Search Results

Search found 10115 results on 405 pages for 'coding practices'.

Page 118/405 | < Previous Page | 114 115 116 117 118 119 120 121 122 123 124 125 | Next Page >

Is there a .NET equivalent of WebGoat

- by PJB

Looking at this question the OWASP WebGoat project looks like a great way to learn about web security. Although the principles will equally to .NET applications I would prefer to use .NET based application. Does anybody know of a suitable .NET alternative?

Read the article
What XSS/CSRF attacks (if any) to be aware of when allowing video embeds?

- by fireeyedboy

I've been assigned a project for a website where users will be allowed to upload video's (using a YouTube API) but more importantly (for me) they will also be allowed to submit video embed codes (from numerous video sites, YouTube, Vimeo, etc. etc.). Having no experience with allowing users to embed video: How can I best protect against cross site scripting and/or cross site request forgery attacks specifically for video embedding? What are some of the common pitfalls to watch for? At a minumum I would think to strip all tags except <object> and <embed>. But I have a feeling this will not be enough, will it? If it is of importance, the environment will be: PHP/Zend Framework MySQL Bonuspoints: Is there a common minimum golden rule/code template for video embed codes that are valid across all video sites that I could use to filter the input?

Read the article
html clickable layout area. best practice

- by Andrew Florko

I am bad in html layout but I have to produce it :) I want to make big button on a page that is implemented as div with children tags (maybe - a bad idea). I can handle click event on boundary-div with javascript but it requires javascript enabled. I can wrap boundary-div with "anchor" tag but is doesn't work in IE Please, suggest me the best way to implement this. <a href="..."> <table> <td> ... </td> <td> ... <table> ... </table> </td> </table> </a>

Read the article
syntax for binding multiple variables within text

- by danke

When binding multiple variables value1 value2 value3 in the same text field, do I do this: text="{some text value1 other text value2 and other text value3}" or text="some text {value1} other text {value2} and other text {value3}" I noticed both work, but which is the right way to do it and will work all the time.

Read the article
Premature optimization is the root of all evil, but can it ever be too late?

- by polygenelubricants

"We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil" So what is that 3% like? Can the avoidance of premature optimization ever be taken too extreme that it does more harm than good? Even if it's rare, has there been a case of a real measurable software engineering disaster due to complete negligence to optimize early in the process? Bonus question: is software engineering pretty much the only field that has such a counter intuitive principle regarding doing something earlier rather than later before things potentially become too big a problem to fix? Personal question: how do you justify something as premature optimization and not just a case of you being lazy/ignorant/dumb?

Read the article
How to handle management trying to interfere with the project (including architecture decision)

- by Zwei Steinen

I feel this is not a very good question to post on SO, but I need some advice from experienced developers... (I'm a second year developer) I guess this is a problem to many, many projects, but in our case, it is getting intense. There were so much interference from people that don't know a bit about software development, that our development came to an almost complete stop. We had to literary escape to another location to get any useful job done. Now we were happily producing results, but then I get a request for a "meeting" and it's them again. I have a friendly relationship with them, but I feel very daunted at the thought of talking about non-sense all over again. Should I be firm and tell them to shut up and wait for our results? Or should I be diplomatic and create an illusion they are making a positive contribution or something?? My current urge is to be unfriendly and murmur some stuff so they will give up or something. What would you do if you were in this situation?

Read the article
What's the standard behaviour for an out parameter when a TryXxxx method returns false?

- by Matt Lacey

Assuming a method with the following signature bool TryXxxx(object something, out int toReturn) What is it acceptable for toReturn to be if TryXxxx returns false? In that it's infered that toReturn should never be used if TryXxxx fails does it matter? If toReturn was a nulable type, then it would make sense to return null. But int isn't nullable and I don't want to have to force it to be. If toReturn is always a certain value if TryXxxx fails we risk having the position where 2 values could be considered to indicate the same thing. I can see this leading to potential possible confusion if the 'default' value was returned as a valid response (when TryXxxx returns true). From an implementation point if view it looks like having toReturn be a[ny] value is easiest, but is there anything more important to consider?

Read the article
What is the difference between using IDisposable vs a destructor in C#?

- by j0rd4n

When would I implement IDispose on a class as opposed to a destructor? I read this article, but I'm still missing the point. My assumption is that if I implement IDispose on an object, I can explicitly 'destruct' it as opposed to waiting for the garbage collector to do it. Is this correct? Does that mean I should always explicitly call Dispose on an object? What are some common examples of this?

Read the article
Is there an existing template for a new C++ Open Source project

- by esavard

I want to start a new C++ (Qt) Open Source project and I'm wondering if there is an existing template somewhere for files usually found in an Open Source project but that are not purely source code (README, LICENSE, CHANGELOG, etc.) I could probably find a popular Open Source project for inspiration but if there is some existing generic templates, I will use that instead. Thanks.

Read the article
Multiple Actions (Forms) on one Page - How not to lose master data, after editing detail data?

- by nWorx

Hello all, I've got a form where users can edit members of a group. So they have the possibilty to add members or remove existing members. So the Url goes like ".../Group/Edit/4" Where 4 is the id of the group. the view looks like this <% using (Html.BeginForm("AddUser", "Group")) %> <%{%> <label for="newUser">User</label> <%=Html.TextBox("username")%> <input type="submit" value="Add"/> </div> <%}%> <% using (Html.BeginForm("RemoveUser", "Group")) %> <%{%> <div class="inputItem"> <label for="groupMember">Bestehende Mitglieder</label> <%= Html.ListBox("groupMember", from g in Model.GetMembers() select new SelectListItem(){Text = g}) %> <input type="submit" value="Remove" /> </div> <%}%> The problem is that after adding or removing one user i lose the id of the group. What is the best solution for solving this kind of problem? Should I use hidden fields to save the group id? Thanks in advance.

Read the article
What is the replacement for a blinking text in a web page?

- by rahul

Hi, I have heard that using blinking text in a page to get user's attention is not a good practice. What is the alternative for that?

Read the article
How to use a 3rd party control inside the viewmodel?

- by Sander

I have a 3rd party control which among other things performs loading of some data. I want my viewmodel to keep track of this load operation and adjust its own state accordingly. If it were up to me, I'd do the data loading far away from the view, but it is not. So, I seem to be in the situation where my viewmodel depends on my view. How do I best handle this? I feel rather dirty making the view publish events to the viewmodel but I don't see any other reasonable way to get this info into the viewmodel. A similar situation might crop up with standard controls, too - imagine if your viewmodel depends on the events coming from a MediaElement - how do you properly model this? Do you put the MediaElement into the viewmodel? That doesn't sound right. If publishing the events to the viewmodel is indeed the most reasonable way, is there some common pattern used for this? How do you do it?

Read the article
Git Submodule or fork

- by Eric

I have a private repo in github that is the complete source code to my cms. Now I have a few local customers that I want to use the same code base on but with different themes. Is it better to fork the original project out into a repo for each one. Or use a submodule and create a new repo for each customer? After each site is complete I would imagine the theme files wouldn't change much but would need to pull in changes from the main repo when bugs are discovered.

Read the article
What Getters and Setters should and shouldn't do.

- by cyclotis04

I've run into a lot of differing opinions on Getters and Setters lately, so I figured I should make it into it's own question. A previous question of mine received an immediate comment (later deleted) that stated setters shouldn't have any side effects, and a SetProperty method would be a better choice. Indeed, this seems to be Microsoft's opinion as well. However, their properties often raise events, such as Resized when a form's Width or Height property is set. OwenP also states "you shouldn't let a property throw exceptions, properties shouldn't have side effects, order shouldn't matter, and properties should return relatively quickly." Yet Michael Stum states that exceptions should be thrown while validating data within a setter. If your setter doesn't throw an exception, how could you effectively validate data, as so many of the answers to this question suggest? What about when you need to raise an event, like nearly all of Microsoft's Control's do? Aren't you then at the mercy of whomever subscribed to your event? If their handler performs a massive amount of information, or throws an error itself, what happens to your setter? Finally, what about lazy loading within the getter? This too could violate the previous guidelines. What is acceptable to place in a getter or setter, and what should be kept in only accessor methods?

Read the article
.Net Compact Framework Tips, Tricks, and Gotchas

- by Mat Nadrofsky

Hey everyone, We work extensively in the .Net Compact Framework and Windows Mobile. I've seen plenty of questions come up regarding specifics to development of ASP.Net apps or other .Net based desktop apps but nothing CF specific. Anyone else a mobile developer out there that can share some things to start doing, stop doing, and avoid doing when developing in the Compact Framework?

Read the article
Code promotion: Enforcing the rules

- by jbarker7

So here is our problem: We have a small team of developers with their own ways of doing things-- I am trying to formalize a process in which we are required to promote our code in the following order: Local sandbox Dev UAT Staging Live Developers develop/test as they go on their own sandbox, Dev is its own box that we would use for continuous integration, UAT is another site in IIS on the dev box, which uses our dev database. We then promote to staging, which is a site in IIS on the Live box and using live data (just like the live, hence staging). Then, finally, we promote to live. Here are a few of my questions: 1.) Does this seem to be best practice? If not, what needs to be done differently? 2.) How do I enforce the rules to the developers? Often developers skip steps in order to save time... this should not be tolerated and would be great if it could be physically enforced. 3.) How do I enforce these rules to the business group? The business group just wants to get features out FAST. Do we promote only on certain days? Thanks! Josh

Read the article
Python's JSON module doesn't use __get__?

- by Matt

When I serialize a list of objects with a custom __get__ method, __get__ is not called and the raw (unprocessed by custom __get__) value from __set__ is used. How does Python's json module iterate over an item? Note: if I iterate over the list before serializing, the correct value returned by __get__ is used.

Read the article
Multiple REPLACE function in Oracle

- by Adnan

I am using the REPLACE function in oracle to replace values in my string like; SELECT REPLACE('THE NEW VALUE IS #VAL1#','#VAL1#','55') from dual So this is OK to replace one value, but what about 20+, should I use 20+ REPLACE function or is there a more practical solution. All ideas are welcome.

Read the article
C++ : Efficient code

- by Alerty

What code sample is a brilliant example of efficiency in the C++ programming language and its features?

Read the article
JSP application scope objects in Java library

- by FrontierPsycho

I am working on a preexisting web application built with JSP, which uses an external Java library. I want to make some JavaBeans that were instantiated with jsp:useBean tags available to the Java code. What would be a good practice to do that? I suppose I can pass the objects in question to every function call that requires them, but I'd like to avoid that.

Read the article
What is a good practice to access class attributes in class methods?

- by Clem

I always wonder about the best way to access a class attribute from a class method in Java. Could you quickly convince me about which one of the 3 solutions below (or a totally different one :P) is a good practice? public class Test { String a; public String getA(){ return this.a; } public setA(String a){ this.a = a; } // Using Getter public void display(){ // Solution 1 System.out.println(this.a); // Solution 2 System.out.println(getA()); // Solution 3 System.out.println(this.getA()); } // Using Setter public void myMethod(String b, String c){ // Solution 1 this.a = b + c; // Solution 2 setA(b + c); // Solution 3 this.setA(b + c); } }

Read the article
What makes an effective UI for displaying versioning of structured hierarchical data

- by Fadrian Sudaman

Traditional version control system are displaying versioning information by grouping Projects-Folders-Files with Tree view on the left and details view on the right, then you will click on each item to look at revision history for that configuration history. Assuming that I have all the historical versioning information available for a project from Object-oriented model perspective (e.g. classes - methods - parameters and etc), what do you think will be the most effective way to present such information in UI so that you can easily navigate and access the snapshot view of the project and also the historical versioning information? Put yourself in the position that you are using a tool like this everyday in your job like you are currently using SVN, SS, Perforce or any VCS system, what will contribute to the usability, productivity and effectiveness of the tool. I personally find the classical way for display folders and files like above are very restrictive and less effective for displaying deep nested logical models. Assuming that this is a greenfield project and not restricted by specific technology, how do you think I should best approach this? I am looking for idea and input here to add values to my research project. Feel free to make any suggestions that you think is valuable. Thanks again for anyone that shares their thoughts.

Read the article
Observing social web behavior: to log or populate databases?

- by jlafay

When considering social web app architecture, is it a better approach to document user social patterns in a database or in logs? I thought for sure that behavior, actions, events would be strictly database stored but I noticed that some of the larger social sites out there also track a lot by logging what happens. Is it good practice to store prominent data about users in a database and since thousands of user actions can be spawned easily, should they be simply logged?

Read the article
"Special case" records for foreign key constraints

- by keithjgrant

Let's say I have a mysql table, called foo with a foreign key option_id constrained to the option table. When I create a foo record, the user may or may not have selected an option, and 'no option' is a viable selection. What is the best way to differentiate between 'null' (i.e. the user hasn't made a selection yet) and 'no option' (i.e. the user selected 'no option')? Right now, my plan is to insert a special record into the option table. Let's say that winds up with an id of 227 (this table already has a number of records at this point, so '1' isn't available). I have no need to access this record at a database level, and it would act as nothing more than a placeholder that the foreign key in the foo table can reference. So do I just hard-code '227' in my codebase when I'm creating 'foo' records where the user has selected 'no option'? The hard-coded id seems sloppy, and leaves room for error as the code is maintained down the road, but I'm not really sure of another approach.

Read the article
How do you refer to the currently logged user in your code?

- by Emanuil

In other words - what would be a good name for a variable that references the currently logged user? I've come up with a few: logged_user visitor me I'm not convinced either of them is good enough though.

Read the article

< Previous Page | 114 115 116 117 118 119 120 121 122 123 124 125 | Next Page >