Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 9/886 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • At what point would you drop some of your principles of software development for the sake of more money?

    - by MeshMan
    I'd like to throw this question out there to interestingly see where the medium is. I'm going to admit that in my last 12 months, I picked up TDD and a lot of the Agile values in software development. I was so overwhelmed with how much better my development of software became that I would never drop them out of principle. Until...I was offered a contracting role that doubled my take home pay for the year. The company I joined didn't follow any specific methodology, the team hadn't heard of anything like code smells, SOLID, etc., and I certainly wasn't going to get away with spending time doing TDD if the team had never even seen unit testing in practice. Am I a sell out? No, not completely... Code will always been written "cleanly" (as per Uncle Bob's teachings) and the principles of SOLID will always be applied to the code that I write as they are needed. Testing was dropped for me though, the company couldn't afford to have such a unknown handed to the team who quite frankly, even I did create test frameworks, they would never use/maintain the test framework correctly. Using that as an example, what point would you say a developer should never drop his craftsmanship principles for the sake of money/other benefits to them personally? I understand that this can be a very personal opinion on how concerned one is to their own needs, business needs, and the sake of craftsmanship etc. But one can consider that for example testing can be dropped if the company decided they would rather have a test team, than rather understand unit testing in programming, would that be something you could forgive yourself for like I did? So given that there is something you would drop, there usually should be an equal cost in the business that makes up for what you drop - hopefully, unless of course you are pretty much out for lining your own pockets and not community/social collaborating ;). Double your money, go back to RAD? Or walk on, and look for someone doing Agile, and never look back...

    Read the article

  • VisualAssert Testing in C++, Loading a test fixture.

    - by C_Bevan
    Good day, I am learning Testing in Visual Studio C++ and I have several tutorials which I have followed. I am trying to load a test fixture. I have tried to put the test .cpp file in many different places but it will still not pick up on it when I click on "Run Tests" or "Run Tests without debugging" In the tutorials I found, they seemed to load into the Test Explorer automatically, but in mine is an icon with a X + (PROJECTNAME).EXE and when I hoover over it I get the process exited without registering with the agent... this is due to the model not containing any test fixtures... How can I load my tests into the Test Explorer...or register them with my project... I've tried right click and "Add Fixture...".... but that just starts a new test file and I have the same problem. Anybody know how I solve this issue?

    Read the article

  • Best practice Unit testing abstract classes?

    - by Paul Whelan
    Hello I was wondering what the best practice is for unit testing abstract classes and classes that extend abstract classes. Should I test the abstract class by extending it and stubbing out the abstract methods and then test all the concrete methods? Then only test the methods I override and the abstract methods in the unit tests for objects that extend my abstract class. Should I have an abstract test case that can be used to test the methods of the abstract class and extend this class in my test case for objects that extend the abstract class? EDIT: My abstract class has some concrete methods. I would be interested to see what people are using. Thanks Paul

    Read the article

  • Integration Testing an Entire *Existing* Application (w/ automatic execution of test suite)

    - by Ev
    Hi there, I have just joined a team working on an existing Java web app. I have been tasked with creating an automated integration test suite that should run when developers commit to our continuous integration server (TeamCity), which automatically deploys to our staging server - so really the tests will be run against our staging web app server. I have read a lot of stuff about automated integration testing with frameworks like Watir, Selenium and RWebSpec. I have created tests in all of these and while I prefer Watir, I am open to anything. The thing that hasn't become clear to me is how to create an entire test suite for an application, and how to have that suite execute in it's entirety upon execution of some script. I can happily create individual tests of varying complexity, but there is a gap in my knowledge about how to tie everything together into something useful. Does anyone have any advice on how to create a full test suite and have it execute automatically? Thanks!

    Read the article

  • SSIS Script Component Testing Strategy

    - by Paul Kohler
    This question is in respect to the script component specifically. I am aware of ssisUnit etc… With simple SSIS Scripts Components, it’s sufficient to let basic testing flesh out issues, however I am working with a script that has grown in complexity over time. To better test the functionality I am considering abstracting the script logic into a DLL that gets deployed with the package, and then use the custom component in the script. The advantage is that the function will be more testable etc but it’s one more deployment artefact that needs to be managed. My question is, does anyone know of a better way to test such an SSIS script in a more isolated manner than to run the whole package and examine the output?

    Read the article

  • Unit Testing functions within repository interfaces - ASP.net MVC3 & Moq

    - by RawryLions
    I'm getting into writing unit testing and have implemented a nice repository pattern/moq to allow me to test my functions without using "real" data. So far so good.. However.. In my repository interface for "Posts" IPostRepository I have a function: Post getPostByID(int id); I want to be able to test this from my Test class but cannot work out how. So far I am using this pattern for my tests: [SetUp] public void Setup() { mock = new Mock<IPostRepository>(); } [Test] public void someTest() { populate(10); //This populates the mock with 10 fake entries //do test here } In my function "someTest" I want to be able to call/test the function GetPostById. I can find the function with mock.object.getpostbyid but the "object" is null. Any help would be appreciated :) iPostRepository: public interface IPostRepository { IQueryable<Post> Posts {get;} void SavePost(Post post); Post getPostByID(int id); }

    Read the article

  • How to do concurrent modification testing for grails application

    - by werner5471
    I'd like to run tests that simulate users modifying certain data at the same time for a grails application. Are there any plug-ins / tools / mechanisms I can use to do this efficiently? They don't have to be grails specific. It should be possible to fire multiple actions in parallel. I'd prefer to run the tests on functional level (so far I'm using Selenium for other tests) to see the results from the user perspective. Of course this can be done in addition to integration testing if you'd recommend to run concurrent modification tests on integration level as well.

    Read the article

  • How can I remove the Translation entries in apt?

    - by Lord of Time
    This is the output of aptitude update: Ign http://archive.canonical.com natty InRelease Ign http://extras.ubuntu.com natty InRelease Ign http://dl.google.com stable InRelease Ign http://security.ubuntu.com natty-security InRelease Hit http://deb.torproject.org natty InRelease Get:1 http://dl.google.com stable Release.gpg [198 B] Ign http://us.archive.ubuntu.com natty InRelease Ign http://us.archive.ubuntu.com natty-updates InRelease Hit http://archive.canonical.com natty Release.gpg Hit http://extras.ubuntu.com natty Release.gpg Hit http://security.ubuntu.com natty-security Release.gpg Hit http://us.archive.ubuntu.com natty Release.gpg Hit http://security.ubuntu.com natty-security Release Hit http://archive.canonical.com natty Release Hit http://extras.ubuntu.com natty Release Get:2 http://dl.google.com stable Release [1,338 B] Hit http://us.archive.ubuntu.com natty-updates Release.gpg Hit http://security.ubuntu.com natty-security/main Sources Hit http://archive.canonical.com natty/partner amd64 Packages Hit http://deb.torproject.org natty/main amd64 Packages Hit http://extras.ubuntu.com natty/main Sources Hit http://us.archive.ubuntu.com natty Release Hit http://security.ubuntu.com natty-security/restricted Sources Hit http://security.ubuntu.com natty-security/universe Sources Hit http://security.ubuntu.com natty-security/multiverse Sources Hit http://security.ubuntu.com natty-security/main amd64 Packages Hit http://security.ubuntu.com natty-security/restricted amd64 Packages Ign http://archive.canonical.com natty/partner TranslationIndex Hit http://extras.ubuntu.com natty/main amd64 Packages Ign http://extras.ubuntu.com natty/main TranslationIndex Hit http://security.ubuntu.com natty-security/universe amd64 Packages Hit http://security.ubuntu.com natty-security/multiverse amd64 Packages Ign http://security.ubuntu.com natty-security/main TranslationIndex Ign http://security.ubuntu.com natty-security/multiverse TranslationIndex Ign http://security.ubuntu.com natty-security/restricted TranslationIndex Ign http://deb.torproject.org natty/main TranslationIndex Ign http://security.ubuntu.com natty-security/universe TranslationIndex Hit http://us.archive.ubuntu.com natty-updates Release Hit http://us.archive.ubuntu.com natty/main Sources Hit http://us.archive.ubuntu.com natty/restricted Sources Hit http://us.archive.ubuntu.com natty/universe Sources Hit http://us.archive.ubuntu.com natty/multiverse Sources Hit http://us.archive.ubuntu.com natty/main amd64 Packages Hit http://us.archive.ubuntu.com natty/restricted amd64 Packages Hit http://us.archive.ubuntu.com natty/universe amd64 Packages Hit http://us.archive.ubuntu.com natty/multiverse amd64 Packages Ign http://us.archive.ubuntu.com natty/main TranslationIndex Ign http://us.archive.ubuntu.com natty/multiverse TranslationIndex Ign http://us.archive.ubuntu.com natty/restricted TranslationIndex Ign http://us.archive.ubuntu.com natty/universe TranslationIndex Hit http://us.archive.ubuntu.com natty-updates/main Sources Hit http://us.archive.ubuntu.com natty-updates/restricted Sources Hit http://us.archive.ubuntu.com natty-updates/universe Sources Get:3 http://dl.google.com stable/main amd64 Packages [469 B] Ign http://dl.google.com stable/main TranslationIndex Hit http://us.archive.ubuntu.com natty-updates/multiverse Sources Hit http://us.archive.ubuntu.com natty-updates/main amd64 Packages Hit http://us.archive.ubuntu.com natty-updates/restricted amd64 Packages Hit http://us.archive.ubuntu.com natty-updates/universe amd64 Packages Hit http://us.archive.ubuntu.com natty-updates/multiverse amd64 Packages Ign http://us.archive.ubuntu.com natty-updates/main TranslationIndex Ign http://us.archive.ubuntu.com natty-updates/multiverse TranslationIndex Ign http://us.archive.ubuntu.com natty-updates/restricted TranslationIndex Ign http://us.archive.ubuntu.com natty-updates/universe TranslationIndex Ign http://archive.canonical.com natty/partner Translation-en_US Ign http://extras.ubuntu.com natty/main Translation-en_US Ign http://extras.ubuntu.com natty/main Translation-en Ign http://archive.canonical.com natty/partner Translation-en Ign http://security.ubuntu.com natty-security/main Translation-en_US Ign http://security.ubuntu.com natty-security/main Translation-en Ign http://security.ubuntu.com natty-security/multiverse Translation-en_US Ign http://security.ubuntu.com natty-security/multiverse Translation-en Ign http://security.ubuntu.com natty-security/restricted Translation-en_US Ign http://security.ubuntu.com natty-security/restricted Translation-en Ign http://security.ubuntu.com natty-security/universe Translation-en_US Ign http://security.ubuntu.com natty-security/universe Translation-en Ign http://ppa.launchpad.net natty InRelease Ign http://ppa.launchpad.net natty InRelease Ign http://ppa.launchpad.net natty InRelease Ign http://ppa.launchpad.net natty InRelease Ign http://ppa.launchpad.net natty InRelease Hit http://ppa.launchpad.net natty Release.gpg Hit http://ppa.launchpad.net natty Release.gpg Hit http://ppa.launchpad.net natty Release.gpg Hit http://ppa.launchpad.net natty Release.gpg Hit http://ppa.launchpad.net natty Release.gpg Hit http://ppa.launchpad.net natty Release Ign http://dl.google.com stable/main Translation-en_US Hit http://ppa.launchpad.net natty Release Hit http://ppa.launchpad.net natty Release Hit http://ppa.launchpad.net natty Release Hit http://ppa.launchpad.net natty Release Ign http://dl.google.com stable/main Translation-en Hit http://ppa.launchpad.net natty/main Sources Hit http://ppa.launchpad.net natty/main amd64 Packages Ign http://ppa.launchpad.net natty/main TranslationIndex Hit http://ppa.launchpad.net natty/main Sources Hit http://ppa.launchpad.net natty/main amd64 Packages Ign http://ppa.launchpad.net natty/main TranslationIndex Hit http://ppa.launchpad.net natty/main Sources Hit http://ppa.launchpad.net natty/main amd64 Packages Ign http://ppa.launchpad.net natty/main TranslationIndex Hit http://ppa.launchpad.net natty/main Sources Hit http://ppa.launchpad.net natty/main amd64 Packages Ign http://ppa.launchpad.net natty/main TranslationIndex Hit http://ppa.launchpad.net natty/main Sources Ign http://us.archive.ubuntu.com natty/main Translation-en_US Ign http://us.archive.ubuntu.com natty/main Translation-en Hit http://ppa.launchpad.net natty/main amd64 Packages Ign http://ppa.launchpad.net natty/main TranslationIndex Ign http://us.archive.ubuntu.com natty/multiverse Translation-en_US Ign http://us.archive.ubuntu.com natty/multiverse Translation-en Ign http://us.archive.ubuntu.com natty/restricted Translation-en_US Ign http://us.archive.ubuntu.com natty/restricted Translation-en Ign http://us.archive.ubuntu.com natty/universe Translation-en_US Ign http://us.archive.ubuntu.com natty/universe Translation-en Ign http://us.archive.ubuntu.com natty-updates/main Translation-en_US Ign http://us.archive.ubuntu.com natty-updates/main Translation-en Ign http://us.archive.ubuntu.com natty-updates/multiverse Translation-en_US Ign http://us.archive.ubuntu.com natty-updates/multiverse Translation-en Ign http://us.archive.ubuntu.com natty-updates/restricted Translation-en_US Ign http://us.archive.ubuntu.com natty-updates/restricted Translation-en Ign http://us.archive.ubuntu.com natty-updates/universe Translation-en_US Ign http://us.archive.ubuntu.com natty-updates/universe Translation-en Ign http://ppa.launchpad.net natty/main Translation-en_US Ign http://ppa.launchpad.net natty/main Translation-en Ign http://ppa.launchpad.net natty/main Translation-en_US Ign http://ppa.launchpad.net natty/main Translation-en Ign http://archive.getdeb.net natty-getdeb InRelease Ign http://ppa.launchpad.net natty/main Translation-en_US Ign http://ppa.launchpad.net natty/main Translation-en Ign http://ppa.launchpad.net natty/main Translation-en_US Ign http://ppa.launchpad.net natty/main Translation-en Ign http://ppa.launchpad.net natty/main Translation-en_US Ign http://ppa.launchpad.net natty/main Translation-en Hit http://archive.getdeb.net natty-getdeb Release.gpg Hit http://archive.getdeb.net natty-getdeb Release Ign http://deb.torproject.org natty/main Translation-en_US Ign http://deb.torproject.org natty/main Translation-en Hit http://archive.getdeb.net natty-getdeb/apps amd64 Packages Ign http://archive.getdeb.net natty-getdeb/apps TranslationIndex Ign http://archive.getdeb.net natty-getdeb/apps Translation-en_US Ign http://archive.getdeb.net natty-getdeb/apps Translation-en Fetched 2,005 B in 45s (44 B/s) Reading package lists... Is there any way I can get rid of the Translation stuff? I'm tired of it resulting in tons of repository checks rather than it checking far less repositories (69 actual repos vs. 169 checks)

    Read the article

  • Are there any language agnostic unit testing frameworks?

    - by Bringer128
    I have always been skeptical of rewriting working code - porting code is no exception to this. However, with the advent of TDD and automated testing it is much more reasonable to rewrite and refactor code. Does anyone know if there is a TDD tool that can be used for porting old code? Ideally you could do the following: Write up language agnostic unit tests for the old code that pass (or fail if you find bugs!). Run unit tests on your other code base that fail. Write code in your new language that passes the tests without looking at the old code. The alternative would be to split step 1 into "Write up unit tests in language 1" and "Port unit tests to language 2", which significantly increases effort required and is difficult to justify if the old code base is going to stop being maintained after the port (that is, you don't get the benefit of continuous integration on this code base). EDIT: It's worth noting this question on StackOverflow.

    Read the article

  • How to remove the “AMD Testing use only” watermark from Ubuntu 12.10

    - by Lucio
    I've installed the latest catalyst driver (beta) following the step in this guide for Ubuntu Quantal Quetzal. My system is 64 bit and my graphic card is an ATI RadeonHD 6670, this g.c. is Officially Supported (Catalyst & Open Source), you can confirm that from this AMD Linux Community thread. I don't have any problem, except the AMD testing use only watermark. I see the following frame in any stage into the OS (logged, unlloged, etc.) except in the terminals. I found different versions of how to remove this image, but this change according to the system, so I want an answer from this popular (trusted) site. How to solve this issue in Ubuntu 12.10 32b? This procedure is different in a 64b system?

    Read the article

  • Should I be using a JavaScript SPA designed when security is important

    - by ryanzec
    I asked something kind of similar on stackoverflow with a particular piece of code however I want to try to ask this in a broader sense. So I have this web application that I have started to write in backbone using a Single Page Architecture (SPA) however I am starting to second guess myself because of security. Now we are not storing and sending credit card information or anything like that through this web application but we are storing sensitive information that people are uploading to us and will have the ability to re-download too. The obviously security concern that I have with JavaScript is that you can't trust anything that comes from JavaScript however in a Backbone SPA application, everything is being sent through JavaScript. There are two security features that I will have to build in JavaScript; permissions and authentication. The authentication piece is just me override the Backbone.Router.prototype.navigate method to check the fragment it is trying to load and if the JavaScript application.session.loggedIn is not set to true (and they are not viewing a none authenticated page), they are redirected to the login page automatically. The user could easily modify application.session.loggedIn to equal true (or modify Backbone.Router.prototype.navigate method) but then they would also have to not so easily dynamically embedded a link into the page (or modify a current one) that has the proper classes, data-* attributes, and href values to then load a page that should only be loaded when they user has logged in (and has the permissions). So I have an acl object that deals with the permissions stuff. All someone would have to do to view pages or parts of pages they should not be able to is to call acl.addPermission(resource, permission) with the proper permissions or modify the acl.hasPermission() to always return true and then navigate away and then back to the page. Now certain things is EMCAScript 5 like Object.seal() or Object.freeze() would help with some of this however we have to support IE 8 which does not support those pieces of functionality. Now the REST API also performs security checks on every request so technically even if they are able to see parts of the interface that they should not be able to, they still should not be able to actually affect any data. The main benefits for me in developing a JavaScript SPA application is that the application is a lot more responsive since it is only transferring the minimum amount of JSON data for the requested action and performing the minimum amount of work too. There are also other things that I think are beneficial like you are going to have to develop an API for the data (which is good if you want expand your application to different platforms/technologies) or their is more of a separation between front-end and back-end however if security is a concern, it is really wise to go down the road of a JavaScript SPA application for the front-end?

    Read the article

  • Which Free Online Antivirus Scanner is the Best? [Comparison Test and Results]

    - by Asian Angel
    There are times when an online or supplementary scanner can be very useful when cleaning up an infected computer or just to get a second opinion on the security of your system. With this purpose in mind, the good folks over at the 7 Tutorials blog decided to do a test using the ten most popular online security scanners to see what worked the best and what did not. The following scanners were used for the test: Bitdefender QuickScan, BullGuard Online Scanner, Comodo Cloud Scanner, ESET Free Online Scanner, F-Secure Online Scanner, Kaspersky Security Scan, McAfee Security Scan Plus, Norton Security Scan, Panda ActiveScan and Trend Micro HouseCall. Are there any online or supplementary scanners that you use and depend on? Do you agree or disagree with the results? Let us know in the comments! Test Comparison – What is the Best Free Online Antivirus Scanner? [7 Tutorials] HTG Explains: Why Linux Doesn’t Need Defragmenting How to Convert News Feeds to Ebooks with Calibre How To Customize Your Wallpaper with Google Image Searches, RSS Feeds, and More

    Read the article

  • TDE Tablespace Encryption 11.2.0.1 Certified with EBS 11i

    - by Steven Chan
    Oracle Advanced Security is an optional licenced Oracle 11g Database add-on.  Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features:  column encryption and tablespace encryption.  TDE Tablespace Encryption 11.2.0.1 is now certified with Oracle E-Business Suite Release 11i. What is Transparent Data Encryption (TDE) ? Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers. TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.

    Read the article

  • Networking Programs Suitable For Symbolic Testing

    - by Milen
    Symbolic execution has been successfully used to test programs and automatically generate test cases. I've been working on my master's thesis that allows the testing of arbitrary networked programs (i.e., those communicating via sockets). Now that we have a working symbolic execution engine that has support for sockets, we're looking for real-world pieces of software to test. Our engine has an important restriction (at the moment): it cannot execute multi-threaded programs. So, we're looking for programs that satisfy the criteria outlined below: Written in C Communicates via sockets (TCP / UDP are supported) Does not rely on the filesystem to get the "job" done Runs on Linux Does not use multi-threading Source is available (so that we can compile them to LLVM bytecode) Most programs that would fall under the criteria would probably be implementations of distributed protocols solving a particular problem (e.g., consensus). Any suggestions are greatly appreciated.

    Read the article

  • Where to draw the line between development-led security and administration-led security?

    - by haylem
    There are cases where you have the opportunity, as a developer, to enforce stricter security features and protections on a software, though they could very well be managed at an environmental level (ie, the operating system would take care of it). Where would you say you draw the line, and what elements do you factor in your decision? Concrete Examples User Management is the OS's responsibility Not exactly meant as a security feature, but in a similar case Google Chrome used to not allow separate profiles. The invoked reason (though it now supports multiple profiles for a same OS user) used to be that user management was the operating system's responsibility. Disabling Web-Form Fields A recurrent request I see addressed online is to have auto-completion be disabled on form fields. Auto-completion didn't exist in old browsers, and was a welcome feature at the time it was introduced for people who needed to fill in forms often. But it also brought in some security concerns, and so some browsers started to implement, on top of the (obviously needed) setting in their own preference/customization panel, an autocomplete attribute for form or input fields. And this has now been introduced into the upcoming HTML5 standard. For browsers who do not listen to this attribute, strange hacks *\ are offered, like generating unique IDs and names for fields to avoid them from being suggested in future forms (which comes with another herd of issues, like polluting your local auto-fill cache and not preventing a password from being stored in it, but instead probably duplicating its occurences). In this particular case, and others, I'd argue that this is a user setting and that it's the user's desire and the user's responsibility to enable or disable auto-fill (by disabling the feature altogether). And if it is based on an internal policy and security requirement in a corporate environment, then substitute the user for the administrator in the above. I assume it could be counter-argued that the user may want to access non-critical applications (or sites) with this handy feature enabled, and critical applications with this feature disabled. But then I'd think that's what security zones are for (in some browsers), or the sign that you need a more secure (and dedicated) environment / account to use these applications. * I obviously don't deny the ingenuity of the people who were forced to find workarounds, just the necessity of said workarounds. Questions That was a tad long-winded, so I guess my questions are: Would you in general consider it to be the application's (hence, the developer's) responsiblity? Where do you draw the line, if not in the "general" case?

    Read the article

  • New security configuration flag in UCM PS3

    - by kyle.hatlestad
    While the recent Patch Set 3 (PS3) release was mostly focused on bug fixes and such, a new configuration flag was added for security. In 10gR3 and prior versions, UCM had a component called Collaboration Manager which allowed for project folders to be created and groups of users assigned as members to collaborate on documents. With this component came access control lists (ACL) for content and folders. Users could assign specific security rights on each and every document and folder within a project. And it was possible to enable these ACL's without having the Collaboration Manager component enabled. But it took some special instructions (see technote# 603148.1) and added some extraneous pieces still related to Collaboration Manager. When 11g came out, Collaboration Manager was no longer available. But the configuration settings to turn on ACLs were still there. Well, in PS3 they've been cleaned up a bit and a new configuration flag has been added to simply turn on the ACL fields and none of the other collaboration bits. To enable ACLs: UseEntitySecurity=true Along with this configuration flag to turn ACLs on, you also need to define which Security Groups will honor the ACL fields. If an ACL is applied to a content item with a Security Group outside this list, it will be ignored. SpecialAuthGroups=HumanResources,Legal,Marketing Save the settings and restart the instance. Upon restart, two new metadata fields will be created: xClbraUserList, xClbraAliasList. If you are using OracleTextSearch as the search indexer, be sure to run a Fast Rebuild on the collection. On the Check In, Search, and Update pages, values are added by simply typing in the value and getting a type-ahead list of possible values. Select the value, click Add and then set the level of access (Read, Write, Delete, or Admin). If all of the fields are blank, then it simply falls back to just Security Group and Account access. As for how they are stored in the metadata fields, each entry starts with it's identifier: ampersand (&) symbol for users, "at" (@) symbol for groups, and colon (:) for roles. Following that is the entity name. And at the end is the level of access in paranthesis. e.g. (RWDA). And each entry is separated by a comma. So if you were populating values through batch loader or an external source, the values would be defined this way. Detailed information on Access Control Lists can be found in the Oracle Fusion Middleware System Administrator's Guide for Oracle Content Server.

    Read the article

  • Is unit testing or test-driven development worthwhile?

    - by Owen Johnson
    My team at work is moving to Scrum and other teams are starting to do test-driven development using unit tests and user acceptance tests. I like the UATs, but I'm not sold on unit testing for test-driven development or test-driven development in general. It seems like writing tests is extra work, gives people a crutch when they write the real code, and might not be effective very often. I understand how unit tests work and how to write them, but can anyone make the case that it's really a good idea and worth the effort and time? Also, is there anything that makes TDD especially good for Scrum?

    Read the article

  • A testing feedback/report tool?

    - by Mert
    I'm thinking of developing a pluggable test and assessment module. This tool will be used especially for desktop application projects to report and log errors, bugs, missing features and suggestions from testers. The tool will be plugged to the application by putting a small icon to the application itself. When pressed the tool will be visible where user can create entries about the application. Is there already a tool like that? I am not speaking about UI testing btw. For example, this tool might have a form consisting of Page name Environment information Entry type (can be bug, feature request, suggestion) Message User Info (name, contact etc) Date I think such a tool can greatly help testers prepare reports. Developers can understand the issue better and track all the reports.

    Read the article

  • Development-led security vs administration-led security in a software product?

    - by haylem
    There are cases where you have the opportunity, as a developer, to enforce stricter security features and protections on a software, though they could very well be managed at an environmental level (ie, the operating system would take care of it). Where would you say you draw the line, and what elements do you factor in your decision? Concrete Examples User Management is the OS's responsibility Not exactly meant as a security feature, but in a similar case Google Chrome used to not allow separate profiles. The invoked reason (though it now supports multiple profiles for a same OS user) used to be that user management was the operating system's responsibility. Disabling Web-Form Fields A recurrent request I see addressed online is to have auto-completion be disabled on form fields. Auto-completion didn't exist in old browsers, and was a welcome feature at the time it was introduced for people who needed to fill in forms often. But it also brought in some security concerns, and so some browsers started to implement, on top of the (obviously needed) setting in their own preference/customization panel, an autocomplete attribute for form or input fields. And this has now been introduced into the upcoming HTML5 standard. For browsers that do not listen to this attribute, strange hacks* are offered, like generating unique IDs and names for fields to avoid them from being suggested in future forms (which comes with another herd of issues, like polluting your local auto-fill cache and not preventing a password from being stored in it, but instead probably duplicating its occurences). In this particular case, and others, I'd argue that this is a user setting and that it's the user's desire and the user's responsibility to enable or disable auto-fill (by disabling the feature altogether). And if it is based on an internal policy and security requirement in a corporate environment, then substitute the user for the administrator in the above. I assume it could be counter-argued that the user may want to access non-critical applications (or sites) with this handy feature enabled, and critical applications with this feature disabled. But then I'd think that's what security zones are for (in some browsers), or the sign that you need a more secure (and dedicated) environment / account to use these applications. * I obviously don't deny the ingeniosity of the people who were forced to find workarounds, just the necessity of said workarounds. Questions That was a tad long-winded, so I guess my questions are: Would you in general consider it to be the application's (hence, the developer's) responsiblity? Where do you draw the line, if not in the "general" case?

    Read the article

  • Unit testing time-bound code

    - by maasg
    I'm currently working on an application that does a lot of time-bound operations. That is, based on long now = System.currentTimeMillis();, and combined with an scheduler, it will calculate periods of time that parametrize the execution of some operations. e.g.: public void execute(...) { // executed by an scheduler each x minutes final int now = (int) TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()); final int alignedTime = now - now % getFrequency() ; final int startTime = alignedTime - 2 * getFrequency(); final int endTimeSecs = alignedTime - getFrequency(); uploadData(target, startTime, endTimeSecs); } Most parts of the application are unit-tested independently of time (in this case, uploadData has a natural unit test), but I was wondering about best practices for testing time-bound parts that rely on System.currentTimeMillis() ?

    Read the article

  • How to improve testing your own code

    - by Peter
    Hi guys, Today I checked in a change on some code which turned out to be not working at all due to something rather stupid yet very crucial. I feel really bad about it and I hope I finally learn something from it. The stupid thing is, I've done these things before and I always tell myself, next time I won't be so stupid... Then it happens again and I feel even worse about it. I know you should keep your chin up and learn from your mistakes but here's the thing: I try to improve myself, I just don't see how I can prevent these things from happening. So, now I'm asking you guys: Do you have certain groundrules when testing your code?

    Read the article

  • How come verification does not include actual testing?

    - by user970696
    Having read a lot about this topic, I still did not get it. Verification should prove that you are building the product right, while validation you build the right product. But only static techniques are mentioned as being verification methods (code reviews, requirements checks...). But how can you say if its implemented correctly if you do not test it? It is said that verification checks e.g. code for its correctnes. Verification - ensure that the product meet specified requirements. Again, if the function is specified to work somehow, only by testing I can say that it does. Could anyone explain this to me please? EDIT: As Wiki says: Verification:Preparing of the test cases (based on the analysis of the requireemnts) Validation: Running of the test cases

    Read the article

  • Scrum got specific ways for testing software?

    - by joker13
    When reading Scrum Guide, as the official text for scrum, I find out there is no specific solution to provide software testing in scrum. (the only hint is on page15) I'm a little vague on whether scrum is considered a software development methodology or not? If it is not, then how come some of its practices opposes Extreme Programming? (I know that in scrum guide, the author notes that scrum is a framework not a methodology, but still I'm not pretty clear on that) And what's more, I'm not sure if there are any other important textbook that I'm missing so far about scrum. I need them to be official or of great deal of public acceptance.

    Read the article

  • Testing To Prevent Cascading Bugs

    - by jfrankcarr
    Yesterday, Twitter was hit with a "Cascading Bug" as described in this blog post: A “cascading bug” is a bug with an effect that isn’t confined to a particular software element, but rather its effect “cascades” into other elements as well. I've seen this kind of bug, on a smaller scale of course, on some projects I've worked on. They can be difficult to identify in dev/test environments, even within a test driven development environment. My questions are... What are some strategies you use, beyond the basic TDD and standard regression testing, to identify and prevent the potential trouble points that might only occur in the production environment? Does the presence of such problems indicate a breakdown in the software development process or simply a by-product of complex software systems?

    Read the article

  • Testing web applications written in java

    - by Vinoth Kumar
    How do you test the web applications (both server side and client side code)? The testing method has to work irrespective of the framework used (struts, spring web mvc) etc. I am using Java for the server side code, Javascript and HTML for the client side code. This is the sample test case of what I am talking about: 1. When you click on a link, the pop up opens. 2. Change some value in the pop up (say a drop down value) and it gets saved in the DB. 3. Click the popup again, you get the changed values. Can we simulate this kind of thing using unit test cases? Is JUnit enough for this?

    Read the article

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >