policy

Accessing iframe elements across different domains

I understand that cross site scripting (xss) is not good and is not supported in most browsers. However, I am building a page to be used only by about 3 or 4 people within my company. On this page I have a frame from another domain and I need the parent page to be able to access the values within that frame. So my question is, is ther...

How to restrict .Net Assembly to Run on Particular Machines

We have a server application that we want to restrict non-users from triggerring it off from other machines or even by double-clicking from any share. However, it should be easy for dev's to run it on their boxes. What are the various ways to enforce this policy? ...

Project / code release strategy

Context: I work at a small software company that has traditionally done research-type work, and does not have much experience in the commercial space. We are now trying to push into the commercial world. Due to our origins in research we are used to a very rapid development cycle and very little structure in terms of maintaining proper v...

Default values for all null columns

Is there any merit in creating a policy that requires developers to specify default values for all null columns? ...

How to remove the Override checkbox from TFS 2008 check ins with policy failures

In short, I want to stop our devs from overriding policy failures on check in. If I can't do that then I want to modify the Reason text box to look for something more than just a single character being typed in. ...

How to prevent others to embed my flash?

I have a flash file developed with Flex/ActionScript and put it on www.domainA.com How can I prevent others to download my flash (*.swf) and to embed it in other web site (e.g. www.domainX.com) ? I can hard code it by checking if "loaderinfo.url" is the same as www.domainA.com, but it seems not a clever solution. can policy file be us...

Is there a TFS policy to allow only merges and not edits?

We have a baseline folder and development branches in TFS. We'd like to add a policy where changes can only be merged into the baseline from a development branch and not edited directly unless you override the policy. How can we do this? ...

Can i deny access to a jvm class by configuring java.policy file ?

I wanted to create add to my jdk6\jre\lib\security\java.policy file an interdiction to create some classes that are blacklisted by appengine. For example I want my local jvm to throw an exception when the application tries to instantiate javax.naming.NamingException. It is possible? I will try to explain my specific problem here. Googl...

Update Java security policy at runtime?

Is there a legal way to add/remove permissions to Java security policy at runtime? ...

How to make my PHP Socket Server send a policy file to flash clients?

My flash game needs to connect to my PHP Socket Server. Because of security things, a policy file has to be send to the flash client when it tries to connect. The following is what I've done. In Actionscript / Flex 3 / Flash: Security.loadPolicyFile("http://[SERVER.IP]:9000/crossdomain.xml"); socket.connect(hostName, port); //connect ...

Adobe Socket Policy File Server Problems

Has anyone been able to successfully implement a service to serve the required socket policy file to FlashPlayer? I am running the Python implementation of the service provided by Adobe at http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html and using the following policy file: <?xml version="1.0" encoding="UTF...

what should developers have access to?

i work at a place where we build applications that process and store sensitive data. we have 3 environments. Dev, UAT / QA (user acceptant testing) and Production the developers at my work have no access to UAT or Production and have limited access to Dev. All we can do in dev is connect to a dev DB server . we have no access to the de...

What guidelines should be followed for policies and procedures?

Our company, being rather small, doesn't have much in the way of policies and procedures for good development. When I first started, I developed some, but we now need to update these in a more formal manner. Since I don't have much experience in writing policies (I've written plenty of instruction sets, so I'm not as worried about the ...

Do custom check-in policies have to be deployed on the server at all?

I'm asking this question because I haven't seen it documented anywhere. We are using a combination of Team Foundation Server 2008 and Team Explorer 2005. Is it possible to deploy a custom check-in policy that works in such an environment ? Obviously, the custom check-in policy contains some code that must run on the client-side (in ord...

Bouncycastle Install Provider Programmatically

Is it possible to install Bouncycastle provider programmaticly without modifying security policy file? ...

What are the most commonly use web development policies in software companies?

Having the best forum website among developers, I think I will find a very good consensus of what policies and best practices make good coding. I will put some of them here, so I give the idea, but I will like to hear your opinion and the votes will probably be the judge of the best policies around. Specific Indentation for coding be...

Policy on maintenance releases vs normal releases?

My company is struggling with the question of maintenance releases versus "normal" releases, in the context of an application installed on-site at large organisations who pay for support. First let me define my terms: Imagine we've released versions 1.0, 1.1, and 1.2 of the product. These are what I call "normal" releases, i.e. they ar...

How do you prevent hired developers from stealing code?

I'm in the process of opening up a company that will eventually hire 2-5 developers to work on a large web app. My main concern is that one or more developers could steal the code. I could make them sign contracts against this type of thing, but I live in a country where the law is "bendable". Is my only option to lock them up in a ro...

C# Socket Policy File Server for low-level AS3.0 socket connections?

How do I go about making a socket policy file server in C#. All it has to do is listen on port 843 for the string "<policy-file-request/>" followed by a NULL byte and then return an XML string (which is the socket policy file). I haven't coded this sort of thing before and am unsure of where to start. Do I create it in a windows service...

Commercial version control

My boss wants me to think about what to use for version control. I am a big fan of subversion, bazaar, mercurial, etc. However, we have a policy at our shop to not use open source tools! Does anyone know of any good commercia/proprietary version control tools? We are a .NET shop and I know about Visual SourceSafe. However, I have heard ...