http://www.theserverside.com Most recent forum messages en Jive Forums Silver 5.5.30 (www.jivesoftware.com) Wed, 19 Jun 2013 10:34:32 -0400 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Mon, 21 Mar 2011 06:25:58 -0400 Mon, 21 Mar 2011 06:25:58 -0400 Mon, 21 Mar 2011 06:25:58 -0400 Mar 21, 2011 Blog Writer 0 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 ...]]> Wed, 04 Aug 2010 20:37:31 -0400 Wed, 04 Aug 2010 20:37:31 -0400 Wed, 04 Aug 2010 20:37:31 -0400 Aug 4, 2010 JamieCollins 0 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Fri, 26 Feb 2010 12:11:16 -0500 Fri, 26 Feb 2010 12:11:16 -0500 Fri, 26 Feb 2010 12:11:16 -0500 Feb 26, 2010 Eelco Hillenius 0 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Tue, 23 Feb 2010 23:17:54 -0500 Tue, 23 Feb 2010 23:17:54 -0500 Tue, 23 Feb 2010 23:17:54 -0500 Feb 23, 2010 kyaw naing 0 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 I agree that unforeseen / runtime exceptions should be processed at the application entrypoint ... and this means checking for java.lang.Throwable, nothing else. Everything else checked should generally be a very specific...]]> Tue, 23 Feb 2010 14:15:52 -0500 Tue, 23 Feb 2010 14:15:52 -0500 Tue, 23 Feb 2010 14:15:52 -0500 Feb 23, 2010 James Watson 0 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Building a SQL statement dynamically with Strings and then dumping it into a PreparedStatement accomplishes nothing from a security perspective....]]> Tue, 23 Feb 2010 14:07:30 -0500 Tue, 23 Feb 2010 14:07:30 -0500 Tue, 23 Feb 2010 14:07:30 -0500 Feb 23, 2010 James Watson 0 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 This one is also questionable:

http://cwe.mitre.org/top25/?#CWE-754

I actually disagree at least in part with solution:

"If using exception handling,...]]> Tue, 23 Feb 2010 13:55:15 -0500 Tue, 23 Feb 2010 13:55:15 -0500 Tue, 23 Feb 2010 13:55:15 -0500 Feb 23, 2010 Erik Klein 1 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Tue, 23 Feb 2010 13:51:27 -0500 Tue, 23 Feb 2010 13:51:27 -0500 Tue, 23 Feb 2010 13:51:27 -0500 Feb 23, 2010 Erik Klein 1 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 I'm not sure how they align with the list in the article, but I continue to see problems with code making the leap from "single-user-mode" on a developer's desktop to more realistic multi-user testing on a server....]]> Tue, 23 Feb 2010 12:31:54 -0500 Tue, 23 Feb 2010 12:31:54 -0500 Tue, 23 Feb 2010 12:31:54 -0500 Feb 23, 2010 James Watson 0 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Tue, 23 Feb 2010 01:40:24 -0500 Tue, 23 Feb 2010 01:40:24 -0500 Tue, 23 Feb 2010 01:40:24 -0500 Feb 23, 2010 Andrew Lombardi 1 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Mon, 22 Feb 2010 21:13:01 -0500 Mon, 22 Feb 2010 21:13:01 -0500 Mon, 22 Feb 2010 21:13:01 -0500 Feb 22, 2010 Joe Parks 1 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Not sure whether these are just design issues.
Get yourself a tool such as Fiddler and try to be mischievous.
It's amazing what you can do when you break the 'intended' boundaries of your application....]]> Fri, 19 Feb 2010 16:24:30 -0500 Fri, 19 Feb 2010 16:24:30 -0500 Fri, 19 Feb 2010 16:24:30 -0500 Feb 19, 2010 James Watson 1 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Fri, 19 Feb 2010 15:30:53 -0500 Fri, 19 Feb 2010 15:30:53 -0500 Fri, 19 Feb 2010 15:30:53 -0500 Feb 19, 2010 Ingo Boegemann 2 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Fri, 19 Feb 2010 15:18:13 -0500 Fri, 19 Feb 2010 15:18:13 -0500 Fri, 19 Feb 2010 15:18:13 -0500 Feb 19, 2010 Ingo Boegemann 0 http://www.theserverside.com/discussions/thread.tss?thread_id=59479 Fri, 19 Feb 2010 15:03:14 -0500 Fri, 19 Feb 2010 15:03:14 -0500 Fri, 19 Feb 2010 15:03:14 -0500 Feb 19, 2010 James Watson 2