Featured post

c# - Usage of Server Side Controls in MVC Frame work -

-
i using asp.net 4.0 , mvc 2.0 web application. project requiremrnt have use server side control in application not possibl in noraml case. ideally want use adrotator control , datalist control. i saw few samples , references in codepleax mvc controllib howwver found less useful. can tell how utilize theese controls in asp.net application along mvc. note: please provide functionalities related adrotator , datalist controls not equivalent functionalities thanks in advace. mvc pages not use normal .net solution makes use of normal .net components impossible. a normal .net page use event driven solution call different methods service side mvc use actions , view completly different way handle things. also, mvc not use viewstate normal .net controlls require. found article discussing mixing of normal .net , mvc.
3 comments

.net - How to prevent untrusted string parameter in C# -

-

for security reasons, don't want specific method receive non-programmer or non-compiler time strings, how this?

readonly string ok_str = "some text"; string bad_str = "another text";  public void setsecurestr(string str) {     //use string security purpose }  //somewhere in code setsecurestr(ok_str); //accepted setsecurestr(ok_str + "programmer passed staticlly!"); //accepted (if not possible implement, forget it) setsecurestr(bad_str); //throw exception, bad_str modifiable setsecurestr(ok_str + untrustedvar); //throw exception, concatenation modifiable setsecurestr(string.format("{0}", ok_str)); //throw exception, not const

it may better whitelist against things inside ability control, such enums or local constants (or local whitelist configuration data if list isn't fixed ahead of time).

as rough check, check whether interned, since literals interned automatically via ldstr; note can explicitly intern too, isn't 100% safe.

and of course, in event question as asked, if string happens somewhere else literal (unconnected code) still trusted. suggest whitelist safer...

a whitelist simple as:

private static readonly hashset<string> whitelist = new hashset<string> {     "good", "more good" }; ... check via whitelist.contains(s)

but note still mutable @ runtime (via reflection if necessary).


Comments

Post a Comment

Popular posts from this blog

c# - Usage of Server Side Controls in MVC Frame work -

-
i using asp.net 4.0 , mvc 2.0 web application. project requiremrnt have use server side control in application not possibl in noraml case. ideally want use adrotator control , datalist control. i saw few samples , references in codepleax mvc controllib howwver found less useful. can tell how utilize theese controls in asp.net application along mvc. note: please provide functionalities related adrotator , datalist controls not equivalent functionalities thanks in advace. mvc pages not use normal .net solution makes use of normal .net components impossible. a normal .net page use event driven solution call different methods service side mvc use actions , view completly different way handle things. also, mvc not use viewstate normal .net controlls require. found article discussing mixing of normal .net , mvc.
Read more

cocoa - Nesting arrays into NSDictionary object (Objective-C) -

-
i define tasks using nsdictionary, i'd save in plist file (i didn't have luck core data far), got stuck @ 2 points: -- when using initwithobjectsandkeys: can change data type number or boolean, using nsdate's numberwithint: , numberwithbool: methods, respectively. can't seem find method change type date though. couldn't find in documentation. -- second problem ran nested arrays. how can add them dictionary? i have uploaded picture here of trying achieve. thank in advance! do mean nsnumber 's +numberwithint: , +numberwithbool: methods, not nsdate ? it's nsnumber defines methods. to convert number date, depends on number is. if it's unix timestamp, [nsdate datewithtimeintervalsince1970:thetimestampinseconds] . as adding nsarray objects dictionary: [yourdictionary setobject:yourarray forkey:@"somekey"]; you'll have post code if need more question isn't clear.
Read more

ios - Very simple iPhone App crashes on UILabel settext -

-
i have simple application. have button , label in ib. have ibaction onclick calls settext on label. there's outlet label. connected in ib. crashes app first time in simulator. when launch again, sets text. crashes again next time. crashes on actual device. should simple, i'm not sure i'm doing wrong. thanks. in .h file : #import <uikit/uikit.h> @interface untitledviewcontroller : uiviewcontroller { iboutlet uilabel *label; iboutlet uibutton *button; } @property (nonatomic, retain) uilabel *label; -(ibaction) onclick1: (id) sender; @end and in .m: - (ibaction) onclick1: (id) sender { //[label settext:@"hello world!"]; label.text = @"hello world!"; //[button settitle:@"clicked" forstate:uicontrolstatenormal]; } sorry, i'm new site. how crash log , stack? thanks. edit : while answer technically correct, doesn't answer question @ :( sorry < warning - guess > if you're
Read more