Search Results

Search found 650 results on 26 pages for 'flaws and pitfalls'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 5/26 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Why not use PHP's built-in session handling?

    - by Dougal
    Is there currently - or has there ever been - any serious or significant problem with PHP's built-in session handling? I mean, it's always worked for me and my projects. But I see some codebases and frameworks out there seem to use a custom handler. Is this reinventing the wheel? Or improving on some flaws? What flaws?

    Read the article

  • How secure is .htaccess protected pages

    - by Steven smethurst
    Are there any known flaws with htaccess protected pages? I know they are acceptable to brute force attacks as there is no limit to the amount of times someone can attempt to login. And a user can uploaded and execute a file on the server all bets are off... Anything other .htaccess flaws?

    Read the article

  • Why do browsers have so many possible exploits?

    - by Beau Martínez
    When browsing I am ocassionally given warnings about pages that host malware "that could damage my computer". I am seriously perplexed as to why, in 2010, browsers still have possible exploits and can be cracked. My question is "Why?". I'm assuming it's because of the quick development that occured in the browser wars which were unsufficiently tested, but I'm unsure. Surely WebKit would have patched all the issues in KHTML, or Gecko sorted out the flaws in Netscape's engine, and the IE coders sorted through their codebase to eliminate possible flaws? (Somewhat related: http://superuser.com/questions/117770/which-browser-is-the-most-secure-research-and-practically-based.)

    Read the article

  • links for 2011-01-10

    - by Bob Rhubart
    Clusterware 11gR2: Setting up an Active/Passive failover configuration (Oracle Luxembourg XPS on Database) Some think that expensive third-party cluster systems are necessary when it comes to protecting a system with an Active/Passive architecture with failover capabilities. Not true, according to Gilles Haro. (tags: oracle otn database) Atul Kumar: Part IX : Install OAM Agent - 11g WebGate with OAM 11g Part 9 of Atul's step by step guide to the installation of Oracle Identity Management. (tags: oracle oam identitymanagement security otn) Michel Schildmeijer: Oracle Service Bus: enable / disable proxy service with WLST Amis Technology's Michel Schildmeijer shares a process he found for enabling / disabling a proxy service within Oracle Service Bus 11g with WLST (WebLogic Scripting tool). (tags: oracle soa servicebus weblogic) @andrejusb: SOA & E2.0 Partner Community Forum XIII - in Utrecht, The Netherlands Oracle ACE Director Andrejus Baranovskis shares a nice plug for the SOA & E2.0 Partner Community Forum XIII coming up in March in the Netherlands. (tags: oracle oracleace otn soa enterprise2.0) Oracle Magazine Architect Column: Enterprise Architecture in Interesting Times Oracle ACE Directors Lonneke Dikmans, Ronald van Luttikhuizen, Mike van Alst, and Floyd Teter and Oracle enterprise architect Mans Bhuller share their thoughts on the forces that are shaping enterprise architecture. (tags: oracle otn architect entarch oraclemag) InfoQ: Deriving Agility from SOA and BPM - Ten Things that Separate the Winners from the Losers In this presentation from SOA Symposium 2010, Manas Deb and Clemens Utschig-Utschig discuss how to derive business agility from SOA and BPM, motivations for agility, developing and nurturing agility, influencers and dependencies, how SOA and BPM enable agility, pitfalls and recommendations for organizational culture, and pitfalls and recommendations for business and technical architectures. (tags: ping.fm)

    Read the article

  • Why GWT? Advantages and Trade-Offs of Using This RIA Framework

    - by prometheus
    I'm new to stackoverflow and have been reading through a bunch of the "highest voted" questions for GWT. Several of these questions talk about the pitfalls or problems with GWT. In the articles: Which Javascript framework (jQuery vs Dojo vs … )? and Biggest GWT Pitfalls?, some posters seem to suggest that GWT is not lightweight enough or that there are better alternatives that may be used. Do most of you feel that there are problems with GWT that have not been fixed with GWT 2.0 -- which would make you inclined to suggest using a simpler framework for a new project? To some extent, shouldn't GWT be somewhat future-proof (since you don't have to worry about it changing drastically from release to release and since it is backed by Google)? I realize that the answer to this question depends greatly upon what you want to do or what you wish to make. I am looking at this from the perspective of starting a new web application that will eventually be used by millions of users.

    Read the article

  • Tuesday 6th Manchester SQL User Group - Chris Testa-O'Neil (Loading a datawarehouse using SSIS) and

    - by tonyrogerson
    Chris will give a talk on Loading a datawarehouse using SQL Server Integration Services, Tony Rogerson will give a talk on Database Design: Normalisation/Denormalisation and using Surrogate Keys - practicalities/pitfalls and benefits in Microsoft SQL Server. Registration is essential which you can do here: http://sqlserverfaq.com?eid=218 . Come and join us for an evening of SQL Server discussion, as well as the two formal sessions by Chris Testa-O'Neil and Tony Rogerson there will be a chance...(read more)

    Read the article

  • Skip the Requirements - 10 Problems With Web Development Projects, and How to Solve Them

    For most businesses, hiring a freelancer or web company to develop a web site is a frustrating but necessary endeavor. After working with over a hundred small businesses and organizations, we've discovered some pitfalls that make the whole thing worse. Fortunately, powerful new platforms like Drupal make it easy to make a steady stream of small changes to your site after it launches. Here's how to align the interests of a web developer and a business to make sure your web site succeeds!

    Read the article

  • Google I/O 2011: High-performance GWT: best practices for writing smaller, faster apps

    Google I/O 2011: High-performance GWT: best practices for writing smaller, faster apps David Chandler The GWT compiler isn't just a Java to JavaScript transliterator. In this session, we'll show you compiler optimizations to shrink your app and make it compile and run faster. Learn common performance pitfalls, how to use lightweight cell widgets, how to use code splitting with Activities and Places, and compiler options to reduce your app's size and compile time. From: GoogleDevelopers Views: 4791 21 ratings Time: 01:01:32 More in Science & Technology

    Read the article

  • Google I/O 2010 - GWT testing best practices

    Google I/O 2010 - GWT testing best practices Google I/O 2010 - GWT testing best practices GWT 301 Daniel Danilatos GWT has a lot of little-publicized infrastructure that can help you build apps The Right Way: test-driven development, code coverage, comprehensive unit tests, and integration testing using Selenium or WebDriver. This session will survey GWT's testing infrastructure, describe some best practices we've developed at Google, and help you avoid common pitfalls. For all I/O 2010 sessions, please go to code.google.com From: GoogleDevelopers Views: 14 1 ratings Time: 59:34 More in Science & Technology

    Read the article

  • Why people don't patch and upgrade?!?

    - by Mike Dietrich
    Discussing the topic "Why Upgrade" or "Why not Upgrade" is not always fun. Actually the arguments repeat from customer to customer. Typically we hear things such as: A PSU or Patch Set introduces new bugs A new PSU or Patch Set introduces new features which lead to risk and require application verification  Patching means risk Patching changes the execution plans Patching requires too much testing Patching is too much work for our DBAs Patching costs a lot of money and doesn't pay out And to be very honest sometimes it's hard for me to stay calm in such discussions. Let's discuss some of these points a bit more in detail. A PSU or Patch Set introduces new bugsWell, yes, that is true as no software containing more than some lines of code is bug free. This applies to Oracle's code as well as too any application or operating system code. But first of all, does that mean you never patch your OS because the patch may introduce new flaws? And second, what is the point of saying "it introduces new bugs"? Does that mean you will never get rid of the mean issues we know about and we fixed already? Scroll down from MOS Note:161818.1 to the patch release you are on, no matter if it's 10.2.0.4 or 11.2.0.3 and check for the Known Issues And Alerts.Will you take responsibility to know about all these issues and refuse to upgrade to 11.2.0.4? I won't. A new PSU or Patch Set introduces new featuresOk, we can discuss that. Offering new functionality within a database patch set is a dubious thing. It has advantages such as in 11.2.0.4 where we backported Database Redaction to. But this is something you will only use once you have an Advanced Security license. I interpret that statement I've heard quite often from customers in a different way: People don't want to get surprises such as new behaviour. This certainly gives everybody a hard time. And we've had many examples in the past (SESSION_CACHED_CURSROS in 10.2.0.4,  _DATAFILE_WRITE_ERRORS_CRASH_INSTANCE in 11.2.0.2 and others) where those things weren't documented, not even in the README. Thanks to many friends out there I learned about those as well. So new behaviour is the topic people consider as risky - not really new features. And just to point this out: A PSU never brings in new features or new behaviour by definition! Patching means riskDoes it really mean risk? Yes, there were issues in the past (and sometimes in the present as well) where a patch didn't get installed correctly. But personally I consider it way more risky to not patch. Keep that in mind: The day Oracle publishes an PSU (or CPU) containing security fixes all the great security experts out there go public with their findings as well. So from that day on even my grandma can find out about those issues and try to attack somebody. Now a lot of people say: "My database does not face the internet." And I will answer: "The enemy is sitting already behind your firewalls. And knows potentially about these things." My statement: Not patching introduces way more risk to your environment than patching. Seriously! Patching changes the execution plansDo they really? I agree - there's a very small risk for this happening with Patch Sets. But not with PSUs or CPUs as they contain no optimizer fixes changing behaviour (but they may contain fixes curing wrong-query-result-bugs). But what's the point of a changing execution plan? In Oracle Database 11g it is so simple to be prepared. SQL Plan Management is a free EE feature - so once that occurs you'll put the plan into the Plan Baseline. Basta! Yes, you wouldn't like to get such surprises? Than please use the SQL Performance Analyzer (SPA) from Real Application Testing and you'll detect that easily upfront in minutes. And not to forget this, a plan change can also be very positive!Yes, there's a little risk with a database patchset - and we have many possibilites to detect this before patching. Patching requires too much testingWell, does it really? I have seen in the past 12 years how people test. There are very different efforts and approaches on this. I have seen people spending a hell of money on licenses or on project team staffing. And I have seen people sailing blindly without any tests just going the John-Wayne-approach.Proper tools will allow you to test easily without too much efforts. See the paragraph above. We have used Real Application Testing in so many customer projects reducing the amount of work spend on testing by over 50%. But apart from that at some point you will have to stop testing. If you don't you'll get lost and you'll burn money. There's no 100% guaranty. You will have to deal with a little risk as reaching the final 5% of certainty will cost you the same as it did cost to reach 95%. And doing this will lead to abnormal long product cycles that you'll run behind forever. And this will cost even more money. Patching is too much work for our DBAsPatching is a lot of work. I agree. And it's no fun work. It's boring, annoying. You don't learn much from that. That's why you should try to automate this task. Use the Database's Lifecycle Management Pack. And don't cry about the fact that it costs money. Yes it does. But it will ease the process and you'll save a lot of costs as you don't waste your valuable time with patching. Or use Oracle Database 12c Oracle Multitenant and patch either by unplug/plug or patch an entire container database with all PDBs with one patch in one task. We have customer reference cases proofing it saved them 75% of time, effort and cost since they've used Lifecycle Management Pack. So why don't you use it? Patching costs a lot of money and doesn't pay outWell, see my statements in the paragraph above. And it pays out as flying with a database with 100 known critical flaws in it which are already fixed by Oracle (such as in the Oct 2013 PSU for Oracle Database 12c) will cost ways more in case of failure or even data loss. Bet with me? Let me finally ask you some questions. What cell phone are you using and which OS does it run? Do you have an iPhone 5 and did you upgrade already to iOS 7.0.3? I've just encountered on mine that the alarm (which I rely on when traveling) has gotten now a dependency on the physical switch "sound on/off". If it is switched to "off" physically the alarm rings "silently". What a wonderful example of a behaviour change coming in with a patch set. Will this push you to stay with iOS5 or iOS6? No, because those have security flaws which won't be fixed anymore. What browser are you surfing with? Do you use Mozilla 3.6? Well, congratulations to all the hackers. It will be easy for them to attack you and harm your system. I'd guess you have the auto updater on.  Same for Google Chrome, Safari, IE. Right? -Mike The T.htmtableborders, .htmtableborders td, .htmtableborders th {border : 1px dashed lightgrey ! important;} html, body { border: 0px; } body { background-color: #ffffff; } img, hr { cursor: default }

    Read the article

  • How should I evaluate new browser languages?

    - by Andrea
    In these days there are many projects whose aim is to bring new languages to the browser by compiling them to JavaScript. Among the others one can mention ClojureScript, CoffeScript, Dart, haXe, Emscripten, Amber Smalltalk. I'd like to try a few of these out, but I am not sure what I should be looking for when evaluating these languages to see if they are suitable for production. How should I evaluate a new browser language, and what are the pitfalls I should be looking for?

    Read the article

  • The Great PST Migration

    Having recently been on the front lines of a massive PST import operation, Sean Duffy offers advice and points out pitfalls. More than anything, he wishes he had a simple tool with which to banish PST hell, and finishes with some hard-won guidelines.

    Read the article

  • Secure Your Wireless Router: 8 Things You Can Do Right Now

    - by Chris Hoffman
    A security researcher recently discovered a backdoor in many D-Link routers, allowing anyone to access the router without knowing the username or password. This isn’t the first router security issue and won’t be the last. To protect yourself, you should ensure that your router is configured securely. This is about more than just enabling Wi-Fi encryption and not hosting an open Wi-Fi network. Disable Remote Access Routers offer a web interface, allowing you to configure them through a browser. The router runs a web server and makes this web page available when you’re on the router’s local network. However, most routers offer a “remote access” feature that allows you to access this web interface from anywhere in the world. Even if you set a username and password, if you have a D-Link router affected by this vulnerability, anyone would be able to log in without any credentials. If you have remote access disabled, you’d be safe from people remotely accessing your router and tampering with it. To do this, open your router’s web interface and look for the “Remote Access,” “Remote Administration,” or “Remote Management” feature. Ensure it’s disabled — it should be disabled by default on most routers, but it’s good to check. Update the Firmware Like our operating systems, web browsers, and every other piece of software we use, router software isn’t perfect. The router’s firmware — essentially the software running on the router — may have security flaws. Router manufacturers may release firmware updates that fix such security holes, although they quickly discontinue support for most routers and move on to the next models. Unfortunately, most routers don’t have an auto-update feature like Windows and our web browsers do — you have to check your router manufacturer’s website for a firmware update and install it manually via the router’s web interface. Check to be sure your router has the latest available firmware installed. Change Default Login Credentials Many routers have default login credentials that are fairly obvious, such as the password “admin”. If someone gained access to your router’s web interface through some sort of vulnerability or just by logging onto your Wi-Fi network, it would be easy to log in and tamper with the router’s settings. To avoid this, change the router’s password to a non-default password that an attacker couldn’t easily guess. Some routers even allow you to change the username you use to log into your router. Lock Down Wi-Fi Access If someone gains access to your Wi-Fi network, they could attempt to tamper with your router — or just do other bad things like snoop on your local file shares or use your connection to downloaded copyrighted content and get you in trouble. Running an open Wi-Fi network can be dangerous. To prevent this, ensure your router’s Wi-Fi is secure. This is pretty simple: Set it to use WPA2 encryption and use a reasonably secure passphrase. Don’t use the weaker WEP encryption or set an obvious passphrase like “password”. Disable UPnP A variety of UPnP flaws have been found in consumer routers. Tens of millions of consumer routers respond to UPnP requests from the Internet, allowing attackers on the Internet to remotely configure your router. Flash applets in your browser could use UPnP to open ports, making your computer more vulnerable. UPnP is fairly insecure for a variety of reasons. To avoid UPnP-based problems, disable UPnP on your router via its web interface. If you use software that needs ports forwarded — such as a BitTorrent client, game server, or communications program — you’ll have to forward ports on your router without relying on UPnP. Log Out of the Router’s Web Interface When You’re Done Configuring It Cross site scripting (XSS) flaws have been found in some routers. A router with such an XSS flaw could be controlled by a malicious web page, allowing the web page to configure settings while you’re logged in. If your router is using its default username and password, it would be easy for the malicious web page to gain access. Even if you changed your router’s password, it would be theoretically possible for a website to use your logged-in session to access your router and modify its settings. To prevent this, just log out of your router when you’re done configuring it — if you can’t do that, you may want to clear your browser cookies. This isn’t something to be too paranoid about, but logging out of your router when you’re done using it is a quick and easy thing to do. Change the Router’s Local IP Address If you’re really paranoid, you may be able to change your router’s local IP address. For example, if its default address is 192.168.0.1, you could change it to 192.168.0.150. If the router itself were vulnerable and some sort of malicious script in your web browser attempted to exploit a cross site scripting vulnerability, accessing known-vulnerable routers at their local IP address and tampering with them, the attack would fail. This step isn’t completely necessary, especially since it wouldn’t protect against local attackers — if someone were on your network or software was running on your PC, they’d be able to determine your router’s IP address and connect to it. Install Third-Party Firmwares If you’re really worried about security, you could also install a third-party firmware such as DD-WRT or OpenWRT. You won’t find obscure back doors added by the router’s manufacturer in these alternative firmwares. Consumer routers are shaping up to be a perfect storm of security problems — they’re not automatically updated with new security patches, they’re connected directly to the Internet, manufacturers quickly stop supporting them, and many consumer routers seem to be full of bad code that leads to UPnP exploits and easy-to-exploit backdoors. It’s smart to take some basic precautions. Image Credit: Nuscreen on Flickr     

    Read the article

  • What do you code first to learn a new language, library, or framework?

    - by Griffin
    Every language, framework, and library has its own syntax, quirks, and pitfalls. What Program, Game, etc. do you code in order to learn these unique characteristics? How do you decide on what previous programming experience is applicable? I'd imagine that the task would have to be complicated enough to force you to use applicable programming techniques and idioms, but simple enough that it wouldn't take a ton of time.

    Read the article

  • Macbook Pro 2011 compatibility

    - by ldx
    Hi there, I'm planning to a buy a new 13" Macbook Pro, the one that was just released this week with the Thunderbolt port. The question is, has anyone given it a shot with Ubuntu (10.10 or 11.04 alpha)? I'd be especially interested whether temperature sensors/fan control, external displays via the displayport and 3D acceleration (for Compiz or some simple 3D games) via the integrated HD3000 GPU work without flaws. Thanks!

    Read the article

  • Safe to advertise without a trademark?

    - by KlashnikovKid
    Alright, I'm currently thinking about registering my game with Steam's new Greenlight program. Only problem is I don't have a trademarked title yet and I read the government's registration process can take a little while. (and $$ I don't have at the moment) So naturally, this got me wondering if it is a sound idea to proceed without one. So my question is are there any serious pitfalls I should worry about if I start advertising without a trademarked title? (Assuming it doesn't infringe upon anyone else's property of course)

    Read the article

  • project management for rookie

    - by macindows
    I'm new at the field of computer programming and I chose to learn it at the University, but I have some problems with project management, usually before I write any code I start to plan it on the paper, and when I'm finished I begin to code, but I understood that usualy I write only 20-30 percent from my planning, and I change my code a lot, can somebody recommend me a good book or blog about commong pitfalls and troubles with software planning and management.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >