Search Results

Search found 33012 results on 1321 pages for 'method injection'.

Page 143/1321 | < Previous Page | 139 140 141 142 143 144 145 146 147 148 149 150  | Next Page >

  • Top 25 security issues for developers of web sites

    - by BizTalk Visionary
    Sourced from: CWE This is a brief listing of the Top 25 items, using the general ranking. NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile. Rank Score ID Name [1] 346 CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') [2] 330 CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') [3] 273 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') [4] 261 CWE-352 Cross-Site Request Forgery (CSRF) [5] 219 CWE-285 Improper Access Control (Authorization) [6] 202 CWE-807 Reliance on Untrusted Inputs in a Security Decision [7] 197 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [8] 194 CWE-434 Unrestricted Upload of File with Dangerous Type [9] 188 CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') [10] 188 CWE-311 Missing Encryption of Sensitive Data [11] 176 CWE-798 Use of Hard-coded Credentials [12] 158 CWE-805 Buffer Access with Incorrect Length Value [13] 157 CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') [14] 156 CWE-129 Improper Validation of Array Index [15] 155 CWE-754 Improper Check for Unusual or Exceptional Conditions [16] 154 CWE-209 Information Exposure Through an Error Message [17] 154 CWE-190 Integer Overflow or Wraparound [18] 153 CWE-131 Incorrect Calculation of Buffer Size [19] 147 CWE-306 Missing Authentication for Critical Function [20] 146 CWE-494 Download of Code Without Integrity Check [21] 145 CWE-732 Incorrect Permission Assignment for Critical Resource [22] 145 CWE-770 Allocation of Resources Without Limits or Throttling [23] 142 CWE-601 URL Redirection to Untrusted Site ('Open Redirect') [24] 141 CWE-327 Use of a Broken or Risky Cryptographic Algorithm [25] 138 CWE-362 Race Condition Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.

    Read the article

  • How to avoid throwing vexing exceptions?

    - by Mike
    Reading Eric Lippert's article on exceptions was definitely an eye opener on how I should approach exceptions, both as the producer and as the consumer. However, I'm still struggling to define a guideline regarding how to avoid throwing vexing exceptions. Specifically: Suppose you have a Save method that can fail because a) Somebody else modified the record before you, or b) The value you're trying to create already exists. These conditions are to be expected and not exceptional, so instead of throwing an exception you decide to create a Try version of your method, TrySave, which returns a boolean indicating if the save succeeded. But if it fails, how will the consumer know what was the problem? Or would it be best to return an enum indicating the result, kind of Ok/RecordAlreadyModified/ValueAlreadyExists? With integer.TryParse this problem doesn't exist, since there's only one reason the method can fail. Is the previous example really a vexing situation? Or would throwing an exception in this case be the preferred way? I know that's how it's done in most libraries and frameworks, including the Entity framework. How do you decide when to create a Try version of your method vs. providing some way to test beforehand if the method will work or not? I'm currently following these guidelines: If there is the chance of a race condition, then create a Try version. This prevents the need for the consumer to catch an exogenous exception. For example, in the Save method described before. If the method to test the condition pretty much would do all that the original method does, then create a Try version. For example, integer.TryParse(). In any other case, create a method to test the condition.

    Read the article

  • Arquillian - Weld SE - getting NullPointerException

    - by Walter White
    I am new to Arquillian and want to get some basic testing working (inject a bean and assert it does something). Exception: ------------------------------------------------------------------------------- Test set: com.walterjwhite.test.TestCase ------------------------------------------------------------------------------- Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 1.231 sec <<< FAILURE! test(com.walterjwhite.test.TestCase) Time elapsed: 0.02 sec <<< ERROR! java.lang.RuntimeException: Could not inject members at org.jboss.arquillian.testenricher.cdi.CDIInjectionEnricher.injectClass(CDIInjectionEnricher.java:113) at org.jboss.arquillian.testenricher.cdi.CDIInjectionEnricher.enrich(CDIInjectionEnricher.java:61) at org.jboss.arquillian.impl.enricher.ClientTestEnricher.enrich(ClientTestEnricher.java:61) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.jboss.arquillian.impl.core.ObserverImpl.invoke(ObserverImpl.java:90) at org.jboss.arquillian.impl.core.EventContextImpl.invokeObservers(EventContextImpl.java:98) at org.jboss.arquillian.impl.core.EventContextImpl.proceed(EventContextImpl.java:80) at org.jboss.arquillian.impl.client.ContainerDeploymentContextHandler.createContext(ContainerDeploymentContextHandler.java:133) at org.jboss.arquillian.impl.client.ContainerDeploymentContextHandler.createBeforeContext(ContainerDeploymentContextHandler.java:115) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.jboss.arquillian.impl.core.ObserverImpl.invoke(ObserverImpl.java:90) at org.jboss.arquillian.impl.core.EventContextImpl.proceed(EventContextImpl.java:87) at org.jboss.arquillian.impl.TestContextHandler.createTestContext(TestContextHandler.java:82) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.jboss.arquillian.impl.core.ObserverImpl.invoke(ObserverImpl.java:90) at org.jboss.arquillian.impl.core.EventContextImpl.proceed(EventContextImpl.java:87) at org.jboss.arquillian.impl.TestContextHandler.createClassContext(TestContextHandler.java:68) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.jboss.arquillian.impl.core.ObserverImpl.invoke(ObserverImpl.java:90) at org.jboss.arquillian.impl.core.EventContextImpl.proceed(EventContextImpl.java:87) at org.jboss.arquillian.impl.TestContextHandler.createSuiteContext(TestContextHandler.java:54) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.jboss.arquillian.impl.core.ObserverImpl.invoke(ObserverImpl.java:90) at org.jboss.arquillian.impl.core.EventContextImpl.proceed(EventContextImpl.java:87) at org.jboss.arquillian.impl.core.ManagerImpl.fire(ManagerImpl.java:126) at org.jboss.arquillian.impl.core.ManagerImpl.fire(ManagerImpl.java:106) at org.jboss.arquillian.impl.EventTestRunnerAdaptor.before(EventTestRunnerAdaptor.java:85) at org.jboss.arquillian.junit.Arquillian$4.evaluate(Arquillian.java:210) at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:303) at org.jboss.arquillian.junit.Arquillian.access$300(Arquillian.java:45) at org.jboss.arquillian.junit.Arquillian$5.evaluate(Arquillian.java:228) at org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184) at org.jboss.arquillian.junit.Arquillian$2.evaluate(Arquillian.java:173) at org.jboss.arquillian.junit.Arquillian.multiExecute(Arquillian.java:303) at org.jboss.arquillian.junit.Arquillian.access$300(Arquillian.java:45) at org.jboss.arquillian.junit.Arquillian$3.evaluate(Arquillian.java:187) at org.junit.runners.ParentRunner.run(ParentRunner.java:236) at org.jboss.arquillian.junit.Arquillian.run(Arquillian.java:127) at org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:35) at org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:115) at org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:97) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:616) at org.apache.maven.surefire.booter.ProviderFactory$ClassLoaderProxy.invoke(ProviderFactory.java:103) at $Proxy0.invoke(Unknown Source) at org.apache.maven.surefire.booter.SurefireStarter.invokeProvider(SurefireStarter.java:150) at org.apache.maven.surefire.booter.SurefireStarter.runSuitesInProcess(SurefireStarter.java:91) at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:69) Caused by: java.lang.NullPointerException at org.jboss.arquillian.testenricher.cdi.CDIInjectionEnricher.getBeanManager(CDIInjectionEnricher.java:51) at org.jboss.arquillian.testenricher.cdi.CDIInjectionEnricher.injectClass(CDIInjectionEnricher.java:100) ... 71 more TestCase class @RunWith(Arquillian.class) public class TestCase { @Deployment public static JavaArchive createDeployment() { return ShrinkWrap.create(JavaArchive.class).addClasses(TestEntity.class, Implementation.class) .addAsManifestResource(EmptyAsset.INSTANCE, ArchivePaths.create("beans.xml")); } @Inject Implementation implementation; @Test public void test() throws Exception { final TestEntity testEntity = implementation.create(); Assert.assertNotNull(testEntity); } } When I run this, I get a NullPointerException, the bean manager is null. It looks like I am missing a step, but from the examples, it looks like this is all I should need. Any ideas? Walter

    Read the article

  • Zend models and database relathionships

    - by user608341
    Hi people, i'm starting with Zend Framework and I'm a little bit confused with models and relathionships (one-to-many, many-to-many etc). The "Zend Framework Quick Start" says to create a Zend_Db_Table, a Data Mapper and finally our model class Suppose we have a database like this: table A ( id integer primary key, name varchar(50) ); table B ( id integer primary key, a_id integer references A ); then, i'll create: Application_Model_DbTable_A extends Zend_Db_Table_Abstract, Application_Model_AMapper, Application_Model_A, Application_Model_DbTable_B extends Zend_Db_Table_Abstract, Application_Model_BMapper, Application_Model_B, if I understood, i've to store the references informations in Application_Model_DbTable_A: protected $_dependentTables = array('B'); and Application_Model_DbTable_B: protected $_referenceMap = array( 'A' => array( 'columns' => array('a_id'), 'refTableClass' => 'A', 'refColums' => array('id') ) ); and my models class: class Application_Model_A { protected $_id; protected $_name; public function __construct(array $options = null) { if(is_array($options)) { $this->setOptions($options); } } public function __set($name, $value) { $method = 'set' . $name; if (('mapper' == $name) || !method_exists($this, $method)) { throw new Exception('Invalid property'); } $this->$method($value); } public function __get($name) { $method = 'get' . $name; if (('mapper' == $name) || !method_exists($this, $method)) { throw new Exception('Invalid property'); } return $this->$method(); } public function setOptions(array $options) { $methods = get_class_methods($this); foreach ($options as $key => $value) { $method = 'set' . ucfirst($key); if (in_array($method, $methods)) { $this->$method($value); } } return $this; } public function setName($name) { $this->_name = (string) $name; return $this; } public function getName() { return $this->_name; } public function setId($id) { $this->_id = (int) $id; return $this; } public function getId() { return $this->_id; } class Application_Model_B { protected $_id; protected $_a_id; public function __construct(array $options = null) { if(is_array($options)) { $this->setOptions($options); } } public function __set($name, $value) { $method = 'set' . $name; if (('mapper' == $name) || !method_exists($this, $method)) { throw new Exception('Invalid property'); } $this->$method($value); } public function __get($name) { $method = 'get' . $name; if (('mapper' == $name) || !method_exists($this, $method)) { throw new Exception('Invalid property'); } return $this->$method(); } public function setOptions(array $options) { $methods = get_class_methods($this); foreach ($options as $key => $value) { $method = 'set' . ucfirst($key); if (in_array($method, $methods)) { $this->$method($value); } } return $this; } public function setA_id($a_id) { $this->_a_id = (int) $a_id; return $this; } public function getA_id() { return $this->_a_id; } public function setId($id) { $this->_id = (int) $id; return $this; } public function getId() { return $this->_id; } it's that right?

    Read the article

  • Private Java class properties mysteriously reset between method calls....

    - by Michael Jones
    I have a very odd problem. A class property is mysteriously reset between method calls. The following code is executed so the constructor is called, then the parseConfiguration method is called. Finally, processData is called. The parseConfiguration method sets the "recursive" property to "true". However, as soon as it enters "processData", "recursive" becomes "false". This problem isn't isolated to a single class -- I have several examples of this in my code. How can this possibly be happening? I've tried initialising properties when they're declared outside any methods, I've tried initialising them in constructors... nothing works. The only complication I can think of here is that this class is invoked by an object that runs in a thread -- but here is one instance per thread, so surely no chance that threads are interfering. I've tried setting both methods to "synchronized", but this still happens. Please help! /** * This class or its superclasses are NOT threaded and don't extend Thread */ public class DirectoryAcquirer extends Manipulator { /** * @var Whether to recursively scan directories */ private boolean recursive = false; /** * Constructor */ public DirectoryAcquirer() { } /** * Constructor that initialises the configuration * * @param config * @throws InvalidConfigurationException */ public DirectoryAcquirer(HierarchicalConfiguration config) throws InvalidConfigurationException { super(config); } @Override protected void parseConfiguration() throws InvalidConfigurationException { // set whether to recurse into directories or not if (this.config.containsKey("recursive")) { // this.recursive gets set to "true" here this.recursive = this.config.getBoolean("recursive"); } } @Override public EntityCollection processData(EntityCollection data) { // here this.recursive is "false" this.logger.debug("processData: Entered method"); } }

    Read the article

  • What is the best method for updating all changed data in EF 4?

    - by Soul_Master
    I try to create some method that can update any changed data from changed Data object (this object is generated by ASP.NET MVC) to old Data object (this object is retrieved from current data in DBMS) like the following code. public static bool UpdateSomeData(SomeEntities context, SomeModelType changedData) { var oldData = GetSomeModelTypeById(context, changedData.ID); UpdateModel(oldData, changedData); return context.SaveChanges() > 0; } I try to create method for saving any changed data without affects other unchanged data like the following source code. public static void UpdateModel<TModel>(TModel oldData, TModel changedData) { foreach (var pi in typeof(TModel).GetProperties() .Where ( // Ignore Change ID property for security reason x => x.Name.ToUpper() != "ID" && x.CanRead && x.CanWrite && ( // It must be primitive type or Guid x.PropertyType.FullName.StartsWith("System") && !x.PropertyType.FullName.StartsWith("System.Collection") && !x.PropertyType.FullName.StartsWith("System.Data.Entity.DynamicProxies") ) ) { var oldValue = pi.GetValue(oldData, null); var newValue = pi.GetValue(changedData, null); if (!oldValue.Equals(newValue)) { pi.SetValue(oldData, newValue, null); } } } I am not sure about the above method because it is so ugly method for updating data. From recent bug, it realizes me that if you update some property like Navigation Properties (related data from other table), it will remove current record from database. I don't understand why it happened. But it is very dangerous for me. So, do you have any idea for this question to ensure me about updating data from ASP.NET MVC? Thanks,

    Read the article

  • Intermittent asp.net mvc exception: “A public action method ABC could not be found on controller XYZ

    - by Chris Schoon
    Hi, I'm getting an intermittent exception saying that asp.net mvc can’t find the action method. Here’s the exception: A public action method 'Fill' could not be found on controller 'Schoon.Form.Web.Controllers.ChrisController'. I think I have the routing set up correctly because this application works most of the time. Here is the controller’s action method. [ActionName("Fill")] [AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post), UserIdFilter, DTOFilter] public ActionResult Fill(int userId, int subscriberId, DisplayMode? mode) { //… } The route: routes.MapRoute( "SchoonForm", "Form/Fill/{subscriberId}", new { controller = "ChrisController", action = "Fill" }, new { subscriberId = @"\d+" } ); And here is the stack: System.Web.HttpException: A public action method 'Fill' could not be found on controller 'Schoon.Form.Web.Controllers.ChrisController'. at System.Web.Mvc.Controller.HandleUnknownAction(String actionName) in C:\dev\ThirdParty\MvcDev\src\SystemWebMvc\Mvc\Controller.cs:line 197 at System.Web.Mvc.Controller.ExecuteCore() in C:\dev\ThirdParty\MvcDev\src\SystemWebMvc\Mvc\Controller.cs:line 164 at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext) in C:\dev\ThirdParty\MvcDev\src\SystemWebMvc\Mvc\ControllerBase.cs:line 76 at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext) in C:\dev\ThirdParty\MvcDev\src\SystemWebMvc\Mvc\ControllerBase.cs:line 87 at System.Web.Mvc.MvcHandler.ProcessRequest(HttpContextBase httpContext) in C:\dev\ThirdParty\MvcDev\src\SystemWebMvc\Mvc\MvcHandler.cs:line 80 at System.Web.Mvc.MvcHandler.ProcessRequest(HttpContext httpContext) in C:\dev\ThirdParty\MvcDev\src\SystemWebMvc\Mvc\MvcHandler.cs:line 68 at System.Web.Mvc.MvcHandler.System.Web.IHttpHandler.ProcessRequest(HttpContext httpContext) in C:\dev\ThirdParty\MvcDev\src\SystemWebMvc\Mvc\MvcHandler.cs:line 104 at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) Here is an example of my filters they all work the same way: public class UserIdFilter : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext filterContext) { const string Key = "userId"; if (filterContext.ActionParameters.ContainsKey(Key)) { filterContext.ActionParameters[Key] = // get the user id from session or cookie } base.OnActionExecuting(filterContext); } } Thanks, Chris

    Read the article

  • Why is this linq extension method hit the database twice?

    - by Pure.Krome
    Hi folks, I have an extension method called ToListIfNotNullOrEmpty(), which is hitting the DB twice, instead of once. The first time it returns one result, the second time it returns all the correct results. I'm pretty sure the first time it hits the database, is when the .Any() method is getting called. here's the code. public static IList<T> ToListIfNotNullOrEmpty<T>(this IEnumerable<T> value) { if (value.IsNullOrEmpty()) { return null; } if (value is IList<T>) { return (value as IList<T>); } return new List<T>(value); } public static bool IsNullOrEmpty<T>(this IEnumerable<T> value) { if (value != null) { return !value.Any(); } return true; } I'm hoping to refactor it so that, before the .Any() method is called, it actually enumerates through the entire list. If i do the following, only one DB call is made, because the list is already enumerated. var pewPew = (from x in whatever select x) .ToList() // This enumerates. .ToListIsNotNullOrEmpty(); // This checks the enumerated result. I sorta don't really want to call ToList() then my extension method. Any ideas, folks?

    Read the article

  • Java reflection Method invocations yield result faster than Fields?

    - by omerkudat
    I was microbenchmarking some code (please be nice) and came across this puzzle: when reading a field using reflection, invoking the getter Method is faster than reading the Field. Simple test class: private static final class Foo { public Foo(double val) { this.val = val; } public double getVal() { return val; } public final double val; // only public for demo purposes } We have two reflections: Method m = Foo.class.getDeclaredMethod("getVal", null); Field f = Foo.class.getDeclaredField("val"); Now I call the two reflections in a loop, invoke on the Method, and get on the Field. A first run is done to warm up the VM, a second run is done with 10M iterations. The Method invocation is consistently 30% faster, but why? Note that getDeclaredMethod and getDeclaredField are not called in the loop. They are called once and executed on the same object in the loop. I also tried some minor variations: made the field non-final, transitive, non-public, etc. All of these combinations resulted in statistically similar performance. Edit: This is on WinXP, Intel Core2 Duo, Sun JavaSE build 1.6.0_16-b01, running under jUnit4 and Eclipse.

    Read the article

  • Base64.encodeBase64URLSafeString() could not find method error in eclipse (Android project).

    - by jax
    I have an Android project that is using the Base64.encodeBase64URLSafeString commons method. The part that does the Base64 is in another java project. I have added the java project to the android project through the "Project" tab in the Build Path. I have already linked both projects to commons-codec thinking that this might be the problem but am still getting the following error in Eclipse. Both project have no errors. Could not find method org.apache.commons.codec.binary.Base64.encodeBase64URLSafeString, referenced from method com.mydomain.android.licensegenerator.client.LicenseLoader.doSha1AndBase64Encryption What might I be doing wrong?

    Read the article

  • MYSQL – Identifying Current Version of MySQL Server Installation – Part 2

    - by Pinal Dave
    Earlier I wrote an article about Detecting Current Version of MySQL Server Installation. After the post quite a few emails I received where various users suggested that there are many more ways to figure out the version of MySQL. Here are few of the methods which I received in the email. Method 1: This method retrieves value with the help of Information Functions. SELECT VERSION(); Method 2: This method is very similar to SQL Server. SELECT @@Version Method 3: You can connect to MySQL with command prompt and type following command: STATUS; Method 4: Please refer my earlier blog post. SHOW VARIABLES LIKE "%version%"; Let me know if you know any more method and I will extend this blog post. Reference : Pinal Dave (http://blog.SQLAuthority.com)Filed under: MySQL, PostADay, SQL, SQL Authority, SQL Query, SQL Tips and Tricks, T SQL

    Read the article

  • Solution to Jira web service getWorklogs method error: Object of type System.Xml.XmlNode[] cannot be stored in an array of this type

    - by DigiMortal
    When using Jira web service methods that operate on work logs you may get the following error when running your .NET application: Object of type System.Xml.XmlNode[] cannot be stored in an array of this type. In this posting I will show you solution to this problem. I don’t want to go to deep in details about this problem. I think it’s enough for this posting to mention that this problem is related to one small conflict between .NET web service support and Axis. Of course, Jira team is trying to solve it but until this problem is solved you can use solution provided here. There is good solution to this problem given by Jira forum user Kostadin. You can find it from Jira forum thread RemoteWorkLog serialization from Soap Service in C#. Solution is simple – you have to use SOAP extension class to replace new class names with old ones that .NET found from WSDL. Here is the code by Kostadin. public class JiraSoapExtensions : SoapExtension {     private Stream _streamIn;     private Stream _streamOut;       public override void ProcessMessage(SoapMessage message)     {         string messageAsString;         StreamReader reader;         StreamWriter writer;           switch (message.Stage)         {             case SoapMessageStage.BeforeSerialize:                 break;             case SoapMessageStage.AfterDeserialize:                 break;             case SoapMessageStage.BeforeDeserialize:                 reader = new StreamReader(_streamOut);                 writer = new StreamWriter(_streamIn);                 messageAsString = reader.ReadToEnd();                 switch (message.MethodInfo.Name)                 {                     case "getWorklogs":                     case "addWorklogWithNewRemainingEstimate":                     case "addWorklogAndAutoAdjustRemainingEstimate":                     case "addWorklogAndRetainRemainingEstimate":                         messageAsString = messageAsString.                             .Replace("RemoteWorklogImpl", "RemoteWorklog")                             .Replace("service", "beans");                         break;                 }                 writer.Write(messageAsString);                 writer.Flush();                 _streamIn.Position = 0;                 break;             case SoapMessageStage.AfterSerialize:                 _streamIn.Position = 0;                 reader = new StreamReader(_streamIn);                 writer = new StreamWriter(_streamOut);                 messageAsString = reader.ReadToEnd();                 writer.Write(messageAsString);                 writer.Flush(); break;         }     }       public override Stream ChainStream(Stream stream)     {         _streamOut = stream;         _streamIn = new MemoryStream();         return _streamIn;     }       public override object GetInitializer(Type type)     {         return GetType();     }       public override object GetInitializer(LogicalMethodInfo info,         SoapExtensionAttribute attribute)     {         return null;     }       public override void Initialize(object initializer)     {     } } To get this extension work with Jira web service you have to add the following block to your application configuration file (under system.web section). <webServices>   <soapExtensionTypes>    <add type="JiraStudioExperiments.JiraSoapExtensions,JiraStudioExperiments"           priority="1"/>   </soapExtensionTypes> </webServices> Weird thing is that after successfully using this extension and disabling it everything still works.

    Read the article

  • Why the CCLayer can't use a for loop in draw method??

    - by Tattat
    I have a CClayer, that have a draw method, every second, it will call the draw method 60 times. So, I have method like this: -(void)draw{ glEnable(GL_LINE_SMOOTH); glColor4f(0.0f, 1.0f, 0.0f, 1.0f); glLineWidth(5.0f); ccDrawLine(ccp(300,20), CGPointZero); } I work great. but after I added a for looop, for example....: -(void)draw{ glEnable(GL_LINE_SMOOTH); glColor4f(0.0f, 1.0f, 0.0f, 1.0f); glLineWidth(5.0f); ccDrawLine(ccp(300,20), CGPointZero); for(int i=0; i<5; i++){ NSLog(@"Testing the loop, %i", i); } } It can't draw anything, the screen only black. But I can see the Testing the loop is keep calling.... Why? thank you.

    Read the article

  • Entity LINQ on many-to-many got error "LINQ to Entities does not recognize the method 'Boolean Conta

    - by user300992
    I have 2 tables (Users and Roles) they are mapped as Many-to-Many in relational db. When I imported to Entity Data Content, they are still staying as the same relationship. Since they are mapped as Many-To-Many in Entity, I can access Users.RoleCollection or Roles.UserCollection However, when I execute this LINQ query, I got "LINQ to Entities does not recognize the method 'Boolean Contains... method, and this method cannot be translated into a store expression." var result (from a in Users from b in Roles where a.RoleCollection.Contains(b) select a); I think I must did something wrong... please help.

    Read the article

  • A New Threat To Web Applications: Connection String Parameter Pollution (CSPP)

    - by eric.maurice
    Hi, this is Shaomin Wang. I am a security analyst in Oracle's Security Alerts Group. My primary responsibility is to evaluate the security vulnerabilities reported externally by security researchers on Oracle Fusion Middleware and to ensure timely resolution through the Critical Patch Update. Today, I am going to talk about a serious type of attack: Connection String Parameter Pollution (CSPP). Earlier this year, at the Black Hat DC 2010 Conference, two Spanish security researchers, Jose Palazon and Chema Alonso, unveiled a new class of security vulnerabilities, which target insecure dynamic connections between web applications and databases. The attack called Connection String Parameter Pollution (CSPP) exploits specifically the semicolon delimited database connection strings that are constructed dynamically based on the user inputs from web applications. CSPP, if carried out successfully, can be used to steal user identities and hijack web credentials. CSPP is a high risk attack because of the relative ease with which it can be carried out (low access complexity) and the potential results it can have (high impact). In today's blog, we are going to first look at what connection strings are and then review the different ways connection string injections can be leveraged by malicious hackers. We will then discuss how CSPP differs from traditional connection string injection, and the measures organizations can take to prevent this kind of attacks. In web applications, a connection string is a set of values that specifies information to connect to backend data repositories, in most cases, databases. The connection string is passed to a provider or driver to initiate a connection. Vendors or manufacturers write their own providers for different databases. Since there are many different providers and each provider has multiple ways to make a connection, there are many different ways to write a connection string. Here are some examples of connection strings from Oracle Data Provider for .Net/ODP.Net: Oracle Data Provider for .Net / ODP.Net; Manufacturer: Oracle; Type: .NET Framework Class Library: - Using TNS Data Source = orcl; User ID = myUsername; Password = myPassword; - Using integrated security Data Source = orcl; Integrated Security = SSPI; - Using the Easy Connect Naming Method Data Source = username/password@//myserver:1521/my.server.com - Specifying Pooling parameters Data Source=myOracleDB; User Id=myUsername; Password=myPassword; Min Pool Size=10; Connection Lifetime=120; Connection Timeout=60; Incr Pool Size=5; Decr Pool Size=2; There are many variations of the connection strings, but the majority of connection strings are key value pairs delimited by semicolons. Attacks on connection strings are not new (see for example, this SANS White Paper on Securing SQL Connection String). Connection strings are vulnerable to injection attacks when dynamic string concatenation is used to build connection strings based on user input. When the user input is not validated or filtered, and malicious text or characters are not properly escaped, an attacker can potentially access sensitive data or resources. For a number of years now, vendors, including Oracle, have created connection string builder class tools to help developers generate valid connection strings and potentially prevent this kind of vulnerability. Unfortunately, not all application developers use these utilities because they are not aware of the danger posed by this kind of attacks. So how are Connection String parameter Pollution (CSPP) attacks different from traditional Connection String Injection attacks? First, let's look at what parameter pollution attacks are. Parameter pollution is a technique, which typically involves appending repeating parameters to the request strings to attack the receiving end. Much of the public attention around parameter pollution was initiated as a result of a presentation on HTTP Parameter Pollution attacks by Stefano Di Paola and Luca Carettoni delivered at the 2009 Appsec OWASP Conference in Poland. In HTTP Parameter Pollution attacks, an attacker submits additional parameters in HTTP GET/POST to a web application, and if these parameters have the same name as an existing parameter, the web application may react in different ways depends on how the web application and web server deal with multiple parameters with the same name. When applied to connections strings, the rule for the majority of database providers is the "last one wins" algorithm. If a KEYWORD=VALUE pair occurs more than once in the connection string, the value associated with the LAST occurrence is used. This opens the door to some serious attacks. By way of example, in a web application, a user enters username and password; a subsequent connection string is generated to connect to the back end database. Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; In the password field, if the attacker enters "xxx; Integrated Security = true", the connection string becomes, Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; Intergrated Security = true; Under the "last one wins" principle, the web application will then try to connect to the database using the operating system account under which the application is running to bypass normal authentication. CSPP poses serious risks for unprepared organizations. It can be particularly dangerous if an Enterprise Systems Management web front-end is compromised, because attackers can then gain access to control panels to configure databases, systems accounts, etc. Fortunately, organizations can take steps to prevent this kind of attacks. CSPP falls into the Injection category of attacks like Cross Site Scripting or SQL Injection, which are made possible when inputs from users are not properly escaped or sanitized. Escaping is a technique used to ensure that characters (mostly from user inputs) are treated as data, not as characters, that is relevant to the interpreter's parser. Software developers need to become aware of the danger of these attacks and learn about the defenses mechanism they need to introduce in their code. As well, software vendors need to provide templates or classes to facilitate coding and eliminate developers' guesswork for protecting against such vulnerabilities. Oracle has introduced the OracleConnectionStringBuilder class in Oracle Data Provider for .NET. Using this class, developers can employ a configuration file to provide the connection string and/or dynamically set the values through key/value pairs. It makes creating connection strings less error-prone and easier to manager, and ultimately using the OracleConnectionStringBuilder class provides better security against injection into connection strings. For More Information: - The OracleConnectionStringBuilder is located at http://download.oracle.com/docs/cd/B28359_01/win.111/b28375/OracleConnectionStringBuilderClass.htm - Oracle has developed a publicly available course on preventing SQL Injections. The Server Technologies Curriculum course "Defending Against SQL Injection Attacks!" is located at http://st-curriculum.oracle.com/tutorial/SQLInjection/index.htm - The OWASP web site also provides a number of useful resources. It is located at http://www.owasp.org/index.php/Main_Page

    Read the article

  • Throwing an exception from a BackgroundWorker which calls an async. method (Webrequest)

    - by mrbamboo
    Hi, My main application creates a new BackgroundWorker X the DoWork event handler of X calls a method Y of my controller. This method creates the WebRequest (async.) instance and the callback using AsyncCallback. When the response arrives the callback method Z gets called and the content will be analyzed. It can happen that the response has an unwanted content. At that moment callback Z will throw an exception. I want to catch this exception in my main application. I tried it in DoWork and RunWorkerCompleted but nothing can be caught from there. Error in RunWorkerCompletedEventArgs is always null.

    Read the article

  • How can I combine sequential expression trees into a fast method?

    - by chillitom
    Suppose I have the following expressions: Expression<Action<T, StringBuilder>> expr1 = (t, sb) => sb.Append(t.Name); Expression<Action<T, StringBuilder>> expr2 = (t, sb) => sb.Append(", "); Expression<Action<T, StringBuilder>> expr3 = (t, sb) => sb.Append(t.Description); I'd like to be able to compile these into a method/delegate equivalent to the following: void Method(T t, StringBuilder sb) { sb.Append(t.Name); sb.Append(", "); sb.Append(t.Description); } What is the best way to approach this? I'd like it to perform well, ideally with performance equivalent to the above method.

    Read the article

  • Is it legal to stub the #class method of a Mock object when using RSpec in a Ruby on Rails applicati

    - by MiniQuark
    I would like to stub the #class method of a mock object: describe Letter do before(:each) do @john = mock("John") @john.stub!(:id).and_return(5) @john.stub!(:class).and_return(Person) # is this ok? @john.stub!(:name).and_return("John F.") Person.stub!(:find).and_return(@john) end it.should "have a valid #to field" do letter = Letter.create!(:to=>@john, :content => "Hello John") letter.to_type.should == @john.class.name letter.to_id.should == @john.id end [...] end On line 5 of this program, I stub the #class method, in order to allow things like @john.class.name. Is this the right way to go? Will there be any bad side effect? Edit: The Letter class looks like this: class Letter < ActiveRecord::Base belongs_to :to, :polymorphic => true [...] end I wonder whether ActiveRecord gets the :to field's class name with to.class.name or by some other means. Maybe this is what the class_name method is ActiveRecord::Base is for?

    Read the article

  • Can one draw a cube using different method/drawing mode?

    - by den-javamaniac
    Hi. I've just started learning gamedev (in particular android EGL based) and have ran over a code from Pro Android Games 2 that looks as follows: /* * Copyright (C) 2007 Google Inc. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package opengl.scenes.cubes; import java.nio.ByteBuffer; import java.nio.ByteOrder; import java.nio.IntBuffer; import javax.microedition.khronos.opengles.GL10; public class Cube { public Cube(){ int one = 0x10000; int vertices[] = { -one, -one, -one, one, -one, -one, one, one, -one, -one, one, -one, -one, -one, one, one, -one, one, one, one, one, -one, one, one, }; int colors[] = { 0, 0, 0, one, one, 0, 0, one, one, one, 0, one, 0, one, 0, one, 0, 0, one, one, one, 0, one, one, one, one, one, one, 0, one, one, one, }; byte indices[] = { 0, 4, 5, 0, 5, 1, 1, 5, 6, 1, 6, 2, 2, 6, 7, 2, 7, 3, 3, 7, 4, 3, 4, 0, 4, 7, 6, 4, 6, 5, 3, 0, 1, 3, 1, 2 }; // Buffers to be passed to gl*Pointer() functions // must be direct, i.e., they must be placed on the // native heap where the garbage collector cannot vbb.asIntBuffer() // move them. // // Buffers with multi-byte datatypes (e.g., short, int, float) // must have their byte order set to native order ByteBuffer vbb = ByteBuffer.allocateDirect(vertices.length*4); vbb.order(ByteOrder.nativeOrder()); mVertexBuffer = vbb.asIntBuffer(); mVertexBuffer.put(vertices); mVertexBuffer.position(0); ByteBuffer cbb = ByteBuffer.allocateDirect(colors.length*4); cbb.order(ByteOrder.nativeOrder()); mColorBuffer = cbb.asIntBuffer(); mColorBuffer.put(colors); mColorBuffer.position(0); mIndexBuffer = ByteBuffer.allocateDirect(indices.length); mIndexBuffer.put(indices); mIndexBuffer.position(0); } public void draw(GL10 gl) { gl.glFrontFace(GL10.GL_CW); gl.glVertexPointer(3, GL10.GL_FIXED, 0, mVertexBuffer); gl.glColorPointer(4, GL10.GL_FIXED, 0, mColorBuffer); gl.glDrawElements(GL10.GL_TRIANGLES, 36, GL10.GL_UNSIGNED_BYTE, mIndexBuffer); } private IntBuffer mVertexBuffer; private IntBuffer mColorBuffer; private ByteBuffer mIndexBuffer;} So it suggests to draw a cube using triangles. My question is: can I draw the same cube using GL_TPOLYGON? If so, isn't that an easier/more understandable way to do things?

    Read the article

  • Is there a way of using one method to handle others to avoid code duplication?

    - by Artur
    I wonder if there is a way of writing a method or a class that would add to any method some code that is shared between many methods. The methods return different things and some of them are just void. Below is a part of the code that is duplicated in the methods. StartTimer(MethodBase.GetCurrentMethod().Name); try { // Actual method body } catch (Exception ex) { bool rethrow = ExceptionPolicy.HandleException(ex, "DALPolicy"); if (rethrow) { throw; } } finally { StopTimer(MethodBase.GetCurrentMethod().Name); } Any help would be greatly appreciated.

    Read the article

  • Windows.Threading.Dispatcher' does not contain a definition for 'RunAsync' and no extension method 'RunAsync' accepting a first argument of type

    - by suhail mehdi
    public MainPage() { InitializeComponent(); offline.Visibility = (Network.IsConnected ? Visibility.Collapsed : Visibility.Visible); Network.InternetConnectionChanged += async (s, e) => { await Dispatcher.RunAsync(CoreDispatcherPriority.Normal, () => { offline.Visibility = (e.IsConnected ? Visibility.Collapsed : Visibility.Visible); }); }; }

    Read the article

  • How to override a class method of the gem in rails Application ?

    - by Srinivas Iyer
    Hi, Best practice to Override a class method of the gem in rails Application . I need to override the behaviour of the find method of a gem. following is the code in the gem module Youtube class display attr_accessor :base def find(id, options = {}) detailed = convert_to_number(options.delete(:detailed)) options[:detailed] = detailed unless detailed.nil? base.send :get, "/get_youtube", options.merge(:youtube_id => id) end end end How do i override the above find method in my YoutubeSearch Controller of Rails Application ? def find(id, options = {}) //Code here end Thanks

    Read the article

  • How can I call the iPhone to draw using other method?

    - by Tattat
    I have a view with a class called "drawingViewController", and I have the drawRect method: - (void)drawRect:(CGRect)rect { CGContextRef context = UIGraphicsGetCurrentContext(); CGContextSetLineWidth(context, 2.0); CGContextSetStrokeColorWithColor(context, [UIColor redColor].CGColor); CGContextMoveToPoint(context, 0.0f, 0.0f); CGContextAddLineToPoint(context, 100.0f, 100.0f); CGContextStrokePath(context); } But I wanna to define some other drawing method, but it did't work, how can I do so apart from calling drawRect method? thz in advance.

    Read the article

  • Recommended method towards making custom maps for a 2d game?

    - by Qasim
    I am planning on making a 2D game, however different from my last personal projects I want this one to have enhanced graphics, with custom-designed levels. My previous 2d platformers were tile-based, in which I made a map editor for to create levels. However, I am wondering the best way to implement custom designed maps? For say, some grass is a litter higher than others, flowers here and there, cool drawings and structures along the way, etc. instead of just the same old tiles over and over again. I am thinking but I just can't grasp the idea of how to implement it. I have seen it done in other games and am interested to see how they accomplish it, but can't get my hands on some source code. :(

    Read the article

  • What is your most preferred method of site pagination?

    - by John Smith
    There seem to be quite a few implementations of this feature. Some sites like like Stackexchange have it laid out like this: [1][2][3][4][5] ... [954][Next] Other sites like game forums may have something like this: [1][2][3] ... [10] ... [50] ... [500] ... [954][Next] Some sites like webcomics (XKCD comes to mind) have it laid out like this: [Last][Prev][Random][Next][First] Reddit has a very simple pagination with only: [Prev][Next] Sites like Stackexchange and Google also allow you to change how many results you want per page. Personally, I have never used this feature. Is it even worth including or does it just further confuse the design with needless features? Personally, I have only ever seen the need for the webcomic style (without the random). If I need to go to a specific page (which is very, very rare) then I can just edit the address bar. Is it good design to make something more complex for rare occasions where it might make save the user some time? Is having to edit the address bar to navigate the site effectively in some circumstances bad design?

    Read the article

< Previous Page | 139 140 141 142 143 144 145 146 147 148 149 150  | Next Page >