Search Results

Search found 6690 results on 268 pages for 'worst practices'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 81/268 | < Previous Page | 77 78 79 80 81 82 83 84 85 86 87 88  | Next Page >

  • Session ID Rotation - does it enhance security?

    - by dound
    (I think) I understand why session IDs should be rotated when the user logs in - this is one important step to prevent session fixation. However, is there any advantage to randomly/periodically rotating session IDs? This seems to only provide a false sense of security in my opinion. Assuming session IDs are not vulnerable to brute-force guessing and you only transmit the session ID in a cookie (not as part of URLs), then an attacker will have to access your cookie (most likely by snooping on your traffic) to get your session ID. Thus if the attacker gets one session ID, they'll probably be able to sniff the rotated session ID too - and thus randomly rotating has not enhanced security.

    Read the article

  • Email as a view.

    - by Hal
    I've been in some discussion recently about where email (notifications, etc...) should be sent in an ASP.NET MVC application. My nemesis grin argues that it only makes sense that the email should be sent from the controller. I argue that an email is simply an alternate or augmented view through a different channel. Much like I would download a file as the payload of an ActionResult, the email is simply delivered through a different protocol. I've worked an extension method that allows me to do the following: <% Html.RenderEmail(model.FromAddress, model.ToAddress, model.Subject); %> which I actually include within my the view that is displayed on the screen. The beauty is that, based on convention, if I call RenderEmail from a parent view named MyView.ascx, I attempt to render the contents of a view named MyViewEmail.ascx, unless it is not found, in which case I simply email a copy of parent view. It certainly does make it testable (I still have an ISMTPService injected for testing), I wondered if anyone had any thoughts on whether or not this breaks from good practice. In use it has been extremely handy when we needed to easily send an email or modify the contents of the emailed results vs the browser rendered results. Thanks, Hal

    Read the article

  • Ideal way to cancel an executing AsnycTask

    - by Samuh
    I am running remote audio-file-fetching and audio file playback operations in a background thread using AsnycTask. A Cancellable progress bar is shown for the time the fetch operation runs. I want to cancel/abort the AsnycTask run when the user cancels(decides against) the operation. What is the ideal way to handle such a case? Thanks.

    Read the article

  • Best Practice for Utilities Class?

    - by Sonny Boy
    Hey all, We currently have a utilities class that handles a lot of string formatting, date displays, and similar functionality and it's a shared/static class. Is this the "correct" way of doing things or should we be instanciating the utility class as and when we need it? Our main goal here is to reduce memory footprint but performance of the application is also a consideration. Thanks, Matt PS. We're using .NET 2.0

    Read the article

  • Should I distinguish OpenIDs based on protocol prefix or not? http vs https

    - by Joannes Vermorel
    I have implemented a straightforward OpenID support for my ASP.NET app with DotNetOpenAuth. Yet I recently realized that the implementation was treating http://johndoe.example.com/ as a distinct user compared to https://johndoe.example.com. This lead to quite a few confused users. I am unsure what to do at this point. Is this a bug or a feature? Indeed, I can consider this behavior as a feature: if the user specifies the HTTPS, the user might not want the system to accept HTTP auth in the first place. On the other hand: if the user specifies HTTPS out of sheer cluelessness (the casual web visitor is clueless concerning the purpose of the "S" part), then rejecting it's authentication attempt is confusing. What is considered as the best practice?

    Read the article

  • Subversion Repository Layout

    - by Tim Long
    Most subversion tools create a default repository layout with /trunk, /branches and /tags. The documentation also recommends not using separate repositories for each project, so that code can be more easily shared. Following that advice has led to me having a repository with the following layout: /trunk /Project1 /Project2 /branches /Project1 /Project2 /tags /Project1 /Project2 and so on, you get the idea. Over time, I've found this structure a bit clumsy and it occurred to me that there's an alternative interpretation of the recommendations, such as: /Project1 /trunk /branches /tags /Project2 /trunk /branches /tags So, which layout do people use, and why? Or - is there another way to do things that I've completely missed?

    Read the article

  • Recommendations for 'C' Project architecture guidelines?

    - by SiegeX
    Now that I got my head wrapped around the 'C' language to a point where I feel proficient enough to write clean code, I'd like to focus my attention on project architecture guidelines. I'm looking for a good resource that coves the following topics: How to create an interface that promotes code maintainability and is extensible for future upgrades. Library creation guidelines. Example, when should I consider using static vs dynamic libraries. How to properly design an ABI to cope with either one. Header files: what to partition out and when. Examples on when to use 1:1 vs 1:many .h to .c Anything you feel I missed but is important when attempting to architect a new C project. Ideally, I'd like to see some example projects ranging from small to large and see how the architecture changes depending on project size, function or customer. What resource(s) would you recommend for such topics?

    Read the article

  • What are some typing patterns using a standard QWERTY keyboard that work well for you as a programme

    - by OrbMan
    After hunting and pecking for about 35 years, I have decided to learn to type. I am learning QWERTY and have learned about 2/3 of the letters so far. While learning, I have noticed how asymmeterical the keyboard is, which really bothers me. (I will probably switch to a symmetrical keyboard eventually, but for now am trying to do everything as standard and "correct" as possible.) Although I am not there yet in my lessons, it seems that many of the keys I am going to use as a C# web developer are supposed to be typed by the pinky of my right hand. Are there any typing patterns you have developed that are more ergonomic (or faster) when typing large volumes of code rife with braces, colons, semi-colons and quotes? Or, should I just accept the fact that every other key is going to be hit with my right pinky? It is not that speed is such a huge concern, as much as that it seems so inefficient to rely on one finger so much... As an example, some of the conventions I use as a hunt and pecker, like typing open and close braces right away with my index and middle finger, and then hitting the left arrow key to fill in the inner content, don't seem to work as well with just a pinky. What are some typing patterns using a standard QWERTY keyboard that work really well for you as a programmer? Update: US layout and I use home row Update 2: Despite my best efforts to the contrary, people are interpreting this questionas "how do I learn to type" or "what keyboard should I use". Take it as a given, that I will learn to type, and that I will be doing so on a standard QWERTY layout keyboard, not DVORAK. I am interested in aquiring a skill that will be useful wherever I go.

    Read the article

  • What is the basic pattern for using (N)Hibernate?

    - by Vilx-
    I'm creating a simple Windows Forms application with NHibernate and I'm a bit confused about how I'm supposed to use it. To quote the manual: ISession (NHibernate.ISession) A single-threaded, short-lived object representing a conversation between the application and the persistent store. Wraps an ADO.NET connection. Factory for ITransaction. Holds a mandatory (first-level) cache of persistent objects, used when navigating the object graph or looking up objects by identifier. Now, suppose I have the following scenario: I have a simple classifier which is a MSSQL table with two columns - ID (auto_increment) and Name (nvarchar). To edit this classifier I create a form which contains a single gridview and two buttons - OK and Cancel. The user can nearly directly edit the table in the gridview, and when he hits OK the changes he made are persisted to the DB (or if he hits cancel, nothing happens). Now, I have several questions about how to organize this: What should the lifetime of my ISession be? Should I create a single ISession for my whole application; an ISession for each of my forms (the application is single-threaded MDI); or an ISession for every DB operation/transaction? Does NHibernate offer some kind of built-in dirty tracking or must I do this myself? The manual mentions something like it here and there but does not go into details. How is this done? Is there not a huge overhead? Is it somehow tied with the cache(s) that NHibernate has? What are these caches for? Are they not specific to a single ISession? That is, if I use a seperate ISession for every transaction, won't it break the dirty tracking? How does the built-in dirty tracking detect deleted objects?

    Read the article

  • Will asking users to upgrade their browser cause issues?

    - by John Isaacks
    Ok I am considering putting up something asking ie6 users to upgrade their browser. However, I am concerned that users will upgrade it, not like it. Then blame me. Is this a real concern? am I going to get people calling me asking me how to use their new browser or how to get their old one back? Whats your thought on this topic? Thanks!!

    Read the article

  • Auto-generating toString Method

    - by Gordon
    Is it good or bad practice auto-generating toString methods for some simple classes? I was thinking of generating something like bellow where it takes the variable names and produces a toString method that prints the name followed by it's value. private String name; private int age; private double height; public String toString(){ Formatter formatter = new Formatter(); return formatter.format("Name: %s, Age: %d, Height %f", name, age, height).toString(); }

    Read the article

  • Is it considered a good/bad practice to configure tomcat for deploying certain apps?

    - by Roman
    Disclaimer: I've never used technique which is described below. That's why there may occur some mistakes or misunderstandings in its description. I heard that some teams (developers) use 'pre-configured' tomcat. As I understand they add different jars to tomcat \lib folder and do something else. Once I've read something about recompilation (or reassembly?) of tomcat for certain needs. Just yesterday I heard a dialog where one developer sayd that his team-mates were not able to deploy the project until he would give them configured tomcat version. So, I wonder, what is it all about and why do they do it? What benefits can they gain from that?

    Read the article

  • Using different languages in one project

    - by Tarbal
    I recently heard about the use of several different languages in a (big) project, I also read about famous services such as Twitter using Rails as frontend, mixed with some other languages, and Scala I think it was as backend. Is this common practice? Who does that? I'm sure there are disadvantages to this. I think that you will have problems with the different interpreters/compilers and seamlessly connecting the different languages. Is this true? Why is this actually done? For performance?

    Read the article

  • Best practice for writing ARRAYS

    - by Douglas
    I've got an array with about 250 entries in it, each their own array of values. Each entry is a point on a map, and each array holds info for: name, another array for points this point can connect to, latitude, longitude, short for of name, a boolean, and another boolean The array has been written by another developer in my team, and he has written it as such: names[0]=new Array; names[0][0]="Campus Ice Centre"; names[0][1]= new Array(0,1,2); names[0][2]=43.95081811364498; names[0][3]=-78.89848709106445; names[0][4]="CIC"; names[0][5]=false; names[0][6]=false; names[1]=new Array; names[1][0]="Shagwell's"; names[1][1]= new Array(0,1); names[1][2]=43.95090307839151; names[1][3]=-78.89815986156464; names[1][4]="shg"; names[1][5]=false; names[1][6]=false; Where I would probably have personally written it like this: var names = [] names[0] = new Array("Campus Ice Centre", new Array[0,1,2], 43.95081811364498, -78.89848709106445, "CIC", false, false); names[1] = new Array("Shagwell's", new Array[0,1], 43.95090307839151, -78.89815986156464, 'shg", false, false); They both work perfectly fine of course, but what I'm wondering is: 1) does one take longer than the other to actually process? 2) am I incorrect in assuming there is a benefit to the compactness of my version of the same thing? I'm just a little worried about his 3000 lines of code versus my 3-400 to get the same result. Thanks in advance for any guidance.

    Read the article

  • Extending Throwable in Java

    - by polygenelubricants
    Java lets you create an entirely new subtype of Throwable, e.g: public class FlyingPig extends Throwable { ... } Now, very rarely, I may do something like this: throw new FlyingPig("Oink!"); and of course elsewhere: try { ... } catch (FlyingPig porky) { ... } My questions are: Is this a bad idea? And if so, why? What could've been done to prevent this subtyping if it is a bad idea? Since it's not preventable (as far as I know), what catastrophies could result? If this isn't such a bad idea, why not? How can you make something useful out of the fact that you can extends Throwable?

    Read the article

  • Can an app use the clipboard for its own purposes? (read: who owns the clipboard?)

    - by eran
    In PowerBuilder's IDE, the code autocomplete feature uses the clipboard to communicate the completed text to the code window. By doing so, it overrides whatever was stored on the clipboard before. So, if you had the winning numbers of the next lottary stored on your clipboard, and you used the autocomplete to turn m_goodfor into m_goodfornothing, you've just lost your only chance of ever getting rich, and you're left with nothing on your clipboard. Features like that are the reason I hate software. It looks like it was implemented by some intern that noone was looking after. However, there's also a chance I got all worked up for nothing, and making such use of the clipboard is absolutely legit. So, can an app use the clipboard for its own purposes? Who is considered the owner of the clipboard? (Bonus votes to whoever puts himself in place of the feature's programmer, and provides some reasoning for this being done on purpose, assuming the users would actually benefite from it)

    Read the article

  • How Can I up my Street Cred in the coding world

    - by RedEye
    I know this isn't directly related to a specific coding problem. It's a more general programming question. I'm a n00b... Been coding for 1 year, and it's where I belong. I want to get hardcore and put everything I have into it. I started with C++ and now I'm into C#. I love it all. What can I do to up my game and up my respect in the programming world?

    Read the article

  • CSS Negative margins for positioning.

    - by Kyle Sevenoaks
    Is it ok to use negative margins for positioning? I have a lot in my current site and feel like it's not such a stable way to position things. I usually suggest to use them too. For example I have a checkout page with three divs on top of each other <div class="A"> header </div> <div class="B"> content </div> <div class="C"> footer </div> (A, B and C), which are meant to sit on top of each other, to appear attached. I did this using: .B { margin-top: -20px; } On div B, to meet the bottom of div A. Is this good practice or shall I re-code using top and left?

    Read the article

  • What should be the "trunk" development, or release

    - by Nix
    I have the unfortunate opportunity of source control via Borland's StarTeam. It unfortunately does very few things well, and one supreme weakness is its view management. I love SVN and come from an SVN mindset. Our issue is post production release we are spending countless hours merging changes into a "production support" environment. Please do not harass me this was not my doing, I inherited it and am trying to present a better way of managing the repository. It is not an option to switch to a different SCM tool. Current setup Product.1.0 (TRUNK, current production code, and at this level are pending bug fixes) Product.2.0(true trunk anything checked in gets tested, and then released next production cycle, a lot of changes occur in this view) My proposal is going to be to swap them, have all development be done on the trunk (Production), tag on releases, and as needed create child views to represent production support bug fixes. Production Production.2.0.SP.1 I can not find any documentation to support the above proposal so I am trying to get feedback on whether or not the change is a good idea and if there is anything you would recommend doing differently.

    Read the article

  • How to Manage CSS Explosion

    - by Jason
    I have been heavily relying on CSS for a website that I am working on (currently, everything is done as property values within each tag on the website and I'm trying to get away from that to make updates significantly easier). The problem I am running into, is I'm starting to get a bit of "CSS explosion" going on. It is becoming difficult for me to decide how to best organize and abstract data within the CSS file. For example: I am using a large number of div tags within the website (previously it was completely tables based). So I'm starting to get a lot of CSS that looks like this... div.title { background-color: Blue; color: White; text-align: center; } div.footer { /* Stuff Here */ } div.body { /* Stuff Here */ } etc. It's not too bad yet, but since I am learning here, I was wondering if recommendations could be made on how best to organize the various parts of a CSS file. What I don't want to get to is where I have a separate CSS attribute for every single thing on my website (which I have seen happen), and I always want the CSS file to be fairly intuitive. (P.S. I do realize this is a very generic, high-level question. My ultimate goal is to make it easy to use the CSS files and demonstrate their power to increase the speed of web development so other individuals that may work on this site in the future will also get into the practice of using them rather than hard-coding values everywhere.)

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 77 78 79 80 81 82 83 84 85 86 87 88  | Next Page >