|
turbosupramk3 wrote: It appears they are stored as binary values in either:
They may be stored in both places - the first for per-user settings, the second for system-wide settings.
I don't think anything is encrypted. If you search you can find a lot of documentation - even whitepapers from Microsoft.
Mark Salsbery
Microsoft MVP - Visual C++
|
|
|
|
|
Hi Mark,
You are right, it was not encrypted, thank you for that.
My problem is now this, I'm looking to be able to enable and disable this for certain users, for when they have to work at home and wake on lan doesn't seem to work. I set a value in the registry manually yesterday, and it worked, but was reverted back this morning in the control panel, even though the registry key is still set to 0x0000000 . Any thoughts as to why?
|
|
|
|
|
Ok, I figured this out
Get your actual applied policies with the command RSOP in a command window, then go to Computer Configuration --> Adminstrative Templates --> System --> Power Management --> Sleep Settings
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\381b4222-f694-41f0-9685-ff5bb260df2e\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\29f6c1db-86da-48c5-9fdb-f2b67b1f44da
Set ACSettingIndex to 0 (this changed the control panel value)
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Power\PowerSettings\29F6C1DB-86DA-48C5-9FDB-F2B67B1F44DA
Set ACSettingIndex to 0 (this changed the control panel value)
If your admin is smart, you may not have rights to these keys and make have to take ownership of the keys. After you change them you can remove rights for everyone and just give admins read only rights while still having ownership.
This will allow you to keep the box on, nights where you have to be on call and remote in, I am building a c sharp app that will set and reset these permissions for when I am on call, so the majority of the time the computer will go to sleep. A laptop might have to address the DC power settings also. I'll post code after I get the app built.
|
|
|
|
|
Hi
I have searched the internet and I have been able to find a regular expression that stops users from inputting into a text box words that Oracle uses as reserved words, or characters that it considers special to it unless they are enclosed in quotes along with a regular expression that detects sql injection attacks. Can anyone help?
|
|
|
|
|
Use parameterised queries, unless there is a good reason not to. If there is a good reason not to, escape input on the server side when making up the query. Validating input fields in this way is one of the worst ways to prevent attacks (because it stops users entering legitimate information).
|
|
|
|
|
We are in a way undertaking a parameterised queries. I am actually building a query tool in wpf and restricting what sort of queries a user can run. All I am trying to do is where a user sets a constraint, such name like = 'Bob', that they cannot enter a reserved word or use it to launch an attack. This is why I am looking for a regular expression!
|
|
|
|
|
But what if the user's name includes a banned character (e.g. O'Donnell)? I'm sure there are a few people with surnames that are database reserved words, too. This is why you should escape whatever is passed to you so it isn't an injection string, not 'validate' in such a way that legitimate user input is excluded.
Producing a safe SQL string is relatively easy if what you're escaping is always going to be a quoted parameter, you need to escape quotes, and a good idea to do semicolons for paranoia too.
|
|
|
|
|
If you are using PHP at the front end this is a very helpful tutorial:
Clickety[^]
The generally accepted advice is to escape non alphanumeric characters in text entry boxes and
mysql_real_escape_string() should do the job for you if it is PHP at the front end...
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
|
|
|
|
|
It is WPF or windows presentation foundation in c# with an Oracle 10g database not php and mysql
|
|
|
|
|
Check this out:
oracle_sql_injection_attacks[^]
It is also the responsibility of the DBA to ensure that, whatever you pass in to Oracle, you are not able to create an injection attack - so talk this over with the DBA too.
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
|
|
|
|
|
We have already done this, but what we are doing is creating a query tool that runs against a query database that is copy of the main database. The users queries run against some views, because the users can create any number of combination of queries against these views it is not possible to binding or any of the usual stuff. Therefore, we have to be as flexible as possible. We control what they can select on and join on with the views but we cannot control their constraints such "name Like "Bob".
Therefore, it is imperative for me to have away of stopping "Bob; 'DROP TABLE'" type situations.
|
|
|
|
|
Hi,
Just wanted to let you know that it is not me down-voting you comments.
I hope you find a solution, when you do let us know
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
|
|
|
|
|
One of the problems will be having to keep it up to date.
Something that's easy to do is to see if the string contains multiple statements separated by semi-colons;
see my LibSql.SplitSqlStatements method in here[^].
|
|
|
|
|
in my application i create a msmq , before creating the queue i check for existence and if exist delete it and then create, this works fine, but sometimes i get an exception saying "access denied" a security exception.
when creating the msmq i assign the permission too for the local user through "environment.user"
but still i get this exception ,
appreciate your ideas about this .
thanks in advance.
|
|
|
|
|
hello guys... I want to get a row from the table that was changed but got no clue what to do? Here is what I tried butcertainly it not working
SqlCommand cmd = new SqlCommand();
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "StoredProcedure";
DataTable dt = this.GetDataTable(cmd);
string row = st.RowChanged
|
|
|
|
|
Well this depends on what you mean by Changed.
Did you make the change to the current dataset and haven't yet posted (committed) the changed?
You last looked at a table last week, and you want to now whats changed since then?
You have a dataset open, and you want to know some else had changed something with the dataset?
Please explain what you are trying to do and then the answers will hopefully come.......
|
|
|
|
|
Lets suppose that I changed the City from London to Paris of a particular record OR a number of records using some C# app. Now I want to get this/these rows.
modified on Friday, July 15, 2011 7:37 AM
|
|
|
|
|
|
Is your table stored in a datawarehouse i.e. is it a type2 warehouse etc?
If it is a datawarehouse you are accessing the data from then it should be a simple(read simple to complicated here) matter of looking at the expired date and effective date columns of rows...
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
|
|
|
|
|
Hi
Is it possible to have a variable ONLY show decimals if it does have decimal values? E.g. if the value comes back grom the database as 500 then instead of showing 500.00, it should just show 500. If it comes back as 500.55, then it should show 500.55. Please note that I do not want to use string formatting here as I want to retain the decimal type for sorting purposes.
|
|
|
|
|
So I found a way of doing this. If you use Decimal.ToDouble it seems to do the job
|
|
|
|
|
Converting your Decimal value to Double may result in loss of precision. Instead, keep it Deciamal and use ToString() to display it in a certain format.
|
|
|
|
|
I am not sure which version of .Net you are using but in VS 2010(.Net 4.0) in a winforms app, this seems to be the default behaviour. I know if I want to always show the decimal part (500.00), that is when I need to go the ToString route. I just tested with a listbox and with textboxes, and I get no decimal points if the decimal is a whole number.
...and I have extensive experience writing computer code, including OIC, BTW, BRB, IMHO, LMAO, ROFL, TTYL.....
|
|
|
|
|
From a general programming point of view you should never change your data type to satisfy display requirements, if by changing that datatype you remove precision.
Converting to a double will lose some precision.
Although very little precision is generally lost - if you are performing financial calculations this can cause a problem further on down the line when figures do not match.
So it really is better to stick with decimal and then to format it for display - otherwise you may be asking for trouble later when the FD asks "Why don't the totals match?"...
Continuous effort - not strength or intelligence - is the key to unlocking our potential.(Winston Churchill)
|
|
|
|
|
Hear, Hear.
...and I have extensive experience writing computer code, including OIC, BTW, BRB, IMHO, LMAO, ROFL, TTYL.....
|
|
|
|