Search Results

Search found 8253 results on 331 pages for 'secure coding'.

Page 225/331 | < Previous Page | 221 222 223 224 225 226 227 228 229 230 231 232  | Next Page >

• Yahoo account remains open after using openID to login.why?

  - by hd

  hi i have added openid login with Yahoo! and Google in my site. it is ok and works fine. when users select for example Yahoo! to login to my site, they will be logged in in their yahoo mail account too. i think it is not secure because maybe they don't notice to this issue and leave computer while their email account is availble. what do you think about this and what is your solution for your own sites? as i notice the same story is for stackoverflow.com.

  Read the article

• Payment Gateway Question

  - by Sphynx

  Hi, My question is not exactly about coding, and I'm not sure if I can ask it here. Nevertheless, it's somewhat related to the payment integration process. I'm going to establish a service, and deliver it through a website. When you accept payments through PayPal, they display your actual name to every client, and I'm not that comfortable with such lack of privacy. Is there any way around that? Perhaps an alternative payment gateway that doesn't display your personal info to everyone? Any suggestions welcome! Thanks

  Read the article

• What is the best way of retrieving a specific post in Wordpress?

  - by Steven

  I need to retrieve a specific post to display on my websites front page. To avoid hard coding the post ID, I've added a custom property where I add the post ID. The following code displays the wanted post: (The code is within the LOOP) // Get content from specific post (in this case, Åpningstider post)) $openingHoursID = get_post_meta($post->ID, "apningstider", true); if (!empty($openingHoursID)) { $openingHoursPost = get_post($openingHoursID); $openingHours = $openingHoursPost->post_content; } else $openingHours = "Åpningstid ikke angitt"; <div class="openinghours"><?php echo $openingHours; ?></div> Is there a better / easier way? The output is striped for HTML. How can I maintain HTML?

  Read the article

• Does replacing statements by expressions using the C++ comma operator could allow more compiler opti

  - by Gabriel Cuvillier

  The C++ comma operator is used to chain individual expressions, yielding the value of the last executed expression as the result. For example the skeleton code (6 statements, 6 expressions): step1; step2; if (condition) step3; return step4; else return step5; May be rewritten to: (1 statement, 6 expressions) return step1, step2, condition? step3, step4 : step5; I noticed that it is not possible to perform step-by-step debugging of such code, as the expression chain seems to be executed as a whole. Does it means that the compiler is able to perform special optimizations which are not possible with the traditional statement approach (specially if the steps are const or inline)? Note: I'm not talking about the coding style merit of that way of expressing sequence of expressions! Just about the possible optimisations allowed by replacing statements by expressions.

  Read the article

• Security approach in web application

  - by meep

  Hello everyone. I am designing a web application in ASP.NET / C# where each registered user has the ability to add/modify/delete rows based on their user-id. Take this example: I am going to edit my route on the page /route.aspx?routeid=854 which belongs to me (user-id: 1). But because I am a curious guy I try to access /route.aspx?routeid=855 which belongs to another user (user-id: 2). How can I best avoid people from accessing other peoples data? Should I send each user id (from session) with each database-call, should I validate user/password on every page load or what is the best and most secure approach? I hope I made this clear enough.

  Read the article

• Table View Page Control Code

  - by PerwyL

  Hi Everyone this is what i want to achieve 1) Have a page control that allows user to do a swipe to 6 different pages 2) each page is a table view controller 3) everything is done via code NOT IB The tutorials that are i find either use VIEW CONTROLLER or is done via IB. I am not very good with IB and prefer to have everything done via coding. I have a TableViewController.h and TableViewController.m When the user navigate to the TableViewController view, my application will display a table view (filled with some information), when the user swip to the next page, another page (table view) will appear with another set of information... I am very new to objective-c and iphone programing...can some one pls guide me on how to achieve the above or is there another way to doing things? oh yar....i have a tab bar controller as my root controller...and for one of the tab (tab A) i have a navigation controller and my TableViewControllers falls inside tab A. THANKS IN ADVANCE!!!

  Read the article

• What good software or scripts are available for managing users and subscriptions on our website?

  - by undefined

  hi all, Ok so it's not exactly a programing question but does anyone know or have experience with looking for a system for managing users on a website we are building? what is the shortlist of good feature rich secure solutions. we need Php and mysql integration and payment support for main credit cards. We will also want to be able to track users and generate reports about usage, subscription etc, create and send batch emails etc. It would also be great to have the ability to integrate customer support with this so we can view support tickets raised by users. cheers we are running PHP, mysql on an IIS server

  Read the article

• Shipping jar with default .properties file configurations

  - by Maxim Veksler

  Hello, I would like to include a default default.properties file in my .jar library. The idea is to allow the user to override my default is he so desires. I'm having trouble getting the classloader to play nicely with this setup, I've tried to look a at popular jars such as log4j, common-* and others and it seems that no one is implementing this idea. Am I going the wrong way? The second best thing is hard coding the values, and using the default if no .properties key has been found, but this sound oh so wrong. Suggestions?

  Read the article

• Do the UI first with SketchFlow - Do I concern about the UI look?

  - by stacker

  There is no questions: UI-First Software Development. But what does it takes to do the UI first? I started to build a website, a complicated one, and know I start to concern about the UI. Instead to start coding html+css, I decided to start with SkecthFlow. now, I'm very confused. Do I want to build a exact sketch? meaning to think about colors, fonts make sure that the button will look like a web link... etc, or just build the application sketch flow? meaning put a textboxes and buttons. Do I need to implement every thing in SketchFlow first? I'm looking for best practice.

  Read the article

• Exception of Binding form data to object

  - by Captain Kidd

  I'm practising Spring MVC.But fail to populate command object in Controller when I use spring standard tag. For example: "form:input path="password"" But I perfectly do this with HTML standard tag. Like: "input type="text" name="password"" I wonder the way how to use Spring tag binding data. In addition, I think configuration and coding is right in my sample. protected ModelAndView onSubmit(HttpServletRequest request, HttpServletResponse response, Object command, BindException errors) throws Exception { UserFormBean b = (UserFormBean)command; System.out.println("s"); return super.onSubmit(request, response, command, errors); } <form:form commandName="command" action="/SpringFrame/register.html"> <form:input path="password"/> <!-- <input type="text" name="password"/> --> <input type="submit"/> </form:form>

  Read the article

• Converting a navbar to a tabbar app

  - by Nick

  Hey guys, I was wondering how to convert a NavigationController style app into a TabBarcontroller style app. I changed my mainwindow to not contain a navigationcontroller anymore (but a tabbarcontroller instead) and my delegate also appropiatly, but when I launch the app something still thinks I want a navigationController: Terminating app due to uncaught exception 'NSUnknownKeyException', reason: '[ setValue:forUndefinedKey:]: this class is not key value coding-compliant for the key navigationController.' Stack trace: #0 0x020fa004 in ___TERMINATING_DUE_TO_UNCAUGHT_EXCEPTION___ #1 0x96fc0509 in objc_exception_throw #2 0x020ee1c1 in -[NSException raise] #3 0x000d8a78 in _NSSetUsingKeyValueSetter #4 0x000d84c5 in -[NSObject(NSKeyValueCoding) setValue:forKey:] #5 0x004fb4c8 in -[UIRuntimeOutletConnection connect] #6 0x020af92f in -[NSArray makeObjectsPerformSelector:] #7 0x004f9f7f in -[UINib instantiateWithOptions:owner:loadingResourcesFromBundle:] #8 0x004fbfcb in -[NSBundle(NSBundleAdditions) loadNibNamed:owner:options:] #9 0x0033b0a6 in -[UIApplication _loadMainNibFile] #10 0x0034482a in -[UIApplication _runWithURL:sourceBundleID:] #11 0x00341b88 in -[UIApplication handleEvent:withNewEvent:] #12 0x0033d6d3 in -[UIApplication sendEvent:] #13 0x003440b5 in _UIApplicationHandleEvent #14 0x0265aed1 in PurpleEventCallback #15 0x02092b80 in CFRunLoopRunSpecific #16 0x02091c48 in CFRunLoopRunInMode #17 0x0033be69 in -[UIApplication _run] #18 0x00345003 in UIApplicationMain #19 0x00002ec8 in main at main.m:14 Where can I specify the app is a tabbarcontrolled app, instead of a navigationbarcontrolled app? Thanks in advance,

  Read the article

• Not getting redirection to custom error page using custom errors - ASP.Net

  - by weevie

  Here's my Application_OnError event sink in global.asax.vb: Sub Application_OnError(ByVal sender As Object, ByVal e As EventArgs) Dim innerMostException As Exception = getInnerMostException(Me.Context.Error) If TypeOf innerMostException Is AccessDeniedException Then Security.LogAccessDeniedOccurrence(DirectCast(innerMostException, AccessDeniedException)) Dim fourOhThree As Integer = DirectCast(HttpStatusCode.Forbidden, Integer) Throw New HttpException(fourOhThree, innerMostException.Message, innerMostException) End If End Sub You'll see that if we've got an innermost Exception of type AccessDeniedException we throw a new HTTPExcpetion with a status code of 403 AKA 'forbidden' Here's the relevant web.config entry: <customErrors defaultRedirect="~/Application/ServerError.aspx" mode="On"> <error statusCode="403" redirect="~/Secure/AccessDenied.aspx" /> </customErrors> So what we're expecting is a redirect to the AccessDenied.aspx page. What we get is a redirect to the ServerError.aspx page. We've also tried this: Sub Application_OnError(ByVal sender As Object, ByVal e As EventArgs) Dim innerMostException As Exception = getInnerMostException(Me.Context.Error) If TypeOf innerMostException Is AccessDeniedException Then Security.LogAccessDeniedOccurrence(DirectCast(innerMostException, AccessDeniedException)) Context.Response.StatusCode = DirectCast(HttpStatusCode.Forbidden, Integer) End If End Sub Which unsuprisingly doesn't work either. Any ideas what we're doing wrong?

  Read the article

• Is php fileinfo sufficient to prevent upload of malicious files?

  - by Scarface

  Hey guys, I have searched around a bit, and have not really found a professional type response to how to have secure fileupload capability so I wanted to get the opinion of some of the experts on this site. I am currently allowing upload of mp3s and images, and while I am pretty confident in preventing xss and injection attacks on my site, I am not really familiar with fileupload security. I basically just use php fileinfo and check an array of accepted filetypes against the filetype. For images, there is the getimagesize function and some additional checks. As far as storing them, I just have a folder within my directory, because I want the users to be able to use the files. If anyone could give me some tips I would really appreciate it.

  Read the article

• What guides or standards do you use for version control in your team ?

  - by PaulHurleyuk

  I'm starting to do a small amount of development within my company. I'm intending to use Git for version control, and I'm interested to see what guidelines or standards people are using around version in their groups, similar to coding standards are often written within the group for the group. I'm assuming there will be things like; Commit often (at least every day/week/meeting etc) Release builds are always made from the master branch Prior to release, a new branch will be created for Testing and tagged as such. only bug fixes from this point onwards. The final release of this will be tagged as such and the bug fixes merged back into the trunk Each developer will have a public repo New features should get their own branch Obviously a lot of this will depend on what cvs you're using and how you've structured it. Similar Questions; http://stackoverflow.com/questions/273695/git-branch-naming-best-practices http://stackoverflow.com/questions/2006265/is-there-an-standard-naming-convention-for-git-tags

  Read the article

• Is there a design pattern for injecting methods into a class?

  - by glenn I.

  I have a set of classes that work together (I'm coding in javascript). There is one parent class and a number of child classes that are instantiated by the parent class. I have a number of clients of these classes that each need to add on one more methods to the parent or child classes. Rather than having each client inherit from these classes, which is doable but messy because of the child classes, I am having these clients pass functions into the parent class when they instantiate the main class. The main class creates the methods dynamically and the clients can call the methods like they were there all along. My questions are: is this a sensible thing to do? what would the design pattern be for what I am doing?

  Read the article

• Typecasting a floating value or using the math.h floor* functions?

  - by nobody

  Hi, I am coding up an implementation of Interpolation Search in C. The question is actually rather simple, I need to use the floating operations to do linear interpolation to find the correct index which will eventually be an integer result. In particular my probe index is: t = i + floor((((k-low)/(high-low)) * (j-i))); where, i,j,k,t are unsigned ints, and high,low are doubles. Would this be equivalent to: t = i + (unsigned int)(((k-low)/(high-low)) * (j-i)); Is there any reason I would actually want to use math.h floor* functions over just a simple (int) typecast?

  Read the article

• const read only local copies

  - by robUK

  Hello gcc 4.4.4 c89 I am just wondering is it worth passing a const into a function. i.e. void do_something(const char *dest, const int size) The size is a read-only so I don't want to change it. However, some developers never have this as const has it is a local copy that is being used. The pointer is const as you can change the value in the calling routine. I always have a const on read-only local copies, as it confirms to anyone reading my code that it is a read-only variable. And also, when coding I don't make the mistake of changing it without realizing. Many thanks for any suggestions,

  Read the article

• StringBuilder/StringBuffer vs. "+" Operator

  - by matt.seil

  I'm reading "Better, Faster, Lighter Java" (by Bruce Tate and Justin Gehtland) and am familiar with the readability requirements in agile type teams, such as what Robert Martin discusses in his clean coding books. On the team I'm on now, I've been told explicitly not to use the "+" operator because it creates extra (and unnecessary) string objects during runtime. But this article: http://www.ibm.com/developerworks/java/library/j-jtp01274.html Written back in '04 talks about how object allocation is about 10 machine instructions. (essentially free) It also talks about how the GC also helps to reduce costs in this environment. What is the actual performance tradeoffs between using "+," "StringBuilder," or "StringBuffer?" (In my case it is StringBuffer only as we are limited to Java 1.4.2.) StringBuffer to me results in ugly, less readable code, as a couple of examples in Tate's book demonstrates. And StringBuffer is thread-synchronized which seems to have its own costs that outweigh the "danger" in using the "+" operator. Thoughts/Opinions?

  Read the article

• How to build Object Oriented Skills?

  - by cedar715

  Being a core developer for couple of years, coding applications seeing the class diagrams, sequence diagrams, I decided to improve my self, taking the next step of designing. As I'm an OO developer, I'm interested in improving my design skills. For Example, I had a hard time designing a currency converter. My questions to the SO: Is it by experience the design skills can be acquired? Will learning books/blog/material over internet etc help? Is it that one needs the domain knowledge of the application being developed? Knowing Design patterns, principles? Studying 'Code Complete' book ? Need to have Problem-solving skills? In short, given a problem, I just want to solve it in Object-oriented way??

  Read the article

• Looking for a safe, portable password-storage method

  - by Maciek

  Hello, I'm working on C++ project that is supposed to run on both Win32 and Linux, the software is to be deployed to small computers, usually working in remote locations. Recently, our client has requested that we introduce access control via password protection. We are to meet the following criteria : Support remote login Support remote password change Support remote password retrieval Support data retrieval on accidental/purposeful deletion Support secure storage I'm capable of meeting the "remote" requirements using an existing library, however what I do need to consider is a method of storing this data, preferably in a way that will work on both platforms and will not let the user see it/read it, encryption is not the issue here - it's the storage method itself. Can anyone recommend a sage storage method that could help me meet those criteria?

  Read the article

• New/strange Java "try()" syntax?

  - by Ali

  While messing around with the custom formatting options in Eclipse, in one of the sample pieces of code, I say code as follows: /** * 'try-with-resources' */ class Example { void foo() { try (FileReader reader1 = new FileReader("file1"); FileReader reader2 = new FileReader("file2")) { } } } I've never seen try used like this and I've been coding in Java for 9 years! Does any one know why you would do this? What is a possible use-case / benefit of doing this? An other pieces of code I saw, I thought was a very useful shorthand so I'm sharing it here as well, it's pretty obvious what it does: /** * 'multi-catch' */ class Example { void foo() { try { } catch (IllegalArgumentException | NullPointerException | ClassCastException e) { e.printStackTrace(); } } }

  Read the article

• Dot Net Nuke app_offline randomly being generated

  - by chelfers

  We have had multiple DNN sites running for quite a few months now without any issues. Twice in the last 3 days our sites have gone offline by the addition of the app_offline.htm file in the root dir. There is only one developer with access to the sites at a coding / directory viewing level and the file is generated at weird times times when he is NOT accessing our network. We are not publishing anything to the server ( and have not published any .net code in days ), upgrading, changing code, or even modifying content. Has anyone run into this issue?

  Read the article

• hash password in SQL Server (asp.net)

  - by ile

  Is this how hashed password stored in SQL Server should look like? This is function I use to hash password (I found it in some tutorial) public string EncryptPassword(string password) { //we use codepage 1252 because that is what sql server uses byte[] pwdBytes = Encoding.GetEncoding(1252).GetBytes(password); byte[] hashBytes = System.Security.Cryptography.MD5.Create().ComputeHash(pwdBytes); return Encoding.GetEncoding(1252).GetString(hashBytes); } EDIT I tried to use sha-1 and now strings seem to look like as they are suppose to: public string EncryptPassword(string password) { return FormsAuthentication.HashPasswordForStoringInConfigFile(password, "sha1"); } // example output: 39A43BDB7827112409EFED3473F804E9E01DB4A8 Result from the image above looks like broken string, but this sha-1 looks normal.... Will this be secure enough?

  Read the article

• PHP Sessions - Locking and Sharing questions

  - by Nuno Peralta

  Hi, I would like to know if it is possible to read $_SESSION attributes without locking it. Currently, session_start() locks SESSION, that means other PHP processes will wait until it is unlocked. But, some processes just want to get some $_SESSION variables, not to write on them. Is that possible to implement some function like session_get(string $id) which doesn't lock SESSION? Also, it is possible to share SESSIONs between browsers, once the user is logged in the same account, for example, using session_id('shared_vars_of_'.$userid). But, is that secure? Is this discouraged? Thanks, Nuno

  Read the article

• [grails] attaching multiple files to a domain class

  - by Emyr

  I've seen various Grails plugins which allow easier handling of file uploads, however these tend only to support a single file per form-submit. I'd like a multi-attach form where as soon as you pick one file, an extra field and button is added using JS (various sites do it like this). Do you know of any good plugins which provide elegant uploading of multiple files without excessive coding? A progress bar either per-file of for the whole process would also be very nice. I don't know to what extent I can allow GORM to handle a java.io.File field (or in this case a Collection<File>).

  Read the article

< Previous Page | 221 222 223 224 225 226 227 228 229 230 231 232  | Next Page >