Search Results

Search found 3698 results on 148 pages for 'dependency injection'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 9/148 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • Successful SQL Injection despite PHP Magic Quotes

    - by Crimson
    I have always read that Magic Quotes do not stop SQL Injections at all but I am not able to understand why not! As an example, let's say we have the following query: SELECT * FROM tablename WHERE email='$x'; Now, if the user input makes $x=' OR 1=1 --, the query would be: SELECT * FROM tablename WHERE email='\' OR 1=1 --'; The backslash will be added by Magic Quotes with no damage done whatsoever! Is there a way that I am not seeing where the user can bypass the Magic Quote insertions here?

    Read the article

  • Circular Dependency Solution

    - by gfoley
    Our current project has ran into a circular dependency issue. Our business logic assembly is using classes and static methods from our SharedLibrary assembly. The SharedLibrary contains a whole bunch of helper functions, such as a SQL Reader class, Enumerators, Global Variables, Error Handling, Logging and Validation. The SharedLibrary needs access to the Business objects, but the Business objects need access to SharedLibrary. The old developers solved this obvious code smell by replicating the functionality of the business objects in the shared library (very anti-DRY). I've spent a day now trying to read about my options to solve this but i'm hitting a dead end. I'm open to the idea of architecture redesign, but only as a last resort. So how can i have a Shared Helper Library which can access the business objects, with the business objects still accessing the Shared Helper Library?

    Read the article

  • Logging exceptions during bean injection

    - by Marc W
    I think this is a pretty basic question, but after Googling around I can't seem to find the answer. What I need is a way to log some custom output with log4j during Spring bean construction. I have a factory class called ResponderFactory (being used as an instance factory in Spring) with a factory method that can throw 2 different types of exception. public CollectorResponder collectorResponder(String inputQueueName) throws ConfigurationException, BrokerConnectionException {} Now, normally I could wrap a call to this method in a try-catch block with 2 catch clauses to handle the logging situations for each of the exceptions. However, if I'm using Spring to inject this CollectorResponder, created with the factory, into another class I don't see how this is possible. <bean id="responderFactory" class="com.package.ResponderFactory"> <constructor-arg index="0" ref="basicDispatcher" /> <constructor-arg index="1" value="http://localhost:9000" /> </bean> <bean id="collectorResponder" class="com.package.CollectorResponder" factory-bean="responderFactory" factory-method="collectorResponder"> <constructor-arg value="collector.in" /> </bean> <bean id="collectorConsumer" class="com.package.CollectorConsumer"> <constructor-arg ref="collectorResponder" /> </bean> Again, I want to catch these exceptions when the collectorResponder bean is instantiated. Right now I'm dealing with this is CollectorConsumer when I instantiate using new CollectorResponder(...). Is there any way I can do this?

    Read the article

  • ruby on rails params injection

    - by Julien P.
    Hello everyone, I have a question about ruby on rails and the process of assigning variables using the params variable passed through a form class User attr_accessible :available_to_admins, :name end Let's say that I have a field that is only available to my admins. Assuming that you are not an admin, I am going to not display the available_to_admins input in your form. After that, when I want to save your data I'll just do a: User.update_attributes(params[:user]) If you are an admin, then no problem, the params[:user] is going to contain name and available_tu_admins and if you're not then only your name. Since the available_to_admins is an attr_accessible parameter, how should I prevent non admin users from being able to inject a variable containing the available_to_admins input with their new value?

    Read the article

  • Instance management with Dependency injection (DI)

    - by Sven
    Hello I'm trying to understand how DI exactly works. I'm currently using Windsor as DI container. I use this to load my services dynamically in code without direct reference. But I have change behaviour and want to know a bit more on the instance mgmt using DI. I have a web app projct, here is a WCF service using PerCall as instancemode. This means, new instance/call. In this WCF I call a service (loaded via DI) and this service calls another service (again loaded via DI). The WCF is a new instance in the appdomain, but what about the services. They are also new instances? Is this DI container shared among all WCF instances and are the services in this container also single instances? Can anyone clarify?

    Read the article

  • StructureMap resolve dependency through injection instead of service location

    - by Chris Marisic
    In my project I register many ISerializers implementations with the assembly scanner. FWIW this is the code that registers my ISerializers Scan(scanner => { scanner.AssemblyContainingType<ISerializer>(); scanner.AddAllTypesOf<ISerializer>().NameBy(type => type.Name); scanner.WithDefaultConventions(); }); Which then correctly registers ISerializer (...ISerializer) Scoped as: Transient JsonSerializer Configured Instance of ...JsonSerializer BsonSerializer Configured Instance of ...BsonSerializer And so forth. Currently the only way I've been able to figure out how to resolve the serializer I want is to hardcode a service location call with jsonSerializer = ObjectFactory.GetNamedInstance<ISerializer>("JsonSerializer"); Now I know in my class that I specifically want the jsonSerializer so is there a way to configure a rule or similar that says for ISerializer's to connect the named instance based on the property name? So that I could have MySomeClass(ISerializer jsonSerializer, ....) And StructureMap correctly resolve this scenario? Or am I approaching this wrong and perhaps I should just register the concrete type that implements ISerializer and then just specifically use MySomeClass(JsonSerializer jsonSerializer, ....) for something along these lines with the concrete class?

    Read the article

  • Dependency Injection Question - ASP.NET

    - by Paul
    I'm starting a web application that contains the following projects: Booking.Web Booking.Services Booking.DataObjects Booking.Data I'm using the repository pattern in my data project only. All services will be the same, no matter what happens. However, if a customer wants to use Access, it will use a different data repository than if the customer wants to use SQL Server. I have StructureMap, and want to be able to do the following: Web project is unaffected. It's a web forms application that will only know about the services project and the dataobjects project. When a service is called, it will use StructureMap (by looking up the bootstrapper.cs file) to see which data repository to use. An example of a services class is the error logging class: public class ErrorLog : IErrorLog { ILogging logger; public ErrorLog() { } public ErrorLog(ILogging logger) { this.logger = logger; } public void AddToLog(string errorMessage) { try { AddToDatabaseLog(errorMessage); } catch (Exception ex) { AddToFileLog(ex.Message); } finally { AddToFileLog(errorMessage); } } private void AddToDatabaseLog(string errorMessage) { ErrorObject error = new ErrorObject { ErrorDateTime = DateTime.Now, ErrorMessage = errorMessage }; logger.Insert(error); } private void AddToFileLog(string errorMessage) { // TODO: Take this value from the web.config instead of hard coding it TextWriter writer = new StreamWriter(@"E:\Work\Booking\Booking\Booking.Web\Logs\ErrorLog.txt", true); writer.WriteLine(DateTime.Now.ToString() + " ---------- " + errorMessage); writer.Close(); } } I want to be able to call this service from my web project, without defining which repository to use for the data access. My boostrapper.cs file in the services project is defined as: public class Bootstrapper { public static void ConfigureStructureMap() { ObjectFactory.Initialize(x => { x.AddRegistry(new ServiceRegistry()); } ); } public class ServiceRegistry : Registry { protected override void configure() { ForRequestedType<IErrorLog>().TheDefaultIsConcreteType<Booking.Services.Logging.ErrorLog>(); ForRequestedType<ILogging>().TheDefaultIsConcreteType<SqlServerLoggingProvider>(); } } } What else do I need to get this to work? When I defined a test, the ILogger object was null. Thanks,

    Read the article

  • Is testability alone justification for dependency injection?

    - by fearofawhackplanet
    The advantages of DI, as far as I am aware, are: Reduced Dependencies More Reusable Code More Testable Code More Readable Code Say I have a repository, OrderRepository, which acts as a repository for an Order object generated through a Linq to Sql dbml. I can't make my orders repository generic as it performs mapping between the Linq Order entity and my own Order POCO domain class. Since the OrderRepository by necessity is dependent on a specific Linq to Sql DataContext, parameter passing of the DataContext can't really be said to make the code reuseable or reduce dependencies in any meaningful way. It also makes the code harder to read, as to instantiate the repository I now need to write new OrdersRepository(new MyLinqDataContext()) which additionally is contrary to the main purpose of the repository, that being to abstract/hide the existence of the DataContext from consuming code. So in general I think this would be a pretty horrible design, but it would give the benefit of facilitating unit testing. Is this enough justification? Or is there a third way? I'd be very interested in hearing opinions.

    Read the article

  • Website Link Injection

    - by Ryan B
    I have a website that is fairly static. It has some forms on it to send in contact information, mailing list submissions, etc. Perhaps hours/days after an upload to the site I found that the main index page had new code in it that I had not placed there that contained a hidden bunch of links in a invisible div. I have the following code the handles the variables sent in from the form. <?php // PHP Mail Order to [email protected] w/ some error detection. $jamemail = "[email protected]"; function check_input($data, $problem='') { $data = trim($data); $data = stripslashes($data); $data = htmlspecialchars($data); if ($problem && strlen($data) == 0) { die($problem); } return $data; } $email = check_input($_POST['email'], "Please input email address."); $name = check_input($_POST['name'], "Please input name."); mail($jamemail, "Mailing List Submission", "Name: " . $name . " Email: " .$email); header('Location: index.php'); ?> I have the following code within the index page to present the form with some Javascript to do error detection on the content of the submission prior to submission. <form action="sendlist.php" method="post" onSubmit="return checkmaill(this);"> <label for="name"><strong>Name: </strong></label> <input type="text" name="name"/><br /> <label for="email"><strong>Email: </strong></label> <input type="text" name="email"/><br /> &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="Subscribe" style="width: 100px;"/> </form> At the end of the day, the source code where the injected hyperlinks is as follows: </body> </html><!-- google --><font style="position: absolute;overflow: hidden;height: 0;width: 0"> xeex172901 <a href=http://menorca.caeb.com/od9c2/xjdmy/onondaga.php>onondaga</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/tami.php>tami</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/shotguns.php>shotguns</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/weir.php>weir</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/copperhead.php>copperhead</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/mpv.php>mpv</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/brunei.php>brunei</a> <a href=http://menorca.caeb.com/od9c2/xjdmy/doreen.php>doreen</a>

    Read the article

  • Dependency injection: Scoping by region (Guice, Spring, Whatever)

    - by Itay
    Here's a simplified version of my needs. I have a program where every B object has its own C and D object, injected through Guice. In addition an A object is injected into every C and D objects. What I want: that for each B object, its C and D objects will be injected with the same A object. Specifically, I want the output of the program (below) to be: Created C0 with [A0] Created D0 with [A0] Created B0 with [C0, D0] Created C1 with [A1] Created D1 with [A1] Created B1 with [C1, D1] Where it currently produces the following output: Created C0 with [A0] Created D0 with [A1] <-- Should be A0 Created B0 with [C0, D0] Created C1 with [A2] <-- Should be A1 Created D1 with [A3] <-- Should be A1 Created B1 with [C1, D1] I am expecting DI containers to allow this kind of customization but so far I had no luck in finding a solution. Below is my Guice-based code, but a Spring-based (or other DI containers-based) solution is welcome. import java.util.Arrays; import com.google.inject.*; public class Main { public static class Super { private static Map<Class<?>,Integer> map = new HashMap<Class<?>,Integer>(); private Integer value; public Super(Object... args) { value = map.get(getClass()); value = value == null ? 0 : ++value; map.put(getClass(), value); if(args.length > 0) System.out.println("Created " + this + " with " + Arrays.toString(args)); } @Override public final String toString() { return "" + getClass().getSimpleName().charAt(0) + value; } } public interface A { } public static class AImpl extends Super implements A { } public interface B { } public static class BImpl extends Super implements B { @Inject public BImpl(C c, D d) { super(c,d); } } public interface C { } public static class CImpl extends Super implements C { @Inject public CImpl(A a) { super(a); } } public interface D { } public static class DImpl extends Super implements D { @Inject public DImpl(A a) { super(a); } } public static class MyModule extends AbstractModule { @Override protected void configure() { bind(A.class).to(AImpl.class); bind(B.class).to(BImpl.class); bind(C.class).to(CImpl.class); bind(D.class).to(DImpl.class); } } public static void main(String[] args) { Injector inj = Guice.createInjector(new MyModule()); inj.getInstance(B.class); inj.getInstance(B.class); } }

    Read the article

  • MySQL INJECTION Solution...

    - by Val
    I have been bothered for so long by the MySQL injections and was thinking of a way to eliminate this problem all together. I have came up with something below hope that many people will find this useful. The only Draw back I can think of this is the partial search: Jo =returns "John" by using the like %% statement. Here is a php solution: <?php function safeQ(){ $search= array('delete','select');//and every keyword... $replace= array(base64_encode('delete'),base64_encode('select')); foreach($_REQUEST as $k=>$v){ str_replace($search, $replace, $v); } } foo(); function html($str){ $search= array(base64_encode('delete'),base64_encode('select')); $replace= array('delete','select');//and every keyword... str_replace($search, $replace, $str); } //example 1 ... ... $result = mysql_fetch_array($query); echo html($result[0]['field_name']); //example 2 $select = 'SELECT * FROM safeQ($_GET['query']) '; //example 3 $insert = 'INSERT INTO .... value(safeQ($_GET['query']))'; ?> I know, I know that you still could inject using 1=1 or any other type of injections... but this I think could solve half of your problem so the right mysql query is executed. So my question is if anyone can find any draw backs on this then please feel free to comment here. PLEASE GIVE AN ANSWER only if you think that this is a very useful solution and no major drawbacks are found OR you think is a bad idea all together...

    Read the article

  • SQL Injection on INSERT

    - by freddy
    Hi, I'm currently testing Vulnerabiltys to SQL Injections for my companys application as an it-trainee. So I found, that the application is indeed vulnerable to injections because I can alter some of the insert statements. So I altered the insert Statement to this: INSERT INTO tablename( column, column1, column2, column3, column4,column5, column6, column7, column8 ) VALUES ( 10965972, 185796154, 25, 23,2023, '', CURRENT_DATE, 'v0201100', 18); DELETE * FROM tablename;-- , 2023,'a', CURRENT_DATE, 'v0201100', 18 ) I thought this should be a correct statement, but the MySQL Server returned this Error: MySQL Error: 1064 (You have an error in your SQL syntax;[...] Would be nice if somebody could help and tell my why the syntax is wrong... Thanks for your help :-)

    Read the article

  • Dependency Injection and Unit of Work pattern

    - by sunwukung
    I have a dilemma. I've used DI (read: factory) to provide core components for a homebrew ORM. The container provides database connections, DAO's,Mappers and their resultant Domain Objects on request. Here's a basic outline of the Mappers and Domain Object classes class Mapper{ public function __constructor($DAO){ $this->DAO = $DAO; } public function load($id){ if(isset(Monitor::members[$id]){ return Monitor::members[$id]; $values = $this->DAO->selectStmt($id); //field mapping process omitted for brevity $Object = new Object($values); return $Object; } } class User(){ public function setName($string){ $this->name = $string; //mark modified by means fair or foul } } The ORM also contains a class (Monitor) based on the Unit of Work pattern i.e. class Monitor(){ private static array modified; private static array dirty; public function markClean($class); public function markModified($class); } The ORM class itself simply co-ordinates resources extracted from the DI container. So, to instantiate a new User object: $Container = new DI_Container; $ORM = new ORM($Container); $User = $ORM->load('user',1); //at this point the container instantiates a mapper class //and passes a database connection to it via the constructor //the mapper then takes the second argument and loads the user with that id $User->setName('Rumpelstiltskin');//at this point, User must mark itself as "modified" My question is this. At the point when a user sets values on a Domain Object class, I need to mark the class as "dirty" in the Monitor class. I have one of three options as I can see it 1: Pass an instance of the Monitor class to the Domain Object. I noticed this gets marked as recursive in FirePHP - i.e. $this-Monitor-markModified($this) 2: Instantiate the Monitor directly in the Domain Object - does this break DI? 3: Make the Monitor methods static, and call them from inside the Domain Object - this breaks DI too doesn't it? What would be your recommended course of action (other than use an existing ORM, I'm doing this for fun...)

    Read the article

  • Dependency Injection: How to maintain multiple configurations?

    - by Malax
    Hi StackOverflow, Lets assume we've build a system with a DI framework which is working quite fine. This system currently uses JMS to "talk" with other systems not maintained by us. The majority of our customers like the JMS approach and uses it according to our specification. The component which does all the messaging is injected with Spring into the rest of the application. Now we got the case that one customer cannot implement the JMS solution and want to use another messaging technology. Thats not a problem because we can simply implement a messaging service using this technology and inject it in the rest of the application. But how are we supposed to handle the deployment and maintenance of the configuration? Since the application uses Spring i could imagine to check in all the configurations i have for this application and the system administrator could start the application and passing the name of the DI XML file to specify which configuration should be loaded. But... it just don't feel right. Are there any solutions for such cases available? What are the best-practices you use? I could even imagine more complex scenarios which do not contain only one service substitution... Thanks a lot!

    Read the article

  • Trouble with object injection in Spring.Net

    - by Abdel Olakara
    Hi all, I have a issue with my Spring.Net configuration where its not injecting an object. I have a CommService to which an object named GeneralEmail is injected to. Here is the configuration: <!-- GeneralMail Object --> <object id="GeneralMailObject" type="CommUtil.Email.GeneralEmail, CommUtil"> <constructor-arg name="host" value="xxxxx.com"/> <constructor-arg name="port" value="25"/> <constructor-arg name="user" value="[email protected]"/> <constructor-arg name="password" value="xxxxx"/> <constructor-arg name="template" value="xxxxx"/> </object> <!-- Communication Service --> <object id="CommServiceObject" type="TApp.Code.Services.CommService, TApp"> <property name="emailService" ref="GeneralMailObject" /> </object> The communication service object is again injected to many other aspx pages & service. In one scenario, I need to call the commnucation service from an static WebMethod. I try doing: CommService cso = new CommService(); But when i try to get the emailService object, its null! why didn't the spring inject the GeneralMail object into my cso object? What am I doing wrong and how do I access the object from spring container. Thanks in advance for the suggestions and solutions. Reagrds, Abdel Olakara

    Read the article

  • deep injection - spring

    - by Bob
    What is the best way (or options) for accessing spring components at layers deep within the application that aren't managed by spring? For example, I have a low level utility POJO class into which I need to autowire/inject a spring component. I'll call it LowLevelHelper. There are multiple classes that use LowLevelHelper - most are layers away from anything that is hooked up with spring. One option would be to make all the layers in to spring components, but that seems like I'm hacking my design to force spring to help me. I have some complex things going on that won't be nearly as clean if I have to @Autowire all the pieces and don't new anything. Another option might be to manually inject the component in the low level class, but I'm not really sure if this is possible or the right solution.

    Read the article

  • SQL Injection prevention

    - by simonsabin
    Just asking people not to use a list of certain words is not prevention from SQL Injection https://homebank.sactocu.org/UA2004/faq-mfa.htm#pp6 To protect yourself from SQL Injection you have to do 1 simple thing. Do not build your SQL statements by concatenating values passed by the user into a string an executing them. If your query has to be dynamic then make sure any values passed by a user are passed as parameters and use sp_executesql in TSQL or a SqlCommand object in ADO.Net...(read more)

    Read the article

  • Best way to stop SQL Injection in PHP

    - by Andrew G. Johnson
    So specifically in a mysql database. Take the following code and tell me what to do. // connect to the mysql database $unsafe_variable = $_POST["user-input"]; mysql_query("INSERT INTO table (column) VALUES ('" . $unsafe_variable . "')"); // disconnect from the mysql database

    Read the article

  • Spring overloaded constructor injection

    - by noob
    This is the code : public class Triangle { private String color; private int height; public Triangle(String color,int height){ this.color = color; this.height = height; } public Triangle(int height ,String color){ this.color = color; this.height = height; } public void draw() { System.out.println("Triangle is drawn , + "color:"+color+" ,height:"+height); } } The Spring config-file is : <bean id="triangle" class="org.tester.Triangle"> <constructor-arg value="20" /> <constructor-arg value="10" /> </bean> Is there any specific rule to determine which constructor will be called by Spring ?

    Read the article

  • Maven and db4o dependency

    - by Jens Jansson
    I'm intrigued to test new frameworks in the Java world, and decided to create a new project that takes advantage of Maven and db4o. I'm starting to get a hang of Maven, but I have a hard time adding db4o as a dependency to the project. First problem is that db4o doesn't exist in the official Maven repositories. Next up comes the problem that db4o seem to have recently restructured their whole site's URI:s, so I'm getting 'site not found' messages all the time when I try to navigate their site. I found somewhere a potential Maven repository that should be at https://source.db4o.com/maven but I get all the time "Error reading archetype catalog https://source.db4o.com/maven Unable to locate resource in repository" when I try to access it. So, any suggestions on how I'll get db4o up through Maven? I've managing Maven through Eclipse with the M2Eclipse plugin.

    Read the article

  • NHibernate on WCF Dependency Injection

    - by Diego Dias
    Hi, I would like of inject a wrapper of my sessionfactory in my wcf service, but my service is in other server and I want set nhibernate in my site asp.net. I have a interface as: public interface ISessionBuilder { ISession Current{get;}; void Close(); } public class SessionBuilder : ISessionBuilder { static SessionBuilder() { Initialize(); } public ISession Current{ get; private set; } public void Close() { //aqui eu fecho a session } private static void Initialize() { //aqui eu configuro o NHibernate } } I want to be able of set SessionBuilder in the site asp.net and inject this implementation in my wcf Service where I have my repositories which will consume SessionBuilder to query my database. Anyone have some sugestion?

    Read the article

  • Getting 'this' pointer inside dependency property changed callback

    - by mizipzor
    I have the following dependency property inside a class: class FooHolder { public static DependencyProperty CurrentFooProperty = DependencyProperty.Register( "CurrentFoo", typeof(Foo), typeof(FooHandler), new PropertyMetadata(OnCurrentFooChanged)); private static void OnCurrentFooChanged(DependencyObject d, DependencyPropertyChangedEventArgs e) { FooHolder holder = (FooHolder) d.Property.Owner; // <- something like this // do stuff with holder } } I need to be able to retrieve a reference to the class instance in which the changed property belongs. This is since FooHolder has some event handlers that needs to be hooked/unhooked when the value of the property is changed. The property changed callback must be static, but the event handler is not.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >