|
benjymous wrote: Is there a standard method for storing a user's username/password somewhere safe,
No, there is no "safe". One optimal approach is to store hash values, like using SHA1, and the next time they enter them you hash again and verify the hash matches the stored hash. In that approach you are not responsible for securing any information.
That said if you have a requirement like emailing them their password then that won't work. If you need to encrypt data some engines might do that for you like SQL Server, otherwise if you need to do it yourself see the System.Security namespace.
Also if you need to do it yourself it might pay to study some modern material on the current state of "Security" so that you can apply that to using the BCL libraries supplied.
led mike
|
|
|
|
|
Usually you just save the password hash (MD5, SHA), optionally with a salt
modified 12-Sep-18 21:01pm.
|
|
|
|
|
|
Wrong board, you have to post on ASP.NET board.
I Love T-SQL
|
|
|
|
|
Hello,
I have the following function, which is returning dataset from any of the desired identical databases. For some reason, I get exception "Must declare parameter @id"
public DataSet GetCustomerDevices(int nCustomerID, int nDatabaseID)<br />
{<br />
svcMSSQL mssql = new svcMSSQL();<br />
DataSet dsDevices = new DataSet();<br />
<br />
try<br />
{<br />
SqlConnection sqlConn = (SqlConnection)mssql.CreateConnection(clsConnStr.GetConnectionString());<br />
<br />
string strDatabase = GetDatabaseName(nDatabaseID);<br />
<br />
SqlCommand sqlCmd = (SqlCommand)mssql.CreateCommand("SELECT ColNo1, ColNo2, ColNo3 FROM "+strDatabase+".dbo.tblClientProc WHERE PartnerCode=@id ORDER BY ColNo1 ASC", sqlConn);<br />
sqlCmd.Parameters.AddWithValue("@id", nCustomerID.ToString());<br />
sqlCmd.Parameters["@id"].SqlDbType = SqlDbType.Int;<br />
<br />
foreach (SqlParameter param in sqlCmd.Parameters)<br />
{<br />
clsDebug.WriteString("Param name: " + param.ParameterName + ", Param Type: " +param.SqlDbType.ToString()+ ", value is: " + param.Value);<br />
}<br />
<br />
SqlDataAdapter sqlAdapter = (SqlDataAdapter)mssql.CreateDataAdapter(sqlCmd, sqlConn);<br />
sqlAdapter.Fill(dsDevices);<br />
<br />
sqlCmd.Dispose();<br />
sqlAdapter.Dispose();<br />
sqlConn.Dispose();<br />
}<br />
catch (Exception e)<br />
{<br />
clsDebug.ReportError(e.Message);<br />
}<br />
return dsDevices;<br />
}<br />
Here is output of the clsDebug.WriteString function:
Method: GetCustomerDevices
File:
Line: 63
Msg: Param name: @id, Param Type: Int, value is: 2762
Any help is appreciated
|
|
|
|
|
SqlCommand sqlCmd = (SqlCommand)mssql.CreateCommand("declare @id as int set @id = "+ nCustomerID.ToString()+ " SELECT ColNo1, ColNo2, ColNo3 FROM "+strDatabase+".dbo.tblClientProc WHERE PartnerCode=@id ORDER BY ColNo1 ASC", sqlConn);
I Love T-SQL
|
|
|
|
|
I thought of that solution, but I think that the query should work the way it is written. I have an option to add stored procedure, which would also be some sort of solution.
My question is why the query does not work as it is presented, moreover, why even though that I get information from the debugger that the parameter has been created, is of the correct type and contains proper value, the error presented is "must declare variable", which according to my understanding means that the query is not passed correctly between my application and the server.
Thanks for the reply!
|
|
|
|
|
then declare varialbe and use your SQL query.
I Love T-SQL
|
|
|
|
|
I am trying to pass parameter, not variable.
|
|
|
|
|
SqlCommand sqlCmd = (SqlCommand)mssql.CreateCommand("SELECT ColNo1, ColNo2, ColNo3 FROM "+strDatabase+".dbo.tblClientProc WHERE PartnerCode=@id ORDER BY ColNo1 ASC", sqlConn);<br />
sqlCmd.Parameters.AddWithValue("id", nCustomerID.ToString());
I Love T-SQL
|
|
|
|
|
Wait! Isn't that the code the OP started out with?
|
|
|
|
|
Deian wrote: sqlCmd.Parameters.AddWithValue("@id", nCustomerID.ToString());
Don't all ToString() on nCustomerID
Also, it is good practice to put the calls to Dispose in a finally block so that they get called even if an exception is thrown. At the moment, the objects won't be disposed when the exception is thrown.
Other than that I don't really see much wrong with the code.
|
|
|
|
|
Yes I will dispose objects in finally block, this is just a test function. Too sad nobody could reproduce my parameter problem.
|
|
|
|
|
Sometimes when that happens to me and I just simply cannot see what is wrong with a method then I tear down the method so it has nothing in it, go and get something to drink (anything to get away from the code for 5 to 10 minutes) come back and start from scratch on that method. Often that helps. And often the code is also better quality as a result too.
|
|
|
|
|
Well, I did that last night
I've traced the problem to my working stations, since sql profiler shows that query arrives with "... WHERE col=@param". IDE is not throwing an exception that parameter is missing, actually it is there. What I will do (in order to get going) is to construct dynamic queries and pass them directly, untill I find a solution.
Thank you for the reply!
|
|
|
|
|
Hello all,
I am having an annoying little problem with accessing an underlying row in a datatable which is being displayed in a datagridview.
I need to get hold of the ID column in the DataSource, however it is one of the columns I am not displaying to the user in the DataGridView. I can then fire a stored procedure to delete the correct row from the SQL database.
How do i access the row which is currently selected in the DataSource? I know about SelectedRows[] but it doesnt contain my ID column.
Thanks in advance...
modified on Tuesday, April 22, 2008 10:18 AM
|
|
|
|
|
when you select row from datagridview then save ID value in one label,use labels value to delete your data based on last selected ID on datagridview.
I Love T-SQL
|
|
|
|
|
Could do but thats a big hack i think there has to be a nicer way
|
|
|
|
|
GOTCHA!!!
DataRow bishyBashy = ((DataRowView)(this.dataGridViewExistingSecurityLevels.SelectedRows[0].DataBoundItem)).Row;
|
|
|
|
|
Hi, I need your help to clarify the following.I try to run a method with the parameters on own thread. But I get the error.
public class MyQueue
{
Queue myQueue = new Queue();
public void Enqueue(PacketHeader p, byte[] s)
{
Data data = new Data(p, s);
myQueue.Enqueue(data);
}
}
m_myQueue = new MyQueue();
Thread thread = new Thread(new ThreadStart(m_myQueue.Enqueue(????)));
thread.Start();
Thanks in advanced
Mehran
|
|
|
|
|
Wrong threading type, look at the threading articles for .NET for the correct method (note this is a pun!) to do this
Well you could do this with properties, but if you just want to run a method this follow my above statement
|
|
|
|
|
|
NP, just be careful and be sure to call EndInvoke on your ISyncResult object, that is if the method is should to finish even if the caller would have ended first.
|
|
|
|
|
|
Google broken?
only two letters away from being an asset
|
|
|
|