|
the typeconverter thing did it..
works like a charm..
incase anyone ever need this , here is the code for it..
public override System.ComponentModel.PropertyDescriptorCollection GetProperties(System.ComponentModel.ITypeDescriptorContext context, object value, System.Attribute[] attributes)<br />
{<br />
System.ComponentModel.PropertyDescriptorCollection propps=propps=System.ComponentModel.TypeDescriptor.GetProperties (value,attributes,false);<br />
<br />
ArrayList arr=new ArrayList (propps);<br />
<br />
TextBoxButton tb=value as TextBoxButton;<br />
<br />
if (tb.Type != TextBoxButtonType.Custom)<br />
arr.Remove (propps.Find("image",true));<br />
<br />
if (tb.Type != TextBoxButtonType.CheckBox)<br />
arr.Remove (propps.Find("checked",true));<br />
<br />
if (tb.Type != TextBoxButtonType.Spin)<br />
arr.Remove (propps.Find("autorepeat",true));<br />
<br />
PropertyDescriptor[] arr2=new PropertyDescriptor[arr.Count];<br />
arr.CopyTo (arr2);<br />
<br />
return new PropertyDescriptorCollection(arr2);<br />
}
|
|
|
|
|
Did you override TypeConverter.GetPropertiesSupported ? It has to return true !
Wizard_01
|
|
|
|
|
yes i did , forgot to paste that part only :P
anyway , very cool stuff.
thanks
//Roger
|
|
|
|
|
Wizard_01 wrote:
To hide properties you can use attribute [Browsable(false)]. I am not sure if is possible to change this value in runtime. I think you cannot.
You can by implementing your own PropertyDescriptor or using an ICusotmTypeDescriptor on your component. Using this approach or adding PropertyDescriptor s using your designer is more favorable than a TypeConverter . While TypeConverter s can do that, they are typically not used for this purpose.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
I was going through the process of deciding how to store my passwords in a SQL Server database.
I was using the basic hashing approach when I came through the idea of trying with salted hashes.
When using normal hashed I didn't need to retrieve the password from the database. What I would do was to use a stored procedure like this.
CREATE PROCEDURE [dbo].[proc_authenticate]
(
@UserID nvarchar(16),
@Password nvarchar(64),
@SessionVariable nvarchar(64)
)
AS
DECLARE @AuthUserId nvarchar (16)
SET @AuthUserId = (SELECT UserId FROM Users WHERE (UserID = @UserID AND Password = @Password))
-- IF ABOVE SELECT RETURN ONLY ONE ROW THEN STORE SESSION VARIABLE IN LOCALS TABLE ELSE RETURN
IF @AuthUserId = null
RETURN
UPDATE Locals
SET
SessionVariable = @SessionVariable,
LastLoginDate = GETDATE()
WHERE (UserID = @UserID)
GO
Basically in my application I would ask the user for a username and password. Then I would generate a random session variable.
I send everything to the stored procedure on SQL Server.
It's the stored procedure that does all the authentication and there is no way to read a password if not by compromising SQL Server and gaining SA privileges.
On the other hand the approach with salted hashes is different.
1- Retrieve the stored password and the salt for an user using a stored procedure.
2- Extract salt
3- Calculate salted hash of user provided password
4- Compare stored password with user provided
5- If they are the same call a stored procedure that given UserID writes a ticket in the database.
Step one means basically giving away the User table to anybody that can steal our connection string.
This in my opinion is a security problem because basically just by cracking the user of our connection string we can retrieve any password from any user. Of course it's hashed and salted and the malicious user has to guess a username but he can use a brute force attack to decode a password.
With the previous approach instead to use brute force attack he would have had to call the sored procedure once for every attempt. This would have slowed him down and would leave a trace in our logs of a suspect activity.
But since we cannot autheniticate from inside a stored procedure using Salted Hashes we have to retrieve the password. In this case an attacker can perform the brute force attack on his own computer without any delay from accessing our server through the internet and without leavin any trace.
Step five is even worst because one can just bypass the whole authentication system and authenticate himself. Of course we might sign our tickets using a keyed hash using the server private key so that the attacked cannot just generate a ticket.
What are your opinions to this approach. I have to say that I didn't come up with this but read it in Wrox C# Data Security Handbook so I'm surprised that a tested procedure seems so weak to me.
Edd
|
|
|
|
|
Even comprimising your SQL Server system would not yield the password if using a digest algorithm like MD5 or SHA1 without using a brute force attack. You make a good point about avoid such an attack, though.
Encrypting the ticket is definitely a good idea. Take a look at my article Role-based Security with Forms Authentication[^] for a brief mention of using FormsAuthentication.Encrypt to encrypt a forms authentication-based ticket. Doing this manually would work as well, but I thought I'd just mention it.
As far as using a salted hash, storing the salt makes your system little more secure than the first method of using an unsalted hash. If a cracker comprimised your system, nothing is stopping them from discovering the hash. The MD5-digest authentication mechanisms that many HTTP daemons support - as well as many browsers - actually generate a salt of sorts that it communicates with the browser (handshaking) and they use that to digest the credentials. Unfortunately, you can't do that because you need your salt to be persistent.
So, instead of storing the salt in the SQL Server, what about storing it in a different medium? You could, for example, keep an XML document (or even a simple text file) up-to-date with users and salts and read that into memory (use ASP.NET's Cache - if applicable - for some good event-based page validation). If a user comprimised the SQL Server, that cracker would have to comprise the entire system as well so that they could - most likely - gain debugging rights in order to insert their code into the ASP.NET worker process space and read the memory directly. This is just an example off the top of my head, but conceptually something you might want to consider.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
there is a xml file: price.xml
<price>
<comdt>
<Tname id=0>AAA</Tname>
<Tprice>0</Tprice>
</comdt>
<comdt>
<Tname id=1>BBB</Tname>
<Tprice>0</Tprice>
</comdt>
</price>
the price is null,
now I have a array,arrprice(i),
arrprice(0) is AAA's price,
arrprice(1) is BBB's price,
How to use the arrprice(i) update the xml file?
I tried this way,
For x = 0 To 1
Set objprice = objDom.SelectSingleNode("//price/comdt"&[x]&"/Tprice")
objprice.Text = arrprice(x)
but it doesn't work.
Thank you!
|
|
|
|
|
nichen1001 wrote:
How to use the arrprice(i) update the xml file?
You may find more help in either the VB/VB.NET forum or the XML/XSL forum as you are posting VB.NET code in the C# forum. That said, assuming you have an XmlNode representing the head of your document you can use the XmlDocument object to create a new element and then call the AppendChild method to add that entry to your document. If you want to delete an item, such as with your SelectSingleNode method above (I am assuming objprice is an XmlNode or XmlElement ), you can then call the RemoveChild method of the root element. Don't forget to save the document so all changes are reflected in the file. Hope this helps.
- Nick Parker My Blog
|
|
|
|
|
I was wonder if any of you miss the old #define
It was great having a preprocesser sometimes, but I guess it has its own bad side when developers overuse it and create a mess.
|
|
|
|
|
Not really... Why not read this article on C# Preprocessor Directives[^]???
--Colin Mackay--
"In the confrontation between the stream and the rock, the stream always wins - not through strength but perseverance." (H. Jackson Brown)
Enumerators in .NET: See how to customise foreach loops with C#
|
|
|
|
|
>> Unlike C and C++ directives, you cannot use these directives to create macros.
|
|
|
|
|
Well.... Okay.... It is not as feature-rich as the C++ preprocessor but at least there is some functionality (I would have been really irked if the conditional compilation was not available)
--Colin Mackay--
"In the confrontation between the stream and the rock, the stream always wins - not through strength but perseverance." (H. Jackson Brown)
Enumerators in .NET: See how to customise foreach loops with C#
|
|
|
|
|
C++? C for sure. Especially when u can define a MACRO in a function body.
leppie::AllocCPArticle("Zee blog"); Seen on my Campus BBS: Linux is free...coz no-one wants to pay for it.
|
|
|
|
|
Once or twice, but then again having to worry about distributing a 20+ MB runtime more than makes up for it!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
i want to transform the coordinates of the mouse into 3d projection
Ramez Raafat
|
|
|
|
|
That sounds a vit vague to me.
Where is your Z value coming from? What are you trying to do? Are you clicking on a 3d image and want to know the depth as well? Are you wanting to create something in 3D with the mouse?
--Colin Mackay--
"In the confrontation between the stream and the rock, the stream always wins - not through strength but perseverance." (H. Jackson Brown)
Enumerators in .NET: See how to customise foreach loops with C#
|
|
|
|
|
You have to use the Isolatic Mouse cross pollenation subfrequency.
leppie::AllocCPArticle("Zee blog"); Seen on my Campus BBS: Linux is free...coz no-one wants to pay for it.
|
|
|
|
|
leppie wrote:
Isolatic Mouse cross pollenation subfrequency
Yes, but don't forget to cross-connect it to the third phase inducer plasma manifold. Otherwise the calibration of the dilithium crystal harmonisation routine will be ineffective and cause a phase variance feedback loop that will cause the automatic ejection of the mouse core.
--Colin Mackay--
"In the confrontation between the stream and the rock, the stream always wins - not through strength but perseverance." (H. Jackson Brown)
Enumerators in .NET: See how to customise foreach loops with C#
|
|
|
|
|
Don't forget to engage the subatomic 3D hypogenerative mesh analyzer, otherwise all multi-axis cross pararllel calculations will be off by at least +/- 3 subneural nanometers.
- Nick Parker My Blog
|
|
|
|
|
Nick Parker wrote:
...will be off by at least +/- 3 subneural nanometers.
True, but at that error variance it is also possible to activate the heisenberg compensator in order to mitigate any misalignment of the multi-axis cross parallel interconnectors. Thus allowing a steady stream of negatively charged subatomic particles to pass freely through the integral data coupling array.
...
You know, I think we've all been watching too much Science Fiction.
--Colin Mackay--
"In the confrontation between the stream and the rock, the stream always wins - not through strength but perseverance." (H. Jackson Brown)
Enumerators in .NET: See how to customise foreach loops with C#
|
|
|
|
|
Colin Angus Mackay wrote:
Thus allowing a steady stream of negatively charged subatomic particles to pass freely through the integral data coupling array.
Too true, but remember that by taking the integral of the guid generating function we can discern the total surface area of the applications UI in pixels.
Colin Angus Mackay wrote:
You know, I think we've all been watching too much Science Fiction.
Says who??
- Nick Parker My Blog
|
|
|
|
|
I'm uncertain whether this thread is supposed to be taken seriously or not (judging by other responses), but I have converted mouse coordinate X,Y into a ray from Point1(X,Y,Z) to Point2(X,Y,Z) in OpenGL. If that's any good to you, reply to me and I'll post the code.
Regards
Brewman
|
|
|
|
|
It is a serious thread. Some of us were just having some fun.
--Colin Mackay--
|
|
|
|
|
You should post your reply to me through the forum and not directly in my email. You might receive a broader response.
START EMAILED REPLY ----
hi
i am in virtual 3D room and i want to choose something from the wall
END EMAILED REPLY ----
--Colin Mackay--
|
|
|
|
|
sorry for disturbing u colin
|
|
|
|