Search Results

Search found 13692 results on 548 pages for 'bad practices'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 122/548 | < Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129  | Next Page >

  • What XSS/CSRF attacks (if any) to be aware of when allowing video embeds?

    - by fireeyedboy
    I've been assigned a project for a website where users will be allowed to upload video's (using a YouTube API) but more importantly (for me) they will also be allowed to submit video embed codes (from numerous video sites, YouTube, Vimeo, etc. etc.). Having no experience with allowing users to embed video: How can I best protect against cross site scripting and/or cross site request forgery attacks specifically for video embedding? What are some of the common pitfalls to watch for? At a minumum I would think to strip all tags except <object> and <embed>. But I have a feeling this will not be enough, will it? If it is of importance, the environment will be: PHP/Zend Framework MySQL Bonuspoints: Is there a common minimum golden rule/code template for video embed codes that are valid across all video sites that I could use to filter the input?

    Read the article

  • .Net Compact Framework Tips, Tricks, and Gotchas

    - by Mat Nadrofsky
    Hey everyone, We work extensively in the .Net Compact Framework and Windows Mobile. I've seen plenty of questions come up regarding specifics to development of ASP.Net apps or other .Net based desktop apps but nothing CF specific. Anyone else a mobile developer out there that can share some things to start doing, stop doing, and avoid doing when developing in the Compact Framework?

    Read the article

  • Writing a custom iterator -- what to do if you're at the end of the array?

    - by Goose Bumper
    I'm writing a custom iterator for a Matrix class, and I want to implement the increment method, which gets called when the iterator is incremented: void MatrixIterator::increment() { // go to the next element } Suppose the iterator has been incremented too many times and now points to past the end of the matrix (i.e. past the one-past-the-end point). What is the best practice for this situation? Should I catch this with an assert, or should I just say it's the user's responsibility to keep track of where the iterator is pointing and it's none of my business?

    Read the article

  • C# unusual inheritance syntax w/ generics

    - by anon
    I happened upon this in an NHibernate class definition: public class SQLiteConfiguration : PersistenceConfiguration<SQLiteConfiguration> So this class inherits from a base class that is parameterized by... the derived class?   My head just exploded. Can someone explain what this means and how this pattern is useful? (This is NOT an NHibernate-specific question, by the way.)

    Read the article

  • Singular method name for single object argument, plural for a list?

    - by nasufara
    I'm having a problem with naming a method for a database application. In my Database instance, I have a method that can remove an Agreement object from the database. However, I want to be able to remove multiple Agreements at once, to be able to use transactions. The problem is that I also have an overload to remove a single Agreement object. Essentially, my structure is like this: public class Database { // ... public void RemoveAgreement(Agreement a) { // ... } public void RemoveAgreement(IEnumerable<Agreement> agreements) { // ... } } But this can be confusing, as the overload with the list of Agreements has a singular name, despite being inherently plural. My question is, how should I structure this? Should I have two overloads with the name RemoveAgreement(), or RemoveAgreements()? Or should I use two separate methods, instead of overloads? Thanks.

    Read the article

  • What are possible designs for the DCI architecture?

    - by Gabriel Šcerbák
    What are possibles designs for implementation of the DCI (data, contexts, interactions) architecture in different OOP languages? I thought of Policy based design (Andrei Alexandrescu) for C++, DI and AOP for Java. However, I also thought about using State design pattern for representing roles and some sort of Template method for the interactions... What are the other possibilities?

    Read the article

  • What's the best way to unit test code that generates random output?

    - by Flynn1179
    Specifically, I've got a method picks n items from a list in such a way that a% of them meet one criterion, and b% meet a second, and so on. A simplified example would be to pick 5 items where 50% have a given property with the value 'true', and 50% 'false'; 50% of the time the method would return 2 true/3 false, and the other 50%, 3 true/2 false. Statistically speaking, this means that over 100 runs, I should get about 250 true/250 false, but because of the randomness, 240/260 is entirely possible. What's the best way to unit test this? I'm assuming that even though technically 300/200 is possible, it should probably fail the test if this happens. Is there a generally accepted tolerance for cases like this, and if so, how do you determine what that is?

    Read the article

  • How to handle management trying to interfere with the project (including architecture decision)

    - by Zwei Steinen
    I feel this is not a very good question to post on SO, but I need some advice from experienced developers... (I'm a second year developer) I guess this is a problem to many, many projects, but in our case, it is getting intense. There were so much interference from people that don't know a bit about software development, that our development came to an almost complete stop. We had to literary escape to another location to get any useful job done. Now we were happily producing results, but then I get a request for a "meeting" and it's them again. I have a friendly relationship with them, but I feel very daunted at the thought of talking about non-sense all over again. Should I be firm and tell them to shut up and wait for our results? Or should I be diplomatic and create an illusion they are making a positive contribution or something?? My current urge is to be unfriendly and murmur some stuff so they will give up or something. What would you do if you were in this situation?

    Read the article

  • Tips for documenting a web application?

    - by Pandiya Chendur
    I know that I can take my asp.net application and get it reversed to a UML document, but that doesn't tell the whole story of things like who can use what, what it calls in the way of stored procedures, what pages call what pages etc. etc. Does anyone know of an article where someone has a comprehensive way to document a web application/site? Or shall I just make up my own way?

    Read the article

  • Drupal development workflow for teams

    - by Raul Singahn
    In my last Drupal project we were 5 people doing coding and installing new modules, at the same type our client was putting up content. Since we chose to have only one server for simplicity there were times were many people needed to write to the same files like style.css or page.tpl.php or when someones broken code would prevent others from working Are there any best practises for a team that works with Drupal? How can leverage code repositories or sandboxes?

    Read the article

  • distributing R package with optional S4 syntax sugar

    - by mariotomo
    I've written a small package for logging, I'm distributing it through r-forge, recently I received some very interesting feedback on how to make it easier to use, but this functionality is based on stuff (setRefClass) that was added to R in 2.12. I'd like to keep distributing the package also for R-2.9, so I'm looking for a way to include or exclude the S4 syntactical sugar automatically, and include it when the library is loaded on a R = 2.12 system. one other option I see, that is to write a small S4 package that needs 2.12, imports the simpler logging package and exports the syntactically sugared interface... I don't like it too much, as I'd need to choose a different name for the S4 package.

    Read the article

  • replace values in a String from a Hashtable in Java

    - by Adnan
    My string looks like; String values = "I am from UK, and you are from FR"; and my hashtable; Hashtable countries = new Hashtable(); countries.put("United Kingdom", new String("UK")); countries.put("France", new String("FR")); What would be the most effective way to change the values in my string with the values from the hashtable accordingly. These are just 2 values to change, but in my case I will have 100+

    Read the article

  • Converting a constantly changing scalar value to a changing interval or frequency

    - by eco_bach
    Although I'm coding in Objective C, this is more of a general programming question. What is the best way to convert a constantly changing scalar value to a changing interval or frequency? Right now every time the scalar value changes I am destroying the NSInterval ie [self.myTimer invalidate]; self.myTimer = nil; and creating a new one, but this seems like a VERY expensive way to achieve my goal, since the changing scalar value in my case represents the horizontal velocity of a swipe. For a rough analogy, think of the speed of a swipe being reflected in a visual metronome, the faster you swipe, the higher(shorter interval) the frequency of the metronome.

    Read the article

  • A good approach to db planing for reporting service

    - by Itay Moav
    The scenario: Big system (~200 tables). 60,000 users. Complex reports that will require me to do multiple queries for each report and even those will be complex queries with inner queries all over the place + some processing in PHP. I have seen an approach, which I am not sure about: Having one centralized, de-normalized, table that registers any activity in the system which is reportable. This table will hold mostly foreign keys, so she should be fairly compact and fast. So, for example (My system is a virtual learning management system), A user enrolls to course, the table stores the user id, date, course id, organization id, activity type (enrollment). Of course I also store this data in a normalized DB, which the actual application uses. Pros I see: easy, maintainable queries and code to process data and fast retrieval. Cons: there is a danger of the de-normalized table to be out of sync with the real DB. Is this approach worth considering, or (preferably from experience) is total $#%#%t?

    Read the article

  • Program structure in long running data processing python script

    - by fmark
    For my current job I am writing some long-running (think hours to days) scripts that do CPU intensive data-processing. The program flow is very simple - it proceeds into the main loop, completes the main loop, saves output and terminates: The basic structure of my programs tends to be like so: <import statements> <constant declarations> <misc function declarations> def main(): for blah in blahs(): <lots of local variables> <lots of tightly coupled computation> for something in somethings(): <lots more local variables> <lots more computation> <etc., etc.> <save results> if __name__ == "__main__": main() This gets unmanageable quickly, so I want to refactor it into something more manageable. I want to make this more maintainable, without sacrificing execution speed. Each chuck of code relies on a large number of variables however, so refactoring parts of the computation out to functions would make parameters list grow out of hand very quickly. Should I put this sort of code into a python class, and change the local variables into class variables? It doesn't make a great deal of sense tp me conceptually to turn the program into a class, as the class would never be reused, and only one instance would ever be created per instance. What is the best practice structure for this kind of program? I am using python but the question is relatively language-agnostic, assuming a modern object-oriented language features.

    Read the article

  • What is the best place to display the language in your url

    - by Saif Bechan
    I have a multi-language website that makes use of pretty urls, so called search engine friendly urls. Now there are a few places to define the language in the url. 1) www.mydomain.com/en/articles/random www.mydomain.com/nl/articles/random 2) en.mydomain.com/articles/random nl.mydomain.com/articles/random 3) www.mydomain.com/articles/random?lang=en www.mydomain.com/articles/random?lang=nl Is there any preffered way of showing this, or is there another way better that I did not show. I would like to hear your comments on this.

    Read the article

  • What is the best way to identify which form has been submitted?

    - by Rupert
    Currently, when I design my forms, I like to keep the name of the submit button equal to the id of the form. Then, in my php, I just do if(isset($_POST['submitName'])) in order to check if a form has been submitted and which form has been submitted. Firstly, are there any security problems or design flaws with this method? One problem I have encountered is when I wish to overlay my forms with javascript in order to provide faster validation to the user. For example, whilst I obviously need to retain server side validation, it is more convenient for the user if an error message is displayed inline, upon blurring an input. Additionally, it would be good to provide entire form validation, upon clicking the submit button. Therefore, when the user clicks on the form's submit button, I am stopping the default action, doing my validation, and then attempting to renable the traditional submit functionality, if the validation passes. In order to do this, I am using the form.submit() method but, unfortunately, this doesn't send the submit button variable (as it should be as form.submit() can be called without any button being clicked). This means my PHP script fails to detect that the form has been submitted. What is the correct way to work around this? It seems like the standard solution is to add a hidden field into the form, upon passing validation, which has the name of form's id. Then when form.submit() is called, this is passed along in place of the submit button. However, this solution seems very ungraceful to me and so I am wondering whether I should: a) Use an alternative method to detect which form has been submitted which doesn't rely rely on passing the submit button. If so what alternative is there? Obviously, just having an extra hidden field from the start isn't any better. b) Use an alternative Javascript solution which allows me to retain my non-Javascript design. For example, is there an alternative to form.submit() which allows me to pass in extra data? c) Suck it up and just insert a hidden field using Javascript.

    Read the article

  • How to properly load HTML data from third party website using MVC+AJAX?

    - by Dmitry
    I'm building ASP.NET MVC2 website that lets users store and analyze data about goods found on various online trade sites. When user is filling a form to create or edit an item, he should have a button "Import data" that automatically fills some fields based on data from third party website. The question is: what should this button do under the hood? I see at least 2 possible solutions. First. Do the import on client side using AJAX+jQuery load method. I tried it in IE8 and received browser warning popup about insecure script actions. Of course, it is completely unacceptable. Second. Add method ImportData(string URL) to ItemController class. It is called via AJAX, does the import + data processing server-side and returns JSON-d result to client. I tried it and received server exception (503) Server unavailable when loading HTML data into XMLDocument. Also I have a feeling that dealing with not well-formed HTML (missing closing tags, etc.) will be a huge pain. Any ideas how to parse such HTML documents?

    Read the article

  • Migrating a simple application from Application Delegate to ViewController Class

    - by eco_bach
    Hi Frst of all wanted to send out a huge thanks for the great feedback and support. I have a simple application working, right now simply loads a sequence of images and alows the user to step thru the images by clicking a button. All of my logic is in my Application Delegate class, with the image loading, initialization of UIImage Views etc happening in my applicationDidFinishLaunching method. My next step is to migrate as much as possible all of the logic from this class to a ViewController, to take advantage of the extra functionality etc in viewcontrollers. All my images and imageViews are initialized like the following in my applicationDidFinishLaunching. img = [UIImage imageWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@image1.jpg" ofType:nil]]; imgView = [[UIImageView alloc] initWithImage:img]; How would I migrate this to a ViewController based application? Where would I put all of the logic currently in my applicationDidFinishLaunching method, or for loading of images, is it necessary to only load them here? Any feedback, tips, suggestions appreciated.

    Read the article

  • Communication between layers in an application

    - by Petar Minchev
    Hi guys! Let's assume we have the following method in the business layer. What's the best practice to tell the UI layer that something went wrong and give also the error message? Should the method return an empty String when it was OK, otherwise the error message, or should it throw another exception in the catch code wrapping the caught exception? If we choose the second variant then the UI should have another try,catch which is too much try,catch maybe. Here is a pseudocode for the first variant. public String updateSomething() { try { //Begin transaction here dataLayer.do1(); dataLayer.do2(); dataLayer.doN(); } catch(Exception exc) { //Rollback transaction code here return exc.message; } return ""; } Is this a good practice or should I throw another exception in the catch(then the method will be void)?

    Read the article

  • Invoicing vs Quoting or Estimating

    - by FreshCode
    If invoices can be voided, should they be used as quotations? I have an Invoices tables that is created from inventory associated with a Job or Order. I could have a Quotes table as a halfway-house between inventory and invoices, but it feels like I would have duplicate data structures and logic just to handle an "Is this a quote?" bit. From a business perspective, quotes are different from invoices: a quote is sent prior to an undertaking and an invoice is sent once it is complete and payment is due, but how to represent this in my repository and model. What is an elegant way to store and manage quotes & invoices in a database? Edit: indicated Job === Order for this particular instance.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 118 119 120 121 122 123 124 125 126 127 128 129  | Next Page >