|
leckey wrote: Colin would have a heart attack. We have credit card numbers and not one SQL parameter
Ouch!
leckey wrote: an email from the dept head reminding us about SQL injection ... and to make sure we are using it.
Gosh! I hope that was a typo and not his actual advice.
leckey wrote: I was one of the few who knew about it and showed your article
Fantastic, the more people know about it and how easy it is to protect against it the better the world will be. I've started teaching C# classes this year and I threw out the section on databases and re-wrote it from the ground up it was that bad. Thanks for using my article also.
leckey wrote: I've yet to find any protected SQL statements
I can forsee some refactoring in your team's future.
|
|
|
|
|
Oh, the heart attack comment was not appropriate for you. Sorry about that; I forgot about the medical issue. I hope you didn't take that personally (it sounds like you didn't)!
Yes, that was a typo!
I've already looked at refactoring when I found out a daily file process takes 45 minutes to run. It's part VB script and not using basic optimization tools. So many if loops one record can go through 10 if statements. Some are useless because the statement could never happen based on outer conditions.
Have you thought about publishing a book on SQL injection using real world examples of companies that got hacked?
|
|
|
|
|
leckey wrote: Oh, the heart attack comment was not appropriate for you. Sorry about that
Don't worry about it. I've never actually had a heart attack, although I do have heart failure.* I didn't take it as an inappropriate comment.
leckey wrote:
Have you thought about publishing a book on SQL injection using real world examples of companies that got hacked?
Although I'm keen to write a book, or at least a chapter or two of a book, I've not thought about SQL Injection Attacks as a topic. I've not actually done much with SQL Server recently and I'm concentrating more on LINQ these days. Having said that, I still do the occasional talk on SQL Injection Attacks if invited.
* I guess a heart attack is a form of heart failure. What I have currently is called Reduced Left Ventrical Function which is the byproduct condition of Transposition of the Great Vessels (or wonky plumbing around the heart as it was once explained to me). The blood flows round the body in a figure 8 with the heart at the cross over point. I was born with two figure 0s. The TGV was corrected when I was an infant, but the condition was such that the doctors couldn't correct it fully back to normal, so basically my heart runs the wrong way round. It freaks doctors and nurses out who don't realise this as they think they've connected me up to the ECG (or EKG) machine wrong. My ECG looks upside down compared to a normal person.
|
|
|
|
|
I remember you discussing the issue before; that's why I felt bad when you said "ouch" because I felt like I poked the bear, so to speak. So your Q-T rhythm is reversed? Yeah, that would be freaky! My late father died of a heart attack so I am very hyper-sensitive about heart issues now. I actually have a recurring abnormal-normal arythmia (heart beats abnormally, but the beat itself is regular; it comes and goes and the doctors don't know what causes it although I know if I have consumed too much niacin it kicks in) yet that didn't scare me much.
I should see if the next time you are in the US if my company would be willing to book you for a talk. I still think you should do a book; I don't know of anyone who learns about SQL injection in college.
|
|
|
|
|
First, read this: How to get an answer to your question[^]
Second, don't double post. You have already asked this question and your question has already been answered. If you need more clarification reply to that post
Giorgi Dalakishvili
#region signature
my articles
#endregion
|
|
|
|
|
What is wrong with the answer you got before? Reposting the same crap over and over doesn't get you anywheres except angering people...
"The clue train passed his station without stopping." - John Simmons / outlaw programmer
"Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
|
|
|
|
|
hi
i write this code to define a method :
CodeMemberMethod method_getData = new CodeMemberMethod();<br />
method_getData.Attributes = MemberAttributes.Public;<br />
method_getData.Name = "GetData";<br />
method_getData.ReturnType = new CodeTypeReference(typeof(DataTable));<br />
ctd.Members.Add(method_getData);<br />
<br />
CodeParameterDeclarationExpression method_getData_p1 = new CodeParameterDeclarationExpression(typeof(System.Data.SqlClient.SqlCommand), "cmd");<br />
method_getData.Parameters.Add(method_getData_p1);
in body of my method, i want to daclare some variables and create new instatnce of it's class and assign value to it, like this :
SqlConnection con = new SqlConnection(this.ConnectionString);
but, how to do this ?
thanks
|
|
|
|
|
|
Dear friends,
I'm doing the console application to listen the call information from our telephone exchange and calculate the bills. Below is the function to listen the calls and save. I'll explain the process.
1) Getting string Data from the exchange through TCP/IP.
2) Split the string and calculate call cost according to the data available in database.
3) save the calculated values in a database
4) write the calculated data in console window.
The above process is happening in round trip. Some times the SaveData(clientDataInString); function is taking more time(more than 10 sec) to complete. Mean time the exchange is sending the data for more than one call. so while receiving the data from the exchange next time i'm getting the concordinated string with more than one calls information. I cannot reduce the time of SaveData function. So i want to do the SaveData process in asynchronous manner or multi thread. Can any one help me please.
#region "Listern"
private static void Listern()
{
try
{
if (strServer == string.Empty)
{
Console.Write(" Enter server name/address: ");
strServer = Console.ReadLine();
Console.Write(" Enter remote port: ");
strPort = Console.ReadLine();
}
Console.Clear();
//IPEndPoint ipEnd = new IPEndPoint(IPAddress.Parse("10.148.146.43"), 5656);
IPEndPoint ipEnd = new IPEndPoint(IPAddress.Parse(strServer), Int32.Parse(strPort));
Socket sock = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP);
sock.Bind(ipEnd);
sock.Listen(100);
Socket clientSock = sock.Accept();
byte[] clientData = new byte[1024];
NetworkStream ns = new NetworkStream(clientSock);
while (bActive)
{
int receivedBytesLen = ns.Read(clientData, 0, clientData.Length);
string clientDataInString = Encoding.ASCII.GetString(clientData, 0, receivedBytesLen);
ns.Flush();
// the loop should not wait if the function is getting delay. It has to just call this function and go to listen next call info immediately. for the next call info the function should start another thread.
//Save in sql server
SaveData(clientDataInString);
}
ns.Close();
clientSock.Close();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
Application.Run();
}
}
#endregion
|
|
|
|
|
|
inside my datagrid i added a Boolean column, the problem is that when i click the checkbox inside the datagrid it doesn't display checked but only when i leave to another check box
please somebody help
here is the code :
DataGridBoolColumn boolColumn = new DataGridBoolColumn();
boolColumn.MappingName="Mapped";
boolColumn.AllowNull=false;
boolColumn.Width=50;
boolColumn.AllowNull = false;
boolColumn.ReadOnly=false;
boolColumn.HeaderText="Mapped";
GridTableStyle.GridColumnStyles.Add(boolColumn);
|
|
|
|
|
michael_jhons wrote: when i click the checkbox inside the datagrid it doesn't display checked
Where is it not displaying? In the debugger, another column in the datagrid? I feel this information is vital to produce a correct response to your question.
Just because we can; does not mean we should.
|
|
|
|
|
Dear KaptinKrunch
it is not displaying that is checked in the column itself "the checkBox COLUMN".in normal situation, once u click a checkbox it appear that is checked, but in my case when i click it and when i leave to another cell in the datagrid it appear that is checked, not directly when i checked it before.
hope i clearify my point
thanks for your help
|
|
|
|
|
If Anybody can Help
I have created the sample web service using c# in .net . In Run time dynamically generate the SOAP,WSDL code .
SOAP 1.1
*********
POST /Webservices/MyService/MyWebservices/Calculate.asmx HTTP/1.1
Host: localhost
Content-Type: text/xml; charset=utf-8
Content-Length: length
SOAPAction: "http://tempuri.org/Add"
<soap:envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:body>
<add xmlns="http://tempuri.org/">
int
int
WSDL
****
http://localhost/Webservices/MyService/MyWebservices/Calculate.asmx?wsdl
<wsdl:definitions targetnamespace="http://tempuri.org/">
<wsdl:types>
<s:schema elementformdefault="qualified" targetnamespace="http://tempuri.org/">
<s:element name="Add">
<s:complextype>
<s:sequence>
<s:element minoccurs="1" maxoccurs="1" name="a" type="s:int">
<s:element minoccurs="1" maxoccurs="1" name="b" type="s:int">
.........
........
........
1)How to generate the this code
2)What is the internal function of SOAP,WSDL,UDDI
|
|
|
|
|
I've created a remoting application that uses an assembly located in the GAC. When I try to run a client application that grabs the remote object and uses an object in the GAC assembly I get an exception. Everything works fine if the assembly is not signed. Thanks for any help.
<small>System.Runtime.Serialization.SerializationException was unhandled<br />
Message="Because of security restrictions, the type PLCLib.PLCMediator+PLCConnection cannot be accessed."<br />
Source="mscorlib"<br />
StackTrace:<br />
Server stack trace: <br />
at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)<br />
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.ParseObject(ParseRecord pr)<br />
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Parse(ParseRecord pr)<br />
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryObjectWithMapTyped record)<br />
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.ReadObjectWithMapTyped(BinaryHeaderEnum binaryHeaderEnum)<br />
at System.Runtime.Serialization.Formatters.Binary.__BinaryParser.Run()<br />
at System.Runtime.Serialization.Formatters.Binary.ObjectReader.Deserialize(HeaderHandler handler, __BinaryParser serParser, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)<br />
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Deserialize(Stream serializationStream, HeaderHandler handler, Boolean fCheck, Boolean isCrossAppDomain, IMethodCallMessage methodCallMessage)<br />
at System.Runtime.Remoting.Channels.CoreChannel.DeserializeBinaryRequestMessage(String objectUri, Stream inputStream, Boolean bStrictBinding, TypeFilterLevel securityLevel)<br />
at System.Runtime.Remoting.Channels.BinaryServerFormatterSink.ProcessMessage(IServerChannelSinkStack sinkStack, IMessage requestMsg, ITransportHeaders requestHeaders, Stream requestStream, IMessage& responseMsg, ITransportHeaders& responseHeaders, Stream& responseStream)<br />
Exception rethrown at [0]: <br />
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)<br />
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)<br />
at PLCLib.PLCMediator.WriteBit(PLCConnection connection, String dataAddress, Boolean dataIn)<br />
at PLCDriverConsole.WriteBit.WriteBits(PLCConnection connection, String dataAddress, Boolean dataIn) in C:\Brad\PLCDriverConsole\PLCDriverConsole\Program.cs:line 57<br />
at PLCDriverConsole.Program.Main(String[] args) in C:\Brad\PLCDriverConsole\PLCDriverConsole\Program.cs:line 20<br />
at System.AppDomain._nExecuteAssembly(Assembly assembly, String[] args)<br />
at System.AppDomain.nExecuteAssembly(Assembly assembly, String[] args)<br />
at System.Runtime.Hosting.ManifestRunner.Run(Boolean checkAptModel)<br />
at System.Runtime.Hosting.ManifestRunner.ExecuteAsAssembly()<br />
at System.Runtime.Hosting.ApplicationActivator.CreateInstance(ActivationContext activationContext, String[] activationCustomData)<br />
at System.Runtime.Hosting.ApplicationActivator.CreateInstance(ActivationContext activationContext)<br />
at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssemblyDebugInZone()<br />
at System.Threading.ThreadHelper.ThreadStart_Context(Object state)<br />
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)<br />
at System.Threading.ThreadHelper.ThreadStart()<br />
InnerException: System.Security.SecurityException<br />
Message="Request failed."<br />
Source="mscorlib"<br />
GrantedSet=""<br />
PermissionState="<PermissionSet class=\"System.Security.PermissionSet\"\r\nversion=\"1\"\r\nUnrestricted=\"true\"/>\r\n"<br />
RefusedSet=""<br />
Url=""<br />
StackTrace:<br />
at System.Runtime.Serialization.FormatterServices.nativeGetSafeUninitializedObject(RuntimeType type)<br />
at System.Runtime.Serialization.FormatterServices.GetSafeUninitializedObject(Type type)<br />
InnerException: </small>
|
|
|
|
|
Dio22 wrote: "Because of security restrictions, the type PLCLib.PLCMediator+PLCConnection cannot be accessed."
Your problem is noted right there for you.
Just because we can; does not mean we should.
|
|
|
|
|
Thank you Kaptin obvious. What's causing the security exception? I need help fixing the problem, not identifying it.
|
|
|
|
|
I need devlopped one function that permit a conference in VoIP(Voice over IP.
It's possible to integrate this function in my program?
|
|
|
|
|
All knowing GOOGLE[^] has the answers you seek.
Scott P
"Run for your life from any man who tells you that money is evil. That sentence is the leper's bell of an approaching looter." --Ayn Rand
|
|
|
|
|
asma_pfe wrote: It's possible to integrate this function in my program?
yes.
|
|
|
|
|
how? and if you have an idea can you help me please
thank you
|
|
|
|
|
What part of the C# is giving you trouble?
Scott P
"Run for your life from any man who tells you that money is evil. That sentence is the leper's bell of an approaching looter." --Ayn Rand
|
|
|
|
|
Well... Here is a start for you
using System;
using System.Collections.Generic;
using System.Text;
using System.Net;
using System.IO;
namespace conferenceVOIP
{
class Program
{
static void Main(string[] args)
{
throw new Exception("The program code needs to be implemented.");
}
}
}
Now where do you have problems form there?
|
|
|
|
|
Thank you for your help
I need the instructions of this function, can you completed this for me please
|
|
|
|
|
Hey Guys,
I have some doubts about the code written by Shelly Jain in <a href="http://www.codeproject.com/KB/cs/mswordcount.aspx">http://www.codeproject.com/KB/cs/mswordcount.aspx</a>[<a href="http://www.codeproject.com/KB/cs/mswordcount.aspx" target="_blank" title="New Window">^</a>].
First of all I don't know anything about C#, what I know is ASP and I am learning ASP.Net, but any help would be great.
My first doubts it is if this script (or other that you know that does the same thing) works with other Microsoft Offices Applications, such as Excel and PowerPoint?
I also would like to know if it can be implemented with ASP.Net and if it works in real time, for example. If I upload a MSWORD file with ASP.Net, the result of number of pages would show right away or it would take a while for the server open the file and count it?
And would the script be able to count 10 (or more) files for different users at the same time, like uploading files of multiple users at the same time, or it would need some time between each page counting?
Thank you and I appreciatte if you can help me.
|
|
|
|