Featured post

c# - Usage of Server Side Controls in MVC Frame work -

-
i using asp.net 4.0 , mvc 2.0 web application. project requiremrnt have use server side control in application not possibl in noraml case. ideally want use adrotator control , datalist control. i saw few samples , references in codepleax mvc controllib howwver found less useful. can tell how utilize theese controls in asp.net application along mvc. note: please provide functionalities related adrotator , datalist controls not equivalent functionalities thanks in advace. mvc pages not use normal .net solution makes use of normal .net components impossible. a normal .net page use event driven solution call different methods service side mvc use actions , view completly different way handle things. also, mvc not use viewstate normal .net controlls require. found article discussing mixing of normal .net , mvc.
3 comments

c# - Asp MVC 2: Obfusicate Entity-IDs -

-

project type: asp mvc 2/nhibernate/c#

problem

if have edit page in web application come problem have send , receive id of entity you're editing, ids of sub-entities, entities can selected dropdownmenus,...

as possible modify form-post, evil user try send another id maybe grant him more rights (if i.e. id related security entity).

my approach

  1. create guid , associate id
  2. save association in http session
  3. wait response , extract real id out of received guid.

question:

what techniques use obfusicate entity-id?

if you're doing guids, why not use guids identity of entity that's stored in database (though i'd advise against it)?

or have server side encryption scheme encrypts , subsequently decrypts id (this long same lines you're doing except you're not storing random in session (yuck :) ).

you forget trying @ since lot of sites "affected" issue, , it's not problem (stackoverflow example). overhead much.

also, if you're worried security, why don't have sort of granular permissions set on individual action/even entity level. solve problems well.

edit:

another problem solution inconsistent unique identifiers. if user says "id as23423he423fsda has 'invalid' data", how know id belongs if it's changing on every request (assuming you're going change id in url well)? you'd much better of encryption algorithm hashes same value therefore, can perform lookup (if need it) , user has consistent identifiers.


Comments

Post a Comment

Popular posts from this blog

c# - Usage of Server Side Controls in MVC Frame work -

-
i using asp.net 4.0 , mvc 2.0 web application. project requiremrnt have use server side control in application not possibl in noraml case. ideally want use adrotator control , datalist control. i saw few samples , references in codepleax mvc controllib howwver found less useful. can tell how utilize theese controls in asp.net application along mvc. note: please provide functionalities related adrotator , datalist controls not equivalent functionalities thanks in advace. mvc pages not use normal .net solution makes use of normal .net components impossible. a normal .net page use event driven solution call different methods service side mvc use actions , view completly different way handle things. also, mvc not use viewstate normal .net controlls require. found article discussing mixing of normal .net , mvc.
Read more

cocoa - Nesting arrays into NSDictionary object (Objective-C) -

-
i define tasks using nsdictionary, i'd save in plist file (i didn't have luck core data far), got stuck @ 2 points: -- when using initwithobjectsandkeys: can change data type number or boolean, using nsdate's numberwithint: , numberwithbool: methods, respectively. can't seem find method change type date though. couldn't find in documentation. -- second problem ran nested arrays. how can add them dictionary? i have uploaded picture here of trying achieve. thank in advance! do mean nsnumber 's +numberwithint: , +numberwithbool: methods, not nsdate ? it's nsnumber defines methods. to convert number date, depends on number is. if it's unix timestamp, [nsdate datewithtimeintervalsince1970:thetimestampinseconds] . as adding nsarray objects dictionary: [yourdictionary setobject:yourarray forkey:@"somekey"]; you'll have post code if need more question isn't clear.
Read more

ios - Very simple iPhone App crashes on UILabel settext -

-
i have simple application. have button , label in ib. have ibaction onclick calls settext on label. there's outlet label. connected in ib. crashes app first time in simulator. when launch again, sets text. crashes again next time. crashes on actual device. should simple, i'm not sure i'm doing wrong. thanks. in .h file : #import <uikit/uikit.h> @interface untitledviewcontroller : uiviewcontroller { iboutlet uilabel *label; iboutlet uibutton *button; } @property (nonatomic, retain) uilabel *label; -(ibaction) onclick1: (id) sender; @end and in .m: - (ibaction) onclick1: (id) sender { //[label settext:@"hello world!"]; label.text = @"hello world!"; //[button settitle:@"clicked" forstate:uicontrolstatenormal]; } sorry, i'm new site. how crash log , stack? thanks. edit : while answer technically correct, doesn't answer question @ :( sorry < warning - guess > if you're
Read more