|
The first thing is that app.path will parse to your local exe installation, whereas it will need to be \\servername\sharename
Other than that, assuming all your users have permissions to read and write the directory where your database is located, it should all be fine.
|
|
|
|
|
Where exactly I should give Servername\\sharename and how..Can you please explain in detail?
|
|
|
|
|
kokilag wrote: Where exactly I should give Servername\\sharename and how
con.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & (App.Path & "\abc.mdb") & ";Jet OLEDB:Database Password=efg;"
con.open "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & ("\\servername\sharename\abc.mdb") & ";Jet OLEDB:Database Password=efg;"
Where servername is the name of the server that everyone is using on the LAN, and sharename is the name of the share on the server... eg: your server might be called dogbone with a share called dbfiles, so you would use \\dogbone\dbfiles\abc.mdb
|
|
|
|
|
Ok..thanks a lot.. I replaced the code with above statement and the project is working fine..I have also shared the folder which contains the database in the network.I have assumed my pc as the server.Now the project runs fine in my pc with the new path.Till now I was giving the app.path and was making the package using package and deployment wizard and running the project in individual pcs.Now can you please tell me how to proceed and how to make only exe run in another pcs and to make them access the database residing in the share folder in the network..(Pls note the folder is shared from my pc assuming my pc as the server?
|
|
|
|
|
suppose I want to make a work station pc which is not a server type as a server to store the database,then what will be the code to access the database residing on a network pc which is not a server type?
|
|
|
|
|
|
kereljansen wrote: The problem is the comma in the " 's Heerenberg"
That character is an apostrophe not a comma. See here[^] and see if that helps.
Why is common sense not common?
Never argue with an idiot. They will drag you down to their level where they are an expert.
Sometimes it takes a lot of work to be lazy
Individuality is fine, as long as we do it together - F. Burns
|
|
|
|
|
your code has two problems:
1.
when tblocation.Text contains either nothing or some special characters (including single quote, double quote, parenthesis, ...) then your VB statement will happily concatenate everything, however it will not result in a valid SQL statement.
2.
when a malicious user enters some special stuff through tblocation.Text, the net result may be a valid SQL statement with side effects you don't want; by providing some text, a quote, a closing parenthesis, a semi-colon, then whatever follows would be executed as a second SQL statement, and could e.g. delete an entire table. This problem is known as "SQL injection attacks".
There are basically two solutions:
1.
the best one is using SqlParameter, which means no string concatenation is used holding user input; all user input is handled separately, see SqlCommand.AddParameter().
This approach solves both problems.
2.
check and filter the textbox input; make sure there is nothing you don't want. If you want to allow quotes (as required in your example), then you may have to resort to special encoding, e.g. you could double the character on insertion, telling the database engine a single quote is required in the data.
|
|
|
|
|
The dirty fix is to replace ' with '' in your string.
That'll work but it's not a good idea for the reasons described by Luc.
Use parameters when inserting values into SQL like this.
|
|
|
|
|
thanks.
I think you clicked the wrong reply widget though.
|
|
|
|
|
sample (i have text like this):
username:marin;password:12345;lastlogin:12.12.2012;
i encrypt it with password(1111) using (http://www.di-mgt.com.au/properpassword.html[^]) and then i have something like:
FS238sdshdio92upishSDSDJfssf87s9dSFSSJDJ bla bla bla
and i save that "bla bla" into a file somewhere in application directory and when i start application again i decrypt and get info from file.
thats safe encryption but what for if annyone can see my application executable code and see with what password i encrypted it! or i am wrong?
thanks! 
|
|
|
|
|
Nope, you're not wrong! A .NET assembly can be reversed with .NET Reflector and can figure out what you did to encrypt it. Tha's what obfuscators are for.
And if it was THAT critical, you should probably write the crypt/decrypt code in C++, not managed code.
|
|
|
|
|
Don't put the password in the executable; basic security!
It's time for a new signature.
|
|
|
|
|
How you encrypt this depends on who you are protecting it from and how important it is.
If this is a client-server application, a better option would be storing the encryption key on the server, and randomly generating it the first time the server runs. The client never sees the decrypted information, you just use a different "LoginFromEncryptedCredentials" method that passes the raw encrypted data, which the server decrypts and tries to process. When you want to store credentials, you call "GetEncryptedCredentialsFromServer" and pass it the information you want to encrypt. The key here is that the client machine NEVER sees the encryption key. If the client machine EVER has it in memory, then it can be retrieved.
If this is just a client application with no server, and you are saving the current user's credentials, you would be much better served encrypting the file with built-in windows file system encryption. This would hide it from everyone except the current user in a secure fashion.
|
|
|
|
|
|
You can change the name of the property right?
|
|
|
|
|
The obfuscator changes the name of the property.
But I cannot tell it to change DisplayMember accordingly.
Can I re-write this code so the DisplayMember is not a string with a function name?
Atara
Atara
|
|
|
|
|
Depends on the obfuscator. Most won't change the string, so you'd have to exclude it.
|
|
|
|
|
|
Hi,
In DeepSea Obfuscator, you can obfuscate this if you exclude the property from renaming by attaching the standard Obfuscation attribute to it.
Kind regards,
Ewout Prangsma
|
|
|
|
|
It seems that I must exclude it. and there is no way to re-write the code so I donot use function-name as a string.
Thanks
Atara
|
|
|
|
|
There actually is a way if you are using .NET 3.5 or higher, using expression trees. You would create a helper method called GetPropertyName(Expression propEx), and call it like:
this.myCtrlCmbFontName.DisplayMember = GetPropertyName(() => this.mcpGetName);
(sorry, C# syntax, I'm not too familiar with VB, but I think you get the idea).
The GetPropertyName method would traverse the expression tree and find the appropriate property name being accessed by the provided expression. You will have to do some Googling from here to figure out the rest, but if you have any specific questions once you get going, feel free to ask.
|
|
|
|
|
Thanks. meanwhile I use .Net 2, for "old" computers, but I will keep this in mind when upgrading.
Atara
|
|
|
|
|
No problem. Actually, a correction, I think it will work on .NET 3.0+, but that still doesn't help you
|
|
|
|
|
Yes, you will need to exlcude it from obfuscation. BTW which obfuscator are you using? Crypto Obfuscator has a cool feature which lists all such code points which need attention.
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
