|
timothymburke wrote:
"hardly a security risk"
Access to queries is a grave security risk especially when that connection has full access which as you pointed out is very often not to mention a must for any add, change, delete program, and it is only slightly less risky to a connection that has read only access always with the obvious unrevokable ability to run read-only queries like "SELECT * FROM... Hackers have used the same or related security hole for years to get at data from all the other frameworks so what can I do to stop this in .NET or am I to simply assume these same hackers will stop trying to get it at data?
If you read the entire sentence, it is: "If a hacker would be able to read your queries in the code, that is hardly a security risk."
As I tried to explain in my previous post, there is a big difference between being able to read some files or part of files on the server, and changing them.
If you for an example make the mistake to publish code with debug info, and configure the site to show detailed error messages, anyone will be able to see a few lines of code if there is an exception in the page. That is an example of how someone might get to se part of the code without much effort.
To get full access to the server, on the other hand, so that someone can change any files, is quite a bit harder. As I tried to explain in the previous post, there is not much you can do to protect your code or database in that case. Whatever you do, you are f***ed anyway, pardon the language.
---
b { font-weight: normal; }
|
|
|
|
|
What I recommend is putting your connection string into a separate and compiled class file. We have a connection manager class that returns the appropriate connection depending if we are on the test or production server. Another good idea is to use stored procedures. Never give a user dataWriter access. I learned this hard way when the user connected via MS Access and was updating the tables outside the application.
how vital enterprise application are for proactive organizations leveraging collective synergy to think outside the box and formulate their key objectives into a win-win game plan with a quality-driven approach that focuses on empowering key players to drive-up their core competencies and increase expectations with an all-around initiative to drive up the bottom-line. But of course, that's all a "high level" overview of things
--thedailywtf 3/21/06
|
|
|
|
|
You should probably worry about what is in the Text field of the text box. Malicious code could be passed into the database if you do not strip it and you should parameterize your queries, never Concatenate strings to create a sql statement.
|
|
|
|
|
|
Hi
In my application if i give the application no and then click ,then the datails of that particular application(app no,date,...) in the form of table.please help me
|
|
|
|
|
Good luck getting an answer to that one.
how vital enterprise application are for proactive organizations leveraging collective synergy to think outside the box and formulate their key objectives into a win-win game plan with a quality-driven approach that focuses on empowering key players to drive-up their core competencies and increase expectations with an all-around initiative to drive up the bottom-line. But of course, that's all a "high level" overview of things
--thedailywtf 3/21/06
|
|
|
|
|
Hi,
please i want you to tell me what is the real role of a ViewState & when & why we should use it ??
it will be better if you can give me even a small example to let me understand it please
thank you
try to be good if you can't be the best
|
|
|
|
|
|
very urgent..........
hi,
i have one textbox and one button in asp.net
i give 10(any no) in textbox ,when i click button. it create 10 buttons
dynamically
usin c#.net
suresh babu.k
|
|
|
|
|
Can you put the code up please?
|
|
|
|
|
anyone know how to code to link a header to everypage?? i have already create the header. soo i just want to add it above on all my other content page. And also the side menu on the left and footer below...?
is it using css??? do i need to add an extra row of table to put my header footer in my everycontent page???
|
|
|
|
|
|
Hi,
I have the same lines of code on my home PC, but at work it doesn't seem to want to work. What I want to do is to break down a file into it's file name and extension.
Here is my code in my button click event handler:
if (fuWineImage.HasFile)
{
string filepath = fuWineImage.PostedFile.FileName;
string pat = @"\\(?:.+)\\(.+)\.(.+)";
Regex r = new Regex(pat);
Match m = r.Match(filepath);
string file_ext = m.Groups[2].Captures[0].ToString();
Response.Write("filepath = " + filepath + "<br />");
}
The error that the browser gives me is:
Specified argument was out of the range of valid values.
Parameter name: i
The result of the Response.Write is:
myFile.jpg
Why is this not working??
Please can someone help me
Regards,
ma se
|
|
|
|
|
Well for one, there doesn't seem to be an i variable in your code that you posted, so hard to tell...
But why don't you just import the System.IO namespace and use the following:
Path.GetFileNameWithoutExtension(filePath);<br />
Path.GetFileName(filePath);<br />
Path.GetExtension(filePath);
|
|
|
|
|
Does anyone know if running ASP.NET 1.1 and 2.0 on the same server is a problem. I know I can set the Version in IIS properties but does this cause any issues?
thanks
|
|
|
|
|
Not that I've run into - have had 1.1 & 2.0 running for months with no (apparent) problems
"Now I guess I'll sit back and watch people misinterpret what I just said......"
Christian Graus At The Soapbox
|
|
|
|
|
|
Not a problem on my development and deployment machines.
Just need to remember to set the correct ASP.NET version.
Dan Satria
Principal Consultant
Graha Logica, Inc.
|
|
|
|
|
Hi all,
I just want to know the use of global.asax file. How its beneficial for web projects.
Varun Arora,
Software Engineer,
Knowledge Calls,
Gurgaon, India
|
|
|
|
|
It is the place to declare/initialize application-wide variables.
The global.asax file allows developers to add application and session level logic to their web applications. It is a special file which contains events which are fired when the application starts and stops, and when a users session starts and stops.
It is optional, but if you have one it must be located at the root of your site or your virtual directory. ASP.NET parses and compiles it into a class which extends the HttpApplication base class the first time any page within the application is requested. Global.asax cannot be downloaded through Http.
Read this this[^]
or
this[^]
for more information
Sincerely,
Elina
Life is great!!!
Enjoy every moment of it!
|
|
|
|
|
Hi,
Thankyou so much for providing me help.
Thanks and Regaurds,
Varun Arora,
Software Engineer,
Knowledge Calls,
Gurgaon, India
|
|
|
|
|
Always welcome.
Happy it helped
Sincerely,
Elina
Life is great!!!
Enjoy every moment of it!
|
|
|
|
|
i am using listbox server control. When i made selectionmode multiple, it works fine. but when i make selectionmode single, i am unable to deselect any selected ite in list box. In this case if once i select any item then i have to select atleast one item from list and my requirement is to make user able to deselect that selected ite.
Need it urgent.
|
|
|
|
|
Hi,
You can not deselect item from list you have to select atleast one item.For your purpose you can add one empty('') value as item in list,which can be set if don't want anty item to select.
regards,
Nagraj
|
|
|
|
|
how many maximum number of catalogs i can add in indexing service?
and how many maximum number of direcories can be added in one catalog?
Is it possible to add directory progarmmatically?
M vinod
|
|
|
|