Search Results

Search found 10115 results on 405 pages for 'coding practices'.

Page 133/405 | < Previous Page | 129 130 131 132 133 134 135 136 137 138 139 140  | Next Page >

• How should I ethically approach user password storage for later plaintext retrieval?

  - by Shane

  As I continue to build more and more websites and web applications I am often asked to store user's passwords in a way that they can be retrieved if/when the user has an issue (either to email a forgotten password link, walk them through over the phone, etc.) When I can I fight bitterly against this practice and I do a lot of ‘extra’ programming to make password resets and administrative assistance possible without storing their actual password. When I can’t fight it (or can’t win) then I always encode the password in some way so that it at least isn’t stored as plaintext in the database—though I am aware that if my DB gets hacked that it won’t take much for the culprit to crack the passwords as well—so that makes me uncomfortable. In a perfect world folks would update passwords frequently and not duplicate them across many different sites—unfortunately I know MANY people that have the same work/home/email/bank password, and have even freely given it to me when they need assistance. I don’t want to be the one responsible for their financial demise if my DB security procedures fail for some reason. Morally and ethically I feel responsible for protecting what can be, for some users, their livelihood even if they are treating it with much less respect. I am certain that there are many avenues to approach and arguments to be made for salting hashes and different encoding options, but is there a single ‘best practice’ when you have to store them? In almost all cases I am using PHP and MySQL if that makes any difference in the way I should handle the specifics. Additional Information for Bounty I want to clarify that I know this is not something you want to have to do and that in most cases refusal to do so is best. I am, however, not looking for a lecture on the merits of taking this approach I am looking for the best steps to take if you do take this approach. In a note below I made the point that websites geared largely toward the elderly, mentally challenged, or very young can become confusing for people when they are asked to perform a secure password recovery routine. Though we may find it simple and mundane in those cases some users need the extra assistance of either having a service tech help them into the system or having it emailed/displayed directly to them. In such systems the attrition rate from these demographics could hobble the application if users were not given this level of access assistance, so please answer with such a setup in mind. Thanks to Everyone This has been a fun questions with lots of debate and I have enjoyed it. In the end I selected an answer that both retains password security (I will not have to keep plain text or recoverable passwords), but also makes it possible for the user base I specified to log into a system without the major drawbacks I have found from normal password recovery. As always there were about 5 answers that I would like to have marked correct for different reasons, but I had to choose the best one--all the rest got a +1. Thanks everyone!

  Read the article

• Is it ok to throw NotImplemented exception in virtual methods?

  - by Axarydax

  I have a base class for some plugin-style stuff, and there are some methods that are absolutely required to be implemented. I currently declare those in the base class as virtual, for example public virtual void Save { throw new NotImplementedException(); } and in the descendand I have a public override void Save() { //do stuff } Is it a good practice to throw a NotImplementedException there? The descendand classes could for example be the modules for handling different file formats. Thanks

  Read the article

• Request/Response pattern in SOA implementation

  - by UserControl

  In some enterprise-like project (.NET, WCF) i saw that all service contracts accept a single Request parameter and always return Response: [DataContract] public class CustomerRequest : RequestBase { [DataMember] public long Id { get; set; } } [DataContract] public class CustomerResponse : ResponseBase { [DataMember] public CustomerInfo Customer { get; set; } } where RequestBase/ResponseBase contain common stuff like ErrorCode, Context, etc. Bodies of both service methods and proxies are wrapped in try/catch, so the only way to check for errors is looking at ResponseBase.ErrorCode (which is enumeration). I want to know how this technique is called and why it's better compared to passing what's needed as method parameters and using standard WCF context passing/faults mechanisms?

  Read the article

• Null and blank values

  - by Jonathan D

  What's the best way of writing robust code so that a variable can be checked for null and blank. e.g. string a; if((a != null) && (a.Length() > 0)) { //do some thing with a }

  Read the article

• #Define Compiler Directive in C#

  - by pm_2

  In C, I could declare a compiler directive as follows: #define MY_NUMBER 10 However, in C#, I only appear to be able to do this: #define MY_NUMBER Which is obviously useless in this case. Is this correct, or am I doing something wrong? If not, can anyone suggest a way of doing this, either at namespace or solution level? I thought of maybe creating a static class, but that seems to be overkill for one value.

  Read the article

• Lock thread using somthing other than a object

  - by Scott Chamberlain

  when using a lock does the thing you are locking on have to be a object. For example is this legal static DateTime NextCleanup = DateTime.Now; const TimeSpan CleanupInterval = new TimeSpan(1, 0, 0); private static void DoCleanup() { lock ((object)NextCleanup) { if (NextCleanup < DateTime.Now) { NextCleanup = DateTime.Now.Add(CleanupInterval); System.Threading.ThreadPool.QueueUserWorkItem(new System.Threading.WaitCallback(cleanupThread)); } } return; } EDIT-- From reading SLaks' responce I know the above code would be not valid but would this be? static MyClass myClass = new MyClass(); private static void DoCleanup() { lock (myClass) { // } return; }

  Read the article

• It is good programming practice to always check for null pointers before using an object in C++?

  - by jm1234567890

  This seems like a lot of work; to check for null each time an object is used. I have been advised that it is a good idea to check for null pointers so you don't have to spend time looking for where segmentation faults occur. Just wondering what the community here thinks?

  Read the article

• Are upper bounds of indexed ranges always assumed to be exclusive?

  - by polygenelubricants

  So in Java, whenever an indexed range is given, the upper bound is almost always exclusive. From java.lang.String: substring(int beginIndex, int endIndex) Returns a new string that is a substring of this string. The substring begins at the specified beginIndex and extends to the character at index endIndex - 1 From java.util.Arrays: copyOfRange(T[] original, int from, int to) from - the initial index of the range to be copied, inclusive to - the final index of the range to be copied, exclusive. From java.util.BitSet: set(int fromIndex, int toIndex) fromIndex - index of the first bit to be set. toIndex - index after the last bit to be set. As you can see, it does look like Java tries to make it a consistent convention that upper bounds are exclusive. My questions are: Is this the official authoritative recommendation? Are there notable violations that we should be wary of? Is there a name for this system? (ala "0-based" vs "1-based")

  Read the article

• Finding relative libraries when using symlinks to ruby executables

  - by dgtized

  Imagine you have an executable foo.rb, with libraries bar.rb layed out in the following manner: <root>/bin/foo.rb <root>/lib/bar.rb In the header of foo.rb you place the following require to bring in functionality in bar.rb: require File.dirname(__FILE__)+"../lib/bar.rb" This works fine so long as all calls to foo.rb are direct. If you put as say $HOME/project, and symlink foo.rb into $HOME/usr/bin, then __FILE__ resolves to $HOME/usr/bin/foo.rb, and is thus unable to locate bar.rb in relation to the dirname for foo.rb. I realize that packaging systems such as rubygems fix this by creating a namespace to search for the library, and that it is also possible to adjust the load_path using $: to include $HOME/project/lib, but it seems as if a more simple solution should exist. Has anyone had experience with this problem and found a useful solution or recipe?

  Read the article

• Is it good practice to initialize array in C/C++?

  - by sand

  I recently encountered a case where I need to compare two files (golden and expected) for verification of test results and even though the data written to both the files were same, the files does not match. On further investigation, I found that there is a structure which contains some integers and a char array of 64 bytes, and not all the bytes of char array were getting used in most of the cases and unused fields from the array contain random data and that was causing the mismatch. This brought me ask the question whether it is good practice to initialize the array in C/C++ as well, as it is done in Java?

  Read the article

• Building a life-critical System using Agile

  - by Ben Breen

  Looking at the general trend of comments in my question about Building an Aircraft using Agile, the biggest problem other than cost appears to be safety. Do people feel that it is not possible to build a safe system (or prove it is safe) using agile? Doesn’t all the iterative testing mitigate this? Is it likely that a piece of software developed using agile will never be as reliable as counterparts such as waterfall?

  Read the article

• Is it a good practice to perform direct database access in the code-behind of an ASP.NET page?

  - by patricks418

  Hi, I am an experienced developer but I am new to web application development. Now I am in charge of developing a new web application and I could really use some input from experienced web developers out there. I'd like to understand exactly what experienced web developers do in the code-behind pages. At first I thought it was best to have a rule that all the database access and business logic should be performed in classes external to the code-behind pages. My thought was that only logic necessary for the web form would be performed in the code-behind. I still think that all the business logic should be performed in other classes but I'm beginning to think it would be alright if the code-behind had access to the database to query it directly rather than having to call other classes to receive a dataset or collection back. Any input would be appreciated.

  Read the article

• Java: Inputting text from a file using split

  - by 00PS

  I am inputting an adjacency list for a graph. There are three columns of data (vertex, destination, edge) separated by a single space. Here is my implementation so far: FileStream in = new FileStream("input1.txt"); Scanner s = new Scanner(in); String buffer; String [] line = null; while (s.hasNext()) { buffer = s.nextLine(); line = buffer.split("\\s+"); g.add(line[0]); System.out.println("Added vertex " + line[0] + "."); g.addEdge(line[0], line[1], Integer.parseInt(line[2])); System.out.println("Added edge from " + line[0] + " to " + line[1] + " with a weight of " + Integer.parseInt(line[2]) + "."); } System.out.println("Size of graph = " + g.size()); Here is the output: Added vertex a. Added edge from a to b with a weight of 9. Exception in thread "main" java.lang.NullPointerException at structure5.GraphListDirected.addEdge(GraphListDirected.java:93) at Driver.main(Driver.java:28) I was under the impression that line = buffer.split("\\s+"); would return a 2 dimensional array of Strings to the variable line. It seemed to work the first time but not the second. Any thoughts? I would also like some feedback on my implementation of this problem. Is there a better way? Anything to help out a novice! :)

  Read the article

• One class per file rule in .NET?

  - by Joan Venge

  I follow this rule but some of my colleagues disagree with it and argue that if a class is smaller it can be left in the same file with other class(es). Another argument I hear all the time is "Even Microsoft don't do this, so why should we?" What's the general consensus on this? Are there cases where this should be avoided?

  Read the article

• How to provide global functionality in multi-user database app

  - by Mike B

  I have been building a multi-user database application (in C#/WPF 4.0) that manages tasks for all employees of a company. I now need to add some functionality such as sending an email reminder to someone when a critical task is due. How should this be done? Obviously I don’t want every instance of the program to be performing this function (Heh each user would get 10+ emails). Should I add the capability to the application as a "Mode" and then run a copy on the database server in this mode or would it be better to create a new app altogether to perform "Global" type tasks? Is there a better way?

  Read the article

• organizing unit test

  - by soulmerge

  I have found several conventions to housekeeping unit tests in a project and I'm not sure which approach would be suitable for our next PHP project. I am trying to find the best convention to encourage easy development and accessibility of the tests when reviewing the source code. I would be very interested in your experience/opinion regarding each: One folder for productive code, another for unit tests: This separates unit tests from the logic files of the project. This separation of concerns is as much a nuisance as it is an advantage: Someone looking into the source code of the project will - so I suppose - either browse the implementation or the unit tests (or more commonly: the implementation only). The advantage of unit tests being another viewpoint to your classes is lost - those two viewpoints are just too far apart IMO. Annotated test methods: Any modern unit testing framework I know allows developers to create dedicated test methods, annotating them (@test) and embedding them in the project code. The big drawback I see here is that the project files get cluttered. Even if these methods are separated using a comment header (like UNIT TESTS below this line) it just bloats the class unnecessarily. Test files within the same folders as the implementation files: Our file naming convention dictates that PHP files containing classes (one class per file) should end with .class.php. I could imagine that putting unit tests regarding a class file into another one ending on .test.php would render the tests much more present to other developers without tainting the class. Although it bloats the project folders, instead of the implementation files, this is my favorite so far, but I have my doubts: I would think others have come up with this already, and discarded this option for some reason (i.e. I have not seen a java project with the files Foo.java and FooTest.java within the same folder.) Maybe it's because java developers make heavier use of IDEs that allow them easier access to the tests, whereas in PHP no big editors have emerged (like eclipse for java) - many devs I know use vim/emacs or similar editors with little support for PHP development per se. What is your experience with any of these unit test placements? Do you have another convention I haven't listed here? Or am I just overrating unit test accessibility to reviewing developers?

  Read the article

• Should you always write code for else cases that "can never happen"?

  - by johnswamps

  Take some code like if (person.IsMale()) { doGuyStuff(); } else { doGirlOtherStuff(); } (Yes, I realize this is bad OO code, it's an example) Should this be written so that to explicitly check if person.isFemale(), and then add a new else that throws an exception? Or maybe you're checking values in an enum, or something like that. You think that no one will add new elements to the enum, but who knows? "Can never happen" sounds like famous last words.

  Read the article

• Python: Calling method A from class A within class B?

  - by Tommo

  There are a number of questions that are similar to this, but none of the answers hits the spot - so please bear with me. I am trying my hardest to learn OOP using Python, but i keep running into errors (like this one) which just make me think this is all pointless and it would be easier to just use methods. Here is my code: class TheGUI(wx.Frame): def __init__(self, title, size): wx.Frame.__init__(self, None, 1, title, size=size) # The GUI is made ... textbox.TextCtrl(panel1, 1, pos=(67,7), size=(150, 20)) button1.Bind(wx.EVT_BUTTON, self.button1Click) self.Show(True) def button1Click(self, event): #It needs to do the LoadThread function! class WebParser: def LoadThread(self, thread_id): #It needs to get the contents of textbox! TheGUI = TheGUI("Text RPG", (500,500)) TheParser = WebParser TheApp.MainLoop() So the problem i am having is that the GUI class needs to use a function that is in the WebParser class, and the WebParser class needs to get text from a textbox that exists in the GUI class. I know i could do this by passing the objects around as parameters, but that seems utterly pointless, there must be a more logical way to do this that doesn't using classes seem so pointless? Thanks in advance!

  Read the article

• Is there a case for parameterising using Abstract classes rather than Interfaces?

  - by Chris

  I'm currently developing a component based API that is heavily stateful. The top level components implement around a dozen interfaces each. The stock top-level components therefore sit ontop of a stack of Abstract implementations which in turn contain multiple mixin implementations and implement multiple mixin interfaces. So far, so good (I hope). The problem is that the base functionality is extremely complex to implement (1,000s of lines in 5 layers of base classes) and therefore I do not wish for component writers to implement the interfaces themselves but rather to extend my base classes (where all the boiler plate code is already written). If the API therefore accepts interfaces rather than references to the Abstract implementation that I wish for component writers to extends, then I have a risk that the implementer will not perform the validation that is both required and assumed by other areas of code. Therefore, my question is, is it sometimes valid to paramerise API methods using an abstract implementation reference rather than a reference to the interface(s) that it implements? Do you have an example of a well-designed API that uses this technique or am I trying to talk myself into bad-practice?

  Read the article

• Books on Debugging Techniques?

  - by zooropa

  Are there any books on debugging techniques? A friend of mine is learning to code and he asked me this question. I told him I don't know of any. Is it that you just have to go through the School of Hard Knocks to learn?

  Read the article

• Why cast null before checking if object is equal to null?

  - by jacerhea

  I was looking through the "Domain Oriented N-Layered .NET 4.0 Sample App" project and ran across some code that I do not understand. In this project they often use syntax like the following to check arguments for null: public GenericRepository(IQueryableContext context,ITraceManager traceManager) { if (context == (IQueryableContext)null) throw new ArgumentNullException("context", Resources.Messages.exception_ContainerCannotBeNull); Why would you cast null to the type of the object you are checking for null?

  Read the article

• How to format dates in Jahia 6 CMS?

  - by dpb

  I am helping a friend of mine put up a site for his business. I’ve read different posts and sites trying to find the ideal CMS tool, but people have different views of what is the best, so I finally just picked one of them at random. So I went for an evaluation of Jahia 6.0-CE. As you’ve probably guessed by now, I don’t have so much experience with CMS tools. I just want to setup the CMS, write the templates for the site and let my friend manage the content from there on. So I extracted the sources from SVN and went for a test drive. I managed to create some simple templates to get a hang of things but now I have an issue with a date format. In my definitions.cnd I declared the field like so: date myDateField (datetimepicker[format='dd.MM.yyyy']) This is formatted in the page and the selector also presents this in the dd.MM.yyyy format when inserting the content. But how about sites in other countries, countries that represent the date as MM.dd.yyyy for example? If I specify the format in the CND, hard coded, how can I change this later on so that it adapts based on the browser’s language? Do I extract the content from the repository and format it by hand in the JSP template based on a Locale, or is there a better way? Thank you.

  Read the article

• Could this be considered a well-written PHP5 class?

  - by Ben Dauphinee

  I have been learning OOP principals on my own for a while, and taken a few cracks at writing classes. What I really need to know now is if I am actually using what I have learned correctly, or if I could improve as far as OOP is concerned. I have chopped a massive portion of code out of a class that I have been working on for a while now, and pasted it here. To all you skilled and knowledgeable programmers here I ask: Am I doing it wrong? class acl extends genericAPI{ // -- Copied from genericAPI class protected final function sanityCheck($what, $check, $vars){ switch($check){ case 'set': if(isset($vars[$what])){return(1);}else{return(0);} break; } } // --------------------------------- protected $db = null; protected $dataQuery = null; public function __construct(Zend_Db_Adapter_Abstract $db, $config = array()){ $this->db = $db; if(!empty($config)){$this->config = $config;} } protected function _buildQuery($selectType = null, $vars = array()){ // Removed switches for simplicity sake $this->dataQuery = $this->db->select( )->from( $this->config['table_users'], array('tf' => '(CASE WHEN count(*) > 0 THEN 1 ELSE 0 END)') )->where( $this->config['uidcol'] . ' = ?', $vars['uid'] ); } protected function _sanityRun_acl($sanitycheck, &$vars){ switch($sanitycheck){ case 'uid_set': if(!$this->sanityCheck('uid', 'set', $vars)){ throw new Exception(ERR_ACL_NOUID); } $vars['uid'] = settype($vars['uid'], 'integer'); break; } } private function user($action = null, $vars = array()){ switch($action){ case 'exists': $this->_sanityRun_acl('uid_set', $vars); $this->_buildQuery('user_exists_idcheck', $vars); return($this->db->fetchOne($this->dataQuery->__toString())); break; } } public function user_exists($uid){ return($this->user('exists', array('uid' => $uid))); } } $return = $acl_test->user_exists(1);

  Read the article

• What the reasons for/against returning 0 from main in ISO C++?

  - by Maulrus

  I know that the C++ standard says that return 0 is inserted at the end of main() if no return statement is given; however, I often see recently-written, standard-conforming C++ code that explicitly returns 0 at the end of main(). For what reasons would somebody want to explicitly return 0 if it's automatically done by the compiler?

  Read the article

• Which user account to assign as owner when attaching an SQL Server database?

  - by FreshCode

  This is a simple database security & performance question, but I've always used either a special user (eg. mydbuser), or Windows' built-in NETWORK SECURITY account as the owner when attaching databases to my SQL Server instances. When deploying my database to a production server, is there a specific user I should stick to or avoid? I would think that using an account with a set password could open the database up to a potential security issue.

  Read the article

< Previous Page | 129 130 131 132 133 134 135 136 137 138 139 140  | Next Page >