Search Results

Search found 3698 results on 148 pages for 'dependency injection'.

Page 96/148 | < Previous Page | 92 93 94 95 96 97 98 99 100 101 102 103 | Next Page >

Using Session Bean provided data on JSF welcome page

- by takachgeza

I use JSF managed beans calling EJB methods that are provide data from database. I want to use some data already on the welcome page of the application. What is the best solution for it? EJBs are injected into JSF managed beans and it looks like the injection is done after executing the constructor. So I am not able to call EJB methods in the constructor. The normal place for EJB call is in the JSF action methods but how to call such a method prior to loding the first page of the application? A possible solution would be to call the EJB method conditionally in a getter that is used on the welcome page, for example: public List getProductList(){ if (this.productList == null) this.productList = myEJB.getProductList(); return this.productList; } Is there any better solution? For example, in some config file?

Read the article
Is there a production ready web application framework in Python?

- by peperg

I heard lots of good opinions about Python language. They say it's mature, expressive etc... Are there any production-ready web application frameworks in Python. By "production ready" I mean : supports objective-relational mapping with caching and declarative desciption (like JPA, Hibernate etc..) controls oriented user interface support - no HTML templates but something like JSF (RichFaces, Icefaces) or GWT, Vaadin, ZK component decomposition and dependency injection (like EJB or Spring) unit and integration testing good IDE support clustering, modularity etc (like Terracota, OSGi etc..) there are successful applications written in it by companies like IBM, Oracle etc (I mean real business applications not Twitter) could have commercial support Is it possible at all in Python world ? Or only choices are : use Python and write everything from the bottom (too expensice) stick to JEE buy .NET stack

Read the article
Lexing partial SQL in C#

- by Chris T

I'd need to parse partial SQL queries (it's for a SQL injection auditing tool). For example '1' AND 1=1-- Should break down into tokens like [0] => [SQL_STRING, '1'] [1] => [SQL_AND] [2] => [SQL_INT, 1] [3] => [SQL_AND] [4] => [SQL_INT, 1] [5] => [SQL_COMMENT] [6] => [SQL_QUERY_END] Are their any at least lexers for SQL that I base mine off of or any good tools like bison for C# (though I'd rather not write my own grammar as I need to support most if not all the grammar of MySQL 5)

Read the article
piece of php code for prevent hacking.

- by artmania

Hi friends, I have a php file at my site, and I connect to db, get some records and list them in same file. mysql_connect("localhost", "blabla", "blabla") or die(mysql_error()); mysql_select_db("blabla") or die(mysql_error()); $blabla1 = mysql_query("SELECT * FROM gallery WHERE id_cat=1"); $blabla2 = mysql_query("SELECT * FROM gallery WHERE id_cat=2"); $blabla3 = mysql_query("SELECT * FROM gallery WHERE id_cat=3"); So, is there anything I need to do for security? :/ like sql-injection or anything else. there is nothing going to url. it is just www.blabla.com/gallery.php appreciate advises!!! thanks a lot!

Read the article
How to efficiently SELECT rows from database table based on selected set of values

- by Chau Chee Yang

I have a transaction table of 1 million rows. The table has a field name "Code" to keep customer's ID. There are about 10,000 different customer code. I have an GUI interface allow user to render a report from transaction table. User may select arbitrary number of customers for rendering. I use IN operator first and it works for few customers: SELECT * FROM TRANS_TABLE WHERE CODE IN ('...', '...', '...') I quickly run into problem if I select few thousand customers. There is limitation using IN operator. An alternate way is create a temporary table with only one field of CODE, and inject selected customer codes into the temporary table using INSERT statement. I may then using SELECT A.* FROM TRANS_TABLE A INNER JOIN TEMP B ON (A.CODE=B.CODE) This works nice for huge selection. However, there is performance overhead for temporary table creation, INSERT injection and dropping of temporary table. Do you aware of better solution to handle this situation?

Read the article
What would you like to see in an beginner's ASP.NET security book

- by blowdart

This is a shameless information gathering exercise for my own book. One of the talks I give in the community is an introduction to web site vulnerabilities. Usually during the talk I can see at least two members of the audience go very pale; and this is basic stuff, Cross Site Scripting, SQL Injection, Information Leakage, Cross Site Form Requests and so on. So, if you can think back to being one, as a beginning web developer (be it ASP.NET or not) what do you feel would be useful information about web security and how to develop securely? I will already be covering the OWASP Top Ten (And yes this means stackoverflow will be in the acknowledgements list if someone comes up with something I haven't thought of yet!) It's all done now, and published, thank you all for your responses

Read the article
Separation of interfaces and implementation

- by bonefisher

From assembly(or module) perspective, what do you think of separation of Interface (1.assembly) and its Implementation (2.assembly)? In this way we can use some IoC container to develop more decoupling desing.. Say we have an assembly 'A', which contains interfaces only. Then we have an assembly 'B' which references 'A' and implements those interfaces..It is dependent only on 'A'. In assembly 'C' then we can use the IoC container to create objects of 'A' using dependency injection of objects from 'B'. This way 'B' and 'C' are completely unaware (not dependent) of themselves..

Read the article
How Can I Learn when to build my own Interfaces

- by BDotA

I am using C# and I know what are the interfaces and how syntatically use them,etc. but what I have not learned yet is that when I am tasked to write a project, create a component,... How should I learn better about interfaces so when I want to do something I be able to Think about using them in my design...or for example I want to learn about dependency injection or even using mocking objects for testing, these are all related to good understanding of interfaces and know when and how to use them ... Can you plase provide me some good advice, reading,... then can help me with that?

Read the article
Is it OK to reference 'this' when initializing a field?

- by parxier

Is it OK to reference this when initializing a field? public class MainClass { private SomeFieldClass field = new SomeFieldClass(this); public MainClass() {} } Or is it better to do that in constructor? public class MainClass { private SomeFieldClass field; public MainClass() { this.field = new SomeFieldClass(this); } } What is the best practice? I believe first option is better for unit testing and dependency injection. Are there any problems with it?

Read the article
Top techniques to avoid 'data scraping' from a website database

- by Addsy

I am setting up a site using PHP and MySQL that is essentially just a web front-end to an existing database. Understandably my client is very keen to prevent anyone from being able to make a copy of the data in the database yet at the same time wants everything publicly available and even a "view all" link to display every record in the db. Whilst I have put everything in place to prevent attacks such as SQL injection attacks, there is nothing to prevent anyone from viewing all the records as html and running some sort of script to parse this data back into another database. Even if I was to remove the "view all" link, someone could still, in theory, use an automated process to go through each record one by one and compile these into a new database, essentially pinching all the information. Does anyone have any good tactics for preventing or even just dettering this that they could share. Thanks

Read the article
Ninject: Abstract Class

- by Pickels

Hello, Do I need to do something different in an abstract class to get dependency injection working with Ninject? I have a base controller with the following code: public abstract class BaseController : Controller { public IAccountRepository AccountRepository { get; set; } } My module looks like this: public class WebDependencyModule : NinjectModule { public override void Load() { Bind<IAccountRepository>().To<AccountRepository>(); } } And this is my Global.asax: protected override void OnApplicationStarted() { Kernel.Load(new WebDependencyModule()); } protected override IKernel CreateKernel() { return new StandardKernel(); } It works when I decorate the IAccountRepository property with the [Inject] attribute. Thanks in advance.

Read the article
How might maven's buildNumber metadata become inconsistent across multiple build agents?

- by Brian Laframboise

We recently added a second build machine to our build environment and began experiencing very odd occasional build failures. I have two separate Maven build machines, A and B, each running Maven 2.2.1 and communicating to a shared Nexus 1.5.0 repository manager. My problem is that builds on B will occasionally fail because it refuses to download a newer version of a common dependency 'acme-1.0.0-SNAPSHOT' previously built by A and uploaded to Nexus. Looking inside the local repositories on both machines I noticed some oddities in the repository metadata. Machine A's acme\1.0.0-SNAPSHOT\maven-metadata-nexus.xml: <metadata> <groupId>acme</groupId> <artifactId>acme</artifactId> <version>1.0.0-SNAPSHOT</version> <versioning> <snapshot> <buildNumber>1</buildNumber> </snapshot> <lastUpdated>20100525173546</lastUpdated> </versioning> </metadata> Machine B's acme\1.0.0-SNAPSHOT\maven-metadata-nexus.xml: <metadata> <groupId>acme</groupId> <artifactId>acme</artifactId> <version>1.0.0-SNAPSHOT</version> <versioning> <snapshot> <buildNumber>2</buildNumber> </snapshot> <lastUpdated>20100519232317</lastUpdated> </versioning> </metadata> In Nexus's acme/1.0.0-SNAPSHOT/maven-metadata.xml: <metadata> <groupId>acme</groupId> <artifactId>acme</artifactId> <version>1.0.0-SNAPSHOT</version> <versioning /> </metadata> If I'm interpreting the metadata files correctly (documentation online is scant), it appears machine B believes it has a newer version of the acme dependency (based on buildNumber) despite the fact that machine A last built it 6 days after machine B did (based on timestamp). Nexus also appears to be unaware of a universally correct buildNumber. How could this situation possibly arise? What could I do to prevent my builds from failing due to inconsistent metadata? Have you experienced anything similar? Important notes: Both build machines have settings.xml files where the updatePolicy is "always". Nexus does indeed have the newer version of acme that was built by A. B simply refuses to download it. A and B are the only machines uploading to Nexus. Both servers share the same system time. All processes involved have write privileges to the metadata files so that they can be updated as necessary. I was unable to find any open Maven or Nexus issues describing this behaviour. Our CI server (Atlassian Bamboo) prevents builds of the same artifact from happening concurrently, so some race condition while uploading to Nexus is rather unlikely.

Read the article
What risks are there in using extracted PHP superglobals?

- by Zephiro

Hola usando estas funciones, que riesgo corro en tener problemas de seguridad, es necesesario usar extract() o hay alguna manera mejor de convertir las variables superglobales (array) en trozos de variables. Good, there is some risk in using the function extract in the superglobal variables as $_POS and $_GET, I work of the following way. There is risk of SQL INJECTION or there is an alternative to extract if ( get_magic_quotes_gpc() ) { $_GET = stripslashes( $_GET ); $_POST =stripslashes( $_POST ); } function vars_globals($value = '') { if (is_array ( $value )) $r = &$value; else parse_str ( $value, $r ); return $r; } $r = vars_globals( $_GET ); extract($r, EXTR_SKIP);

Read the article
Stored Procedure with ALTER TABLE

- by psayre23

I have a need to sync auto_increment fields between two tables in different databases on the same MySQL server. The hope was to create a stored procedure where the permissions of the admin would let the web user run ALTER TABLE [db1].[table] AUTO_INCREMENT = [num]; without giving it permissions (That just smells of SQL injection). My problem is I'm receiving errors when creating the store procedure. Is this something that is not allowed by MySQL? DROP PROCEDURE IF EXISTS sync_auto_increment; CREATE PROCEDURE set_auto_increment (tableName VARCHAR(64), inc INT) BEGIN ALTER TABLE tableName AUTO_INCREMENT = inc; END;

Read the article
Learning SQL White hat Hacking

- by user301751

Well here goes a sligtly arwkward question, I have changed job roles from Network Admin to SQL Server DBA thus having to learn SQL server 2005. I am quite self motivated and have learned the basics of Transac and a little about Reporting services. The only thing is I need to set senarios as theres not much coming in at work in the way of SQL tasks. I have always kept my interest in networking by setting little "Hacking tasks", I have has a look at some crackme's but can find nothing to play with. I understand the SQL injection is some sort of SQL hack but found not much on the subject. I know my way of learning might be a bit different from others but it is all White Hat and keeps my interest. Thanks

Read the article
What is the sense of permiting the user to use no passwords longer than xx chars?

- by reox

Its more like a usability question or maybe database, or even maybe security (consider injection attacks) but what is the sense of permiting the user's password to a be not longer than xx chars? It does not make any sense to me, because longer passwords are mostly considered better and even harder to crack, and some users use password safes, so the password length should not matter. I understand that passwords with more than 20 chars are hardly to remember, but if you use diceware or password safe you dont have any problem with that. I really cant understand why there are sites that say "your password need to be between 5 and 8 chars"... also should the password saved as hash, so the length of the field in the database is fixed, so where is the problem? i think that most of the sites where the password is has to be a fixed length are not even using any hashing method...

Read the article
How can a hacker put a file on my server root (apache, php, 1and1)

- by mike-sav

Hi there, I have a site hosted on 1and1 and a couple of weeks ago I noticed a hacker had put a .php file on the server that when viewed in a browser exposed my DB schema, DB connection strings, FTP account (for file uploads using a form), etc, etc. Naturally I panicked and I wiped the server and reuploaded my files. Fortunatley I encrypt passwords using MD5 and I don't store things like credit card details, etc, etc. Now I checked my files and with all user input I use a clean function (htmlentities, sql_real_escape_string, etc, etc) that strips the input of any XSS or SQL injection. I have also made sure that the session key gets re-engineered when a user status changes (like they log into their account) to prevent session hijacking, my folder permissions are set to 755 and file permission are 644. Has anyone got any idea how this could have happened? Or if I'm missing something

Read the article
Is php fileinfo sufficient to prevent upload of malicious files?

- by Scarface

Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.

Read the article
Java Spring 3.0 MVC Annotation vs COC. Whats the preferred method in the Java community?

- by Athens

I am using Spring's MVC framework for an application I'm hosting on Google's App Engine. So far, my controllers are registered via the @Controller annotation; however, prior to getting into Spring, I evaluated ASP.net MVC 2 which requires no configuration and is based on convention. Is convention over configuration (COC) the current and preferred method in the Java community to implement MVC with Spring. Also, this may be a result of my limited knowledge so far but i noticed that i could only instantiate my Controllers the required constuctor injection if i use the COC method via the ControllerClassNameHandlerMapping. For instance the following controller bean config will fail if i use the defaultannotationhandlermapping. <bean id="c" class="com.domain.TestController"> <constructor-arg ref="service" /> </bean> <bean id="service" class="com.domain.Service" /> My com.domain.TestController controller works fine if i use ControllerClassNameHandlerMapping/COC but it results in an error when i use defaultannotationhandlermapping/Annotations.

Read the article
.Net 4.0 Is There a Business Layer "Technology" ?

- by Ronny

Hi, I have a theoretical question about the .net framework. As I see it Microsoft gave us bunch of technologies for different layers. We have the ADO.NET and with the more improved Entity Framework for Data Access. And ASP.NET for WEB UI. And even WCF for Facade and SOA. But what in the middle, what do we have for the Business Layer? Is it just Referenced DLLs? How do we deal with the Application Pulling this days? I remember using COM+ 10 yeas ago because the IIS couldn't handle the pressure. Is Spring.Net is the best option available for injection? Thanks, Ronny

Read the article
Why is the EntityManager in my GAE + Spring (+graniteds) project reset to null?

- by prefabSOFT

Hi all, I'm having a problem with autowiring my EntityManager. Actually at server startup I can see that the injection works ok, though when trying to use my EntityManager it appears to be null again. @Component public class DataDaoImpl { protected EntityManager entityManager; @Autowired public void setEntityManager(EntityManager entityManager) { System.out.println("Injecting "+entityManager); //works! this.entityManager = entityManager; } public void createData(String key, String value) { System.out.println("In createData entityManager is "+entityManager); //entityManager null!? ... Output: Injecting org.datanucleus.store.appengine.jpa.DatastoreEntityManager@a60d19 The server is running at http://localhost:8888/ In createData entityManager is null So somehow the autowired entityManager is reset to null when trying to use it. It's a graniteds powered project though I don't think this is graniteds related. Any ideas? Thanks a lot in advance, Jochen

Read the article
Sticky Footers that move down when dynamic content gets loaded

- by Dominic Rodger

I've been using this snippet of jQuery to get a sticky footer: if($(document.body).height() < $(window).height()){ $("#footer").css({position: "absolute",top:($(window).scrollTop()+$(window).height()-$("#footer").height())+"px", width: "100%"}); } $(window).scroll(positionFooter).resize(positionFooter); However, that breaks when I've got expandable/collapsible divs lying around where the original content was less high than the window, since it is then stuck to the bottom of the window, rather than the bottom of the document. Is there a way of fixing this, or a better way of doing it? Please bear in mind that I don't have much control over the HTML, since I need to do this in Django's admin interface, which doesn't allow much injection of HTML in the places you might want to to accomplish this sort of thing (i.e. this answer and this answer don't work for me).

Read the article
maven test cannot load cross-module resources/properties ?

- by smallufo

I have a maven mantained project with some modules . One module contains one XML file and one parsing class. Second module depends on the first module. There is a class that calls the parsing class in the first module , but maven seems cannot test the class in the second module. Maven test reports : java.lang.NullPointerException at java.util.Properties.loadFromXML(Properties.java:851) at foo.firstModule.Parser.<init>(Parser.java:92) at foo.secondModule.Program.<init>(Program.java:84) In "Parser.java" (in the first module) , it uses Properties and InputStream to read/parse an XML file : InputStream xmlStream = getClass().getResourceAsStream("Data.xml"); Properties properties = new Properties(); properties.loadFromXML(xmlStream); The "data.xml" is located in first module's resources/foo/firstModule directory , and it tests OK in the first module. It seems when testing the second module , maven cannot correctly load the Data.xml in the first module . I thought I can solve the problem by using maven-dependency-plugin:unpack to solve it . In the second module's POM file , I add these snippets : <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-dependency-plugin</artifactId> <version>2.1</version> <executions> <execution> <id>data-copying</id> <phase>test-compile</phase> <goals> <goal>unpack</goal> </goals> <configuration> <artifactItems> <artifactItem> <groupId>foo</groupId> <artifactId>firstModule</artifactId> <type>jar</type> <includes>foo/firstModule/Data.xml</includes> <outputDirectory>${project.build.directory}/classes</outputDirectory> </artifactItem> </artifactItems> </configuration> </execution> </executions> </plugin> In this POM file , I try to unpack the first module , and copy the Data.xml to classes/foo/firstModule/ directory , and then run tests. And indeed , it is copied to the right directory , I can find the "Data.xml" file in "target/classes/foo/firstModule" directory. But maven test still complains it cannot read the File (Properties.loadFromXML() throws NPE). I don't know how to solve this problem. I tried other output directory , such as ${project.build.directory}/resources , and ${project.build.directory}/test-classes , but all in vain... Any advices now ? Thanks in advanced. Environments : Maven 2.2.1 , eclipse , m2eclipse

Read the article
performance of parameterized queries for different db's

- by tuinstoel

A lot of people know that it is important to use parameterized queries to prevent sql injection attacks. Parameterized queries are also much faster in sqlite and oracle when doing online transaction processing because the query optimizer doesn't have to reparse every parameterized sql statement before executing. I've seen sqlite becoming 3 times faster when you use parameterized queries, oracle can become 10 times faster when you use parameterized queries in some extreme cases with a lot of concurrency. How about other db's like mysql, ms sql, db2 and postgresql? Is there an equal difference in performance between parameterized queries and literal queries?

Read the article
PDO::ATTR_EMULATE_PREPARES => false

- by user264058

I'm new to php and PDO ,so i read this response to a similar post- Does PDO really not use prepared statements with mysql? Yes, by default (at least with version I tested) but native mode can be turned on manually. If not, can it be forced to do so By employing PDO::ATTR_EMULATE_PREPARES setting, the name is pretty self-explanatory. $dbh-setAttribute( PDO::ATTR_EMULATE_PREPARES, false ); should you do that? That's hardest question of them all. Well, I'd say - yes, you should. If you choose PDO as your db driver, there is no point in using it in the emulation mode. by YOUR COMMON SENSE Aren't prepared statements secure from SQL injection, why change if from 'true'-false?? what is native mode??

Read the article

< Previous Page | 92 93 94 95 96 97 98 99 100 101 102 103 | Next Page >