Search Results

Search found 14545 results on 582 pages for 'design patterns'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 133/582 | < Previous Page | 129 130 131 132 133 134 135 136 137 138 139 140  | Next Page >

  • Is reliance on parametrized queries the only way to protect against SQL injection?

    - by Chris Walton
    All I have seen on SQL injection attacks seems to suggest that parametrized queries, particularly ones in stored procedures, are the only way to protect against such attacks. While I was working (back in the Dark Ages) stored procedures were viewed as poor practice, mainly because they were seen as less maintainable; less testable; highly coupled; and locked a system into one vendor; (this question covers some other reasons). Although when I was working, projects were virtually unaware of the possibility of such attacks; various rules were adopted to secure the database against corruption of various sorts. These rules can be summarised as: No client/application had direct access to the database tables. All accesses to all tables were through views (and all the updates to the base tables were done through triggers). All data items had a domain specified. No data item was permitted to be nullable - this had implications that had the DBAs grinding their teeth on occasion; but was enforced. Roles and permissions were set up appropriately - for instance, a restricted role to give only views the right to change the data. So is a set of (enforced) rules such as this (though not necessarily this particular set) an appropriate alternative to parametrized queries in preventing SQL injection attacks? If not, why not? Can a database be secured against such attacks by database (only) specific measures? EDIT Emphasis of the question changed slightly, in the light of the initial responses received. Base question unchanged. EDIT2 The approach of relying on paramaterized queries seems to be only a peripheral step in defense against attacks on systems. It seems to me that more fundamental defenses are both desirable, and may render reliance on such queries not necessary, or less critical, even to defend specifically against injection attacks. The approach implicit in my question was based on "armouring" the database and I had no idea whether it was a viable option. Further research has suggested that there are such approaches. I have found the following sources that provide some pointers to this type of approach: http://database-programmer.blogspot.com http://thehelsinkideclaration.blogspot.com The principle features I have taken from these sources is: An extensive data dictionary, combined with an extensive security data dictionary Generation of triggers, queries and constraints from the data dictionary Minimize Code and maximize data While the answers I have had so far are very useful and point out difficulties arising from disregarding paramaterized queries, ultimately they do not answer my original question(s) (now emphasised in bold).

    Read the article

  • Variable declaration versus assignment syntax

    - by rwallace
    Working on a statically typed language with type inference and streamlined syntax, and need to make final decision about syntax for variable declaration versus assignment. Specifically I'm trying to choose between: // Option 1. Create new local variable with :=, assign with = foo := 1 foo = 2 // Option 2. Create new local variable with =, assign with := foo = 1 foo := 2 Creating functions will use = regardless: // Indentation delimits blocks square x = x * x And assignment to compound objects will do likewise: sky.color = blue a[i] = 0 Which of options 1 or 2 would people find most convenient/least surprising/otherwise best?

    Read the article

  • S#arp Architecture 1.5 Beta 1 released

    - by AlecWhittington
    Well it is official, I just finished my first release for S#arp Architecture . While this is only a beta release, it does contain some big upgrades and we are hoping to get any bugs handled quickly so that we can get the RTM release completed. This will be a short post, with a more detailed posts coming in the next few days. A big thanks goes out to Billy McCafferty , Michael Aird, Hoang Tang, and everyone else that had a say in this release. Release notes Built on top of ASP.NET MVC 2 RTM release...(read more)

    Read the article

  • Cyclic Dependencies.

    - by PhilCK
    Are cyclic dependencies a common thing in games dev? I ask as I keep getting into situation where I'm using and have been told more than once that they should be avoided. I am wondering if this is just a what people say as a general rule of thumb in the software development business. and that the nature of game programming produces such dependencies. // Foo #include <Bar.hpp> class Foo { bar& m_bar; }; and // Bar class Foo; class Bar { Foo* m_foo; }; I do this alot in Ruby, but dynamic languages are more forgiving in this instance, where as static ones, not so much.

    Read the article

  • null values vs "empty" singleton for optional fields

    - by Uko
    First of all I'm developing a parser for an XML-based format for 3D graphics called XGL. But this question can be applied to any situation when you have fields in your class that are optional i.e. the value of this field can be missing. As I was taking a Scala course on coursera there was an interesting pattern when you create an abstract class with all the methods you need and then create a normal fully functional subclass and an "empty" singleton subclass that always returns false for isEmpty method and throws exceptions for the other ones. So my question is: is it better to just assign null if the optional field's value is missing or make a hierarchy described above and assign it an empty singleton implementation?

    Read the article

  • Will a polled event system cause lag for a server?

    - by Milo
    I'm using a library called ENet. It is a reliable UDP library. The way it works is a polled event system like this: ENetEvent event; /* Wait up to 1000 milliseconds for an event. */ while (enet_host_service (client, & event, 1000) > 0) { switch (event.type) { case ENET_EVENT_TYPE_CONNECT: printf ("A new client connected from %x:%u.\n", event.peer -> address.host, event.peer -> address.port); /* Store any relevant client information here. */ event.peer -> data = "Client information"; break; case ENET_EVENT_TYPE_RECEIVE: printf ("A packet of length %u containing %s was received from %s on channel %u.\n", event.packet -> dataLength, event.packet -> data, event.peer -> data, event.channelID); /* Clean up the packet now that we're done using it. */ enet_packet_destroy (event.packet); break; case ENET_EVENT_TYPE_DISCONNECT: printf ("%s disconected.\n", event.peer -> data); /* Reset the peer's client information. */ event.peer -> data = NULL; } } It waits up to 1000 milliseconds for an event. If I'm hosting say 75 event driven card games and a lobby on the same thread as this code, will it cause any problems. If my understanding is correct, the process will simply sleep until there is an event, when there is one, it will process the event then come back here where potentially 5 or so events have queued up since so enet_host_services would return right away and not cause lag. I have been advised not to use multiple threads, will that be alright like this? Thanks

    Read the article

  • Algorithm for dynamically calculating a level based on experience points?

    - by George
    One of the struggles I've always had in game development is deciding how to implement experience points attributed to gaining a level. There doesn't seem to be a pattern to gaining a level in many of the games I've played, so I assume they have a static dictionary table which contains experience points vs. the level. e.g. Experience Level 0 1 100 2 175 3 280 4 800 5 ...There isn't a rhyme or reason why 280 points is equal to level 4, it just is. I'm not sure how those levels are decided, but it certainly wouldn't be dynamic. I've also thought about the possibility of exponential levels, as not to have to keep a separate lookup table, e.g. Experience Level 0 1 100 2 200 3 400 4 800 5 1600 6 3200 7 6400 8 ...but that seems like it would grow out of control rather quickly, as towards the upper levels, the enemies in the game would have to provide a whopping amount of experience to level -- and that would be to difficult to control. Leveling would become an impossible task. Does anyone have any pointers, or methods they use to decide how to level a character based on experience? I want to be fair in leveling and I want to stay ahead of the players as not to worry about constantly adding new experience/level lookups.

    Read the article

  • Balancing game difficulty against player progression

    - by Raven Dreamer
    It seems that the current climate of games seems to cater to an obvious progression of player power, whether that means getting a bigger, more explosive gun in Halo, leveling up in an RPG, or unlocking new options in Command and Conquer 4. Yet this concept is not exclusive to video or computer games -- even in Dungeons and Dragons players can strive to acquire a +2 sword to replace the +1 weapon they've been using. Yet as a systems designer, the concept of player progression is giving me headache after headache. Should I balance around the players exact capabilities and give up on a simple linear progression? (I think ESIV:Oblivion is a good example of this) Is it better to throw the players into an "arms race" with their opponents, where if the players don't progress in an orderly manner, it is only a matter of time until gameplay is unbearably difficult? (4th Edition DnD strikes me as a good example of this) Perhaps it would make most sense to untether the core gameplay mechanics from progression at all -- give them flashier, more interesting (but not more powerful!) ways to grow?

    Read the article

  • Is true multithreading really necessary?

    - by Jonathan Graef
    So yeah, I'm creating a programming language. And the language allows multiple threads. But, all threads are synchronized with a global interpreter lock, which means only one thread is allowed to execute at a time. The only way to get the threads to switch off is to explicitly tell the current thread to wait, which allows another thread to execute. Parallel processing is of course possible by spawning multiple processes, but the variables and objects in one process cannot be accessed from another. However the language does have a fairly efficient IPC interface for communicating between processes. My question is: Would there ever be a reason to have multiple, unsynchronized threads within a single process (thus circumventing the GIL)? Why not just put thread.wait() statements in key positions in the program logic (presuming thread.wait() isn't a CPU hog, of course)? I understand that certain other languages that use a GIL have processor scheduling issues (cough Python), but they have all been resolved.

    Read the article

  • How is game development different from other software development?

    - by Davy8
    For a solid general purpose software developer, what specifically is different about game development, either fundamentally or just differences in degree? I've done toy games like Tic-tac-toe, Tetris, and a brute-force sudoku solver (with UI) and I'm now embarking on a mid-sized project (mid-sized for being a single developer and not having done many games) and one thing I've found with this particular project is that separation of concerns is a lot harder since everything affects state, and every object can interact with every other object in a myriad of ways. So far I've managed to keep the code reasonably clean for my satisfaction but I find that keeping clean code in non-trivial games is a lot harder than it is for my day job. The game I'm working on is turn-based and the graphics are going to be fairly simple (web-based, mostly through DOM manipulation) so real time and 3d work aren't really applicable to me, but I'd still be interested in answers regarding those if they're interesting. Mostly interested in general game logic though. P.S. Feel free to retag this, I'm not really sure what tags are applicable.

    Read the article

  • What's the best Wireframing tool?

    - by Strae
    I'm looking for something similar to iPlotz or Mockup. I've found the Pencil Project, but it requires xulrunner-1.9 (which seems to be incompatible with xulrunner-1.9.2) in order to run as a standalone application. It can be used as a firefox plugin... but it is a bit slower. The error on my desktop (Ubuntu 10.04) is: Could not find compatible GRE between version 1.9.1 and 1.9.2.* Does anyone know other software? Edit: Open-source software is preferred, and it doesn't matter whether or not it's free.

    Read the article

  • What to include in metadata?

    - by shyam
    I'm wondering if there are any general guidelines or best practices regarding when to split data into a metadata format, as oppose to directly embedding it within the data. (Specific example below). My understanding of metadata is that it describes data (without the need to actually look at the data), allowing for data to be quickly search/filtered for easy access. Let's take for example a simple 3D model format. The actual data file itself is a binary file containing vertices and colors. Things like creation date, modified data and author name would be things that describe the binary data, so I would say these belong as metadata (outside of the binary file). But what if the application had no need to search or filter by these fields? Would it be acceptable to embed these fields directly into the binary data itself? Could they be duplicated in both the binary data and the meta data, or would this be considered bad practice? What about more ambiguous fields such as the model name, which could be considered part of the data itself, but also as data describing the binary data?... How do you decide which data to embed in the actual binary file, as opposed to separating into a more flexible metadata format? Thanks!

    Read the article

  • When following SRP, how should I deal with validating and saving entities?

    - by Kristof Claes
    I've been reading Clean Code and various online articles about SOLID lately, and the more I read about it, the more I feel like I don't know anything. Let's say I'm building a web application using ASP.NET MVC 3. Let's say I have a UsersController with a Create action like this: public class UsersController : Controller { public ActionResult Create(CreateUserViewModel viewModel) { } } In that action method I want to save a user to the database if the data that was entered is valid. Now, according to the Single Responsibility Principle an object should have a single responsibility, and that responsibility should be entirely encapsulated by the class. All its services should be narrowly aligned with that responsibility. Since validation and saving to the database are two separate responsibilities, I guess I should create to separate class to handle them like this: public class UsersController : Controller { private ICreateUserValidator validator; private IUserService service; public UsersController(ICreateUserValidator validator, IUserService service) { this.validator = validator; this.service= service; } public ActionResult Create(CreateUserViewModel viewModel) { ValidationResult result = validator.IsValid(viewModel); if (result.IsValid) { service.CreateUser(viewModel); return RedirectToAction("Index"); } else { foreach (var errorMessage in result.ErrorMessages) { ModelState.AddModelError(String.Empty, errorMessage); } return View(viewModel); } } } That makes some sense to me, but I'm not at all sure that this is the right way to handle things like this. It is for example entirely possible to pass an invalid instance of CreateUserViewModel to the IUserService class. I know I could use the built in DataAnnotations, but what when they aren't enough? Image that my ICreateUserValidator checks the database to see if there already is another user with the same name... Another option is to let the IUserService take care of the validation like this: public class UserService : IUserService { private ICreateUserValidator validator; public UserService(ICreateUserValidator validator) { this.validator = validator; } public ValidationResult CreateUser(CreateUserViewModel viewModel) { var result = validator.IsValid(viewModel); if (result.IsValid) { // Save the user } return result; } } But I feel I'm violating the Single Responsibility Principle here. How should I deal with something like this?

    Read the article

  • Moving camera, or camera with discrete "screens"?

    - by Jacob Millward
    I'm making a game with a friend, but having trouble deciding on a camera style. The basic idea for the game, is having a randomly generated 2-dimensional world, with settlements in it. These settlements would have access to different resources, and it would be the job of the player to create bridges and ladders and links between these villages so they can trade. The player would advance personally by getting better gear, fighting monsters and looking for materials in the world, in order to craft and trade them at the settlements. My friend wants to use an old-style camera, where the world is split into a discrete number of screens that the player moves between. Similar to early Zelda dungeons, or Knytt Stories. This is opposite to me, as I want a standard camera that follows the player around as I feel the split-screen style camera limits the game. Can anyone argue the case either way? We've hit a massive roadblock here and can't seem to get past it.

    Read the article

  • Map Library: Client-side or Server-side?

    - by Mahdi
    As I have already asked here, I have to implement a Multi-Platform Map application. Now I have Mapstraction as an option which uses Javascript to implement the desired functionality. My question is, "Is there any reason/benefit to implement such a library (let say, Adapters) in Server-side (in my case, PHP)?" As these maps are all based on Javascript, there is a big reason to use Javascript again to make the adapter also, so it would not be dependent to PHP, Java, or .NET for example. But is that all? I wish to hear your ideas and comments also. :)

    Read the article

  • Gamification: designing cooperation in an RPG like game based on Scrum methodology

    - by Grzegorz Slawecki
    I have implemented with 3 friends a gamified system at my work (development company) which builds an fantasy rpg game over scrum project methodology. Generally, the tasks are the missions, each player is represented by a character. They earn XPs for completing tasks and they advance to the next levels which gives them badges, titles and (this is in planning phase) new privileges (e.g. priority in choosing tasks). Since the very beginning we try to do everything to avoid rivalisation between players because it would ruin the project if the players started to compete. There are no explicit leaderboards, we also plan to give bonuses for helping other players. I have a feeling that this is still not enough to really encourage cooperation. I would like to ask You for any ideas that come to Your mind that would help.

    Read the article

  • How do I start correctly in building database classes in c#?

    - by e4rthdog
    I am new in C# programming and in OOP. I need to dive into web applications for my company, and I need to do it fast and correct. So even that I know ASP.NET MVC is the way to go, I want to start with some simple applications with ASP.NET Webforms and then advance to MVC logic. Also regarding my db classes: I plan to create common database classes in order to be able to use them either from WinForms or ASP.NET applications. I also know that the way to go is to learn about ORM and EF. BUT I also want to start from where I am feeling comfortable and that is the traditional ADO.NET way. So about my Data Access Layer classes: Should I return my results in datasets or arraylists/lists? Should my methods do their own connect/disconnect from the db, or have separate methods and let the application maintain the connection?

    Read the article

  • When to use abstract classes instead of interfaces and extension methods in C#?

    - by Gulshan
    "Abstract class" and "interface" are similar type of ideas, while interface being more abstract. One need of abstract classes was to provide method implementations for the derived classes. But in C#, that need has also been reduced by lately introduced extension methods. So, in C#, when should we use abstract classes instead of using interfaces and extension methods associated with the interface? And now, we can use 'Properties' in interfaces also. A notable example of interface+ extension methods is the Heavily used IEnumerable and it's helper methods. You use Linq and it's all by this extension methods!

    Read the article

  • Simplifying C++11 optimal parameter passing when a copy is needed

    - by Mr.C64
    It seems to me that in C++11 lots of attention was made to simplify returning values from functions and methods, i.e.: with move semantics it's possible to simply return heavy-to-copy but cheap-to-move values (while in C++98/03 the general guideline was to use output parameters via non-const references or pointers), e.g.: // C++11 style vector<string> MakeAVeryBigStringList(); // C++98/03 style void MakeAVeryBigStringList(vector<string>& result); On the other side, it seems to me that more work should be done on input parameter passing, in particular when a copy of an input parameter is needed, e.g. in constructors and setters. My understanding is that the best technique in this case is to use templates and std::forward<>, e.g. (following the pattern of this answer on C++11 optimal parameter passing): class Person { std::string m_name; public: template <class T, class = typename std::enable_if < std::is_constructible<std::string, T>::value >::type> explicit Person(T&& name) : m_name(std::forward<T>(name)) { } ... }; A similar code could be written for setters. Frankly, this code seems boilerplate and complex, and doesn't scale up well when there are more parameters (e.g. if a surname attribute is added to the above class). Would it be possible to add a new feature to C++11 to simplify code like this (just like lambdas simplify C++98/03 code with functors in several cases)? I was thinking of a syntax with some special character, like @ (since introducing a &&& in addition to && would be too much typing :) e.g.: class Person { std::string m_name; public: /* Simplified syntax to produce boilerplate code like this: template <class T, class = typename std::enable_if < std::is_constructible<std::string, T>::value >::type> */ explicit Person(std::string@ name) : m_name(name) // implicit std::forward as well { } ... }; This would be very convenient also for more complex cases involving more parameters, e.g. Person(std::string@ name, std::string@ surname) : m_name(name), m_surname(surname) { } Would it be possible to add a simplified convenient syntax like this in C++? What would be the downsides of such a syntax?

    Read the article

  • Algorithm for tracking progress of controller method running in background

    - by SilentAssassin
    I am using Codeigniter framework for PHP on Windows platform. My problem is I am trying to track progress of a controller method running in background. The controller extracts data from the database(MySQL) then does some processing and then stores the results again in the database. The complete aforesaid process can be considered as a single task. A new task can be assigned while another task is running. The newly assigned task will be added in a queue. So if I can track progress of the controller, I can show status for each of these tasks. Like I can show "Pending" status for tasks in the queue, "In Progress" for tasks running and "Done" for tasks that are completed. Main Issue: Now first thing I need to find is an algorithm to track the progress of how much amount of execution the controller method has completed and that means tracking how much amount of method has completed execution. For instance, this PHP script tracks progress of array being counted. Here the current state and state after total execution are known so it is possible to track its progress. But I am not able to devise anything analogous to it in my case. Maybe what I am trying to achieve is programmtically not possible. If its not possible then suggest me a workaround or a completely new approach. If some details are pending you can mention them. Sorry for my ignorance this is my first post here. I welcome you to point out my mistakes. EDIT: Database outline: The URL(s) and keyword(s) are first entered by user which are stored in a database table called link_master and keyword_master respectively. Then keywords are extracted from all the links present in this table and compared with keywords entered by user and their frequency is calculated which is the final result. And the results are stored in another table called link_result. Now sub-links are extracted from the domain links and stored in a table called sub_link_master. Now again the keywords are extracted from these sub-links and the corresponding results are stored in a table called sub_link_result. The number of records cannot be defined beforehand as the number of links on any web page can be different. Only the cardinality of *link_result* table can be known which will be equal to multiplication of number of keyword(s) and URL(s) . I insert multiple records at a time using this resource. Controller outline: The controller extracts keywords from a web page and also extracts keywords from all the links present on that page. There is a method called crawlLink. I used Rolling Curl to extract keywords and web page content. It has callback function which I used for extracting keywords alongwith generating results and extracting valid sub-links. There is a insertResult method which stores results for links and sub-links in the respective tables. Yes, the processing depends on the number of records. The more the number of records, the more time it takes to execute: Consider this scenario: Number of Domain Links = 1 Number of Keywords = 3 Number of Domain Links Result generated = 3 (3 x 1 as described in the question) Number of Sub Links generated = 41 Number of Sub Links Result = 117 (41 x 3 = 123 but some links are not valid or searchable) Approximate time taken for above process to complete = 55 seconds. The above result is for a single link. I want to track the progress of the above results getting stored in database. When all results are stored, the task is complete. If results are getting stored, the task is In Progress. I am not clear how can I track this progress.

    Read the article

  • Push or Pull Input Data In the Game Logic?

    - by Qua
    In the process of preparing my game for networking I'm adding a layer of seperation between the physical input (mouse/keyboard) and the actual game "engine"/logic. All input that has any relation to the game logic is wrapped inside action objects such as BuildBuildingAction. I was thinking of having an action processing layer that would determine what to do with the input. This layer could then be set up to either just pass the actions locally to the game engine or send it via sockets to the network server depending on whether the game was single- or multiplayer. In network games it would make sense that the player's actions should be sent to the server, but should the game logic be pulling (polling?) the data through some sort of interface or should the action processing layer be adding the actions to an input queue in the game logic code?

    Read the article

  • Starting point for a simple game written in action script [closed]

    - by Hossein
    Possible Duplicate: AS3/Flash Game Dev: Looking for good & current step by step. Hi, I want to develop a simple game like: http://www.albinoblacksheep.com/games/falldown2 And then making it a bit more fancy. But I don't know where to start. I have already started AS3 so I know about the syntax and stuff, but I am kinda lost. Does anyone knows of a nice starting point or a tutorial that can help me with this? Thanks

    Read the article

  • How can I make an MMORPG appeal to casual players?

    - by Philipp
    I believe that there is a significant market of players who would enjoy the exploration and interaction aspects of MMORPGs, but simply don't have the time for the endless grinding marathons which are part of the average MMORPG. MMORPGs are all about interaction between players. But when different players have different amounts of time to invest into a game, those with less time to spend will soon lack behind their power-leveling friends and won't be able to interact with them anymore. One way to solve this would be to limit the progress a player can achieve per day, so that it simply doesn't make sense to play more than one or two hours a day. But even the busiest casual players sometimes like to spend a whole sunday afternoon playing a video game. Just stopping them after two hours would be really frustrating. It also creates a pressure to use the daily progress limit every day, because otherwise the player would feel like wasting something. This pressure would be detrimental for casual gamers. What else could be done to level the playing field between those players who play 40+ hours a week and those who can't play more than 10?

    Read the article

  • Creating user UI using Flixel

    - by Jamie Read
    I am new to game development but familiar with programming languages. I have started using Flixel and have a working Breakout game with score and lives. What I am trying to do is add a Start Screen before actually loading the game. I have a create function that adds all the game elements to the stage: override public function create():void // all game elements { How can I add this pre-load Start Screen? I'm not sure if I have to add in the code to this create function or somewhere else and what code to actually add. Eventually I would also like to add saving, loading, options and upgrades too. So any advice with that would be great. Here is my main game.as: package { import org.flixel.*; public class Game extends FlxGame { private const resolution:FlxPoint = new FlxPoint(640, 480); private const zoom:uint = 2; private const fps:uint = 60; public function Game() { super(resolution.x / zoom, resolution.y / zoom, PlayState, zoom); FlxG.flashFramerate = fps; } } } Thanks.

    Read the article

  • Why not expose a primary key

    - by Angelo Neuschitzer
    In my education I have been told that it is a flawed idea to expose actual primary keys (not only DB keys, but all primary accessors) to the user. I always thought it to be a security problem (because an attacker could attempt to read stuff not their own). Now I have to check if the user is allowed to access anyway, so is there a different reason behind it? Also, as my users have to access the data anyway I will need to have a public key for the outside world somewhere in between. Now that public key has the same problems as the primary key, doesn't it?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 129 130 131 132 133 134 135 136 137 138 139 140  | Next Page >