Search Results

Search found 92406 results on 3697 pages for 'code examples'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 97/3697 | < Previous Page | 93 94 95 96 97 98 99 100 101 102 103 104  | Next Page >

  • How I might think like a hacker so that I can anticipate security vulnerabilities in .NET or Java before a hacker hands me my hat [closed]

    - by Matthew Patrick Cashatt
    Premise I make a living developing web-based applications for all form-factors (mobile, tablet, laptop, etc). I make heavy use of SOA, and send and receive most data as JSON objects. Although most of my work is completed on the .NET or Java stacks, I am also recently delving into Node.js. This new stack has got me thinking that I know reasonably well how to secure applications using known facilities of .NET and Java, but I am woefully ignorant when it comes to best practices or, more importantly, the driving motivation behind the best practices. You see, as I gain more prominent clientele, I need to be able to assure them that their applications are secure and, in order to do that, I feel that I should learn to think like a malevolent hacker. What motivates a malevolent hacker: What is their prime mover? What is it that they are most after? Ultimately, the answer is money or notoriety I am sure, but I think it would be good to understand the nuanced motivators that lead to those ends: credit card numbers, damning information, corporate espionage, shutting down a highly visible site, etc. As an extension of question #1--but more specific--what are the things most likely to be seeked out by a hacker in almost any application? Passwords? Financial info? Profile data that will gain them access to other applications a user has joined? Let me be clear here. This is not judgement for or against the aforementioned motivations because that is not the goal of this post. I simply want to know what motivates a hacker regardless of our individual judgement. What are some heuristics followed to accomplish hacker goals? Ultimately specific processes would be great to know; however, in order to think like a hacker, I would really value your comments on the broader heuristics followed. For example: "A hacker always looks first for the low-hanging fruit such as http spoofing" or "In the absence of a CAPTCHA or other deterrent, a hacker will likely run a cracking script against a login prompt and then go from there." Possibly, "A hacker will try and attack a site via Foo (browser) first as it is known for Bar vulnerability. What are the most common hacks employed when following the common heuristics? Specifics here. Http spoofing, password cracking, SQL injection, etc. Disclaimer I am not a hacker, nor am I judging hackers (Heck--I even respect their ingenuity). I simply want to learn how I might think like a hacker so that I may begin to anticipate vulnerabilities before .NET or Java hands me a way to defend against them after the fact.

    Read the article

  • Big project layout : adding new feature on multiple sub-projects

    - by Shiplu
    I want to know how to manage a big project with many components with version control management system. In my current project there are 4 major parts. Web Server Admin console Platform. The web and server part uses 2 libraries that I wrote. In total there are 5 git repositories and 1 mercurial repository. The project build script is in Platform repository. It automates the whole building process. The problem is when I add a new feature that affects multiple components I have to create branch for each of the affected repo. Implement the feature. Merge it back. My gut feeling is "something is wrong". So should I create a single repo and put all the components there? I think branching will be easier in that case. Or I just do what I am doing right now. In that case how do I solve this problem of creating branch on each repository?

    Read the article

  • Apache proxy is modifying the HTTP status code

    - by jarnbjo
    I am using Apache as a proxy frontend for a Java web application, which is deployed on WebSphere. The web application is using custom status codes (55x) to signal specific errors to the clients. When accessing the web application directly through the WebSphere HTTP listener, everything works as expected, but when these requests are proxied through an Apache load balancer, the status codes are modified by Apache and replaced with a generic 500 error code (internal server error). In Apache's access.log, the correct status code is logged: <IP> - - [11/Nov/2011:17:24:53 +0100] "POST <URL> HTTP/1.1" 551 36 But the actual response received by the client starts like this (logged with tcpdump): HTTP/1.1 500 Internal Server Error ... Followed by the real status code in the response content: ... Error 551: Berichteter Fehler: 551 ... Is there an obvious reason for this behaviour or does someone have a suggestion on how to modify the Apache configuration to forward the "real" status code instead of 500?

    Read the article

  • Is there a variable width font that does not change width when adding effects like bold, italic?

    - by George Bailey
    NetBeans has a word wrap feature now - but if the font changes width when bold then it gets all jumpy and sometimes hard to work with. Edit: It turns out that even with Courier New that NetBeans word wrap still jumps up and down lines at a time at random. I guess that this question no longer cares for an answer. However,, it seems that there is no answer. (at least nobody has brought one up yet) I am currently using Comic Sans MS which gets wider when bold.

    Read the article

  • Simple vs Complex (but performance efficient) solution - which one to choose and when?

    - by ManojGumber
    I have been programming for a couple of years and have often found myself at a dilemma. There are two solutions - one is simple one i.e. simple approach, easier to understand and maintain. It involves some redundancy, some extra work (extra IO, extra processing) and therefore is not the most optimal solution. but other uses a complex approach,difficult to implement, often involving interaction between lot of modules and is a performance efficient solution. Which solution should I strive for when I do not have hard performance SLA to meet and even the simple solution can meet the performance SLA? I have felt disdain among my fellow developers for simple solution. Is it good practice to come up with most optimal complex solution if your performance SLA can be met by a simple solution?

    Read the article

  • Unit testing time-bound code

    - by maasg
    I'm currently working on an application that does a lot of time-bound operations. That is, based on long now = System.currentTimeMillis();, and combined with an scheduler, it will calculate periods of time that parametrize the execution of some operations. e.g.: public void execute(...) { // executed by an scheduler each x minutes final int now = (int) TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis()); final int alignedTime = now - now % getFrequency() ; final int startTime = alignedTime - 2 * getFrequency(); final int endTimeSecs = alignedTime - getFrequency(); uploadData(target, startTime, endTimeSecs); } Most parts of the application are unit-tested independently of time (in this case, uploadData has a natural unit test), but I was wondering about best practices for testing time-bound parts that rely on System.currentTimeMillis() ?

    Read the article

  • Download ASP.NET MVC Source Code

    - by Editor
    From Scott Guthrie’s blog: Last month I blogged about our ASP.NET MVC Roadmap. Two weeks ago we shipped the ASP.NET Preview 2 Release. Phil Haack from the ASP.NET team published a good blog post about the release here. Scott Hanselman has created a bunch of great ASP.NET MVC tutorial videos [...]

    Read the article

  • CodeGolf : Find the Unique Paths

    - by st0le
    Here's a pretty simple idea, in this pastebin I've posted some pair of numbers. These represent Nodes of a unidirected connected graph. The input to stdin will be of the form, (they'll be numbers, i'll be using an example here) c d q r a b d e p q so x y means x is connected to y (not viceversa) There are 2 paths in that example. a->b->c->d->e and p->q->r. You need to print all the unique paths from that graph The output should be of the format a->b->c->d->e p->q->r Notes You can assume the numbers are chosen such that one path doesn't intersect the other (one node belongs to one path) The pairs are in random order. They are more than 1 paths, they can be of different lengths. All numbers are less than 1000. If you need more details, please leave a comment. I'll amend as required. Shameless-Plug For those who enjoy Codegolf, please Commit at Area51 for its very own site:) (for those who don't enjoy it, please support it as well, so we'll stay out of your way...)

    Read the article

  • Aptana Ext code completion in .php files

    - by Frederik Wordenskjold
    I'm having problems getting the code-completion for the Ext 3.2 plugin to work, when working with .php files. I've also installed the php plugin for Aptana, and the same thing applies for php - I cannot access php code-completion when working with a html-file, so it seems like a general issue... It's also not possible to write Ext in .js files, which is weird... The latter case does make sense of course. But I should be able to write both php and Ext in .php files! Is this possible in any way? I have of course tested the code-completion for php in a .php file, which works. The same applies for Ext code in .html documents!

    Read the article

  • Inspection, code review - is it really testing?

    - by user970696
    ISTQB, Wikipedia or other sources classify verification acitivities (reviews etc.) as a static testing, yet other do not. If we can say that peer reviews and inspections are actually a kind of a testing, then a lot of standards do not make sense (consider e.g. ISO which say that validation is done by testing, while verification by checking of work products) - it should at least say dynamic testing for validation, shouldn't it? I am completing master thesis dealing with QA and I must admit that I have never seen worse and more ambiguous and contradicting literature than in this field :/ Do you think (and if so, why) that static testing is a good and justifiable term or should we stick to testing and static checks/analysis?

    Read the article

  • need some concrete examples on user stories, tasks and how they relate to functional and technical specifications

    - by gideon
    Little heads up, Im the only lonely dev building/planning/mocking my project as I go. Ive come up with a preview release that does only the core aspects of the system, with good business value and I've coded most of the UI as dirty throw-able mockups over nicely abstracted and very minimal base code. In the end I know quite well what my clients want on the whole. I can't take agile-ish cowboying anymore because Im completely dis-organized and have no paper plan and since my clients are happy, things are getting more complex with more features and ideas. So I started using and learning Agile & Scrum Here are my problems: I know what a functional spec is.(sample): Do all user stories and/or scenarios become part of the functional spec? I know what user stories and tasks are. Are these kinda user stories? I dont see any Business Value reason added to them. I made a mind map using freemind, I had problems like this: Actor : Finance Manager Can Add a Financial Plan into the system because well thats the point of it? What Business Value reason do I add for things like this? Example : A user needs to be able to add a blog article (in the blogger app) because..?? Its the point of a blogger app, it centers around that feature? How do I go into the finer details and system definitions: Actor: Finance Manager Action: Adds a finance plan. This adding is a complicated process with lots of steps. What User Story will describe what a finance plan in the system is ?? I can add it into the functional spec under definitions explaining what a finance plan is and how one needs to add it into the system, but how do I get to the backlog planning from there? Example: A Blog Article is mostly a textual document that can be written in rich text in the system. To add a blog article one must...... But how do you create backlog list/features out of this? Where are the user stories for what a blog article is and how one adds/removes it? Finally, I'm a little confused about the relations between functional specs and user stories. Will my spec contain user stories in them with UI mockups? Now will these user stories then branch out tasks which will make up something like a technical specification? Example : EditorUser Can add a blog article. Use XML to store blog article. Add a form to add blog. Add Windows Live Writer Support. That would be agile tasks but would that also be part of/or form the technical specs? Some concrete examples/answers of my questions would be nice!!

    Read the article

  • Organizing ASP.Net Single Page Application with Nancy

    - by OnesimusUnbound
    As a personal project, I'm creating a single page, asp.net web application using Nancy to provide RESTful services to the single page. Due to the complexity of the single page, particularly the JavaScripts used, I've think creating a dedicated project for the client side of web development and another for service side will organize and simplify the development. solution | +-- web / client side (single html page, js, css) | - contains asp.net project, and nancy library | to host the modules in application project folder | +-- application / service (nancy modules, bootstrap for other layer) | . . . and other layers (three tier, domain driven, etc) . Is this a good way of organizing a complex single page application? Am I over-engineering the web app, incurring too much complexity?

    Read the article

  • Matching the superclass's constructor's parameter list, is treating a null default value as a non-null value within a constructor a violation of LSP?

    - by Panzercrisis
    I kind of ran into this when messing around with FlashPunk, and I'm going to use it as an example. Essentially the main sprite class is pretty much class Entity. Entity's constructor has four parameters, each with a default value. One of them is graphic, whose default value is null. Entity is designed to be inherited from, with many such subclasses providing their own graphic within their own internal workings. Normally these subclasses would not have graphic in their constructor's parameter lists, but would simply pick something internally and go with it. However I was looking into possibly still adhering to the Liskov Substitution Principal. Which led me to the following example: package com.blank.graphics { import net.flashpunk.*; import net.flashpunk.graphics.Image; public class SpaceGraphic extends Entity { [Embed(source = "../../../../../../assets/spaces/blank.png")] private const BLANK_SPACE:Class; public function SpaceGraphic(x:Number = 0, y:Number = 0, graphic:Graphic = null, mask:Mask = null) { super(x, y, graphic, mask); if (!graphic) { this.graphic = new Image(BLANK_SPACE); } } } } Alright, so now there's a parameter list in the constructor that perfectly matches the one in the super class's constructor. But if the default value for graphic is used, it'll exhibit two different behaviors, depending on whether you're using the subclass or the superclass. In the superclass, there won't be a graphic, but in the subclass, it'll choose the default graphic. Is this a violation of the Liskov Substitution Principal? Does the fact that subclasses are almost intended to use different parameter lists have any bearing on this? Would minimizing the parameter list violate it in a case like this? Thanks.

    Read the article

  • What to do when a project is too difficult to continue developing?

    - by MaxWell
    As a developer, can you tell your project manager that an application is unworkable? Or, if you're a project manager, how would you need this presented to you in order to be compelled? This isn't about "how to work on a poor project", it's assuming you cannot. I can provide an example of the situation if anyone thinks it's important, but I'm trying to avoid proposed solutions to "plodding through".

    Read the article

  • Why is it java code indented as BSD KNF Style and C C++ code indented as Allman or BSD style?

    - by Caffeine
    I do understand that coding convention is a matter of preference, and that different coding conventions have different subtle advantages or shortcomings, and depending on what one wants, one should choose his/her style. But why is usually Java written where the opening brace is on the same line as the function definition of control statement, and in C or C++ the curly braces have a line of their own? BSD KNF style if (data != NULL && res > 0) { if (JS_DefineProperty(cx, o, "data", STRING_TO_JSVAL(JS_NewStringCopyN(cx, data, res)), NULL, NULL, JSPROP_ENUMERATE) != 0) { QUEUE_EXCEPTION("Internal error!"); goto err; } PQfreemem(data); } else { if (JS_DefineProperty(cx, o, "data", OBJECT_TO_JSVAL(NULL), NULL, NULL, JSPROP_ENUMERATE) != 0) { QUEUE_EXCEPTION("Internal error!"); goto err; } } Allman or BSD Style if (x == y) { something(); somethingelse(); } Courtesy: http://en.wikipedia.org/wiki/Indent_style

    Read the article

  • HP openview servicedesk: looking for api information ?

    - by Zagorulkin Dmitry
    Good day folks. I am very confused in this situation. I need to implement system which will be based on HP open view service desk 4.5 api. But this system are reached the end of supporting period. On oficial site no information available I am looking an information about this API(articles, samples etc). Now i have only web-api.jar and javadoc. Methods in javadoc is bad documented. If you have any info, please share it with me. Thanks. Second question: there are methods for api(with huge amount of methods) understanding if it not documented or information is not available? PS:If it question is not belong here i will delete it.

    Read the article

  • What's the best algorithm for... [closed]

    - by Paska
    Hi programmers! Today come out a little problem. I have an array of coordinates (latitude and longitude) maded in this way: [0] = "45.01234,9.12345" [1] = "46.11111,9.12345" [2] = "47.22222,9.98765" [...] etc In a loop, convert these coordinates in meters (UTM northing / UTM easting) and after that i convert these coords in pixel (X / Y) on screen (the output device is an iphone) to draw a route line on a custom map. [0] = "512335.00000,502333.666666" [...] etc The returning pixel are passed to a method that draw a line on screen (simulating a route calculation). [0] = "20,30" [1] = "21,31" [2] = "25,40" [...] etc As coordinate (lat/lon) are too many, i need to truncate lat/lon array eliminating the values that doesn't fill in the map bound (the visible part of map on screen). Map bounds are 2 couple of coords lat/lon, upper left and lower right. Now, what is the best way to loop on this array (NOT SORTED) and check if a value is or not in bound and after remove the value that is outside? To return a clean array that contains only the coords visible on screen? Note: the coords array is a very big array. 4000/5000 couple of items. This is a method that should be looped every drag or zoom. Anyone have an idea to optimize search and controls in this array? many thanks, A

    Read the article

  • Is it good practice to analyse who introduced each bug?

    - by Michal Czardybon
    I used to analyse performance of programmers in my team by looking at the issues they have closed. Many of the issues are of course bugs. And here another important performance aspect comes - who introduced the bugs. I am wondering, if creating a custom field in the issue tracking system "Blamed" for reporting the person who generated the problem, is a good practice. One one hand it seems ok to me to promote personal responsibility for quality and this could reduce the additional work we have due to careless programming. On the other hand this is negative, things are sometimes vague and sometimes there is a reason such us "this thing had to be done very quickly due to a client's...". What to you think?

    Read the article

  • Is there a variable width font that does not change width when adding effects like bold, italic?

    - by George Bailey
    NetBeans has a word wrap feature now - but if the font changes width when bold then it gets all jumpy and sometimes hard to work with. Edit: It turns out that even with Courier New that NetBeans word wrap still jumps up and down lines at a time at random. I guess that this question no longer cares for an answer. However,, it seems that there is no answer. (at least nobody has brought one up yet) I am currently using Comic Sans MS which gets wider when bold.

    Read the article

  • install qutecom cannot find msg722.so file, how to solve the problem?

    - by weixi
    I build the qutecom-3.0 on ubuntu 11.04, during install process, It shows: CMake Error at /home/student/qutecom-3.0/build/qutecom/src/presentation/qt/cmake_install.cmake:122 (FILE): file INSTALL cannot find "/home/student/qutecom-3.0/build/bin/plugins/mediastreamer2/msg722.so". Call Stack (most recent call first): /home/student/qutecom-3.0/build/qutecom/src/cmake_install.cmake:37 (INCLUDE) /home/student/qutecom-3.0/build/qutecom/cmake_install.cmake:38 (INCLUDE) cmake_install.cmake:49 (INCLUDE) make: *** [install] Error 1

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 93 94 95 96 97 98 99 100 101 102 103 104  | Next Page >