Search Results

Search found 8253 results on 331 pages for 'secure coding'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 19/331 | < Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • Is it customary to write Java domain objects / data transfer objects with public member variables on mobile platforms?

    - by Sean Mickey
    We performed a code review recently of mobile application Java code that was developed by an outside contractor and noticed that all of the domain objects / data transfer objects are written in this style: public class Category { public String name; public int id; public String description; public int parentId; } public class EmergencyContact { public long id; public RelationshipType relationshipType; public String medicalProviderType; public Contact contact; public String otherPhone; public String notes; public PersonName personName; } Of course, these members are then accessed directly everywhere else in the code. When we asked about this, the developers told us that this is a customary performance enhancement design pattern that is used on mobile platforms, because mobile devices are resource-limited environments. It doesn't seem to make sense; accessing private members via public getters/setters doesn't seem like it could add much overhead. And the added benefits of encapsulation seem to outweigh the benefits of this coding style. Is this generally true? Is this something that is normally done on mobile platforms for the reasons given above? All feedback welcome and appreciated -

    Read the article

  • Is 'Protection' an acceptable Java class name

    - by jonny
    This comes from a closed thread at stack overflow, where there are already some useful answers, though a commenter suggested I post here. I hope this is ok! I'm trying my best to write good readable, code, but often have doubts in my work! I'm creating some code to check the status of some protected software, and have created a class which has methods to check whether the software in use is licensed (there is a separate Licensing class). I've named the class 'Protection', which is currently accessed, via the creation of an appProtect object. The methods in the class allow to check a number of things about the application, in order to confirm that it is in fact licensed for use. Is 'Protection' an acceptable name for such a class? I read somewhere that if you have to think to long in names of methods, classes, objects etc, then perhaps you may not be coding in an Object Oriented way. I've spent a lot of time thinking about this before making this post, which has lead me to doubt the suitability of the name! In creating (and proof reading) this post, I'm starting to seriously doubt my work so far. I'm also thinking I should probably rename the object to applicationProtection rather than appProtect (though am open to any comments on this too?). I'm posting non the less, in the hope that I'll learn something from others views/opinions, even if they're simply confirming I've "done it wrong"!

    Read the article

  • Co-worker uses ridiculous commenting convention, how to cope? [closed]

    - by Jessica Friedman
    A co-worker in the small start-up I work at writes (C++) code like this: // some class class SomeClass { // c'tor SomeClass(); // d'tor ~SomeClass(); // some function void someFunction(int x, int y); }; // some function void SomeClass::someFunction(int x, int y) { // init worker m_worker.init(); // log LOG_DEBUG("Worker initialized"); // find current cache auto it = m_currentCache.find(); // flush if (it->flush() == false) { // return return false } // return return true } This is how he writes 100% of his code: a spacer line, a useless comment which says nothing other than what is plainly stated in the following statement, and the statement itself. This is absolutely driving me insane. A simple class written by him spans 3 times as much as it's supposed to, It looks well commented but the comments contain no new information. In fact the code is completely undocumented in any normal definition of "documentation". All of the comments are just a repetition of what is written in C++ in the following line. I've confronted him several times about it and each time he seems to understand what I am saying but then goes on to not change his coding and not fix old code which is written like this. I've went on and on again and again about the distinct disadvantages of writing code like this but nothing get through to him. Other co-workers doesn't seem to mind it as much and management doesn't seem to really care. What do I do? (sorry for the rant)

    Read the article

  • which style of member-access is preferable

    - by itwasntpete
    the purpose of oop using classes is to encapsulate members from the outer space. i always read that accessing members should be done by methods. for example: template<typename T> class foo_1 { T state_; public: // following below }; the most common doing that by my professor was to have a get and set method. // variant 1 T const& getState() { return state_; } void setState(T const& v) { state_ = v; } or like this: // variant 2 // in my opinion it is easier to read T const& state() { return state_; } void state(T const& v) { state_ = v; } assume the state_ is a variable, which is checked periodically and there is no need to ensure the value (state) is consistent. Is there any disadvantage of accessing the state by reference? for example: // variant 3 // do it by reference T& state() { return state_; } or even directly, if I declare the variable as public. template<typename T> class foo { public: // variant 4 T state; }; In variant 4 I could even ensure consistence by using c++11 atomic. So my question is, which one should I prefer?, Is there any coding standard which would decline one of these pattern? for some code see here

    Read the article

  • Oracle Solutions supporting ICAM deployments

    - by user12604761
    The ICAM architecture has become the predominant security architecture for government organizations.  A growing number of federal, state, and local organizations are in various stages of using Oracle ICAM solutions.  The relevance of ICAM has clearly extended beyond the Federal ICAM mandates to any government program that must enable standards based interoperability like health exchanges and public safety.  The state government endorsed version of ICAM was just released with the NASCIO SICAM Roadmap. ICAM solutions require an integrated security architecture.  The major new release in August of Oracle Identity Management 11gR2 focuses on a platform approach to identity management.  This makes it easier for government organizations to acquire and implement a comprehensive ICAM solution, rather than individual products.  The following analysts reports describe the value of the Oracle Solutions: According to The Aberdeen Group:  “Organizations can save up to 48% deploying a platform of  (identity management) solutions when compared to deploying point solutions” IDC Product Flash, July 2012:  “Oracle may have hit the home run grand slam in identity management recently with the announcement of Oracle Identity Management 11g R2." For additional information on the Oracle ICAM solutions, attend the Webcast on October 10, 2012:  ICAM Framework for Enabling Agile, Service Delivery. Visit the Oracle Secure Government Resource Center for information on enterprise security solutions that help government safeguard information, resources and networks.

    Read the article

  • Generic software code style enforcer

    - by FuzziBear
    It seems to me to be a fairly common thing to do, where you have some code that you'd like to automatically run through a code style tool to catch when people break your coding style guide(s). Particularly if you're working on code that has multiple languages (which is becoming more common with web-language-x and javascript), you generally want to apply similar code style guides to both and have them enforced. I've done a bit of research, but I've only been able to find tools to enforce code style guidelines (not necessarily applying the code style, just telling you when you break code style guidelines) for a particular language. It would seem to me a reasonably trivial thing to do by just using current IDE rules for syntax highlighting (so that you don't check style guide rules inside quotes or strings, etc) and a whole lot of regexes to enforce some really generic things. Examples: if ( rather than if( checking lines with only whitespace Are there any tools that do this kind of really generic style checking? I'd prefer it to be easily configurable for different languages (because like it or not, some things would just not work cross language) and to add new "rules" to check new things.

    Read the article

  • Am I the only one this anal / obsessive about code? [closed]

    - by Chris
    While writing a shared lock class for sql server for a web app tonight, I found myself writing in the code style below as I always do: private bool acquired; private bool disposed; private TimeSpan timeout; private string connectionString; private Guid instance = Guid.NewGuid(); private Thread autoRenewThread; Basically, whenever I'm declaring a group of variables or writing a sql statement or any coding activity involving multiple related lines, I always try to arrange them where possible so that they form a bell curve (imagine rotating the text 90deg CCW). As an example of something that peeves the hell out of me, consider the following alternative: private bool acquired; private bool disposed; private string connectionString; private Thread autoRenewThread; private Guid instance = Guid.NewGuid(); private TimeSpan timeout; In the above example, declarations are grouped (arbitrarily) so that the primitive types appear at the top. When viewing the code in Visual Studio, primitive types are a different color than non-primitives, so the grouping makes sense visually, if for no other reason. But I don't like it because the right margin is less of an aesthetic curve. I've always chalked this up to being OCD or something, but at least in my mind, the code is "prettier". Am I the only one?

    Read the article

  • Where did the notion of "one return only" come from?

    - by FredOverflow
    I often talk to Java programmers who say "Don't put multiple return statements in the same method." When I ask them to tell me the reasons why, all I get is "The coding standard says so." or "It's confusing." When they show me solutions with a single return statement, the code looks uglier to me. For example: if (blablabla) return 42; else return 97; "This is ugly, you have to use a local variable!" int result; if (blablabla) result = 42; else result = 97; return result; How does this 50% code bloat make the program any easier to understand? Personally, I find it harder, because the state space has just increased by another variable that could easily have been prevented. Of course, normally I would just write: return (blablabla) ? 42 : 97; But the conditional operator gets even less love among Java programmers. "It's incomprehensible!" Where did this notion of "one return only" come from, and why do people adhere to it rigidly?

    Read the article

  • Is sending data to a server via a script tag an outdated paradigm?

    - by KingOfHypocrites
    I inherited some old javascript code for a website tracker that submits data to the server using a script url: var src = "http://domain.zzz/log/method?value1=x&value2=x" var e = document.createElement('script'); e.src = src; I guess the idea was that cross domain requests didn't haven't to be enabled perhaps. Also it was written back in 2005. I'm not sure how well XmlHttpRequests were supported at the time. Anyone could stick this on their website and send data to our server for logging and it ideally would work in most any browser with javascript. The main limitation is all the server can do is send back javascript code and each request has to wait for a response from the server (in the form of a generic acknowledgement javascript method call) to know it was received, then it sends the next. I can't find anyone doing this online or any metrics as to whether this faster or more secure than XmlHttpRequests. I don't know if this is just an old way of doing things or it's still the best way to send data to the server when you are mostly trying to send data one way and you need the best performance possible. So in summary is sending data via a script tag an outdated paradigm? Should I abandon in favor of using XmlHttpRequsts?

    Read the article

  • Is it reasonable to null guard every single dereferenced pointer?

    - by evadeflow
    At a new job, I've been getting flagged in code reviews for code like this: PowerManager::PowerManager(IMsgSender* msgSender) : msgSender_(msgSender) { } void PowerManager::SignalShutdown() { msgSender_->sendMsg("shutdown()"); } I'm told that last method should read: void PowerManager::SignalShutdown() { if (msgSender_) { msgSender_->sendMsg("shutdown()"); } } i.e., I must put a NULL guard around the msgSender_ variable, even though it is a private data member. It's difficult for me to restrain myself from using expletives to describe how I feel about this piece of 'wisdom'. When I ask for an explanation, I get a litany of horror stories about how some junior programmer, some-year, got confused about how a class was supposed to work and accidentally deleted a member he shouldn't have (and set it to NULL afterwards, apparently), and things blew up in the field right after a product release, and we've "learned the hard way, trust us" that it's better to just NULL check everything. To me, this feels like cargo cult programming, plain and simple. A few well-meaning colleagues are earnestly trying to help me 'get it' and see how this will help me write more robust code, but... I can't help feeling like they're the ones who don't get it. Is it reasonable for a coding standard to require that every single pointer dereferenced in a function be checked for NULL first—even private data members? (Note: To give some context, we make a consumer electronics device, not an air traffic control system or some other 'failure-equals-people-die' product.) EDIT: In the above example, the msgSender_ collaborator isn't optional. If it's ever NULL, it indicates a bug. The only reason it is passed into the constructor is so PowerManager can be tested with a mock IMsgSender subclass.

    Read the article

  • Standard/Compliance for web programming?

    - by MarkusK
    I am working with developers right now that write code the way they want and when i tell them to do it other way they respond that its just matter of preference how to do it and they have their way and i have mine. I am not talking about the formatting of code, but rather of way site is organized in classes and the way the utilize them. and the way they create functions and process forms etc. Their coding does not match my standards, but again they argue that its matter of preference and as long as goal achieved the can be different way's to do it. I agree but their way is proven to have bugs and we spend a lot of time going back and forth with them to fix all problems security or functionality, yet they still write same code no matter how many times i asked them to stop doing certain things. Now i am ready to dismiss them but friend of mine told me that he has same exact problem with freelance developers he work with. So i don't want to trade one bad apple for another. Question is is there some world wide (or at least europe and usa) accepted standard or compliance on how write secure web based applications. What application architecture should be for maintainable application. Is there are some general standard that can be used for any language ruby php or java govern security and functionality and quality of code? Or at least for PHP and MySQL i use for my website. So i can make them follow this strict standard and stop making excuses.

    Read the article

  • How to secure JBoss application server using SELinux

    - by Jakub Elias
    I want to secure RedHat 5.4 application server by SELinux (targeted policy) and have several questions 1, where can i get SELinux sources (/etc/selinux//src/policy/)There seems to be no such package on install cd .. 2, how to restrict user rights (for example user jboss could not modify /etc/my.cnf) 3, how to configure JBoss application server to work under SELinux Although i read many documents from NSA the whole topic is still not clear for me.What i want is to basically protect filesystem in case one account is broken.I cannot find any materials about securing jboss server using either chroot jail, ACLs or SELinux ....

    Read the article

  • Safari can’t establish a secure connection to the server

    - by Haris
    I am using Mac OS X 10.5.8 behind a company firewall and have proxy settings and username / password through which I can connect to internet. The internet is working as I am posting this question through it, but if I try to open Facebook or Gmail the following message appears: Safari can’t open the page “https://www.google.com/accounts/ServiceLogin?[..]” because Safari can’t establish a secure connection to the server “www.google.com” What could be wrong?

    Read the article

  • Anonymous Methods / Lambda's (Coding Standards)

    - by Mystagogue
    In Jeffrey Richter's "CLR via C#" (the .net 2.0 edtion page, 353) he says that as a self-discipline, he never makes anonymous functions longer than 3 lines of code in length. He cites mostly readability / understandability as his reasons. This suites me fine, because I already had a self-discipline of using no more than 5 lines for an anonymous method. But how does that "coding standard" advice stack against lambda's? At face value, I'd treat them the same - keeping a lambda equally as short. But how do others feel about this? In particular, when lambda's are being used where (arguably) they shine brightest - when used in LINQ statements - is there genuine cause to abandon that self-discipline / coding standard?

    Read the article

  • Cheap and Secure Proxy

    - by jack
    Hi I'm looking for cheap secure proxy providers that support vpn http socks like this one http://www.your-freedom.net/. Because I wish to compare their efficiency. YF(http://www.your-freedom.net/) doesn't provide my satisfaction on speed they provide after purchasing the account. Their try-before-buy account has much more speed than the purchased one. Thanks.

    Read the article

  • How to find a coding buddy

    - by Lirik
    I was reading Jeff Atwood's blog and he mentioned that he was suffering from code-paralysis (he called it analysis paralysis, but I feel like it's also code paralysis) when he didn't have a code buddy: http://www.codinghorror.com/blog/ Unfortunately I think that Jeff has set the bar a bit high, because he only works with developers who are really amazing. The only reason really amazing developers would work with me is if I was really amazing too, but sometimes I don't feel that amazing... the only thing I feel is that if I had a coding buddy I could be amazing :). I'm working on a project and I don't have many friends that are programmers, let alone friends that have time to spend on extracurricular activities. Jeff seems to have been able to find like-minded people that are actually willing to work together. I feel like I'm in a code-paralysis stage too and I need some coding buddies, where would I find some? How would I approach them?

    Read the article

  • How closely related is music composition to coding?

    - by ehsanul
    It seems to me as if there are a higher proportion of musicians in the programming field than in the general public. Maybe it's just an illusion caused by the fact that I'm an amateur guitarist myself, so I tend to notice coding musicians (or musical coders?) more. But I wonder if there really is some connection. Perhaps a shared set of skills or an innate quality that makes it more likely for someone who enjoys programming to also enjoy playing and composing music. How closely related is music composition to coding? I'd especially like to hear from the musicians around here.

    Read the article

  • Secure LAMP server for production use

    - by WalterJ89
    What is the procedure for securing a Linux, Apache, MySQL, PHP Server (or even Perl) for production use? Other than setting the MySql password and the root password for linux what other (maybe not so obvious) steps should be taken? Also what steps can I take if I was going to be extra paranoid that may not normally be nessasary? this is for a basic single site use but must be secure. Thank you. (sorry if this was asked before)

    Read the article

  • How to secure memcached?

    - by alfish
    In Debian, I have installed memcached (using this guide) to lower the otherwise unmanageable load on mysql database. The database is on a separate server, and memcached and Varnish are on the front server. Is it a potential security hole to leave memcached unprotected by a firewall? If so, how should I secure it? The situation is especially worrisome,as I've received (unproved) reports of cookie thefts on the server. Thanks

    Read the article

  • Secure email crashes Outlook 2007

    - by Josh
    I have a number of secure emails sent to my Outlook 2007 client. Most arrive fine and display the prompt with regards to granting access to the certificate and then open. Today I received two that crash Outlook whenever I try to open them. I've tried restarting Outlook and my computer but still have the same problem. Any ideas what might be causing this, and how I can fix it? I'm working on Windows Vista Ultimate 64-bit.

    Read the article

  • Frameworks And 'traditional' coding

    - by YsoL8
    Hello Sorry if this too open ended for this forum, but here goes. I mostly use languages such as PHP and Javascript without frameworks (e.g Jquery, Drupal, CakePHP). The only real exception to this for me, is Wordpress when 'traditional' coding is slower for building information sites. I've dabbled with several frameworks over the past year and despite everyone else's (seemingly) good experiences with them, I seem to of hit a roadblock. My basic problem is that for the amount of time invested in effectively relearning a language, I don't get a lot in return. Jqeury as an example. There is really very little in that, that I couldn't accomplish easily with a few getElement.. commands. So my question is, what advantages do frameworks offer over previous coding styles? Thanks from 2003 guy!

    Read the article

  • hMailserver: Secure SMTP SetUP - Trusted Cert Issue

    - by Peter
    I'm trying to configure hMailserver with a 3rd party SSL cert. I'v 1) Installed the SSL key & cert 2) Placed the hash named CA and intermediate in to the \externals\cs folder Now, the connection between the mail client and the server is secure and works. The issue is that mail clients outlook, apple mail, others issue an untrusted cert warning. I've followed several threads on the forums, but none seem to solve this problem

    Read the article

  • Secure linux distro that sends traffic through Tor

    - by gravestone
    I'm looking for a live Linux distro that is secure and preserves my anonymity online. For what I need, Tor seems to do the job – but such software requires configuration that someone who is not knowledgeable in how it works might find difficult. I was looking at 'Lightweight portable security' but it does not specify whether it sends all traffic through Tor. Does anyone know more information about it and/or any other such live Linux distro?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >