In Delphi, if there was an exception during construction of an object: any allocated memory would be released and an exception would be thrown. For example, the following was guaranteed to either return a valid Camera object, or throw an exception: Camera c = new Camera(); You never had to check the resulting variable for null: Camer...
For C++ development for 32-bit systems (be it Linux, Mac OS or Windows, PowerPC or x86) I have initialised pointers that would otherwise be undefined (e.g. they can not immediately get a proper value) like so: int *pInt = reinterpret_cast<int *>(0xDEADBEEF); (To save typing and being DRY the right-hand side would normally be in a ...
The company that I work for is redeveloping an in-house product for external use. The product will initially be developed in C# using WPF, then ported to Silverlight. One of the focus points is coding against malicious attacks e.g. SQL injection etc. Questions: Can anyone recommend URLs pointing to articles on security 'best practic...
I’m from a .NET background and now dabbling in Java. Currently, I’m having big problems designing an API defensively against faulty input. Let’s say I’ve got the following code (close enough): public void setTokens(Node node, int newTokens) { tokens.put(node, newTokens); } However, this code can fail for two reasons: User passe...
I need to store sensitive information (a symmetric encryption key that I want to keep private) in my C++ application. The simple approach is to do this: std::string myKey = "mysupersupersecretpasswordthatyouwillneverguess"; However, running the application through the strings process (or any other that extracts strings from a binary ap...
Hi, I'm fond of defensive programming. I hate exception throwing, but this is not the subject of my question. I adapted an extension to linQ to be able to perform an order by with a column name public static IEnumerable<T> OrderBy<T>(this IEnumerable<T> list, string sortExpression) With defensive programming, this method ret...
I am working on my first asp MVC project that will ultimately end up on a publicly accessible web server (I have worked on some internal apps in MVC). What techniques, practices should I be thinking about (specific to MVC or otherwise) to improve security. Off the top of my head obviously there is the AcceptVerb attribute for actions an...
Possible Duplicate: Defensive programming We had a great discussion this morning about the subject of defensive programming. We had a code review where a pointer was passed in and was not checked if it was valid. Some people felt that only a check for null pointer was needed. I questioned whether it could be checked at a high...
Possible Duplicate: Favorite (Clever) Defensive Programming Best Practices I am always advised by some programmers to pay concentration to easy debugging. What is defensive programming and to which extend should it be considered while practicing? And one more important question: is there any key things to consider while coding...
I hate writing code that makes my software more solid. This is something the framework should have done! So, is anybody aware of a code "enhancing" utility that solidifies the code? If I had to create something like this myself, it would work as follows: When you're compiling your code with a Debug flag, it would auto-magically add "sol...
I've seen defensive copies coded like this void someMethod(Date d) { myDate = new Date( d.getTime() ); } But that doesn't make sense to me, isn't there a way in Java to create an Identical copy in memory of that object? I've read the clone() will not work in all instances, but I don't understand why ...
I'm fairly certain my professor will ask me why I chose to use MVC for my web application. Truth be told, I'm new to MVC. I read about it, I'm building a blog application using it, I think it's very logical to approach a problem this way. But why? O_O I draw a blank. How is better suited than say, building an N-tier application? ...
What is the best way to get meaningful file access error messages, in a portable way from std::fstreams ? The primitiveness of badbits and failbits is getting to be bit annoying. I have written my own exception hierarchies against win32 and POSIX before, and that was far more flexible than the way the STL does it. I am getting "basic::i...
I have read about how the fail-fast style of programming in languages like Erlang end up with much shorter programs than the defensive style found in most other languages. Is this correct for all types of programs and what is the reasoning for this? ...
What would be a good way to report errors in JavaScript instead of relying on nulls, and undefineds when errors do occur and a function is unable to proceed forward. I can think of three approaches: do nothing throw an exception assert Here's a simple example scenario - a function that credits a user account with the amount passed in...
As per the title really, just what can be done to defeat key/keystroke logging when authenticating access? I have just posted a related question (how-to-store-and-verify-digits-chosen-at-random-from-a-pin-password) asking for advice for choosing random digits from a PIN/password. What other reasonably unobtrusive methods might there be?...
For my data structures project, the goal is to read in a provided file containing over 10000 songs with artist, title and lyrics clearly marked, and each song is separated by a line with a single double quote. I've written this code to parse the text file, and it works, with a running time of just under 3 seconds to read the 422K lines...
In the application development there is a concept of defensive programming. How to implement defensive programming techniques and writing robust code using Transact-SQL? ...
I usually loop through lines in a file using the following code: open my $fh, '<', $file or die "Could not open file $file for reading: $!\n"; while ( my $line = <$fh> ) { ... } However, in answering another question, Evan Carroll edited my answer, changing my while statement to: while ( defined( my $line = <$fh> ) ) { ... } Hi...
Hi, I know that pretty much every programming language has a method to check the existence of a file or directory. However, in my case, a file is made which stores program settings. If it does not exist (ie !File.Exists or Directory.Count == 0 where Directory is the containing directory of the file), then prompt for some settings to be...