Search Results

Search found 29768 results on 1191 pages for 'past development'.

Page 86/1191 | < Previous Page | 82 83 84 85 86 87 88 89 90 91 92 93  | Next Page >

  • Security in Software

    The term security has many meanings based on the context and perspective in which it is used. Security from the perspective of software/system development is the continuous process of maintaining confidentiality, integrity, and availability of a system, sub-system, and system data. This definition at a very high level can be restated as the following: Computer security is a continuous process dealing with confidentiality, integrity, and availability on multiple layers of a system. Key Aspects of Software Security Integrity Confidentiality Availability Integrity within a system is the concept of ensuring only authorized users can only manipulate information through authorized methods and procedures. An example of this can be seen in a simple lead management application.  If the business decided to allow each sales member to only update their own leads in the system and sales managers can update all leads in the system then an integrity violation would occur if a sales member attempted to update someone else’s leads. An integrity violation occurs when a team member attempts to update someone else’s lead because it was not entered by the sales member.  This violates the business rule that leads can only be update by the originating sales member. Confidentiality within a system is the concept of preventing unauthorized access to specific information or tools.  In a perfect world the knowledge of the existence of confidential information/tools would be unknown to all those who do not have access. When this this concept is applied within the context of an application only the authorized information/tools will be available. If we look at the sales lead management system again, leads can only be updated by originating sales members. If we look at this rule then we can say that all sales leads are confidential between the system and the sales person who entered the lead in to the system. The other sales team members would not need to know about the leads let alone need to access it. Availability within a system is the concept of authorized users being able to access the system. A real world example can be seen again from the lead management system. If that system was hosted on a web server then IP restriction can be put in place to limit access to the system based on the requesting IP address. If in this example all of the sales members where accessing the system from the 192.168.1.23 IP address then removing access from all other IPs would be need to ensure that improper access to the system is prevented while approved users can access the system from an authorized location. In essence if the requesting user is not coming from an authorized IP address then the system will appear unavailable to them. This is one way of controlling where a system is accessed. Through the years several design principles have been identified as being beneficial when integrating security aspects into a system. These principles in various combinations allow for a system to achieve the previously defined aspects of security based on generic architectural models. Security Design Principles Least Privilege Fail-Safe Defaults Economy of Mechanism Complete Mediation Open Design Separation Privilege Least Common Mechanism Psychological Acceptability Defense in Depth Least Privilege Design PrincipleThe Least Privilege design principle requires a minimalistic approach to granting user access rights to specific information and tools. Additionally, access rights should be time based as to limit resources access bound to the time needed to complete necessary tasks. The implications of granting access beyond this scope will allow for unnecessary access and the potential for data to be updated out of the approved context. The assigning of access rights will limit system damaging attacks from users whether they are intentional or not. This principle attempts to limit data changes and prevents potential damage from occurring by accident or error by reducing the amount of potential interactions with a resource. Fail-Safe Defaults Design PrincipleThe Fail-Safe Defaults design principle pertains to allowing access to resources based on granted access over access exclusion. This principle is a methodology for allowing resources to be accessed only if explicit access is granted to a user. By default users do not have access to any resources until access has been granted. This approach prevents unauthorized users from gaining access to resource until access is given. Economy of Mechanism Design PrincipleThe Economy of mechanism design principle requires that systems should be designed as simple and small as possible. Design and implementation errors result in unauthorized access to resources that would not be noticed during normal use. Complete Mediation Design PrincipleThe Complete Mediation design principle states that every access to every resource must be validated for authorization. Open Design Design PrincipleThe Open Design Design Principle is a concept that the security of a system and its algorithms should not be dependent on secrecy of its design or implementation Separation Privilege Design PrincipleThe separation privilege design principle requires that all resource approved resource access attempts be granted based on more than a single condition. For example a user should be validated for active status and has access to the specific resource. Least Common Mechanism Design PrincipleThe Least Common Mechanism design principle declares that mechanisms used to access resources should not be shared. Psychological Acceptability Design PrincipleThe Psychological Acceptability design principle refers to security mechanisms not make resources more difficult to access than if the security mechanisms were not present Defense in Depth Design PrincipleThe Defense in Depth design principle is a concept of layering resource access authorization verification in a system reduces the chance of a successful attack. This layered approach to resource authorization requires unauthorized users to circumvent each authorization attempt to gain access to a resource. When designing a system that requires meeting a security quality attribute architects need consider the scope of security needs and the minimum required security qualities. Not every system will need to use all of the basic security design principles but will use one or more in combination based on a company’s and architect’s threshold for system security because the existence of security in an application adds an additional layer to the overall system and can affect performance. That is why the definition of minimum security acceptably is need when a system is design because this quality attributes needs to be factored in with the other system quality attributes so that the system in question adheres to all qualities based on the priorities of the qualities. Resources: Barnum, Sean. Gegick, Michael. (2005). Least Privilege. Retrieved on August 28, 2011 from https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/principles/351-BSI.html Saltzer, Jerry. (2011). BASIC PRINCIPLES OF INFORMATION PROTECTION. Retrieved on August 28, 2011 from  http://web.mit.edu/Saltzer/www/publications/protection/Basic.html Barnum, Sean. Gegick, Michael. (2005). Defense in Depth. Retrieved on August 28, 2011 from  https://buildsecurityin.us-cert.gov/bsi/articles/knowledge/principles/347-BSI.html Bertino, Elisa. (2005). Design Principles for Security. Retrieved on August 28, 2011 from  http://homes.cerias.purdue.edu/~bhargav/cs526/security-9.pdf

    Read the article

  • Should I get my masters in Game Design and Development or Computer Science?

    - by Christopher Stephenson
    I am a recent grad with a B.S. in IT while I didn't minor in Game Desgin and development, I took few classes in it. During my job search I have seen that most gaming companies seems to want someone that majored in C.S, mathematics, or physics. During my undergrad I never had to take physics nor did I learn much about data structures and algorithms. These seem to be really important when searching for a job in game development. So I am thinking about going back to school to get my masters in either CS, or GDD. The problem though is which one? I am really not looking to create my own games, I just want to work on games.

    Read the article

  • What technologies are used for Game development now days?

    - by Monika Michael
    Whenever I ask a question about game development in an online forum I always get suggestions like learning line drawing algorithms, bit level image manipulation and video decompression etc. However looking at games like God of War 3, I find it hard to believe that these games could be developed using such low level techniques. The sheer awesomeness of such games defy any comprehensible(for me) programming methodology. Besides the gaming hardware is really a monster now days. So it stands to reason that the developers would work at a higher level of abstraction. What is the latest development methodology in the gaming industry? How is it that a team of 30-35 developers (of which most is management and marketing fluff) able to make such mind boggling games?

    Read the article

  • Tips for Using Multiple Development Systems

    - by Tim Lytle
    When I travel, I don't pack up the desktop I use in the office and take it with me. Maybe I should, but I don't. However, since I'm a contract programmer I like to be able to work wherever I am: I'm mostly thinking of web development here. Version Control goes a long way in keeping sane and working on multiple projects on multiple systems (two or three computers); however, there are the issues of: IDE settings - different display sizes mean the IDE settings can't be completely synced, if at all. Database - if the database is 'external' (even if it's running on the same system, it's not in version control), how do you maintain the needed syncs of structure. Development Stack - Some projects need non-standard extensions, libraries, etc installed. Just an overview of some of the hassle involved with developing on multiple systems. I'll probably end up asking some specific questions, but I thought a CW style tips might reveal some things I would even think to ask about. Update: I guess this would also address tips to make upgrading/replacing your development system easier (something I've just done). So, one tip per answer please, so the 'top' tips are easy to find. How do you make it easier to develop on multiple systems, or to transfer work after upgrading/replaceing a development system?

    Read the article

  • Modelling in Agile Development

    - by bertzzie
    I'm writing a bachelor dissertation report where I'm developing a system with Agile methodology. Given that the development is an one man show, of course the "Agile" I did was not really agile at all (from my understanding at least). So I want some perspective from SO crowds, who is of course a professional, real world, developer with tons of experience. I think real world experience is better than the theory and experiments that I did. My question is: Do we model during development time when using Agile? UML? DFD? Or a Functional Specification is enough1? If modelling is not really necessary, what do we use to communicate to the user, as the user almost always won't understand UML or DFD? For my system, I use UI & UX Design with heavy prototyping, but then I don't have time to draw UML any more. Which one is better? 1 http://www.joelonsoftware.com/articles/fog0000000036.html I hope the question's not "subjective and argumentative" as I know this question exist because of my lack of understanding in the agile development. If it is, could someone just give me a pointer or reference about that? Possible duplicate: Do you use UML in Agile development practices?

    Read the article

  • What kind of programmer job positions are there in professional game development? [on hold]

    - by skiwi
    I have been wondering the following since recently, seeing as I want to pursue a career in game development after university: What programmer job positions are there in professional game development? Think about AAA titles, etc. What programming language are the most commonly used ones in that area? I can think of some job aspects, like game engine, network, centralized server and artificial intelligence. I am just wondering what options I have later on, and in what programming languages I should invest right now. I am quite proficient with Java, and also wondering if that is of any help.

    Read the article

  • Starting Game Programming in C++, where to begin for optimal cross-platform development?

    - by Qasim
    I wish to begin learning game development in C++. I have knowledge in syntax and the console using Visual C++ 2010, however I want to begin programming. My only problem is that I want to be able to support many platforms including Windows, Mac OS, and Linux. As I get better, I also hope I can submit games to XBLIG (or XBLA) and Steam, and even the Google Play Store (But that would take some porting and major redesign of controls). I have looked into c++ and SDL but I have no idea how to get started. I have Visual C++ 2010 installed and I hope I can still use that as other C++ IDEs are quit outdated. Because I want to stick with Visual C++ and SDL (unless there is a better library than SDL), there is not much room for debate but rather how to create projects to support cross-platform development.

    Read the article

  • What are good examples of perfectly acceptable approaches to development that are NOT test driven development (TDD)?

    - by markbruns
    The TDD cycle is test, code, refactor, (repeat) and then ship. TDD implies development that is driven by testing, specifically that means understanding requirements and then writing tests first before developing or writing code. My natural inclination is a philosophical bias in favor of TDD; I would like to be convinced that there are other approaches that now work well or even better than TDD so I have asked this question. What are examples of perfectly acceptable approaches that NOT test driven development? I can think of plenty approaches that are not TDD but could be a lot more trouble than what they are worth ... it's not moral judgement, it's just that they are cost more than they are worth ... the following are simply examples of things that might be ok as learning exercises, but approaches I'd find to be NOT acceptable in serious production and NOT TDD might include: Inspecting quality into your product -- Focusing efforts on developing a proficiency in testing/QA can be problematic, especially if you don't work on the requirements and development side first ... symptom of this include bug triaging where the developers have so many different bugs to deal with it, it is necessary to employ a form of triage -- each development cycle gets worse and worse, programmers work more and more hours, sleep less and less, struggle to keep going in death march until they are consumed. Superstition ... believing in things that you don't understand -- this would involve borrowing code that you believe has been proven or tested from somewhere, e.g. legacy code, a magic code starter wizard or an open source project, and you go forward hacking up a storm of modifications, sliding FaceBook Connect into your the user interface, inventing some new magic features on the fly (e.g. a mashup using the Twitter API, GoogleMaps API and maybe Zappos API), showing off your cool new "product" to a few people and then writing up a simple "specification" and list of "test cases" and turning that over to Mechanical Turk for testing.

    Read the article

  • portlet 2.0 (jsr286) development with spring

    - by Patrick Cornelissen
    Hi! We are discussing whether it's a good idea to switch from plain portlet development on a liferay installation to spring webmvc portlet based development. We're starting the development of some portlets soon, so now is the time. But the problem I see is that we'd like to use some of the portlet 2.0 features, which won't work with versions older than spring 3.0. (Right?) Has anyone insight, if it's worth the waiting? (When is 3.0 scheduled anyway?) Is the current milestone stable enough? Our first real release will be in the last quarter of the year, so the springsource guys have some time left to get a final out of the door... ;-) Any ideas?

    Read the article

  • Apache rewriteBase in .htaccess for development subdomains

    - by Das123
    I think I'm missing something and don't think I really understand how rewriteBase works. The problem I have is that I have a production site where the site is in the root directory yet I have my development site in a localhost subdirectory. Eg http://www.sitename.com/ vs http://localhost/sitename/ If I have for example an images folder I want to reference the images from the site root by using the initial slash in the href. Eg Using a relative href (without the initial slash) is not an option. This will work on the production site but the development site is looking for http://localhost/images/imagename.jpg instead of http://localhost/sitename/images/imagename.jpg So I thought all I needed to do was setup the following in my .htaccess file to force the site root to my subdomain within the development environment: Options +FollowSymLinks RewriteEngine On RewriteBase /sitename But this still uses localhost as the site root instead of localhost/sitename. Can anyone please give me some pointers?

    Read the article

  • Eclipse Basic Web Development?

    - by Sean Ochoa
    I want to start doing web development with Eclipse. Not Java, tomcat, axis2, or anything else anymore complicated than basic XHTML / JS / CSS development, at this time. Problem 1: I realize that it can edit those files, but its trying to manage my HTML docs as part of "my workspace", and all I want it to do is manage the files as part of my local www server HTdocs directory. Problem 2: I would like to edit WYSIWYG-style, if possible. I tried installing a plug-in for that, but I wasn't able to get w4 toolkit to function properly. This would really help me to speed up development, I think. Follow-up: I've installed WTP and its dependencies (except for the tests portion, which had install problems due to dependencies that were seemingly irreconcilable).

    Read the article

  • MacBook for django development?

    - by Fernando
    Hi, I'm about to buy a new laptop (Asus G62) to replace my old ubuntu desktop. I will use it mostly for django development (and some legacy win32 stuff in a virtualbox). However, since I will need to do some iPhone development in the near future, I'm starting to think that it might be a wiser to buy a MacBook Pro, instead of the Asus and later a cheap (so to speak...) MacBook. How well suited is a MacBook Pro for Django development? I currently use WingIDE on Linux and love it, how does the Mac version compare to the linux one? Is the Ubuntu - Mac OS transition complicated? Will I be able to leverage my Linux knowledge? OTOH, I'm your average nerd, so I'm not sure if I'm cool enough for a Mac. Besides, having a double chin, a black turtle neck is completely out of question. Thanks in advance!

    Read the article

  • iPhone development books

    - by hhafez
    I've looked on SO and it seems that most people have been recomending books as the best iphone development resource due to the lack of resources on the web. I've seen the book the The Pragmatic Programmer: iPhone SDK development been recomended a few times. I'm planning to go buy a couple of books. Which should I go for? Please give reason :) A bit of background : I have a strong background in C and I've played around with Cocoa so something iphone specific would be best ( but I'm open for suggestions ;)) Update I'm not looking for simple listings of iphone SDK related books, I can google that ;) I want books that people are reading/have read and would recomend :) Final Update I just ordered my copy of Beginning iPhone Development: Exploring the iPhone SDK. My main reasons on chosing it are that it's already in print (unlike the pragmatic one) and I looked at the preview on their website and I liked it.

    Read the article

  • Test Driven Development (TDD) with Rails

    - by macek
    I am looking for TDD resources that are specific to Rails. I've seen the Rails Guide: The Basics of Creating a Rails Plugin which really spurred my interest in the topic. I have the Agile Development with Rails book and I see there's some testing-related information there. However, it seems like the author takes you through the steps of building the app, then adds testing afterward. This isn't really Test Driven Development. Ideally, I'd like a book on this, but a collection of other tutorials or articles would be great if such a book doesn't exist. Things I'd like to learn: Primary goal: Best Practices Unit testing How to utilize Fixtures Possibly using existing development data in place of fixtures What's the community standard here? Writing tests for plugins Testing with session data User is logged in User can access URL /foo/bar Testing success of sending email Thanks for any help!

    Read the article

  • Should we develop code on a local machine in a VLAN?

    - by red tiger
    Because of security reasons, we will not be able to use IIS on our local machines. I'm sure that many of you have faced the same problem, so how did you solve it? Here are the options that we're looking at: Create a VLAN that is isolated from the network for development. This will allow us to use any software, including IIS, that we want. A disadvantage is testing Web services with external organizations, which can be overcome by using stubs. Not use a VLAN and use only the ASP.NET Development Server that comes with Visual Studio, and then deploying that code to the development server. This has the disadvantage of not being able to replicate the production environment during local development. In addition, at least one developer needs IIS for GIS development, so he couldn't develop locally. Thank you for comments or suggestions that you may have!

    Read the article

  • PCI DSS requirement 6.4.2 separation of duties between development/test environments

    - by Aleksandar Ivanisevic
    6.4.2 Is there separation of duties between personnel assigned to the development/test environments and those assigned to the production environment? What does the separation of duties here mean? Is it in the sense of http://www.sans.edu/research/security-laboratory/article/it-separation-duties or something else? The formulation "between test and production environment" is really confusing me, it looks like they mean that one should have different sysadmins for test and production? Or do they just mean that developers shouldn't have access to production? thanks.

    Read the article

  • How to setup VIM for php development?

    - by Ashwin kumar
    I have been trying a lot (but not smartly) to figure out setting up VIM, ctags, omnicomple for PHP development. On Googling I found this file. But have no clue how to use it. What have I done until now? Here it is: I am on Fedora 17 64-bit OS Logged in as root Found my VIM version to be VIM - Vi IMproved 7.3 (2010 Aug 15, compiled May 8 2012 15:05:51) Followed the install details as here http://www.vim.org/scripts/script.php?script_id=3171 install details Place in $HOME/.vim/autoload/phpcomplete.vim and enable the php ftplugin What else I am missing? How do I start using omnicomplete. (this is the first time I am using omnicomplete) Why didn't I try IDE's? I have a single core machine running LAMP stack. Didn't wanted to slow down everything and hence sticking to command line environment.

    Read the article

  • Creating cookieless application on development machine with asp.net

    - by zaladane
    I am thinking about setting up a new domain to host static content on my website and have it cookieless just like Stackoverflow with their static domain. So before going ahead and buying the domain and setting it up I wanted to test it on my developement machine first under localhost (I have to mention that i am planning on having IIS running on my new domain for the static files). I therefore created a new application under IIS and disabled session state and forms authentication. When my main application needs resources like css, images and js , I use the path to the "static" application where they are hosted. The problem is that when I look at the request and the response for the requested files, they still have the session_id cookie defined as well as the asp.net authentication cookie. Is it at all possible to accomplish what i am trying to do on a development machine or do i have to just go ahead and purchase the new domain which hopefully with make things right? I tried to read about cookieless domain but can't figure out what i might be missing.

    Read the article

  • Best linux distro for cuda development

    - by user18151
    Can someone suggest the best linux distro for CUDA development. The reason why I'm asking is that I tried installing the latest cuda SDK in Fedora 12, and it was a real pain in the neck. It took me 8 hours to get the nouveau driver removed and the nvidia-driver installed. After that somehow the OS decides to act up and blow up the /var/log/message file to 9 GB and eat up all my remaining space, with strange errors. I don't even understand what happened further, but my Nvidia drives don't work anymore. Please don't flame me, I'm NOT a windows fanboy or anything. I've been using Linux since 2002, and actually like it. Its just my personal experience. Would be really helpful for positive suggestions. Fanboys, please stay aside. Thanks in advance.

    Read the article

  • Connect to development server via switch?

    - by letseatfood
    I apologize upfront if this isn't appropriate for superuser. I asked it on serverfault and was told it was too general for that site. I have a laptop with Vista and it receives it's internet connection wireless. I have an old desktop with Ubuntu 10.04 Server Edition installed and it is setup as a development server with Apache, MySQL, and PHP. This works well, with the server having a static IP address. The server is connected to the router via an Ethernet cable. Is it possible to disconnect the cable that is currently connecting the server and the router, then connect the server and workstation to a switch, so that I am still able to connect to the server via web browser from the workstation? I am trying to eliminate the long ethernet cable connecting the server to the router in the other room. I already have a switch, that is why I asked specifically about it. Thanks and I will be more than happy to clarify!

    Read the article

  • ubuntu to ubuntu backup in internal network

    - by amirash
    hey, i got my development "home" server witch is ubuntu 10, i brought today a computer in order to make a backup to this computer (the development server does also to him self backups every day but im paranoaid so i want to have two backups just in case on diffrent computers) what is the best way to backup the system core of the development server (like norton ghost) & do a full & incrmnt backup of him to the new computer that ive brought? rsync? rdiff? scp? clonezilla?

    Read the article

  • Development environment for embedded system

    - by Howard Lee Harkness
    I need to develop software in C/C++ for an embedded system. I have Debian 6 running off of a USB hard drive. I would like to be able to generate a stripped-down kernel with modules, and install them either on a CF card or a USB 'thumb' drive. I succeeded in building a Linux 3.6 kernel and running it in Debian off of the USB hard drive, but I am having trouble figuring out how to install it on the thumb drive. I would like a build cycle that looks like this: 1) Build module or kernel with desired software 2) Install it on thumb drive 3) Boot and test I would like to use the same system for both development and testing, if that is feasible. I am looking for resources and tutorials that would help me understand how to do this.

    Read the article

  • lamp server permissions on development server

    - by user101289
    I run a LAMP server on a ubuntu laptop I use only for development. I am not greatly concerned with security, since the server is never accessible outside the local network, and it's turned off when I'm not using it. My question is what is the simplest and 'best' way to set permissions/users/groups so that when my myself user creates, edits or writes files in the webroot, I won't need to go through and CHMOD / CHOWN everything back to the www-data user? Should I add myself to the www-data group? Or chown the webroot to www-data:myself? Or is there a best practice for this situation so I don't have to keep re-setting the ownership of these files? Thanks

    Read the article

  • Unable to install IIS - Application Development Features - ASP.NET

    - by progtick
    If I install IIS with Application Development Features - ASP.NET (or installing IIS first and adding ASP.NET later on). It's giving me the dreaded error: An error has occurred. Not all of the features were successfully changed. I tried uninstalling WAS. I uninstalled and reinstalled .NET 3.5.1. I repaird .NET 4.0 If I install IIS without that feature, then it would let me. Any suggestions?! Is this the correct place to ask this question?

    Read the article

  • ubuntu to ubuntu backup in internal network

    - by amirash
    hey, i got my development "home" server witch is ubuntu 10, i brought today a computer in order to make a backup to this computer (the development server does also to him self backups every day but im paranoaid so i want to have two backups just in case on diffrent computers) what is the best way to backup the system core of the development server (like norton ghost) & do a full & incrmnt backup of him to the new computer that ive brought? rsync? rdiff? scp? clonezilla?

    Read the article

< Previous Page | 82 83 84 85 86 87 88 89 90 91 92 93  | Next Page >