Search Results

Search found 10115 results on 405 pages for 'coding practices'.

Page 117/405 | < Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124  | Next Page >

• What XSS/CSRF attacks (if any) to be aware of when allowing video embeds?

  - by fireeyedboy

  I've been assigned a project for a website where users will be allowed to upload video's (using a YouTube API) but more importantly (for me) they will also be allowed to submit video embed codes (from numerous video sites, YouTube, Vimeo, etc. etc.). Having no experience with allowing users to embed video: How can I best protect against cross site scripting and/or cross site request forgery attacks specifically for video embedding? What are some of the common pitfalls to watch for? At a minumum I would think to strip all tags except <object> and <embed>. But I have a feeling this will not be enough, will it? If it is of importance, the environment will be: PHP/Zend Framework MySQL Bonuspoints: Is there a common minimum golden rule/code template for video embed codes that are valid across all video sites that I could use to filter the input?

  Read the article

• Efficient storage/retrieval method for replayable comet style applications (Google Wave, Etherpad)

  - by Gareth Simpson

  I am considering a web application that would have the same kind of multi user, automatic saving, infinite undo / replay capabilities that you see in Google Wave and Etherpad (albeit on a drastically smaller scale and userbase). Before I go away and reinvent the wheel, is this something that has already been addressed as either a piece of technology or library, or even just a design pattern. I know this isn't necessarily the best Stack Overflow question as there is probably not a "right" answer, but my Google-fu has failed me and I'd just like a reading list! Ordinarily I would be developing under python/django but this is not a firm requirement just a preference :)

  Read the article

• .NET without use of DLL's

  - by Kieran

  Hi SO community I have been issued a problem with security. A bank will not allow use of DLL's in the project. What sort of structure would be needed to allow DataAccess and or the use of external services (like an email client mailchimp, icontct). has anyone else encountered this sort of problem before? If they have how should the project be structured (.net 3.5+). Thanks, KJ

  Read the article

• Create swipe controlled simple flipbook style animation in ObjC

  - by eco_bach

  Hi I am a beginner in Obj C development, though quite experienced (over 10 years) with other ECMAscript based languages and OOP development. I want to build a simple flipbook style animation, controlled through swiping motion. I'm sure extremely simple for any advanced ObjC coders. Can anyone with extensive ObjC-CocoaTouch experience give me some higher level recommendations? ie, 1 -general application design, should I start with a simple view based application, or navigation based or? 2 -should I use 3rd party animation frameworks such as Cocos2D, or stick with built in classes and methods? 3 -if using built in methods, classes, what is the recommended way of achieving a animation, that will be controlled via swipe and touch gestures? 4 -I want to eventually have multiple 'flipbooks' that I can 'instantly' swap with one another, ie to give the net effect of an object changing color, etc, but not sure how to approach this from a memory management point of view, related to #1 above Except for point 3 above, I'm not expecting any actual code examples. Just general guidelines to follow and perhaps, what are some next steps I should take in my goal as an ObjC code samurai.

  Read the article

• How to handle management trying to interfere with the project (including architecture decision)

  - by Zwei Steinen

  I feel this is not a very good question to post on SO, but I need some advice from experienced developers... (I'm a second year developer) I guess this is a problem to many, many projects, but in our case, it is getting intense. There were so much interference from people that don't know a bit about software development, that our development came to an almost complete stop. We had to literary escape to another location to get any useful job done. Now we were happily producing results, but then I get a request for a "meeting" and it's them again. I have a friendly relationship with them, but I feel very daunted at the thought of talking about non-sense all over again. Should I be firm and tell them to shut up and wait for our results? Or should I be diplomatic and create an illusion they are making a positive contribution or something?? My current urge is to be unfriendly and murmur some stuff so they will give up or something. What would you do if you were in this situation?

  Read the article

• Premature optimization is the root of all evil, but can it ever be too late?

  - by polygenelubricants

  "We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil" So what is that 3% like? Can the avoidance of premature optimization ever be taken too extreme that it does more harm than good? Even if it's rare, has there been a case of a real measurable software engineering disaster due to complete negligence to optimize early in the process? Bonus question: is software engineering pretty much the only field that has such a counter intuitive principle regarding doing something earlier rather than later before things potentially become too big a problem to fix? Personal question: how do you justify something as premature optimization and not just a case of you being lazy/ignorant/dumb?

  Read the article

• What turns away users/prospective users?

  - by Zach Johnson

  In your experience, what kinds of things have turned away users and prospective users from using your programs? Also, what kinds of things turn you away from using someone else's programs? For example, one thing that really bugs me is when someone provides free software, but requires you to enter your name and email address before you download it. Why do they need my name and email address? I just want to use the program! I understand that the developer(s) may want to get a feel for how many users they have, etc, but the extra work I have to do really makes me think twice about downloading their software, even if it does really great things.

  Read the article

• Writing a custom iterator -- what to do if you're at the end of the array?

  - by Goose Bumper

  I'm writing a custom iterator for a Matrix class, and I want to implement the increment method, which gets called when the iterator is incremented: void MatrixIterator::increment() { // go to the next element } Suppose the iterator has been incremented too many times and now points to past the end of the matrix (i.e. past the one-past-the-end point). What is the best practice for this situation? Should I catch this with an assert, or should I just say it's the user's responsibility to keep track of where the iterator is pointing and it's none of my business?

  Read the article

• What are possible designs for the DCI architecture?

  - by Gabriel Šcerbák

  What are possibles designs for implementation of the DCI (data, contexts, interactions) architecture in different OOP languages? I thought of Policy based design (Andrei Alexandrescu) for C++, DI and AOP for Java. However, I also thought about using State design pattern for representing roles and some sort of Template method for the interactions... What are the other possibilities?

  Read the article

• c# object initializer complexity. best practice

  - by Andrew Florko

  I was too excited when object initializer appeared in C#. MyClass a = new MyClass(); a.Field1 = Value1; a.Field2 = Value2; can be rewritten shorter: MyClass a = new MyClass { Field1 = Value1, Field2 = Value2 } Object initializer code is more obvious but when properties number come to dozen and some of the assignment deals with nullable values it's hard to debug where the "null reference error" is. Studio shows the whole object initializer as error point. Nowadays I use object initializer for straightforward assignment only for error-free properties. How do you use object initializer for complex assignment or it's a bad practice to use dozen of assigments at all? Thank you in advance!

  Read the article

• .Net Compact Framework Tips, Tricks, and Gotchas

  - by Mat Nadrofsky

  Hey everyone, We work extensively in the .Net Compact Framework and Windows Mobile. I've seen plenty of questions come up regarding specifics to development of ASP.Net apps or other .Net based desktop apps but nothing CF specific. Anyone else a mobile developer out there that can share some things to start doing, stop doing, and avoid doing when developing in the Compact Framework?

  Read the article

• C++ : Efficient code

  - by Alerty

  What code sample is a brilliant example of efficiency in the C++ programming language and its features?

  Read the article

• html clickable layout area. best practice

  - by Andrew Florko

  I am bad in html layout but I have to produce it :) I want to make big button on a page that is implemented as div with children tags (maybe - a bad idea). I can handle click event on boundary-div with javascript but it requires javascript enabled. I can wrap boundary-div with "anchor" tag but is doesn't work in IE Please, suggest me the best way to implement this. <a href="..."> <table> <td> ... </td> <td> ... <table> ... </table> </td> </table> </a>

  Read the article

• paged list with checkboxes, keep the checkbox value browsing through the paging?

  - by Dejan.S

  Hi. I got a list of customers I thought I would list in a gridview or a repeater with customer html, it gone have paging. I'm gone have a checkbox for each customer in the list. Do you guys have any suggestions on how I should do to keep the checkbox value when I go to page 2-3-4 ect in the paging. I'm thinking a session to store the id of the checked customers. After I'm done setting the values they go to the database. Do you got any other ideas then the session I'm thinking of? thanks guys

  Read the article

• Using GET instead of POST to delete data behind authenticated pages

  - by Matt Spradley

  I know you should use POST whenever data will be modified on a public website. There are several reasons including the fact that search engines will follow all the links and modify the data. My question is do you think it is OK to use GET behind authenticated pages in something like an admin interface? One example would be a list of products with a delete link on each row. Since the only way to get to the page is if you are logged in, is there any harm in just using a link with the product ID in the query string?

  Read the article

• What are the general factors, that a developer should consider when he starts developing an applicat

  - by Oden

  Hey, I'm new to the development business, and I'm interested in the way, how other programmers start to develop, design an application. What are the main factors that I should consider when sitting down and starting to think about the app? How do you start planning a project?

  Read the article

• Tips for documenting a web application?

  - by Pandiya Chendur

  I know that I can take my asp.net application and get it reversed to a UML document, but that doesn't tell the whole story of things like who can use what, what it calls in the way of stored procedures, what pages call what pages etc. etc. Does anyone know of an article where someone has a comprehensive way to document a web application/site? Or shall I just make up my own way?

  Read the article

• Invoicing vs Quoting or Estimating

  - by FreshCode

  If invoices can be voided, should they be used as quotations? I have an Invoices tables that is created from inventory associated with a Job or Order. I could have a Quotes table as a halfway-house between inventory and invoices, but it feels like I would have duplicate data structures and logic just to handle an "Is this a quote?" bit. From a business perspective, quotes are different from invoices: a quote is sent prior to an undertaking and an invoice is sent once it is complete and payment is due, but how to represent this in my repository and model. What is an elegant way to store and manage quotes & invoices in a database? Edit: indicated Job === Order for this particular instance.

  Read the article

• WCF Best Practice for "Overloaded" methods

  - by Nate Bross

  What is the best practice for emulating overloaded methods over WCF? Typically I might write an interface like this interface IInterface { MyType ReadMyType(int id); IEnumerable<MyType> ReadMyType(String name); IEnumerable<MyType> ReadMyType(String name, int maxResults); } What would this interface look like after you converted it to WCF?

  Read the article

• What is the best practice in regards to building composite dtos off of an aggregate root with domain

  - by Chance

  I'm trying to figure out the best approach/practice for assembling a composite data transfer object off of an aggregate root and would love to hear people's thoughts on this. For example, lets say I have a root that has a few domain objects as children. I want to assemble a specific view dto, based on some business logic, that either has attributes or full dto's of it's objects. What I'm struggling with is trying to figure out where that assembly should happen. I can see it going on the domain object of the aggregate root as there is some business logic associated with it. The benefits of this approach from what I've deduced thus far is that it should reduce the inevitable business logic from bleeding outisde of the domain object. It also allows for private methods that take care of tasks that could become more complex from an external builder. The downsides being that the domain object becomes much more entrenched in the application's workflow and represents much more than just the domain object. It also could become very large in the scenario where you need multiple composite Dtos. Alternatively, I could also see it belonging to some form of transfer object assembler where there is a builder for each domain object. The domain objects would still be responsible for GetDto() and UpdateFromDto(dto). Outside of that, the builder would handle the construction and deconstruction of composite dtos. The downside is kind of mentioned above, where I fear this will easily lead to developers unfamiliar with DDD bleeding a ton of business logic into the assembler which is what I want to desperately avoid. Any thoughts would be greatly apperciated.

  Read the article

• What's the best way to unit test code that generates random output?

  - by Flynn1179

  Specifically, I've got a method picks n items from a list in such a way that a% of them meet one criterion, and b% meet a second, and so on. A simplified example would be to pick 5 items where 50% have a given property with the value 'true', and 50% 'false'; 50% of the time the method would return 2 true/3 false, and the other 50%, 3 true/2 false. Statistically speaking, this means that over 100 runs, I should get about 250 true/250 false, but because of the randomness, 240/260 is entirely possible. What's the best way to unit test this? I'm assuming that even though technically 300/200 is possible, it should probably fail the test if this happens. Is there a generally accepted tolerance for cases like this, and if so, how do you determine what that is?

  Read the article

• What is the replacement for a blinking text in a web page?

  - by rahul

  Hi, I have heard that using blinking text in a page to get user's attention is not a good practice. What is the alternative for that?

  Read the article

• distributing R package with optional S4 syntax sugar

  - by mariotomo

  I've written a small package for logging, I'm distributing it through r-forge, recently I received some very interesting feedback on how to make it easier to use, but this functionality is based on stuff (setRefClass) that was added to R in 2.12. I'd like to keep distributing the package also for R-2.9, so I'm looking for a way to include or exclude the S4 syntactical sugar automatically, and include it when the library is loaded on a R = 2.12 system. one other option I see, that is to write a small S4 package that needs 2.12, imports the simpler logging package and exports the syntactically sugared interface... I don't like it too much, as I'd need to choose a different name for the S4 package.

  Read the article

• JSP application scope objects in Java library

  - by FrontierPsycho

  I am working on a preexisting web application built with JSP, which uses an external Java library. I want to make some JavaBeans that were instantiated with jsp:useBean tags available to the Java code. What would be a good practice to do that? I suppose I can pass the objects in question to every function call that requires them, but I'd like to avoid that.

  Read the article

• Is it best practice to try - catch my entire PHP code, or be as specific as possible?

  - by Itay Moav

  I do not have many kinds of Exceptions in my project. Right now,(we use MVC) I have the try catch encompassing my entire code: try{ fronController::dispatch($somthing...); }catch(Exception $E){ //handle errors } I wonder if there is a good reason to use the try-catch block in as specific as possible way as I can or just keep it general as it is now?

  Read the article

< Previous Page | 113 114 115 116 117 118 119 120 121 122 123 124  | Next Page >