- Padmanabham Jijjavarapu added an answer:1Why is it necessary to keep the antiforgerytoken in the IIS server after it is consumed by the HTTP POST request?
In MVC application, to prevent cross-site request forgery attack AntiForgeryToken is used. On each page refresh, new token is generated. But interesting thing is, if we duplicate the same web page in multiple tab in same browser(i.e each page will have same token value inside the form) and submit the form from all opened tab one by one, all the HTTP POST will be successful. This mean, the server is still validating the HTTP POST request even after the token value is already consumed.
Your application can be vulnerable to cross-site request forgery (CSRF) attacks not because you the developer did something wrong (as in, failing to encode outputs leads to Cross-site scripting), but simply because of how the whole Web is designed to work.
Assuming you’re using Windows authentication or some kind of cookie-based authentication system such as Forms Authentication, the automated form post will be processed within the victim’s established authentication context, and will successfully update the victim’s email address to something under the attacker’s control. All the attacker has to do now is use your “forgotten password” facility, and they’re taken control of the victim’s account.
Of course, instead of changing an victim’s email address, they can perform any action that the victim can perform with a single POST request. For example, they might be able to grant administrative permissions to another account, or post something defamatory to a CMS.
The core ASP.NET MVC package includes a set of helpers that give you a means to detect and block CSRF using the “user-specific tokens” technique.
To use these helpers to protect a particular form, put an Html. Anti Forgery Token into the form. At the same time, Html. Anti Forgery Token will give the visitor a cookie with the same value as the random hidden value shown above. To validate an incoming form post, add the Validate Anti Forgery Token filter to the target action method.Following
- Tara Athan added an answer:12Has it been proved in the literature that a tree-like structure built from a given monad is itself a monad?
For a particular application area, I found a need for a "monadic tree", defined essentially as follows:
Let M be a monad (as in functional programming).
Let an MTree[E] be the least fixed point (in N) of N[E] = M[E or N[E]], where "or" is shorthand for an Either bifunctor.
For example, if M is Set, then SetTree = Set[E or SetTree[E]] is a model of a tree of arbitrary, but finite, depth and arbitrary (possibly infinite) breadth where there is no order among branches, and all the leaves are of type E.
I have not found any mention of this monad among the references I am familiar with, or through googling. I needed to be sure it was a monad, so I wrote a proof of the monad laws for myself and also tested the monad laws through some implementations . But I find it hard to believe that no one has created this monad before. Is there a publication already in the literature proving that this recursive definition does generate a monad from any other monad?
Also, my proof is only applicable to M-trees of finite depth, and I am curious about the infinite depth trees that could be generated from this recursion. But I am not familiar with the category-theoretical methods that might be used to investigate it.
L(X) -> L(L(X)) is a function signature. There a lot of different functions that satisfy this signature. Some of them can be created by applying the functor to a function of type X-> L(X). That would be the case for f = L(unit). In the case of L=List, then f([1, 2, 3]) = [, , ]. True. But there are lots of other functions of type L(X)->L(L(X)). Here's one
g([1, 2, 3]) = []. g takes a List[A] and makes a List[List[A]] from the first element only, or the empty list if there is no first element. If L is ListTree, then there are similarly a bunch of functions of type ListTree(X) -> ListTree(ListTree(X)). Consider this one: take all the leaves fo the ListTree that are at the, say, second level down from the top, collect them, in order, in a List, cast that to a ListTree of depth zero (i.e. all leaves are at the top level) and then wrap that in another ListTree.
I'm not seeing how a function such as this (which explicitly makes use of the ListTree structure, as in depth) can be compared to the functions of type List(X) -> LIst(List(X)).
Not sure where you are really going with this. The whole point of creating these structures in the first place was to capture things which are NOT possible with the original monad. Ordered finite trees (ListTrees) are a richer category than Lists. Why would we want to prove otherwise?Following
- Channing Walton added an answer:6What are the differences between conventional software development and web software development?
Just to know the extent to which these two are same and different. What parameters make them different etc.
There are a number differences mostly related to scale, performance, security, resilience, failover, uptime and so on. Systems developed for small numbers of users or install bases often do not need to meet those kinds of demands, whereas web systems must meet them all.
Furthermore, web apps need to meet usability constraints far in excess of most other kinds of apps: every kind of device, browser, platform, not to mention languages and input methods.
Web apps often need to cope with enormous variations in load too. For example, online betting systems often cope with spikes 2-3 orders of magnitude larger than their everyday normal use. Being able to spin up and down servers automatically on demand is a must.
Whilst some answers here correctly identity that the lead time from idea to delivery can be quite short on the web, other kinds of apps are adopting the same practices to allow them to be competitive and responsive as a business. For example, banking applications need to be robust and respond to rapid changes in business demand.Following
- Maya Daneva added an answer:14How can I measure size of software system by number of functions?
In Procedural Programming structure a problem is divided into smaller sub-problems or sub-procedures which can be called as function. A software can be small, medium, large, extra large, ultra large etc. Is there any standard to measure the size of a system by number of functions? Can anyone give me some reference of surveys on it? For example 5-10 function(small), 10-50 functions(medium), 200+ function(extra large).Following
- Yusen Dong added an answer:4What is the best software package for Phase_Unwrapping of InSAR Interferogram?
I use NEST software From ESA "https://earth.esa.int/web/guest/home;jsessionid=9944AA626F7C6F2942DD3DC2027427BC.eodisp-prod4040"
for DInSAR processing but I encountered some problems in Phase Unwrapping of the produced interferograms.
These problems represented in installing and compiling SNAPHU "http://web.stanford.edu/group/radar/softwareandlinks/sw/snaphu/"
on Linux Ubuntu
ROI_PAC is enough for the InSAR processing.Following
- Gheorghe Sebestyen added an answer:4Can we use adaptive fuzzy logic controller to deal with discrete variables?
adaptive fuzzy logic controller has been selected to solve a prediction problem - the variables are discrete - and contains time - day with other contextual data -
is it possible to use fuzzy logic controller with discrete variables and can we use it alone?
In a computer any variable is discrete, even if it represents real-life continuous (in other words analog) signals or parameters. So, if you implement Fuzzy logic in a computer automatically you have to work with discrete values. The question is how discrete, or how many discrete values represent the variation of a parameter in a given domain. It may go from just two values (a Boolean variable) to a very high granularity where the discrete variable models very well the real-world continuous parameter.
As a conclusion, yes you can use Fuzzy logic for discrete parameters if the granularity (number of discrete values) of the discrete parameter is enough to model your problem.Following
- Gyan Chandra Chauthwani added an answer:2How do I call the nlconst.m function within other functions using the function handler under MATLAB?
I am using nlconst.m for constrained minimization of given function. but when i call nlconst() with some points as inputs arguments, i get error "OPTIONS is undefined". What OPTIONS can be used in this? furthermore, what about other input arguments? whether i have to give each and every arg or can i skip any input args?
I am using MATLB-R2014a, In which nlconst.m exist and one should use it properly as
Actually used for (as quoted in nlconst.m)
%NLCONST Helper function to find the constrained minimum of a function
% of several variables. Called by FMINCON, FGOALATTAIN, FSEMINF, and
No help file exist for nlconst.m
hope it may help.Following
- Lothar Schmitz added an answer:9Do you know any good publication about recursive algorithms for a functional programming?
I study functional programming with Scala, but I have a problem with the recursive algorithms because they are difficult to approach.
Another natural place to look at would be Martin Odersky's Coursera course:
Martin Odersky of École Polytechnique Fédérale de Lausanne is the inventor of Scala.I have worked through this course and can recommend it very much.Following
- Peter Bishop added an answer:6Does anyone know of real industrial projects which have used formal proofs to show that an application will work?I am writing a new computing course and need some examples I can point students to. People talk about using functional programming arguing that it will allow programmers to build formally provable software. That was what I was told about 20 years ago and I was wondering if any real software had been built in a functional language then mathematically proved to be correct? Are there any examples I could point at? Particularly something people would have heard of, if possible.
The B method has been used for rail safety systems, see
- Pavel Velikhov added an answer:2How can machines learn multiple abstract syntax trees from the same encoded syntax in a polyglot functional programming language?
A question on the frontiers of poly-normalized programming paradigms !
You need to state your problem a bit more specific. Let me try to rephase:
Your input are ASTs of your source languages, but in a polyglot system. So in principle each could come from a different language, but you don't know which. Your goal is to label the which AST came from which language?Following
- Lito Perez Cruz added an answer:18Is there a software engineering methodology for functional programming? What method do you use to craft software using functional languages?It is a well established fact that for OO languages there is the Unified Software Development Process/RUP. I am looking for a discipline/method that is appropriate for building software using functional programming.
Thanks so much Jan, that is a nice touch on FP.
- Sushma Singh added an answer:7Can anyone help with voice operation or function programming in MATLAB or Visual studio?
Voice tool in MATLAB or in Visual Studio. How to implement voice operation using any of two?
Thank Ion Laurentiu Tobos SirFollowing
- Muhammad Sharif added an answer:27What are the advantages and disadvantages of functional programming?When would you use functional programming? What criteria do you use to decided if functional programming is a better choice?Advantages include:
1. Easier to use subprograms. A subprogram's function is completely described by what goes in and what comes out.
2. Most functional languages provide a nice, protected environment.
3. FP encourages quick prototyping.
4. Functional programming enables and encourages a more abstract way of solving a problem.
5. A more "mathematical" programming way. You build a program as a mathematical abstraction. The result is less prone to error, cleaner, more elegant and more functional.
6. Compared to imperative programming, in functional programming you have less chance of creating "spaghetti code" programs.
1. Generally more difficult to pick up for new coders.
2. Functional idioms often do lots of laziness which often has a negative impact on debugging.
3. It doesn't match the hardware as well as most imperative languages.
4. The main disadvantage is run-time efficiency. For certain problems, there are well-known mutating algorithms that are significantly more efficient than the best known functional algorithm for that problem. Dijkstra's shortest-paths algorithm is a good example.Following
- Simon Andreas Frimann Lund added an answer:4Does anyone know NESL?I just came across this library of algorithms: http://www.cs.cmu.edu/~scandal/nesl/algorithms.html and found the code to be written in NESL, which until then I have never heard of. It turns out, that it is a functional parallel programming language with bindings to MPI. At least that's what the website states (http://www.cs.cmu.edu/~scandal/nesl.html).
The newest version of the interpreter/compiler is from 1995 (sic!). I tried to build it and got the interpreter to work. It is based on lisp (SIC!). I did not get the compiler to work though...
Does anyone have experience with this language? Any hints on how to use it on modern hardware/software is appreciated.Recent work has been carried about in the context of NESL, have a look at:
- Angel Javier Alvarez Miguel added an answer:4Do you think that the functional language Erlang should be avoided from the start to be used in a new research project on the distributed systems?I have recently proposed, in a competition of research projects, the development of an application in the field of distributed systems using functional Erlang language. Here is what the one of the reviewers said :
"Unfortunately the innovative character claimed to be the implementation using the Erlang language turns this work into a simple academic exercise targeted at training Erlang programmers. Erlang graphics toolkits are primitive, and reading any non-trivial Erlang code requires a firm understanding of recursion, a kind of abstract thinking that many people find difficult. Erlang is also lacking in libraries compared to other languages; in my experience, for any given task, there is zero, one, or at most two Erlang libraries available for the job."
You agree in principle with this answer? How do you comment?Following
- Sergey I. Salishev added an answer:6Do you think that it is possible to have a hardware extension to ease the execution processor code for functional languages (such as Erlang)?ARM has introduced a set of extensions to the ARM architecture that will allow an ARM processor to directly execute Java bytecode: Jazelle (ARM Architecture Extensions for Java Applications). What do you think of a processor to facilitate code execution for functional languages (such as Erlang)?I think the problem might be even worse than described by Pierre. Performance of current microprocessor architectures are heavily dependent on data and code caching, prefetching and pipelining of computations. Direct implementation of functional computations breaks all these optimizations. So the tight loop computations should be eager imperative register-machine code to be efficient. On the coarse grain level functional computations just don't need hardware support as JIT and even good static compiler can compile them to efficient register-machine code.
Java is not exactly functional but it's stack-machine Java Byte Code was initially planned as microprocessor instruction. This idea has proved to be infeasible due to incompatibility with pipelined code execution crippling the potential efficiency of the hardware Java processor. Java Byte Code only works out with a good complex JIT. For example Android Dalvik VM forgo JBC for register machine code to avoid JIT complexity problem.
Moreover, hardware/software trade-of is a very subtle matter as hardware always has limited flexibility and capacity. So it is usually more efficient to move all complex code analysis tasks to software (compiler/JIT). One example is the removal of hardware x86 emulation from Intel Itanium and replacing it by software binary translation from x86 to IA64.Following
- Peter T Breuer added an answer:5What's the difference between Theta-combinator and Y-combinator?Theta-combinator: \Theta \equiv (\lambda xy. y(xxy))(\lambda xy. y(xxy))
Y-combinator: Y \equiv (\lambda f. (\lambda x. f(xx))(\lambda x. f(xx)))
What's the difference between them? In what sense do you say Theta combinator is more powerful than the Y combinator?
In a reduction path, how can I distinguish beta-reduction and beta-equivalence of terms?Following
- Joachim Pimiskern added an answer:1Is FP really a programming language?The language designed by John Backus and described in his famous paper "Can programming be liberated from the von Neumann style?" named FP (Functional Programming). Is it really a programming language or just a model? Is there any good manual about it. I haven't found anything.Following
- Rajesh Ahir asked a question:OpenWhich software is there on which we can implement the ranked tree and unranked tree automata? How do I measure the XQuery evaluation time?XQuery is related to XML database.Following