C# - Where To Store Sensitive Variables

Apr 4, 2011

This is my first time working on a secure website. It's for a pet project I have.

For security purposes, where is it best to store information like SQL connection strings, database encryption keys, etc? Is it better to use web.config, store them in a class that accesses a database (like dataBaseHelper.cs or something), or somewhere else?

I intend to obtain an SSL cert as well. When communicating with the database, should I always use the secure connection?

View 2 Replies

Similar Messages:

Are Session Variables Case-sensitive

Mar 28, 2011

I am using ASP.NET 2.0 and C#. I would like to know if the Session variables are Case-sensitive.

Is Session["StudentId"] and Session["StudentID"] considered the same.

Which would be the proper way to access the session details, when in a page someone passes data as Session["StudentId"] and somebody else passes as Session["StudentID"]?

View 6 Replies

Working With Static Variables / Store The User Specific Information In Static Variables?

Mar 5, 2011

whats the exact use of static variables in overall programming in .net and for asp.net...

Recently i went for the interview where interviewer asked me 2 question which i was not sure for the same..

whats the use of session object, i said sessions are the server side object, they are used when you want to store user specific data at server side, then he asked what if i want to use static variables for the same, i was mum, can anyone tell me how asp.net will behave if i store the user specific information in static variables.If i use cookies which are the best option to store the data at client side (not sensitive one), but what if user has disabled cookies on his machine, will my application would crash.

View 3 Replies

Store / Access - Application Wide Variables Or Globals In Asp.net

Feb 8, 2010

What is the recommended or usual way an ASP.net web application(in C# language) can store/access values that are needed accross the various pages in a website. For example a basic company website might need the company's name and other related information available to multiple pages. Where do I declare these variables/values and how do I access them. Coming from c++ application programming I would usually store such data in a Singleton class object.

View 5 Replies

Web Forms :: Store Large Data Using DataTables In Session Variables?

Apr 30, 2013

if i want to get multiple values from database and pass this dataset to another page can we use session to store the dataset values..i knw we can..but some one says that its not a gud approach..this will cause server process down..is it true?if it so then wat are all the other ways to do that?

View 1 Replies

C# - How To Store/construct Complete Queries, As Using Simple SQL And Variables And "+"

Feb 12, 2011

I am not aware of the correct term used for the following procedure in LINQ but i hope there is a way.


select this from table where alpha would be this and that

To construct this sort of thing, I would (IS A REQUIREMENT) normally use variables like this:


a thousand tables, i would have to write queries from all tables using there instance, to perform the exactly SAME TYPE select function!!!

what is the way around this

provide some links, source code examples, resources, books name.

View 1 Replies

Access "Application" Object In MVC To Store Application Wide Variables?

Aug 7, 2010

How do I store a variable or object application wide in ASP.net MVC. In regular ASP, you had the Application object, and in ASP.net too apparently.

View 1 Replies

Collect 2 Variables From One Hyperlink, And Use Those Variables In The Page_load To Set As Session?

Aug 8, 2010

i am trying to collect 2 variables from one hyperlink, and use those variables in the page_load to set as session. but i don't know how to collect those 2 variables

such :

<a href="javascript:;" onclick="wsChangeColor('mainData', '#FF0000','#FFE4E1');return false;" title="Change color" id="red">1</a>

i would like to collect '#FF0000','#FFE4E1' or direct set '#FF0000','#FFE4E1' to string then send to pageload, how can i do this by only clicking on it ?

View 1 Replies

Web Forms :: Storing Javascript Variables Into C# Variables

Jan 2, 2010

I have this code in javascript: var x = e.mapX; It gets the X-coordinate of a map. What I want to do is that I want to store this into a c# variable. I have a class named Test with an integer property X. I want to store var x into X. In the codebehind, I have this on the Page_Load: Test test = new Test(); Then I am trying this on the javascript code: var x = e.mapX;

View 16 Replies

MVC :: Type-Sensitive Display Of A Model?

Sep 16, 2010

Say I have a Form model which contains a list of Field objects loaded from a database. Each field object has a type that defines whether it is a listbox, combobox, input or textarea.

What would be the best way for displaying the Field objects correctly? I was thinking in my View using a switch statement and calling a specific partial depending on the case.


Is this a valid approach? What other methods would people recommend to do this?

View 5 Replies

How To Reuse Logic In A Context Sensitive Way In MVC

Feb 9, 2011

Trying to figure out the best way to organize a ASP.NET MVC site. Take a very simple 1..N relationship: Company can have many Contacts, Contacts must have exactly one Company.I have your typical routes:

Company/Index (list all companies)
Company/Details/{int} (details of Company {int})
Company/Create (create new company)
Contact/Index (list all contacts)
Contact/Create (create new contact, company is selected from drop down)

Now if I wanted to create a page that created a Contact in the context of a Company (from the Company detail page) so that the required company is filled in/not editable), what would be the best route of going about that, while not duplicating code where possible.Not sure if I can leverage the Contact/Create logic/view from the Company controller (and be able to route back to the Company Details page when complete), or mess with the routes to do something like Company/Details/{int}/Contact/Create (not even sure if that makes sense or would work)?There has got to be a better way then me adding my logic and view for adding a Contact into my Controller view and having it duplicated.

View 1 Replies

Security :: Encrypt And Decrypt Sensitive Data?

Apr 3, 2010

I'm teaching myself ASP.net. I'm creating an application that needs to store sensitive data. So, I found the following Blog to encrypt and decrypt data.


I'm sure it's my app, but I wanted to make sure I'm not missing anything obvious. For some reason, my app and Encryptor only works when I pass < then 7 characters. If a pass 8, it doesn't commit to the database. If I remove Encryptor, the app will store

View 1 Replies

Security :: Passing Sensitive Data To Database?

Jul 14, 2010

Im saving sensitive data from my asp.net web app back to a database on another server. I have set up encryption on the database. Do I need to set up more encryption in the code behind of the web app and encrypt the data there then pass the data to the database or should I pass it as it is and then encrypt it in my stored procedure.

View 1 Replies

AJAX :: Display Sensitive Information For Only A Few Minutes?

Nov 2, 2010

I have a need to show sensative information but I would only like it available on screen for 2 minutes, and then after it dissapears.

Since this is part of my web application, I would like the user to stay logged into the web site before and after viewing the information, but in order to view it, I would like them to re-enter their username/password.

Are there any directions I can be pointed into accomplish this task?

View 1 Replies

MVC :: Passing Sensitive Information Through HTML ActionLink?

Jan 29, 2011

I did some google searching on this, but I could not find anything useful.

Basically what I am trying to do is pass some sensetive information to an ActionResult through the click of a HTML ActionLink.

The information I need passing through is, the ProductID and the User IP Address.

So just to clarify:

1) User clicks { I like Product } link (HTML ActionLink)

2) That sends the Product ID and the IP Address of the user to the ActionResult in the Controller.

View 11 Replies

C# - Detecting Case-sensitive Filename Errors?

Jan 21, 2010

we are making a project to run in ASP.Net on Mono/*nix Our problem is that we develop on Windows, and we just build and test it every so often on Mono. So we have been having a lot of trouble recently with case sensitive filenames. Everything seems to work good in Windows and then we move to Mono and it's silently broken.(as in, it builds but won't run or parts of it don't work)

How would you recommend that I detect this while we are developing on Windows? Basically, how do we make the case-sensitive filenames look wrong in our code where the code works on Windows but not *nix?

View 2 Replies

How Can A Virtual Directory Path Appear Case Sensitive

Nov 18, 2010

To start with then we have a LinkButton whose text is actually an image tag. The image it links to is a Png and resides in a folder in the web directory. This is IIS V6 and win Server 2003.

The path is [URL]

Admin is a virtual directory configured in IIS.

The above url doesn't work but if you change it to [URL] (lowers case 'a') then the image is served, change it back to 'A' and it takes you to login, you log in and it loops back to log in. change to 'a' and voila the image is served. Weirdly this problem doesn't always occur and I have hunted for a resolution for days to no avail.

As requested this is the complete link button

<asp:LinkButton ID="lnkCommitAll" runat="server" CausesValidation="false"><asp:Image ID="imgCommitAll" runat="server" ImageUrl="~/Images/Grid/confirm_16.png" AlternateText="Commit All Changes" /> Commit All</asp:LinkButton>

View 1 Replies

VS 2010 - Storing Sensitive Information In A Session Variable?

Dec 17, 2010

I am creating a website that allows users to login to their gameserver remotely and send / receive commands. The connection happens via an UDP socket and requires simply the IP of the gameserver, and a password.

On my website, users can add servers to their accounts, where the server IP and password are stored in a database. Then they can connect to any of their servers, which creates a new Socket object and connects to it using the IP and password of that server.

This Socket object, embedded in an object that also stores the server IP and password, is stored in a Session variable when the user connects, and is retrieved on every page. For example, there's a page where the user can view a list of the players on the server (and kick/ban them), a page with server settings, a page with messages, etc. All these pages require the Socket connection to get their information (they send a certain command and parse the response). When I need to send a command via the socket, I need to send the password of the server each time (otherwise it does not work). My question now is: how secure is this? The password of a server is sensitive information*, but I am storing it in a session variable and sending it (using the Send command of the Socket object) to the server.

i think the Session variable is stored on memory on the server, so I don't think so, but I'm really unsure about these kind of things and I'd like to be certain that my website is secure. Well, I think it will never be 100% secure but I want it to be at least not worth the effort for someone to hack the password. If it takes a lot of trouble then people wouldn't bother, but I don't want to find out that people's passwords are being thrown out on the street (so to speak) and that my website is completely insecure...

View 6 Replies

Security :: How To Perform Signing Sensitive Data In WebApp

Jan 18, 2010

How do i perform signing sensitive data in WebApp?

My algoritm:


The code above works in WinApp but doesn't in WebApp .

Can you fix the code above so it can run under WebApp -or- other method to protect sensitive data from modifying?

View 2 Replies

Security :: Saving Sensitive Data To Sql Server Database?

Jul 14, 2010

Im passing sensitive details from my asp.net web app to a database on a different server. I've set up encryption on my database. Should I encrypt the data in the code behind file of the web app and then pass it to my database stored procedure or pass it to the stored procedure as it is and encrypt it there?

View 4 Replies

Databases :: Case Sensitive Sorting When Running A Query?

Mar 4, 2010

When doing a query e.g. "select ID from myTable order By SomeStringField" from SQL Developer my data the data are sorted correctly according to database settings:


But when using the System.Data.OracleClient namespace and a DbProviderFactory to create a DbCommand and use that to create a DbDataReader, the data is sorted case sensitive:


Is there some setting on the command which needs to be set? Can you even change the case sensitivity in the .net framwork, overriding the database settings?

View 3 Replies

C# - Server Control Within A Template Be Sensitive To The Data Context?

Jan 25, 2010

Let's say a control X has a template called RowTemplate.

So X's markup would be like:


My question is: How can the Y control be sensitive to the data context? I know I can use template inline tags to get access to the data context: <%# Eval("Id") %>, but I cannot pass this information to Y because template inline tags are not allowed in server controls.

So I don't know how I could use the Object's Id (Eval("Id")) in Y.

View 1 Replies

Web Forms :: Implement Case Sensitive Password Check In Login Form Website?

Sep 18, 2013

I want to know case sensitive password for my login form(C#).

View 1 Replies

How To Store Store Procedure Results In A Dataset When There Are 3 Sql Datasets Returned

Mar 11, 2011

My SQL stored procedure returns 3 different datasets as follows:

team_id name
1 Team1
2 Team2
...and more

location_id name
1 Dallas
2 New York
...and more

branch_id name
1 Austin
2 New Jersey
...and more

How do I put this data into one Dataset so that I can loop through the data and manipulate it?

View 1 Replies

Architecture :: Best Way To Implement Online Ordering For A Store Store Already Built?

Mar 19, 2010

hey folks I got a general question that maybe some of you can just weigh in. I developed an online store for a client and people place orders online for a food ordering place however I am trying to find the best way to have the orders show up for them at the store. Currently I am sending an email and an autoprint software prints it out which works most of the time but not good enough sometimes it doesn't print. Anyone had similar issues or have other alternative solutions you may have heard off? Like I said the site sends an email to the customer and the store's email account.

View 7 Replies

Copyrights 2005-15 www.BigResource.com, All rights reserved