...ould you still use the X-User for a mobile API where the risk of having an evil proxy (that strips off the header) is still high ? – Vasile Cotovanu Feb 14 '12 at 7:50 1 ...

...em? You are caching on the client-side a username and password. This gives evil.ru a better crack at it - even the most basic of XSS vulnerabilities could result in the client beaming his username and password to an evil server. You could try to alleviate this risk by hashing and salting the passwor...

... @Yura: no. It's got to be global. You can, however, do evil things such as setting a global authenticator which pulls the credentials out of thread-local variables, and set the credentials per thread before making the HTTP connection. – David Given ...

... as well as CRAN authors, excptions like Hadley notwithstanding); dots are evil too because they can get mixed up in simple method dispatch; I believe I once read comments to this effect on one of the R list: dots are a historical artifact and no longer encouraged; so we have a clear winner still st...

... The first comment in the related blog post indicates the evil side of the static methods :) So using private final Logger is the best practice I guess. – Bahadir Tasdemir Feb 26 at 6:52 ...

... to my friends. I believe cookies are the solution. But wait, cookies are evil, aren't they? No, they're not, the way cookies are often used is evil. A cookie itself is just a piece of client-side information, just like the HTTP authentication info that the browser would keep track of while you bro...

...e it to get rid of XSS, so basically I expect a plain text input, but some evil person could try to send me some HTML. Using Jsoup, I can remove all HTML but, unfortunately it also shrinks many spaces to one and removes link breaks (\n characters) – Ridcully Ju...

... sure, you could for example use evil(parse(...)), but I believe do.call is the right call here. – baptiste Jan 28 '13 at 23:35 ...

... I believe the "enums are evil" comment is out of place but has a basis in reality. I do find that enums can be a problem is overused, as they sort of lock you in to certain contexts and behaviors. – Ed Schwehm M...

... ... did some testing looks like I want EscapeDataString for a URI parameter. I tested with the string "I heart C++" and EscapeUriString did not encode the "+" characters, it just left them as is, EscapeDataString correctly converted them...