|
It does show the value, either in the static constructor (.cctor) or in an instance constructor (.ctor), depending on where you initialize the fields. So no, you shouldn't store a password in your code if it protected anything important. Same goes for private keys you use to decrypt values. If you store the private key, someone need only extract it and decrypt your values, whether they are in IL or your app.config (or proprietary) file.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Heath Stewart wrote:
So no, you shouldn't store a password in your code if it protected anything important. Same goes for private keys you use to decrypt values
Thats the the thing I was thinking about. So where is good place to keep it? Unmanaged DLL? Or Databse? (but not all application need databse)Or...? This could means Unmanaged World won't end soon.
Mazy
No sig. available now.
|
|
|
|
|
Even a password stored in a native library isn't safe. First ask yourself why you need to store a password. Second, ask yourself what conditions are required of your application, like being Internet-aware. If it MUST be, you could always pull an encrypted password (say, through HTTPS - HTTP over SSL - using a Web Service or .NET Remoting, or even a simple GET or POST HTTP request) from the 'net.
If not, you should look into more advanced cryptography (like using the System.Security.Cryptography namespace elements). There are a couple tutorials here on CP, but you should try googling for some examples and discussions.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Heath Stewart wrote:
First ask yourself why you need to store a password. Second, ask yourself what conditions are required of your application, like being Internet-aware.
Yes,but where ever password is and where it goes through,the KEY for encryption MUST store somewhere. You say native dll is not safe too,so where is safe?(Or safest place other than programmer mind) Of course maybe some other encryption method which do not hash with given key and methods that are one way.
Mazy
No sig. available now.
|
|
|
|
|
ANYTHING you put in your assembly is visible to other people. If you use a password, they can see that. If you use a private key to decrypt information, they can see that. If you use a custom hash algorithm to hash your password so that only you can retrieve it (so you think), they can see that and run the same thing. Heck, even using the HTTPS mechanism I talked about can be replicated, but if your application accesses secure resources over the Internet, you at least have control over who/what you allow to access your service.
This is a big topic of software security and there are a lot of books and what-not out there.
If you're doing this for licensing reasons, there are more options available. Check out my article for instance, Using XML Digital Signatures for Application Licensing[^]. This is only conceptual, I remind you, and - being that it uses IL - it can be cracked (like I said before, anything can - it's just a question of the cost of resources compared to the cost of the information). You can bury the implementation in complexity, though.
There are many other solutions out there, too, such as XHEO[^] that use the same idea but gives you lots of default implementations (since mine is merely a discussion into the concept, not a full-blown solution) like communicating with a server. Some will even use a MAC address of a NIC or the ID on a CPU (for those that support it, although this can be very difficult and not reliable since not all CPUs have it (or enable it)).
.NET is hard to protect because of the ease of seeing information, which is why you might consider doing licensing in a native DLL - and there are many solutions and articles about this on the 'net.
Why am I mentioning licensing? Because you should allow your application to access protected resources with its own credentials because, as I said, those credentials can be hacked. Many applications will make use of Windows credentials, which are harder to hack and are provided by the Windows clients and servers. If you use licensing in your application, you (mostly) ensure that undesirable users aren't using your program, and that they use their credentials to access resources. There's also some lessons to be learned in these different approaches.
For instance, our application uses SQL Server over the LAN or through .NET Remoting on the Internet. We ask the user for credentials that are passed to SQL Server and validated. The program doesn't do this themselves - the person is required to provide credentials to protected resources. If we just let the application do it, we would have to store the same credentials for everyone (or encrypt them to an individual file for each person) which means that anyone can see them - even users that aren't paying for our system!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Well,Thank you Heat. I should read your articles very soon and my .NET Framwork Security book. Thanks for the information 
Mazy
No sig. available now.
|
|
|
|
|
Hi all
Ok I know this is not entirely related to C#, but it is related to any message board on CODE PROJECT
Do the messageboards on C/P have RSS links
thnx
Mohsen
|
|
|
|
|
|
Colin's right - you should post this in the Suggestions forum. I will tell you, though, that this has been requested many times and I believe it will be a feature of the new CodeProject to be written in ASP.NET (whenever that gets finished). I guess asking again won't hurt, though, just don't be surprised if you get a barrage of insults for re-posting! 
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Well i don't really know whether i should be here, but i'm just after some advice really. I'm 18yrs old, and am studying C at the moment, which i'm finding challenging to say the least. I'm probably going to Leeds University to study Computer Science later on this year, and am just wondering if C and VB are the best languages to start off on? - This is what i've heard. I'm interested in gaining a grasp of object orientated stuff, as well as a more general purpose code, like C.
If anyone can shed any light on this, or just offer me some friendly advice to a beginner-programmer, then please please get in touch.
llitanzios85@hotmail.com
Thanks so much.
Lewis.
|
|
|
|
|
Probably the work issues / résumés / certification[^] forum is better... But I'll give you my opinion here anyway.
I'd say that if you want to do hardware control systems then C is the language of choice. If you want to do business oriented software then C# or VB.NET are better [if you are staying in the Microsoft world]. C++, in my opinion, is at a juncture. I've written windows applications with it and it is still used to create them, but C# is now better in that respect unless you need to coax the last clock-cycle out of the processor. C++ will be staying for a long time but as more enterprise systems get written in languages like C# then C++ will be relegated to legacy systems, OSes, hardware control systems and anything that requires very tight optimisation (in comparison to C#)
Perhaps if you let everyone know what area(s) you wish to go into on leaving university it might help guide a better answer. However, while at university you may find a preference for a particular language. (Some people even like COBOL  )
--Colin Mackay--
|
|
|
|
|
I use the following constructors:
FileStream str = new sio.FileStream
(filename,
FileMode.Open,
FileAccess.Read,
FileShare.Read);
m_Stream = new StreamReader (str, true);
But when I'm reading a byte at a time (polling in another thread), I can't write to the file I am reading.
I am simply opening the file in Notepad - but I get prompted each time I try to save in Notepad and it won't let me save the file my program is reading from.
Is this possible? I am implementing unix "tail" and I thought I could just open any file and read from it - without implicitly locking other software from writing to the file.
Any suggestions?
Thanks,
-Luther
|
|
|
|
|
FileShare.Read says that other processes may read the file. You need to specify FileShare.ReadWrite if other processes are to be able to read and write to the file.
--Colin Mackay--
|
|
|
|
|
|
I am trying to implement the unix "tail" command.
Currently, I read a byte at a time until no bytes remain, then I sleep for 1000 milli, then I try to read a byte at a time again.
I've always disliked manually polling. Is there a more efficient way to architect this implementation? I was looking for a unix "select" style function.
Thanks,
-Luther
|
|
|
|
|
Are you talking about 'tail' that writes a certain number of lines from the end of a file? First of all, this is open source so you can see how they do it. Second of all, why are you reading a single byte at a time?! You should be using a buffer, a.k.a. byte[] array. Finally, since 'tail' reads lines, you shouldn't be using buffers anyway, unless you want to parse the line endings which are different from OS to OS (and you should take into account all the different line ends like \n, \r\n, etc., to be compatible with *nix's 'tail').
Also, is this for academic purposes, or do you just need a utility to do so? If the latter is true, just download Cygwin[^] and put the bin directory in the %PATH% environment variable. If has many of these handy *nix utilities and it works great. It's also commonly used to easily port other *nix applications to Win32.
I don't know how 'tail' works exactly, or rather what is the best way to get the last 10 (default; or user-specified) lines. 'head' would obviously be easier! The best thing I could think about is to write a custom queue that only stores 10 lines (or a custom amount), automatically pushing the first one out when a new line is added. When you reach the end of the file, just print-out the queue. Based on some 'tail'-like source I've seen, this is pretty much the way it works (but I couldn't find the actual 'tail' source and don't have the source tarballs or SRPMs on my linux system).
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
You are right - but the specific TAIL functionality that I'm trying to implement is the continuous monitoring of a file. For example, as the webserver appends to the log file, I want the new text to appear on the screen.
Originally, I was using ReadLine but it seems to drop the first 4 chars of every read. I started Reading a byte at a time to be more explicit. I am currently using the buffer version of Read (as you suggest, I do in fact, need to differentiate unix and win32 newlines).
So - I am currently spawning a Thread, echoing the entire file to a TextBox, and then sleeping for 1 second. I then try to Read again. Instead of manually polling the file every second, I was wondering if there was a "select" style call that would BLOCK until some event happens to the file (new text was added to the file).
I thought about using ReadBlock, but it seems to return when it reaches the end of the data in the file. I need it to BLOCK if it can't read any more data in - not return. Maybe I'm doing something wrong.
Or, maybe I'm doing it the correct way already. I'll take a look at an open source impl of tail.
Many Thanks,
-Luther
|
|
|
|
|
lutherbaker wrote:
I'm trying to implement is the continuous monitoring of a file.
Look into the FileSystemWatcher component. It won't give you the specific changes, but it will be a good indication that a file has changed and then you can store a pointer and increment that to get the next lines.
lutherbaker wrote:
Originally, I was using ReadLine but it seems to drop the first 4 chars of every read.
 What characters are these that are getting skipped? I take it this is just a simple IIS log or something? I've never seen such behavior.
lutherbaker wrote:
I need it to BLOCK if it can't read any more data in - not return.
Perhaps not. The information is written as a unit (i.e., one line) so you can get that and the number of bytes actually read. When the file changes (see above), continue reading the next block at the offset of the original position plus the actual bytes read.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Yes, that is exactly what I'm doing. Tailing a simple webserver's log. Sounds like FileSystemWatcher presents a few new options.
If I can write a small app to predictably generate that odd ReadLine behavior, I will post it here. Otherwise, I'll just assume I was doing something odd.
Thank you again,
-LutherB
|
|
|
|
|
Ok, that works even faster and now I don't have to manually deal with threading.
As a side note, when using ReadLine, I noticed my problem again. Here's what I did:
Open notepad, type a few lines, DO NOT newline, save the file.
The tail callback works perfectly. The new text is echoed to the TextBox (I manually insert a new line since ReadLine stripped it.)
Type in a few more characters and save again (still, never typing a newline).
The tail callback misses the first two chars!!
So, I opened cygwin - and got the same behavior!!!
As I believe you explained, tail is reading a line at a time. When I don't type a newline and simply save new text into the file - expecting it to be echoed, it doesn't pick up the first two chars (something do to with expectation of \r\n I would guess).
If I DO type a newline and then save, the following text is read correctly from the first char.
So, that means ReadLine works just fine for what I'm doing - which further simplifies this.
Thanks,
-Luther
One last tidbit, I've implemented native calls to scroll the screen with line appended. Unfortunately, its possible these windows won't have focus when they are tailing files - and it seems that the built in TextBox/RichTextBox must have focus and move manually move the caret and then must scroll to the caret. Awfully cumbersome.
I've wrapped the calls in a class, but they are similar to this:
public readonly uint EM_LINESCROLL = 0x00B6;
public readonly uint EM_GETFIRSTVISIBLELINE = 0x00CE;
public readonly uint EM_GETLINECOUNT = 0x00BA;
[DllImport("User32.dll")]
public static extern int SendMessage(IntPtr hWnd, uint Msg, uint wParam, uint lparam);
private void button1_Click(object sender, System.EventArgs e)
{
int line = SendMessage(richTextBox1.Handle, EM_GETFIRSTVISIBLELINE, 0, 0);
int linecount = SendMessage(richTextBox1.Handle, EM_GETLINECOUNT, 0, 0);
SendMessage(richTextBox1.Handle, EM_LINESCROLL, 0, (uint)(linecount - line - 2));
}
Oddly, TextBox scrolls one line at at time. RichTextBox scrolls a page at a time ... unusable for what I'm doing.
|
|
|
|
|
iam making a program in c# to dial to net, i use visual c++ & winAPI like Internetdial() to connect with default connection and numbers from database,but i have a problem internetDial force aform that making a connection the problem that this form sometimes appear and others no action happened so it make my code unuseful
please any help
|
|
|
|
|
This again! Didn't I already tell you that it's obvious to everyone here that we either can't or don't want to help you?
RTFM! Read the docs! Lookup InternetDial in the MSDN Library and sync the TOC to find what other methods are available. Remember that part of R&D is Research - so figure it out. That's how I found the function InternetDial that I originally gave you. Becoming familar with the SDKs helps to have some idea of what you're looking for.
If you're having problems with the form that is supposed to come up upon dialing, this could be a thread issue. Do not open forms on separate threads that are not the main UI thread - the thread on which the application was started.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.21
GCS/G/MU d- s: a- C++++ UL@ P++(+++) L+(--) E--- W+++ N++ o+ K? w++++ O- M(+) V? PS-- PE Y++ PGP++ t++@ 5 X+++ R+@ tv+ b(-)>b++ DI++++ D+ G e++>+++ h---* r+++ y+++
-----END GEEK CODE BLOCK-----
|
|
|
|
|
Hello guys!
I use MS Visual Studio 2003.
So I wanna Filter a DataGrid for example by the first column, only display rows
where the first column = 1.
Maybe my question seems naughty, i swear ive tried to find something about that
but found almost nothing in my msdn(something about datatable.select, but that's filter doesnt
seem usuable for me). So i'd like to find a quiet fast and elegance way to do that.
Is there any?
|
|
|
|
|
//Create The DataView that references the table that contains your data
System.Data.DataView myDataView = new DataView();
myDataView.Table = dataset.tables["myTable"];
//Apply the filter
myDataView.RowFilter = "[First Column] = 1";
//Bind the dataview to your datagrid
myDataGrid.DataSource = myDataView;
myDataGrid.DataBin();
I hope that helps.
|
|
|
|
|
Or...
dataset.Tables["TableName"].DeafultView.RowFilter = "Column1 = 'hello'";
Mazy
No sig. available now.
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
