|
Quote: If you store the decryption keys on the client, I do not need the banking device. I'll be content enough to read the local data Smile |
Without the banking device, you'll only be able to read the data read during that session. Well, unless like you said, you install memory logger device to read the data from the computer memory while the client is looking at the file (it's not saved on the client, only presented, during the session)
With the banking device you'd be able to get hold of the files (only pdf and images), available for the account, if you know the file ID's.
And I'm focusing on this part because it's the description of the exercise AND GDPR.
How would you limit the impact if a potential hacker gets hold of your server or client.
Quote: Yes, if it is simple storage where the server doesn't know anything, and data is not shared, dropbox it is
Well, not really. One user can upload a file, specify who/what group can get access to that file. The server has no need to know what the file is, but multiple clients will access the file.
The server only cares about who the uploader was and who's allowed to view the file. There's no need for the server to know more than that.
Like I said, the threat we see is someone gaining access to the server, how would we limit the harm and how would one encrypt the files so that a potential hacker can't read them all, but still allow users to be able to view the files they are authorized to view.
But if you're saying that the best way to handle this is to have the keys on the server alone I'll take your word for it, I'm anything but a pro.
|
|
|
|
|
The Junior wrote: And I'm focusing on this part because it's the description of the exercise AND GDPR. Ah; I'm done excercising
The Junior wrote:
But if you're saying that the best way to handle this is to have the keys on the server alone I'll take your word for it, I'm anything but a pro. I did not say that; in the classic dropbox-scenario the server doesn't need any part of the key. Why would it? If it is the clients data and it is only for sharing bytes, than the server need nothing of the key. Or simpeler terms, I can zip & password protect a file, put it on a share at the Google cloud and still determine who has access, without google needing any part of my password.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Is this a school exercise, or a real world application?
Because if it's the later, you shouldn't be getting advice from an insecure website - you need to employ a good security consultant (as a contractor is probably fine) because you are wading hip-deep into a minefield! Get it wrong because you don't know enough and miss something and you are into a world of litigation; both from patients who are misdiagnosed because vital files couldn't be retrieved, and from the media / governments if medical info is released inappropriately. This is not a simple task, and needs very careful handling.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Updated my first question to make everything more clear.. I hope.
modified 28-Feb-18 8:27am.
|
|
|
|
|
A "random" client and file that needs "decrypting"...
That's where your whole thought process falls apart. You can have "anon"; but not "random".
You issue "security keys" (e.g. Guid's); one per machine mac / ip / email.
A security key entitles you to a download. You get to track who is using which keys and how often.
Keys can be linked to "trial versions", boxed versions, "expired" versions.
One form of "software protection" is frequent updates (with newer and better features).
"(I) am amazed to see myself here rather than there ... now rather than then".
― Blaise Pascal
|
|
|
|
|
The below commnand ran successfully when i click the respective button but no changes on the database
SqlCommand command = new SqlCommand("select distinct * into #tmp From bounce delete from bounce insert into bounce select * from #tmp drop table #tmp)", connection);
connection.Close();
MessageBox.Show("Cleared Duplicates");
Note: Table bounce having only one column called email to remove the duplicates I created this button function
|
|
|
|
|
Change the table.
Never have a table with one column: always include an ID column to ensure that you can uniquely identify a row, regardless of the content.
Add an INT, IDENTITY column to the table called ID
Then the query is trivial:
DELETE m FROM MyTable m
INNER JOIN MyTable d ON m.ID > d.ID AND m.Email = d.Email;
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Thanks for your suggestion
|
|
|
|
|
You're welcome - trust me, you only make extra work for yourself by not having an ID column in every table!
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
That did not run at all. Nowhere did you state a command.ExecuteNonQuery(). It will crash: that's terribly malformed SQL, so much that I cannot guess what you plan to do.
Oh sanctissimi Wilhelmus, Theodorus, et Fredericus!
|
|
|
|
|
Thanks,
after command.ExecuteNonQuery() this line I am getting error called
a local variable name connection is already defined in this scope and I checked my code only once I used the variable connection. kindly help me on this.
For the below code
SqlCommand command = new SqlCommand("truncate table clean"), connection);
connection.Open();
command.ExecuteNonQuery();
connection.Close();
MessageBox.Show("Cleared All data");
I am getting error
a local variable name connection is already defined in this scope
If the sql commanand to
SqlCommand command = new SqlCommand("truncate table clean)", connection);
getting an error
Incorrect syntax near ')'.
|
|
|
|
|
Shankar M wrote: getting an error
Incorrect syntax near ')'. Remove the ) after clean.
This space for rent
|
|
|
|
|
Thanks for your suggestion
|
|
|
|
|
Which unit testing framework for C# can create unit tests automatically?
|
|
|
|
|
What do you mean by creating unit tests automatically? Are you referring to tests like PEX and MOLES or Intellitest?
This space for rent
|
|
|
|
|
I mean that I have a code that contains some methods...
I'm looking for a tool that would go over my code and create unit tests for the methods automatically... Does a tool like that exist in the market?
|
|
|
|
|
To a certain extent, yes it does (see the links in my original post to PEX and Moles from Microsoft research). The real question is, how much value do these tools provide? For instance, it's simple enough to automatically check whether or not a value is null but what about range checks? Would a tool know that your code expected a value between 0 and 5? Don't fall into the trap of just blindly adding tests, which is the problem with this idea. Your tests should really be there to exercise the expected logic of your code; for instance, if you changed the acceptable range from 0 to 6 and passed 6 into the code expecting the test to follow the fail path, it would suddenly follow a different path through your code so you would know that your test needs to change.
This space for rent
|
|
|
|
|
No framework can predict your expected results; so there's no such thing as creating tests automatically.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Is it possible to test several cases of the method under test?
|
|
|
|
|
Yes, you can throw random values at it.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
You could try some Property-Based Testing[^]. Frameworks like FsCheck automaticaly generate random values to verify your properties. But you have to come up with properties that you need to verify yourself.
Such approach is more reliable then unit-testing against magic-numbers and is helpful to spot bugs but can only be used in the limited cases
Also again I'm not 100% sure whether this is what you're looking for
|
|
|
|
|
Not really a question but I would like some feedback.
I have been programming in C# for years now and until today I never could find a way to use the ref keyword in a syntax-correct way. I'm writing code to build XML based on data classes for what must be the thousandth time. The simplest way to generate the data is in plain old strings but I needed a fast way to check for reserved XML characters and update the string only if necessary. Strings are immutable and I don't want to have to copy the string if necessary as this just adds overhead so I came up with this:
public static bool ContainsReservedXmlCharacters(string value)
{
char[] reservedCharacters = new char[] { '<', '>', '&', '%' };
for (int i = 0; i < value.Length; ++i)
{
if (Array.Exists(reservedCharacters, delegate (char c) { return c.Equals(value[i]); }))
return true;
}
return false;
}
public static void ValidateForXml(ref string value)
{
if (ContainsReservedXmlCharacters(value))
{
value = String.Format("<![CDATA[{0}]]>", value);
}
}
This way, I can check the string if contains characters that it shouldn't and only replace the string if necessary. Experience has taught that reserved characters do sneak into XML from time to time but not that often. This should save some parsing time as the string is copied infrequently. I could even write the function to escape the reserved characters if needed.
If there is still a use for ref , it is with handling immutable types such as strings in functions where they may or may not be replaced with a new value.
What does the community think about this?
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Foothill wrote: What does the community think about this?
I think you should be using System.Xml.Linq[^] to build your XML documents.
If you build your own XML generator, you're bound to run into edge cases that you hadn't considered.
For example, if your input contains "Test]]>" , your "valid" string will contain "<![CDATA[Test]]>]]>" , which is not valid XML.
Using XLinq:
new XCData("Test]]>") gives:
<![CDATA[<![CDATA[ which looks odd, but is valid.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
At some point, once my understanding of XML is good enough that is, I can take off the training wheels and move over to Linq XML. I would like to gain a deeper knowledge of XML and how to manipulate it first before I do.
Still, I was so surprised that I found a use for the ref keyword that I had to share.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
The framework will not make a copy of the string when entering a new method; it is not a value-type, so no copy. It will create a new immutable once you manipulate it.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|