|
sql = "SELECT COD_GCIA FROM GerenciasWEB WHERE COD_GCIA = '" & .COD_GCIA & "'"
SQL injection anyone?
|
|
|
|
|
This was done to read a file like this (That he designed also):
1 CONNECT=PROVIDER=SQLOLEDB.1;driver={SQL Server}
2 server=BGHLOCALES
3 uid=sa
4 pwd=408603222608533
5 database=LCR
6 Connect timeout=30
7 CommandTimeout=550
On Error GoTo h_err_con
If tIdd = -1 Then
'Conect a SS
i = 0
tmp = App.Path + "\Bases.ini"
If Dir(tmp) = "" Then
MensajeBOX "Error en configuración. Falta archivo: " & tmp, vbCritical, "Control de entorno"
Exit Function
Else
strConnect = ""
Open tmp For Input As #1
Do While Not EOF(1)
Line Input #1, tmp
If i = 0 Then
tmpPos = InStrRev(tmp, "1 CONNECT")
If tmpPos > 0 Then
strConnect = Trim(Mid(tmp, tmpPos + 10)) & ";"
i = 1
End If
Else
If i = 1 Then
tmpPos = InStrRev(tmp, "2 server")
If tmpPos > 0 Then
strConnect = strConnect & Trim(Mid(tmp, tmpPos + 2)) & ";"
i = 2
End If
Else
If i = 2 Then
tmpPos = InStrRev(tmp, "3 uid")
If tmpPos > 0 Then
strConnect = strConnect & Trim(Mid(tmp, tmpPos + 2)) & ";"
i = 3
End If
Else
If i = 3 Then
tmpPos = InStrRev(tmp, "4 pwd")
If tmpPos > 0 Then
' tmpCr = CodificarLI("XVB2S45AF", 1)
' tmpCr = DeCodificarLI(tmpCr, 1)
tmpCr = DeCodificarLI(Trim(Mid(tmp, tmpPos + 6)))
strConnect = strConnect & "pwd=" & tmpCr & ";"
i = 4
End If
Else
If i = 4 Then
tmpPos = InStrRev(tmp, "5 database")
If tmpPos > 0 Then
strConnect = strConnect & Trim(Mid(tmp, tmpPos + 2)) & ";"
i = 5
End If
Else
If i = 5 Then
tmpPos = InStrRev(tmp, "6 ")
If tmpPos > 0 Then
strConnect = strConnect & Trim(Mid(tmp, tmpPos + 2)) & ";"
i = 6
End If
Else
If i = 6 Then
tmpPos = InStrRev(tmp, "7 ")
If tmpPos > 0 Then
strConnect = strConnect & Trim(Mid(tmp, tmpPos + 2)) & ";"
i = 7
End If
Else
If i = 7 Then
tmpPos = InStrRev(tmp, "8 ")
If tmpPos > 0 Then
strConnect = strConnect & Trim(Mid(tmp, tmpPos + 2)) & ";"
i = 8
End If
Else
End If
End If
End If
End If
End If
End If
End If
End If
Loop
Close #1
If strConnect = "" Then
MensajeBOX "Error en configuración. Error en archivo: " & "Bases.ini", vbCritical, "Control de entorno"
Exit Function
End If
End If
Set db = New ADODB.Connection
db.ConnectionTimeout = 30
db.CursorLocation = adUseClient
db.Open strConnect
And of course, this piece of code was used in every aplication that used a conection with a sql server.
|
|
|
|
|
I'd be careful about posting chunks of code large enough to be readily recognized. If a clueful coworker discovers them you could end up in serious trouble.
--
If you view money as inherently evil, I view it as my duty to assist in making you more virtuous.
|
|
|
|
|
Don't worry, we are only 2 in the development sector, me and my boss, and obviously he doesn't read The Code Project.com!
Anyway, i am really tied of working with someone like this, i see no future here, and i am actually looking for another job.
|
|
|
|
|
Burnsys2 wrote:
Don't worry, we are only 2 in the development sector, me and my boss, and obviously he doesn't read The Code Project.com!
You'd better hope that this continues. This site is rather famous you know, and google does tend to return results from here. I assume he does use google.
Deja View - the feeling that you've seen this post before.
|
|
|
|
|
That would be Seinfeld-worthy stuff!
|
|
|
|
|
Pete O`Hanlon wrote: and google does tend to return results from here. I assume he does use google.
I don't think that codeproject forum is google-friendly.. I do a lot of googling everyday but I never saw any post of the codeproject *forum* in google result.. I did suggest about that once and I think cp guys are working on that thing now.
|
|
|
|
|
Michael Sync wrote: I do a lot of googling everyday but I never saw any post of the codeproject *forum* in google result
Not so much the forums as the site itself - and from there, just a quick click to the forums, and then a quick boot out of the door for the OP.
Deja View - the feeling that you've seen this post before.
|
|
|
|
|
Oh yeah, I'd hire you in a flash. Especially as you have total respect for your line manager and are completely discreet when it comes to the publishing of in house code
The only thing unpredictable about me is just how predictable I'm going to be.
|
|
|
|
|
please tell me that the code that has been published doesn't contain an sa password aswell?
|
|
|
|
|
The database server doesn't exists anymore, and the sa psw is encripted in the code!
|
|
|
|
|
Holy cow!! That really is remarkable!
|
|
|
|
|
Well, having just read this post properly, I really hope you've changed the details of servers and passwords in here. I really really hope you wouldn't be so daft as to tell people what your servers were called and what their passwords are.
Deja View - the feeling that you've seen this post before.
|
|
|
|
|
It's ok, the server doesn't exist anymore and the password is encrypted.
|
|
|
|
|
But you also posted the password decryption :P
|
|
|
|
|
Yheaaa! but without this public keys:
Public Const OLZ_A1 = "70535728307717681704418679379687594365276559462962642627828258989122699824531099671571010792842938309497402716166441417132632018588459026783728916362429566991832549143675051463540265249763936481547256254159365503910784575598312171033120536554828196745351470925387540464920329581692944278775276725833279292348253444820865875923354863419611926234144721991323454925340848267729933494169174254815442502261486888373029155222583687471968746178168020956679374611111747153562146747539907486371143402798806941732735439412643410187439554499721373928501351965590654469675704915223278454"
Public Const OLZ_A2 = "55175803297806790874112957969401161650401027648449188937327721442387613738865893513386252517340748427704081744374133713179155995249311986359905724867437524373952275820789116590239484444976833819324115619206950189947042287589821710115371897875872142528278793345558056202036573452425755420969399834080982517691336911102939553129803037408440726540956451225874459028668928361299876586026507985954417456949409498595361818281154254557844053160515932907757437316524759534687937948206090946516696095729588045563141517345327405776586580417972697319776249581211823922525716677753082715"
Public Const OLZ_A3 = "89223555352057621366383644218499776384854673648934114277354174437150172789728613085317917307494559331133276629682556019903160597671687625545056284135975158463371365151937961704342337021488445737582204686824146342480545362871255279632643636322121426124685860741524395828838952380251664983124871256606169859398226673983438321738921989687526545156461853655053745299616561532713198293632352359702657579993248176406249491396175868106573784384957541111431996027414764543942717503451392566436548842593851014147626134698451809852662322768403820871540605472123207892292295184136329757"
Public Const OLZ_B1 = "60545593767543895898172206054275950883625992115732559825649939410484512563342894248886929784995987574957219596708917849957123775314879389356308866927419126847697623198676890164936677446644570906768322723911403645180201081331749495589335645536899055855295365714779693640616826408081104038499824703048226319796109176508677156525282187762155396665797783143936975482496747181378314521997946151588462527256126285469834679025240635399316735973110136281056356420953820805372229574367335521136018411765442289596222580635314296553796227971992274273815921509342267835663156433943722699"
Public Const OLZ_B2 = "97237646896921513018010818164124547469404884394993562615438876157885391875639219144759797374898386088428779908726645179463471525646377259699732878851605931746361186088573995141958476289339237567656936922871867364851383541230464815117345321092193256649274778582175155199340822441304189474050643458823923798091573093765414463082802186319803508296942429223375988096196728288292026835341294659599507373846637658180559324863243947362319315192433818367975460569589899337261620588978796933364886119558863376213755752167654847557633321586444793986636644454431598973034296852855226241"
Public Const OLZ_B3 = "34254031399058583971972416382292137082684432654557827277259207159886674761648716493412781692683536342691255832162141703468506865905942645699366977537134526093938935425541080756687838558190205598635515485584397218850826628066285435392539783770145243943712966375929947709553253841315892371186841671332315984420693184916876069682345251642901215931713905286207987706635765299237880424585573801321309254718070671810947861782318907128771224329326977518105221573832245253288341896935093373604924906301612398082192335164012354398791564666487688334891984925430596751092659053643493373"
You can't do nothing!
|
|
|
|
|
Ok, his code is not up to your standard, but maybe that's why he becomes the boss. As a boss, he doesn't need to write good code. The worst boss could be someone who can actually write code and thinks he is much better at coding than his developers.
|
|
|
|
|
That's exaclly the problem!!! hehe, he actualy force me to work like him!
I had lengthy discussions with him for that.
Just for example, He keeps using Datatables against collection of custom objects, His reasons:
1: Datatables are fastest and lighter
1: I did a small benchmark code that loaded 10000 Customers to a datatable and to a collection of objects, Collection of objects loaded 3 to 5 times faster and consumed half the memory that datatable
So he switch his argument to:
2:Collection of object are not easily bindable!
2:So i created a collection that inherits BindingList, and showed him!
So he switched:
3:Collection of object are more insecure, becouse you can make mistakes when you fill them!
3:Customer.Name is always more secure that doing DTCustomers("Name")
So in his last chance hi sayd:
4:But collection of objects keeps the memory fragmented, while datatable is loaded in a single continuous block of memory
4:At that point i just say, ok, do whatever you want, you are the boss!!
Well, it's always like that. The other day i discused like 1 hour for this:
We was working on a project and he has done something like this
Dim MIObject as object
Do
If condition then MiObject = AnotherObject
Loop
MiObject.DoSomenthing
Of course the ide throws a warning becouse "MiObject" could be nothing. So tied of seen that warning, i replaced:
Dim MIObject as object by
Dim MIObject as object = Nothing
So, i spend 2 hour arguing with him, couse he was saying that "= Nothing" loaded the Class in memory and etc...
Or for example, i created a Class customer that we can use in every project, i pass the code to him, and when i get it back i see he made a Public Sub in a module like: "ChangeCustomerEmail(CusId as integer, Mail as String)", God Dammit!! for what the hell i did the customer class then?
So, this is how i work everyday, i am really tired.
|
|
|
|
|
Tell him you were in accident, and you now suffer from code amnesia, and all that you can remember is assembly and perl
|
|
|
|
|
Burnsys2 wrote: That's exaclly the problem!!! hehe, he actualy force me to work like him!
In that case, keep posting! Although it won't help you much.
|
|
|
|
|
Sounds like someone i used to work for. Every time i proposed creating a new class to put functionality in, i was met with "Don't create any new objects, instantiation is expensive and it will make the system inefficient." The net result was huge functions in huge code files and a flat packed inter dependant code structure.(Among other gems)
However, i now work for a company that encourages pragmatic design so all is well.
T
-------------------------------
Carrier Bags - 21st Century Tumbleweed.
|
|
|
|
|
Imagine: you would be the boss and he would be the programmer.
It is called the "Peter principles": to promote somebody to a position on which he cant do any harm.
Greetings from Germany
|
|
|
|
|
KarstenK wrote: It is called the "Peter principles": to promote somebody to a position on which he cant do any harm.
Is that what happened to me? My name's Peter. Oh wait - I have no principles.
Deja View - the feeling that you've seen this post before.
|
|
|
|
|
It is better to have principles, like a coding style. It helps to avoid mistakes and makes achieving greater goals easier: "Safety first" !! rules rockom bottom
My personal life experience is, that people more often get into trouble if they have to less principles.
Like: "Dont drink [to much] and drive"
Greetings from Germany
|
|
|
|
|
Another one from my boss! lol.
This is actually from a final production software developed by my boss a couple years ago, now we are going to .net and he told me to "Do the same that this module".
so here is part of the code:
tmpAdd = tmpAdd + Format(tmp5, "###,##0") + Chr(9)
tmpAdd = tmpAdd + Format(tmp6, "###,##0") + Chr(9)
tmpAdd = tmpAdd + Format(tmp3 + tmp5, "###,##0") + Chr(9)
tmpAdd = tmpAdd + Format(tmp4 + tmp6, "###,##0") + Chr(9)
mTotalesMSF(6) = mTotalesMSF(6) + tmp6 + tmp4
If tmp1 = 0 Then
tmpCero = 100
Else
If tmp3 + tmp5 = 0 Then
tmpCero = 0
Else
tmpCero = ((tmp3 + tmp5) / tmp1) * 100
End If
End If
tmpAdd = tmpAdd + Format(tmp3 + tmp5 - tmp1, "#,##0") + Chr(9)
tmpAdd = tmpAdd + Format(tmpCero, "#,##0") + "%" + Chr(9)
If tmp2 = 0 Then
tmpCero = 100
Else
If tmp4 + tmp6 = 0 Then
tmpCero = 0
Else
tmpCero = ((tmp4 + tmp6) / tmp2) * 100
End If
End If
tmpAdd = tmpAdd + Format(tmp4 + tmp6 - tmp2, "#,##0") + Chr(9)
tmpAdd = tmpAdd + Format(tmpCero, "#,##0") + "%"
mTotalesMSF(7) = mTotalesMSF(7) + tmp4 + tmp6 - tmp2
If tmp1 + tmp2 + tmp3 + tmp4 + tmp5 + tmp6 <> 0 Then msfConsulta.AddItem tmpAdd
rstmp.MoveNext
At last, tmp4,6,7,2,3 etc are variables with things like, total sales, proyected sales, pending orders, etc..
|
|
|
|
|