Search Results

Search found 15103 results on 605 pages for 'programmers notepad'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 199/605 | < Previous Page | 195 196 197 198 199 200 201 202 203 204 205 206  | Next Page >

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

  • Best/Easiest Technology for a RESTful webservice [closed]

    - by user1751547
    So I'm going to be creating a phone app + website that will need to utilize a web service. Webservices are completely outside my domain so I'm not entirely sure where to start. Does anybody have any suggestions on the technology stack I should use? (mainly in terms of ease of use and reliability) So far what I've looked at are: RoR Python + Django + TastyPie Python + Flask Microsoft WCF 3.5 PHP + some framework I would rather not do anything with Java I'm leaning towards the Python + Django + TastyPie route as it seems like it would be easy to get up and going and learn in general. My only concern with it is the reliability of the libraries (feature breaking updates, abandonment, etc). Also I would prefer to create the website with the same framework so I wouldn't have to deal with learning and using two different ones. Any advice would be helpful, thanks.

    Read the article

  • C-Objective Function

    - by nimbus
    I'm unsure about how to make MWE with C-Obective, so if you need anything else let me know. I am trying running through a tutorial on building an iPhone app and have gotten stuck defining a function. I keep getting an error message saying "use of undeclared indentifer." However I believe I have initiated the function. In the view controller I have: if (scrollAmount > 0) { moveViewUp = YES; [scrollTheView:YES]; } else{ moveViewUp = NO; } with the function under it - (void)scrollTheView:(BOOL)movedUp { [UIView beginAnimations:nil context:NULL]; [UIView setAnimationDuration:0.3]; CGRect rect = self.view.frame; if (movedUp){ rect.origin.y -= scrollAmount; } else { rect.origin.y += scrollAmount; } self.view.frame = rect; [UIView commitAnimations]; } I have initiated the function in the header file (that I have imported). - (void)scrollTheView:(BOOL)movedUp; Any help would be appreciated, thank you in advanced

    Read the article

  • Creating a layer of abstraction over the ORM layer

    - by Daok
    I believe that if you have your repositories use an ORM that it's already enough abstracted from the database. However, where I am working now, someone believe that we should have a layer that abstract the ORM in case that we would like to change the ORM later. Is it really necessary or it's simply a lot of over head to create a layer that will work on many ORM? Edit Just to give more detail: We have POCO class and Entity Class that are mapped with AutoMapper. Entity class are used by the Repository layer. The repository layer then use the additional layer of abstraction to communicate with Entity Framework. The business layer has in no way a direct access to Entity Framework. Even without the additional layer of abstraction over the ORM, this one need to use the service layer that user the repository layer. In both case, the business layer is totally separated from the ORM. The main argument is to be able to change ORM in the future. Since it's really localized inside the Repository layer, to me, it's already well separated and I do not see why an additional layer of abstraction is required to have a "quality" code.

    Read the article

  • Segmentation fault 11 in MacOS X- C++ [migrated]

    - by Marcos Cesar Vargas Magana
    all. I have a "segmentation fault 11" error when I run the following code. The code actually compiles but I get the error at run time. //** Terror.h ** #include <iostream> #include <string> #include <map> using std::map; using std::pair; using std::string; template<typename Tsize> class Terror { public: //Inserts a message in the map. static Tsize insertMessage(const string& message) { mErrorMessages.insert( pair<Tsize, string>(mErrorMessages.size()+1, message) ); return mErrorMessages.size(); } private: static map<Tsize, string> mErrorMessages; } template<typename Tsize> map<Tsize,string> Terror<Tsize>::mErrorMessages; //** error.h ** #include <iostream> #include "Terror.h" typedef unsigned short errorType; typedef Terror<errorType> error; errorType memoryAllocationError=error::insertMessage("ERROR: out of memory."); //** main.cpp ** #include <iostream> #include "error.h" using namespace std; int main() { try { throw error(memoryAllocationError); } catch(error& err) { } } I have kind of debugging the code and the error happens when the message is being inserted in the static map member. An observation is that if I put the line: errorType memoryAllocationError=error::insertMessage("ERROR: out of memory."); inside the "main()" function instead of at global scope, then everything works fine. But I would like to extend the error messages at global scope, not at local scope. The map is defined static so that all instances of "error" share the same error codes and messages. Do you know how can I get this or something similar. Thank you very much.

    Read the article

  • Solution with multiple projects and (GitHub) single issue tracker and repository

    - by Luiz Damim
    I have a Visual Studio solution with multiple projects: Acme.Core Acme.Core.Tests Acme.UI.MvcSite1 Acme.UI.MvcSite2 Acme.UI.WinformsApp1 Acme.UI.WinformsApp2 ... The entire solution is checked-in in a single GitHub (private) repo. Acme.Core contains our business logic and all UI projects are deployables. UI projects have different requirements and features, but some of them are implemented in more than one project. All issues are opened in a single issue tracker and classified using labels ([MvcSite1], [WinformsApp1], etc) but I'm thinking it's starting to get messy. Is it ok to use a single repository and issue tracker to track multiple projects in one solution?

    Read the article

  • Agile bug fixing - what's the preferred process for testing?

    - by Andrew Stephens
    When a bug is fixed, the dev set its status to "resolved" and the bug is reassigned back to the person that created it. In our case this is usually the product owner - we don't have dedicated testers. But what's a good process for controlling how/when the PO tests the software? Should he be given the latest build after each bug is resolved/checked-in? Or what about every morning? Or should he only receive a build at (or close to) the end of the iteration, to include all of that iteration's new functionality and bug fixes? We are using TFS by the way.

    Read the article

  • How to self Motivate technically to put my ideas into execution or just getting a job at MNC like google or microsoft..

    - by Demla Pawan
    I mean, How to self Motivate to get a job at google or create another google in future. ,as there is no mentor who can guide me on this topic, so asked it here: I'm a Graduate in BE IT,but with less grades,with interest in learning new programming languages, but not yet done anything great like developed some system or anything. And I'm left with 2 more years to prove my worth to someone. So,is their a quick guide to start learning a language and then just go on implementing your ideas and it gets appreciated or I get a good Job ant Big MNC's. By the way, I just build one website for my one client and running my wordpress blog. And I had tried my hands on basic of C++,Java,JS,JSP,PHP,Ubuntu,web designing in past.

    Read the article

  • Thoughts and comments on Search Neutrality?

    - by SprocketGizmo
    Following the cases brought forward by Foundem, Ciao!, and eJustice.fr what are your thoughts on Search Neutrality? Should search engines be regulated by the FCC or FTC similarly to the way the FCC is pushing to regulate Net Neutrality? Relevant Articles: Op-Ed to the New York Times from the founder of Foundem Excerpt from Book on Search/Net Neutrality Blog discussing preceding link. Site founded by Foundem to promote Search Neutrality awareness.

    Read the article

  • Got a contract to hire offer

    - by user23838
    I just got a contract to hire position with a local company. They are paying 28/hour. I just graduated from college. They said they will take me in full-time after 6 months. Should I ask for more money? I wanted somewhere between 60-70k. But this offer has no benefits, no paid holidays. They said they hired couple of entry level people for the same amount of money. So, they want to keep the rate the same. Should I negotiate with the recruiter harder? Thanks

    Read the article

  • How to translate formulas into form of natural language?

    - by Ricky
    I am recently working on a project aiming at evaluating whether an android app crashes or not. The evaluation process is 1.Collect the logs(which record the execution process of an app). 2.Generate formulas to predict the result (formulas is generated by GP) 3.Evaluate the logs by formulas Now I can produce formulas, but for convenience for users, I want to translate formulas into form of natural language and tell users why crash happened.(I think it looks like "inverse natural language processing".) To explain the idea more clearly, imagine you got a formula like this: 155 - count(onKeyDown) >= 148 It's obvious that if count(onKeyDown) 7, the result of "155 - count(onKeyDown) = 148" is false, so the log contains more than 7 onKeyDown event would be predicted "Failed". I want to show users that if onKeyDown event appears more than 7 times(155-148=7), this app will crash. However, the real formula is much more complicated, such as: (< !( ( SUM( {Att[17]}, Event[5]) <= MAX( {Att[7]}, Att[0] >= Att[11]) OR SUM( {Att[17]}, Event[5]) > MIN( {Att[12]}, 734 > Att[19]) ) OR count(Event[5]) != 1 ) > (< count(Att[4] = Att[3]) >= count(702 != Att[8]) + 348 / SUM( {Att[13]}, 641 < Att[12]) mod 587 - SUM( {Att[13]}, Att[10] < Att[15]) mod MAX( {Att[13]}, Event[2]) + 384 > count(Event[10]) != 1)) I tried to implement this function by C++, but it's quite difficult, here's the snippet of code I am working right now. Does anyone knows how to implement this function quickly?(maybe by some tools or research findings?)Any idea is welcomed: ) Thanks in advance.

    Read the article

  • Secure Store Service Application not available in SharePoint 2010 Standard

    - by Haseeb Akhtar
    We have migrated from SharePoint 2010 foundation to SharePoint 2010 standard. Now, the problem is we are looking for Secure Store Service on 'Services on Server' page in Central Administration, but we didn't see it. We have another server where SharePoint 2010 standard is installed and there we can see Secure Store Service available. Please let me know what needs to be done for the same. Thanks in Advance

    Read the article

  • What is the most performant CSS property for transitioning an element?

    - by Ian Kuca
    I'm wondering whether there is a performance difference between using different CSS properties to translate an element. Some properties fit different situations differently. You can translate an element with following properties: transform, top/left/right/bottom and margin-top/left/right/bottom In the case where you do not utilize the transition CSS property for the translation but use some form of a timer (setTimeout, requestAnimationFrame or setImmediate) or raw events, which is the most performant–which is going to make for higher FPS rates?

    Read the article

  • Are there programming languages that allow you to do set arithmetic on types?

    - by Will Brown
    Out of curiosity, are there languages that allow you to do set arithmetic on types to create new types? Something like: interface A { void a(); void b(); } interface B { void b(); void c(); } interface C = A & B; // has b() interface D = A | B; // has a(), b() and c() interface E = (A & B) ^ B; // has c() I know that in some languages these ideas can be expressed (i.e., Java has List<Comparable & Serializable> for the union of the interfaces) but I've never heard of a language that supports type arithmetic. Thanks!

    Read the article

  • [YYYY].[MM].[DD].[hh][mm] vs. [major].[minor].[revision] [closed]

    - by ef2011
    Possible Duplicate: What “version naming convention” do you use? I am currently debating between the traditional versioning convention [major].[minor].[revision] and my own, almost whimsical, [YYYY].[MM].[DD].[hh][mm] for a new project I am starting. I understand that [major].[minor].[revision] is probably the most popular versioning method on the planet and it is indeed pretty straightforward and reasonable, except that determining which changes merit the label "major", "minor" or even "revision" could be... subjective. A versioning system based on a timestamp is purely non-subjective and guarantees uniqueness. Which one would you choose for your project and why?

    Read the article

  • What are some easy techniques to scan books for new information?

    - by aditya menon
    I find it irresistible to keep purchasing cheap programming and technical e-books in fields such as Drupal, PHP, etc., and also compulsively download free material made available such as those from Microsoft's developer blog... The main problem with the large library I've developed is that there are many chapters (especially the first few) in these books packed with information I already know, but with helpful tidbits hidden in between. The logical step would be to skip those chapters and read the ones I don't seem to know anything about, but I'm afraid I may lose out on really important information this way. But naturally it is tedious to have to read about variables, functions and objects all over again when you are trying to know more about the Registry pattern, for example. It's hard to research on the net for this, because my question itself seems vague and difficult to formulate into a single search query. I need people-advice - what do you do in this situation?

    Read the article

  • At what point would you drop some of your principles of software development for the sake of more money?

    - by MeshMan
    I'd like to throw this question out there to interestingly see where the medium is. I'm going to admit that in my last 12 months, I picked up TDD and a lot of the Agile values in software development. I was so overwhelmed with how much better my development of software became that I would never drop them out of principle. Until...I was offered a contracting role that doubled my take home pay for the year. The company I joined didn't follow any specific methodology, the team hadn't heard of anything like code smells, SOLID, etc., and I certainly wasn't going to get away with spending time doing TDD if the team had never even seen unit testing in practice. Am I a sell out? No, not completely... Code will always been written "cleanly" (as per Uncle Bob's teachings) and the principles of SOLID will always be applied to the code that I write as they are needed. Testing was dropped for me though, the company couldn't afford to have such a unknown handed to the team who quite frankly, even I did create test frameworks, they would never use/maintain the test framework correctly. Using that as an example, what point would you say a developer should never drop his craftsmanship principles for the sake of money/other benefits to them personally? I understand that this can be a very personal opinion on how concerned one is to their own needs, business needs, and the sake of craftsmanship etc. But one can consider that for example testing can be dropped if the company decided they would rather have a test team, than rather understand unit testing in programming, would that be something you could forgive yourself for like I did? So given that there is something you would drop, there usually should be an equal cost in the business that makes up for what you drop - hopefully, unless of course you are pretty much out for lining your own pockets and not community/social collaborating ;). Double your money, go back to RAD? Or walk on, and look for someone doing Agile, and never look back...

    Read the article

  • Learning Python from Beginner to Advanced level

    - by Christofer Bogaso
    I have some problems in my hand and would like to resolve them by myself (rather than hiring some professional, obviously due to cash problem!): build a really good website (planning to set-up my own start-up). build some good software (preferrably with exe installation files) on many mathematical and statistical techniques. To accomplish those tasks, is it worth to learn Python in advance level? I have advanced programming experiences with R and Matlab and VBA (and some sort of C), however not anything on Python. Be very grateful if experts put some guidance here. Thanks for your time.

    Read the article

  • Software development life cycle in the industry

    - by jiewmeng
    I am taking a module called "Requirements Analysis & Design" in a local university. Common module, I'd say (on software development life cycle (SDLC) and UML). But there is a lot of things I wonder if they are actually (strictly) practiced in the industry. For example, will a domain class diagram, an not anything extra (from design class), be strictly the output from Analysis or Discovery phase? I'm sure many times you will think a bit about the technical implementation too? Else you might end up with a design class diagram later that is very different from the original domain class diagram? I also find it hard to remember what diagrams are from Initiation, Discovery, Design etc etc. Plus these phases vary from SDLC to SDLC, I believe? So I usually will create a diagram when I think will be useful. Is it the wrong way?

    Read the article

  • Referring to hardware/software in first-person? [closed]

    - by JYelton
    At my company, there is a habit for the engineers to refer to their respective hardware/firmware/software in the first-person as if the device they are responsible for is a manifestation of themselves. I'll give you an example: Hardware Engineer: "I don't receive the first byte, so I stay off." Software Engineer: "I'm sending you the first byte after the ack flag, so I thought you were getting it." Hardware Engineer: "No, you're not turning me on." It was this very example I overheard today that nearly had me giggling in fits. "You're not turning me on." Well, I should hope not! So, is it common practice for engineers to do this, or simply unprofessional? Any suggestions for changing this apparently bad habit?

    Read the article

  • What version control system can manage all aspects?

    - by Andy Canfield
    A few months ago I dug into Subversion and GIT and was disappointed. They handle SOURCE CODE fine but not other aspects. For example, a web site under version control needs to manage file/directory ownership, file/directory read & write access, Access Control Lists, timestamps, database contents. and external links. Is there a version control system that can do as perfect a reversion as reloading from a month-old backup?

    Read the article

  • On-the-fly graphical representation of code

    - by dukeofgaming
    I know about Omondo's plugin for live code-UML synchronization in Eclipse, but I was wondering if there was any other tool/IDE/IDE-extension that has some form of live graphical code representaiton (structural, flow, call-stacks, dependencies, etc.). I'm essentially looking for richer visual feedback on code while programming, not really looking for purely graphical code editors, though round-trips would be nice (edit graphically, code gets modified; edit code, representation gets modified). If you don't know about any graphical live documentation tool for code, maybe someone that can coexist with code, such as MySQL Workbench or Enterprise Architect.

    Read the article

  • moore's law and quadratic algorithm

    - by damon
    I was going thru a video (from coursera - by sedgewick) in which he argues that you cannot sustain Moore's law using a quadratic algorithm.He elaborates like this In year 197* you build a computer of power X ,and need to count N objects.This takes M days According to Moore's law,you have a computer of power 2X after 1.5 years.But now you have 2N objects to count. If you use a quadratic algorithm, In year 197*+1.5 ,it takes (4M)/2 = 2M days 4M because the algorithm is quadratic,and division by 2 because of doubling computer power. I find this hard to understand.I tried to work thru this as below To count N objects using comp=X , it takes M days. -> N/X = M After 1.5 yrs ,you need to count 2N objects using comp=2X -> 2N/(2X) -> N/X -> M days where do I go wrong? can someone please help me understand?

    Read the article

  • Applications affected by memory performance

    - by robotron
    I'm writing a paper on the topic of applications affected more by memory performance than processor performance. I've got a lot written regarding the gap between the two, however I can't seem to find anything about the applications that might be affected more by memory performance than by processor speed. I suppose these are applications that make a large amount of memory references, but I have no idea what kind of applications would make such large number of references to make it stand out? Perhaps databases? Can you please give me any pointers on how to proceed, some links to papers? I'm really stuck.

    Read the article

  • Reuse the data CRUD methods in data access layer, but they are updated too quickly

    - by ValidfroM
    I agree that we should put CRUD methods in a data access layer, However, in my current project I have some issues. It is a legacy system, and there are quite a lot CRUD methods in some concrete manager classes. People including me seem to just add new methods to it, rather than reuse the existing methods. Because We don't know whether the existing method is what we need Even if we have source code, do we really need read other's code then make decision? It is updated too quickly. Do not have time get familiar with the DAO API. Back to the question, how do you solve that in your project? If we say "reuse", it really needs to be reusable rather than just an excuse.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 195 196 197 198 199 200 201 202 203 204 205 206  | Next Page >