|
Well I got the tool and it might solve the concern. If you understand the business layer and data layers working properly and u are suppose to do the same lines of code around 200 times, then it would be better to make them auto generating so that on can generate the base data transmission in an easy and simple and yet faster. But at the same time you should have the bottom line clear in your mind.
The required tool can itself be written in very simple manner. So if somebody don't want to answer then please maintain the credibility of the forum and do not post any grotesque scrap.
Thanks..
|
|
|
|
|
dews turner wrote: Well I got the tool and it might solve the concern
Hi, Can you please share the name of the tool ?
Thanks in Advance !!
|
|
|
|
|
Abhijit Jana wrote: Hi, Can you please share the name of the tool ?
Did They Shared..!
|
|
|
|
|
So if somebody don't want to answer then please maintain the credibility of the forum and do not post any grotesque scrap.
Dews, agree with your above statement. Forum member should read first post of forum by Chris Maunder.
Parwej Ahamad
ahamad.parwej@gmail.com
|
|
|
|
|
Yes, People should read Chris Maunder's message before porting any such messages. For last few days i'm seeing such inappropriate messages. It is very disturbing for any one if he/she will see such post in our very own website and won't think to come back.
Having 5yrs of experience in various technologies, I can write such tool in 1 day. But guys we are here to help not to make fun over the people.
|
|
|
|
|
Yes, I can understand. I have also seen many times here few member thinking they are so intelligent.
But anyways forget that and we should concentrate our work because site owner also aware of that situation so that's why they posted on the top of forum.
Parwej Ahamad
ahamad.parwej@gmail.com
|
|
|
|
|
dews turner wrote: Having 5yrs of experience in various technologies, I can write such tool in 1 day.
So you will be posting it here tomorrow, I'll check back then!
|
|
|
|
|
dews turner wrote: So if somebody don't want to answer then please maintain the credibility of the forum and do not post any grotesque scrap.
why you have deleted your own message ?
|
|
|
|
|
dews turner wrote: Well I got the tool
So why did you need to pose the question?
dews turner wrote: So if somebody don't want to answer then please maintain the credibility of the forum and do not post any grotesque scrap.
The responses to your question were perfectly reasonable; perhaps you should explain your problems in better detail in future.
|
|
|
|
|
I don't think that the my question was hard to understand. It was quite simple and if you find it difficult to understand then you should not reply at all or you could have ask for explanation. This is not any fun chat room where people log on for their amusement. This is a public forum where developers come to get the issues solved. If you can't make such effort then stop replying such abuse.
Over them all you are saying that the the responses were perfectly reasonable.
First you could not understand the question, second you are saying to pull the rickshaw and third you are saying it was reasonable. Your all replies are contradictory to your own. Strange case !!
|
|
|
|
|
dews turner wrote: I don't think that the my question was hard to understand.
So why have you deleted it, so that nobody else can check?
|
|
|
|
|
Can you answer my previous post first, that what was there which you could not understand ??
I've deleted as my concern is solved and i don't want to continue over such nonsence reply. Richard, I saw that you are here for more than 5 yrs but you could not understand a very very simple question and stated showing wits.
Being so senior you should show some manner rather than asking some body to pull rickshaw. Instead of opplogy you are continue asking silly questions.
Its not at all appreciating !!
|
|
|
|
|
Hi,
I have a question about security and user access:
If I protected a GET action with access only for logged users or for some type of user, should I also protect the POST action?
In ASP 3.0 I used to do that because one could clon the form and set the "action=myformpost.asp",
Thanks
|
|
|
|
|
I think you must authenticate each request.
When user logs in to your system generate a sessionid and put a session value for the current user.
Now for every request check for the session value is created or not. Dont send this session id to the client, store it in the server session variable. If the user is creating a clone, he can create the request object just like your one but the session id which he would have been connecting would not match with any valid session, so request would be rejected.
Hope you got the point.
|
|
|
|
|
What if I'm just using cookies?
For example:
Action /SomeForm/ (GET)
1. I check if the user has some cookie. If he does,
2. I show the form to him.
Action /SomeForm/ (POST)
1. Should I check if the user has that cookie or not?
2. Process inputs, etc.
|
|
|
|
|
No. I dont recommend cookies.. because it is not safe and stored in the client side.
Also anyone can delete cookies at any time.
Use session.. Its a better approach.. No one can tamper data in session
|
|
|
|
|
Uhm..
1. Ok lets assume i'm not going to stop using cookies..
Should I check for the cookie in the POST? Yes or no?
2. In asp 3.0 I used to use Sessions, but in ASP.NET (MVC) I don't know how, the usage is similar to cookies? Do you have some link with Session's usage? Also, arent sessions based on cookies though?
(Also, I definetly dont wanna use the filters that come with MVC.. like [Auth] and others)
|
|
|
|
|
Quake2Player wrote: Also, arent sessions based on cookies though?
No, they are not. They are stored on the server. The session id MAY be based on cookies, I am not sure, but all a user could do, if that were true, is delete a cookie and abandon their session. A cookie contains data on the client, which means the client can edit it, if they wanted to.
Christian Graus
Driven to the arms of OSX by Vista.
Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.
|
|
|
|
|
Ok so I'm using sessions now instead of cookies,
Can you answer my question now, which is analogue to the previous question:
Should I check for the session at the beggining of the POST?
Or I dont have to care about someone cloning the form with action=myformpost
|
|
|
|
|
I am not aware of any way of hijacking a session id. They would need to know what it was first, and I don't see any way to find out what someone else's random session id is. I suspect if someone had a way of doing that, they'd be hitting internet banking sites, and not yours.
Christian Graus
Driven to the arms of OSX by Vista.
Read my blog to find out how I've worked around bugs in Microsoft tools and frameworks.
|
|
|
|
|
yes you are right chris, one dont have to bother about hacking stuffs. Session id will be generated only for a small amount of time based on timeout value. So its hard to guess...
No one can use it, if the site doesnt allow to manipulate this easily. .
|
|
|
|
|
Of course you have to check the value in session. As Christian suggested, Session is accessible only from the server. Client can only send request and after than server have to do the rest.
When user logs in to the server, the server needs to create a session object and which will remain until session timeout occurs. Until this timespan, if any request from the same client is made, the session id will exist in the server and you can easily check the session value if he is logged in or not like during login :
if(login== success)
Session["Auth"] = true;
For every request check :
if(Convert.ToBoolean(Session["Auth"]) != true)
{
Response.Clear()
Response.Write("Invalid");
Response.Close();
return;
}
Means you are removing the response sent to the client.
Quake2Player wrote: Should I check for the session at the beggining of the POST?
yes . of course .. It should be checked as soon as the control comes to the server. You might use Page_Load or even if the action is posted to the HttpHandler you can do it in its processrequest section.
Hope its clear now.
|
|
|
|
|
Design Page Error T____T~!!
[URL=http://www.bcoms.net][IMG]http://www.bcoms.net/upload/images/bcoms2009103215149.JPG[/IMG][/URL]
fujiwara
|
|
|
|
|
Does your mobile:form actually renders a form tag in the client end. If so then dont bother about the Designer as it will not parse the html properly if form element is not present.
Check during runtime if it is working fine or not.
|
|
|
|
|
thank for your kindness. i can run Page on IE and Emuator but it's not show on Design Page T_____T~!!
fujiwara
|
|
|
|