Search Results

Search found 22139 results on 886 pages for 'security testing'.

Page 116/886 | < Previous Page | 112 113 114 115 116 117 118 119 120 121 122 123 | Next Page >

What is the value of checking in failing unit tests?

- by user20194

While there are ways of keeping unit tests from being executed, what is the value of checking in failing unit tests? I will use a simple example: Case Sensitivity. The current code is case sensitive. A valid input into the method is "Cat" and it would return an enum of Animal.Cat. However, the desired functionality of the method should not be case sensitive. So if the method described was passed "cat" it could possibly return something like Animal.Null instead of Animal.Cat and the unit test would fail. Though a simple code change would make this work, a more complex issue may take weeks to fix, but identifying the bug with a unit test could be a less complex task. The application currently being analyzed has 4 years of code that "works". However, recent discussions regarding unit tests have found flaws in the code. Some just need explicit implementation documentation (ex. case sensitive or not), or code that does not execute the bug based on how it is currently called. But unit tests can be created executing specific scenarios that will cause the bug to be seen and are valid inputs. What is the value of checking in unit tests that exercise the bug until someone can get around to fixing the code? Should this unit test be flagged with ignore, priority, category etc, to determine whether a build was successful based on tests executed? Eventually the unit test should be created to execute the code once someone fixes it. On one hand it shows that identified bugs have not been fixed. On the other, there could be hundreds of failed unit tests showing up in the logs and weeding through the ones that should fail vs. failures due to a code check-in would be difficult to find.

Read the article
Not assigning Bugs to a specific user

- by user2977817

My question: Is there a benefit to NOT assigning a Bug to a particular developer? Leaving it to the team as-a-whole? Our department has decided to be more Agile by not assigning Bugs/Defects to individuals. Using Team Foundation Server 2012, we'll place all Bugs in a development team's "Area" but leave the "Assigned To" field blank. The idea is that the team will create a Task work item which will be assigned to an individual and the Task will link to the Bug. The Team as a whole will therefore take responsibility for the Bug, not an individual, aligning to Scrum - apparently. I see the down side. The reporting tools built into TFS become less useful when you cannot sort by assigned vs unassigned, let alone sorting by which user Bugs are assigned. Is there a benefit I'm not seeing? Besides encouraging teamwork by putting the responsibility on the team-as-a-whole instead of an individual?

Read the article
Drive By Download Issue

- by mprototype

I'm getting a drive by download issue reported on www.cottonsandwichquiltshop.com/catalog/index.php?manufacturers_id=19&sort=2a&filterid=61 reported from safeweb.norton.com when I scan the root url. I have dug through the entire site architecture, and code base and removed a few files that were malicious, i upgraded the site's framework and fixed the security holes (mostly sql injection concerns)..... However this one threat still exists and I can't locate it for the life of me, or find any valid research or information on removing this type of threat at the server level, mostly just a bunch of anti-virus software wanting to sell you on their ability to manage it on the client end. PLEASE HELP Thanks.

Read the article
Combining a content management system with ASP.NET

- by Ek0nomik

I am going to be creating a site that seems like it requires a blend of a content management system (CMS) and some custom web development (which is done in ASP.NET MVC). I have plenty of web development experience to understand the ASP.NET MVC side of the fence, but, I don't have a lot of CMS knowledge aside from getting one stood up. Right now my biggest question is around integrating security from ASP.NET with the CMS. I currently have an ASP.NET MVC site that handles the authentication for multiple production sites and creates an authentication cookie under our domain (*.example.com). The page acts like a single sign on page since the cookie is a wildcard and can be used in any other applications of the same domain. I'd really like to avoid having users put in their credentials twice. Is there a CMS that will play well with the ASP.NET Forms Authentication given how I have these existing applications structured? As an aside, right now I am leaning towards Drupal, but, that isn't finalized.

Read the article
Why not write all tests at once when doing TDD?

- by RichK

The Red - Green - Refactor cycle for TDD is well established and accepted. We write one failing unit test and make it pass as simply as possible. What are the benefits to this approach over writing many failing unit tests for a class and make them all pass in one go. The test suite still protects you against writing incorrect code or making mistakes in the refactoring stage, so what's the harm? Sometimes it's easier to write all the tests first as a form of 'brain dump' to quickly write down all the expected behavior in one go.

Read the article
How to separate production and test assets during development?

- by bcsanches

Hi Folks, this is like a complement for Assets Management, database or versioning system?. I am wondering about how to separate development, specially programmers assets from production assets? For example, if we keep all the assets on the same repository, how do you keep with programmers assets and final game assets? Do you keep a separate directory for each of those, allowing duplicates? Or do you use some fancy scheme for striping out the "development" and "test" assets from final build?

Read the article
How to install correctly another Linux flavour (in my case PCLinuxOS) together with installed Ubuntu 10.10 ?

- by Vincenzo

Hello everybody and Prosperous and Productive Year 2011 !!! I have Ubuntu 10.10 (32bit) installed on my laptop. I would like to install PCLinuxOS (KDE or LXDE version, I don't know yet) on the same computer across with Ubuntu 10.10. I would like to test 'in real conditions' a new PCLinuxOS as well as to resolve my question regarding Audio CD playback issue (mounting DBus timeout error). I would be grateful if somebody can advise me how to perform the installation of another Linux flavour without breakdown :) of existing Ubuntu system ? Thank you in advance for advices and recommendations. Here is my current partitioning:

Read the article
Mimicking a bluetooth disconnection

- by user2529672

I've written a program to control a bluetooth device. I'm trying to test cases when the bluetooth disconnects, i.e. if its out of range. Physically taking the device out of range is one possibility, but its quite cumbersome and I have to go outside my office to achieve this. What can I do to trigger a disconnection? Is there, for example, an interferer I can setup, say with an Android phone, that would make the connection drop? Or limit the Bluetooth transmit power? Any other possibilities?

Read the article
Access Token Verification

- by DecafCoder

I have spent quite a few days reading up on Oauth and token based security measures for REST API's and I am currently looking at implementing an Oauth based authentication approach almost exactly like the one described in this post (OAuth alternative for a 2 party system). From what I understand, the token is to be verified upon each request to the resource server. This means the resource server would need to retrieve the token from a datastore to verify the clients token. Given this would have to happen upon every request I am concerned about the speed implications of hitting a datastore like MySQL or NoSQL upon every request just to verify the token. Is this the standard way to verify tokens by having them stored in a RDBMS or NoSQL database and retrieved upon each request? Or is it a suitable solution to have them cached (baring in mind that we are talking millions of users)?

Read the article
How will I know when my company is ready to receive an investment? [migrated]

- by gunshor

How will I know when my company is ready to receive an investment? I am starting a company and have bootstrapped it so far. I have produced four versions of the demo. The first fully-working version is underway. Getting this to a beta phase product will require capital, which requires an investment, which requires an investor, which requires I stop working on the product and go out and talk to people about it. The last time I raised money from investors, it took a while but I was successful. I don't want it to take a while. I want it to be brain dead simple for an investor to understand the value so that I can optimize the time I spend with the product. Is my logic flawed? What is the best way to approach raising money, while limiting both my time and risk? Thanks.

Read the article
Is doing AB Tests using site redirection a bad practice?

- by user40358

I'm developing hotels websites here in Brazil. When the site is done, we do an AB test with the old version to measure conversion and show to the hotel owner how good our site is. Due to the fact that I cannot put the old site inside the new one as a subresource (newone.com/old), currently I'm doing those AB test as follows: 1) I create 2 Google Analytics accounts, one for each site (old and new); 2) I put the GA tags in the old website pages (changing its possibly existent GA ID to the just created one); 3) I put an Javascript code that redirects the user to the old website (in a different URL and different domain) with 50% of probability. So I compare all the metrics, events and goals between those two GA accounts. How bad is it? How Google can interpretate the fact of being, sometimes redirected, sometimes don't? The experiment usually runs for 2 weeks. Is there any other alternative for doing this in a better way?

Read the article
How do people maintain their test suite?

- by Ida

In particular, I'm curious about the following aspects: How do you know that your test cases are wrong (or out-of-date) and needed to be repaired (or discarded)? I mean, even if a test case became invalid, it might still pass and remain silent, which could let you falsely believe that your software works okay. So how do you realize such problems of your test suite? How do you know that your test suite is no longer sufficient and that new test cases should be added? I guess this has something to do with the requirement changes, but is there any systematic approach to check the adequacy of test suite?

Read the article
Setting up fastcgi on an Ubunutu server (socket file permissions issue)

- by gray alien

I am trying to set up mod_fcgid on my server. Part of the requirement is that Apache needs to create a socket file for mod_fcgid. I specified the folder for Apache to write the socket data to: /var/run/apache2/fcgid I then specified this file in my fcgid.conf file as follows: SocketPath /var/run/apache2/fcgid/sock I then changed the owner of the folder to www-data (the apache user) and gave the owner full permissions to the folder and its contents. I was able to run my test fcgi app then. When I rebooted the machine, y fastcgi app no longer worked. After some investigation, I found that ownership of /var/run/apache2/fcgid has been reset to root, and with permission reset to 700 I have the following questions: Is there something specific about the /var/run folder? why is the permissions being reset after a reboot? Should I move my socket file to another location (in case root automatically takes ownership of contents in this folder for security reasons?) I am running Ubuntu 10.0.4 LTS 64 bit

Read the article
Is there a better way to organize my module tests that avoids an explosion of new source files?

- by luser droog

I've got a neat (so I thought) way of having each of my modules produce a unit-test executable if compiled with the -DTESTMODULE flag. This flag guards a main() function that can access all static data and functions in the module, without #including a C file. From the README: -- Modules -- The various modules were written and tested separately before being coupled together to achieve the necessary basic functionality. Each module retains its unit-test, its main() function, guarded by #ifdef TESTMODULE. `make test` will compile and execute all the unit tests, producing copious output, but importantly exitting with an appropriate success or failure code, so the `make test` command will fail if any of the tests fail. Module TOC __________ test obj src header structures CONSTANTS ---- --- --- --- -------------------- m m.o m.c m.h mfile mtab TABSZ s s.o s.c s.h stack STACKSEGSZ v v.o v.c v.h saverec_ f.o f.c f.h file ob ob.o ob.c ob.h object ar ar.o ar.c ar.h array st st.o st.c st.h string di di.o di.c di.h dichead dictionary nm nm.o nm.c nm.h name gc gc.o gc.c gc.h garbage collector itp itp.c itp.h context osunix.o osunix.c osunix.h unix-dependent functions It's compile by a tricky bit of makefile, m:m.c ob.h ob.o err.o $(CORE) itp.o $(OP) cc $(CFLAGS) -DTESTMODULE $(LDLIBS) -o $@ $< err.o ob.o s.o ar.o st.o v.o di.o gc.o nm.o itp.o $(OP) f.o where the module is compiled with its own C file plus every other object file except itself. But it's creating difficulties for the kindly programmer who offered to write the Autotools files for me. So the obvious way to make it "less weird" would be to bust-out all the main functions into separate source files. But, but ... Do I gotta?

Read the article
FxCop / Code Analysis with VS2010 Ultimate

- by Cuartico

I've getting some information about this, but I still can find a proper answer, I was asked recently in my company for this : "run a fxcop analysis on that code and tell me the results". Ok, I have VS2010 Ultimate which has code analysis, but before making any comment, I browse it on the internet cause I want to implement the best choice... So, let's say I'm gonna use the same rules on both analyzers: Should I recommend using one above the other? Should I say "hey, thats kinda old, let's use code analysis!" Should I get the same results on different computers? (for what I undersand, fxcop gives you some "points" and for what I've read, sometimes it gives you diff points on diff computers, I don't know about this with code analysis Thanks, any help would be appreciated

Read the article
Need private personal access to ~three PHP pages

- by Roger

I would like secure access to the text output by three PHP scripts (the text output is JavaScript and html) . The security level is much less then financial data but important none-the-less. I have considered purchasing AND studying https and SSL certificates. Hostgator charges an extra $2/month for a private ip plus $50+ anually for a certificate. This is more then I want to spend for this project (time + money). Is there a simpler solution that is: less expensive easier to implement. I'm open to different approaches.

Read the article
Apache: DoS with mod_deflate & range requests, tomcat also? [migrated]

- by VextoR

I know that apache has a security bug http://seclists.org/fulldisclosure/2011/Aug/175 So if you do this command: curl -I -H "Range: bytes=0-1,0-2" -s www.yandex.ru/robots.txt it says HTTP/1.1 206 Partial Content it means, the problem is exist. But the fact is, that for apache tomcat (our server) curl says 206 Partial Content as well. So we need to fix it. I found solution for apache HTTP (.htaccess, mod_headers) but not for tomcat. I'm very newbie for servers things, so can't understand most, so please help

Read the article
Recognizing text fields according to their label value

- by Pierpaolo Bagnasco

I have an application who has text fields (not select, not checkbox or other types) where an user can enter some value, like this: ISBN and E-Mail are the label of each input. Now I have to automatically test these inputs according to their label. The question is: how to recognize that, for example, the first input requires an ISBN code? I programmed something like this: turn the label value to lowercase check if the label value contains isbn if so set the field value to a random ISBN code (i.e.: 1234567890), else set it to a random value (default) For the email field: turn the label value to lowercase check if the label value contains e-mail or email or mail if so set the field value to a random email (i.e.: [email protected]), else set it to a random value (default) And so on for each text field I encounter. Is that reliable? How can I improve the "recognizing part"? I know only the label value and the field value (what is already written in the field by default) for each text input.

Read the article
How to open-source a project whose git repository has copyrighted media in the history?

- by phyzome

I want to release an audio fingerprinting software project under a free license, but the repository contains copyrighted audio files. The test cases also currently use these files. How do I release the code to the public with maximum version history but without violating copyright? Details: The code is versioned under git. We will collapse it all back into one branch before release. There are 400 MB of audio data. Some files are free-licensed music from e.g. Jamendo, others are MP3s from our personal collections. No matter what approach we take, we'll always keep an immutable copy of the original repo, so as not to destroy project history. Main question: How to handle the public release? Expunge all history of the files in question from the git repository and release the altered repo. (v64 pointed out a way to do this.) Alternatively, take a snapshot of the current state of the code and don't even bother having a public history of the pre-release code. Side question: How could we have avoided this dilemma in the first place, given that sometimes private code or media is needed for the early stages of a project?

Read the article
Where can I hire a trustworthy professional PHP programmer?

- by JJ22

I wrote a php application for my website that really needs to work well and be as secure as possible. I'm a novice php programmer, so while my application seems to work well, there may be inefficiencies or security vulnerabilities. I feel that I should have someone look over my code before making the application publicly available, but I'm hesitant to just post it online because it handles some rather sensitive things. Where can I find a competent, trustworthy, and relatively inexpensive php programmer who would be willing to review a few thousand lies of well-commented easy-to-read php code? Thank you!

Read the article
What to do about this gnome-keyring message?

- by arroy_0209

I upgraded from ubuntu 10.04 to 12.04 and installed lxde. Since then whenever I try to print some file (or use command lpstat), I get this message on the terminal: "WARNING: gnome-keyring:: couldn't connect to: /tmp/keyring-SZ59jJ/pkcs11: No such file or directory". This is beyond my knowledge and from search I only realize that this mey be related to security (as learned from gnome-keyring on wikipedia). I have no idea what to about this warning. Can anybody please suggest? Evidently as stated, I am not using gnome desktop, I choose lxde session at the time of logging in.

Read the article
Coded UI Test Method failed inconsistently

- by Sunitha M

The following exception failing my UI automation test. Message: Test method CodedUITestMethod1 throw exception: The playback failed to find the control with the given search properties. Additional Details: TechnologyName: 'UIA' ControlType: 'MenuItem' Name: 'MyViewModel' ---> system.runtime.interopservices.comexception error hresult e_fail has been returned from a call to a COM component please any one give me a solution for these type of exceptions.

Read the article
I want to start using TDD. Any tips for a beginner?

- by Mike42

I never used an automated test mechanism in any of my projects and I feel I'm missing a lot. I want to improve myself, so I have to start tackling some issues I've been neglecting like this and trying Git instead of being stuck on SVN. What's a good way to learn TDD? I'll probably be using Eclipse to program in Java. I've heard of JUnit, but I don't know if there's anything else I should consider.

Read the article
Is the test, which touches the filenames under directory, a kind of unittest? [on hold]

- by Chen OT

I was told that unittest is fast and the tests which touches DB, across network, and touches FileSystem are not unittest. In one of my testcases, its input are the file names (amount about 300~400) under a specific folder. Although these input are part of file system, the execution time of this test is very fast. Should I moved this test, which is fast but touches file system, to higher level test?

Read the article
How best to construct our test subjects in unit tests?

- by Liath

Some of our business logic classes require quite a few dependencies (in our case 7-10). As such when we come to unit test these the creation become quite complex. In most tests these dependencies are often not required (only some dependencies are required for particular methods). As a result unit tests often require a significant number of lines of code to mock up these useless dependencies (which can't be null because of null checks). For example: [Test] public void TestMethodA() { var dependency5 = new Mock<IDependency1>(); dependency5.Setup(x => x. // some setup var sut = new Sut(new Mock<IDependency1>().Object, new Mock<IDependency2>().Object, new Mock<IDependency3>().Object, new Mock<IDependency4>().Object, dependency5); Assert.SomeAssert(sut.MethodA()); } In this example almost half the test is taken up creating dependencies which aren't used. I've investigated an approach where I have a helper method. [Test] public void TestMethodA() { var dependency5 = new Mock<IDependency1>(); dependency5.Setup(x => x. // some setup var sut = CreateSut(null, null, null, null, dependency5); Assert.SomeAssert(sut.MethodA()); } private Sut CreateSut(IDependency1 d1, IDependency2 d2...) { return new Sut(d1 ?? new Mock<IDependency1>().Object, d2 ?? new Mock<IDependency2>().Object, } But these often grow very complicated very quickly. What is the best way to create these BLL classes in test classes to reduce complexity and simplify tests?

Read the article

< Previous Page | 112 113 114 115 116 117 118 119 120 121 122 123 | Next Page >