 |
|
|
It don't explain the source code
|
|
|
|
|
|
|
its useful for me to known the coding and its useful to all who r seaching to create a webpage
|
|
|
|
|
|
|
i want to see any code and hardware specifications needed
|
|
|
|
|
|
|
it is not at all helpful for a beginer in .net
|
|
|
|
|
|
|
|
|
|
Thanks for the info on using DSn in .net
|
|
|
|
|
|
|
I am a new to ASP.NET, migrating from classic ASP.
I was also search code with SQL Server connectivity with DSN but did not found anywhere. Also i was search for a basic login page mechanism with which i could start with.
Good Contribution ! 
Tahir
|
|
|
|
|
|
|
|
|
|
Dear Michael W
I have rectify the bug. Now the new version is uploaded.
Please Check. Thanx for your suggestion
Vipin Sharma
|
|
|
|
|
|
|
A better way to handle the passing of the username and password would be through parameters. This will help guard against a range of possible attacks including data manipulation. It would also be better to place the code in a code behind file.
strsql="SELECT * FROM tblAdmin where username=@userName AND pwd=@pass"
objcmd.Parameters.Add("@userName", userName)
objcmd.Parameters.Add("@pass", pass)
You should also not use the appersand(&) in dotNet to connect strings. Instead use either a StringBuilder object or by using the String.Concat function.
|
|
|
|
|
|
|
Your code still does not protect against event the most basic SQL injection attack.
For example (from your download):strsql="select * from tblAdmin where username='" & userName & "' and pwd='" & pass & "' "
For instance, what happens if a user types MyUserName';-- into the user name text box?
What happens is that the full SQL statement reads:select * from tblAdmin where username='MyUserName';
Which means that if an attacker knows any user name they can gain access without a password. It could get worse if you've not set up other areas of security properly on the database. A SQL Injection attack can compropmise an entire database server, and depending on the information that server holds, it could compromise millions of individuals. Security must be taken seriously at all levels because a small hole in one place can soon open up the entire system to unwanted intrusion.
SQL Injection Attacks and three easy tips on how to defend against them[^]
Do you want to know more?
Not getting the response you want from a question asked in an online forum: How to Ask Questions the Smart Way!
|
|
|
|
|
|
|
Sharma, you are getting low votes because you haven't written a full article. Code Project is about explaining the code you create, not just storing it online with a brief description. We appreciate the effort you made to do this but you need to write an article too. thanks.
regards,
Paul Watson
Bluegrass
South Africa
Jörgen Sigvardsson wrote:
"Gassho rei, Watson-san!"
Crikey! ain't life grand?
|
|
|
|
|
|
|
Mr. Paul
Thanx for your advice.I just want to share this code with other programmers.If you are giving me low votes that doesn't matter.The thing is if this code is helpfull for other users and if they feel good for it.That will be my vote 'their feeling'.
Well thanx again for giving me low vote.
Vipin Sharma
India
http://www25.brinkster.com/vipinsharma
|
|
|
|
|
|
|
The code looks great, but with an article that explains how it works would make it even better!
"Every rule in a world of bits and bytes can be bend or eventually be broken"
|
|
|
|
|
|
|
vipinsharma wrote:
If you are giving me low votes that doesn't matter.
Actually, it does matter. If you get too many low votes your article will end up in Purgatory and when searching people won't find it unless they explicitly request the search to look in the Purgatory section.
vipinsharma wrote:
The thing is if this code is helpfull for other users and if they feel good for it
Okay, but a good article will go a long way to help. Most people won't look at the code because they won't know how it works or what they need to be looking at in the code. I certainly don't download the code unless I see a good article to go with it.
This is a pity as I am currently looking at various method of logging into an ASP.NET application.
For the record - I have not voted. You can edit the article and give more explanation about it. So, I reserve judgement until then.
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
Not getting the response you want from a question asked in an online forum: How to Ask Questions the Smart Way!
|
|
|
|
|
|
|
Dear Colin
I have added compelete article on my code. Like what it does? How one can integarte it with his/her existing code with database structure.
Please Chekc.
Vipin Sharma
Visit me at
http://www25.brinkster.com/vipinsharma
|
|
|
|
|
|
|
At the top of the article are buttons. You will see that one of them says [Modify Article]. Use that and paste your new HTML into there. Preview it, make sure it looks good and the formatting works, then submit it.
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
Not getting the response you want from a question asked in an online forum: How to Ask Questions the Smart Way!
|
|
|
|
|
|
|
Okay.... It is, at least, a wee bit better.
Some formatting issues first. The download link should go at the top like all the other articles on Code Project, there is a template you can download.
The red headings should be replaced with <h2> or <h3> tags. The colour red is very strong and has a very specific connotation on text dominant web pages - it denotes something that is wrong, and error to be fixed, or a piece of information that absolutely must be read.
Also, try and find some more things to say about your code, the article is still quite short. Paste some relevant code into the article, and show exactly how the code is working from within the article. Wrap any code in <pre> tags so that the Code Project formatting engine will colour the code properly. (But remember do not paste code greater than 60 characters per line, split the lines if necessary)
Hopefully, in the next iteration your article will be much better.
"If a man empties his purse into his head, no man can take it away from him, for an investment in knowledge pays the best interest." -- Joseph E. O'Donnell
Not getting the response you want from a question asked in an online forum: How to Ask Questions the Smart Way!
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Rant 
Admin