Search Results

Search found 1430 results on 58 pages for 'risk assesment'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 47/58 | < Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >

  • Beyond core java

    - by Paul
    Coming to the end of the first year of my CS degree, we've done some Java but just the core stuff; manipulating strings and arrays, inheritance, implementing logic etc. I visit this website daily and I see so much stuff that is beyond me; using frameworks; managing databases etc. It makes me feel like I've just learned the syntax of Java, and there is so much more to do with it. My question is though, how do I get there? I don't think I'm advanced enough to join an open source project, which seems to be suggested often (though I'd love to) and I've looked at other similar questions on here (like this one) but even then I don't think that'd work for me.. firstly, could somebody try give me some commonly used frameworks etc and how and what they are used for? Where would be a good place to start? How did you get started in using the things you do? Or perhaps you think I'm going down the wrong route. Should I learn another language, and just wait until the moment occurs where it's clear what I should be doing? I'm only in the first year of my degree, so far we've lightly covered Haskell and Java, and I've done a little HTML and CSS in my free time. I know that next year we cover python, so perhaps I should just wait till then and see if I prefer that? I feel like I also risk learning something in depth and then never using it... I suppose I'm also asking for personal experiences; was there a point where you felt you'd exceeded the basic grasp of a language (does not necessarily have to be Java related) and reach a more "advanced" level? I guess I'll put subjective tag on this, but really I just want to know how to get beyond the basic understanding of a language.

    Read the article

  • Session cookie not being created in Rails, very rarely and frustratingly.

    - by James
    Hi everyone, This is an issue sporadically for very few users, however we haven't been able to replicate it. However I have now got a Chrome instance (Mac) which is reproducing the error (for some unknown reason), and I hope to not restart it until I have this nailed! Rails application, using memcached for session store. While the bug manifests in the _app_session_id cookie not being created, our javascript-generated cookie test and app-generated language cookies are being created successfully. This means that 422 / InvalidAuthToken errors are thrown for every form that is submitted by those afflicted - people can't log into the app. The error occurs across all browsers - had reports for IE7 and Firefox (which most users use). Switching to another browser often fixes the issue (though not always), and standard cache-cookie-clear tactics do not. So now that I have got Chrome open which is having the same issue - in development, staging and live environments (meaning http and https). All other browsers are fine. I've restarted the servers and restarted memcached. I don't really want to restart Chrome - in the risk that the issue does go away with that (having said that, it hasn't worked for users). I've been tcpdumping the requests - and although I'll keep digging, I'd love it if anyone had any suggestions, places to start looking, anything. This is really painful ;) Thanks!

    Read the article

  • DVCS with a Windows central repository

    - by Mikko Rantanen
    We are currently using VSS for version control. Quite few of our developers are interested in a distributed model (And want to get rid of VSS). Our network is full of Windows machines and while our IT department has experience maintaining Linux machines they would prefer not to. What DVCS systems can host their central repository on Windows while providing.. Push access to the repository. Basic authentication. Mostly just a way to allow or deny access to the whole repository. No need for fine grained access. Server process so users don't need write right to the repository reducing the risk of accidentally messing with it. On the client side a GUI such as Tortoise would be more or less a requirement (Sorry, Windows shell sucks. :|). Ease of installation would be a huge plus as our IT department is already quite low on resources. And using windows credentials for authentication would be an advantage but not a requirement as long as the client is able to store the credentials. I have had a (really) quick look at Git, Mercurial and Bazaar. Git seemed to use ssh or simple WebDAV for repository access, requiring write permission for the users. Mercurial had a built in http server, but this seemed to be only for pull purposes. Update: Mercurial supports push as well. Bazaar Seemed to use sftp for repository access, again requiring a write permission for the users. Are there windows server processes for any DVCS systems and has anyone managed to set one up in a Windows land? And apologies if this is a duplicate question. I couldn't find one. Update Got Mercurial working for push purposes! Detailed list what was required can be found as an answer below.

    Read the article

  • Google Analytics Event Tracking and Variable visibility.

    - by Jeow
    Hi guys, I have added to my html page the standard latest snippet to get google analytics to work: ... ... var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-15080849-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = 'http://www.google-analytics.com/ga.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(ga); })(); Now looking at the official 'event tracking guide' google says: add a snippet such as: pageTracker._trackEvent('Videos', 'Play', 'Gone With the Wind'); my question is: where is pageTracker coming from ? is it a global object in ga.js ? but if it is, why google did not tell me that they run a risk on breaking some script... I must be missing something any help really appreciated.

    Read the article

  • How can get dtrace to run the traced command with non-root priviledges ?

    - by Gyom
    OS X lacks linux's strace, but it has dtrace which is supposed to be so much better. However, I miss the ability to do simple tracing on individual commands. For example, on linux I can write strace -f gcc hello.c to caputre all system calls, which gives me the list of all the filenames needed by the compiler to compile my program (the excellent memoize script is built upon this trick) I want to port memoize on the mac, so I need some kind of strace. What I actually need is the list of files gcc reads and writes into, so what I need is more of a truss. Sure enough can I say dtruss -f gcc hello.c and get somewhat the same functionality, but then the compiler is run with root priviledges, which is obviously undesirable (apart from the massive security risk, one issue is that the a.out file is now owned by root :-) I then tried dtruss -f sudo -u myusername gcc hello.c, but this feels a bit wrong, and does not work anyway (I get no a.out file at all this time, not sure why) All that long story tries to motivate my original question: how do I get dtrace to run my command with normal user priviledges, just like strace does in linux ? Edit: is seems that I'm not the only one wondering how to do this: question #1204256 is pretty much the same as mine (and has the same suboptimal sudo answer :-)

    Read the article

  • How can we best represent the SDLC process as a board game?

    - by Innogetics
    I recently got interested in financial board games and saw how they can be very useful in educating children about certain concepts. It got me thinking whether it was also possible to represent certain aspects of executing a software project via a boardgame and make it fun. Here are a few things that I have come up so far: human resources and tools / techniques are represented as cards. requirements are also represented as cards, which are dealt equally to each player, and the objective is to move all requirement cards through an "SDLC" board (one per player) that represent a series of squares grouped according to phases (design all the way to deployment) the passage of time is represented in a main square board like monopoly, and completing a trip around the board (passing "Go") allows the player to move each of the requirement cards a number of steps through the SDLC board depending on the capability of the resource cards (senior programmer allows one requirement to move two squares in the dev phase, junior programmer only one, etc.) players will start with play money representing the project budget, and at every pass at "Go" is payday. the player is out of the game if he runs out of funds. the main board also has "chance" / "risk" cards, which represent things that can mess up a project. damage is applied at the roll of a die, and chance modifiers depend on whether the user has "bought" tools / techniques. I haven't implemented this idea yet as I'm still looking at more play elements that can make the game more engaging, as well as soliciting for more ideas. I am planning to release this under Creative Commons license but haven't decided on the exact license yet. Any more game play suggestions are welcome. UPDATE: This was posted in BoardGameGeek and there's now an active discussion thread there. http://www.boardgamegeek.com/article/4436694

    Read the article

  • Libraries and pseudocode for physical Dashboard/Status board

    - by dani
    OK, so I bought a 46" screen for the office yesterday, and with the imminent risk of being accused for setting up an "elaborate World Cup procrastination scheme", I'd better show my colleagues what it's meant for ;) Looking at my simple sketch, and at these great projects from which I was inspired, I would like to get some input on the following: Pseudocode for the skeleton: As some methods should be called every 24 hours ("Today's date in the heading"), others at 60 second intervals ("Twitter results"), what would be a good approach using JavaScript (jQuery) and PHP? EDIT: Alsciende: I can agree that #1 and #8 are too vague. Therefore I remove #8 and try to clarify #1: With "Pseudocode for the skeleton", I basically mean could this be done entirely using JavaScript timers and how would you set up the various timers? Library for Google Analytics: Which libraries support the Google Analytics API and can produce neat charts. Preferably HTML5, JavaScript-based like Protovis. Library for Twitter: Which libraries would you recommend for fetching twitter search results and latest tweets from profiles. Libraries for Typography/CSS/HTML5: Trying to learn some HTML5 etc. in the process, please advice on any other typography/css libraries that could be of relevance. Scraping/Parsing? I'll give you a concrete example: Trying to fetch today's menu from this restaurant's website, how would you go about? (it's in Swedish - but you get the point - sorry ;) ) Real-time stats? I'm using the WassUp-plugin for WordPress to track real-time visitors on our website. Other logging software (AWStats etc.) is probably also installed on the webserver. Any ideas on how to extract information from these and present in real-time on the dashboard? Browser choice? Which Browser and OS would you pick? Stable, Full-screen, HTML5.

    Read the article

  • Simple jQuery code contains a syntax error that I can't find

    - by inkedmn
    I've got this (remarkably) simple JavaScript function that is called when a user clicks a "Cancel" link: function hideNewUserPanel(){ $('#create_user_panel').slideUp('slow'); $('.right_interior_panel').slideDown('slow'); } And the code to add the handler: $(function(){ $('#cancel_create_user_btn').live('click', function(){ hideNewUserPanel(); } }); Functionally, everything works as expected. Trouble is, when I click the "Cancel" link, Firebug shows an error in the console: uncaught exception: Syntax error, unrecognized expression: # I've stepped through the code several times and the error appears at some point before the call to hideNewUserPanel(). At the risk of sounding like one of "those programmers" (the kind that claim to have found a bug in GCC and assume their own code is perfect), the exception is being thrown from somewhere within jQuery proper, so I assume the issue is in there. I'm using jQuery 1.3.2 (this is a legacy project using many jQuery plugins that will break if we update to 1.4.x). Is there anything obviously wrong with my code that I'm simply not seeing? This code is, frankly, very simple and I don't really see what the issue could be. Thanks!

    Read the article

  • sql-server performance optimization by removing print statements

    - by AG
    We're going through a round of sql-server stored procedure optimizations. The one recommendation we've found that clearly applies for us is 'SET NOCOUNT ON' at the top of each procedure. (Yes, I've seen the posts that point out issues with this depending on what client objects you run the stored procedures from but these are not issues for us.) So now I'm just trying to add in a bit of common sense. If the benefit of SET NOCOUNT ON is simply to reduce network traffic by some small amount every time, wouldn't it also make sense to turn off all the PRINT statements we have in the stored procedures that we only use for debugging? I can't see how it can hurt performance. OTOH, it's a bit of a hassle to implement due to the fact that some of the print statements are the only thing within else clauses, so you can't just always comment out the one line and be done. The change carries some amount of risk so I don't want to do it if it isn't going to actually help. But I don't see eliminating print statements mentioned anywhere in articles on optimization. Is that because it is so obvious no one bothers to mention it?

    Read the article

  • How to use Data aware controls "correctly"?

    - by lyborko
    Hi, I would like to ask experienced users, if you prefer to use data aware controls to add, insert, delete and edit data in DB or you favor to do it manualy. I developed some DB applications, in which for the sake of "user friendly policy" I run into complicated web of table events (afterinsert, afteredit, after... and beforeedit, beforeinsert, before...). After that it was a quite nasty work to debug the application. Aware of this risk (later by another application) I tried to avoid this problem, so I paid increased attention to write code well, readable and comprehensive. It seemed everything all right from the beginning, but as I needed to handle some preprocessing stuff before sending and loading data etc, I run into the same problems again, "slowly and inevitably". Sometime I could not use dataaware controls anyway, and what seemed to be a "cool" feature of DAControl at the beginning it turned to an obstacle on the end. I "had to" write special routine for non-dataaware controls, in order to behave as dataaware. Then I asked myself, why on earth should I use dataaware controls? Is it better to found application architecture on non-dataaware controls? It requires more time to write bug-proof code, of course, but does it worth of it? I do not know... I happened to me several times, like jinxed : paradise on the beginning hell on the end... I do not know, if I use wrong method to write DB program, if there is some standard common practice how to proceed. Or if it is common problem to everybody? Thanx for advices and your experiences

    Read the article

  • Multiple on-screen view controllers in iPhone apps

    - by Felixyz
    I'm creating a lot of custom views and controllers in a lot of my apps and so far I've mostly set them up programmatically, with adjustments and instantiations being controlled from plists. However, now I'm transitioning to using Interface Builder as much as possible (wish I had done that before, was always on my back-list). Apple is recommending against having many view controllers being simultaneously active in iPhone apps, with a couple of well-known exceptions. I've never fully understood why it should be bad to have different parts of the interface belong to different controllers, if they have no interdependent functionality at all. Does having multiple controllers risk messing up the responder chain, or is there some other reason that it's not recommended, except for the fact that it's usually not needed? What I want to be able to do is design reusable views and controls in IB, but since a nib is not associated with a view, but with a view controller, it seems I'd have to have different parts of the screen be connected to different controllers. I know it's possible to have other objects than view controllers being instantiated from nibs. Should I look into how to create my own alternative more light-weight controllers (that could be sub-controllers of a UIViewController) which could be instantiated from nibs?

    Read the article

  • ASP MVC - Routing Required?

    - by evo_9
    I've been reading up on MVC2 which came in VS2010 and it sounds pretty interesting. I'm actually in the middle of a large multi-tenant application project, and have just started coding the UI. I'm considering changing to MVC as I'm not that far along at this point. I have some questions about the Routing capabilities, namely are they required to use MVC or can I more or less ignore Routing? Or do I have to setup a default routing record that will make things work like standard ASPX (as far as routing alone is concerned)? The reason why I don't want to use Routing is because I've already defined a custom URL 'rewrite' mechanism of my own (which fires on session_start). In addition, I'm using jquery and opens-standards for the entire UI, and MVC's aspx overhead-free approach seems like a better fit based on how I've already started to build the application (I am not using viewstate at all, for example). I guess my big concern is whether the routing can be ignored, of if I will have to re-implement my custom URL rewriting to work with MVC, and if that's the case, how would I do that? As a new Routing routine, or stick with the session_start (if that's even possible?). Lastly, I don't want to use anything even remotely 'intelligent/readable' for the url - for a site like StackOverflow, the readability of the URL is a positive, but the opposite is true if it's not a public website like this one. In fact, it would seem to me that the more friendly MVC routing URL (which indirectly show method names) could pose a security risk on a private, non-public website app like I'm developing. For all these reasons I would love to use the lightweight aspects of MVC but skip the Routing entirely - is this possible?

    Read the article

  • URL shortening: using inode as short name?

    - by Licky Lindsay
    The site I am working on wants to generate its own shortened URLs rather than rely on a third party like tinyurl or bit.ly. Obviously I could keep a running count new URLs as they are added to the site and use that to generate the short URLs. But I am trying to avoid that if possible since it seems like a lot of work just to make this one thing work. As the things that need short URLs are all real physical files on the webserver my current solution is to use their inode numbers as those are already generated for me ready to use and guaranteed to be unique. function short_name($file) { $ino = @fileinode($file); $s = base_convert($ino, 10, 36); return $s; } This seems to work. Question is, what can I do to make the short URL even shorter? On the system where this is being used, the inodes for newly added files are in a range that makes the function above return a string 7 characters long. Can I safely throw away some (half?) of the bits of the inode? And if so, should it be the high bits or the low bits? I thought of using the crc32 of the filename, but that actually makes my short names longer than using the inode. Would something like this have any risk of collisions? I've been able to get down to single digits by picking the right value of "$referencefile". function short_name($file) { $ino = @fileinode($file); // arbitrarily selected pre-existing file, // as all newer files will have higher inodes $ino = $ino - @fileinode($referencefile); $s = base_convert($ino, 10, 36); return $s; }

    Read the article

  • using linq to sql

    - by mazhar
    Well I am new to this orm stuff. We have to create a large project . I read about linq to sql . will it be appropiate to use it in the project of high risk . i found no problem with it personally but the thing is that there will be no going back once started.So i need some feedback from the orm gurus here at the msdn.Will entity framework will be better?( I am in doubt about link to sql because I have read and heard negative feedback here and there) I will be using mvc2 as the framework. So please give the feedback about linq to sql in this regard. q2) Also I am a fan of stored procedure as they are precomputed and fasten up the thing and I have never worked without them.I know that linq to sql support stored procedures but will it be feasible to give up stored procedure seeing the beautiful data access layer generated with little effort as we are also in a need of rapid development. q3) If some changes to some fields required in the database in Link to Sql how will the changes be accommodated in the data access layer.

    Read the article

  • using linq to sql

    - by user324831
    Well I am new to this orm stuff. We have to create a large project . I read about linq to sql . will it be appropiate to use it in the project of high risk . i found no problem with it personally but the thing is that there will be no going back once started.So i need some feedback from the orm gurus here at the msdn.Will entity framework will be better?( I am in doubt about link to sql because I have read and heard negative feedback here and there) I will be using mvc2 as the framework. So please give the feedback about linq to sql in this regard. q2) Also I am a fan of stored procedure as they are precomputed and fasten up the thing and I have never worked without them.I know that linq to sql support stored procedures but will it be feasible to give up stored procedure seeing the beautiful data access layer generated with little effort as we are also in a need of rapid development. q3) If some changes to some fields required in the database in Link to Sql how will the changes be accommodated in the data access layer.

    Read the article

  • Java Concurrency in practice sample question

    - by andy boot
    I am reading "Java Concurrency in practice" and looking at the example code on page 51. According to the book this piece of code is at risk of of failure if it has not been published properly. Because I like to code examples and break them to prove how they work. I have tried to make it throw an AssertionError but have failed. (Leading me to my previous question) Can anyone post sample code so that an AssertionError is thrown? Rule: Do not modify the Holder class. public class Holder{ private int n; public Holder(int n){ this.n = n; } public void assertSanity(){ if (n != n) { throw new AssertionError("This statement is false"); } } } I have modified the class to make it more fragile but I still can not get an AssertionError thrown. class Holder2{ private int n; private int n2; public Holder2(int n) throws InterruptedException{ this.n = n; Thread.sleep(200); this.n2 = n; } public void assertSanity(){ if (n != n2) { throw new AssertionError("This statement is false"); } } } Is it possible to make either of the above classes throw an AssertionError? Or do we have to accept that they may occasionally do so and we can't write code to prove it?

    Read the article

  • Old fashioned html onclick return false doesnt in IE work when jquery script included

    - by user292662
    Ok, so im quite new to jquery but found this bizzar problem just now, If we ignore jquery for a second and consider this scenario, if i have two links like below both with an href and both with and onclick event. The first link will not follow the href because the onclick returns false, and the second link will because the onclick returns true. <a href="/page.html" onclick="return false;">Dont follow</a> <a href="/page.html" onclick="return false;">Follow</a> This works just hunky dory in every browser as it should, the thing is, as soon as i include the jQuery script on the page this stops working in all versions of IE which then always follows the href whether the onclick returns false or not. (it continues to work fine in other browsers) Now if i add an event using jquery and call .preventDefault() on the event object instead of doing it the old fashioned way this behaves correctly, and you may say, well just do that then? But i have a site with thousands of lines of code and i am adding jquery support, i dont want to run the risk that i might miss an already defined html onclick="" and break the website. I cant see why jQuery should prevent perfectly normal javascript concepts from working, so is this a jQuery bug or am I missing something?

    Read the article

  • Some clarification needed about synchronous versus asynchronous asio operations

    - by Old newbie
    As far as I know, the main difference between synchronous and asynchronous operations. I.e. write() or read() vs async_write() and async_read() is that the former, don't return until the operation finish -or error-, and the last ones, returns inmediately. Due the fact that the asynchronous operations are controlled by an io_service.run() that does not finish until the controlled operations has finalized. It seems to me that in sequencial operations as those involved in TCP/IP connections with protocols such as POP3, in which the operaton is a sequence such as: C: <connect> S: Ok. C: User... S: Ok. C: Password S: Ok. C: Command S: answer C: Command S: answer ... C: bye S: <close> The difference between synchronous/asynchronous opperatons does not make much sense. Of course, in both operations there is allways the risk that the program flow stops indefinitely by some circunstance -there the use of timers-, but I would like know some more authorized opinions in this matter. I must admit that the question is rather ill-defined, but I like hear some advices about when use one or other, because I've problems in debugging with MS Visual Studio, asynchronous SSL operations in a POP3 client in wich I'm working now -about some of who surely I would write here soon-, and sometimes think that perhaps is a bad idea use asynchronous in this. Not to say that I'm an absolute newbie with this librarys, that additionally to the difficult with the idioma, and some obscure concepts in the STL, must suffer the brevity of the asio documentation.

    Read the article

  • Serialized NHibernate Configuration objects - detect out of date or rebuild on demand?

    - by fostandy
    I've been using serialized nhibernate configuration objects (also discussed here and here) to speed up my application startup from about 8s to 1s. I also use fluent-nhibernate, so the path is more like ClassMap class definitions in code fluentconfiguration xml nhibernate configuration configuration serialized to disk. The problem from doing this is that one runs the risk of out of date mappings - if I change the mappings but forget to rebuild the serialized configuration, then I end up using the old mappings without realising it. This does not always result in an immediate and obvious error during testing, and several times the misbehaviour has been a real pain to detect and fix. Does anybody have any idea how I would be able to detect if my classmaps have changed, so that I could either issue an immediate warning/error or rebuild it on demand? At the moment I am comparing timestamps on my compiled assembly against the serialized configuration. This will pickup mapping changes, but unfortunately it generates a massive false positive rate as ANY change to the code results in an out of date flag. I can't move the classmaps to another assembly as they are tightly integrated into the business logic. This has been niggling me for a while so I was wondering if anybody had any suggestions?

    Read the article

  • Calculate location and number of intersections between multiple date/time ranges?

    - by Patricker
    I need to calculate the location of intersections between multiple date ranges, and the number of overlapping intersections. Then I need to show which date/time ranges overlap each of those intersecting sections. It is slightly more complicated than that so I'll do my best to explain by providing an example. I am working in VB.Net, but C# examples are acceptable as well as I work in both. We have several high risk tasks that involve the same system. Below I have three example jobs named HR1/2/3/4 with start and end date/times. HR1 {1/6/2010 10:00 - 1/6/2010 15:00} HR2 {1/6/2010 11:00 - 1/6/2010 18:00} HR3 {1/6/2010 12:00 - 1/6/2010 14:00} HR4 {1/6/2010 18:00 - 1/6/2010 20:00} What I want the end result to be is shown below. I am having trouble describing it any way but by example. HRE1 {1/6/2010 10:00 - 1/6/2010 11:00} - Intersects 1 {End Time Split 1, for readability only, not needed in solution} HRE1 {1/6/2010 11:00 - 1/6/2010 12:00} - Intersects 2 HRE2 {1/6/2010 11:00 - 1/6/2010 12:00} - Intersects 2 {End Time Split 2, for readability only, not needed in solution} HRE1 {1/6/2010 12:00 - 1/6/2010 14:00} - Intersects 3 HRE2 {1/6/2010 12:00 - 1/6/2010 14:00} - Intersects 3 HRE3 {1/6/2010 12:00 - 1/6/2010 14:00} - Intersects 3 {End Time Split 3, for readability only, not needed in solution} HRE1 {1/6/2010 14:00 - 1/6/2010 15:00} - Intersects 2 HRE2 {1/6/2010 14:00 - 1/6/2010 15:00} - Intersects 2 {End Time Split 4, for readability only, not needed in solution} HRE2 {1/6/2010 15:00 - 1/6/2010 18:00} - Intersects 1 {End Time Split 5, for readability only, not needed in solution} HR4 {1/6/2010 18:00 - 1/6/2010 20:00} - Intersects 1 Any help would be greatly appreciated.

    Read the article

  • Handling form from different view and passing form validation through session in django

    - by Mo J. Mughrabi
    I have a requirement here to build a comment-like app in my django project, the app has a view to receive a submitted form process it and return the errors to where ever it came from. I finally managed to get it to work, but I have doubt for the way am using it might be wrong since am passing the entire validated form in the session. below is the code comment/templatetags/comment.py @register.inclusion_tag('comment/form.html', takes_context=True) def comment_form(context, model, object_id, next): """ comment_form() is responsible for rendering the comment form """ # clear sessions from variable incase it was found content_type = ContentType.objects.get_for_model(model) try: request = context['request'] if request.session.get('comment_form', False): form = CommentForm(request.session['comment_form']) form.fields['content_type'].initial = 15 form.fields['object_id'].initial = 2 form.fields['next'].initial = next else: form = CommentForm(initial={ 'content_type' : content_type.id, 'object_id' : object_id, 'next' : next }) except Exception as e: logging.error(str(e)) form = None return { 'form' : form } comment/view.py def save_comment(request): """ save_comment: """ if request.method == 'POST': # clear sessions from variable incase it was found if request.session.get('comment_form', False): del request.session['comment_form'] form = CommentForm(request.POST) if form.is_valid(): obj = form.save(commit=False) if request.user.is_authenticated(): obj.created_by = request.user obj.save() messages.info(request, _('Your comment has been posted.')) return redirect(form.data.get('next')) else: request.session['comment_form'] = request.POST return redirect(form.data.get('next')) else: raise Http404 the usage is by loading the template tag and firing {% comment_form article article.id article.get_absolute_url %} my doubt is if am doing the correct approach or not by passing the validated form to the session. Would that be a problem? security risk? performance issues? Please advise Update In response to Pol question. The reason why I went with this approach is because comment form is handled in a separate app. In my scenario, I render objects such as article and all I do is invoke the templatetag to render the form. What would be an alternative approach for my case? You also shared with me the django comment app, which am aware of but the client am working with requires a lot of complex work to be done in the comment app thats why am working on a new one.

    Read the article

  • Why do I get a security warning in visual studio 2008 when creating a project?

    - by MikeG
    This is the error, it's basically a security warning (And here's the text grabbed off the dialog box) Security Warning for WindowsApplication4 __________________________I The WindowsApplication4 project file has been customized and could present a security risk by executing custom build steps when opened in Microsoft Visual Studio. If this project came from an untrustwoithy source, it could cause damage to your computer or compromise your private information. More Details Project load options 0 Load project for browsing Opens the project in Microsoft Visual Studio with increased security. This option allows you to browse the contents of the project, but some functionality, such as IntelliSense, is restricted, When a project is loaded for browsing, actions such as building, cleaning, publishing, or opening designers could still remain unsafe. Load project normally Opens the project normally in Microsoft Visual Studio. Use this option if you trust the source and understand the potential risks involved. Microsoft Visual Studio does not restrict any project functionality and will not prompt you again for this project. Ask me for every project in this solution OK L Cancel When click the more details button get this: Microsoft Visual Studio __ An item referring to the file was found in the project file “C:\Users\mgriffiths\Documents\Visual Studio 2008\ProjectATemp\Win dowsApplication4\WindowsApplicdtion4\W in dowsApplication4.vbproj”. Since this file is located within a system directory, root directory, or network share, it could be harmful to write to this file. OK

    Read the article

  • Still don't understand file upload-folder permissions

    - by Camran
    I have checked out articles and tutorials. I don't know what to do about the security of my picture upload-folder. It is pictures for classifieds which should be uploaded to the folder. This is what I want: Anybody may upload images to the folder. The images will be moved to another folder, by another php-code later on (automatic). Only I may manually remove them, as well as another php file on the server which automatically empties the folder after x-days. What should I do here? The images are uploaded via a php-upload script. This script checks to see if the extension of the file is actually a valid image-file. When I try this: chmod 755 images the images wont be uploaded. But like this it works: chmod 777 images But 777 is a security risk right? Please give me detailed information... The Q is, what to do to solve this problem, not info about what permissions there are etc etc... Thanks If you need more info let me know...

    Read the article

  • How might one cope with the ambiguous value produced by GetDllDirectory?

    - by Integer Poet
    GetDllDirectory produces an ambiguous value. When the string this call produces is empty, it means one of the following: nobody has called SetDllDirectory somebody passed NULL to SetDllDirectory somebody passed an empty string to SetDllDirectory The first two cases are equivalent for my purposes, but the third case is a problem. If I want to write save/restore code (call GetDllDirectory to save the "old" value, SetDllDirectory to set a "new" value temporarily, and later SetDllDirectory again to restore the "old" value), I run the risk of reversing some other programmer's intent. If the other programmer intended for the current working directory to be in the DLL search order (in other words, one of the first two bullets is true), and I pass an empty string to SetDllDirectory, I will be taking the current working directory out of the DLL search order, reversing the other programmer's intent. Can anyone suggest an approach to eliminate or work around this ambiguity? P.S. I know having the current working directory in the DLL search order could be interpreted as a security hole. Nevertheless, it is the default behavior, and my code is not in a position to undo that; my code needs to be compatible with the expectations of all potential callers, many of which are large and old and beyond my control.

    Read the article

  • How do I implement configurations and settings?

    - by Malvolio
    I'm writing a system that is deployed in several places and each site needs its own configurations and settings. A "configuration" is a named value that is necessary to a particular site (e.g., the database URL, S3 bucket name); every configuration is necessary, there is not usually a default, and it's typically string-valued. A setting is a named value but it just tweaks the behavior of the system; it's often numeric or Boolean, and there's usually some default. So far, I've been using property files or thing like them, but it's a terrible solution. Several times, a developer has added a requirement for a configuration but not added the value to file for the live configuration, so the new release passed all the tests, then failed when released to live. Better, of course, for every file to be compiled — so if there's a missing configuration, or one of the wrong type, it won't get past the compiler — and inject the site-specific class into the build for each site. As a bones, a Scala file can easy model more complex values, especially lists, but also maps and tuples. The downside is, the files are sometimes maintained by people who aren't developers, so it has to be pretty self-explanatory, which was the advantage of property files. (Someone explain XML configurations to me: all the complexity of a compilable file but the run-time risk of a property file.) What I'm looking for is an easy pattern for defining a group required names and allowable values. Any suggestions?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >