Search Results

Search found 4593 results on 184 pages for 'constructor injection'.

Page 53/184 | < Previous Page | 49 50 51 52 53 54 55 56 57 58 59 60  | Next Page >

  • Function with parameter type that has a copy-constructor with non-const ref chosen?

    - by Johannes Schaub - litb
    Some time ago I was confused by the following behavior of some code when I wanted to write a is_callable<F, Args...> trait. Overload resolution won't call functions accepting arguments by non-const ref, right? Why doesn't it reject in the following because the constructor wants a Test&? I expected it to take f(int)! struct Test { Test() { } // I want Test not be copyable from rvalues! Test(Test&) { } // But it's convertible to int operator int() { return 0; } }; void f(int) { } void f(Test) { } struct WorksFine { }; struct Slurper { Slurper(WorksFine&) { } }; struct Eater { Eater(WorksFine) { } }; void g(Slurper) { } void g(Eater) { } // chooses this, as expected int main() { // Error, why? f(Test()); // But this works, why? g(WorksFine()); } Error message is m.cpp: In function 'int main()': m.cpp:33:11: error: no matching function for call to 'Test::Test(Test)' m.cpp:5:3: note: candidates are: Test::Test(Test&) m.cpp:2:3: note: Test::Test() m.cpp:33:11: error: initializing argument 1 of 'void f(Test)' Can you please explain why one works but the other doesn't?

    Read the article

  • C#: System.Lazy&lt;T&gt; and the Singleton Design Pattern

    - by James Michael Hare
    So we've all coded a Singleton at one time or another.  It's a really simple pattern and can be a slightly more elegant alternative to global variables.  Make no mistake, Singletons can be abused and are often over-used -- but occasionally you find a Singleton is the most elegant solution. For those of you not familiar with a Singleton, the basic Design Pattern is that a Singleton class is one where there is only ever one instance of the class created.  This means that constructors must be private to avoid users creating their own instances, and a static property (or method in languages without properties) is defined that returns a single static instance. 1: public class Singleton 2: { 3: // the single instance is defined in a static field 4: private static readonly Singleton _instance = new Singleton(); 5:  6: // constructor private so users can't instantiate on their own 7: private Singleton() 8: { 9: } 10:  11: // read-only property that returns the static field 12: public static Singleton Instance 13: { 14: get 15: { 16: return _instance; 17: } 18: } 19: } This is the most basic singleton, notice the key features: Static readonly field that contains the one and only instance. Constructor is private so it can only be called by the class itself. Static property that returns the single instance. Looks like it satisfies, right?  There's just one (potential) problem.  C# gives you no guarantee of when the static field _instance will be created.  This is because the C# standard simply states that classes (which are marked in the IL as BeforeFieldInit) can have their static fields initialized any time before the field is accessed.  This means that they may be initialized on first use, they may be initialized at some other time before, you can't be sure when. So what if you want to guarantee your instance is truly lazy.  That is, that it is only created on first call to Instance?  Well, there's a few ways to do this.  First we'll show the old ways, and then talk about how .Net 4.0's new System.Lazy<T> type can help make the lazy-Singleton cleaner. Obviously, we could take on the lazy construction ourselves, but being that our Singleton may be accessed by many different threads, we'd need to lock it down. 1: public class LazySingleton1 2: { 3: // lock for thread-safety laziness 4: private static readonly object _mutex = new object(); 5:  6: // static field to hold single instance 7: private static LazySingleton1 _instance = null; 8:  9: // property that does some locking and then creates on first call 10: public static LazySingleton1 Instance 11: { 12: get 13: { 14: if (_instance == null) 15: { 16: lock (_mutex) 17: { 18: if (_instance == null) 19: { 20: _instance = new LazySingleton1(); 21: } 22: } 23: } 24:  25: return _instance; 26: } 27: } 28:  29: private LazySingleton1() 30: { 31: } 32: } This is a standard double-check algorithm so that you don't lock if the instance has already been created.  However, because it's possible two threads can go through the first if at the same time the first time back in, you need to check again after the lock is acquired to avoid creating two instances. Pretty straightforward, but ugly as all heck.  Well, you could also take advantage of the C# standard's BeforeFieldInit and define your class with a static constructor.  It need not have a body, just the presence of the static constructor will remove the BeforeFieldInit attribute on the class and guarantee that no fields are initialized until the first static field, property, or method is called.   1: public class LazySingleton2 2: { 3: // because of the static constructor, this won't get created until first use 4: private static readonly LazySingleton2 _instance = new LazySingleton2(); 5:  6: // Returns the singleton instance using lazy-instantiation 7: public static LazySingleton2 Instance 8: { 9: get { return _instance; } 10: } 11:  12: // private to prevent direct instantiation 13: private LazySingleton2() 14: { 15: } 16:  17: // removes BeforeFieldInit on class so static fields not 18: // initialized before they are used 19: static LazySingleton2() 20: { 21: } 22: } Now, while this works perfectly, I hate it.  Why?  Because it's relying on a non-obvious trick of the IL to guarantee laziness.  Just looking at this code, you'd have no idea that it's doing what it's doing.  Worse yet, you may decide that the empty static constructor serves no purpose and delete it (which removes your lazy guarantee).  Worse-worse yet, they may alter the rules around BeforeFieldInit in the future which could change this. So, what do I propose instead?  .Net 4.0 adds the System.Lazy type which guarantees thread-safe lazy-construction.  Using System.Lazy<T>, we get: 1: public class LazySingleton3 2: { 3: // static holder for instance, need to use lambda to construct since constructor private 4: private static readonly Lazy<LazySingleton3> _instance 5: = new Lazy<LazySingleton3>(() => new LazySingleton3()); 6:  7: // private to prevent direct instantiation. 8: private LazySingleton3() 9: { 10: } 11:  12: // accessor for instance 13: public static LazySingleton3 Instance 14: { 15: get 16: { 17: return _instance.Value; 18: } 19: } 20: } Note, you need your lambda to call the private constructor as Lazy's default constructor can only call public constructors of the type passed in (which we can't have by definition of a Singleton).  But, because the lambda is defined inside our type, it has access to the private members so it's perfect. Note how the Lazy<T> makes it obvious what you're doing (lazy construction), instead of relying on an IL generation side-effect.  This way, it's more maintainable.  Lazy<T> has many other uses as well, obviously, but I really love how elegant and readable it makes the lazy Singleton.

    Read the article

  • Using Unity – Part 4

    - by nmarun
    In this part, I’ll be discussing about constructor and property or setter injection. I’ve created a new class – Product3: 1: public class Product3 : IProduct 2: { 3: public string Name { get; set; } 4: [Dependency] 5: public IDistributor Distributor { get; set; } 6: public ILogger Logger { get; set; } 7:  8: public Product3(ILogger logger) 9: { 10: Logger = logger; 11: Name = "Product 1"; 12: } 13:  14: public string WriteProductDetails() 15: { 16: StringBuilder productDetails = new StringBuilder(); 17: productDetails.AppendFormat("{0}<br/>", Name); 18: productDetails.AppendFormat("{0}<br/>", Logger.WriteLog()); 19: productDetails.AppendFormat("{0}<br/>", Distributor.WriteDistributorDetails()); 20: return productDetails.ToString(); 21: } 22: } This version has a property of type IDistributor and takes a constructor parameter of type ILogger. The IDistributor property has a Dependency attribute (Microsoft.Practices.Unity namespace) applied to it. IDistributor and its implementation are shown below: 1: public interface IDistributor 2: { 3: string WriteDistributorDetails(); 4: } 5:  6: public class Distributor : IDistributor 7: { 8: public List<string> DistributorNames = new List<string>(); 9:  10: public Distributor() 11: { 12: DistributorNames.Add("Distributor1"); 13: DistributorNames.Add("Distributor2"); 14: DistributorNames.Add("Distributor3"); 15: DistributorNames.Add("Distributor4"); 16: } 17: public string WriteDistributorDetails() 18: { 19: StringBuilder distributors = new StringBuilder(); 20: for (int i = 0; i < DistributorNames.Count; i++) 21: { 22: distributors.AppendFormat("{0}<br/>", DistributorNames[i]); 23: } 24: return distributors.ToString(); 25: } 26: } ILogger and the FileLogger have the following definition: 1: public interface ILogger 2: { 3: string WriteLog(); 4: } 5:  6: public class FileLogger : ILogger 7: { 8: public string WriteLog() 9: { 10: return string.Format("Type: {0}", GetType()); 11: } 12: } The Unity container creates an instance of the dependent class (the Distributor class) within the scope of the target object (an instance of Product3 class that will be called by doing a Resolve<IProduct>() in the calling code) and assign this dependent object to the attributed property of the target object. To add to it, property injection is a form of optional injection of dependent objects.The dependent object instance is generated before the container returns the target object. Unlike constructor injection, you must apply the appropriate attribute in the target class to initiate property injection. Let’s see how to change the config file to make this work. The first step is to add all the type aliases: 1: <typeAlias alias="Product3" type="ProductModel.Product3, ProductModel"/> 2: <typeAlias alias="ILogger" type="ProductModel.ILogger, ProductModel"/> 3: <typeAlias alias="FileLogger" type="ProductModel.FileLogger, ProductModel"/> 4: <typeAlias alias="IDistributor" type="ProductModel.IDistributor, ProductModel"/> 5: <typeAlias alias="Distributor" type="ProductModel.Distributor, ProductModel"/> Now define mappings for these aliases: 1: <type type="ILogger" mapTo="FileLogger" /> 2: <type type="IDistributor" mapTo="Distributor" /> Next step is to define the constructor and property injection in the config file: 1: <type type="IProduct" mapTo="Product3" name="ComplexProduct"> 2: <typeConfig extensionType="Microsoft.Practices.Unity.Configuration.TypeInjectionElement, Microsoft.Practices.Unity.Configuration"> 3: <constructor> 4: <param name="logger" parameterType="ILogger" /> 5: </constructor> 6: <property name="Distributor" propertyType="IDistributor"> 7: <dependency /> 8: </property> 9: </typeConfig> 10: </type> There you see a constructor element that tells there’s a property named ‘logger’ that is of type ILogger. By default, the type of ILogger gets resolved to type FileLogger. There’s also a property named ‘Distributor’ which is of type IDistributor and which will get resolved to type Distributor. On the calling side, I’ve added a new button, whose click event does the following: 1: protected void InjectionButton_Click(object sender, EventArgs e) 2: { 3: unityContainer.RegisterType<IProduct, Product3>(); 4: IProduct product3 = unityContainer.Resolve<IProduct>(); 5: productDetailsLabel.Text = product3.WriteProductDetails(); 6: } This renders the following output: This completes the part for constructor and property injection. In the next blog, I’ll talk about Arrays and Generics. Please see the code used here.

    Read the article

  • Anatomy of a .NET Assembly - Custom attribute encoding

    - by Simon Cooper
    In my previous post, I covered how field, method, and other types of signatures are encoded in a .NET assembly. Custom attribute signatures differ quite a bit from these, which consequently affects attribute specifications in C#. Custom attribute specifications In C#, you can apply a custom attribute to a type or type member, specifying a constructor as well as the values of fields or properties on the attribute type: public class ExampleAttribute : Attribute { public ExampleAttribute(int ctorArg1, string ctorArg2) { ... } public Type ExampleType { get; set; } } [Example(5, "6", ExampleType = typeof(string))] public class C { ... } How does this specification actually get encoded and stored in an assembly? Specification blob values Custom attribute specification signatures use the same building blocks as other types of signatures; the ELEMENT_TYPE structure. However, they significantly differ from other types of signatures, in that the actual parameter values need to be stored along with type information. There are two types of specification arguments in a signature blob; fixed args and named args. Fixed args are the arguments to the attribute type constructor, named arguments are specified after the constructor arguments to provide a value to a field or property on the constructed attribute type (PropertyName = propValue) Values in an attribute blob are limited to one of the basic types (one of the number types, character, or boolean), a reference to a type, an enum (which, in .NET, has to use one of the integer types as a base representation), or arrays of any of those. Enums and the basic types are easy to store in a blob - you simply store the binary representation. Strings are stored starting with a compressed integer indicating the length of the string, followed by the UTF8 characters. Array values start with an integer indicating the number of elements in the array, then the item values concatentated together. Rather than using a coded token, Type values are stored using a string representing the type name and fully qualified assembly name (for example, MyNs.MyType, MyAssembly, Version=1.0.0.0, Culture=neutral, PublicKeyToken=0123456789abcdef). If the type is in the current assembly or mscorlib then just the type name can be used. This is probably done to prevent direct references between assemblies solely because of attribute specification arguments; assemblies can be loaded in the reflection-only context and attribute arguments still processed, without loading the entire assembly. Fixed and named arguments Each entry in the CustomAttribute metadata table contains a reference to the object the attribute is applied to, the attribute constructor, and the specification blob. The number and type of arguments to the constructor (the fixed args) can be worked out by the method signature referenced by the attribute constructor, and so the fixed args can simply be concatenated together in the blob without any extra type information. Named args are different. These specify the value to assign to a field or property once the attribute type has been constructed. In the CLR, fields and properties can be overloaded just on their type; different fields and properties can have the same name. Therefore, to uniquely identify a field or property you need: Whether it's a field or property (indicated using byte values 0x53 and 0x54, respectively) The field or property type The field or property name After the fixed arg values is a 2-byte number specifying the number of named args in the blob. Each named argument has the above information concatenated together, mostly using the basic ELEMENT_TYPE values, in the same way as a method or field signature. A Type argument is represented using the byte 0x50, and an enum argument is represented using the byte 0x55 followed by a string specifying the name and assembly of the enum type. The named argument property information is followed by the argument value, using the same encoding as fixed args. Boxed objects This would be all very well, were it not for object and object[]. Arguments and properties of type object allow a value of any allowed argument type to be specified. As a result, more information needs to be specified in the blob to interpret the argument bytes as the correct type. So, the argument value is simple prepended with the type of the value by specifying the ELEMENT_TYPE or name of the enum the value represents. For named arguments, a field or property of type object is represented using the byte 0x51, with the actual type specified in the argument value. Some examples... All property signatures start with the 2-byte value 0x0001. Similar to my previous post in the series, names in capitals correspond to a particular byte value in the ELEMENT_TYPE structure. For strings, I'll simply give the string value, rather than the length and UTF8 encoding in the actual blob. I'll be using the following enum and attribute types to demonstrate specification encodings: class AttrAttribute : Attribute { public AttrAttribute() {} public AttrAttribute(Type[] tArray) {} public AttrAttribute(object o) {} public AttrAttribute(MyEnum e) {} public AttrAttribute(ushort x, int y) {} public AttrAttribute(string str, Type type1, Type type2) {} public int Prop1 { get; set; } public object Prop2 { get; set; } public object[] ObjectArray; } enum MyEnum : int { Val1 = 1, Val2 = 2 } Now, some examples: Here, the the specification binds to the (ushort, int) attribute constructor, with fixed args only. The specification blob starts off with a prolog, followed by the two constructor arguments, then the number of named arguments (zero): [Attr(42, 84)] 0x0001 0x002a 0x00000054 0x0000 An example of string and type encoding: [Attr("MyString", typeof(Array), typeof(System.Windows.Forms.Form))] 0x0001 "MyString" "System.Array" "System.Windows.Forms.Form, System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" 0x0000 As you can see, the full assembly specification of a type is only needed if the type isn't in the current assembly or mscorlib. Note, however, that the C# compiler currently chooses to fully-qualify mscorlib types anyway. An object argument (this binds to the object attribute constructor), and two named arguments (a null string is represented by 0xff and the empty string by 0x00) [Attr((ushort)40, Prop1 = 12, Prop2 = "")] 0x0001 U2 0x0028 0x0002 0x54 I4 "Prop1" 0x0000000c 0x54 0x51 "Prop2" STRING 0x00 Right, more complicated now. A type array as a fixed argument: [Attr(new[] { typeof(string), typeof(object) })] 0x0001 0x00000002 // the number of elements "System.String" "System.Object" 0x0000 An enum value, which is simply represented using the underlying value. The CLR works out that it's an enum using information in the attribute constructor signature: [Attr(MyEnum.Val1)] 0x0001 0x00000001 0x0000 And finally, a null array, and an object array as a named argument: [Attr((Type[])null, ObjectArray = new object[] { (byte)2, typeof(decimal), null, MyEnum.Val2 })] 0x0001 0xffffffff 0x0001 0x53 SZARRAY 0x51 "ObjectArray" 0x00000004 U1 0x02 0x50 "System.Decimal" STRING 0xff 0x55 "MyEnum" 0x00000002 As you'll notice, a null object is encoded as a null string value, and a null array is represented using a length of -1 (0xffffffff). How does this affect C#? So, we can now explain why the limits on attribute arguments are so strict in C#. Attribute specification blobs are limited to basic numbers, enums, types, and arrays. As you can see, this is because the raw CLR encoding can only accommodate those types. Special byte patterns have to be used to indicate object, string, Type, or enum values in named arguments; you can't specify an arbitary object type, as there isn't a generalised way of encoding the resulting value in the specification blob. In particular, decimal values can't be encoded, as it isn't a 'built-in' CLR type that has a native representation (you'll notice that decimal constants in C# programs are compiled as several integer arguments to DecimalConstantAttribute). Jagged arrays also aren't natively supported, although you can get around it by using an array as a value to an object argument: [Attr(new object[] { new object[] { new Type[] { typeof(string) } }, 42 })] Finally... Phew! That was a bit longer than I thought it would be. Custom attribute encodings are complicated! Hopefully this series has been an informative look at what exactly goes on inside a .NET assembly. In the next blog posts, I'll be carrying on with the 'Inside Red Gate' series.

    Read the article

  • How does CDI injection work in MDBs and @Scheduled beans?

    - by Nils-Petter Nilsen
    I'm working on a large Java EE 6 application that is deployed on JBoss 6 Final. My current tasks involve using @Inject consistently instead of @EJB, but I'm running into some problems on some types of beans, specifically @MessageDriven beans and beans with @Scheduled methods. What happens is that if I'm unlucky with the timing (for @Schedule) or if there are messages in the MDBs' queues at startup, instantiation of the beans will fail because the injected resources (which are EJBs themselves) are not bound yet. Because I use @Inject, I'm guessing that the EJB container considers my beans to be ready, since the container itself does not care about @Inject; it probably simply assumes that since there are no @EJB injections, the beans are ready for use. The injected CDI proxies will then fail because the resources to inject aren't actually bound yet. Tiny example: @Stateless @LocalBean public class MySupportingBean { public void doSomething() { ... } } @Singleton public class MyScheduledBean { @Inject private MySupportingBean supportingBean; @Schedule(second = "*/1", hour = "*", minute = "*", persistent = false) public void onTimeout() { supportingBean.doSomething(); } } The above example will probably not fail often because there are only two beans, but the project I'm working on binds lots of EJBs, which will amplify the problem. But it might fail because there is no guarantee that MySupportingBean is bound first, and if onTimeout is invoked before MySupportingBean is bound, then instantiation of MyScheduledBean will fail. If I used @EJB instead, MyScheduledBean wouldn't be bound until the dependency to MySupportingBean was satisfied. Note that the example will not fail in onTimeout itself, but when CDI attempts to inject MySupportingBean. I've read a lot of posts on different forums where many people argue that @Inject is always better. Generally, I agree, but how do they handle @Schedule or @MessageDriven combined with @Inject? In my experience, it comes down to dumb luck whether the beans will work or not in those cases, and the beans will fail arbitrarily, depending on which order the EJBs are deployed in, and when @Schedule or onMessage are invoked.

    Read the article

  • Are there any drawbacks to class-based Javascript injection?

    - by jonathanconway
    A phenomena I'm seeing more and more of is Javascript code that is tied to a particular element on a particular page, rather than being tied to kinds of elements or UI patterns. For example, say we had a couple of animated menus on a page: <ul id="top-navigation"> ... </ul> <!-- ... --> <ul id="product-list"> ... </ul> These two menus might exist on the same page or on different pages, and some pages mightn't have any menus. I'll often see Javascript code like this (for these examples, I'm using jQuery): $(document).ready(function() { $('ul#top-navigation').dropdownMenu(); $('ul#product-selector').dropdownMenu(); }); Notice the problem? The Javascript is tightly coupled to particular instances of a UI pattern rather than the UI pattern itself. Now wouldn't it be so much simpler (and cleaner) to do this instead? - $(document).ready(function() { $('ul.dropdown-menu').dropdownMenu(); }); Then we can put the 'dropdown-menu' class on our lists like so: <ul id="top-navigation" class="dropdown-menu"> ... </ul> <!-- ... --> <ul id="product-list" class="dropdown-menu"> ... </ul> This way of doing things would have the following benefits: Simpler Javascript - we only need to attach once to the class. We avoid looking for specific instances that mightn't exist on a given page. If we remove an element, we don't need to hunt through the Javascript to find the attach code for that element. I believe techniques similar to this were pioneered by certain articles on alistapart.com. I'm amazed these simple techniques still haven't gained widespread adoption, and I still see 'best-practice' code-samples and Javascript frameworks referring directly to UI instances rather than UI patterns. Is there any reason for this? Is there some big disadvantage to the technique I just described that I'm unaware of?

    Read the article

  • I need to parameterize against sql injection in asp classic, what things should I take some time to

    - by Tchalvak
    I can already see that I'm not going to enjoy the experience, but I have to do some sql cleanup on this 1000 file asp classic web-app, and before I get to hacking away at it I'd like to be aware of any major gotchas to watch out for with asp classic/sql parameter preparing/asp whitespace altering. What are some good quick overview resources, and what should I watch out for?

    Read the article

  • Problems with passing an anonymous temporary function-object to a templatized constructor.

    - by Akanksh
    I am trying to attach a function-object to be called on destruction of a templatized class. However, I can not seem to be able to pass the function-object as a temporary. The warning I get is (if the comment the line xi.data = 5;): warning C4930: 'X<T> xi2(writer (__cdecl *)(void))': prototyped function not called (was a variable definition intended?) with [ T=int ] and if I try to use the constructed object, I get a compilation error saying: error C2228: left of '.data' must have class/struct/union I apologize for the lengthy piece of code, but I think all the components need to be visible to assess the situation. template<typename T> struct Base { virtual void run( T& ){} virtual ~Base(){} }; template<typename T, typename D> struct Derived : public Base<T> { virtual void run( T& t ) { D d; d(t); } }; template<typename T> struct X { template<typename R> X(const R& r) { std::cout << "X(R)" << std::endl; ptr = new Derived<T,R>(); } X():ptr(0) { std::cout << "X()" << std::endl; } ~X() { if(ptr) { ptr->run(data); delete ptr; } else { std::cout << "no ptr" << std::endl; } } Base<T>* ptr; T data; }; struct writer { template<typename T> void operator()( const T& i ) { std::cout << "T : " << i << std::endl; } }; int main() { { writer w; X<int> xi2(w); //X<int> xi2(writer()); //This does not work! xi2.data = 15; } return 0; }; The reason I am trying this out is so that I can "somehow" attach function-objects types with the objects without keeping an instance of the function-object itself within the class. Thus when I create an object of class X, I do not have to keep an object of class writer within it, but only a pointer to Base<T> (I'm not sure if I need the <T> here, but for now its there). The problem is that I seem to have to create an object of writer and then pass it to the constructor of X rather than call it like X<int> xi(writer(); I might be missing something completely stupid and obvious here, any suggestions?

    Read the article

  • ASP.NET MVC: trying out a script injection hangs Visual Studio 2010 completely?

    - by Mark Redman
    Wondering if anyone has an idea of whats going on: I am new to ASP.NET MVC and am trying out a few things with jquery/ajax. The basic scenario is a dropdownlist with an add button next to it. Clicking the add button launches a jquery ui dialog with a textbox form, entering a value saves the item to the database and refreshes the drop-downlist. The dropdownlist is re-populated using a JSON result. This all works ok. I thought I would try a script injetion attack, ie add the text: alert("oh dear") to seee what would happen and to check if I need to encode anything. When I try and save this item (similar to the same process of adding a plain text entry) Visual Studio 2010 Beta 2 hangs completely. Any ideas? UPDATE: It happens when posting: "</"

    Read the article

  • System.Security.Permissions.SecurityPermission and Reflection on Godaddy

    - by David Murdoch
    I have the following method: public static UserControl LoadControl(string UserControlPath, params object[] constructorParameters) { var p = new Page(); var ctl = p.LoadControl(UserControlPath) as UserControl; // Find the relevant constructor if (ctl != null) { ConstructorInfo constructor = ctl.GetType().BaseType.GetConstructor(constructorParameters.Select(constParam => constParam == null ? "".GetType() : constParam.GetType()).ToArray()); //And then call the relevant constructor if (constructor == null) { throw new MemberAccessException("The requested constructor was not found on : " + ctl.GetType().BaseType.ToString()); } constructor.Invoke(ctl, constructorParameters); } // Finally return the fully initialized UC return ctl; } Which when executed on a Godaddy shared host gives me System.Security.SecurityException: Request for the permission of type 'System.Security.Permissions.SecurityPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

    Read the article

  • Intermittent NoClassDefFoundError error running Selenium JUnit tests

    - by Matt Sheppard
    For some time, I've been running a substantial set of JUnit / Selenium tests against a number of platforms on a nightly basis. Intermittently (about once in every 40 runs), all the tests for a given platform fail with a NoClassDefFoundError on the common superclass of all my tests as follows. java.lang.NoClassDefFoundError: [common super class of all my selenium tests] at java.lang.Class.getDeclaredConstructors0(Native Method) at java.lang.Class.privateGetDeclaredConstructors(Class.java:2389) at java.lang.Class.getConstructors(Class.java:1459) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) at java.lang.reflect.Constructor.newInstance(Constructor.java:513) Re-invoking the tests will generally get the tests running normally, so it's clearly something dependent on some condition I am not considering. What might be causing this error to occur seemingly randomly?

    Read the article

  • The Debut of Oracle Database Firewall at RSA 2011

    - by Troy Kitch
    We're very proud of the coverage and headlines Oracle Database Firewall made this past week during RSA Conference 2011 in San Francisco. In case you missed our previous post, we announced the availability of this latest addition to the Oracle Defense-in-Depth database security solutions. The announcement was picked up many publications including eWeek, CRN, InformationWeek and more. Here is just some of the press on this very important security solution: "It's rare to find a new product category these days, but I think a new product from Oracle fills the bill. In the crowded enterprise security field, that's saying something." Enterprise System Journal: A New Approach to Database Security By James E. Powell "Databases and the content they store are among the most valuable IT assets - and the most targeted by hackers. In an effort to help secure databases, Oracle today is launching the new Oracle Database Firewall as an approach to defend databases against SQL injection and other database attacks." Database Journal: Oracle Debuts Database Firewall (also appeared in InternetNews.com) By Sean Michael Kerner "Oracle Database Firewall understands SQL-statement formats, and can be configured to blacklist and whitelist traffic based on source. When it detects suspicious statements within SQL traffic -- ones that might indicate SQL injection attacks, for example -- it can replace them with neutral statements that will keep the session running without allowing potentially harmful traffic through." Network World: Oracle Database Firewall defuses SQL injection attacks By Tim Green "The firewall uses "SQL grammar analysis" to prevent SQL injection attacks and other attempts to grab information. The Oracle Database Firewall features white and black lists policies, exceptions and rules that mark the time of day, IP address, application and user." ZDNet: RSA Roundup: Oracle Database Firewall By Larry Dignan "The database giant announced Oracle Database Firewall on Feb. 14 at the RSA Conference in San Francisco. The firewall application establishes a "defensive perimeter" around databases by monitoring and enforcing normal application behavior in real-time, the company said." eWEEK: Oracle Database Firewall Delivers Vendor-Agnostic Security By Fahmida Y. Rashid

    Read the article

  • Top 25 security issues for developers of web sites

    - by BizTalk Visionary
    Sourced from: CWE This is a brief listing of the Top 25 items, using the general ranking. NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile. Rank Score ID Name [1] 346 CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') [2] 330 CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') [3] 273 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') [4] 261 CWE-352 Cross-Site Request Forgery (CSRF) [5] 219 CWE-285 Improper Access Control (Authorization) [6] 202 CWE-807 Reliance on Untrusted Inputs in a Security Decision [7] 197 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [8] 194 CWE-434 Unrestricted Upload of File with Dangerous Type [9] 188 CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') [10] 188 CWE-311 Missing Encryption of Sensitive Data [11] 176 CWE-798 Use of Hard-coded Credentials [12] 158 CWE-805 Buffer Access with Incorrect Length Value [13] 157 CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') [14] 156 CWE-129 Improper Validation of Array Index [15] 155 CWE-754 Improper Check for Unusual or Exceptional Conditions [16] 154 CWE-209 Information Exposure Through an Error Message [17] 154 CWE-190 Integer Overflow or Wraparound [18] 153 CWE-131 Incorrect Calculation of Buffer Size [19] 147 CWE-306 Missing Authentication for Critical Function [20] 146 CWE-494 Download of Code Without Integrity Check [21] 145 CWE-732 Incorrect Permission Assignment for Critical Resource [22] 145 CWE-770 Allocation of Resources Without Limits or Throttling [23] 142 CWE-601 URL Redirection to Untrusted Site ('Open Redirect') [24] 141 CWE-327 Use of a Broken or Risky Cryptographic Algorithm [25] 138 CWE-362 Race Condition Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.

    Read the article

  • Rtsp Live Stream Android

    - by Filiz Gökçe
    I try to make live stream on android, I try lots of ways, but none of them doesnt work. Could you help me ? This is example of rtsp; mMediaPlayer = new MediaPlayer(); mMediaPlayer.setDataSource(KralStream.getTvStreamUrl().toString()); mMediaPlayer.setDisplay(holder); mMediaPlayer.prepareAsync(); mMediaPlayer.setOnBufferingUpdateListener(this); mMediaPlayer.setOnCompletionListener(this); mMediaPlayer.setOnPreparedListener(this); mMediaPlayer.setOnVideoSizeChangedListener(this); mMediaPlayer.setAudioStreamType(AudioManager.STREAM_MUSIC); mMediaPlayer.setLooping(true); Exeption :05-26 10:22:46.186: ERROR/MediaPlayerService(10157): create PVPlayer 05-26 10:23:06.382: ERROR/PlayerDriver(10157): Command PLAYER_INIT completed with an error or info -1 05-26 10:23:06.382: ERROR/MediaPlayer(23800): error (1, -1) 05-26 10:23:06.382: ERROR/MediaPlayer(23800): Error (1,-1) rtsp; VideoView videoView=(VideoView)findViewById(R.id.videoView1); Uri uri = Uri.parse("rtsp://strm-3.tr.medianova.tv/rkraltv/rkraltv"); videoView.setVideoURI(uri); videoView.start(); Gives message;"Sorry, this video connot ve played." Exeptions;05-26 10:40:08.979: ERROR/MediaPlayerService(10157): create PVPlayer 05-26 10:40:09.188: INFO/ActivityManager(10163): Displayed activity com.giantrabbit.nagare/.KralTvNow: 433 ms (total 433 ms) 05-26 10:40:11.702: WARN/PowerManagerService(10163): Timer 0x3-0x3|0x1 05-26 10:40:29.061: WARN/MediaPlayer(24284): info/warning (1, 26) 05-26 10:40:29.061: INFO/MediaPlayer(24284): Info (1,26) 05-26 10:40:29.100: ERROR/PlayerDriver(10157): Command PLAYER_INIT completed with an error or info -1 05-26 10:40:29.104: ERROR/MediaPlayer(24284): error (1, -1) 05-26 10:40:29.108: ERROR/MediaPlayer(24284): Error (1,-1) rtsp; mPreview = (SurfaceView) findViewById(R.id.surface); holder = mPreview.getHolder(); holder.addCallback(this); holder.setType(SurfaceHolder.SURFACE_TYPE_PUSH_BUFFERS); extras = getIntent().getExtras(); public void play() { try { Uri video = KralStream.getTvStreamUrl(); Toast.makeText(this, video.toString(), Toast.LENGTH_SHORT).show(); mMediaPlayer = new MediaPlayer(); mMediaPlayer.setDataSource(path); mMediaPlayer.setDisplay(holder); mMediaPlayer.prepare(); mMediaPlayer.setOnBufferingUpdateListener(this); mMediaPlayer.setOnCompletionListener(this); mMediaPlayer.setOnPreparedListener(this); mMediaPlayer.setOnVideoSizeChangedListener(this); mMediaPlayer.setAudioStreamType(AudioManager.STREAM_MUSIC); } catch (Exception e) { Log.e(TAG, "error: " + e.getMessage(), e); } } Exeption ; 05-26 10:36:57.589: ERROR/MediaPlayerService(10157): create PVPlayer 05-26 10:37:20.542: ERROR/PlayerDriver(10157): Command PLAYER_INIT completed with an error or info -1 05-26 10:37:20.542: ERROR/MediaPlayer(24240): error (1, -1) 05-26 10:37:20.565: WARN/PlayerDriver(10157): PVMFInfoErrorHandlingComplete 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): error: Prepare failed.: status=0x1 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): java.io.IOException: Prepare failed.: status=0x1 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.media.MediaPlayer.prepare(Native Method) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at com.giantrabbit.nagare.KralTvNow.play(KralTvNow.java:162) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at com.giantrabbit.nagare.KralTvNow.surfaceCreated(KralTvNow.java:215) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.SurfaceView.updateWindow(SurfaceView.java:536) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.SurfaceView.dispatchDraw(SurfaceView.java:339) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.ViewGroup.drawChild(ViewGroup.java:1638) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.ViewGroup.dispatchDraw(ViewGroup.java:1367) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.ViewGroup.drawChild(ViewGroup.java:1638) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.ViewGroup.dispatchDraw(ViewGroup.java:1367) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.View.draw(View.java:6796) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.widget.FrameLayout.draw(FrameLayout.java:352) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.ViewGroup.drawChild(ViewGroup.java:1640) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.ViewGroup.dispatchDraw(ViewGroup.java:1367) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.View.draw(View.java:6796) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.widget.FrameLayout.draw(FrameLayout.java:352) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at com.android.internal.policy.impl.PhoneWindow$DecorView.draw(PhoneWindow.java:1894) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.ViewRoot.draw(ViewRoot.java:1407) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.ViewRoot.performTraversals(ViewRoot.java:1163) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.view.ViewRoot.handleMessage(ViewRoot.java:1727) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.os.Handler.dispatchMessage(Handler.java:99) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.os.Looper.loop(Looper.java:123) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at android.app.ActivityThread.main(ActivityThread.java:4627) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at java.lang.reflect.Method.invokeNative(Native Method) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at java.lang.reflect.Method.invoke(Method.java:521) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:871) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:629) 05-26 10:37:20.682: ERROR/MediaPlayerDemo(24240): at dalvik.system.NativeStart.main(Native Method) 05-26 10:37:20.737: INFO/MediaPlayer(24240): Info (1,26) 05-26 10:37:20.737: ERROR/MediaPlayer(24240): Error (1,-1) 05-26 10:37:20.868: INFO/ActivityManager(10163): Displayed activity com.giantrabbit.nagare/.KralTvNow: 25864 ms (total 25864 ms) 05-26 10:37:23.777: WARN/PowerManagerService(10163): Timer 0x3-0x3|0x1 This is example of http ; mMediaPlayer = new MediaPlayer(); mMediaPlayer.setDataSource("http://ikral.garantisistem.com:1935/ikral/smil:kral.smil/playlist.m3u8"); mMediaPlayer.setDisplay(holder); mMediaPlayer.prepareAsync(); mMediaPlayer.setOnBufferingUpdateListener(this); mMediaPlayer.setOnCompletionListener(this); mMediaPlayer.setOnPreparedListener(this); mMediaPlayer.setOnVideoSizeChangedListener(this); mMediaPlayer.setAudioStreamType(AudioManager.STREAM_MUSIC); mMediaPlayer.setLooping(true); Exeption: 05-26 10:16:24.276: ERROR/MediaPlayerService(10157): create PVPlayer 05-26 10:16:24.292: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferWriteDataStreamImpl 05-26 10:16:24.346: INFO/PlayerDriver(10157): buffering (100) 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.346: ERROR/(10157): IIIIIII Inside Constructor of PVMFMemoryBufferReadDataStreamImpl 05-26 10:16:24.350: WARN/MediaPlayer(23736): info/warning (1, 26) 05-26 10:16:24.354: ERROR/PlayerDriver(10157): Command PLAYER_INIT completed with an error or info -10 05-26 10:16:24.354: ERROR/MediaPlayer(23736): error (-10, -10) 05-26 10:16:24.354: WARN/PlayerDriver(10157): PVMFInfoErrorHandlingComplete 05-26 10:16:24.393: INFO/MediaPlayer(23736): Info (1,26) 05-26 10:16:24.393: ERROR/MediaPlayer(23736): Error (-10,-10) Htttp; VideoView videoView=(VideoView)findViewById(R.id.videoView1); Uri uri = Uri.parse("http://ikral.garantisistem.com:1935/ikral/smil:kral.smil/playlist.m3u8"); videoView.setVideoURI(uri); videoView.start(); Gives message;"Sorry, this video connot ve played." Filiz Gökçe

    Read the article

  • Dynamic connection for LINQ to SQL DataContext

    - by Steve Clements
    If for some reason you need to specify a specific connection string for a DataContext, you can of course pass the connection string when you initialise you DataContext object.  A common scenario could be a dev/test/stage/live connection string, but in my case its for either a live or archive database.   I however want the connection string to be handled by the DataContext, there are probably lots of different reasons someone would want to do this…but here are mine. I want the same connection string for all instances of DataContext, but I don’t know what it is yet! I prefer the clean code and ease of not using a constructor parameter. The refactoring of using a constructor parameter could be a nightmare.   So my approach is to create a new partial class for the DataContext and handle empty constructor in there. First from within the LINQ to SQL designer I changed the connection property to None.  This will remove the empty constructor code from the auto generated designer.cs file. Right click on the .dbml file, click View Code and a file and class is created for you! You’ll see the new class created in solutions explorer and the file will open. We are going to be playing with constructors so you need to add the inheritance from System.Data.Linq.DataContext public partial class DataClasses1DataContext : System.Data.Linq.DataContext    {    }   Add the empty constructor and I have added a property that will get my connection string, you will have whatever logic you need to decide and get the connection string you require.  In my case I will be hitting a database, but I have omitted that code. public partial class DataClasses1DataContext : System.Data.Linq.DataContext {    // Connection String Keys - stored in web.config    static string LiveConnectionStringKey = "LiveConnectionString";    static string ArchiveConnectionStringKey = "ArchiveConnectionString";      protected static string ConnectionString    {       get       {          if (DoIWantToUseTheLiveConnection) {             return global::System.Configuration.ConfigurationManager.ConnectionStrings[LiveConnectionStringKey].ConnectionString;          }          else {             return global::System.Configuration.ConfigurationManager.ConnectionStrings[ArchiveConnectionStringKey].ConnectionString;          }       }    }      public DataClasses1DataContext() :       base(ConnectionString, mappingSource)    {       OnCreated();    } }   Now when I new up my DataContext, I can just leave the constructor empty and my partial class will decide which one i need to use. Nice, clean code that can be easily refractored and tested.   Share this post :

    Read the article

  • Don’t Program by Fear, Question Everything

    - by João Angelo
    Perusing some code base I’ve recently came across with a code comment that I would like to share. It was something like this: class Animal { public Animal() { this.Id = Guid.NewGuid(); } public Guid Id { get; private set; } } class Cat : Animal { public Cat() : base() // Always call base since it's not always done automatically { } } Note: All class names were changed to protect the innocent. To clear any possible doubts the C# specification explicitly states that: If an instance constructor has no constructor initializer, a constructor initializer of the form base() is implicitly provided. Thus, an instance constructor declaration of the form C(...) {...} is exactly equivalent to C(...): base() {...} So in conclusion it’s clearly an incorrect comment but what I find alarming is how a comment like that gets into a code base and survives the test of time. Not to forget what it can do to someone who is making a jump from other technologies to C# and reads stuff like that.

    Read the article

  • A New Threat To Web Applications: Connection String Parameter Pollution (CSPP)

    - by eric.maurice
    Hi, this is Shaomin Wang. I am a security analyst in Oracle's Security Alerts Group. My primary responsibility is to evaluate the security vulnerabilities reported externally by security researchers on Oracle Fusion Middleware and to ensure timely resolution through the Critical Patch Update. Today, I am going to talk about a serious type of attack: Connection String Parameter Pollution (CSPP). Earlier this year, at the Black Hat DC 2010 Conference, two Spanish security researchers, Jose Palazon and Chema Alonso, unveiled a new class of security vulnerabilities, which target insecure dynamic connections between web applications and databases. The attack called Connection String Parameter Pollution (CSPP) exploits specifically the semicolon delimited database connection strings that are constructed dynamically based on the user inputs from web applications. CSPP, if carried out successfully, can be used to steal user identities and hijack web credentials. CSPP is a high risk attack because of the relative ease with which it can be carried out (low access complexity) and the potential results it can have (high impact). In today's blog, we are going to first look at what connection strings are and then review the different ways connection string injections can be leveraged by malicious hackers. We will then discuss how CSPP differs from traditional connection string injection, and the measures organizations can take to prevent this kind of attacks. In web applications, a connection string is a set of values that specifies information to connect to backend data repositories, in most cases, databases. The connection string is passed to a provider or driver to initiate a connection. Vendors or manufacturers write their own providers for different databases. Since there are many different providers and each provider has multiple ways to make a connection, there are many different ways to write a connection string. Here are some examples of connection strings from Oracle Data Provider for .Net/ODP.Net: Oracle Data Provider for .Net / ODP.Net; Manufacturer: Oracle; Type: .NET Framework Class Library: - Using TNS Data Source = orcl; User ID = myUsername; Password = myPassword; - Using integrated security Data Source = orcl; Integrated Security = SSPI; - Using the Easy Connect Naming Method Data Source = username/password@//myserver:1521/my.server.com - Specifying Pooling parameters Data Source=myOracleDB; User Id=myUsername; Password=myPassword; Min Pool Size=10; Connection Lifetime=120; Connection Timeout=60; Incr Pool Size=5; Decr Pool Size=2; There are many variations of the connection strings, but the majority of connection strings are key value pairs delimited by semicolons. Attacks on connection strings are not new (see for example, this SANS White Paper on Securing SQL Connection String). Connection strings are vulnerable to injection attacks when dynamic string concatenation is used to build connection strings based on user input. When the user input is not validated or filtered, and malicious text or characters are not properly escaped, an attacker can potentially access sensitive data or resources. For a number of years now, vendors, including Oracle, have created connection string builder class tools to help developers generate valid connection strings and potentially prevent this kind of vulnerability. Unfortunately, not all application developers use these utilities because they are not aware of the danger posed by this kind of attacks. So how are Connection String parameter Pollution (CSPP) attacks different from traditional Connection String Injection attacks? First, let's look at what parameter pollution attacks are. Parameter pollution is a technique, which typically involves appending repeating parameters to the request strings to attack the receiving end. Much of the public attention around parameter pollution was initiated as a result of a presentation on HTTP Parameter Pollution attacks by Stefano Di Paola and Luca Carettoni delivered at the 2009 Appsec OWASP Conference in Poland. In HTTP Parameter Pollution attacks, an attacker submits additional parameters in HTTP GET/POST to a web application, and if these parameters have the same name as an existing parameter, the web application may react in different ways depends on how the web application and web server deal with multiple parameters with the same name. When applied to connections strings, the rule for the majority of database providers is the "last one wins" algorithm. If a KEYWORD=VALUE pair occurs more than once in the connection string, the value associated with the LAST occurrence is used. This opens the door to some serious attacks. By way of example, in a web application, a user enters username and password; a subsequent connection string is generated to connect to the back end database. Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; In the password field, if the attacker enters "xxx; Integrated Security = true", the connection string becomes, Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; Intergrated Security = true; Under the "last one wins" principle, the web application will then try to connect to the database using the operating system account under which the application is running to bypass normal authentication. CSPP poses serious risks for unprepared organizations. It can be particularly dangerous if an Enterprise Systems Management web front-end is compromised, because attackers can then gain access to control panels to configure databases, systems accounts, etc. Fortunately, organizations can take steps to prevent this kind of attacks. CSPP falls into the Injection category of attacks like Cross Site Scripting or SQL Injection, which are made possible when inputs from users are not properly escaped or sanitized. Escaping is a technique used to ensure that characters (mostly from user inputs) are treated as data, not as characters, that is relevant to the interpreter's parser. Software developers need to become aware of the danger of these attacks and learn about the defenses mechanism they need to introduce in their code. As well, software vendors need to provide templates or classes to facilitate coding and eliminate developers' guesswork for protecting against such vulnerabilities. Oracle has introduced the OracleConnectionStringBuilder class in Oracle Data Provider for .NET. Using this class, developers can employ a configuration file to provide the connection string and/or dynamically set the values through key/value pairs. It makes creating connection strings less error-prone and easier to manager, and ultimately using the OracleConnectionStringBuilder class provides better security against injection into connection strings. For More Information: - The OracleConnectionStringBuilder is located at http://download.oracle.com/docs/cd/B28359_01/win.111/b28375/OracleConnectionStringBuilderClass.htm - Oracle has developed a publicly available course on preventing SQL Injections. The Server Technologies Curriculum course "Defending Against SQL Injection Attacks!" is located at http://st-curriculum.oracle.com/tutorial/SQLInjection/index.htm - The OWASP web site also provides a number of useful resources. It is located at http://www.owasp.org/index.php/Main_Page

    Read the article

  • Why isnt the copy constructor of member class called?

    - by sandeep
    class member { public: member() { cout<<"Calling member constr"<<'\n'; } member(const member&) { cout<<"Calling member copy constr"<<'\n'; } }; class fred { public: fred() { cout<<"calling fred constr"<<'\n'; } fred(const fred &) { cout<<"Calling fred copy constr"<<'\n'; } protected: member member_; }; int main() { fred a; fred b=a; } Output: Calling member constr calling fred constr **Calling member constr** Calling fred copy constr

    Read the article

  • PHP class constructor , how to initalize pictuer “blob” type?

    - by Iman25
    I have class and I want to initalize column that stores pictuer with type "blob" but I'm not sure how? take a look at the lat line of the code public function __construct( $data=array() ) { if ( isset( $data['id'] ) ) $this->id = (int) $data['id']; if ( isset( $data['date'] ) ) $this->date= (int) $data['date']; if ( isset( $data['topic'] ) ) $this->topic = preg_replace ( "/[^\.\,\-\_\'\"\@\?\!\:\$ a-zA-Z0-9()]/", "", $data['topic'] ); if ( isset( $data['author'] ) ) $this->author = preg_replace ( "/[^\.\,\-\_\'\"\@\?\!\:\$ a-zA-Z0-9()]/", "", $data['author'] ); if ( isset( $data['content'] ) ) $this->content = $data['content']; if ( isset( $data['picture'] ) ) $this->picture ="Here sholud be the Type" $data['picture']; }

    Read the article

  • Register all GUI components as Observers or pass current object to next object as a constructor argu

    - by Jack
    First, I'd like to say that I think this is a common issue and there may be a simple or common solution that I am unaware of. Many have probably encountered a similar problem. Thanks for reading. I am creating a GUI where each component needs to communicate (or at least be updated) by multiple other components. Currently, I'm using a Singleton class to accomplish this goal. Each GUI component gets the instance of the singleton and registers itself. When updates need to be made, the singleton can call public methods in the registered class. I think this is similar to an Observer pattern, but the singleton has more control. Currently, the program is set up something like this: class c1 { CommClass cc; c1() { cc = CommClass.getCommClass(); cc.registerC1( this ); C2 c2 = new c2(); } } class c2 { CommClass cc; c2() { cc = CommClass.getCommClass(); cc.registerC2( this ); C3 c3 = new c3(); } } class c3 { CommClass cc; c3() { cc = CommClass.getCommClass(); cc.registerC3( this ); C4 c4 = new c4(); } } etc. Unfortunately, the singleton class keeps growing larger as more communication is required between the components. I was wondering if it's a good idea to instead of using this singleton, pass the higher order GUI components as arguments in the constructors of each GUI component: class c1 { c1() { C2 c2 = new c2( this ); } } class c2 { C1 c1; c2( C1 c1 ) { this.c1 = c1 C3 c3 = new c3( c1, this ); } } class c3 { C1 c1; C2 c2; c3( C1 c1, C2 c2 ) { this.c1 = c1; this.c2 = c2; C4 c4 = new c4( c1, c2, this ); } } etc. The second version relies less on the CommClass, but it's still very messy as the private member variables increase in number and the constructors grow in length. Each class contains GUI components that need to communicate through CommClass, but I can't think of a good way to do it. If this seems strange or horribly inefficient, please describe some method of communication between classes that will continue to work as the project grows. Also, if this doesn't make any sense to anyone, I'll try to give actual code snippets in the future and think of a better way to ask the question. Thanks.

    Read the article

< Previous Page | 49 50 51 52 53 54 55 56 57 58 59 60  | Next Page >