|
In MultiView, one 1 view renders at a time. So, controls of other view will not be available via client side.
As a workaround, you can use a hidden variable to store value and set it at server side to the corresponding control.
Life is a computer program and everyone is the programmer of his own life.
|
|
|
|
|
Anurag, thank you very much for your response.
Can you please give me an example of how you can use hidden variable in this instance?
|
|
|
|
|
can anyoen tell me when i use file upload in asp.net.how to rename file with id..its very urgent..plz
|
|
|
|
|
|
Simple - just use the ID to construct the file name you pass to the SaveAs method[^].
The FileUpload control does not automatically save a file to the server after the user selects the file to upload.
...
The code that you write to save the specified file should call the SaveAs method, which saves the contents of a file to a specified path on the server.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
if (FileUpload1.HasFile)
{
string s = hidVal.Value.ToString();
string link = hidsymp.Value.ToString();
lblimg_error.Text = "";
string filename = Path.GetFileName(FileUpload1.PostedFile.FileName);
string imagepath = ConfigurationManager.AppSettings["ImagePath"].ToString();
var logoimage = Path.Combine(imagepath, filename);
string extension = Path.GetExtension(filename).ToLower();
System.Drawing.Image img = System.Drawing.Image.FromStream(FileUpload1.PostedFile.InputStream);
int height = img.Height;
int width = img.Width;
FileUpload1.SaveAs(logoimage);
}
so upload file in folder
if you want to rename file when upload then store file name in one string and change string value and save changable string name
|
|
|
|
|
Why have you replied to me instead of the person asking the question?
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Can we access a scanner(which is at client environment) from the client browser using ASP.Net?
I see some articles that we can do it using ActiveX.
Can some have any example.
|
|
|
|
|
I don't believe JavaScript can do it. I know my credit union's app for scanning checks uses Java so that may be the other route you need to go. JavaScript can't access local system resources so you need something like ActiveX or Java that can.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Hi there! what a pleasure to join up to this forum
I've been working on making a product more secure and I've noticed when sniffing the network I can see passwords being posted via the form on Login.aspx, I would of thought there is a way to hash the password prior to form post, I've done some searching with no luck so far.
Thanks.
|
|
|
|
|
You probably mean encryption - hash is one way...
Anyway there is no use of hashing/encrypting data before post. If hacker has access to the client he can see the data before hash/encryption too!
The reason you can see the plain data is:
1. You run sniffing software (what do you use) on the client or server. That's (hopefully not the way hacker does it)
2. You do not use secure protocols, like HTTPS...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
Thanks, I was planning on using a hashing method rather than encryption as encryption could be undone if you knew the algorithm/keys etc, hashing could be matched but not undone, this gets me some where for securing the password without SSL, from the research done today I may just go SSL.
|
|
|
|
|
In most cases there is an advantage to NOT to invent the wheel ...
Skipper: We'll fix it.
Alex: Fix it? How you gonna fix this?
Skipper: Grit, spit and a whole lotta duct tape.
|
|
|
|
|
The problem is that hashing the password on the client doesn't solve anything, and can actually make your application less secure.
You want to hash the password on the client in case someone can sniff the traffic, so that they won't be able to see the password. But if they can sniff the traffic, they don't need to see the password; they can just submit the password hash instead, since that's what your server is expecting.
Worse, if they managed to get hold of your database of password hashes, they wouldn't need to try to crack them; they could just submit the hashes as if they were plain-text passwords.
SSL is definitely the way to go. Let the infrastructure protect your passwords in-flight, and leave the hashing on the server where it belongs.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
There are javascript based md5 hash routines which you can use on the client and send sever side for storage. If someone sniffs it they still don't know what the password value is. This works because the password entered into the log-in page will be the real password which gets hashed server side for comparison. Of course, you will have to use the same routine server side before comparing the values.
|
|
|
|
|
But now the server isn't expecting the password; it's expecting the password hash.
If someone can sniff the network traffic, they won't be able to see the password, but they'll be able to see the password hash. And that's all they need to see.
An attacker who captures the password hash in-flight can simple submit a request with that hash, and the server will happily authenticate them.
Worse, if the attacker compromises the database and gets hold of your hashed passwords, they can authenticate as any user.
Client-side hashing doesn't make your application more secure. If anything, it makes it less secure.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Clearly a secure connection is what is required but it doesn't matter if the password is passed or the hash value is passed, if someone gains access to the data that you are directly authenticating to then the result is the same regardless, not more or less, just the same. If you are using .Net you can encrypt the values using settings in the config file, that would probably be the best technique.
|
|
|
|
|
Michael_Cox wrote: if someone gains access to the data that you are directly authenticating to then the result is the same regardless
Not quite.
If an attacker is sniffing the network traffic between the client and the server, then there's no hope either way.
However, if the attacker gets hold of a list of username and hashed passwords:
- If you're hashing the password on the server, then the attacker has to guess the password before they can authenticate.
- If you're hashing the password on the client, then the attacker can immediately authenticate as any user.
Your server isn't checking that the user knows the password, only that they know the hash of the password.
If you install an SSL certificate, and ensure that your login pages are only ever served over HTTPS, then you protect the data in-flight. But if you're going to do that, then why would you bother hashing the passwords on the client? Nobody can see the network traffic, so the argument for client-side hashing is gone.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Hello
I am trying to follow this tutorial
[^]
with an MS Access database in VB.NET.
In the code example (for Passwordreset.aspx), there is a reference to UserID. Is this the first column in the database, please?
This is what I have in my db:
http://www.bayingwolf.com/tutorial.jpg[^]
Would I just need to add a UserID column in order to follow the tutorial. There is also a reference in the Passwordreset.aspx code to:
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
Would I just replace that with my own MS Access source?
Thank you.
|
|
|
|
|
Member 8761667 wrote: there is a reference to UserID. Is this the first column in the database, please? It doesn't really matter. You just need to go through the code and understand it so that you can tweak it to work for you. Code is generally not something you can just copy and paste and have work right away. You'll need to understand the various pieces so you can implement it.
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|
|
Thanks for your message, Ryan.
Appreciated!
|
|
|
|
|
hello can i ask for help on how to create an application that can sent email. thank you
|
|
|
|
|
You could ask Google and you will find many samples.
|
|
|
|
|
|
Sure you can ask. Do you have a specific question?
There are only 10 types of people in the world, those who understand binary and those who don't.
|
|
|
|