Search Results

Search found 13692 results on 548 pages for 'bad practices'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 122/548 | < Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129  | Next Page >

  • C# unusual inheritance syntax w/ generics

    - by anon
    I happened upon this in an NHibernate class definition: public class SQLiteConfiguration : PersistenceConfiguration<SQLiteConfiguration> So this class inherits from a base class that is parameterized by... the derived class?   My head just exploded. Can someone explain what this means and how this pattern is useful? (This is NOT an NHibernate-specific question, by the way.)

    Read the article

  • What XSS/CSRF attacks (if any) to be aware of when allowing video embeds?

    - by fireeyedboy
    I've been assigned a project for a website where users will be allowed to upload video's (using a YouTube API) but more importantly (for me) they will also be allowed to submit video embed codes (from numerous video sites, YouTube, Vimeo, etc. etc.). Having no experience with allowing users to embed video: How can I best protect against cross site scripting and/or cross site request forgery attacks specifically for video embedding? What are some of the common pitfalls to watch for? At a minumum I would think to strip all tags except <object> and <embed>. But I have a feeling this will not be enough, will it? If it is of importance, the environment will be: PHP/Zend Framework MySQL Bonuspoints: Is there a common minimum golden rule/code template for video embed codes that are valid across all video sites that I could use to filter the input?

    Read the article

  • How do you handle passwords or credentials for standalone applications?

    - by Abel Morelos
    Let's say that you have a standalone application (a Java application in my case) and that this application has a configuration file (a XML file in my case) where you store the credentials (user and password) for a bunch of databases you need to connect. Everything works great, but now you discover (or your are given a new requirement like me) that you have to put this application in a different server and that you can't have these credentials in the configuration files because of security and/or compliance considerations. I'm considering to use data sources hosted in the application server (a WAS server), but I think this could have poor performance and maybe it's not the best approach since I'm connecting from a standalone application. I was also considering to use some sort of encryption, but I would like to keep things as simple as possible. How would you handle this case? Where would you put these credentials or protect them from being compromised? Or how would you connect to your databases in this scenario?

    Read the article

  • Import RSS feed into a Typo3 template

    - by Kaaviar
    Hi, I'm a total beginner with Typo3 and would like to show a RSS feed in a Typo3 template using typoscript. And I have no idea how to do this ! Is there any way to do this quite easily ? Calling an external PHP script maybe ? Thx !

    Read the article

  • How to properly load HTML data from third party website using MVC+AJAX?

    - by Dmitry
    I'm building ASP.NET MVC2 website that lets users store and analyze data about goods found on various online trade sites. When user is filling a form to create or edit an item, he should have a button "Import data" that automatically fills some fields based on data from third party website. The question is: what should this button do under the hood? I see at least 2 possible solutions. First. Do the import on client side using AJAX+jQuery load method. I tried it in IE8 and received browser warning popup about insecure script actions. Of course, it is completely unacceptable. Second. Add method ImportData(string URL) to ItemController class. It is called via AJAX, does the import + data processing server-side and returns JSON-d result to client. I tried it and received server exception (503) Server unavailable when loading HTML data into XMLDocument. Also I have a feeling that dealing with not well-formed HTML (missing closing tags, etc.) will be a huge pain. Any ideas how to parse such HTML documents?

    Read the article

  • Converting a constantly changing scalar value to a changing interval or frequency

    - by eco_bach
    Although I'm coding in Objective C, this is more of a general programming question. What is the best way to convert a constantly changing scalar value to a changing interval or frequency? Right now every time the scalar value changes I am destroying the NSInterval ie [self.myTimer invalidate]; self.myTimer = nil; and creating a new one, but this seems like a VERY expensive way to achieve my goal, since the changing scalar value in my case represents the horizontal velocity of a swipe. For a rough analogy, think of the speed of a swipe being reflected in a visual metronome, the faster you swipe, the higher(shorter interval) the frequency of the metronome.

    Read the article

  • Efficient storage/retrieval method for replayable comet style applications (Google Wave, Etherpad)

    - by Gareth Simpson
    I am considering a web application that would have the same kind of multi user, automatic saving, infinite undo / replay capabilities that you see in Google Wave and Etherpad (albeit on a drastically smaller scale and userbase). Before I go away and reinvent the wheel, is this something that has already been addressed as either a piece of technology or library, or even just a design pattern. I know this isn't necessarily the best Stack Overflow question as there is probably not a "right" answer, but my Google-fu has failed me and I'd just like a reading list! Ordinarily I would be developing under python/django but this is not a firm requirement just a preference :)

    Read the article

  • ASP Dot Net : How to repeat HTML parts with minor differences on a page?

    - by tinky05
    It's a really simple problem. I've got HTML code like this : <div> <img src="image1.jpg" alt="test1" /> </div> <div> <img src="image2.jpg" alt="test2" /> </div> <div> <img src="image3.jpg" alt="test3" /> </div> etc... The data is comming from a DB (image name, alt text). In JAVA, I would do something like : save the info in array in the back end. For the presentation I would loop through it with JSTL : <c:foeach items="${data}" var="${item}> <div> <img src="${item.image}" alt="${item.alt}" /> </div> </c:foreach> What's the best practice in ASP.net I just don't want to create a string with HTML code in it in the "code behind", it's ugly IMO.

    Read the article

  • What turns away users/prospective users?

    - by Zach Johnson
    In your experience, what kinds of things have turned away users and prospective users from using your programs? Also, what kinds of things turn you away from using someone else's programs? For example, one thing that really bugs me is when someone provides free software, but requires you to enter your name and email address before you download it. Why do they need my name and email address? I just want to use the program! I understand that the developer(s) may want to get a feel for how many users they have, etc, but the extra work I have to do really makes me think twice about downloading their software, even if it does really great things.

    Read the article

  • distributing R package with optional S4 syntax sugar

    - by mariotomo
    I've written a small package for logging, I'm distributing it through r-forge, recently I received some very interesting feedback on how to make it easier to use, but this functionality is based on stuff (setRefClass) that was added to R in 2.12. I'd like to keep distributing the package also for R-2.9, so I'm looking for a way to include or exclude the S4 syntactical sugar automatically, and include it when the library is loaded on a R = 2.12 system. one other option I see, that is to write a small S4 package that needs 2.12, imports the simpler logging package and exports the syntactically sugared interface... I don't like it too much, as I'd need to choose a different name for the S4 package.

    Read the article

  • Efficiently Serving Dynamic Content in Google App Engine

    - by awegawef
    My app on google app engine returns content items (just text) and comments on them. It works like this (pseudo-ish code): query: get keys of latest content #query to datastore for each item in content if item_dict in memcache: use item_dict else: build_item_dict(item) #by fetching from datastore store item_dict in memcache send all item_dicts to template Sorry if the code isn't understandable. I get all of the content dictionaries and send them to the template, which uses them to create the webpage. My problem is that if the memcache has expired, for each item I want to display, I have to (1) lookup item in memcache, (2) since no memcache exists I must fetch item from the datastore, and (3) store the item in memcache. These calls build up quickly. I don't set an expire time for the entries to the memcache, so this really only happens once in the morning, but the webpage takes long enough to load (~1 sec) that the browser reports it as not existing. Regularly, my webpages take about 50ms to load. This approach works decently for frequent visits, but it has its flaws as shown above. How can I remedy this? The entries are dynamic enough that I don't think it would be in my best interest to cache my initial request. Thanks in advance

    Read the article

  • Is a "Confirm Email" input good practice when user changes email address?

    - by dibson
    My organization has a form to allow users to update their email address with us. It's suggested that we have two input boxes for email: the second as an email confirmation. I always copy/paste my email address when faced with the confirmation. I'm assuming most of our users are not so savvy. Regardless, is this considered a good practice? I can't stand it personally, but I also realize it probably isn't meant for me. If someone screws up their email, they can't login, and they must call to sort things out.

    Read the article

  • JSP application scope objects in Java library

    - by FrontierPsycho
    I am working on a preexisting web application built with JSP, which uses an external Java library. I want to make some JavaBeans that were instantiated with jsp:useBean tags available to the Java code. What would be a good practice to do that? I suppose I can pass the objects in question to every function call that requires them, but I'd like to avoid that.

    Read the article

  • What is the best way to identify which form has been submitted?

    - by Rupert
    Currently, when I design my forms, I like to keep the name of the submit button equal to the id of the form. Then, in my php, I just do if(isset($_POST['submitName'])) in order to check if a form has been submitted and which form has been submitted. Firstly, are there any security problems or design flaws with this method? One problem I have encountered is when I wish to overlay my forms with javascript in order to provide faster validation to the user. For example, whilst I obviously need to retain server side validation, it is more convenient for the user if an error message is displayed inline, upon blurring an input. Additionally, it would be good to provide entire form validation, upon clicking the submit button. Therefore, when the user clicks on the form's submit button, I am stopping the default action, doing my validation, and then attempting to renable the traditional submit functionality, if the validation passes. In order to do this, I am using the form.submit() method but, unfortunately, this doesn't send the submit button variable (as it should be as form.submit() can be called without any button being clicked). This means my PHP script fails to detect that the form has been submitted. What is the correct way to work around this? It seems like the standard solution is to add a hidden field into the form, upon passing validation, which has the name of form's id. Then when form.submit() is called, this is passed along in place of the submit button. However, this solution seems very ungraceful to me and so I am wondering whether I should: a) Use an alternative method to detect which form has been submitted which doesn't rely rely on passing the submit button. If so what alternative is there? Obviously, just having an extra hidden field from the start isn't any better. b) Use an alternative Javascript solution which allows me to retain my non-Javascript design. For example, is there an alternative to form.submit() which allows me to pass in extra data? c) Suck it up and just insert a hidden field using Javascript.

    Read the article

  • What is the best way to manage application screens in SWT?

    - by parxier
    I'm creating a standalone SWT desktop application that has around 10 different screens (few wizards, help, forms, etc). Some elements on screen don't change at all (like header, background, etc) and there is a working area that changes depending on what is clicked, etc. What is the best way to manage application screens? Do I need to create all screen at startup and then show/hide them depending on what is clicked? Or do I need to create those screens dynamically? Also, I couldn't find any way to show/hide a Composite, do I need to dispose it and then create again? What is the best practice? I'm new to SWT developing outside of Eclipse so any help would be beneficial.

    Read the article

  • What's the best way to unit test code that generates random output?

    - by Flynn1179
    Specifically, I've got a method picks n items from a list in such a way that a% of them meet one criterion, and b% meet a second, and so on. A simplified example would be to pick 5 items where 50% have a given property with the value 'true', and 50% 'false'; 50% of the time the method would return 2 true/3 false, and the other 50%, 3 true/2 false. Statistically speaking, this means that over 100 runs, I should get about 250 true/250 false, but because of the randomness, 240/260 is entirely possible. What's the best way to unit test this? I'm assuming that even though technically 300/200 is possible, it should probably fail the test if this happens. Is there a generally accepted tolerance for cases like this, and if so, how do you determine what that is?

    Read the article

  • Using GET instead of POST to delete data behind authenticated pages

    - by Matt Spradley
    I know you should use POST whenever data will be modified on a public website. There are several reasons including the fact that search engines will follow all the links and modify the data. My question is do you think it is OK to use GET behind authenticated pages in something like an admin interface? One example would be a list of products with a delete link on each row. Since the only way to get to the page is if you are logged in, is there any harm in just using a link with the product ID in the query string?

    Read the article

  • Multiple Actions (Forms) on one Page - How not to lose master data, after editing detail data?

    - by nWorx
    Hello all, I've got a form where users can edit members of a group. So they have the possibilty to add members or remove existing members. So the Url goes like ".../Group/Edit/4" Where 4 is the id of the group. the view looks like this <% using (Html.BeginForm("AddUser", "Group")) %> <%{%> <label for="newUser">User</label> <%=Html.TextBox("username")%> <input type="submit" value="Add"/> </div> <%}%> <% using (Html.BeginForm("RemoveUser", "Group")) %> <%{%> <div class="inputItem"> <label for="groupMember">Bestehende Mitglieder</label> <%= Html.ListBox("groupMember", from g in Model.GetMembers() select new SelectListItem(){Text = g}) %> <input type="submit" value="Remove" /> </div> <%}%> The problem is that after adding or removing one user i lose the id of the group. What is the best solution for solving this kind of problem? Should I use hidden fields to save the group id? Thanks in advance.

    Read the article

  • syntax for binding multiple variables within text

    - by danke
    When binding multiple variables value1 value2 value3 in the same text field, do I do this: text="{some text value1 other text value2 and other text value3}" or text="some text {value1} other text {value2} and other text {value3}" I noticed both work, but which is the right way to do it and will work all the time.

    Read the article

  • What is the difference between a private and public funtion?

    - by Kyle
    I am a new programmer, and I started in C and am now starting to enjoy JavaScript and a tiny bit of PHP more. Lately I've heard the terms 'private' and 'public' functions a lot. Could anybody give an explanation of the both and how they are of use to a programmer? And I'm probably totally wrong here... but is a (function(){}) in javascript a private function?

    Read the article

  • Generating changelogs from commit-comments - bad idea?

    - by Adam Asham
    I work for a small company (<10 developers) where we use Svn and to some extent Git. We have no release system implemented. We don't tag our applications with a release numbers so as you can imagine, we don't keep track of changes between releases very well. With this in mind I've been thinking about generating changelogs from the commit-comments. It doesn't have to be an awful idea if you implement guidelines for how to write comments. Or am I fooling myself thinking that colleagues will follow these guidelines? Most of them don't bother adding comments today but I'm hoping that will change if they become aware of how to formulate themselves and that you don't have to comment on every single commit. Or would we it be more wise to gather information from our bug/project managing software and write the changelogs manually (which unfortunately is something nobody wants to do)?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129  | Next Page >