Search Results

Search found 52213 results on 2089 pages for 'ipad application'.

Page 341/2089 | < Previous Page | 337 338 339 340 341 342 343 344 345 346 347 348 | Next Page >

How do you take into account usability and user requirements for your application?

- by voroninp

Our team supports BackOffice application: a mix of WinForm and WPF windows. (about 80 including dialogs). Really a kind of a Swiss Army Knife. It is used by developers, tech writers, security developers, testers. The requirements for new features come quite often and sometimes we play Wizard of Oz to decide which GUI our users like the most. And it usually happens (I admit it can be just my subjective interpretation of the reality) that one tiny detail giving the flavor of good usability to our app requires a lot of time. This time is being spent on 'fighting' with GUI framework making it act like we need. And it very difficult to make estimations for this type of tasks (at least for me and most members of our team). Scrum poker is not a help either. Management often considers this usability perfectionism to be a waste of time. On the other hand an accumulated affect of features where each has some little usability flaw frustrates users. But the same users want frequent releases and instant bug fixes. Hence, no way to get the positive feedback: there is always somebody who is snuffy. I constantly feel myself as competing with ourselves: more features - more bugs/tasks/architecture. We are trying to outrun the cart we are pushing. New technologies arrive and some of them can potentially help to improve the design or decrease task implementation time but these technologies require learning, prototyping and so on. Well, that was a story. And now is the question: How do you balance between time pressure, product quality, users and management satisfaction? When and how do you decide to leave the problem with not a perfect but to some extent acceptable solution, how often do you make these decisions? How do you do with your own satisfaction? What are your priorities? P.S. Please keep in mind, we are a BackOffice team, we have neither dedicated technical writer nor GUI designer. The tester have joined us recently. We've much work to do and much freedom concerning 'how'. I like it because it fosters creativity but I don't want to become too nerdy perfectionist.

Read the article
What are different ways to reduce latency between a server and a web application? [closed]

- by jjoensuu

this is a question about a web application that provides SOAP web services. For the sake of this question, this web app is hosted on a server SERVER B which is located in California. We have an automated, scheduled, process running on a server SERVER A, located in New York. This scheduled process is supposed to send SOAP messages to SERVER B every so often, but this process typically dies soon after starting. We have now been told by the vendor that reason why the process dies is because of the latency between SERVER A and SERVER B. The data traffic is routed through many diffent public networks. There is no dedicated line between SERVER A and SERVER B. As a result I have been asked to look into ways to reduce the latency between SERVER A and SERVER B. So I wanted to ask, what are the different ways to reduce latency in a situation like this? For example, would it help to switch from HTTPS to some other secure protocol? (the thought here is that perhaps some other alternative would require fewer handshakes than HTTPS). Or would a VPN help? If a VPN would reduce the latency, how would it do that? NOTE: I am not looking for an explicit answer that would work in my specific situation. I am more like looking just for a simple list of what technologies could be used for this. I will still have to evaluate the technologies and discuss them internally with others, so the list would just be a starting point. Here I am assuming that there exists very few ways to reduce latency between two servers that communicate across public networks using HTTPS. Feel free to correct me if this assumption is wrong and please ask if there is a need for specific information. NOTE 2: A list of technologies is a specific answer to the question I stated in the title. NOTE 3: Its rather dumb to close this question when it is after all about me looking for information and furthermore this information can clearly be useful for others. Anyway luckily there are other sites where I can ask around. StackExchange seems to attached to their own philosophical principles. Many thanks

Read the article
In a GUI based Application in Linux It is working properly in some systems,But segmentation fault (Because of SIGSEGV signal) is coming in others.Why? [closed]

- by Sreejith

The application consists of Driver code,a Source Object file(.so) ,and a Application code to interact with a hardware Card.. The problem comes in a mmap().It reads address from a card. But it is not getting the correct address in some systems.The Error is because of It is receiving a SIGSEGV signal and segmentation fault followed to that.But in some system which having the same version of kernel is not at all facing the problem and working properly. So please any one suggest the Reason and Remedy for this Problem.

Read the article
???TCO?????????!? WebLogic Server vs. JBoss Enterprise Application Platform

- by Tatsuhiro Yamaguchi

WebLogic Server?????????????Java EE??????????·?????JBoss Enterprise Application Platform(EAP)????????????????WebLogic Server?????????JBoss EAP????????????????????????????????????????TCO(??????)???????????...?????????????????????????1?????????????????????????????????TCO?JBoss EAP??WebLogic Server??????????????????????(???) ????????????????????????WebLogic Server??Java????????????? Java EE??????????·???????????WebLogic Server????????????????????·?????????????????????JBoss EAP??JBoss EAP?????????????????????·??????????????????????????????????????????????????????????????????? ????????·?????????????????????????????????1?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? ????????????????Java??????????????????????????Java SE 6?????????????2013?2????????????????????????????????????????? ?????? Java SE 6????????????????(Oracle Technology Network) ???????????????JBoss EAP 5????Java SE 6??????????2013?2??????????????????????????????????????? ?????2012?8????????????JBoss EAP 6????????? ????Java SE 7?????????Java SE 7?????????????2014?7??????????JBoss EAP 6????????????2013??????????????????????????????Java SE 7???????????????1????????????????????????????Java SE 7????????????????????Java SE??????????????????????????????? ???????WebLogic Server??????????????????Java SE???????????????????Java SE 6?2016?12????Java SE 7?????2019?7???????????????????????????????????????????WebLogic Server????????????????????????????????Java SE??????????? JBoss EAP?????????????????Java SE????????????Java SE???????????????????????WebLogic Server??????????????????JBoss EAP?????????????????????????????????? ??????????????????WebLogic Server?????????????????? ??????????????????JBoss EAP?WebLogic Server????????????1????????????????WebLogic Server????????????????????????????????????????????????????????????????? ???JBoss EAP?????????????????????????????????????????????????????????????????????????????????????????WebLogic Server??????????????????????? ?????????????????????????????????????????????WebLogic Server?JBoss EAP?????????????????????????????????????????????????????????????????????????????????????????????????????WebLogic Server?JBoss EAP????????????? ??????????????? 3~6????????WebLogic Server????????????????????????WebLogic Server??? ??????????????????????????????????????????????????? JBoss EAP??2????????????24??365????????????Premium?????(??~??)9?~5????????????Standard??????????????????????????(CPU?????????????16??)???????????6???????????????????? · JBoss EAP Standard · JBoss EAP Premium » ???????:?0 » ???????:?0 » ??????:?85?/1?? » ??????:?125?/1?? » 6?????:?85?×6?=?510? » 6?????:?125?×6=?750? ???WebLogic Server???????????????????????????????/?????????CPU??????(CPU????????)?8???CPU?2?(CPU???=16??)??????????????????????6?????????????? · WebLogic Server Standard Edition » ???????:?216?(?108?×2CPU) » ????:?48?/1??(?24?×2CPU) ?????????22% » 6?????:?216+?48?×6=?504? ????JBoss EAP Standard??Premium?WebLogic Server Standard Edition???????????????????? ???????JBoss EAP Premium???3?????Standard??6????????????? ???????????WebLogic Server Standard Edition?????????????????????JBoss EAP????CPU??????????WebLogic Server Standard Edition?CPU?????????????1CPU????????????????????WebLogic Server Standard Edition????????????? ?????WebLogic Server??Java???????????????????????????????????????JBoss EAP?????????????Java SE????????????????????????WebLogic Server???????? ????WebLogic Server???????????????????????????????????JBoss EAP???????????????????????????????????????WebLogic Server?????????????????????WebLogic Server??????????????·??????????????????? ???2012?9????Oracle Technolorgy Network???????????WebLogic Server???????????????????????????????????????????????????????? ????????????????????????????????JBoss EAP????TCO???????????????????????????????????WebLogic Server????????????????????????????WebLogic Server????????????????????????????????????????????

Read the article
How do I deal with a third party application that has embedded hints that result in a sub-optimal execution plan in my environment?

- by Maria Colgan

I have gotten many variations on this question recently as folks begin to upgrade to Oracle Database 11g and there have been several posts on this blog and on others describing how to use SQL Plan Management (SPM) so that a non-hinted SQL statement can use a plan generated with hints. But what if the hint is supplied in the third party application and is causing performance regressions on your system? You can actually use a very similar technique to the ones shown before but this time capture the un-hinted plan and have the hinted SQL statement use that plan instead. Below is an example that demonstrates the necessary steps. 1. We will begin by running the hinted statement 2. After examining the execution plan we can see it is suboptimal because of a bad join order. 3. In order to use SPM to correct the problem we must create a SQL plan baseline for the statement. In order to create a baseline we will need the SQL_ID for the hinted statement. Easy place to get it is in V$SQL. 4. A SQL plan baseline can be created using a SQL_ID and DBMS_SPM.LOAD_PLANS_FROM_CURSOR_CACHE. This will capture the existing plan for this SQL_ID from the shared pool and store in the SQL plan baseline. 5. We can check the SQL plan baseline got created successfully by querying DBA_SQL_PLAN_BASELINES. 6. When you manually create a SQL plan baseline the first plan added is automatically accepted and enabled. We know that the hinted plan is poorly performing plan so we will disable it using DBMS_SPM.ALTER_SQL_PLAN_BASELINE. Disabling the plan tells the optimizer that this plan not a good plan, however since there is no alternative plan at this point the optimizer will still continue to use this plan until we provide a better one. 7. Now let's run the statement without the hint. 8. Looking at the execution plan we can see that the join order is different. The plan without the hint also has a lower cost (3X lower), which indicates it should perform better. 9. In order to map the un-hinted plan to the hinted SQL statement we need to add the plan to the SQL plan baseline for the hinted statement. We can do this using DBMS_SPM.LOAD_PLANS_FROM_CURSOR_CACHE but we will need the SQL_ID and PLAN_HASH_VALUE for the non-hinted statement, which we can find in V$SQL. 10. Now we can add the non-hinted plan to the SQL plan baseline of the hinted SQL statement using DBMS_SPM.LOAD_PLANS_FROM_CURSOR_CACHE. This time we need to pass a few more arguments. We will use the SQL_ID and PLAN_HASH_VALUE of the non-hinted statement but the SQL_HANDLE of the hinted statement. 11. The SQL plan baseline for our statement now has two plans. But only the newly added plan (SQL_PLAN_gbpcg3f67pc788a6d8911) is enabled and accepted. This tells the Optimizer that this is the plan it should use for this statement. We can confirm that the correct plan (non-hinted) will be selected for the statement from now on by re-executing the hinted statement and checking its execution plan.

Read the article
Deploying an SSL Application to Windows Azure – The Dark Secret

- by ToStringTheory

When working on an application that had been in production for some time, but was about to have a shopping cart added to it, the necessity for SSL certificates came up. When ordering the certificates through the vendor, the certificate signing request (CSR) was generated through the providers (http://register.com) web interface, and within a day, we had our certificate. At first, I thought that the certification process would be the hard part… Little did I know that my fun was just beginning… The Problem I’ll be honest, I had never really secured a site before with SSL. This was a learning experience for me in the first place, but little did I know that I would be learning more than the simple procedure. I understood a bit about SSL already, the mechanisms in how it works – the secure handshake, CA’s, chains, etc… What I didn’t realize was the importance of the CSR in the whole process. Apparently, when the CSR is created, a public key is created at the same time, as well as a private key that is stored locally on the PC that generated the request. When the certificate comes back and you import it back into IIS (assuming you used IIS to generate the CSR), all of the information is combined together and the SSL certificate is added into your store. Since at the time the certificate had been ordered for our site, the selection to use the online interface to generate the CSR was chosen, the certificate came back to us in 5 separate files: A root certificate – (*.crt file) An intermediate certifcate – (*.crt file) Another intermediate certificate – (*.crt file) The SSL certificate for our site – (*.crt file) The private key for our certificate – (*.key file) Well, in case you don’t know much about Windows Azure and SSL certificates, the first thing you should learn is that certificates can only be uploaded to Azure if they are in a PFX package – securable by a password. Also, in the case of our SSL certificate, you need to include the Private Key with the file. As you can see, we didn’t have a PFX file to upload. If you don’t get the simple PFX from your hosting provider, but rather the multiple files, you will soon find out that the process has turned from something that should be simple – to one that borders on a circle of hell… Probably between the fifth and seventh somewhere… The Solution The solution is to take the files that make up the certificates chain and key, and combine them into a file that can be imported into your local computers store, as well as uploaded to Windows Azure. I can not take the credit for this information, as I simply researched a while before finding out how to do this. Download the OpenSSL for Windows toolkit (Win32 OpenSSL v1.0.1c) Install the OpenSSL for Windows toolkit Download and move all of your certificate files to an easily accessible location (you'll be pointing to them in the command prompt, so I put them in a subdirectory of the OpenSSL installation) Open a command prompt Navigate to the folder where you installed OpenSSL Run the following command: openssl pkcs12 -export –out {outcert.pfx} –inkey {keyfile.key} –in {sslcert.crt} –certfile {ca1.crt} –certfile (ca2.crt) From this command, you will get a file, outcert.pfx, with the sum total of your ssl certificate (sslcert.crt), private key {keyfile.key}, and as many CA/chain files as you need {ca1.crt, ca2.crt}. Taking this file, you can then import it into your own IIS in one operation, instead of importing each certificate individually. You can also upload the PFX to Azure, and once you add the SSL certificate links to the cloud project in Visual Studio, your good to go! Conclusion When I first looked around for a solution to this problem, there were not many places online that had the information that I was looking for. While what I ended up having to do may seem obvious, it isn’t for everyone, and I hope that this can at least help one developer out there solve the problem without hours of work!

Read the article
I am trying to create an windows application watcher? [migrated]

- by Broken_Code

I recently started coding in c #(in may this year) and well I find it best to learn by working with code. this application http://www.c-sharpcorner.com/UploadFile/satisharveti/ActiveApplicationWatcher01252007024921AM/ActiveApplicationWatcher.aspx. I am trying to recreate it however mine will be saving the information into an sql database(new at this as well). I am having some coding problems though as it does not do what I expect it to do. THis is the main code I am using. private void GetTotalTimer() { DateTime now = DateTime.Now; IntPtr hwnd = APIFunc.getforegroundWindow(); Int32 pid = APIFunc.GetWindowProcessID(hwnd); Process p = Process.GetProcessById(pid); appName = p.ProcessName; const int nChars = 256; int handle = 0; StringBuilder Buff = new StringBuilder(nChars); handle = GetForegroundWindow(); appltitle = APIFunc.ActiveApplTitle().Trim().Replace("\0", ""); //if (GetWindowText(handle, Buff, nChars) > 0) //{ // string strbuff = Buff.ToString(); // StrWindow = strbuff; #region insert statement try { if (Conn.State == ConnectionState.Closed) { Conn.Open(); } if (Conn.State == ConnectionState.Open) { SqlCommand com = new SqlCommand("Select top 1 [Window Title] From TimerLogs ORDER BY [Time of Event] DESC", Conn); SqlDataReader reader = com.ExecuteReader(); startTime = DateTime.Now; string time = now.ToString(); if (!reader.HasRows) { reader.Close(); cmd = new SqlCommand("insert into [TimerLogs] values(@time,@appName,@appltitle,@Elapsed_Time,@userName)", Conn); cmd.Parameters.AddWithValue("@time", time); cmd.Parameters.AddWithValue("@appName", appName); cmd.Parameters.AddWithValue("@appltitle", appltitle); cmd.Parameters.AddWithValue("@Elapsed_Time", blank.ToString()); cmd.Parameters.AddWithValue("@userName", userName); cmd.ExecuteNonQuery(); Conn.Close(); } else if(reader.HasRows) { reader.Read(); if (appltitle != reader.ToString()) { reader.Close(); endTime = DateTime.Now; appduration = endTime.Subtract(startTime); cmd = new SqlCommand("insert into [TimerLogs] values (@time,@appName,@appltitle,@Elapsed_Time,@userName)", Conn); cmd.Parameters.AddWithValue("@time", time); cmd.Parameters.AddWithValue("@appName", appName); cmd.Parameters.AddWithValue("@appltitle", appltitle); cmd.Parameters.AddWithValue("@Elapsed_Time", appduration.ToString()); cmd.Parameters.AddWithValue("@userName", userName); cmd.ExecuteNonQuery(); reader.Close(); Conn.Close(); } } } } catch (Exception) { } //} #endregion ActivityTimer.Start(); Processing = "Working"; } Unfortunately this is the result. it is not saving the data as I expect it to. What am i doing wrong I had thought that with the sql reader it would first check for a value and only save if they do not match however it is saving whether there is a match or not.

Read the article
<msbuild/> task fails while <devenv/> succeeds for MFC application in CruiseControl.NET?

- by ee

The Overview I am working on a Continuous Integration build of a MFC appliction via CruiseControl.net and VS2010. When building my .sln, a "Visual Studio" CCNet task (<devenv/>) works, but a simple MSBuild wrapper script (see below) run via the CCNet <msbuild/> task fails with errors like: error RC1015: cannot open include file 'winres.h'.. error C1083: Cannot open include file: 'afxwin.h': No such file or directory error C1083: Cannot open include file: 'afx.h': No such file or directory The Question How can I adjust the build environment of my msbuild wrapper so that the application builds correctly? (Pretty clearly the MFC paths aren't right for the msbuild environment, but how do i fix it for MSBuild+VS2010+MFC+CCNet?) Background Details We have successfully upgraded an MFC application (.exe with some MFC extension .dlls) to Visual Studio 2010 and can compile the application without issue on developer machines. Now I am working on compiling the application on the CI server environment I did a full installation of VS2010 (Professional) on the build server. In this way, I knew everything I needed would be on the machine (one way or another) and that this would be consistent with developer machines. VS2010 is correctly installed on the CI server, and the devenv task works as expected I now have a wrapper MSBuild script that does some extended version processing and then builds the .sln for the application via an MSBuild task. This wrapper script is run via CCNet's MSBuild task and fails with the above mentioned errors The Simple MSBuild Wrapper <?xml version="1.0" encoding="utf-8"?> <Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003"> <Target Name="Build">  <MSBuild Projects="target.sln" Properties="Configuration=ReleaseUnicode;Platform=Any CPU;..." /> </Target> </Project> My Assumptions This seems to be a missing/wrong configuration of include paths to standard header resources of the MFC persuasion I should be able to coerce the MSBuild environment to consider the relevant resource files from my VS2010 install and have this approach work. Given the vs2010 msbuild support for visual c++ projects (.vcxproj), shouldn't msbuilding a solution be pretty close to compiling via visual studio? But how do I do that? Am I setting Environment variables? Registry settings? I can see how one can inject additional directories in some cases, but this seems to need a more systemic configuration at the compiler defaults level. Update 1 This appears to only ever happen in two cases: resource compilation (rc.exe), and precompiled header (stdafx.h) compilation, and only for certain projects? I was thinking it was across the board, but indeed it appears only to be in these cases. I guess I will keep digging and hope someone has some insight they would be willing to share...

Read the article
Optimized .htaccess???

- by StackOverflowNewbie

I'd appreciate some feedback on the compression and caching configuration below. Trying to come up with a general purpose, optimized compression and caching configuration. If possible: Note your PageSpeed and YSlow grades Add configuration to your .htaccess Clear your cache Note your PageSpeed and YSlow grades to see if there are any improvements (or degradations) NOTE: Make sure you have appropriate modules loaded. Any feedback is much appreciated. Thanks. # JavaScript MIME type issues: # 1. Apache uses "application/javascript": http://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x/conf/mime.types # 2. IIS uses "application/x-javascript": http://technet.microsoft.com/en-us/library/bb742440.aspx # 3. SVG specification says it is text/ecmascript: http://www.w3.org/TR/2001/REC-SVG-20010904/script.html#ScriptElement # 4. HTML specification says it is text/javascript: http://www.w3.org/TR/1999/REC-html401-19991224/interact/scripts.html#h-18.2.2.2 # 5. "text/ecmascript" and "text/javascript" are considered obsolete: http://www.rfc-editor.org/rfc/rfc4329.txt #------------------------------------------------------------------------------- # Compression #------------------------------------------------------------------------------- <IfModule mod_deflate.c> AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/atom+xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/xml # The following MIME types are in the process of registration AddOutputFilterByType DEFLATE application/xslt+xml AddOutputFilterByType DEFLATE image/svg+xml # The following MIME types are NOT registered AddOutputFilterByType DEFLATE application/mathml+xml AddOutputFilterByType DEFLATE application/rss+xml # Deal with JavaScript MIME type issues AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE text/ecmascript AddOutputFilterByType DEFLATE text/javascript </IfModule> #------------------------------------------------------------------------------- # Expires header #------------------------------------------------------------------------------- <IfModule mod_expires.c> # 1. Set Expires to a minimum of 1 month, and preferably up to 1 year, in the future # (but not more than 1 year as that would violate the RFC guidelines) # 2. Use "Expires" over "Cache-Control: max-age" because it is more widely accepted ExpiresActive on ExpiresByType application/pdf "access plus 1 year" ExpiresByType application/x-shockwave-flash "access plus 1 year" ExpiresByType image/bmp "access plus 1 year" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType image/tiff "access plus 1 year" ExpiresByType image/x-icon "access plus 1 year" ExpiresByType text/css "access plus 1 year" ExpiresByType video/x-flv "access plus 1 year" # Deal with JavaScript MIME type issues ExpiresByType application/javascript "access plus 1 year" ExpiresByType application/x-javascript "access plus 1 year" ExpiresByType text/ecmascript "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" # Probably better to explicitly declare MIME types than to have a blanket rule for expiration # Uncomment below if you disagree #ExpiresDefault "access plus 1 year" </IfModule> #------------------------------------------------------------------------------- # Caching #------------------------------------------------------------------------------- <IfModule mod_headers.c> <FilesMatch "\.(bmp|css|flv|gif|ico|jpg|jpeg|js|pdf|png|svg|swf|tif|tiff)$"> Header add Cache-Control "public" Header unset ETag Header unset Last-Modified FileETag none </FilesMatch> </IfModule>

Read the article
Android: How to properly exit application when inconsistent condition is unavoidable?

- by Bevor

First of all I already read about all this discussion that it isn't a good idea to manually exit an Android application. But in my case it seems to be needed. I have an AsyncTask which does a lof of operations in background. That means downloading data, saving it to local storage and preparing it for usage in application. It could happen that there is no internet connection or something different happens. For all that cases I have an Exception handling which returns the result. And if there is an exception, the application is unusable so I need to exit it. My question is, do I have to do some unregistration unloading or unbinding tasks or something when I exit the application by code or is System.exit(0) ok? I do all this in an AsyncTask, see my example: public class InitializationTask extends AsyncTask<Void, Void, InitializationResult> { private ProcessController processController = new ProcessController(); private ProgressDialog progressDialog; private Activity mainActivity; public InitializationTask(Activity mainActivity) { this.mainActivity = mainActivity; } @Override protected void onPreExecute() { super.onPreExecute(); progressDialog = new ProgressDialog(mainActivity); progressDialog.setMessage("Die Daten werden aufbereitet.\nBitte warten..."); progressDialog.setIndeterminate(true); //means that the "loading amount" is not measured. progressDialog.setCancelable(false); progressDialog.show(); }; @Override protected InitializationResult doInBackground(Void... params) { return processController.initializeData(); } @Override protected void onPostExecute(InitializationResult result) { super.onPostExecute(result); progressDialog.dismiss(); if (!result.isValid()) { AlertDialog.Builder dialog = new AlertDialog.Builder(mainActivity); dialog.setTitle("Initialisierungsfehler"); dialog.setMessage(result.getReason()); dialog.setPositiveButton("Ok", new DialogInterface.OnClickListener() { @Override public void onClick(DialogInterface dialog, int which) { dialog.cancel(); //TODO cancel application System.exit(0); } }); dialog.show(); } } }

Read the article
Is it possible to make this Flex/Flash application safe?

- by Frank

I'm back with another Flex/Flash security question. I've already received some help from the community on this topic, but I'm still not quite sure this is the best way to do. Here's the thing. A flex web app, a lot of users (1000+), custom configuration of the application depending of the user group. Can I make this thing safe... or safer. For the moment, when a user comes to the application, there is only one configuration possible, but for the next version we've implented a multi-configuration protocol, this way : 1. The user connect to Default.aspx, server code process the windows credentials (whe are on intranet) and give the correct xml configuration file. 2. The flex app loads with the xml conf file as a flashvar and then the app 'builds' itself with the content of the xml file. As we know, since this is a flex application the swf is downloaded on the client computer and the xml file too. If more than one user connects to the app, from the same computer, the can possibly see the other xml file in the windows temp folder. The current directory of the application looks that way : Web site |-> default.aspx |-> index.swf |-> configAdmin.xml |-> configUserType1.xml |-> configUserType2.xml |-> com |-> a lot of swf and xml files I was first thinking making another directory (without read access for the client) containing all the configurations xml files, picking the right one, copying it to the client and deleting it afterwards. But it seems like I must let know the user know when downloading/deleting content on it's computer... I'm running out of ideas, so I hope you have some great ones. It's there are some design flaws (in the way the app is build, not in Flash :p) please share. I'm always looking forward to improve. Thanks Update : In browser Flash/Flex (without AIR that is) doesn't allow deleting file localy silently (on the client computer, where the application is). It's also not yet possible to get session data.

Read the article
Windows Phone 7 development: first impressions

- by DigiMortal

After hard week in work I got some free time to play with Windows Phone 7 CTP developer tools. Although my first test application is still unfinished I think it is good moment to share my first experiences to you. In this posting I will give you quick overview of Windows Phone 7 developer tools from developer perspective. If you are familiar with Visual Studio 2010 then you will feel comfortable because Windows Phone 7 CTP developer tools base on Visual Studio 2010 Express. Project templates There are five project templates available. Three of them are based on Silverlight and two on XNA Game Studio: Windows Phone Application (Silverlight) Windows Phone List Application (Silverlight) Windows Phone Class Library (Silverlight) Windows Phone Game (XNA Game Studio) Windows Phone Game Library (XNA Game Studio) Currently I am writing to test applications. One of them is based on Windows Phone Application and the other on Windows Phone List Application project template. After creating these projects you see the following views in Visual Studio. Windows Phone Application. Click on image to enlarge. Windows Phone List Application. Click on image to enlarge. I suggest you to use some of these templates to get started more easily. Windows Phone 7 emulator You can run your Windows Phone 7 applications on Windows Phone 7 emulator that comes with developer tools CTP. If you run your application then emulator is started automatically and you can try out how your application works in phone-like emulator. You can see screenshot of emulator on right. Currently there is opened Windows Phone List Application as it is created by default. Click on image to enlarge it. Emulator is a little bit slow and uncomfortable but it works pretty well. This far I have caused only couple of crashes during my experiments. In these cases emulator works but Visual Studio gets stuck because it cannot communicate with emulator. One important note. Emulator is based on virtual machine although you can see only phone screen and options toolbar. If you want to run emulator you must close all virtual machines running on your machine and run Visual Studio 2010 as administrator. Once you run emulator you can keep it open because you can stop your application in Visual Studio, modify, compile and re-deploy it without restarting emulator. Designing user interfaces You can design user interface of your application in Visual Studio. When you open XAML-files it is displayed in window with two panels. Left panel shows you device screen and works as visual design environment while right panel shows you XAML mark-up and let’s you modify XML if you need it. As it is one of my very first Silverlight applications I felt more comfortable with XAML editor because property names in property boxes of visual designer confused me a little bit. Designer panel is not very good because it is visually hard to follow. It has black background that makes dark borders of controls very hard to see. If you have monitor with very high contrast then it is may be not a real problem. I have usual monitor and I have problem. :) Putting controls on design surface, dragging and resizing them is also pretty painful. Some controls are drawn correctly but for some controls you have to set width and height in XML so they can be resized. After some practicing it is not so annoying anymore. On the right you can see toolbox with some controllers. This is all you get out of the box. But it is sufficient to get started. After getting some experiences you can create your own controls or use existing ones from other vendors or developers. If it is your first time to do stuff with Silverlight then keep Google open – you need it hard. After getting over the first shock you get the point very quickly and start developing at normal speed. :) Writing source code Writing source code is the most familiar part of this action. Good old Visual Studio code editor with all nice features it has. But here you get also some surprises: The anatomy of Silverlight controls is a little bit different than the one of user controls in web and forms projects. Windows Phone 7 doesn’t run on full version of Windows (I bet it is some version of Windows CE or something like this) then there is less system classes you can use. Some familiar classes have less methods that in full version of .NET Framework and in these cases you have to write all the code by yourself or find libraries or source code from somewhere. These problems are really not so much problems than limitations and you get easily over them. Conclusion Windows Phone 7 CTP developer tools help you do a lot of things on Windows Phone 7. Although I expected better performance from tools I think that current performance is not a problem. This far my first test project is going very well and Google has answer for almost every question. Windows Phone 7 is mobile device and therefore it has less hardware resources than desktop computers. This is why toolset is so limited. The more you need memory the more slower is device and as you may guess it needs the more battery. If you are writing apps for mobile devices then make your best to get your application use as few resources as possible and act as fast as possible.

Read the article
Using Oracle Proxy Authentication with JPA (eclipselink-Style)

- by olaf.heimburger

Security is a very intriguing topic. You will find it everywhere and you need to implement it everywhere. Yes, you need. Unfortunately, one can easily forget it while implementing the last mile. The Last Mile In a multi-tier application it is a common practice to use connection pools between the business layer and the database layer. Connection pools are quite useful to speed database connection creation and to split the load. Another very common practice is to use a specific, often called technical, user to connect to the database. This user has authentication and authorization rules that apply to all application users. Imagine you've put every effort to define roles for different types of users that use your application. These roles are necessary to differentiate between normal users, premium users, and administrators (I bet you will find or already have more roles in your application). While these user roles are pretty well used within your application, once the flow of execution enters the database everything is gone. Each and every user just has one role and is the same database user. Issues? What Issues? As long as things go well, this is not a real issue. However, things do not go well all the time. Once your application becomes famous performance decreases in certain situations or, more importantly, current and upcoming regulations and laws require that your application must be able to apply different security measures on a per user role basis at every stage of your application. If you only have a bunch of users with the same name and role you are not able to find the application usage profile that causes the performance issue, or which user has accessed data that he/she is not allowed to. Another thread to your role concept is that databases tend to be used by different applications and tools. These tools can be developer tools like SQL*Plus, SQL Developer, etc. or end user applications like BI Publisher, Oracle Forms and so on. These tools have no idea of your applications role concept and access the database the way they think is appropriate. A big oversight for your perfect role model and a big nightmare for your Chief Security Officer. Speaking of the CSO, brings up another issue: Password management. Once your technical user account is compromised, every user is able to do things that he/she is not expected to do from the design of your application. Counter Measures In the Oracle world a common counter measure is to use Virtual Private Database (VPD). This restricts the values a database user can see to the allowed minimum. However, it doesn't help in regard of a connection pool user, because this one is still not the real user. Oracle Proxy Authentication Another feature of the Oracle database is Proxy Authentication. First introduced with version 9i it is a quite useful feature for nearly every situation. The main idea behind Proxy Authentication is, to create a crippled database user who has only connect rights. Even if this user is compromised the risks are well understood and fairly limited. This user can be used in every situation in which you need to connect to the database, no matter which tool or application (see above) you use.The proxy user is perfect for multi-tier connection pools. CREATE USER app_user IDENTIFIED BY abcd1234; GRANT CREATE SESSION TO app_user; But what if you need to access real data? Well, this is the primary use case, isn't it? Now is the time to bring the application's role concept into play. You define database roles that define the grants for your identified user groups. Once you have these groups you grant access through the proxy user with the application role to the specific user. CREATE ROLE app_role_a; GRANT app_role_a TO scott; ALTER USER scott GRANT CONNECT THROUGH app_user WITH ROLE app_role_a; Now, hr has permission to connect to the database through the proxy user. Through the role you can restrict the hr's rights the are needed for the application only. If hr connects to the database directly all assigned role and permissions apply. Testing the Setup To test the setup you can use SQL*Plus and connect to your database: $ sqlplus app_user[hr]/abcd1234 Java Persistence API The Java Persistence API (JPA) is a fairly easy means to build applications that retrieve data from the database and put it into Java objects. You use plain old Java objects (POJOs) and mixin some Java annotations that define how the attributes of the object are used for storing data from the database into the Java object. Here is a sample for objects from the HR sample schema EMPLOYEES table. When using Java annotations you only specify what can not be deduced from the code. If your Java class name is Employee but the table name is EMPLOYEES, you need to specify the table name, otherwise it will fail. package demo.proxy.ejb; import java.io.Serializable; import java.sql.Timestamp; import java.util.List; import javax.persistence.Column; import javax.persistence.Entity; import javax.persistence.Id; import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; import javax.persistence.OneToMany; import javax.persistence.Table; @Entity @NamedQueries({ @NamedQuery(name = "Employee.findAll", query = "select o from Employee o") }) @Table(name = "EMPLOYEES") public class Employee implements Serializable { @Column(name="COMMISSION_PCT") private Double commissionPct; @Column(name="DEPARTMENT_ID") private Long departmentId; @Column(nullable = false, unique = true, length = 25) private String email; @Id @Column(name="EMPLOYEE_ID", nullable = false) private Long employeeId; @Column(name="FIRST_NAME", length = 20) private String firstName; @Column(name="HIRE_DATE", nullable = false) private Timestamp hireDate; @Column(name="JOB_ID", nullable = false, length = 10) private String jobId; @Column(name="LAST_NAME", nullable = false, length = 25) private String lastName; @Column(name="PHONE_NUMBER", length = 20) private String phoneNumber; private Double salary; @ManyToOne @JoinColumn(name = "MANAGER_ID") private Employee employee; @OneToMany(mappedBy = "employee") private List employeeList; public Employee() { } public Employee(Double commissionPct, Long departmentId, String email, Long employeeId, String firstName, Timestamp hireDate, String jobId, String lastName, Employee employee, String phoneNumber, Double salary) { this.commissionPct = commissionPct; this.departmentId = departmentId; this.email = email; this.employeeId = employeeId; this.firstName = firstName; this.hireDate = hireDate; this.jobId = jobId; this.lastName = lastName; this.employee = employee; this.phoneNumber = phoneNumber; this.salary = salary; } public Double getCommissionPct() { return commissionPct; } public void setCommissionPct(Double commissionPct) { this.commissionPct = commissionPct; } public Long getDepartmentId() { return departmentId; } public void setDepartmentId(Long departmentId) { this.departmentId = departmentId; } public String getEmail() { return email; } public void setEmail(String email) { this.email = email; } public Long getEmployeeId() { return employeeId; } public void setEmployeeId(Long employeeId) { this.employeeId = employeeId; } public String getFirstName() { return firstName; } public void setFirstName(String firstName) { this.firstName = firstName; } public Timestamp getHireDate() { return hireDate; } public void setHireDate(Timestamp hireDate) { this.hireDate = hireDate; } public String getJobId() { return jobId; } public void setJobId(String jobId) { this.jobId = jobId; } public String getLastName() { return lastName; } public void setLastName(String lastName) { this.lastName = lastName; } public String getPhoneNumber() { return phoneNumber; } public void setPhoneNumber(String phoneNumber) { this.phoneNumber = phoneNumber; } public Double getSalary() { return salary; } public void setSalary(Double salary) { this.salary = salary; } public Employee getEmployee() { return employee; } public void setEmployee(Employee employee) { this.employee = employee; } public List getEmployeeList() { return employeeList; } public void setEmployeeList(List employeeList) { this.employeeList = employeeList; } public Employee addEmployee(Employee employee) { getEmployeeList().add(employee); employee.setEmployee(this); return employee; } public Employee removeEmployee(Employee employee) { getEmployeeList().remove(employee); employee.setEmployee(null); return employee; } } JPA could be used in standalone applications and Java EE containers. In both worlds you normally create a Facade to retrieve or store the values of the Entities to or from the database. The Facade does this via an EntityManager which will be injected by the Java EE container. Here is sample Facade Session Bean for a Java EE container. package demo.proxy.ejb; import java.util.HashMap; import java.util.List; import javax.ejb.Local; import javax.ejb.Remote; import javax.ejb.Stateless; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import javax.persistence.Query; import javax.interceptor.AroundInvoke; import javax.interceptor.InvocationContext; import oracle.jdbc.driver.OracleConnection; import org.eclipse.persistence.config.EntityManagerProperties; import org.eclipse.persistence.internal.jpa.EntityManagerImpl; @Stateless(name = "DataFacade", mappedName = "ProxyUser-TestEJB-DataFacade") @Remote @Local public class DataFacadeBean implements DataFacade, DataFacadeLocal { @PersistenceContext(unitName = "TestEJB") private EntityManager em; private String username; public Object queryByRange(String jpqlStmt, int firstResult, int maxResults) { // setSessionUser(); Query query = em.createQuery(jpqlStmt); if (firstResult 0) { query = query.setFirstResult(firstResult); } if (maxResults 0) { query = query.setMaxResults(maxResults); } return query.getResultList(); } public Employee persistEmployee(Employee employee) { // setSessionUser(); em.persist(employee); return employee; } public Employee mergeEmployee(Employee employee) { // setSessionUser(); return em.merge(employee); } public void removeEmployee(Employee employee) { // setSessionUser(); employee = em.find(Employee.class, employee.getEmployeeId()); em.remove(employee); } /** select o from Employee o */ public List getEmployeeFindAll() { Query q = em.createNamedQuery("Employee.findAll"); return q.getResultList(); } Putting Both Together To use Proxy Authentication with JPA and within a Java EE container you have to take care of the additional requirements: Use an OCI JDBC driver Provide the user name that connects through the proxy user Use an OCI JDBC driver To use the OCI JDBC driver you need to set up your JDBC data source file to use the correct JDBC URL. hr jdbc:oracle:oci8:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=localhost)(PORT=1521))(CONNECT_DATA=(SID=XE))) oracle.jdbc.OracleDriver user app_user 62C32F70E98297522AD97E15439FAC0E SQL SELECT 1 FROM DUAL jdbc/hrDS Application Additionally you need to make sure that the version of the shared libraries of the OCI driver match the version of the JDBC driver in your Java EE container or Java application and are within your PATH (on Windows) or LD_LIBRARY_PATH (on most Unix-based systems). Installing the Oracle Database Instance Client software works perfectly. Provide the user name that connects through the proxy user This part needs some modification of your application software and session facade. Session Facade Changes In the Session Facade we must ensure that every call that goes through the EntityManager must be prepared correctly and uniquely assigned to this session. The second is really important, as the EntityManager works with a connection pool and can not guarantee that we set the proxy user on the connection that will be used for the database activities. To avoid changing every method call of the Session Facade we provide a method to set the username of the user that connects through the proxy user. This method needs to be called by the Facade client bfore doing anything else. public void setUsername(String name) { username = name; } Next we provide a means to instruct the TopLink EntityManager Delegate to use Oracle Proxy Authentication. (I love small helper methods to hide the nitty-gritty details and avoid repeating myself.) private void setSessionUser() { setSessionUser(username); } private void setSessionUser(String user) { if (user != null && !user.isEmpty()) { EntityManagerImpl emDelegate = ((EntityManagerImpl)em.getDelegate()); emDelegate.setProperty(EntityManagerProperties.ORACLE_PROXY_TYPE, OracleConnection.PROXYTYPE_USER_NAME); emDelegate.setProperty(OracleConnection.PROXY_USER_NAME, user); emDelegate.setProperty(EntityManagerProperties.EXCLUSIVE_CONNECTION_MODE, "Always"); } } The final step is use the EJB 3.0 AroundInvoke interceptor. This interceptor will be called around every method invocation. We therefore check whether the Facade methods will be called or not. If so, we set the user for proxy authentication and the normal method flow continues. @AroundInvoke public Object proxyInterceptor(InvocationContext invocationCtx) throws Exception { if (invocationCtx.getTarget() instanceof DataFacadeBean) { setSessionUser(); } return invocationCtx.proceed(); } Benefits Using Oracle Proxy Authentification has a number of additional benefits appart from implementing the role model of your application: Fine grained access control for temporary users of the account, without compromising the original password. Enabling database auditing and logging. Better identification of performance bottlenecks. References Effective Oracle Database 10g Security by Design, David Knox TopLink Developer's Guide, Chapter 98

Read the article
Composing Silverlight Applications With MEF

- by PeterTweed

Anyone who has written an application with complexity enough to warrant multiple controls on multiple pages/forms should understand the benefit of composite application development. That is defining your application architecture that can be separated into separate pieces each with it’s own distinct purpose that can then be “composed” together into the solution. Composition can be useful in any layer of the application, from the presentation layer, the business layer, common services or data access. Historically people have had different options to achieve composing applications from distinct well known pieces – their own version of dependency injection, containers to aid with composition like Unity, the composite application guidance for WPF and Silverlight and before that the composite application block. Microsoft has been working on another mechanism to aid composition and extension of applications for some time now – the Managed Extensibility Framework or MEF for short. With Silverlight 4 it is part of the Silverlight environment. MEF allows a much simplified mechanism for composition and extensibility compared to other mechanisms – which has always been the primary issue for adoption of the earlier mechanisms/frameworks. This post will guide you through the simple use of MEF for the scenario of composition of an application – using exports, imports and composition. Steps: 1. Create a new Silverlight 4 application. 2. Add references to the following assemblies: System.ComponentModel.Composition.dll System.ComponentModel.Composition.Initialization.dll 3. Add a new user control called LeftControl. 4. Replace the LayoutRoot Grid with the following xaml: <Grid x:Name="LayoutRoot" Background="Beige" Margin="40" > <Button Content="Left Content" Margin="30"></Button> </Grid> 5. Add the following statement to the top of the LeftControl.xaml.cs file using System.ComponentModel.Composition; 6. Add the following attribute to the LeftControl class [Export(typeof(LeftControl))] This attribute tells MEF that the type LeftControl will be exported – i.e. made available for other applications to import and compose into the application. 7. Add a new user control called RightControl. 8. Replace the LayoutRoot Grid with the following xaml: <Grid x:Name="LayoutRoot" Background="Green" Margin="40" > <TextBlock Margin="40" Foreground="White" Text="Right Control" FontSize="16" VerticalAlignment="Center" HorizontalAlignment="Center" ></TextBlock> </Grid> 9. Add the following statement to the top of the RightControl.xaml.cs file using System.ComponentModel.Composition; 10. Add the following attribute to the RightControl class [Export(typeof(RightControl))] 11. Add the following xaml to the LayoutRoot Grid in MainPage.xaml: <StackPanel Orientation="Horizontal" HorizontalAlignment="Center"> <Border Name="LeftContent" Background="Red" BorderBrush="Gray" CornerRadius="20"></Border> <Border Name="RightContent" Background="Red" BorderBrush="Gray" CornerRadius="20"></Border> </StackPanel> The borders will hold the controls that will be imported and composed via MEF. 12. Add the following statement to the top of the MainPage.xaml.cs file using System.ComponentModel.Composition; 13. Add the following properties to the MainPage class: [Import(typeof(LeftControl))] public LeftControl LeftUserControl { get; set; } [Import(typeof(RightControl))] public RightControl RightUserControl { get; set; } This defines properties accepting LeftControl and RightControl types. The attrributes are used to tell MEF the discovered type that should be applied to the property when composition occurs. 14. Replace the MainPage constructore with the following code: public MainPage() { InitializeComponent(); CompositionInitializer.SatisfyImports(this); LeftContent.Child = LeftUserControl; RightContent.Child = RightUserControl; } The CompositionInitializer.SatisfyImports(this) function call tells MEF to discover types related to the declared imports for this object (the MainPage object). At that point, types matching those specified in the import defintions are discovered in the executing assembly location of the application and instantiated and assigned to the matching properties of the current object. 15. Run the application and you will see the left control and right control types displayed in the MainPage: Congratulations! You have used MEF to dynamically compose user controls into a parent control in a composite application model. In the next post we will build on this topic to cover using MEF to compose Silverlight applications dynamically in download on demand scenarios – so .xap packages can be downloaded only when needed, avoiding large initial download for the main application xap. Take the Slalom Challenge at www.slalomchallenge.com!

Read the article
Scripting custom drawing in Delphi application with IF/THEN/ELSE statements?

- by Jerry Dodge

I'm building a Delphi application which displays a blueprint of a building, including doors, windows, wiring, lighting, outlets, switches, etc. I have implemented a very lightweight script of my own to call drawing commands to the canvas, which is loaded from a database. For example, one command is ELP 1110,1110,1290,1290,3,8388608 which draws an ellipse, parameters are 1110x1110 to 1290x1290 with pen width of 3 and the color 8388608 converted from an integer to a TColor. What I'm now doing is implementing objects with common drawing routines, and I'd like to use my scripting engine, but this calls for IF/THEN/ELSE statements and such. For example, when I'm drawing a light, if the light is turned on, I'd like to draw it yellow, but if it's off, I'd like to draw it gray. My current scripting engine has no recognition of such statements. It just accepts simple drawing commands which correspond with TCanvas methods. Here's the procedure I've developed (incomplete) for executing a drawing command on a canvas: function DrawCommand(const Cmd: String; var Canvas: TCanvas): Boolean; type TSingleArray = array of Single; var Br: TBrush; Pn: TPen; X: Integer; P: Integer; L: String; Inst: String; T: String; Nums: TSingleArray; begin Result:= False; Br:= Canvas.Brush; Pn:= Canvas.Pen; if Assigned(Canvas) then begin if Length(Cmd) > 5 then begin L:= UpperCase(Cmd); if Pos(' ', L)> 0 then begin Inst:= Copy(L, 1, Pos(' ', L) - 1); Delete(L, 1, Pos(' ', L)); L:= L + ','; SetLength(Nums, 0); X:= 0; while Pos(',', L) > 0 do begin P:= Pos(',', L); T:= Copy(L, 1, P - 1); Delete(L, 1, P); SetLength(Nums, X + 1); Nums[X]:= StrToFloatDef(T, 0); Inc(X); end; Br.Style:= bsClear; Pn.Style:= psSolid; Pn.Color:= clBlack; if Inst = 'LIN' then begin Pn.Width:= Trunc(Nums[4]); if Length(Nums) > 5 then begin Br.Style:= bsSolid; Br.Color:= Trunc(Nums[5]); end; Canvas.MoveTo(Trunc(Nums[0]), Trunc(Nums[1])); Canvas.LineTo(Trunc(Nums[2]), Trunc(Nums[3])); Result:= True; end else if Inst = 'ELP' then begin Pn.Width:= Trunc(Nums[4]); if Length(Nums) > 5 then begin Br.Style:= bsSolid; Br.Color:= Trunc(Nums[5]); end; Canvas.Ellipse(Trunc(Nums[0]),Trunc(Nums[1]),Trunc(Nums[2]),Trunc(Nums[3])); Result:= True; end else if Inst = 'ARC' then begin Pn.Width:= Trunc(Nums[8]); Canvas.Arc(Trunc(Nums[0]),Trunc(Nums[1]),Trunc(Nums[2]),Trunc(Nums[3]), Trunc(Nums[4]),Trunc(Nums[5]),Trunc(Nums[6]),Trunc(Nums[7])); Result:= True; end else if Inst = 'TXT' then begin Canvas.Font.Size:= Trunc(Nums[2]); Br.Style:= bsClear; Pn.Style:= psSolid; T:= Cmd; Delete(T, 1, Pos(' ', T)); Delete(T, 1, Pos(',', T)); Delete(T, 1, Pos(',', T)); Delete(T, 1, Pos(',', T)); Canvas.TextOut(Trunc(Nums[0]), Trunc(Nums[1]), T); Result:= True; end; end else begin //No space found, not a valid command end; end; end; end; What I'd like to know is what's a good lightweight third-party scripting engine I could use to accomplish this? I would hate to implement parsing of IF, THEN, ELSE, END, IFELSE, IFEND, and all those necessary commands. I need simply the ability to tell the scripting engine if certain properties meet certain conditions, it needs to draw the object a certain way. The light example above is only one scenario, but the same solution needs to also be applicable to other scenarios, such as a door being open or closed, locked or unlocked, and draw it a different way accordingly. This needs to be implemented in the object script drawing level. I can't hard-code any of these scripting/drawing rules, the drawing needs to be controlled based on the current state of the object, and I may also wish to draw a light a certain shade or darkness depending on how dimmed the light is.

Read the article
Access Control Service v2: Registering Web Identities in your Applications [concepts]

- by Your DisplayName here!

ACS v2 support two fundamental types of client identities– I like to call them “enterprise identities” (WS-*) and “web identities” (Google, LiveID, OpenId in general…). I also see two different “mind sets” when it comes to application design using the above identity types: Enterprise identities – often the fact that a client can present a token from a trusted identity provider means he is a legitimate user of the application. Trust relationships and authorization details have been negotiated out of band (often on paper). Web identities – the fact that a user can authenticate with Google et al does not necessarily mean he is a legitimate (or registered) user of an application. Typically additional steps are necessary (like filling out a form, email confirmation etc). Sometimes also a mixture of both approaches exist, for the sake of this post, I will focus on the web identity case. I got a number of questions how to implement the web identity scenario and after some conversations it turns out it is the old authentication vs. authorization problem that gets in the way. Many people use the IsAuthenticated property on IIdentity to make security decisions in their applications (or deny user=”?” in ASP.NET terms). That’s a very natural thing to do, because authentication was done inside the application and we knew exactly when the IsAuthenticated condition is true. Been there, done that. Guilty ;) The fundamental difference between these “old style” apps and federation is, that authentication is not done by the application anymore. It is done by a third party service, and in the case of web identity providers, in services that are not under our control (nor do we have a formal business relationship with these providers). Now the issue is, when you switch to ACS, and someone with a Google account authenticates, indeed IsAuthenticated is true – because that’s what he is! This does not mean, that he is also authorized to use the application. It just proves he was able to authenticate with Google. Now this obviously leads to confusion. How can we solve that? Easy answer: We have to deal with authentication and authorization separately. Job done ;) For many application types I see this general approach: Application uses ACS for authentication (maybe both enterprise and web identities, we focus on web identities but you could easily have a dual approach here) Application offers to authenticate (or sign in) via web identity accounts like LiveID, Google, Facebook etc. Application also maintains a database of its “own” users. Typically you want to store additional information about the user In such an application type it is important to have a unique identifier for your users (think the primary key of your user database). What would that be? Most web identity provider (and all the standard ACS v2 supported ones) emit a NameIdentifier claim. This is a stable ID for the client (scoped to the relying party – more on that later). Furthermore ACS emits a claims identifying the identity provider (like the original issuer concept in WIF). When you combine these two values together, you can be sure to have a unique identifier for the user, e.g.: Facebook-134952459903700\799880347 You can now check on incoming calls, if the user is already registered and if yes, swap the ACS claims with claims coming from your user database. One claims would maybe be a role like “Registered User” which can then be easily used to do authorization checks in the application. The WIF claims authentication manager is a perfect place to do the claims transformation. If the user is not registered, show a register form. Maybe you can use some claims from the identity provider to pre-fill form fields. (see here where I show how to use the Facebook API to fetch additional user properties). After successful registration (which may include other mechanisms like a confirmation email), flip the bit in your database to make the web identity a registered user. This is all very theoretical. In the next post I will show some code and provide a download link for the complete sample. More on NameIdentifier Identity providers “guarantee” that the name identifier for a given user in your application will always be the same. But different applications (in the case of ACS – different ACS namespaces) will see different name identifiers. This is by design to protect the privacy of users because identical name identifiers could be used to create “profiles” of some sort for that user. In technical terms they create the name identifier approximately like this: name identifier = Hash((Provider Internal User ID) + (Relying Party Address)) Why is this important to know? Well – when you change the name of your ACS namespace, the name identifiers will change as well and you will will lose your “connection” to your existing users. Oh an btw – never use any other claims (like email address or name) to form a unique ID – these can often be changed by users.

Read the article
Coherence Data Guarantees for Data Reads - Basic Terminology

- by jpurdy

When integrating Coherence into applications, each application has its own set of requirements with respect to data integrity guarantees. Developers often describe these requirements using expressions like "avoiding dirty reads" or "making sure that updates are transactional", but we often find that even in a small group of people, there may be a wide range of opinions as to what these terms mean. This may simply be due to a lack of familiarity, but given that Coherence sits at an intersection of several (mostly) unrelated fields, it may be a matter of conflicting vocabularies (e.g. "consistency" is similar but different in transaction processing versus multi-threaded programming). Since almost all data read consistency issues are related to the concept of concurrency, it is helpful to start with a definition of that, or rather what it means for two operations to be concurrent. Rather than implying that they occur "at the same time", concurrency is a slightly weaker statement -- it simply means that it can't be proven that one event precedes (or follows) the other. As an example, in a Coherence application, if two client members mutate two different cache entries sitting on two different cache servers at roughly the same time, it is likely that one update will precede the other by a significant amount of time (say 0.1ms). However, since there is no guarantee that all four members have their clocks perfectly synchronized, and there is no way to precisely measure the time it takes to send a given message between any two members (that have differing clocks), we consider these to be concurrent operations since we can not (easily) prove otherwise. So this leads to a question that we hear quite frequently: "Are the contents of the near cache always synchronized with the underlying distributed cache?". It's easy to see that if an update on a cache server results in a message being sent to each near cache, and then that near cache being updated that there is a window where the contents are different. However, this is irrelevant, since even if the application reads directly from the distributed cache, another thread update the cache before the read is returned to the application. Even if no other member modifies a cache entry prior to the local near cache entry being updated (and subsequently read), the purpose of reading a cache entry is to do something with the result, usually either displaying for consumption by a human, or by updating the entry based on the current state of the entry. In the former case, it's clear that if the data is updated faster than a human can perceive, then there is no problem (and in many cases this can be relaxed even further). For the latter case, the application must assume that the value might potentially be updated before it has a chance to update it. This almost aways the case with read-only caches, and the solution is the traditional optimistic transaction pattern, which requires the application to explicitly state what assumptions it made about the old value of the cache entry. If the application doesn't want to bother stating those assumptions, it is free to lock the cache entry prior to reading it, ensuring that no other threads will mutate the entry, a pessimistic approach. The optimistic approach relies on what is sometimes called a "fuzzy read". In other words, the application assumes that the read should be correct, but it also acknowledges that it might not be. (I use the qualifier "sometimes" because in some writings, "fuzzy read" indicates the situation where the application actually sees an original value and then later sees an updated value within the same transaction -- however, both definitions are roughly equivalent from an application design perspective). If the read is not correct it is called a "stale read". Going back to the definition of concurrency, it may seem difficult to precisely define a stale read, but the practical way of detecting a stale read is that is will cause the encompassing transaction to roll back if it tries to update that value. The pessimistic approach relies on a "coherent read", a guarantee that the value returned is not only the same as the primary copy of that value, but also that it will remain that way. In most cases this can be used interchangeably with "repeatable read" (though that term has additional implications when used in the context of a database system). In none of cases above is it possible for the application to perform a "dirty read". A dirty read occurs when the application reads a piece of data that was never committed. In practice the only way this can occur is with multi-phase updates such as transactions, where a value may be temporarily update but then withdrawn when a transaction is rolled back. If another thread sees that value prior to the rollback, it is a dirty read. If an application uses optimistic transactions, dirty reads will merely result in a lack of forward progress (this is actually one of the main risks of dirty reads -- they can be chained and potentially cause cascading rollbacks). The concepts of dirty reads, fuzzy reads, stale reads and coherent reads are able to describe the vast majority of requirements that we see in the field. However, the important thing is to define the terms used to define requirements. A quick web search for each of the terms in this article will show multiple meanings, so I've selected what are generally the most common variations, but it never hurts to state each definition explicitly if they are critical to the success of a project (many applications have sufficiently loose requirements that precise terminology can be avoided).

Read the article
Porting a select loop application to Android with NDK. Design question.

- by plaisthos

Hi, I have an network application which uses a select loop like this: bool shutdown=false; while (!shutdown) { [do something] select(...,timeout); } THe main loop cannot work like this in an Android application anymore since the application needs to receive Intents, need to handle GUI, etc. I think I have basically three possibilities: Move the main loop to the java part of the application. Let the loop run in its own thread and somehow communicate from/to java. Screw Android <= 2.3 and use a native activity and use AInputQueue/ALooper instead of select. The first possibility is not easy since java has no select which works on fds. Simply using the select and return after each loop to java is not an elegant possibility either since that requires setting the timeout to something like 20ms to have a good response time in the java part of the program. The second probability sound nicer but I have do some communication between java and the c++/c part of the program. Things that cold work: Using a socket, kind of ugly. using native calls in the "java gui thread" and callback from native in the "c thread". Both threads need to have thread safe implementations but this is managable. I have not explored the third possibility but I think that it is not the way to go. I think I can hack something together which will work but I asking what is the best path to chose.

Read the article
Why doesn't my android application show up in the launcher?

- by rushinge

I'm developing an application for the Android platform targeted for api level 4 (Android 1.6) but I can't get it to show up on my phone and I can't figure out why. Here's my AndroidManifest.xml is there a problem in here? Or is there something else I should be looking at? <?xml version="1.0" encoding="utf-8"?> <manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.sbe.app.hellocogen" android:versionCode="1" android:versionName="1.0"> <uses-permission android:name="android.permission.INTERNET" /> <application android:icon="@drawable/icon" android:label="@string/app_name"> <activity android:name=".activity.ListPlants" android:label="@string/app_name"> <intent-filter> <action android:name="android.intent.action.MAIN" /> <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> <activity android:name=".activity.AddPlant" android:label="Add Plant"> <intent-filter> <action android:name="android.intent.action.VIEW"/> <category android:name="android.intent.category.DEFAULT"/> </intent-filter> </activity> <activity android:name=".activity.UnitActivity" android:label="IP HERE, PLANT NAME"> <intent-filter> <action android:name="android.intent.action.VIEW"/> <category android:name="android.intent.category.DEFAULT"/> </intent-filter> </activity> </application> <uses-sdk android:minSdkVersion="4"/> </manifest> When I started this application it didn't show up but I fixed it by setting the minimum api level to 4 instead of 7 then it started showing up but now it stopped showing up again and I don't know why.

Read the article
How to use an OSGi service from a web application?

- by Jaime Soriano

I'm trying to develop a web application that is going to be launched from a HTTP OSGi service, this application needs to use other OSGi service (db4o OSGi), for what I need a reference to a BundleContext. I have tried two different approaches to get the OSGi context in the web application: Store the BundleContext of the Activator in an static field of a class that the web service can import and use. Use FrameworkUtil.getBundle(this.getClass()).getBundleContext() (being this an instance of MainPage, a class of the web application). I think that first option is completely wrong, but anyway I'm having problems with the class loaders in both options. In the second one it raises a LinkageError: java.lang.LinkageError: loader constraint violation: loader (instance of org/apache/felix/framework/ModuleImpl$ModuleClassLoader) previously initiated loading for a different type with name "com/db4o/ObjectContainer" Also tried with Equinox and I have a similar error: java.lang.LinkageError: loader constraint violation: loader (instance of org/eclipse/osgi/internal/baseadaptor/DefaultClassLoader) previously initiated loading for a different type with name "com/db4o/ObjectContainer" The code that provokes the exception is: ServiceReference reference = context.getServiceReference(Db4oService.class.getName()); Db4oService service = (Db4oService)context.getService(reference); database = service.openFile("foo.db"); The exception is raised in the last line, database class is ObjectContainer, if I change the type of this variable to Object exception is not raised, but It's not useful as an Object :)

Read the article
Maintaining a Python web application: heavier vs lighter framework?

- by Tiberiu Ana

Five+ years from now, you are hired to support and extend a data-centric web application written in Python that hasn't been kept up to date. Would you rather prefer it was written in the current version of Django/Pylons at the time, using the available standard components, or kept minimal with something like CherryPy/web.py and a few library dependencies? Heavy framework Advantages: standard approach to application design and structure, as encouraged by framework; less application code to worry about. Disadvantages: requires learning the framework to understand how things work; broken things in old version of framework difficult to fix; upgrading to new version potentially difficult due to changing APIs; finding relevant documentation/help potentially difficult due to changing APIs. Light framework Advantages: most application code is directly "visible"; only needed features are implemented; architecture should be simpler to understand; less need to upgrade external dependencies; easier to upgrade external dependencies. Disadvantages: some reinventing the wheel; non-standard design and structure (with the associated unique issues and bugs). I will update the list with any helpful answers.

Read the article
Missing WM_PAINT when hosting a WPF control inside a winforms application.

- by Boris

Hi All, Consider the following scenario: 1) Create a winforms application with an empty form. 2) Create a WPF usercontrol in the same project which is just the default control with background changed to blue. <UserControl x:Class="WindowsFormsApplication2.UserControl1" xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation" xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml" Height="300" Width="300" Background="Blue"> <Grid> </Grid> </UserControl> 3) Build the project 4) Add the control to your form (an ElementHost is added and the control is added inside it). 5) Run the application (everything looks nice) 6) Start Spy++, click find window (Control+F) and move the cursor onto the WPF control (the blue square) Something strange happens, the control gets a WM_ERASEBKGND message but no WM_PAINT message so now it is white. You can resize the form, hide the form behind other windows and the WPF control will not get rendered. There is an image of the scenario here: http://img260.imageshack.us/img260/2296/wmpaint.png This is a simplified example of the situation I have in the actual application. Please tell me what is the best way to resolve this issue such that the WPF control renders itself correctly. I would like a solution that can be incorporated into a large application with many controls on the form. Thank you very much in advance, Boris

Read the article
How do I utilize REST to post GPS data from an Android device into a Ruby on Rails application?

- by joecan

I am a student in the process a building an Android app that can post a GPS track into a Rails application. I would like to do things the "Rails" way and take advantage of the REST. My rails application basically has 3 models at this point: users, tracks, and points. A user has_many tracks and a track has_many points. A track also has a total distance. Points have a latitude and longitude. I have successfully been able to create an empty track with: curl -i -X POST -H 'Content-Type: application/xml' -d '<track><distance>100</distance></track>' http://localhost:3000/users/1/tracks Whoo hoo! That is pretty cool. I am really impressed that rails do this. Just to see what would happen I tried the following: curl -i -X POST -H 'Content-Type: application/xml -d '<track><distance>100</distance><points><point><lat>3</lat><lng>2</lng></point></points></track>' http://localhost:3000/users/1/tracks Fail! The server spits back: Processing TracksController#create (for 127.0.0.1 at 2010-04-14 00:03:25) [POST] Parameters: {"track"={"points"={"point"={"lng"="2", "lat"="3"}}, "distance"="100"}, "user_id"="1"} User Load (0.6ms) SELECT * FROM "users" WHERE ("users"."id" = 1) ActiveRecord::AssociationTypeMismatch (Point(#-620976268) expected, got Array(#-607740138)): app/controllers/tracks_controller.rb:47:in `create' It seems my tracks_controller doesn't like or understand what it's getting from the params object in my tracks_controller.rb: def create @track = @user.tracks.build(params[:track]) My xml might be wrong, but at least Rails seems to be expecting a Point from it. Is there anyway I can fix TracksController.create so that it will be able to parse xml of a track with nested multiple points? Or is there another way I should be doing this entirely?

Read the article
Running a GWT application (including Applets) inside an IFRAME from an ASP.NET 3.5 app?

- by Jay Stevens

We are looking at integrating a full-blown GWT (Google Web Toolkit 2.0) application with an existing ASP.NET 3.5 application. My first gut reaction is that this is a horrible frankenstein idea. However, the customer has insisted that we use this application developed by a third-party. I have almost NO CONTROL over the development of the GWT app. My first thought is to actually attempt to embed this in an iFrame. Because GWT is running under Tomcat/Jakarta, it is hosted on a different server from the .NET app so the iFrame src will be to a URL on the other machine. I need to utilize our own ASP.NET authorization scheme to restrict access to the embedded GWT application. The GWT app also uses embedded java applets, which don't seem to be working right now inside the iframe. The GWT app makes calls to a backend server (using GWT-RPC?). Any major problems with this approach that anyone can see? Will GWT work on an iframe while hosted on a different machine? NOTE: SIMPLY ADDING A DIV WITH THE SAME NAME DOES NOT WORK FOR THIS!

Read the article
Global.asax parser errors when deploying MVC 1 application to remote server.

- by mannish

So we're having some issues deploying an ASP.NET MVC app to a client site. Basically when we try to test the app from localhost, we get the dreaded Global.asax parser error indicating it could not load the application global. Research indicates there are basically 4 possible reasons for this exception we're seeing: The solution hasn't been built. This clearly isn't the case since we can deploy it here and it runs fine on any machine we deploy to AND we had to build and publish the darn thing to deploy it anyway. The Global.asax namespace inheritance does not match the application global code file. Again we double checked this and since it runs just fine here that can't be the issue. Miscellaneous non-descript IIS/VS.NET mischief. Basically something get's wonky in IIS or VS.NET and the web server won't behave correctly for this application. We've done cleans and rebuilds, we've deleted virtual dir and recreated, and performed all of the IIS munging that we've found elsewhere online. Various combinations of IIS bounces, server reboots, virtual dir/application recreation, etc. Code level permissions issue. We've verified full trust in machine/web config in the framework directory, we've set .NET trust to full in IIS, we've granted Everyone full control on the directories just to hit it with the security hammer, etc. etc. The pertinent detials: Windows Server 2008 x64 IIS 7, 32 bit compatible app pool (app was written on 32 bit OS compiled for any cpu) App pool identity set to NetworkService Microsoft ASP.NET MVC 1.0 XCopy deployment We deployed another read-only app just fine. The significant difference in this app is the use of NHibernate and Log4Net which require full trust. Additionally, the actual project name of the web project differs from the default namespace however the Inherits namespace in Global.asax and the Global.asax.cs files match so this shouldn't be an issue. Anybody have any bright ideas? We're officially down to just the dim ones.

Read the article

Search Results

Search found 52213 results on 2089 pages for 'ipad application'.

Page 341/2089 | < Previous Page | 337 338 339 340 341 342 343 344 345 346 347 348 | Next Page >

- by voroninp

- by jjoensuu

- by Sreejith

- by Tatsuhiro Yamaguchi

- by Maria Colgan

- by ToStringTheory

- by Broken_Code

- by ee

- by StackOverflowNewbie

- by Bevor

- by Frank

- by DigiMortal

- by olaf.heimburger

- by PeterTweed

- by Jerry Dodge

- by Your DisplayName here!

- by jpurdy

- by plaisthos

- by rushinge

- by Jaime Soriano

- by Tiberiu Ana

- by Boris

- by joecan

- by Jay Stevens

- by mannish

< Previous Page | 337 338 339 340 341 342 343 344 345 346 347 348 | Next Page >