Search Results

Search found 12490 results on 500 pages for 'property injection'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 3/500 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Rails SQL injection?

    - by yuval
    In Rails, when I want to find by a user given value and avoid SQL injection (escape apostrophes and the like) I can do something like this: Post.all(:conditions => ['title = ?', params[:title]]) I know that an unsafe way of doing this (possible SQL injection) is this: Post.all(:conditions => "title = #{params[:title]}") My question is, does the following method prevent SQL injection or not? Post.all(:conditions => {:title => params[:title]})

    Read the article

  • Avoid SQL Injection with Parameters

    - by simonsabin
    The best way to avoid SQL Injection is with parameters. With parameters you can’t get SQL Injection. You only get SQL Injection where you are building a SQL statement by concatenating your parameter values in with your SQL statement. Annoyingly many TSQL statements don’t take parameters, CREATE DATABASE for instance, or really annoyingly ALTER USER. In these situations you have to rely on using QUOTENAME or REPLACE to avoid SQL Injection. (Kimberly Tripp takes about this in her recent blog post Little...(read more)

    Read the article

  • objective c- property

    - by Amir
    Hello all , I think i am missing somthing with property attributes. first i cant understand the different between retain and assign? If i use assign does the property increase the retain counter by 1 to the setter and also to the getter, and i need to use release to both of them? and how this work with readwrite or copy? from the view of retain count. I am trying to understand when i need to use release after working with property(setter and getter) @property (readwrite,assign) int iVar; what does assing do here?? what is the different between : @property (readwrite,assign) int iVar; to @property (readwrite,retain) int iVar; to @property (readwrite) int iVar; many thanks...

    Read the article

  • SQLAlchemy - how to map against a read-only (or calculated) property

    - by Jeff Peck
    I'm trying to figure out how to map against a simple read-only property and have that property fire when I save to the database. A contrived example should make this more clear. First, a simple table: meta = MetaData() foo_table = Table('foo', meta, Column('id', String(3), primary_key=True), Column('description', String(64), nullable=False), Column('calculated_value', Integer, nullable=False), ) What I want to do is set up a class with a read-only property that will insert into the calculated_value column for me when I call session.commit()... import datetime def Foo(object): def __init__(self, id, description): self.id = id self.description = description @property def calculated_value(self): self._calculated_value = datetime.datetime.now().second + 10 return self._calculated_value According to the sqlalchemy docs, I think I am supposed to map this like so: mapper(Foo, foo_table, properties = { 'calculated_value' : synonym('_calculated_value', map_column=True) }) The problem with this is that _calculated_value is None until you access the calculated_value property. It appears that SQLAlchemy is not calling the property on insertion into the database, so I'm getting a None value instead. What is the correct way to map this so that the result of the "calculated_value" property is inserted into the foo table's "calculated_value" column?

    Read the article

  • Is reliance on parametrized queries the only way to protect against SQL injection?

    - by Chris Walton
    All I have seen on SQL injection attacks seems to suggest that parametrized queries, particularly ones in stored procedures, are the only way to protect against such attacks. While I was working (back in the Dark Ages) stored procedures were viewed as poor practice, mainly because they were seen as less maintainable; less testable; highly coupled; and locked a system into one vendor; (this question covers some other reasons). Although when I was working, projects were virtually unaware of the possibility of such attacks; various rules were adopted to secure the database against corruption of various sorts. These rules can be summarised as: No client/application had direct access to the database tables. All accesses to all tables were through views (and all the updates to the base tables were done through triggers). All data items had a domain specified. No data item was permitted to be nullable - this had implications that had the DBAs grinding their teeth on occasion; but was enforced. Roles and permissions were set up appropriately - for instance, a restricted role to give only views the right to change the data. So is a set of (enforced) rules such as this (though not necessarily this particular set) an appropriate alternative to parametrized queries in preventing SQL injection attacks? If not, why not? Can a database be secured against such attacks by database (only) specific measures? EDIT Emphasis of the question changed slightly, in the light of the initial responses received. Base question unchanged. EDIT2 The approach of relying on paramaterized queries seems to be only a peripheral step in defense against attacks on systems. It seems to me that more fundamental defenses are both desirable, and may render reliance on such queries not necessary, or less critical, even to defend specifically against injection attacks. The approach implicit in my question was based on "armouring" the database and I had no idea whether it was a viable option. Further research has suggested that there are such approaches. I have found the following sources that provide some pointers to this type of approach: http://database-programmer.blogspot.com http://thehelsinkideclaration.blogspot.com The principle features I have taken from these sources is: An extensive data dictionary, combined with an extensive security data dictionary Generation of triggers, queries and constraints from the data dictionary Minimize Code and maximize data While the answers I have had so far are very useful and point out difficulties arising from disregarding paramaterized queries, ultimately they do not answer my original question(s) (now emphasised in bold).

    Read the article

  • How to combine designable components with dependency injection

    - by Wim Coenen
    When creating a designable .NET component, you are required to provide a default constructor. From the IComponent documentation: To be a component, a class must implement the IComponent interface and provide a basic constructor that requires no parameters or a single parameter of type IContainer. This makes it impossible to do dependency injection via constructor arguments. (Extra constructors could be provided, but the designer would ignore them.) Some alternatives we're considering: Service Locator Don't use dependency injection, instead use the service locator pattern to acquire dependencies. This seems to be what IComponent.Site.GetService is for. I guess we could create a reusable ISite implementation (ConfigurableServiceLocator?) which can be configured with the necessary dependencies. But how does this work in a designer context? Dependency Injection via properties Inject dependencies via properties. Provide default instances if they are necessary to show the component in a designer. Document which properties need to be injected. Inject dependencies with an Initialize method This is much like injection via properties but it keeps the list of dependencies that need to be injected in one place. This way the list of required dependencies is documented implicitly, and the compiler will assists you with errors when the list changes. Any idea what the best practice is here? How do you do it? edit: I have removed "(e.g. a WinForms UserControl)" since I intended the question to be about components in general. Components are all about inversion of control (see section 8.3.1 of the UMLv2 specification) so I don't think that "you shouldn't inject any services" is a good answer. edit 2: It took some playing with WPF and the MVVM pattern to finally "get" Mark's answer. I see now that visual controls are indeed a special case. As for using non-visual components on designer surfaces, I think the .NET component model is fundamentally incompatible with dependency injection. It appears to be designed around the service locator pattern instead. Maybe this will start to change with the infrastructure that was added in .NET 4.0 in the System.ComponentModel.Composition namespace.

    Read the article

  • When to use "property" builtin: auxiliary functions and generators

    - by Seth Johnson
    I recently discovered Python's property built-in, which disguises class method getters and setters as a class's property. I'm now being tempted to use it in ways that I'm pretty sure are inappropriate. Using the property keyword is clearly the right thing to do if class A has a property _x whose allowable values you want to restrict; i.e., it would replace the getX() and setX() construction one might write in C++. But where else is it appropriate to make a function a property? For example, if you have class Vertex(object): def __init__(self): self.x = 0.0 self.y = 1.0 class Polygon(object): def __init__(self, list_of_vertices): self.vertices = list_of_vertices def get_vertex_positions(self): return zip( *( (v.x,v.y) for v in self.vertices ) ) is it appropriate to add vertex_positions = property( get_vertex_positions ) ? Is it ever ok to make a generator look like a property? Imagine if a change in our code meant that we no longer stored Polygon.vertices the same way. Would it then be ok to add this to Polygon? @property def vertices(self): for v in self._new_v_thing: yield v.calculate_equivalent_vertex()

    Read the article

  • Which Dependency Injection Tool Should I Use? (2)

    - by Mendy
    The original post is: Which Dependency Injection Tool Should I Use? While the original post is good, in this days I see a lot of people using StructureMap as their Dependency Injection tool, and in the original post no one even took it seriously. In addition, this quote: If I had to choose today: I would probably go with StructureMap. It has the best support for C# 3.0 language features, and the most flexibility in initialization. Which Dependency Injection Tool Should I Use? Out of this ones: Unity Framework - Microsoft StructureMap - Jeremy Miller Castle Windsor NInject Spring Framework Autofac Managed Extensibility Framework

    Read the article

  • Xpath Injection detection Tool

    - by preeti
    Hi, I am working on xpath Injection attack, so looking forward to build a tool to detect xpath Injection Tool in a website.Is web crawling and scanning be used for this? What can be the Logic to detect it? Are there any open source tools to detect it, so that i can develop it in Java by looking at logic used in that code. Thank You.

    Read the article

  • is there any chance of sql injection through selectbox( dynamically created or static)

    - by I Like PHP
    Hello All, i want to know that is there any chance of SQL injection via selectbox options? if yes then will u please show some demonstration(or refer any link). and also tell me how do we prevent sql injection in selectbox.(using PHP MYSQL) one more: if i create a selectbox dynamically( based on options of another select box) then is there any chance of SQLinjection? Thanking you.

    Read the article

  • Property being immediately reset by ApplicationSetting Property Binding

    - by Slider345
    I have a .net 2.0 windows application written in c#, which currently uses several project settings to store user configurations. The forms in the application are made up of lots of user controls, each of which have properties that need to be set to these project settings. Right now these settings are manually assigned to the user control properties. I was hoping to simplify the code by replacing the manual implementation with ApplicationSettings Property Bindings. However, my first property is not behaving properly at all. The setting is an integer, used to record a port number typed into a text box. The setting is bound to an integer property on a user control, and that property sets the Text property on a TextBox control. When I type a new value into the textbox at runtime, as soon as the textbox loses focus, it is immediately replaced by the original value. A breakpoint on the property shows that it is immediately setting the property to the setting from the properties collection after I set it. Can anyone see what I'm doing wrong? Here's some code: The setting: [global::System.Configuration.UserScopedSettingAttribute()] [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] [global::System.Configuration.DefaultSettingValueAttribute("1000")] public int Port { get{ return ((int)(this["Port"])); } set{ this["Port"] = value; } } The binding: this.ctrlNetworkConfig.DataBindings.Add(new System.Windows.Forms.Binding("PortNumber", global::TestProject.Properties.Settings.Default, "Port", true, System.Windows.Forms.DataSourceUpdateMode.OnPropertyChanged)); this.ctrlNetworkConfig.PortNumber = global::TestProject.Properties.Settings.Default.Port; And lastly, the property on the user control: public int PortNumber { get{ int port; if(int.TryParse(this.txtPortNumber.Text, out port)) return port; else return 0; } set{ txtPortNumber.Text = value.ToString(); } } Any thoughts? Thanks in advance for your help. EDIT: Sorry about the formatting, trying to correct.

    Read the article

  • Are multiline queries sql-injection safe?

    - by acmatos
    This might be a stupid question. Or maybe my hacking skills are limited (I don't practice them at all). I have a query that looks like this: <?php $query =<<<eot SELECT table_x.field1, table_x.field2, table_y.*, table_z.field4 FROM ( SELECT ... ) as table_y LEFT JOIN table_x ON table_x.field1 = table_y.field_x LEFT JOIN table_z ON table_z.field1 = table_y.field_z WHERE table_x.field3 = '$something' AND table_z.field4 = '1' AND table_z.field5 = '2' eot; ?> I have a lot of other tests on $something before it gets used, like $something = explode(' ',$something); (which later result in a string) none of them intend to prevent injection but they make it hard for the given injection to get as is to the actual query. However, there are ways. We all know how easy it is to replace a space for something else which is still valid.. So, it's not really a problem to make a potentially harmful piece of SQL reach that $something... But is there any way to comment the rest of the original query string if it is multi-line? I can comment AND table_z.field4 = '1' using ;-- but can't comment the following AND table_z.field5 = '2' Is it possible to open a multi-line comment /* without closing it or something looked like and therefore allow the injection to ignore the multi-line query?

    Read the article

  • Conflict When Two Storyboards Sets the Opacity Property?

    - by kennethkryger
    Hi, Background: I have a WPF UserControl (MainControl - not shown in code below) that contains another one (called MyControl in the code below). MainControl has it's DataContext set to an object, that has a Project-property. When MainControl loads, the Project-property is always null. The problem: When MainControl loads, I want to fade in the MyControl using a special storyboard (only used this one time (this "specialFadeInStoryboard" changes Opacity-property of MyControl from 0 to 1). When the Project-property is set to a value other than null, I want the MyControl to fade out using the "fadeOutStoryboard" (changes Opacity-property of MyControl to 0) and if it's set to null afterwards I want to fade it in again this time using the "fadeInStoryboard" (changes Opacity-property of MyControl to 1). However, after adding the code for the "specialFadeInStoryboard", the MyControl is never faded out... What am I doing wrong? <local:MyControl Visibility="{Binding RelativeSource={RelativeSource Self}, Path=Opacity, Converter={StaticResource opacityToVisibilityConverter}, Mode=OneWay}"> <local:MyControl.Style> <Style> <Style.Triggers> <EventTrigger RoutedEvent="FrameworkElement.Loaded"> <BeginStoryboard Storyboard="{StaticResource specialFadeInStoryboard}"/> </EventTrigger> <DataTrigger Binding="{Binding Project, Converter={StaticResource nullToBooleanConverter}, Mode=OneWay}" Value="True"> <DataTrigger.EnterActions> <BeginStoryboard Storyboard="{StaticResource fadeOutStoryboard}"/> </DataTrigger.EnterActions> <DataTrigger.ExitActions> <BeginStoryboard Storyboard="{StaticResource fadeInStoryboard}"/> </DataTrigger.ExitActions> </DataTrigger> </Style.Triggers> </Style> </local:MyControl.Style> </local:MyControl>

    Read the article

  • Generic property- specify the type at runtime

    - by Lirik
    I was reading a question on making a generic property, but I'm a little confused at by the last example from the first answer (I've included the relevant code below): You have to know the type at compile time. If you don't know the type at compile time then you must be storing it in an object, in which case you can add the following property to the Foo class: public object ConvertedValue { get { return Convert.ChangeType(Value, Type); } } That's seems strange: it's converting the value to the specified type, but it's returning it as an object when the value was stored as an object. Doesn't the returned object still require un-boxing? If it does, then why bother with the conversion of the type? I'm also trying to make a generic property whose type will be determined at run time: public class Foo { object Value {get;set;} Type ValType{get;set;} Foo(object value, Type type) { Value = value; ValType = type; } // I need a property that is actually // returned as the specified value type... public object ConvertedValue { get { return Convert.ChangeType(Value, ValType); } } } Is it possible to make a generic property? Does the return property still require unboxing after it's accessed?

    Read the article

  • How to assign class property as display data memeber in datagridview

    - by KoolKabin
    hi guys, I am trying to display my data in datagridview. I created a class with different property and used its list as the datasource. it worked fine. but i got confused how to do that in case we have nested class. My Classes are as follows: class Category property UIN as integer property Name as string end class class item property uin as integer property name as string property mycategory as category end class my data list as follows: dim myDataList as list(of Item) = new List(of Item) myDataList.Add(new Item(1,"item1",new category(1,"cat1"))) myDataList.Add(new Item(2,"item2",new category(1,"cat1"))) myDataList.Add(new Item(3,"item3",new category(1,"cat1"))) myDataList.Add(new Item(4,"item4",new category(2,"cat2"))) myDataList.Add(new Item(5,"item5",new category(2,"cat2"))) myDataList.Add(new Item(6,"item6",new category(2,"cat2"))) Now I binded the datagridview control like: DGVMain.AutoGenerateColumns = False DGVMain.ColumnCount = 3 DGVMain.Columns(0).DataPropertyName = "UIN" DGVMain.Columns(0).HeaderText = "ID" DGVMain.Columns(1).DataPropertyName = "Name" DGVMain.Columns(1).HeaderText = "Name" DGVMain.Columns(2).DataPropertyName = "" **'here i want my category name** DGVMain.Columns(2).HeaderText = "category" DGVMain.datasource = myDataList DGVMain.refresh() I have tried using mycategory.name but it didn't worked. What can be done to get expected result? Is there any better idea other than this to accomplish the same task?

    Read the article

  • MVVM application architecture, where to put dependency injection configuration class, BusinessLayer and Common interfaces?

    - by gt.guybrush
    Planning my architecture for an MVVM application I come to this: MyApp.UI View MyApp.BusinessLayer ViewModel MyApp.DataAccessLayer RepositoryImplEF MyApp.DomainLayer DomainObject RepositoryInterface MyApp.Common Logging Security Utility (contains some reflection method used by many levels) CustomException MyApp.UnitTest I was inspired by Domain-driven-desing, test-driven-development and onion architecture but not sure to have done all well. I am not sure of a couple of things: where to put dependency injection configuration class? In the common project? where to put BusinessLayer interfaces? in Domain layer? where to put Common interfaces? in Domain layer? But Common in referenced from domain (for some reflection utilities and for DI if the response to 1. is yes) and circular reference isn't good

    Read the article

  • Dependency Injection Constructor Madness

    - by JP
    I find that my constructors are starting to look like this: public MyClass(Container con, SomeClass1 obj1, SomeClass2, obj2.... ) with ever increasing parameter list. Since "Container" is my dependency injection container, why can't I just do this: public MyClass(Container con) for every class? What are the downsides? If I do this, it feels like I'm using a glorified static. Please share your thoughts on IoC and Dependency Injection madness. Thanks in advance. -JP

    Read the article

  • Dependency Injection book recommendation(s)

    - by Portman
    It seems like there are very few books (yes, I read books) on Dependency Injection. The Amazon tag for "dependency injection" lists only a few titles, and all of them are specifically about Spring for Java. Are there any books out there that cover DI/IoC in general? Or any that include a survey of multiple DI frameworks? Or any that cover .NET in lieu of or in addition to Java? Or do we have to rely on this newfangled interweb instead of dead trees...

    Read the article

  • How to use Dependency Injection with ASP.NET

    - by Schneider
    I am trying to work out a way to use Dependency Injection with ASP.NET controls. I have got lots of controls that create repositories directly, and use those to access and bind to data etc. I am looking for a pattern where I can pass repositories to the controls externally (IoC), so my controls remain unaware of how repositories are constructed and where they come from etc. I would prefer not to have a dependency on the IoC container from my controls, therefore I just want to be able to construct the controls with constructor or property injection. (And just to complicate things, these controls are being constructed and placed on the page by a CMS at runtime!) Any thoughts?

    Read the article

  • Spring constructor injection of SLF4J logger - how to get injection target class?

    - by disown
    I'm trying to use Spring to inject a SLF4J logger into a class like so: @Component public class Example { private final Logger logger; @Autowired public Example(final Logger logger) { this.logger = logger; } } I've found the FactoryBean class, which I've implemented. But the problem is that I cannot get any information about the injection target: public class LoggingFactoryBean implements FactoryBean<Logger> { @Override public Class<?> getObjectType() { return Logger.class; } @Override public boolean isSingleton() { return false; } @Override public Logger getObject() throws Exception { return LoggerFactory.getLogger(/* how do I get a hold of the target class (Example.class) here? */); } } Is FactoryBean even the right way to go? When using picocontainers factory injection, you get the Type of the target passed in. In guice it is a bit trickier. But how do you accomplish this in Spring?

    Read the article

  • Is dependency injection possible for JSP beans?

    - by kazanaki
    This may be a long shot question.. I am working on an application that is based on JSP/Javascript only (without a Web framework!) Is there a way to have depencency injection for JSP beans? By jsp beans I mean beans defined like this <jsp:useBean id="cart" scope="session" class="session.Carts" /> Is there a way/library/hack to intercept the bean creation so that when "cart" is referenced for the first time, some some of injection takes place? Can I define somewhere a "listener" for JSP beans (like you can do for JSF beans for example)? I am free to do anything I want in the back-end, but I cannot add a web framework in the front-end (Don't ask!)

    Read the article

  • How to assign class property as display data member in datagridview

    - by KoolKabin
    hi guys, I am trying to display my data in datagridview. I created a class with different property and used its list as the datasource. it worked fine. but I got confused how to do that in case we have nested class. My Classes are as follows: class Category property UIN as integer property Name as string end class class item property uin as integer property name as string property mycategory as category end class my data list as follows: dim myDataList as list(of Item) = new List(of Item) myDataList.Add(new Item(1,"item1",new category(1,"cat1"))) myDataList.Add(new Item(2,"item2",new category(1,"cat1"))) myDataList.Add(new Item(3,"item3",new category(1,"cat1"))) myDataList.Add(new Item(4,"item4",new category(2,"cat2"))) myDataList.Add(new Item(5,"item5",new category(2,"cat2"))) myDataList.Add(new Item(6,"item6",new category(2,"cat2"))) Now I binded the datagridview control like: DGVMain.AutoGenerateColumns = False DGVMain.ColumnCount = 3 DGVMain.Columns(0).DataPropertyName = "UIN" DGVMain.Columns(0).HeaderText = "ID" DGVMain.Columns(1).DataPropertyName = "Name" DGVMain.Columns(1).HeaderText = "Name" DGVMain.Columns(2).DataPropertyName = "" **'here i want my category name** DGVMain.Columns(2).HeaderText = "category" DGVMain.datasource = myDataList DGVMain.refresh() I have tried using mycategory.name but it didn't worked. What can be done to get expected result? Is there any better idea other than this to accomplish the same task? Edited My question as per comment: I have checked the link given by u. It was nice n very usefull. Since the code was in c# i tried to convert it in vb. Everything went good but failed at a point of case sensitive and next one is that i had my nested class name itemcategory and my property name was category. there it arouse the problem. it didn't searched for category but it searched for itemcategory. so confused on it. My Code as follows: Private Sub DGVMain_CellFormatting(ByVal sender As Object, ByVal e As System.Windows.Forms.DataGridViewCellFormattingEventArgs) Handles DGVMain.CellFormatting Dim DGVMain As DataGridView = CType(sender, DataGridView) e.Value = EvaluateValue(DGVMain.Rows(e.RowIndex).DataBoundItem, DGVMain.Columns(e.ColumnIndex).DataPropertyName) End Sub Private Function EvaluateValue(ByRef myObj As Object, ByRef myProp As String) As String Dim Ret As String = "" Dim Props As System.Reflection.PropertyInfo() Dim PropA As System.Reflection.PropertyInfo Dim ObjA As Object If myProp.Contains(".") Then myProp = myProp.Substring(0, myProp.IndexOf(".")) Props = myObj.GetType().GetProperties() For Each PropA In Props ObjA = PropA.GetValue(myObj, New Object() {}) If ObjA.GetType().Name = myProp Then Ret = EvaluateValue(ObjA, myProp.Substring(myProp.IndexOf(".") + 1)) Exit For End If Next Else PropA = myObj.GetType().GetProperty(myProp) Ret = PropA.GetValue(myObj, New Object() {}).ToString() End If Return Ret End Function

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >