Search Results

Search found 9254 results on 371 pages for 'approach'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 122/371 | < Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129  | Next Page >

  • What am I missing in this ASP.NET XSS Security Helper class?

    - by smartcaveman
    I need a generic method for preventing XSS attacks in ASP.NET. The approach I came up with is a ValidateRequest method that evaluates the HttpRequest for any potential issues, and if issues are found, redirect the user to the same page, but in a away that is not threatening to the application. (Source code below) While I know this method will prevent most XSS attacks, I am not certain that I am adequately preventing all possible attacks while also minimizing false positives. So, what is the most effective way to adequately prevent all possible attacks, while minimizing false positives? Are there changes I should make to the helper class below, or is there an alternative approach or third party library that offers something more convincing? public static class XssSecurity { public const string PotentialXssAttackExpression = "(http(s)*(%3a|:))|(ftp(s)*(%3a|:))|(javascript)|(alert)|(((\\%3C) <)[^\n]+((\\%3E) >))"; private static readonly Regex PotentialXssAttackRegex = new Regex(PotentialXssAttackExpression, RegexOptions.IgnoreCase); public static bool IsPotentialXssAttack(this HttpRequest request) { if(request != null) { string query = request.QueryString.ToString(); if(!string.IsNullOrEmpty(query) && PotentialXssAttackRegex.IsMatch(query)) return true; if(request.HttpMethod.Equals("post", StringComparison.InvariantCultureIgnoreCase)) { string form = request.Form.ToString(); if (!string.IsNullOrEmpty(form) && PotentialXssAttackRegex.IsMatch(form)) return true; } if(request.Cookies.Count > 0) { foreach(HttpCookie cookie in request.Cookies) { if(PotentialXssAttackRegex.IsMatch(cookie.Value)) { return true; } } } } return false; } public static void ValidateRequest(this HttpContext context, string redirectToPath = null) { if(context == null || !context.Request.IsPotentialXssAttack()) return; // expire all cookies foreach(HttpCookie cookie in context.Request.Cookies) { cookie.Expires = DateTime.Now.Subtract(TimeSpan.FromDays(1)); context.Response.Cookies.Set(cookie); } // redirect to safe path bool redirected = false; if(redirectToPath != null) { try { context.Response.Redirect(redirectToPath,true); redirected = true; } catch { redirected = false; } } if (redirected) return; string safeUrl = context.Request.Url.AbsolutePath.Replace(context.Request.Url.Query, string.Empty); context.Response.Redirect(safeUrl,true); } }

    Read the article

  • How To Create a Custom List of ProgressBars in .Net 2.0

    - by user205077
    I have created a progress bar custom control and would like to embed this into a list which can be sorted and placed on a windows form using .Net 2.0. What is the best approach for this? Is it possible to just add it to a ListView as a subitem? Is there a better way to achieve this? I want it to be as lightweight as possible.

    Read the article

  • Can I call make runtime decided method calls in Java?

    - by Catalin Marin
    I know there is an invoke function that does the stuff, I am overall interested in the "correctness" of using such a behavior. My issue is this: I have a Service Object witch contains methods which I consider services. What I want to do is alter the behavior of those services without later intrusion. For example: class MyService { public ServiceResponse ServeMeDonuts() { do stuff... return new ServiceResponse(); } after 2 months I find out that I need to offer the same service to a new client app and I also need to do certain extra stuff like setting a flag, or make or updating certain data, or encode the response differently. What I can do is pop it up and throw down some IFs. In my opinion this is not good as it means interaction with tested code and may result in un wanted behaviour for the previous service clients. So I come and add something to my registry telling the system that the "NewClient" has a different behavior. So I'll do something like this: public interface Behavior { public void preExecute(); public void postExecute(); } public class BehaviorOfMyService implements Behavior{ String method; String clientType; public void BehaviorOfMyService(String method,String clientType) { this.method = method; this.clientType = clientType; } public void preExecute() { Method preCall = this.getClass().getMethod("pre" + this.method + this.clientType); if(preCall != null) { return preCall.invoke(); } return false; } ...same for postExecute(); public void preServeMeDonutsNewClient() { do the stuff... } } when the system will do something like this if(registrySaysThereIs different behavior set for this ServiceObject) { Class toBeCalled = Class.forName("BehaviorOf" + usedServiceObjectName); Object instance = toBeCalled.getConstructor().newInstance(method,client); instance.preExecute(); ....call the service... instance.postExecute(); .... } I am not particularly interested in correctness of code as in correctness of thinking and approach. Actually I have to do this in PHP, witch I see as a kind of Pop music of programming which I have to "sing" for commercial reasons, even though I play POP I really want to sing by the book, so putting aside my more or less inspired analogy I really want to know your opinion on this matter for it's practical necessity and technical approach. Thanks

    Read the article

  • How to get column value into row header

    - by Dharmendra Mohapatra
    ID amount year 1 300 02-02-2010 00:00 2 400 02-02-2009 00:00 3 200 02-02-2011 00:00 4 300 22-02-2010 00:00 5 400 12-02-2009 00:00 6 500 22-02-2009 00:00 7 600 02-02-2006 00:00 8 700 02-07-2012 00:00 9 500 08-02-2012 00:00 10 800 09-02-2011 00:00 11 500 06-02-2010 00:00 12 600 01-02-2011 00:00 13 300 02-02-2019 00:00 Desired output Y1 Y2 Y3 ........... sum(amount) sum(amount) sum(amount) Please suggest a approach Y1 is the year part of the date so my result column would be 2006 2009 2010 2011 2012 600 1300 800 1900 1200 Thanks. DB- MYSQL, SQL SERVER Thanks.

    Read the article

  • Saving a bitmap to a Memorystream produces an inverted colors image

    - by Raphael
    I've created an image with GDI+ on my application and now I must convert this image to an array of bytes. My first thought was this simple code: public byte[] ToByte() { MemoryStream ms = new MemoryStream(); bitmap.Save(ms, ImageFormat.Bmp); return ms.GetBuffer(); } The problem with this approach is that when I finally save this image into a file the colors are inverted. What I'm I doing wrong?

    Read the article

  • Manual alternative to mod_deflate

    - by Bobby Jack
    Say I don't have mod_deflate compiled into apache, and I don't feel like recompiling right now. What are the downsides to a manual approach, e.g. something like: AddEncoding x-gzip .gz RewriteCond %{HTTP_ACCEPT_ENCODING} gzip RewriteRule ^/css/styles.css$ /css/styles.css.gz (Note: I'm aware that the specifics of that RewriteCond need to be tweaked slightly)

    Read the article

  • asp.net mvc rhino mocks mocking httprequest values

    - by Matthew
    Hi Is there a way to mock request params, what is the best approach when testing to create fake request values in order to run a test would some thing like this work? _context = MockRepository.GenerateStub<HttpContext>(); request = MockRepository.GenerateStub<HttpRequest>(); var collection = new NameValueCollection(); collection.Add("", ""); SetupResult.For(request.Params).Return(collection); SetupResult.For(_context.Request).Return(request);

    Read the article

  • generic programming in C with void pointer.

    - by Nyan
    Hi everyone, even though it is possible to write generic code in C using void pointer(generic pointer), I find that it is quite difficult to debug the code since void pointer can take any pointer type without warning from compiler. (e.g function foo() take void pointer which is supposed to be pointer to struct, but compiler won't complain if char array is passed.) What kind of approach/strategy do you all use when using void pointer in C?

    Read the article

  • How can I specify resources in an MVVM view model?

    - by gix
    Suppose I want to show list of objects where each object should have a name and a suitable image (for example MenuItems with Icons, or buttons with text and image). All examples and programs exposed the image in the viewmodel as a path to a PNG file and then bound the Source of an Image to that. But what if I want to use vector images (for example as a DrawingImage in a local ResourceDictionary)? Exposing the DrawingImage from the view model seems bad because I would have to store a reference to the application/window/user control/... (and it is advised to not expose such XAML objects from view models). So a better approach would be to use a string identifier in the view model and then somehow select the appropriate resource. If that identifier is the resource key this snippet looks tempting but does not work: <Image Source="{StaticResource {Binding Icon}}"/> I found two workarounds for that though they did not work for me. The first one was using a normal binding to the icon with a converter that looked up the resource in Application.Current. This does not work if the resource is stored somewhere else I think (and the situation where I initially bumped into this problem had no Application running yet since it was a Window choosing the Application to launch!). The second workaround was using a markup extension derived from StaticResourceExtension that fetched its ResourceKey from the passed binding: <Image Source="{local:BindableStaticResource {Binding Icon}"/> This one looks really neat because it could use local resources, also be used for other things. But when using it I always got an exception ("Resource named {FooIcon} could not be found.", showing the correct XAML file and position of the extension). Even an empty resource extension derived from StaticResourceExtension that just passed the resource key to the base constructor did not work and I cannot explain why. Just using StaticResourceExtension worked just fine. Any ideas how I could fix the second approach, or even better solutions? Edit I noticed that it does work when used directly like this: <Window> <Window.Resources> <DrawingImage x:Key="SomeIcon"/> </Window.Resources> <Image Source="{BindableStaticResource {Binding Icon}}"/> </Window> but fails for example in a DataTemplate. Though a normal StaticResourceExtension works on both occasions so I am puzzled what is going wrong.

    Read the article

  • QT/PyQT best practice for using QT Designer

    - by pierocampanelli
    What is your development approach with QT/PYQT and QT Designer ? Are you doing this: Put all components on the panel (without any layout) and arrange them Put components in layout (Align Vertically/Horizontally/Form/Grid) Generate UI file and start coding how do you manage when you have custom widget ? For example when you have to fine tune behaviour of a QButton or QLineEdit ? Is it possible to add this custom widget to designer?

    Read the article

  • Formal Equivalence between programming languages

    - by Ketan
    Hello We have 2 languages which are (informally) semantically equivalent but syntactically different. One is xml and another is script based. How can I go about formally proving that both languages are in fact equivalent. Script approach is just a convenient way to write a same program that would be tedious to write in xml. Thanks Ketan

    Read the article

  • Correct way to persist Quartz triggers

    - by davioooh
    I'm quite new to Quartz and now I need to schedule some jobs in Spring Web App. I know about Spring + Quartz integration (I'm using Spring v 3.1.1) but I'm wondering if it's the right way to follow. In particular I need to persist my scheduled tasks in a DB so I can re-initialize them when application is restarted. Are there some utilities provided by Spring scheduling wrapper to do this? Can you suggest me some "well known" approach to follow?

    Read the article

  • Post/Redirect/Get Pattern and Sticky Forms

    - by Scott Christopherson
    I'm using the Post/Redirect/Get pattern on a form of mine. I've never used this approach before and I'm trying to figure something out: Normally, I always just displayed the posted form again when there were validation errors and displayed POST values in the form (sticky form). However with the PRG pattern, the form is displayed after a redirect, so there aren't any POST values. So my question is, how can I implement the PRG pattern and still have sticky forms?

    Read the article

  • Wrap output of struts2 ServletDispatcherResult ?

    - by krosenvold
    I'd like to do much the same thing as the Struts2 sitemesh servlet-filter does, i.e. wrap the output of an action with some chosen content. The "problem" with the sitemesh approach is that it AFIK it does not have any relationship to the ActionInvocation, and I would like to be able to query information from the ActionInvocation when determining which content to add. I have looked through the ServletDispatcherResult, and I'm not entirly sure what's the best way to achieve this. Any suggestions ?

    Read the article

  • Delegating Struts action class management to Spring raises MTIA critical voilation in Findbugs

    - by shabeer
    When i use "Delegate Struts Action management to Spring" approach explained in http://www.ibm.com/developerworks/java/library/j-sr2.html#N101B7 things work fine in terms of functionality but findbugs reports following voilation Dodgy - Class extends Struts Action class and uses instance variables:MTIA I have bean dependencies injected into action class through spring . Please help me and suggest me a cleaner way to solve this problem. Thanks

    Read the article

  • Error Handling for Application in PHP

    - by Zubair1
    I was wondering if someone can show me a good way to handle errors in my PHP app, that i am also easily able to reuse in my codes. So far i have been using the following functions: Inline Errors function display_errors_for($fieldname) { global $errors; if (isset($errors[$fieldname])) { return '<label for="' .$fieldname. '" class="error">' . ucfirst($errors[$fieldname]). '</label>'; } else { return false; } } All Errrors function display_all_errors($showCounter = true) { global $errors; $counter = 0; foreach ($errors as $errorFieldName => $errorText) { if ($showCounter == true) { $counter++; echo '<li>' . $counter . ' - <label for="' .$errorFieldName. '">' .$errorText. '</label></li>'; } else { echo '<li><label for="' .$errorFieldName. '">' .$errorText. '</label></li>'; } } } I have a $errors = array(); defined on the top of my global file, so it is appended to all files. The way i use it is that if i encounter an error, i push a new error key/value to the $errors array holder, something like the following: if (strlen($username) < 3) { $errors['username'] = "usernames cannot be less then 3 characters."; } This all works great and all, But i wondering if some one has a better approach for this? with classes? i don't think i want to use Exceptions with try/catch seems like an overkill to me. I'm planning to make a new app, and i'll be getting my hands wet with OOP alot, though i have already made apps using OOP but this time i'm planning to go even deeper and use OOP approach more extensively. What i have in mind is something like this, though its just a basic class i will add further detail to it as i go deeper and deeper in my app to see what it needs. class Errors { public $errors = array(); public function __construct() { // Initialize Default Values // Initialize Methods } public function __destruct() { //nothing here too... } public function add($errorField, $errorDesc) { if (!is_string($errorField)) return false; if (!is_string($errorDesc)) return false; $this->errors[$errorField] = $errorDesc; } public function display($errorsArray) { // code to iterate through the array and display all errors. } } Please share your thoughts, if this is a good way to make a reusable class to store and display errors for an entire app, or is getting more familiar with exceptions and try/catch my only choice?

    Read the article

  • Does calling a click method effect the HtmlPage object if there is a 404?

    - by Blankman
    If I call a click method on a HtmlAnchor, and say that page returns a 404, does that mean the HtmlPage will effect, so searching for another link on the page will result in an error because the page's HTML is the error page (assuming the link is NOT on the error page). Can I manually set the page's HTML, and then locate and click on links and continue on from this approach? (other than connecting via a URL)

    Read the article

  • Column-oriented DBMS and JOIN operations

    - by André
    From some of the research I've done on NoSQL, column-oriented databases (like HBase or Cassandra) seem to solve the problem of costly JOIN operations, but I don't get how this approach solves this problem. Can anyone explain it to me and/or link me to interesting documentation regarding this area? Thanks

    Read the article

  • What's your release process for your commercial application?

    - by dr. evil
    If you are developing a commercial desktop application, what's your release process? Sample process: Develop it: Patch bugs, add features, etc. Feature Freeze (do not fix, add anything unless it's absolutely required) Test it If everything is OK release it, if it's not fix it, test it, release it I think the most crucial question is what's your approach to "feature freeze test release" cycle? Or do you test it more frequently that you don't need such a cycle and your software is always ready for public release?

    Read the article

  • WPF Open Word Document without open dialog

    - by Mitch
    I have the path to a Word document saved in an SQL Database. I am able to retrieve the path but I cannot work out the best approach to open the Word document from WPF without using the OpenFileDialog. I've given up any thoughts of embedding Word in WPF as it has too many gotchas. I just want to be able to click a button or hyperlink and using the retrieved document path, open Word.

    Read the article

  • What are the Options for Storing Hierarchical Data in a Relational Database?

    - by orangepips
    Good Overviews One more Nested Intervals vs. Adjacency List comparison: the best comparison of Adjacency List, Materialized Path, Nested Set and Nested Interval I've found. Models for hierarchical data: slides with good explanations of tradeoffs and example usage Representing hierarchies in MySQL: very good overview of Nested Set in particular Hierarchical data in RDBMSs: most comprehensive and well organized set of links I've seen, but not much in the way on explanation Options Ones I am aware of and general features: Adjacency List: Columns: ID, ParentID Easy to implement. Cheap node moves, inserts, and deletes. Expensive to find level (can store as a computed column), ancestry & descendants (Bridge Hierarchy combined with level column can solve), path (Lineage Column can solve). Use Common Table Expressions in those databases that support them to traverse. Nested Set (a.k.a Modified Preorder Tree Traversal) First described by Joe Celko - covered in depth in his book Trees and Hierarchies in SQL for Smarties Columns: Left, Right Cheap level, ancestry, descendants Compared to Adjacency List, moves, inserts, deletes more expensive. Requires a specific sort order (e.g. created). So sorting all descendants in a different order requires additional work. Nested Intervals Combination of Nested Sets and Materialized Path where left/right columns are floating point decimals instead of integers and encode the path information. Bridge Table (a.k.a. Closure Table: some good ideas about how to use triggers for maintaining this approach) Columns: ancestor, descendant Stands apart from table it describes. Can include some nodes in more than one hierarchy. Cheap ancestry and descendants (albeit not in what order) For complete knowledge of a hierarchy needs to be combined with another option. Flat Table A modification of the Adjacency List that adds a Level and Rank (e.g. ordering) column to each record. Expensive move and delete Cheap ancestry and descendants Good Use: threaded discussion - forums / blog comments Lineage Column (a.k.a. Materialized Path, Path Enumeration) Column: lineage (e.g. /parent/child/grandchild/etc...) Limit to how deep the hierarchy can be. Descendants cheap (e.g. LEFT(lineage, #) = '/enumerated/path') Ancestry tricky (database specific queries) Database Specific Notes MySQL Use session variables for Adjacency List Oracle Use CONNECT BY to traverse Adjacency Lists PostgreSQL ltree datatype for Materialized Path SQL Server General summary 2008 offers HierarchyId data type appears to help with Lineage Column approach and expand the depth that can be represented.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129  | Next Page >