Posts

Showing posts with the label design-patterns

When apply observer pattern an error occured

Image
When apply observer pattern an error occured I have the following code: class ISubscriber; class News { public: float getVersion() { return this->version; } void setVersion(float state) { this->version= state; this->notifyAllSubscribers(); } void attach(ISubscriber *observer) { this->subscribers.push_back(observer); } void notifyAllSubscribers() { for (vector<ISubscriber*>::iterator it = subscribers.begin(); it != subscribers.end(); it++){ (*(*it)).update(); } } private: vector<ISubscriber*> subscribers; float version; }; class ISubscriber { public: News *news; virtual void update() = 0; }; class Subscriber1 : public ISubscriber { public: Subscriber1(News *news) { this->news = news; this->news->attach(this); } void update() override { cout << "Subscriber1: A new version of the newspaper has been launched (v" << this->news->getVersion() << ")...
-
Read more

What pattern to check on an SQL query for possible injection?

What pattern to check on an SQL query for possible injection? I want to detect possible SQL injection atack by checking the SQL query. I am using PDO and prepared statement, so hopefully I am not in the danger of getting attacked by someone. However, what I want to detect is the possibility of input/resulting query string that may become a dangerous query. For example, my app--properly--will never generate "1=1" query, so I may check the generated query string for that, and flag the user/IP producing that query. Same thing with "drop table", but maybe I can check only by looping the input array; or maybe I should just check to the generated query all over again. I am using MySQL, but pattern for other drivers are also appreciated. I have read RegEx to Detect SQL Injection and some of the comments are heading in this direction. To my help, I'm developing for users that rarely use English as input, so a simple /drop/ match on the query may be enough to log the use...
-
Read more