and the other? How do you figure out if you've over thought the solution? How do you stop yourself from throwing away truly clever solutions, thinking they were "clever"?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 110 111 112 113 114 115 116 117 118 119 120 121  | Next Page >