Search Results

Search found 30111 results on 1205 pages for 'best practices analyzer'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 136/1205 | < Previous Page | 132 133 134 135 136 137 138 139 140 141 142 143  | Next Page >

  • What are the weaknesses of this user authentication method?

    - by byronh
    I'm developing my own PHP framework. It seems all the security articles I have read use vastly different methods for user authentication than I do so I could use some help in finding security holes. Some information that might be useful before I start. I use mod_rewrite for my MVC url's. Passwords are sha1 and md5 encrypted with 24 character salt unique to each user. mysql_real_escape_string and/or variable typecasting on everything going in, and htmlspecialchars on everything coming out. Step-by step process: Top of every page: session_start(); session_regenerate_id(); If user logs in via login form, generate new random token to put in user's MySQL row. Hash is generated based on user's salt (from when they first registered) and the new token. Store the hash and plaintext username in session variables, and duplicate in cookies if 'Remember me' is checked. On every page, check for cookies. If cookies set, copy their values into session variables. Then compare $_SESSION['name'] and $_SESSION['hash'] against MySQL database. Destroy all cookies and session variables if they don't match so they have to log in again. If login is valid, some of the user's information from the MySQL database is stored in an array for easy access. So far, I've assumed that this array is clean so when limiting user access I refer to user.rank and deny access if it's below what's required for that page. I've tried to test all the common attacks like XSS and CSRF, but maybe I'm just not good enough at hacking my own site! My system seems way too simple for it to actually be secure (the security code is only 100 lines long). What am I missing? I've also spent alot of time searching for the vulnerabilities with mysql_real_escape string but I haven't found any information that is up-to-date (everything is from several years ago at least and has apparently been fixed). All I know is that the problem was something to do with encoding. If that problem still exists today, how can I avoid it? Any help will be much appreciated.

    Read the article

  • Is there a standard practice for storing default application data?

    - by Rox Wen
    Our application includes a default set of data. The default data includes coefficients and other factors that are unlikely to ever change but still need to be update-able by the user. Currently, the original default data is stored as a populated class within the application. Data updates are stored to an external XML file. This design allows us to include a "reset" feature to restore the original default data. Our rationale for not storing defaults externally [e.g. XML file] was to minimize the risk of being altered. The overall volume of data doesn't warrant a database. Is there a standard practice for storing "default" application data?

    Read the article

  • Any reason not to always log stack traces?

    - by Chris Knight
    Encountered a frustrating problem in our application today which came down to an ArrayIndexOutOfBounds exception being thrown. The exception's type was just about all that was logged which is fairly useless (but, oh dear legacy app, we still love you, mostly). I've redeployed the application with a change which logs the stack trace on exception handling (and immediately found the root cause of the problem) and wondered why no one else did this before. Do you generally log the stack trace and is there any reason you wouldn't do this? Bonus points if you can explain (why, not how) the rationale behind having to jump hoops in java to get a string representation of a stack trace!

    Read the article

  • Which framework exceptions should every programmer know about ?

    - by Thibault Falise
    I've recently started a new project in C#, and, as I was coding some exception throw in a function, I figured out I didn't really know which exception I should use. Here are common exceptions that are often thrown in many programs : ArgumentException ArgumentNullException InvalidOperationException Are there any framework exceptions you often use in your programs ? Which exceptions should every .net programmer know about ? When do you use custom exception ?

    Read the article

  • Code Design Process?

    - by user156814
    I am going to be working on a project, a web application. I was reading 37signals getting real pamphlet online (http://gettingreal.37signals.com/), and I understand the recommended process to build the entire website. Brainstorm, sketch, HTML, code. They touch on each process lightly, but they never really talk much about the coding process (all they say is to keep code lean). I've been reading about different ways to go about it (top to bottom, bottom to top) but I dont know much about each way. I even read somewhere that one should write tests for the code before they actually write the code??? WHAT? What coding process should one follow when building an application. if its necessary, I'm using PHP and a framework.

    Read the article

  • How to test method call order with Moq

    - by Finglas
    At the moment I have: [Test] public void DrawDrawsAllScreensInTheReverseOrderOfTheStack() { // Arrange. var screenMockOne = new Mock<IScreen>(); var screenMockTwo = new Mock<IScreen>(); var screens = new List<IScreen>(); screens.Add(screenMockOne.Object); screens.Add(screenMockTwo.Object); var stackOfScreensMock = new Mock<IScreenStack>(); stackOfScreensMock.Setup(s => s.ToArray()).Returns(screens.ToArray()); var screenManager = new ScreenManager(stackOfScreensMock.Object); // Act. screenManager.Draw(new Mock<GameTime>().Object); // Assert. screenMockOne.Verify(smo => smo.Draw(It.IsAny<GameTime>()), Times.Once(), "Draw was not called on screen mock one"); screenMockTwo.Verify(smo => smo.Draw(It.IsAny<GameTime>()), Times.Once(), "Draw was not called on screen mock two"); } But the order in which I draw my objects in the production code does not matter. I could do one first, or two it doesn't matter. However it should matter as the draw order is important. How do you (using Moq) ensure methods are called in a certain order? Edit I got rid of that test. The draw method has been removed from my unit tests. I'll just have to manually test it works. The reversing of the order though was taken into a seperate test class where it was tested so it's not all bad. Thanks for the link about the feature they are looking into. I sure hope it gets added soon, very handy.

    Read the article

  • Usage of Assert.Inconclusive

    - by Johannes Rudolph
    Hi, Im wondering how someone should use Assert.Inconclusive(). I'm using it if my Unit test would be about to fail for a reason other than what it is for. E.g. i have a method on a class that calculates the sum of an array of ints. On the same class there is also a method to calculate the average of the element. It is implemented by calling sum and dividing it by the length of the array. Writing a Unit test for Sum() is simple. However, when i write a test for Average() and Sum() fails, Average() is likely to fail also. The failure of Average is not explicit about the reason it failed, it failed for a reason other than what it should test for. That's why i would check if Sum() returns the correct result, otherwise i Assert.Inconclusive(). Is this to be considered good practice? What is Assert.Inconclusive intended for? Or should i rather solve the previous example by means of an Isolation Framework?

    Read the article

  • Allow for modular development while still running in same JVM?

    - by Marcus
    Our current app runs in a single JVM. We are now splitting up the app into separate logical services where each service runs in its own JVM. The split is being done to allow a single service to be modified and deployed without impacting the entire system. This reduces the need to QA the entire system - just need to QA the interaction with the service being changed. For inter service communication we use a combination of REST, an MQ system bus, and database views. What I don't like about this: REST means we have to marshal data to/from XML DB views couple the systems together which defeats the whole concept of separate services MQ / system bus is added complexity There is inevitably some code duplication between services You have set up n JBoss server configurations, we have to do n number of deployments, n number of set up scripts, etc, etc. Is there a better way to structure an internal application to allow modular development and deployment while allowing the app to run in a single JVM (and achieving the associated benefits)?

    Read the article

  • How could it happen that version control software emerged so lately?

    - by sharptooth
    According to Wikipedia (the table at the page bottom), the earliest known version control systems were CVS and TeamWare both known from year 1990. How can it be? Software development has been here from at most 1960's and I honestly can't imagine working with codebase without version control. How could it happen that version control software emerged so lately compared to software development?

    Read the article

  • help me to choose between two software architecture

    - by alex
    // stupid title, but I could not think anything smarter I have a code (see below, sorry for long code but it's very-very simple): namespace Option1 { class AuxClass1 { string _field1; public string Field1 { get { return _field1; } set { _field1 = value; } } // another fields. maybe many fields maybe several properties public void Method1() { // some action } public void Method2() { // some action 2 } } class MainClass { AuxClass1 _auxClass; public AuxClass1 AuxClass { get { return _auxClass; } set { _auxClass = value; } } public MainClass() { _auxClass = new AuxClass1(); } } } namespace Option2 { class AuxClass1 { string _field1; public string Field1 { get { return _field1; } set { _field1 = value; } } // another fields. maybe many fields maybe several properties public void Method1() { // some action } public void Method2() { // some action 2 } } class MainClass { AuxClass1 _auxClass; public string Field1 { get { return _auxClass.Field1; } set { _auxClass.Field1 = value; } } public void Method1() { _auxClass.Method1(); } public void Method2() { _auxClass.Method2(); } public MainClass() { _auxClass = new AuxClass1(); } } } class Program { static void Main(string[] args) { // Option1 Option1.MainClass mainClass1 = new Option1.MainClass(); mainClass1.AuxClass.Field1 = "string1"; mainClass1.AuxClass.Method1(); mainClass1.AuxClass.Method2(); // Option2 Option2.MainClass mainClass2 = new Option2.MainClass(); mainClass2.Field1 = "string2"; mainClass2.Method1(); mainClass2.Method2(); Console.ReadKey(); } } What option (option1 or option2) do you prefer ? In which cases should I use option1 or option2 ? Is there any special name for option1 or option2 (composition, aggregation) ?

    Read the article

  • Good tools for keeping the content in test/staging/live environments synchronized

    - by David Stratton
    I'm looking for recommendations on automated folder synchronization tools to keep the content in our three environments synchronized automatically. Specifically, we have several applications where a user can upload content (via a File Upload page or a similar mechanism), such as images, pdf files, word documents, etc. In the past, we had the user doing this to our live server, and as a result, our test and staging servers had to be manually synchronized. Going forward, we will have them upload content to the staging server, and we would like some software to automatically copy the files off to the test and live servers EITHER on a scheduled basis OR as the files get uploaded. I was planning on writing my own component, and either set it up as a scheduled task, or use a FileSystemWatcher, but it occurred to me that this has probably already been done, and I might be better off with some sort of synchronization tool that already exists. On our web site, there are a limited number of folders that we want to keep synchronized. In these folders, it is an all or nothing - we want to make sure the folders are EXACT duplicates. This should make it fairly straightforward, and I would think that any software that can synchronize folders would be OK, except that we also would like the software to log changes. (This rules out simple BATCH files.) So I'm curious, if you have a similar environment, how did you solve the challenge of keeping everything synchronized. Are you aware of a tool that is reliable, and will meet our needs? If not, do you have a recommendation for something that will come close, or better yet, an open source solution where we can get the code and modify it as needed? (preferably .NET). Added Also, I DID google this first, but there are so many options, I am interested mostly in knowing what actually works well vs what they SAY works, which is why I'm asking here.

    Read the article

  • Combine hash values in C#

    - by Chris
    I'm creating a generic object collection class and need to implement a Hash function. I can obviously (and easily!) get the hash values for each object but was looking for the 'correct' way to combine them to avoid any issues. Does just adding, xoring or any basic operation harm the quality of the hash or am I going to have to do something like getting the objects as bytes, combining them and then hashing that? Cheers in advance

    Read the article

  • Working with multiple input and output files in Python

    - by Morlock
    I need to open multiple files (2 input and 2 output files), do complex manipulations on the lines from input files and then append results at the end of 2 output files. I am currently using the following approach: in_1 = open(input_1) in_2 = open(input_2) out_1 = open(output_1, "w") out_2 = open(output_2, "w") # Read one line from each 'in_' file # Do many operations on the DNA sequences included in the input files # Append one line to each 'out_' file in_1.close() in_2.close() out_1.close() out_2.close() The files are huge (each potentially approaching 1Go, that is why I am reading through these input files one at a time. I am guessing that this is not a very Pythonic way to do things. :) Would using the following form good? with open("file1") as f1: with open("file2") as f2: # etc. If yes, could I do it while avoiding the highly indented code that would result? Thanks for the insights!

    Read the article

  • What turns away users/prospective users?

    - by Zach Johnson
    In your experience, what kinds of things have turned away users and prospective users from using your programs? Also, what kinds of things turn you away from using someone else's programs? For example, one thing that really bugs me is when someone provides free software, but requires you to enter your name and email address before you download it. Why do they need my name and email address? I just want to use the program! I understand that the developer(s) may want to get a feel for how many users they have, etc, but the extra work I have to do really makes me think twice about downloading their software, even if it does really great things.

    Read the article

  • What policies are standard for programmers?

    - by Shehket's Apprentice
    My office is about has proposed implementing some extremely strict (I would consider them draconian) policies regarding programmers, and our access due to security concerns (note, we have never had a security breach). While I can theoretically get used to them, I'd like to ask about what is considered good security policy for programmers, specifically in the area of access policies, and what is too much? Any answers to this question are greatly appreciated as they directly relate to my ability to write code, and I can't find anything so far on Google. Edit: Most of the security policies that concern me are about access to my machine and to the code. According to these proposed policies, I'd need management approval to access either, which means that I'd be forced to get management to unlock my computer anytime I leave my desk as my computer is always locked when I'm not at my desk.

    Read the article

  • .NET without use of DLL's

    - by Kieran
    Hi SO community I have been issued a problem with security. A bank will not allow use of DLL's in the project. What sort of structure would be needed to allow DataAccess and or the use of external services (like an email client mailchimp, icontct). has anyone else encountered this sort of problem before? If they have how should the project be structured (.net 3.5+). Thanks, KJ

    Read the article

  • A better way to delete a list of elements from multiple tables

    - by manyxcxi
    I know this looks like a 'please write the code' request, but some basic pointer/principles for doing this the right way should be enough to get me going. I have the following stored procedure: CREATE PROCEDURE `TAA`.`runClean` (IN idlist varchar(1000)) BEGIN DECLARE EXIT HANDLER FOR NOT FOUND ROLLBACK; DECLARE EXIT HANDLER FOR SQLEXCEPTION ROLLBACK; DECLARE EXIT HANDLER FOR SQLWARNING ROLLBACK; START TRANSACTION; DELETE FROM RunningReports WHERE run_id IN (idlist); DELETE FROM TMD_INDATA_INVOICE WHERE run_id IN (idlist); DELETE FROM TMD_INDATA_LINE WHERE run_id IN (idlist); DELETE FROM TMD_OUTDATA_INVOICE WHERE run_id IN (idlist); DELETE FROM TMD_OUTDATA_LINE WHERE run_id IN (idlist); DELETE FROM TMD_TEST WHERE run_id IN (idlist); DELETE FROM RunHistory WHERE id IN (idlist); COMMIT; END $$ It is called by a PHP script to clean out old run history. It is not particularly efficient as you can see and I would like to speed it up. The PHP script gathers the ids to remove from the tables with the following query: $query = "SELECT id, stop_time FROM RunHistory WHERE config_id = $configId AND save = 0 AND NOT(stop_time IS NULL) ORDER BY stop_time"; It keeps the last five run entries and deletes all the rest. So using this query to bring back all the IDs, it determines which ones to delete and keeps the 'newest' five. After gathering the IDs it sends them to the stored procedure to remove them from the associated tables. I'm not very good with SQL, but I ASSUME that using an IN statement and not joining these tables together is probably the least efficient way I can do this, but I don't know enough to ask anything but "how do I do this better?" If possible, I would like to do this all in my stored procedure using a query to gather all the IDs except for the five 'newest', then delete them. Another twist, run entries can be marked save (save = 1) and should not be deleted. The RunHistory table looks like this: CREATE TABLE `TAA`.`RunHistory` ( `id` int(11) NOT NULL auto_increment, `start_time` datetime default NULL, `stop_time` datetime default NULL, `config_id` int(11) NOT NULL, [...] `save` tinyint(1) NOT NULL default '0', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=0 DEFAULT CHARSET=utf8;

    Read the article

  • What are possible designs for the DCI architecture?

    - by Gabriel Šcerbák
    What are possibles designs for implementation of the DCI (data, contexts, interactions) architecture in different OOP languages? I thought of Policy based design (Andrei Alexandrescu) for C++, DI and AOP for Java. However, I also thought about using State design pattern for representing roles and some sort of Template method for the interactions... What are the other possibilities?

    Read the article

  • Is there an existing template for a new C++ Open Source project

    - by esavard
    I want to start a new C++ (Qt) Open Source project and I'm wondering if there is an existing template somewhere for files usually found in an Open Source project but that are not purely source code (README, LICENSE, CHANGELOG, etc.) I could probably find a popular Open Source project for inspiration but if there is some existing generic templates, I will use that instead. Thanks.

    Read the article

  • Git Submodule or fork

    - by Eric
    I have a private repo in github that is the complete source code to my cms. Now I have a few local customers that I want to use the same code base on but with different themes. Is it better to fork the original project out into a repo for each one. Or use a submodule and create a new repo for each customer? After each site is complete I would imagine the theme files wouldn't change much but would need to pull in changes from the main repo when bugs are discovered.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 132 133 134 135 136 137 138 139 140 141 142 143  | Next Page >