I want to know how my data could be compromised using a statemnt like SELECT [ID], [item], [price] FROM [Items] where item LIKE '%' + mitem + '%'" what line of could be considered an attack to the data.
View 16 Repliesi almost finished my website
but i am afraid of sql injection to my website
how i can protect my self against this injection ...?
Incorrect syntax near 'are'. Unclosed quotation mark after the character string ')'.
how to protect my SQL database by using Csharp.net against a SQL injection.
Can asp.net Dropdownlist and validating they safely protect against SQL injection attack ??
View 7 RepliesHow can i restrict sql injection in my code. How can i test that one whether SQL injections are applicable or not
View 4 RepliesI want to display the world's top 100 IT giants list up-to-date on my webapge. from where can i get the informaiton? Is it possible to get the RSS feed for this?
View 4 RepliesI've a blog-driven ASP.NET website. Under the post, there is a Comment block to let readers post comments.I've used some TextBoxes and TextArea for that.To Prevent XSS:I've filtered the input by using: Server.HtmlEncode() Method (I don't care about text formatting).To Prevent SQL-Injection:I'm using Linq To SQL (that should be like parametrized queries I think!).
ArticlesDataClasses dc = new ArticlesDataClasses();
ArticleComment newComm = new ArticleComment()
{
ArticleID = int.Parse(Request.QueryString["ArticleID"]),
CommentAuthor = Server.HtmlEncode(txtName.Text),
CommentText = Server.HtmlEncode(txtComment.InnerHtml).Replace("
", "<br />"),
CommentAuthorEmail = Server.HtmlEncode(txtMail.Text),
CommentTime = DateTime.Now,
Enabled = false
};
I have a page using an injected BLL service: a simple service returning a set of objects with a function like this:
public IMyService { List<Foo> All(); }
There is a default implementation for normal users.Now, i need that users in administrative role can view more objects, with another implementation of the service.Where can i configure my page to use the second implementation?
My first solution is to put the dependency to the IUnityContainer in the page, and use it to resolve the dependency:
[Dependency]
public IUnityContainer Container { get; set;}
Page_Init(..) [code].....
it's a ServiceLocator and it's neither scalable neither testable.
During the design of a new generic authentication framework for some of our products, I have come across an architectural issue I cannot seem to find a good solution for.I have tried to simplify the problem in order to easily explain it.
The library has two classes:
Manager Is responsible for storing currently authenticated users.Module It is the responsibility for the module to validate each request according to security policies. The Module must ask the manager to determine whether a user is currently authenticated.
Now the manager is supplied an implementation of an interface which allows the manager to load users from a repository. The specific implementation is not contained in this library. Because of this, I cannot directly instantiate an instance of the repository within the library.
I have no way of modifying properties or supplying arguments for the module constructor. So my question is this, how can I give the module a reference to an instance of the Manager?
namespace Demo
{
public interface IRepository
{[code].....
prevent my data from SQL injection. I have replaced ' with '' (single quote with 2 quote) while doing any operation on sql server. tell me what all i need to do , to prevent my application from SQL injection. my application is in asp.net 2.0 i will use parameterized queries but what about my old projects.. i mean what about where i have written a string query and sending it to sql server as a commandtext. can any one insert sql injection even i have replaced ' with ''?
View 3 RepliesHow to protect from sql injection where if a ' is put in the end of the URL there is an error ?
View 12 Repliesas i've read Ninject is the best one so how to use it and why i cannot see good examples.
Lately i have begun learning MVC and as i've seen every one use DI in the MVC, i have a couple doesn question but i will ask a few lol...
1. Why use and what is going to do for me?
2. How to use it in WebForms Appliction ?
3. IoC is the same if not what is it and what's it doing?
4. I want to use a Ninject FrameWork 2.0 but i cannot find good examples for WebForm App.
I have a custom constraint that queries a value against a repository. Is it possible to replicate the dependency injection available to controller constructors?
View 1 RepliesThis project is pretty far away and I'm not in the position to go make changes all over the place (If I could, deleting the lot would be what I'd do!)
I want to create a modelbinder that would resolve any dependencies my View Models might have (using StructureMap).
It should not require me to implement a specific interface (so many developers, so many interfaces..I rather keep things clean) and hopefully not require one to go register each model binder individually (Now I'm asking too much,taking the first requirment
in consideration).
Probably will get it right tonight, but figured I'd ask.
Recently I was asked to express the DI in colloquial explanation.
I answered :
1)I am going to a hotel.I ordered food.The hotel management asks me to clean the plates and
clean the tables.So here i am a client,I am responsible for managing the service (Instantiating,executing,disposing).But DI decouples such tasks so the service consumer no need not worry about controlling the life cycle of the service.
2)He also asked is there any microsoft API follows DI ?.I answered (This was my guess) In WCF you can create a Proxy using ChannelFactory that controls the life time of your factory.
for item (1) he said only 10% is correct
for item(2) he said that is factory pattern not dependency injection.
Actually what went wrong in my explanation (apart from my bad English) ? What is the real answers for those?
I have been looking at learning dependency injections (i think i have now grasped the basics) and am looking to implement it into a webform application. My question is, what dependency injection framework should i use for a webforms project, or is it a question of what works best for you?
I Have currently looked at Spring.Net, Ninject, Unity and StructureMap, i tend to have no preference in the configuration, whether its XML or fluent interfaces. However is XML configuration becoming less favourable?
Most of the information i come across relates to dependency injection whilst in a MVC environment. And have also read that some frameworks such as Structure Map only work with webforms using version 2.0 or earlier. So the kind of things i need to consider are whether webforms will be continuous support, and the ease of configuration for someone relatively new to the pattern.
I been reading a bit about SQL injection and I want to be sure my code is lets say "safe" from it, I was planning on using RegExp validators to check the user input but another post in here suggested only using parametrized querys, well Im using them but I want to be sure my code is safe, is it?
[code]....
Is this LINQ statment vulnerable to SQL injection?
var result = from b in context.tests
where b.id == inputTextBox.Text
select b;
where context is an Entity and tests is a table. I'm trying to learn LINQ and I thought that the benefit of it was that it wasn't vulnerable to sql injection, but some stuff I've see has said differently. Would I need to parametrize this LINQ statement to make it safer? If so, How? Also would this be considered linq to sql or linq to entities?
I would now like to check if my code is still open to SQL Injections after this work. I believe the code is now working as it should, but any blinding errors that you see i'd love to hear about too. My code is now looking like:
-code removed-
I am sure that I am somewhat lost in this area... my understanding is that Dependency Injection means initializing something that is required by a class..so for instance. If my controller is going to need a service and I want to be able to test it then I should define two Constructor methods for it... so, my question is.
public class CompaniesController : Controller
{
private ICompaniesService _service;
public CompaniesController()
{.......
My general understanding of the MVC pattern is that the model is reponsible for persisting itself. Though I also see other opionions that models should be dumb data objects and that controllers should persist them via a data access layer.
Per http://en.wikipedia.org/wiki/Model_view_controller: "Many applications use a persistent storage mechanism such as a database to store data. MVC does not specifically mention the data access layer because it is understood to be underneath or encapsulated by the model." Though it does also mention "Models are not data access objects."
Per http://www.asp.net/mvc/tutorials/asp-net-mvc-overview--cs, "Models. Model objects are the parts of the application that implement the logic for the applications data domain. Often, model objects retrieve and store model state in a database. For example, a Product object might retrieve information from a database, operate on it, and then write updated information back to a Products table in SQL Server."
First, am I misguided in believing that models should persist themselves? Or, is this just a matter of opinion?
Second, if I follow the pattern where controllers manage the persistence of the model, I find it fairly easy to use dependency injection to inject a data access component into my controller using a custom controller factory (implementing the IControllerFactory
interface). If I follow the pattern where my model saves itself, I'd want to inject my data access component into the model. Is there a way to provide a custom factory for models? Otherwise, I don't think using DI with models is possible.
I am working on a (vb.net/asp.net) project that is using interfaces to provide dependency injection. But to me, it feels like the maintainability of the code has been killed. When I want to read through the code, I can't simply jump to the code of a related class that is used. All I see are the interfaces, and so I have to hunt through the project to figure out what classes are doing the implementation. This really hurts my productivity.
Yes, I know I now can implement the interfaces with a wide variety of replacement classes. But for example, I know I'm not changing my data source any time soon--there is no need for me to enable the ability to swap that out. All of this dependency injection seems like overkill to me (in fact, the only real reason it is there is to support mock classes for unit testing). I've actually read several places that state DI is actually better for maintainability. But that assumes you already know where everything is and you know which class you need to update. Finding out where to look is the part that is killing me. So, my question is: Is there a better way to traverse through the code? Is there a better way to make the code more maintainable? Are we just doing it wrong? Or is this par for the course?
I have develop one website in asp and access. But now a day it is facing a problem of sql injection. So how can I protect the .asp pages from sql injection. I have gone through some of the post and get that some function have to written to overcome the sql injection.Function as below...
[Code]....
I'm building a page in asp.net that will use tiny mce to provide a rich text editor on the page. Tiny mce outputs the rich text as html which I would like to save to a database. Then at a later date, I want to pull the HTML from the database and display it in a page.
I'm concerned about allowing malicious html, js tags into my database that would later be output.
I should html encode/decode etc. to prevent a persistent xss attack and or sql injection attack?
private IGetData _getData;
View 2 Replies