Search Results

Search found 97980 results on 3920 pages for 'code security'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 312/3920 | < Previous Page | 308 309 310 311 312 313 314 315 316 317 318 319  | Next Page >

  • Use of LOC to determine project size

    - by acidzombie24
    How many lines of code (LOC) does it take to be considered a large project? How about for just one person writing it? I know this metric is questionable, but there is a significant difference, for a single developer, between 1k and 10k LOC. I typically use space for readability, especially for SQL statements, and I try to reduce the amount of LOC for maintenance purpose to follow as many best practice as i can. For example, I created a unified diff of the code I modified today, and it was over 1k LOC (including comments and blank lines). Is "modified LOC" a better metric? I have ~2k LOC, so it's surprising I modified 1k. I guess rewriting counts as both a deletion and addition which doubles the stats.

    Read the article

  • Algorithm to split an article without breaking the reading flow or HTML code

    - by Victor Stanciu
    Hello, I have a very large database of articles, of varying lengths. The articles have HTML elements in them. I have to insert some ads (simple <script> elements) in the body of each article when it is displayed (I know, I hate ads that interrupt my reading too). Now, the problem is that each ad must be inserted at about the same position in each article. The simplest solution is to simply split the article on a fixed number of characters (without breaking words), and insert the ad code. This, however, runs the risk of inserting the ad in the middle of a HTML tag. I could go the regex way, but I was thinking about the following solution, using JS: Establish a character count threshold. For example, "the add should be inserted at about 200 words" Set accepted deviations in each direction, say -20, +20 characters. Loop through each text node inside the article, and while doing so, keep count of the total number of characters so far Once the count exceeds the threshold, make the following decision: 4.1. If count exceeds the threshold by a value lower that the positive accepted deviation (for example, 17 characters), insert the ad code just after the current text node. 4.2. If the count is greater than the sum of the threshold and the deviation, roll back to the previous text node, and make the same decision, only this time use the previous count and check if it's lower than the difference between the threshold and the deviation, and if not, insert the ad between the current node and the previous one. 4.3. If the 4.1 and 4.2 fail (which means that the previous node reached a too low character count and the current node a too high one), insert the ad after whatever character count is needed inside the current element. I know it's convoluted, but it's the first thing out of my mind and it has the advantage that, by trying to insert the ad between text nodes, perhaps it will not break the flow of the article as bad as it would if I would just stick it in (like the final 4.3 case) Here is some pseudo-code I put together, I don't trust my english-explaining skills: threshold = 200 deviation = 20 current_count = 0 for each node in article_nodes { previous_count = current_count current_count = current_count + node.length if current_count < threshold { continue // next interation } if current_count > threshold + deviation { if previous_count < threshdold - deviation { // insert ad in current node } else { // insert ad between the current and previous nodes } } else { // insert ad after the current node } break; } Am I over-complicating stuff, or am I missing a simpler, more elegant solution?

    Read the article

  • Examples of ISO C++ code that is not valid C++/CLI

    - by Johannes Schaub - litb
    I've seen contradictory answers on the internet with regard to whether C++/CLI is a superset of C++ or not. The accepted answer on this question claims that "technically no", but doesn't provide an examples of non-C++/CLI code that conforms to ISO C++. Another answer on that question cites a book that says the opposite. So, can you please provide accurate answers with example code that fails on C++/CLI or cite a trusted source (MSDN for example) on this matter? I had someone this topic come up today and thought I would like to inform myself, but I didn't find any clear answer elsewhere!

    Read the article

  • Resuming execution of code after exception is thrown and caught

    - by dotnetdev
    Hi, How is it possible to resume code execution after an exception is thrown? For exampel, take the following code: namespace ConsoleApplication1 { class Test { public void s() { throw new NotSupportedException(); string @class = "" ; Console.WriteLine(@class); Console.ReadLine(); } } class Program { static void Main(string[] args) { try { new Test().s(); } catch (ArgumentException x) { } catch (Exception ex) { } } } } After catching the exception when stepping through, the program will stop running. How can I still carry on execution? Thanks

    Read the article

  • Explain a block of crazy JS code inside Sizzle(the CSS selector engine)

    - by Andy Li
    So, here is the function for pre-filtering "CHILD": function(match){ if ( match[1] === "nth" ) { // parse equations like 'even', 'odd', '5', '2n', '3n+2', '4n-1', '-n+6' var test = /(-?)(\d*)n((?:\+|-)?\d*)/.exec( match[2] === "even" && "2n" || match[2] === "odd" && "2n+1" || !/\D/.test( match[2] ) && "0n+" + match[2] || match[2]); // calculate the numbers (first)n+(last) including if they are negative match[2] = (test[1] + (test[2] || 1)) - 0; match[3] = test[3] - 0; } // TODO: Move to normal caching system match[0] = done++; return match; } The code is extracted from line 442-458 of sizzle.js. So, why is the line var test = ..., have the exec inputing a boolean? Or is that really a string? Can someone explain it by splitting it into a few more lines of code?

    Read the article

  • require_owner code to limit controller actions not recognizing current user as owner

    - by bgadoci
    I am trying to restrict access to certain actions using a before_filter which seems easy enough. Somehow the ApplicationController is not recognizing that the current_user is the owner of the user edit action. When I take the filter off the controller correctly routes the current_user to their edit view information. Here is the code. Link to call edit action from user controller (views/questions/index.html.erb): <%= link_to "Edit Profile", edit_user_path(:current) %> ApplicationController (I am only posting the code that I think is affecting this but can post the whole thing if needed). class ApplicationController < ActionController::Base def require_owner obj = instance_variable_get("@#{controller_name.singularize.camelize.underscore}") # LineItem becomes @line_item return true if current_user_is_owner?(obj) render_error_message("You must be the #{controller_name.singularize.camelize} owner to access this page", root_url) return false end end and the before_filter class UsersController < ApplicationController before_filter :require_owner, :only => [:edit, :update, :destroy] #... end I simply get the rendering of the error message from the ApplicationController#require_owner action.

    Read the article

  • Code in Global.asax prevents webpage from loading

    - by pete the pagan-gerbil
    I've made a static class to hold a number of configuration values (and also swap these values out in unit tests). If I initialise it in the Global.asax, the code runs correctly but the page doesn't load at all, and trying to navigate to a specific page fails. I can't initialise the values in a constructor or inline on the field declarations, because I need to be able to swap the values out in unit tests before the web.config is interrogated. Basically, putting the one line "ConfigClass.SetValues()" in the Global.asax prevents the app from loading correctly (although, as I say, it runs the code fine) and removing it again makes the app load properly - but without the class values initialised. As an aside, I'm sure I had this working correctly and being initialised in the Global.asax yesterday. I'm positive I didn't take any action to change or break it... Does anyone have advice on how I might track down what's going on here? Was I mistaken that it worked before (always possible) and that I need to go back and redesign something?

    Read the article

  • Documents/links on preventing HTML form fiddling?

    - by larryq
    Hi everyone, I'm using ASP.Net but my question is a little more general than that. I'm interested in reading about strategies to prevent users from fooling with their HTML form values and links in an attempt to update records that don't belong to them. For instance, if my application dealt with used cars and had links to add/remove inventory, which included as part of the URL the userid, what can I do to intercept attempts to munge the link and put someone else's ID in there? In this limited instance I can always run a check at the server to ensure that userid XYZ actually has rights to car ABC, but I was curious what other strategies are out there to keep the clever at bay. (Doing a checksum of the page, perhaps? Not sure.) Thanks for your input.

    Read the article

  • Should I Use Anchor, Button Or Form Submit For "Follow" Feature In Rails

    - by James
    I am developing an application in Rails 3 using a nosql database. I am trying to add a "Follow" feature similar to twitter or github. In terms of markup, I have determined that there are three ways to do this. 1) Use a regular anchor. (Github Uses This Method) <a href="/users/follow?target=Joe">Follow</a> 2) Use a button. (Twitter Uses This Method) <button href="/friendships/create/">Follow</button> 3) Use a form with a submit button. (Has some advantages for me, but I haven't see anyone do it yet.) <form method="post" id="connection_new" class="connection_new" action="/users/follow"> <input type="hidden" value="60d7b563355243796dd8496e17d36329" name="target" id="target"> <input type="submit" value="Follow" name="commit" id="connection_submit"> </form> Since I want to store the user_id in the database and not the username, options 1 and 2 will force me to do a database query to get the actual user_id, whereas option 3 will allow me to store the user_id in a hidden form field so that I don't have to do any database lookups. I can just get the id from the params hash on form submission. I have successfully got each of these methods working, but I would like to know what is the best way to do this. Which way is more semantic, secure, better for spiders, etc...? Is there a reason both twitter and github don't use forms to do this? Any guidance would be appreciated. I am leaning towards using the form method since then I don't have to query the db to get the id of the user, but I am worried that there must be a reason the big guys are just using anchors or buttons for this. I am a newb so go easy on me if I am totally missing something. Thanks!

    Read the article

  • CSRF protecting and cross site form access

    - by fl00r
    Hi. I aw working on cross site authentication (some domains have got common authentication). So I want to send authentication data (login, password) to main domain from others. How should I use protect_from_forgery and how can I check if data received from valid domain? What I am thinking now is to turn off protect_from_forgery for session controller and check domain name of received data. But maybe I can configure CSRF protection for not only one domain?

    Read the article

  • Self signed Certificate Based Authentication

    - by Tadi Vijay Kumar
    Hi All.. I have started a project based on Client server communication in java. What i'm doing is client and server have their own self signed certificates. In initial communication both client and server will exchange their certificates. Server has to verify clients certificate and should grant authentication. Where i struck was on what topic server can validate or invalidate a particular client..? I am unable to proceed from here. So please any of you can give brief explanation about it? if possible some Pseudocode in java..?

    Read the article

  • Can this be imporved? Scrubing of dangerous html tags.

    - by chobo2
    Hi I been finding that for something that I consider pretty import there is very little information or libraries on how to deal with this problem. I found this while searching. I really don't know all the million ways that a hacker could try to insert the dangerous tags. I have a rich html editor so I need to keep non dangerous tags but strip out bad ones. So is this script missing anything? It uses html agility pack. public string ScrubHTML(string html) { HtmlDocument doc = new HtmlDocument(); doc.LoadHtml(html); //Remove potentially harmful elements HtmlNodeCollection nc = doc.DocumentNode.SelectNodes("//script|//link|//iframe|//frameset|//frame|//applet|//object|//embed"); if (nc != null) { foreach (HtmlNode node in nc) { node.ParentNode.RemoveChild(node, false); } } //remove hrefs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//a[starts-with(translate(@href, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("href", "#"); } } //remove img with refs to java/j/vbscript URLs nc = doc.DocumentNode.SelectNodes("//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'javascript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'jscript')]|//img[starts-with(translate(@src, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'vbscript')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.SetAttributeValue("src", "#"); } } //remove on<Event> handlers from all tags nc = doc.DocumentNode.SelectNodes("//*[@onclick or @onmouseover or @onfocus or @onblur or @onmouseout or @ondoubleclick or @onload or @onunload]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("onFocus"); node.Attributes.Remove("onBlur"); node.Attributes.Remove("onClick"); node.Attributes.Remove("onMouseOver"); node.Attributes.Remove("onMouseOut"); node.Attributes.Remove("onDoubleClick"); node.Attributes.Remove("onLoad"); node.Attributes.Remove("onUnload"); } } // remove any style attributes that contain the word expression (IE evaluates this as script) nc = doc.DocumentNode.SelectNodes("//*[contains(translate(@style, 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', 'abcdefghijklmnopqrstuvwxyz'), 'expression')]"); if (nc != null) { foreach (HtmlNode node in nc) { node.Attributes.Remove("stYle"); } } return doc.DocumentNode.WriteTo(); }

    Read the article

  • How to make a secure login using UDID or device token?

    - by Erik B
    So I'm making an app where I want the users to be able add, edit and rate content, but I do not want to force them to register. Instead I was planning on just using their device id or device token to identify them. I'm planning on making both an iPhone and Android version, so I'm looking for a general solution, but the iPhone version has higher priority, so an iPhone specific solution would also be welcome. The problem is that I don't want just anyone to be able to use my web service by sending a phony device id or someone else's device id. How would the client prove to the server that it is providing the correct device id?

    Read the article

  • IntelliJ doesn't seem to pickup certain sbt libraries, no code completion

    - by Blankman
    I am using sbt console in my terminal to compile my scala/play project. I am using intellij to edit my source code, basically using it just for getting some code completion and navigation etc. For some reason certain libraries don't seem to load correctly. For example, I added elastic search to my Dependancies.scala file, reloaded sbt and everything compiles fine but for some reason IntelliJ doesn't pickup the jars correctly i.e. they are in red and there is no syntax completion. How can I fix this? I tried shutting intellij down and restarting it but the problem remains. I am using Intelli 13.1.3 (ultimate)

    Read the article

  • Use Apache authentication in Django without popup

    - by chernevik
    I am using Apache to authenticate users for Django, but I would like to do so without the popup form that Apache uses in its basic configuration. How do I embed the login form within a page while still using Apache for authentication? That is, I'd like a page that says "Please login" and provides a form asking for username and password, and passes this information on to Apache for authentication. (I'd do this over an SSL connection, of course.)

    Read the article

  • What's the best, Escape then store Or store then escape the output?

    - by Axel
    Hi, After doing a long search on stackoverflow i didn't find any one talked about this even if it's a big choice, the Question is what's the best in order to prevent both of XSS and SQL injection, Escaping the data then store it in the DB or Store it as it is and escape when output it? Note: it is better if you give some examples of practics if possible. Thanks

    Read the article

  • Self-signed ceritificates for many users/browsers/sites

    - by Demiurg
    Here is my problem - I have a lot of users using different browsers accessing many internal web sites using https. I can create my own Certificate Authority, than create a certificate for each server and after that have all the users import it. Obviously, it cannot work in reality - there are too many users and too many sites, and some sites will be added in the future. I'm looking for a way to automate this. Is there a way to create a certificate so that all major browsers (IE, FF, Opera, Chrome and Safari) would trust it for all servers ? If so, what is the best way to install it automatically in all major browsers ?

    Read the article

  • code duplication in sql case statements

    - by NS
    Hi I'm trying to output something like the following but am finding that there is a lot of code duplication going on. | australian_has_itch | kiwi_has_itch | | yes | no | | no | n/a | | n/a | no | ... My query looks like this with two case statements that do the same thing but flip the country (my real query has 5 of these case statements): SELECT CASE WHEN NOT EXISTS ( SELECT person_id FROM people_with_skin WHERE people_with_skin.person_id = people.person_id AND people.country = "Australia" ) THEN 'N/A' WHEN EXISTS ( SELECT person_id FROM itch_none_to_report WHERE people.country = "Australia" AND person_id = people.person_id ) THEN 'None to report' WHEN EXISTS ( SELECT person_id FROM itchy_people WHERE people.country = "Australia" AND person_id = people.person_id ) THEN 'Yes' ELSE 'No' END australian_has_itch, CASE WHEN NOT EXISTS ( SELECT person_id FROM people_with_skin WHERE people_with_skin.person_id = people.person_id AND people.country = "NZ" ) THEN 'N/A' WHEN EXISTS ( SELECT person_id FROM itch_none_to_report WHERE people.country = "NZ" AND person_id = people.person_id ) THEN 'None to report' WHEN EXISTS ( SELECT person_id FROM itchy_people WHERE people.country = "NZ" AND person_id = people.person_id ) THEN 'Yes' ELSE 'No' END kiwi_has_itch, FROM people Is there a way for me to condense this somehow and not have so much code duplication? Thanks!

    Read the article

  • Code snippets in interview

    - by Maddy
    Hi All, Recently I went to an interview for a C development position. Instead of asking me questions, they just gave me 20 code snippets to find out two logical errors on each one. I just couldn't complete all of the 20 since it took me time to go through each of these code snippets. My question is: Is this the right way to judge a candidate? If yes, how can I improve over my error detection skills so that I don't need to waste a lot of time in the next interview? If possible, please, suggest me some links where I could find lots of samples of such questions (mainly in C). Thanks and regards, Maddy

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 308 309 310 311 312 313 314 315 316 317 318 319  | Next Page >