Search Results

Search found 8250 results on 330 pages for 'dunn less'.

Page 23/330 | < Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >

  • Is reliance on parametrized queries the only way to protect against SQL injection?

    - by Chris Walton
    All I have seen on SQL injection attacks seems to suggest that parametrized queries, particularly ones in stored procedures, are the only way to protect against such attacks. While I was working (back in the Dark Ages) stored procedures were viewed as poor practice, mainly because they were seen as less maintainable; less testable; highly coupled; and locked a system into one vendor; (this question covers some other reasons). Although when I was working, projects were virtually unaware of the possibility of such attacks; various rules were adopted to secure the database against corruption of various sorts. These rules can be summarised as: No client/application had direct access to the database tables. All accesses to all tables were through views (and all the updates to the base tables were done through triggers). All data items had a domain specified. No data item was permitted to be nullable - this had implications that had the DBAs grinding their teeth on occasion; but was enforced. Roles and permissions were set up appropriately - for instance, a restricted role to give only views the right to change the data. So is a set of (enforced) rules such as this (though not necessarily this particular set) an appropriate alternative to parametrized queries in preventing SQL injection attacks? If not, why not? Can a database be secured against such attacks by database (only) specific measures? EDIT Emphasis of the question changed slightly, in the light of the initial responses received. Base question unchanged. EDIT2 The approach of relying on paramaterized queries seems to be only a peripheral step in defense against attacks on systems. It seems to me that more fundamental defenses are both desirable, and may render reliance on such queries not necessary, or less critical, even to defend specifically against injection attacks. The approach implicit in my question was based on "armouring" the database and I had no idea whether it was a viable option. Further research has suggested that there are such approaches. I have found the following sources that provide some pointers to this type of approach: http://database-programmer.blogspot.com http://thehelsinkideclaration.blogspot.com The principle features I have taken from these sources is: An extensive data dictionary, combined with an extensive security data dictionary Generation of triggers, queries and constraints from the data dictionary Minimize Code and maximize data While the answers I have had so far are very useful and point out difficulties arising from disregarding paramaterized queries, ultimately they do not answer my original question(s) (now emphasised in bold).

    Read the article

  • EOL of MySQL Forge

    - by Keith Larson
    Forge was intended to be a community wiki resource for sharing information with each other.   However, over the last few years, we have seen Forge used less and less by MySQL Community, and more by spammers. What happened? MySQL Worklogs and MySQL Internals documentation will be moved to dev.mysql.com and with new anti spam measures in place. The MySQL Wiki, which was the primary focus of forge.mysql.com has been migrated to https://wikis.oracle.com/display/mysql MySQL Forge will EOL on August 1st 2012.

    Read the article

  • Almost time to hit the road again

    - by Chris Williams
    I’ve had a few months of not much traveling, but now that the weather is improving… conference season is starting up again. That means it’s time for me to start hitting the road. In June, I have Tech Ed 2010 in New Orleans, LA. I lived in New Orleans for several years, both as military and civilian and I have a few friends still down there. I haven’t been there since before Hurricane Katrina, so I have mixed feelings about returning… but I am still looking forward to it. Also in June, I have Codestock in Knoxville, TN. Codestock is one of my favorite events, primarily because of the excellent people that speak there and also attend sessions. It’s a great mix of people and technologies. Sometime in July or August, I’m headed to Austin, TX for a couple days. I don’t know the exact date yet, but if you have an event down there in that timeframe, let me know and maybe we can sort something out. In September, I’m heading to Seattle for my first PAX (Penny Arcade Expo.)  I’m going strictly as an attendee and it looks like a LOT of fun. Really excited to check it out. Also in September, I’m headed to Omaha for the Heartland Developers Conference. This is a FANTASTIC event, and certainly one of my local favorites. (I guess local is relative, it’s about a 6 hour drive.) In addition to speaking on WP7, I’ll be doing a series of hands on labs on XNA they day before the conference starts, so that should be a lot of fun as well.   In addition to all this stuff, I have my own XNA User Group to take care of. In August, Andy “The Z-Man” Dunn is coming to speak and check out the various food on a stick offerings at the Minnesota State Fair!

    Read the article

  • I want a trivial example of where MongoDB can scale but a relational database will have trouble

    - by Ryan Weir
    I'm just learning to use MongoDB, and when discussing with other programmers would like a quick example of why NoSQL can be a good choice compared to a traditional RDBMS - however the scenarios I come up with and can find online seem pretty contrived. E.g. a blog with lots of traffic could be represented relationally, but will require some performance tuning and joins across tables (assuming full denormalization is being used). Whereas MongoDB would allow direct retrieval from one collection to the same effect. But the response I'm getting from other programmers is "why not just keep it relational and then add some trivial caching later?" Does anybody have a less contrived example where MongoDB will really shine and a relational db will fall over much quicker? The smaller the project/system the better, because it leaves less room for disagreement. Something along the lines of the complexity of the blog example would be really useful. Thanks.

    Read the article

  • Assign keys to commands in Terminal?

    - by NES
    Is there a solution to assign special key combinations to words in terminal use. For example the less command is very usefull and i use i a lot to pipe the output of another process through it. The idea would be to set up special key combinations that are only active in terminal use assigned to write different commands? So pressing CTRL + l in terminal window could write | less or CTRL + G could stand for | grep Note: i just mean adding the letters to commandline not execute the finally. A similar way what's tabcompletion but more specific.

    Read the article

  • What are other ideologies to establish relationships between distinct users besides followers/following and friends?

    - by user784637
    Websites like myspace and facebook establish relationships between distinct users using the "friending" ideology, where one user sends a request to be accepted by another user in order for them to have the mutual permission to do stuff like post messages on each others walls. Less restrictive than the "friending" ideology, Twitter and instagram use the followers/following ideology where you can subscribe to the tweets or posts of another user without their permission. Less restrictive than the "followers/following" ideology, email and calling someone on the phone allows you to directly contact anyone. Are there other ideologies that have been successfully implemented either in social networking sites or other real world constructs to establish relations between users?

    Read the article

  • Command line options style - POSIX or what?

    - by maaartinus
    Somewhere I saw a rant against java/javac allegedly using a mix of Windows and Unix style like java -classpath ... -ea ... Something IMHO, it is no mix, it's just like find works as well, isn't it? AFAIK, according to POSIX, the syntax should be like java --classpath ... --ea ... Something and -abcdef would mean specifying 6 short options at once. I wonder which version leads in general to less typing and less errors. I'm writing a small utility in Java and in no case I'm going to use Windows style /a /b since I'm interested primarily in Unix. What style should I choose?

    Read the article

  • SOA Cloud and Service Technology Symposium December 4-5th 2013 in Mexico

    - by JuergenKress
    Do you want to attend the SOA; Cloud and Service Technology Symposium December 4-5th 2013 in Mexico? Please feel free to use the promotional code “Q14CB324” for a 50% discount. Here are the Conference presentations from Partners and Oracle: "Cloud Service Brokers" Jürgen Kress, Oracle, Rolando Carrasco, S&P Solutions "Fast Data - Delivering High-Velocity and Volume Big Data Business Value in Real Time" Robin Smith, Oracle, Robert Greene, Oracle "Unlocking the Value of Big Data" Raul Goycoolea Seoane, Oracle "Modeling Business Process Architecture on BPMN 2.0 and Decomposing it to Service Inventory" Jorge Heredia, Itehl Consulting "BPM and Dynamic/Adaptive Case Management - Friends or Foes?" Manas Deb, Oracle "Building SOA and MDM Solutions to Enable Cloud Adoption" Luis Weir, HCL, John Dunn, HCL "Secure Applications in the Cloud: Security & Privacy Patterns and Mechanisms" Ricardo Puttini, University of Brasília, Anderson Nascimento, University of Brasília "SOA, Data Grids, Mobile and Clouds - Where Next for SOA?" Matt Brasier, C2B2 Consulting LTD "Achieving Greater Responsiveness with BPM" Andre Boaventura, Oracle Do you want to meet the Oracle team at the conference? Please send us a message on twitter @soacommunity. Do you want to network at the conference? Please use the #soacommunity. For details and registrations please visit the conference website. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Facebook Wiki Mix Forum Technorati Tags: SOA Symposium,Thmas Erl,Service Technolgy Symosium,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

    Read the article

  • How do I prevent useless content load on the page in responsive design?

    - by Ícaro Leandro
    In responsive design, elements are hidden in the page with @media queries and display: none in CSS. Ok. In my design however browsers that have less than 800px in width should avoid loading some content at all. When accessed with on a device with more than 800px of screen, the page loads fully. In mobile devices or even on desktop with less than 800px of width some content is hidden. I want to make the page load faster for low-resolution devices and avoid loading chunks of content that the user will never see. How can I go about this?

    Read the article

  • Just being hired as a senior developer, never even been a junior developer, what should I expect?

    - by Mark James
    I've been a freelancer and a coder by night for a while, and recently, I've been hired after several levels of interviews in a nice NY company, even though I've some lacks in specific fields. Is this common for companies to hire seniors with less experience? Will they wait some weeks to respect a certain learning curve? I don't know anything about working in a company, so that's why I worry. After one week, I'm still checking and exploring sources, but after one week of work, it seems that some coworkers are considering that I'm slow. I'm good in maths, physics, algorithms, but still I need to learn about all the templates used in this company. Anyone here already received a less-experienced senior member in his team? Is this acceptable? I'm planing on having a meeting with my boss to stop worrying about that. Sounds like a good idea?

    Read the article

  • Continuous integration testing server: hosted, own desktop, or own server

    - by Victor
    For testing, I am planning to run a continuous integration testing. There are mainly two options: hosted, or own desktop/server. I will break it into 3 options I have: Hosted: Economical, $10-20/month for a small app Less setup, the CI company manage all hardware and software Desktop: I could just buy a simple, cheap desktop as a test server (about $500). Used server: My current office is offloading some old Dell rack server (Probably dual core Xeon, which I can purchase for $50 or less Please advise me which best serves me for a small team of 2-3 developers. Thanks.

    Read the article

  • What level/format of access should be given to a client to the issue tracking system?

    - by dukeofgaming
    So, I used to think that it would be a good idea to give the customer access to the issue tracking system, but now I've seen that it creates less than ideal situations, like: Customer judging progress solely on ticket count Developers denied to add issues to avoid customer thinking that there is less progress Customer appointing people on their side to add issues who don't always do a good job (lots of duplicate issues, insufficient information to reproduce, and other things that distract people from doing their real job) However, I think customers should have access to some indicators or proof that there is progress being done, as well as a right to report bugs. So, what would be the ideal solution to this situation?, specially, getting out of or improving the first situation described?

    Read the article

  • Cutting the Cable: The State of Internet-based TV [Infographic]

    - by Jason Fitzpatrick
    If you’ve been turning your cable box on less and watching more shows online, you’re certainly not alone. Check out this infographic look at the state of TV distribution in the digital age to see how everyone is getting their TV fix. People are watching more media online, less from traditional distribution channels, and in a more mobile and selective way than ever before. Hit up the link below to check out the full infographic with a shake down of how media consumption has shifted and who is jockeying for a slice of the consumers’ attention. Cutting the Cable: The State of Internet-based TV [Daily Infographic] How to Enable Google Chrome’s Secret Gold IconHow to Create an Easy Pixel Art Avatar in Photoshop or GIMPInternet Explorer 9 Released: Here’s What You Need To Know

    Read the article

  • Google+ Platform Office Hours for May 16th, 2012: Hangouts API v1.1

    Google+ Platform Office Hours for May 16th, 2012: Hangouts API v1.1 This week we discussed the latest release of the Hangouts API, v1.1. JD Salazar and Richard Dunn from the Hangouts API engineering team joined us to help your answer questions. Discussion this session on Google+: goo.gl You can learn more about our office hours here: goo.gl 0:29 - Introductions 2:50 - Richard gives us an overview of what's new in Hangouts API v1.1 8:57 - What are the default scales for the static overlays? 9:25 - Will the static overlay scale ratio change during the hangout? 10:13 - What is the resolution of the feed? How do I ensure my overlays match the quality? 12:49 - How do I know if an image resource has failed to load? 16:33 - Can we have animated gifs as overlays? 19:44 - Loaded overlays do not clear upon deletion. How many can I load before I encounter issues? 21:48 - Are sound overlays played to all participants or only locally? What about sound cancellation? 23:27 - How do you uninstall a Hangout app? 25:41 - Can I make an app that uses drag and drop onto the film strip? 26:55 - Can we embed participant thumbnails elsewhere on the screen? 28:33 - How can I determine a consistent ordering for hangout participants? 31:35 - Can I access Picasa photos uploaded by another user within a hangout? Gerwin demonstrates his solution. 31:14 - How do I know when my hangout app has been unloaded for the purposes of doing cleanup? 39:28 - Will face tracking ever support multiple faces? 40:41 - Can I use WebGL in a hangouts app? 42:09 - I'm having issues with <b>...</b> From: GoogleDevelopers Views: 2032 18 ratings Time: 53:05 More in Science & Technology

    Read the article

  • Choosing a mobile advertising mediator over going it alone

    - by Notbad
    We have finished our first game for IOS/Android. We would like to give it away adding ads to it. I have been reading a lot about the subject but it is a bit overwhelming for starters. From what I read, it seems there are some important points to have into consideration: 1) Do as much localization as you can (target your audience with ads they could be interested for the zone they live in). 2) Do not over advertise in your application. At this moment we have decided to go with AdMob. It seems an easy option to setup for beginners and have a good set of ad networks. My question is, will we earn less for example for iAds using adMob than implementing iAds without a mediator? Are adMob paying less than others (this is what I remember for some artilces I read)?. It would be nice to hear from people with experience on this to let us light our way a bit.

    Read the article

  • MOSSLover Lives On&hellip;

    - by MOSSLover
    A while back, maybe 6 months, I got some bad news about 2010.  Microsoft was removing Office from the MOSS equivalent of 2010, so basically my alias would be obsolete the second 2010 caught on in the community.  I thought about it for some time.  I had some discussions with friends in the community.  I even noticed that the MOSSMan changed his twitter id.  I started my blog around a WSS 3.0 project when I worked for LRS in there St. Louis Office in February/March 2007.  So I think it’s fitting to keep the name, because my community involvement centers around 2007.  My first ever speaking ordeal was at the Kansas City Office Geeks meeting in November of 2007 on Disaster Recovery where about three people attended.  The first user group meeting I ever attended was around the month of June 2007 at the KC .Net User Group about two weeks after my braces were installed.  It’s definitely fitting to say that 2007 paved the way for everything that happened in the past 2/2 1/2 years.  If anyone asks what MOSSLover means I added a description on twitter and I also added my name.  I added my name for other reasons, because I’m sick of people thinking I am the guy in the photo.  Also, I’d like people to recognize me for who I am.  Everyone should expect less of the hat in the upcoming year and more of my hair.  I’ve taken a vow to wear the hat less and less this year.  I am sick of buying hats, plus I want to move forward to gain more self confidence.  The hat does not really help.  I will still wear a t-shirt and jeans in most of my presentations.  That is who I am and it will not change any time soon.  If you expect to see me in a skirt good luck with that as it won’t be happening unless I am forced at gun point.  I hope you guys have a good weekend.  Later all… Technorati Tags: MOSSLover,Cardinal's Hat,Becky Isserman

    Read the article

  • How do you assign commands to keys in Terminal?

    - by NES
    Is there a solution to assign special key combinations to words in terminal use. For example the less command is very usefull and i use i a lot to pipe the output of another process through it. The idea would be to set up special key combinations that are only active in terminal use assigned to write different commands? So pressing CTRL + l in terminal window could write | less or CTRL + G could stand for | grep Note: i just mean adding the letters to commandline not execute the finally. A similar way what's tabcompletion but more specific.

    Read the article

  • Google+ Platform Office Hours for April 25, 2012: Q&A with the Hangouts API Team

    Google+ Platform Office Hours for April 25, 2012: Q&A with the Hangouts API Team This week we were joined by Richard Dunn of the Hangouts API team who answered questions about the Hangouts API. Discuss this video on Google+: goo.gl 1:09 - What's going on with the Hangouts API? 3:43 - Jason shares information about his current projects 5:40 - Can I prevent a Hangout app from running within a Hangout On Air? 8:05 - Can we have APIs to control On Air features? 10:05 - Could a Silverlight / JavaScript bridge be created so we can use them in Hangout Apps? 12:01 - Is there a way to obfuscate the code for a Hangouts app? 15:24 - Are there plans to consolidate the various comment and chat channels for Hangouts On Air? 18:53 - When will Hangouts On Air come to Android? 20:48 - How can I access the OAuth token from the API? - developers.google.com 22:39 - When will we have Hangout apps on the mobile devices? 24:57 - Is it possible to search for 2 or more hash tags via the search REST API? 25:45 - Will we see a PHP REST API demo today? 26:20 - How can I restrict usage of a Hangout app? 30:07 - How do you hold a hangout that is simulcast on YouTube? 31:07 - Why do users show up as empty objects before they've authorized the app? 32:52 - What are the best practice for storing user specific configuration? 38:06 - Is anyone doing in application payment? 39:22 - Has anyone written any books about Hangout apps? From: GoogleDevelopers Views: 1619 19 ratings Time: 42:04 More in Science & Technology

    Read the article

  • MySQL vs. SQL Server GoDaddy, What is the difference between hosted DB and App_Data Db

    - by Nate Gates
    I'm using GoDdady for site hosting, and I'm currently using MySQL, because there are less limits on size,etc. My question is what is the difference between using a hosted GoDaddy Db such as MySQL vs. creating a SQL Server database in the the App_Data folder? My guess is security? Would it be a bad idea to use a SQL ServerDB that's located in the App_Data folder? Additional Well I am able to create a .mdf (SQL Server DB file) in the App_Data folder, but I'm really unsure if should use that or not, If I did use it it would simplify using some of the Microsoft tools. Like I said my guess is that it would be less secure, but I don't really know. I know I have a 10gb, file system limit, so I'm assuming my db would have to share that space.

    Read the article

  • How do I balance program CPU reverse compatibility whist still being able to use cutting edge features?

    - by TheLQ
    As I learn more about C and C++ I'm starting to wonder: How can a compiler use newer features of processors without limiting it just to people with, for example, Intel Core i7's? Think about it: new processors come out every year with lots of new technologies. However you can't just only target them since a significant portion of the market will not upgrade to the latest and greatest processors for a long time. I'm more or less wondering how this is handled in general by C and C++ devs and compilers. Do compilers make code similar to if SSE is supported, do this using it, else do that using the slower way or do developers have to implement their algorithm twice, or what? More or less how do you release software that takes advantage of newer processor technologies while still keeping a low common denominator?

    Read the article

  • Easy Server-Side Language

    - by Nizar
    Most of programming languages (Server-side languages for web development) needs a learning curve and requires some time to learn. However, I'm sure there is a difference between them. So, for example you can master the 'X' language in less time than the 'Y' language. I'm a beginner in web development, meaning that I just know HTML and CSS and now want to choose the right tool for building dynamic sites. What I'm looking for is a language that is easy to master in less time than other languages. So, is there a language that can suit my needs? If so, please let me know about what should I learn in it? (for example, which frameworks?, libraries?, IDEs?, databases?, etc). In the end, I don't want to regret my choice of the language and want to learn solid basics in it and in programming in general.

    Read the article

  • Disqus 2012 comments NOT being indexed by Google

    - by Buckers
    We run a high-traffic website at http://www.onedirection.net and we've been using Disqus throughout this year, initially to great effect. We accepted the upgrade to Disqus 2012 back in June, loving the increased user experience and the better community feel - albeit back to an Iframe again. However the fact we were specifically told that the comments are now being indexed by Google was great, and the dynamic nature of the iFrame suited our site (all our pages are cached, so by using Disqus the comments are updated straight away). However, it seems that the Disqus 2012 comments are not being indexed, and we've noticed an obvious fall in traffic over the last few months. Initially we didn't put this down to Disqus and focused on other issues (Google algorithm updates etc). But we're quickly coming down the reasoning that our pages now contain less indexable text, and we are getting less traffic because of this. We've tried emailing Disqus directly but they're very slow and don't seem keen to help. Any thoughts on this?

    Read the article

  • How is your working time distributed between coding and thinking?

    - by mojuba
    ...in percentage. For example 60/40 or 90/10 or 100/0. My hypothesis is that the bigger the proportion of time you spend thinking the smaller your code can be as a result (and the less time will be needed to write it down). Think more, write less, in other words. Do you think it is true? As a side note, I think in typical software companies thinking is not part of the culture anyway: you are usually supposed to be sitting there at your computer typing something. You will almost definitely be noticed by your managers if you wander about with a blank look thinking over your next steps with your code. Too bad.

    Read the article

  • USB Mouse stutters periodically

    - by greggory.hz
    I'm using an HP dv6000 (not sure of exact model) with a pretty basic Logitech wireless laptop mouse. From time to time, the USB mouse will be very stuttery and less responsive. Not all clicks register and the motion is not smooth. It seems like it's related to the notify-osd coming up when I get an IM or Email or whatever else, but it happens other times as well. It's not the whole computer becoming less responsive, because if I use the touch pad during one of these fits, it works perfectly smooth. I've replaced the batteries in the mouse and have tried different USB ports with better line of sight, etc. I can't figure out what's going on. Any thoughts?

    Read the article

< Previous Page | 19 20 21 22 23 24 25 26 27 28 29 30  | Next Page >