|
shubham salwan wrote: bt itz not working
Of course it's not working. Your connection string has a user name a password and you are telling it to use integrated security. Not to mention that you did not bother even defining a command object. You do realize that this won't even compile don't you?
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
|
|
|
|
|
Shhhhhhhh.... Don't tell him his code is subject to SQL Injection attacks either
"Real programmers just throw a bunch of 1s and 0s at the computer to see what sticks" - Pete O'Hanlon
|
|
|
|
|
I figure he has enough trouble without throwing gasoline on the bonfire.
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Please stand in front of my pistol, smile and wait for the flash - JSOP 2012
|
|
|
|
|
Don't make your SQL statements that way -- use a parameterized query.
|
|
|
|
|
When you use "Integrated Security=True " in your connection string, the user and password given there are ignored - the current Windows user is used for login to the database instead.
|
|
|
|
|
i have to give my connection string to the other so they can connect to my database.
i understand that this is not secure. so i'm working on a new application that encrypt my connection string, give it to the other, and decrypt it before connecting to my database.
of course i didn't show the result of decryption.
i need a suggestion, what encryption is best for this problem?
thank you,
Ahri
|
|
|
|
|
Midnight Ahri wrote: i need a suggestion, what encryption is best for this problem?
The problem with encryption is that you have to provide a mechanic for your app to decrypt it. That means that there's a key to the vault, hanging next to the vault.
If the database is running on their system, and is filled with their data, who would be the legal owner of the database?
Your best option for security would be to provide only access to some webservices, and not have the client interact with the database directly.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
thank you for the reply,
let me explain my application in easier example,
i'm working on address book application, i save telephone, name, address in my own database,
i give this application to my friend, and he can save the data in his own database,
my application can connect to his database (using his connection string & wifi) and i can access his address book, also save it to my database.
Eddy Vluggen wrote: and not have the client interact with the database directly.
usually i was given a corporate project (all client connects to server)
but this time, i don't even understand why i'm given a project like this.
and the worst one, user should be able to read the encryption.
i've try googling, i found some encryption thats impossible to read.
|
|
|
|
|
Midnight Ahri wrote: i give this application to my friend, and he can save the data in his own database,
my application can connect to his database (using his connection string & wifi) and i can access his address book, also save it to my database.
Aah, I misunderstood; you want to prevent users (like you) from reading other users' database (like your friends), correct?
The database usually has a password, passed in the connectionstring. If the user could set his own password, you'd be out of trouble. Ask for the password on startup, and offer an option to "keep logged in", just like a webpage - that should do the trick.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
thank you very much !
|
|
|
|
|
Public key encryption solves the 'key in the vault' problem. Any situation where a key can't be exchanged securely offline first (which is most internet apps) means that you need a public key encrypted key exchange process to create an encrypted channel.
|
|
|
|
|
" we ask the browser to send all the traffic to localhost and then the traffic can be sent to our server
otherwise browser will make requests directly towards the destination server(e.g. google ).."
Transparent proxy can be used in any place it does not break the http and https traffic.
Browser -> lcoal host(create ssl) -> our server -> google
so, how to use use transparent proxy(local host) in middle of browser and destination server??
|
|
|
|
|
What does this have to do with C#?
There are some manuals on the internet on how to set up a proxy. I'd recommend Squid[^], depending on your needs.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
I'm trying to use a CookieAwareWebClient (or just a httpwebrequest) to log in to a gargoyle router.
To do so I have to post a password to a utility/get_password_cookie.sh. I can replicate this with code.
NameValueCollection loginData = new NameValueCollection();
loginData.Add("password", "loginpassword");
byte[] returnData = webclient.uploaddata("http://server/utility/get_password_cookie.sh",loginData );
tempData = webclient.Encoding.GetString(data);
tempData = tempData.Replace("\n",string.Empty);
webclient.Headers.Add(tempData);
webclient.DownloadFile("http://server/bandwidth.csv", downloadedFile);
Looking at the local variables of the webclient, the cookiecontainer doesn't contain the "hash" cookie I'm expecting to see.
However if I decode the returnData bytearray (to tempData)I see the text
"Set-Cookie:hash=hashvaluehere; path=/Set-Cookie:exp=1342083624; path=/"
So with that text string I tried adding it as a header to a subsequent webclient request to an internal page within the router.
But no matter what I do it doesn't seem to have any effect.
Why is it not in the CookieCollection? How can I use this hash cookie for a subsequent request?
Following is the CookieAwareWebClient.cs
public class CookieAwareWebClient : WebClient
{
public CookieContainer CookieContainer { get; set; }
public Uri Uri { get; set; }
private string lastRequest;
public CookieAwareWebClient()
: this(new CookieContainer())
{
}
public CookieAwareWebClient(CookieContainer cookies)
{
this.CookieContainer = cookies;
}
protected override WebRequest GetWebRequest(Uri address)
{
WebRequest request = base.GetWebRequest(address);
if (request is HttpWebRequest)
{
try
{
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine("Exception: " + ex.Message);
}
(request as HttpWebRequest).CookieContainer = this.CookieContainer;
if (!String.IsNullOrEmpty(lastRequest))
{
(request as HttpWebRequest).Referer = lastRequest;
}
if (request.Method == "POST" && String.IsNullOrEmpty(request.ContentType))
{
request.ContentType = "application/x-www-form-urlencoded";
}
}
lastRequest = address.ToString();
HttpWebRequest httpRequest = (HttpWebRequest)request;
httpRequest.AutomaticDecompression = DecompressionMethods.GZip | DecompressionMethods.Deflate;
return httpRequest;
}
protected override WebResponse GetWebResponse(WebRequest request)
{
HttpWebResponse response = (HttpWebResponse)base.GetWebResponse(request);
String setCookieHeader = response.Headers[HttpResponseHeader.SetCookie];
this.CookieContainer.Add(response.Cookies);
if (setCookieHeader != null)
{
if (setCookieHeader != null)
{
Cookie cookie = new Cookie();
this.CookieContainer.Add(cookie);
}
}
return response;
}
}/pre>
|
|
|
|
|
HTTP responses use Set-Cookie, as an instruction to the client. If you want to include a cookie in a request, use Cookie: instead.
|
|
|
|
|
You might need to give me a bit more than that.
If how I set the cookie for the second request was wrong, what do I need to do to it to get it accepted?
|
|
|
|
|
In the example you gave you'd have to send
Cookie: hash=hashvaluehere
Wikipedia[^] is a good place to start for more in-depth reading about interpreting Set-Cookie headers and how to send Cookie ones.
|
|
|
|
|
I am going through one code and trying to understand the same.
There are two code file 1) PuzzleGame.cs and 2) PuzzlePage.cs, each contains class each and PuzzlePage.cs files consumes the class defined in PuzzleGame.cs.
Beloow is the snippet of code from both class, I have query on the bold code surrounded with the "*" and trying to understand what does it mean and how it needs to be interpreted.
Can someone make me understand in simple terms how this "+=" delgate is interpreted in the code and how it might be functioning.
1) PuzzleGame.cs:
public class PuzzleGame
{
private int colsAndRows;
private int[] board;
private int totalMoves;
private bool isPlaying;
public int ColsAndRows { get { return this.colsAndRows; } }
public int TotalMoves { get { return this.totalMoves; } }
public bool IsPlaying { get { return this.isPlaying; } }
public int[] BoardPieces { get { return this.board; } }
public PuzzleGame(int colsAndRows)
{
if (colsAndRows < 2)
{
throw new ArgumentOutOfRangeException("colsAndRows");
}
this.colsAndRows = colsAndRows;
int totalPieces = colsAndRows * colsAndRows;
this.board = new int[totalPieces];
this.Reset();
}
public EventHandler GameStarted;
public EventHandler<pieceupdatedeventargs> PieceUpdated;
public EventHandler<gameovereventargs> GameOver;
>>>>>>>>> further code after this.
2) PuzzlePage:
Constructor code snippet:
***************************
this.game.GameStarted += delegate
{
this.ResetWinTransition.Begin();
this.StatusPanel.Visibility = Visibility.Visible;
this.TapToContinueTextBlock.Opacity = 0;
this.TotalMovesTextBlock.Text = this.game.TotalMoves.ToString();
};
**************************
******************************
this.game.GameOver += delegate
{
this.WinTransition.Begin();
this.TapToContinueTextBlock.Opacity = 1;
this.StatusPanel.Visibility = Visibility.Visible;
this.TotalMovesTextBlock.Text = this.game.TotalMoves.ToString();
};
*******************************
**********************
this.game.PieceUpdated += delegate(object sender, PieceUpdatedEventArgs args)
{
int pieceSize = ImageSize / this.game.ColsAndRows;
this.AnimatePiece(this.puzzlePieces[args.PieceId], Canvas.LeftProperty, (int)args.NewPosition.X * pieceSize);
this.AnimatePiece(this.puzzlePieces[args.PieceId], Canvas.TopProperty, (int)args.NewPosition.Y * pieceSize);
this.TotalMovesTextBlock.Text = this.game.TotalMoves.ToString();
};
**************************
|
|
|
|
|
All it's doing is adding a handler to the Event (GameStarted, GameOver and PieceUpdated) and providing the code as an anonymous function.
If you like, it is the equivalent of writing:
this.game.GameStarted += new EventHandler(TheGameStarted);
...
public void TheGameStarted(object sender, EventArgs e)
{
this.ResetWinTransition.Begin();
this.StatusPanel.Visibility = Visibility.Visible;
this.TapToContinueTextBlock.Opacity = 0;
this.TotalMovesTextBlock.Text = this.game.TotalMoves.ToString();
}; But the handler code stays with the event handler addition.
It's a style thing whether you like it or not, some do, some don't.
Personally, I don't.
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
thanks Griff thats something new learnt today!
Lobster Thermidor aux crevettes with a Mornay sauce, served in a Provençale manner with shallots and aubergines, garnished with truffle pate, brandy and a fried egg on top and Spam - Monty Python Spam Sketch
|
|
|
|
|
Thank you for quick reply.
I am getting what you are saying but what is confusing me is that (GameStarted, GameOver and PieceUpdated) are not declared as Event but if you see the class they are themselves declared as EvenHandlers, that is where I have bit of confusion.
Can you please help me understanding this concept, I migght be mssing on something here.
|
|
|
|
|
events are just a specialized version of a delegate. A delegate (EventHandler here) can be used without the event keyword, but you do not get the protection that the event keyword gives.
|
|
|
|
|
Sorry - I missed that the event keyword was missing - blame the lack of coffee!
In this case, all that is happening is that EventHandler is being used as the prototype for the method signature.
Or, in plainer English:
The GameStarted variable is declared as being an EventHandler - which is a delegate returning a void, and accepting an object and an EventArgs as parameters. The code
this.game.GameStarted += delegate
{
this.ResetWinTransition.Begin();
this.StatusPanel.Visibility = Visibility.Visible;
this.TapToContinueTextBlock.Opacity = 0;
this.TotalMovesTextBlock.Text = this.game.TotalMoves.ToString();
};
adds an anonymous method to the execution list, so that when later the code:
GameStarted(null, null); is executed, the anonymous method is called - as are any others that have been added.
Basically, whoever wrote the code is too lazy to declare his own method prototype which has no parameters, so he uses one which happens to exist already. Really he should have created his own delegate type to avoid any confusion:
public delegate void GameMethod();
public GameMethod GameStarted; He could then have executed the chained list of methods by calling:
GameStarted(); Instead of supplying unused parameters.
Ideological Purity is no substitute for being able to stick your thumb down a pipe to stop the water
|
|
|
|
|
Thank you for the clarification and now able to understand better.
Below is how all three are used.
if (this.GameStarted != null)
{
this.GameStarted(this, null);
}
if (this.GameOver != null)
{
this.GameOver(this, new GameOverEventArgs { TotalMoves = this.totalMoves });
}
if (this.PieceUpdated != null)
{
this.PieceUpdated(this, new PieceUpdatedEventArgs {PieceId = pieceId, NewPosition = newPosition});
}
Thank you all for your replies and helping me understand the code.
|
|
|
|
|
Okay, you have potential race conditions in your code here. If your event handlers can be triggered from multi threaded code, it's possible that the event handler is dereferenced between your null check and the time it actually fires. To that end, it's generally a good idea to copy your event handler to a local variable, test that for null and then invoke on that. Here's an example:
var handler = GameStarted;
if (handler != null)
{
handler(this, null);
}
|
|
|
|