C# - Where To Store Sensitive Variables
Apr 4, 2011
This is my first time working on a secure website. It's for a pet project I have.
For security purposes, where is it best to store information like SQL connection strings, database encryption keys, etc? Is it better to use web.config, store them in a class that accesses a database (like dataBaseHelper.cs or something), or somewhere else?
I intend to obtain an SSL cert as well. When communicating with the database, should I always use the secure connection?
View 2 Replies
Similar Messages:
Mar 28, 2011
I am using ASP.NET 2.0 and C#. I would like to know if the Session variables are Case-sensitive.
Is Session["StudentId"] and Session["StudentID"] considered the same.
Which would be the proper way to access the session details, when in a page someone passes data as Session["StudentId"] and somebody else passes as Session["StudentID"]?
View 6 Replies
Mar 5, 2011
whats the exact use of static variables in overall programming in .net and for asp.net...
Recently i went for the interview where interviewer asked me 2 question which i was not sure for the same..
whats the use of session object, i said sessions are the server side object, they are used when you want to store user specific data at server side, then he asked what if i want to use static variables for the same, i was mum, can anyone tell me how asp.net will behave if i store the user specific information in static variables.If i use cookies which are the best option to store the data at client side (not sensitive one), but what if user has disabled cookies on his machine, will my application would crash.
View 3 Replies
Feb 8, 2010
What is the recommended or usual way an ASP.net web application(in C# language) can store/access values that are needed accross the various pages in a website. For example a basic company website might need the company's name and other related information available to multiple pages. Where do I declare these variables/values and how do I access them. Coming from c++ application programming I would usually store such data in a Singleton class object.
View 5 Replies
Apr 30, 2013
if i want to get multiple values from database and pass this dataset to another page can we use session to store the dataset values..i knw we can..but some one says that its not a gud approach..this will cause server process down..is it true?if it so then wat are all the other ways to do that?
View 1 Replies
Feb 12, 2011
I am not aware of the correct term used for the following procedure in LINQ but i hope there is a way.
SIMPLE SQL QUERY
select this from table where alpha would be this and that
To construct this sort of thing, I would (IS A REQUIREMENT) normally use variables like this:
[code]....
a thousand tables, i would have to write queries from all tables using there instance, to perform the exactly SAME TYPE select function!!!
what is the way around this
provide some links, source code examples, resources, books name.
View 1 Replies
Aug 7, 2010
How do I store a variable or object application wide in ASP.net MVC. In regular ASP, you had the Application object, and in ASP.net too apparently.
View 1 Replies
Aug 8, 2010
i am trying to collect 2 variables from one hyperlink, and use those variables in the page_load to set as session. but i don't know how to collect those 2 variables
such :
<a href="javascript:;" onclick="wsChangeColor('mainData', '#FF0000','#FFE4E1');return false;" title="Change color" id="red">1</a>
i would like to collect '#FF0000','#FFE4E1' or direct set '#FF0000','#FFE4E1' to string then send to pageload, how can i do this by only clicking on it ?
View 1 Replies
Jan 2, 2010
I have this code in javascript: var x = e.mapX; It gets the X-coordinate of a map. What I want to do is that I want to store this into a c# variable. I have a class named Test with an integer property X. I want to store var x into X. In the codebehind, I have this on the Page_Load: Test test = new Test(); Then I am trying this on the javascript code: var x = e.mapX;
View 16 Replies
Sep 16, 2010
Say I have a Form model which contains a list of Field objects loaded from a database. Each field object has a type that defines whether it is a listbox, combobox, input or textarea.
What would be the best way for displaying the Field objects correctly? I was thinking in my View using a switch statement and calling a specific partial depending on the case.
[Code]....
Is this a valid approach? What other methods would people recommend to do this?
View 5 Replies
Feb 9, 2011
Trying to figure out the best way to organize a ASP.NET MVC site. Take a very simple 1..N relationship: Company can have many Contacts, Contacts must have exactly one Company.I have your typical routes:
Company/Index (list all companies)
Company/Details/{int} (details of Company {int})
Company/Create (create new company)
Contact/Index (list all contacts)
Contact/Create (create new contact, company is selected from drop down)
Now if I wanted to create a page that created a Contact in the context of a Company (from the Company detail page) so that the required company is filled in/not editable), what would be the best route of going about that, while not duplicating code where possible.Not sure if I can leverage the Contact/Create logic/view from the Company controller (and be able to route back to the Company Details page when complete), or mess with the routes to do something like Company/Details/{int}/Contact/Create (not even sure if that makes sense or would work)?There has got to be a better way then me adding my logic and view for adding a Contact into my Controller view and having it duplicated.
View 1 Replies
Apr 3, 2010
I'm teaching myself ASP.net. I'm creating an application that needs to store sensitive data. So, I found the following Blog to encrypt and decrypt data.
[URL]
I'm sure it's my app, but I wanted to make sure I'm not missing anything obvious. For some reason, my app and Encryptor only works when I pass < then 7 characters. If a pass 8, it doesn't commit to the database. If I remove Encryptor, the app will store
View 1 Replies
Jul 14, 2010
Im saving sensitive data from my asp.net web app back to a database on another server. I have set up encryption on the database. Do I need to set up more encryption in the code behind of the web app and encrypt the data there then pass the data to the database or should I pass it as it is and then encrypt it in my stored procedure.
View 1 Replies
Nov 2, 2010
I have a need to show sensative information but I would only like it available on screen for 2 minutes, and then after it dissapears.
Since this is part of my web application, I would like the user to stay logged into the web site before and after viewing the information, but in order to view it, I would like them to re-enter their username/password.
Are there any directions I can be pointed into accomplish this task?
View 1 Replies
Jan 29, 2011
I did some google searching on this, but I could not find anything useful.
Basically what I am trying to do is pass some sensetive information to an ActionResult through the click of a HTML ActionLink.
The information I need passing through is, the ProductID and the User IP Address.
So just to clarify:
1) User clicks { I like Product } link (HTML ActionLink)
2) That sends the Product ID and the IP Address of the user to the ActionResult in the Controller.
View 11 Replies
Jan 21, 2010
we are making a project to run in ASP.Net on Mono/*nix Our problem is that we develop on Windows, and we just build and test it every so often on Mono. So we have been having a lot of trouble recently with case sensitive filenames. Everything seems to work good in Windows and then we move to Mono and it's silently broken.(as in, it builds but won't run or parts of it don't work)
How would you recommend that I detect this while we are developing on Windows? Basically, how do we make the case-sensitive filenames look wrong in our code where the code works on Windows but not *nix?
View 2 Replies
Nov 18, 2010
To start with then we have a LinkButton whose text is actually an image tag. The image it links to is a Png and resides in a folder in the web directory. This is IIS V6 and win Server 2003.
The path is [URL]
Admin is a virtual directory configured in IIS.
The above url doesn't work but if you change it to [URL] (lowers case 'a') then the image is served, change it back to 'A' and it takes you to login, you log in and it loops back to log in. change to 'a' and voila the image is served. Weirdly this problem doesn't always occur and I have hunted for a resolution for days to no avail.
As requested this is the complete link button
<asp:LinkButton ID="lnkCommitAll" runat="server" CausesValidation="false"><asp:Image ID="imgCommitAll" runat="server" ImageUrl="~/Images/Grid/confirm_16.png" AlternateText="Commit All Changes" /> Commit All</asp:LinkButton>
View 1 Replies
Dec 17, 2010
I am creating a website that allows users to login to their gameserver remotely and send / receive commands. The connection happens via an UDP socket and requires simply the IP of the gameserver, and a password.
On my website, users can add servers to their accounts, where the server IP and password are stored in a database. Then they can connect to any of their servers, which creates a new Socket object and connects to it using the IP and password of that server.
This Socket object, embedded in an object that also stores the server IP and password, is stored in a Session variable when the user connects, and is retrieved on every page. For example, there's a page where the user can view a list of the players on the server (and kick/ban them), a page with server settings, a page with messages, etc. All these pages require the Socket connection to get their information (they send a certain command and parse the response). When I need to send a command via the socket, I need to send the password of the server each time (otherwise it does not work). My question now is: how secure is this? The password of a server is sensitive information*, but I am storing it in a session variable and sending it (using the Send command of the Socket object) to the server.
i think the Session variable is stored on memory on the server, so I don't think so, but I'm really unsure about these kind of things and I'd like to be certain that my website is secure. Well, I think it will never be 100% secure but I want it to be at least not worth the effort for someone to hack the password. If it takes a lot of trouble then people wouldn't bother, but I don't want to find out that people's passwords are being thrown out on the street (so to speak) and that my website is completely insecure...
View 6 Replies
Jan 18, 2010
How do i perform signing sensitive data in WebApp?
My algoritm:
[Code]....
The code above works in WinApp but doesn't in WebApp .
Can you fix the code above so it can run under WebApp -or- other method to protect sensitive data from modifying?
View 2 Replies
Jul 14, 2010
Im passing sensitive details from my asp.net web app to a database on a different server. I've set up encryption on my database. Should I encrypt the data in the code behind file of the web app and then pass it to my database stored procedure or pass it to the stored procedure as it is and encrypt it there?
View 4 Replies
Mar 4, 2010
When doing a query e.g. "select ID from myTable order By SomeStringField" from SQL Developer my data the data are sorted correctly according to database settings:
Abc
abc
Bcd
bcd
But when using the System.Data.OracleClient namespace and a DbProviderFactory to create a DbCommand and use that to create a DbDataReader, the data is sorted case sensitive:
Abc
Bcd
abc
bcd
Is there some setting on the command which needs to be set? Can you even change the case sensitivity in the .net framwork, overriding the database settings?
View 3 Replies
Jan 25, 2010
Let's say a control X has a template called RowTemplate.
So X's markup would be like:
<foo:X>
<RowTemplate>
<foo:Y>...</foo:Y>
</RowTemplate>
</foo:X>
My question is: How can the Y control be sensitive to the data context? I know I can use template inline tags to get access to the data context: <%# Eval("Id") %>, but I cannot pass this information to Y because template inline tags are not allowed in server controls.
So I don't know how I could use the Object's Id (Eval("Id")) in Y.
View 1 Replies
Sep 18, 2013
I want to know case sensitive password for my login form(C#).
View 1 Replies
Mar 11, 2011
My SQL stored procedure returns 3 different datasets as follows:
team_id name
1 Team1
2 Team2
...and more
location_id name
1 Dallas
2 New York
...and more
branch_id name
1 Austin
2 New Jersey
...and more
How do I put this data into one Dataset so that I can loop through the data and manipulate it?
View 1 Replies
Mar 19, 2010
hey folks I got a general question that maybe some of you can just weigh in. I developed an online store for a client and people place orders online for a food ordering place however I am trying to find the best way to have the orders show up for them at the store. Currently I am sending an email and an autoprint software prints it out which works most of the time but not good enough sometimes it doesn't print. Anyone had similar issues or have other alternative solutions you may have heard off? Like I said the site sends an email to the customer and the store's email account.
View 7 Replies