How To Make The Blog Comments Posted By Users Safe
Mar 10, 2011
I'm in the process of creating a blog engine on my website. Nothing fancy. The user will register some basic information, including the comment itself that is the issue of this question.Inside the comment field, the user can write some text, but there are currently nothing stopping him from writing anything harmful there, that would mess up the page when rendering it with comments
I am working on a project. I need to allow user to comment on pictures - like a blog. For example, if you like a picture, you post your comment on the pictures and say why you like. When the user type a comment in the text box, how do I put it under the pictures? Also, if two people were to post comments, how do I know where the first comment ends and where to start posting the second comments? Also, how do I know when the page is full and start a new page?
I have a blog page that has 20 posts each page.I'm using Listview for displaying posts. If I want to display comments for each posts, what would be the best way? My database stracture is as follow
Since I have many comments for each posts, I don't think I can join table.Only thing I can think of is that I can use DataReader and loop through the results in Listview Databound events.What would be the best way to achieve this?
I am using Label to display comments so in Csharp coding to display Comments on web page where One Default Image should be display , Name , Date , Comments .
I have an ASP.NET app that accepts users comments and them in a SQL database. I want to make sure that I weed out any "naughty" words so I can keep my app respectable. Problem is that I'm finding there are LOTS of these words. ;>My question is, what's the most efficient way to do this processing? Should I have a table in SQL and write a stored proc that does the work? Should I do it with c# and Regex in memory on the web server? Are there other options? Has anyone else successfully done this kind of text scanning at scale? If y, what worked?
I am trying to create a comments page for users to review and comment on an article. I have 2 buttons on each comments posted by users; "Like" and "Don't Like". I am stuck with how to track which user voted already for a given comment. I am thinking of two options and would like to know if they are they way to go or is there a better solution.
Option 1: I have created a table in my database with stores, the comment id, the userid of the user who rated it and the value "like" or "don't like". So each time I have to query my table to find out if this user indeed vote for a given comment. The table unfortunately grows exponentially!!
Option 2: I store the commentid, userid, and "like" or "don't like" value in a cookie on the client's machine. I read the cookie and find out if the user has already voted on a comment. This is proving to be VERY quirky with cookie expiration, growing cookie size and also multiple users on the same machine.
In either way, my test case of ~1500 users, and 2 Million comments, this is getting to be HEAVY on both methods. Is there anything better?
I want to write a page where user's can write a blog post and publish it to the blog. I've downloaded blog engine .NET and looked at the code and I like the way they do it, but it's completely an overkill of what I need. What I need is only a title, author, date, and the blog post it self. I don't even want users to post comments or anything like that. My approach is to save all those blog post information into an xml and then when a page loads it loops around those xml files to show the blog post.
I am making a database with SQL server 2008 express edition and trying to make a GUID for new users signing up. I have the UserID field as a NVARCHAR(36) with a default value of NEWID() but all it keeps providing are all 0's for all 36 characters. How do I fix it where it provides a true GUID with all random letters/number?
I'd like to have to two tables Countries and states and make it so that any MySql user can access them for the purpose of building databiund drop down lists. What permissions do I need to assign the tables or what's the best way to do this?
On a membership website that every user has an acount how to give a user place or page in the way below: assume that website is [URL] then we have a user with acount Jimmy now I want to have a link like : [URL] that gives general information about jimmy to other users. one solution is to make a sub directory on root named jimmy and have an index.aspx file in that. it is space consuming and I do not want to do it. Is there any other briliant solution for this problem that for example I can use just one page and take jimmy as query string or something like that to show jimmy's information?
I am wondering are there any standard mechanisms available to protect the asp.net asp code in the client browser ? I found some references to windows script encoders. Question is,are these script encoders encodes both aspx and code behind source ? If aspx is encoded with the windows script encoders then how client browsers can decode it? Are they aware of the encoding algorithms ?Or can we control the client browsers ( IE, Firefox, Chrome etc) to disable the view source option in the Tasks Menu when web site a loaded in them?
I've been reading about asp web administration tool. I read about creating roles and stuff and forcing a controller to use authentication in order to be viewed. My question is, say create on the administration tool a user called Peter and I assign him the Administrator role. Then I want to create another role called LimitedAdministrator. But I want Peter to create new users on his View (I'm using MVC). Can anyone point me in the direction of how to do this.
I want peter to see on his page, like "Create user" and this user will be created as a LimitedAdministrator.
Example scenario in an ASP.NET application using SQL Server membership provider :
1) a user can't remember their exact password, and tries many times in a short space of time to login with an invalid password (say 5 times in a 10 minute window). This locks out the user (i.e. sets the IsLockedOut flag of the aspnet_Membership table to 1).
2) user goes to the "forgot my password" screen to try to get a new password emailed to them. This screen uses the PasswordRecovery control. User enters their correct user id, but then cannot go further in the password recovery process, since the IsLockedOut flag is 1. (They don't even get to see their security question).
3) The user would then have to phone tech support to get themselves unlocked etc.
To reduce the burden on support staff, we are trying to reduce the times step 3 is required, by making the PasswordRecovery control (if possible), work with locked out users. i.e. when they enter their login ID, the security question comes up, and IF they enter the correct answer, the system will unlock the user, and email the new temporary password to them. I'm wondering if it is possible to tweak the PasswordRecovery control to do this.
I have a situation where in I need to allow the users to enter email address of yahoo only in a free textbox.Can any one let me know how do I achieve this?For E.g: If the user supplies the email id as "xxxx@yahoo.com or xxx_xx@yahoo.com, or xxx.xx@yahoo.co.uk or xxxx_yy@yahoo.co.us", I will permit him for further processing. If the user inputs the email id as "xxx@gmail.com or xxx@rediffmail.com orxxx@someothermail.com" I should display an Error Message.
Just to avoid misuse of website i have to make it specific for certain region. Like people could view menu across the world and only the people of mumbai can order online. I want a submit button that would be visible to only mumbai people.
There is not a clear category on the site where to post this, so giving it a shot here.
Has anyone used VS 2008? I current user Turtoise for some projects, and Source Gear Valut for others.
The company where I work is thinking about moving to VSS because of the MSDN subscription.
My experience with VSS prior to VSS 2005 was that it conied the name "Visual Source Unsafe" and I know first hand that it trashed my work more that once and I stopped using it. Source Gear Valut on the other hand is rock solid.
So is VSS 2008 Really "safe" was VSS 2005 "safe" ?
I wonder if its safe to use the CTP5 in production yet. My main use would be for 2 small projects. I Know they pre released it but any thoughts on this if it would hold up for production are welcome.