Search Results

Search found 17731 results on 710 pages for 'programming practices'.

Page 187/710 | < Previous Page | 183 184 185 186 187 188 189 190 191 192 193 194  | Next Page >

  • What XSS/CSRF attacks (if any) to be aware of when allowing video embeds?

    - by fireeyedboy
    I've been assigned a project for a website where users will be allowed to upload video's (using a YouTube API) but more importantly (for me) they will also be allowed to submit video embed codes (from numerous video sites, YouTube, Vimeo, etc. etc.). Having no experience with allowing users to embed video: How can I best protect against cross site scripting and/or cross site request forgery attacks specifically for video embedding? What are some of the common pitfalls to watch for? At a minumum I would think to strip all tags except <object> and <embed>. But I have a feeling this will not be enough, will it? If it is of importance, the environment will be: PHP/Zend Framework MySQL Bonuspoints: Is there a common minimum golden rule/code template for video embed codes that are valid across all video sites that I could use to filter the input?

    Read the article

  • What turns away users/prospective users?

    - by Zach Johnson
    In your experience, what kinds of things have turned away users and prospective users from using your programs? Also, what kinds of things turn you away from using someone else's programs? For example, one thing that really bugs me is when someone provides free software, but requires you to enter your name and email address before you download it. Why do they need my name and email address? I just want to use the program! I understand that the developer(s) may want to get a feel for how many users they have, etc, but the extra work I have to do really makes me think twice about downloading their software, even if it does really great things.

    Read the article

  • How to properly load HTML data from third party website using MVC+AJAX?

    - by Dmitry
    I'm building ASP.NET MVC2 website that lets users store and analyze data about goods found on various online trade sites. When user is filling a form to create or edit an item, he should have a button "Import data" that automatically fills some fields based on data from third party website. The question is: what should this button do under the hood? I see at least 2 possible solutions. First. Do the import on client side using AJAX+jQuery load method. I tried it in IE8 and received browser warning popup about insecure script actions. Of course, it is completely unacceptable. Second. Add method ImportData(string URL) to ItemController class. It is called via AJAX, does the import + data processing server-side and returns JSON-d result to client. I tried it and received server exception (503) Server unavailable when loading HTML data into XMLDocument. Also I have a feeling that dealing with not well-formed HTML (missing closing tags, etc.) will be a huge pain. Any ideas how to parse such HTML documents?

    Read the article

  • html clickable layout area. best practice

    - by Andrew Florko
    I am bad in html layout but I have to produce it :) I want to make big button on a page that is implemented as div with children tags (maybe - a bad idea). I can handle click event on boundary-div with javascript but it requires javascript enabled. I can wrap boundary-div with "anchor" tag but is doesn't work in IE Please, suggest me the best way to implement this. <a href="..."> <table> <td> ... </td> <td> ... <table> ... </table> </td> </table> </a>

    Read the article

  • .Net Compact Framework Tips, Tricks, and Gotchas

    - by Mat Nadrofsky
    Hey everyone, We work extensively in the .Net Compact Framework and Windows Mobile. I've seen plenty of questions come up regarding specifics to development of ASP.Net apps or other .Net based desktop apps but nothing CF specific. Anyone else a mobile developer out there that can share some things to start doing, stop doing, and avoid doing when developing in the Compact Framework?

    Read the article

  • How could it happen that version control software emerged so lately?

    - by sharptooth
    According to Wikipedia (the table at the page bottom), the earliest known version control systems were CVS and TeamWare both known from year 1990. How can it be? Software development has been here from at most 1960's and I honestly can't imagine working with codebase without version control. How could it happen that version control software emerged so lately compared to software development?

    Read the article

  • What's the best way to unit test code that generates random output?

    - by Flynn1179
    Specifically, I've got a method picks n items from a list in such a way that a% of them meet one criterion, and b% meet a second, and so on. A simplified example would be to pick 5 items where 50% have a given property with the value 'true', and 50% 'false'; 50% of the time the method would return 2 true/3 false, and the other 50%, 3 true/2 false. Statistically speaking, this means that over 100 runs, I should get about 250 true/250 false, but because of the randomness, 240/260 is entirely possible. What's the best way to unit test this? I'm assuming that even though technically 300/200 is possible, it should probably fail the test if this happens. Is there a generally accepted tolerance for cases like this, and if so, how do you determine what that is?

    Read the article

  • What is the best practice in regards to building composite dtos off of an aggregate root with domain

    - by Chance
    I'm trying to figure out the best approach/practice for assembling a composite data transfer object off of an aggregate root and would love to hear people's thoughts on this. For example, lets say I have a root that has a few domain objects as children. I want to assemble a specific view dto, based on some business logic, that either has attributes or full dto's of it's objects. What I'm struggling with is trying to figure out where that assembly should happen. I can see it going on the domain object of the aggregate root as there is some business logic associated with it. The benefits of this approach from what I've deduced thus far is that it should reduce the inevitable business logic from bleeding outisde of the domain object. It also allows for private methods that take care of tasks that could become more complex from an external builder. The downsides being that the domain object becomes much more entrenched in the application's workflow and represents much more than just the domain object. It also could become very large in the scenario where you need multiple composite Dtos. Alternatively, I could also see it belonging to some form of transfer object assembler where there is a builder for each domain object. The domain objects would still be responsible for GetDto() and UpdateFromDto(dto). Outside of that, the builder would handle the construction and deconstruction of composite dtos. The downside is kind of mentioned above, where I fear this will easily lead to developers unfamiliar with DDD bleeding a ton of business logic into the assembler which is what I want to desperately avoid. Any thoughts would be greatly apperciated.

    Read the article

  • Efficient storage/retrieval method for replayable comet style applications (Google Wave, Etherpad)

    - by Gareth Simpson
    I am considering a web application that would have the same kind of multi user, automatic saving, infinite undo / replay capabilities that you see in Google Wave and Etherpad (albeit on a drastically smaller scale and userbase). Before I go away and reinvent the wheel, is this something that has already been addressed as either a piece of technology or library, or even just a design pattern. I know this isn't necessarily the best Stack Overflow question as there is probably not a "right" answer, but my Google-fu has failed me and I'd just like a reading list! Ordinarily I would be developing under python/django but this is not a firm requirement just a preference :)

    Read the article

  • What is the best way to identify which form has been submitted?

    - by Rupert
    Currently, when I design my forms, I like to keep the name of the submit button equal to the id of the form. Then, in my php, I just do if(isset($_POST['submitName'])) in order to check if a form has been submitted and which form has been submitted. Firstly, are there any security problems or design flaws with this method? One problem I have encountered is when I wish to overlay my forms with javascript in order to provide faster validation to the user. For example, whilst I obviously need to retain server side validation, it is more convenient for the user if an error message is displayed inline, upon blurring an input. Additionally, it would be good to provide entire form validation, upon clicking the submit button. Therefore, when the user clicks on the form's submit button, I am stopping the default action, doing my validation, and then attempting to renable the traditional submit functionality, if the validation passes. In order to do this, I am using the form.submit() method but, unfortunately, this doesn't send the submit button variable (as it should be as form.submit() can be called without any button being clicked). This means my PHP script fails to detect that the form has been submitted. What is the correct way to work around this? It seems like the standard solution is to add a hidden field into the form, upon passing validation, which has the name of form's id. Then when form.submit() is called, this is passed along in place of the submit button. However, this solution seems very ungraceful to me and so I am wondering whether I should: a) Use an alternative method to detect which form has been submitted which doesn't rely rely on passing the submit button. If so what alternative is there? Obviously, just having an extra hidden field from the start isn't any better. b) Use an alternative Javascript solution which allows me to retain my non-Javascript design. For example, is there an alternative to form.submit() which allows me to pass in extra data? c) Suck it up and just insert a hidden field using Javascript.

    Read the article

  • ASP Dot Net : How to repeat HTML parts with minor differences on a page?

    - by tinky05
    It's a really simple problem. I've got HTML code like this : <div> <img src="image1.jpg" alt="test1" /> </div> <div> <img src="image2.jpg" alt="test2" /> </div> <div> <img src="image3.jpg" alt="test3" /> </div> etc... The data is comming from a DB (image name, alt text). In JAVA, I would do something like : save the info in array in the back end. For the presentation I would loop through it with JSTL : <c:foeach items="${data}" var="${item}> <div> <img src="${item.image}" alt="${item.alt}" /> </div> </c:foreach> What's the best practice in ASP.net I just don't want to create a string with HTML code in it in the "code behind", it's ugly IMO.

    Read the article

  • Writing a custom iterator -- what to do if you're at the end of the array?

    - by Goose Bumper
    I'm writing a custom iterator for a Matrix class, and I want to implement the increment method, which gets called when the iterator is incremented: void MatrixIterator::increment() { // go to the next element } Suppose the iterator has been incremented too many times and now points to past the end of the matrix (i.e. past the one-past-the-end point). What is the best practice for this situation? Should I catch this with an assert, or should I just say it's the user's responsibility to keep track of where the iterator is pointing and it's none of my business?

    Read the article

  • How do you handle passwords or credentials for standalone applications?

    - by Abel Morelos
    Let's say that you have a standalone application (a Java application in my case) and that this application has a configuration file (a XML file in my case) where you store the credentials (user and password) for a bunch of databases you need to connect. Everything works great, but now you discover (or your are given a new requirement like me) that you have to put this application in a different server and that you can't have these credentials in the configuration files because of security and/or compliance considerations. I'm considering to use data sources hosted in the application server (a WAS server), but I think this could have poor performance and maybe it's not the best approach since I'm connecting from a standalone application. I was also considering to use some sort of encryption, but I would like to keep things as simple as possible. How would you handle this case? Where would you put these credentials or protect them from being compromised? Or how would you connect to your databases in this scenario?

    Read the article

  • WCF Best Practice for "Overloaded" methods

    - by Nate Bross
    What is the best practice for emulating overloaded methods over WCF? Typically I might write an interface like this interface IInterface { MyType ReadMyType(int id); IEnumerable<MyType> ReadMyType(String name); IEnumerable<MyType> ReadMyType(String name, int maxResults); } What would this interface look like after you converted it to WCF?

    Read the article

  • Invoicing vs Quoting or Estimating

    - by FreshCode
    If invoices can be voided, should they be used as quotations? I have an Invoices tables that is created from inventory associated with a Job or Order. I could have a Quotes table as a halfway-house between inventory and invoices, but it feels like I would have duplicate data structures and logic just to handle an "Is this a quote?" bit. From a business perspective, quotes are different from invoices: a quote is sent prior to an undertaking and an invoice is sent once it is complete and payment is due, but how to represent this in my repository and model. What is an elegant way to store and manage quotes & invoices in a database? Edit: indicated Job === Order for this particular instance.

    Read the article

  • distributing R package with optional S4 syntax sugar

    - by mariotomo
    I've written a small package for logging, I'm distributing it through r-forge, recently I received some very interesting feedback on how to make it easier to use, but this functionality is based on stuff (setRefClass) that was added to R in 2.12. I'd like to keep distributing the package also for R-2.9, so I'm looking for a way to include or exclude the S4 syntactical sugar automatically, and include it when the library is loaded on a R = 2.12 system. one other option I see, that is to write a small S4 package that needs 2.12, imports the simpler logging package and exports the syntactically sugared interface... I don't like it too much, as I'd need to choose a different name for the S4 package.

    Read the article

  • Is a "Confirm Email" input good practice when user changes email address?

    - by dibson
    My organization has a form to allow users to update their email address with us. It's suggested that we have two input boxes for email: the second as an email confirmation. I always copy/paste my email address when faced with the confirmation. I'm assuming most of our users are not so savvy. Regardless, is this considered a good practice? I can't stand it personally, but I also realize it probably isn't meant for me. If someone screws up their email, they can't login, and they must call to sort things out.

    Read the article

  • Multiple Actions (Forms) on one Page - How not to lose master data, after editing detail data?

    - by nWorx
    Hello all, I've got a form where users can edit members of a group. So they have the possibilty to add members or remove existing members. So the Url goes like ".../Group/Edit/4" Where 4 is the id of the group. the view looks like this <% using (Html.BeginForm("AddUser", "Group")) %> <%{%> <label for="newUser">User</label> <%=Html.TextBox("username")%> <input type="submit" value="Add"/> </div> <%}%> <% using (Html.BeginForm("RemoveUser", "Group")) %> <%{%> <div class="inputItem"> <label for="groupMember">Bestehende Mitglieder</label> <%= Html.ListBox("groupMember", from g in Model.GetMembers() select new SelectListItem(){Text = g}) %> <input type="submit" value="Remove" /> </div> <%}%> The problem is that after adding or removing one user i lose the id of the group. What is the best solution for solving this kind of problem? Should I use hidden fields to save the group id? Thanks in advance.

    Read the article

  • Efficiently Serving Dynamic Content in Google App Engine

    - by awegawef
    My app on google app engine returns content items (just text) and comments on them. It works like this (pseudo-ish code): query: get keys of latest content #query to datastore for each item in content if item_dict in memcache: use item_dict else: build_item_dict(item) #by fetching from datastore store item_dict in memcache send all item_dicts to template Sorry if the code isn't understandable. I get all of the content dictionaries and send them to the template, which uses them to create the webpage. My problem is that if the memcache has expired, for each item I want to display, I have to (1) lookup item in memcache, (2) since no memcache exists I must fetch item from the datastore, and (3) store the item in memcache. These calls build up quickly. I don't set an expire time for the entries to the memcache, so this really only happens once in the morning, but the webpage takes long enough to load (~1 sec) that the browser reports it as not existing. Regularly, my webpages take about 50ms to load. This approach works decently for frequent visits, but it has its flaws as shown above. How can I remedy this? The entries are dynamic enough that I don't think it would be in my best interest to cache my initial request. Thanks in advance

    Read the article

  • Passing objects by reference or not in C#

    - by Piku
    Suppose I have a class like this: public class ThingManager { List<SomeClass> ItemList; public void AddToList (SomeClass Item) { ItemList.Add(Item); } public void ProcessListItems() { // go through list one item at a time, get item from list, // modify item according to class' purpose } } Assume "SomeClass" is a fairly large class containing methods and members that are quite complex (List<s and arrays, for example) and that there may be a large quantity of them, so not copying vast amounts of data around the program is important. Should the "AddToList" method have "ref" in it or not? And why? It's like trying to learn pointers in C all over again ;-) (which is probably why I am getting confused, I'm trying to relate these to pointers. In C it'd be "SomeClass *Item" and a list of "SomeClass *" variables)

    Read the article

  • Should I use IDisposable for purely managed resources?

    - by John Gietzen
    Here is the scenario: I have an object called a Transaction that needs to make sure that only one entity has permission to edit it at any given time. In order to facilitate a long-lived lock, I have the class generating a token object that can be used to make the edits. You would use it like this: var transaction = new Transaction(); using (var tlock = transaction.Lock()) { transaction.Update(data, tlock); } Now, I want the TransactionLock class to implement IDisposable so that its usage can be clear. But, I don't have any unmanaged resources to dispose. however, the TransctionLock object itself is a sort of "unmanaged resource" in the sense that the CLR doesn't know how to properly finalize it. All of this would be fine and dandy, I would just use IDisposable and be done with it. However, my issue comes when I try to do this in the finalizer: ~TransactionLock() { this.Dispose(false); } I want the finalizer to release the transaction from the lock, if possible. How, in the finalizer, do I detect if the parent transaction (this.transaction) has already been finalized? Is there a better pattern I should be using? The Transaction class looks something like this: public sealed class Transaction { private readonly object lockMutex = new object(); private TransactionLock currentLock; public TransactionLock Lock() { lock (this.lockMutex) { if (this.currentLock != null) throw new InvalidOperationException(/* ... */); this.currentLock = new TransactionLock(this); return this.currentLock; } } public void Update(object data, TransactionLock tlock) { lock (this.lockMutex) { this.ValidateLock(tlock); // ... } } internal void ValidateLock(TransactionLock tlock) { if (this.currentLock == null) throw new InvalidOperationException(/* ... */); if (this.currentLock != tlock) throw new InvalidOperationException(/* ... */); } internal void Unlock(TransactionLock tlock) { lock (this.lockMutex) { this.ValidateLock(tlock); this.currentLock = null; } } }

    Read the article

< Previous Page | 183 184 185 186 187 188 189 190 191 192 193 194  | Next Page >