|
The server side application that performs the encryption could either be a set of services that the clients make calls to (xml/soap/json) and the data is protected in transit via transport and/or message encryption. Or a web application that the clients use in their browser.
If how your system works at the moment is every client can connect directly to the database without a server application. Then worrying about encryption is pretty pointless anyhow. What stops any of your users from just accessing the database directly by extracting a connection string from your application? What's stopping a client from giving out your current encryption keys to the world? Having clients directly talk to a dbase is generally not how things are done if you are worried about security anyhow. If all your clients are connecting directly to the dbase then I wouldn't be spending your time on encryption, I'd be spending it making a service for your application to call that removes the need for clients to access the dbase directly.
"Two complications I see with this is that 1. a server application needs to be created to handle the incoming request from all the employee's computers and synchronisew them so there isn't any conflict between data request or race conditions and 2. while the database information is being sent from the database server to the employee's computer the information is not encrypted. "
1, All multiuser systems need to deal with race conditions; a service layer doesnt' change any of that. If two users save a record at exactly the same time, how does your application handle this now? If your not dealing with race conditions now, you've already got problems,
2. Why would you think your own hand rolled encryption is more secure than HTTPS/TLS. It almost certainly is not. Besides, you could use HTTPS/TLS + Message layer security if wanted. Read about the differences between transport and message level security/encryption for clarification as to why 2. is not an issue
|
|
|
|
|
Matty22 wrote: Then worrying about encryption is pretty pointless anyhow. What stops any of your users from just accessing the database directly by extracting a connection string from your application?
The data was going to be encrypted before being saved in the database, so even if someone accessed the database directly the information in the tables would be unreadable.
Most of the software I have programmed up to this point has been database applications, web sites, and custom data analysis software that has only been used within the company I was working for so security wasn't a major concern, especially since none of the data was sensitive. The few things that were, such as credit card payments on the websites, was handled by Authorized.NET.
I have a lot of experience programming just not at this scale or type of application; that is why I'm looking for this input. Your comments make a lot of sense and I'm almost certain that I'm going to change my game plan for the design of this application based on the information you've provided. I greatly appreciate you taking the time to respond and point me in the right direction.
I'm going to do some Google search for the differences between transport and message level security/encryption (as you've recommended), however if you know of any good articles, or introductions, that you would recommend I would appreciate it. If you don't have any bookmarked or saved then don't worry about it, I'm sure I can find what I need; you've already provided a wealth of information.
|
|
|
|
|
Hi All,
I am in urgent need for the VB6 Project on topic "Printing Press Management" (with Oracle Database).
Please please please contact me @ maheshkl83@gmail.com if any one of you have the project with you.
I am ready to pay too...
Your quick help is greatly appreciated.
Thanks,
Mahesh KL
|
|
|
|
|
Not going to happen.
First, printing presses are a dying breed in the digital age and, second, VB6 is long since dead too.
For such a specific application, you're going to have to write this one yourself. I'd suggest using .NET over VB6 any day.
|
|
|
|
|
Mahesh KL wrote: I am ready to pay too...
Try Rent-a-coder.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
You should remove your e-mail address from the post, as you can see you are receiving notifications as other users are answering your post.
Putting the e-mail in a public place like this one will give you lots of spam...
|
|
|
|
|
I have a teacher who gave us a compiled application. He did not provide us the code. We have to generate the code in our head and write it out. It must act like his application in every possible way. I have it written out but for some reason when I type in the value of two(2) pieces the two(2) isn't calculated yet every other number I type calculates just fine. Why?
two(2) falls within range of 1-199 so its price would be calculated as rangeA * two(2) pieces = price for two, but no result is returned, my text does not display in the textbox either.
Dim priceArrayElements(20) As Decimal
Dim pieceArrayElements(20) As Integer
Dim addedPieces
Dim totalAveragePieces
Dim addedPrices As Decimal
Dim totalAveragePrices As Decimal
Dim elementCounter As Decimal
Dim rangeA As Decimal = 0.5
Dim rangeB As Decimal = 0.55
Dim rangeC As Decimal = 0.6
Dim rangeD As Decimal = 0.65
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Select Case False
Case IsNumeric(txtPieces.Text)
MessageBox.Show("Pieces completed must be numeric.", "Data Entry Error", MessageBoxButtons.OK, MessageBoxIcon.Information)
txtPieces.Text = ""
Case Not IsNumeric(txtName.Text)
MessageBox.Show("Name is required.", "Data Entry Error", MessageBoxButtons.OK, MessageBoxIcon.Information)
txtName.Text = ""
Case Else
Select Case txtPieces.Text
Case 1 To 199
Try
For i As Integer = 0 To priceArrayElements.Length
priceArrayElements(i) = (Decimal.Parse(txtPieces.Text) * rangeA)
txtEarned.Text = FormatCurrency(priceArrayElements(i).ToString())
Next
Catch ex As Exception
End Try
Case 200 To 399
Try
For i As Integer = 0 To priceArrayElements.Length
priceArrayElements(i) = (Decimal.Parse(txtPieces.Text) * rangeB)
txtEarned.Text = FormatCurrency(priceArrayElements(i).ToString())
Next
Catch ex As Exception
End Try
Case 400 To 599
Try
For i As Integer = 0 To priceArrayElements.Length
priceArrayElements(i) = (Decimal.Parse(txtPieces.Text) * rangeC)
txtEarned.Text = FormatCurrency(priceArrayElements(i).ToString())
Next
Catch ex As Exception
End Try
Case Else
If Int32.Parse(txtPieces.Text) >= 600 Then
Try
For i As Integer = 0 To priceArrayElements.Length
priceArrayElements(i) = (Decimal.Parse(txtPieces.Text) * rangeD)
txtEarned.Text = FormatCurrency(priceArrayElements(i).ToString())
Next
Catch ex As Exception
End Try
End If
End Select
End Select
End Sub
End Class
|
|
|
|
|
Download ILSpy, and check out the code that your teacher wrote
As opposed to suppressing messages, you might want to log them to a file. If the '2' goes wrong due to an exception, you'd at least get a good message telling you what went wrong. Throwing away error-information is always a bad idea.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
Quick thing I noticed:
Herboren wrote: Dim priceArrayElements(20) As Decimal
and
Herboren wrote: For i As Integer = 0 To priceArrayElements.Length
priceArrayElements(i) = (Decimal.Parse(txtPieces.Text) * rangeA)
txtEarned.Text = FormatCurrency(priceArrayElements(i).ToString())
Next
The length of priceArrayElements would be 21 (the total number of elements), however the highest index is 20. So in the for loop the last index it would try to use would be 21, however the highest index would be 20. Shouldn't the for loop be:
For i As Integer = 0 To priceArrayElements.Length - 1
Next
or
For i As Integer = 0 To priceArrayElements.GetUpperBound(0)
Next
|
|
|
|
|
Hi every one,
I have an application in VB 2008 and i have read somewhere there is a control named MDITabControl which includes en every Tab the close box.
I've been looking in the toolbox but i cannot find it, i tried to add it using the option "Choose items" but still cannot find it.
Does anyone know where can i find it and how to add it? Perhaps i need to add a reference to a library.
Anyways, any help would be aprecciated.
|
|
|
|
|
Not a native control; must be part of some third-party library. There are a few of them, with the number one Google result from CodeProject[^]. Unless you can point out where you encountered it, we can only guess which implementation you've seen.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
I AM STARTER IN VISUAL BASIC 8
I WANT TO FIX ONE CONVERTER THAT WILL HAVE A DATAGRID
AND WILL LOAD CSV FILES
THE DATA GRID WILL HAVE 2 DIFFERENT COLUMNS THAT WILL LOAD
ABOUT 450 NUMBERS AND THEN I HAVE 10 TEXTBOXES THAT ANYNUMBER I WILL WRITE WILL THERE WILL CONVERT THE SECOND COLUMN DIGIT BY DIGIT
EXAMPLE
1234/1234
I WANT TO CONVERT THE NUMBERS OF THE SECOND COLUMN
LIKE THAT
1234/3455
I FIX THE CODE THAT WILL LOAD THE CSV FILE BUT I DONT KNOW HOW TO CONNECT THE LOADING FILE WITH THE DATAGRID
Private Sub OPENcsv_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OPENcsv.Click
' Import
Dim openFileDialog As New OpenFileDialog()
'saveFileDialog.Title = "Open the input CSV file";
openFileDialog.InitialDirectory = Application.StartupPath
openFileDialog.Filter = "CSV files (*.csv)|*.csv|All files (*.*)|*.*"
openFileDialog.FilterIndex = 1
openFileDialog.RestoreDirectory = True
If openFileDialog.ShowDialog() = DialogResult.OK Then
Dim fileInput As String = openFileDialog.FileName
End If
End Sub
ANY HELP
THANK YOU
GEORGE MENIOS
|
|
|
|
|
memas63 wrote: I AM STARTER IN VISUAL BASIC 8
and apparently using the Web too. Using all capital letters is the same as walking into a room and screaming at people.
|
|
|
|
|
I am getting data from a third party soap service. Everything seems to be going fine. However, the client says not all the data that should be coming over is there. I don't have the data source to verify so I thought I'd ask:
Has anyone had a soap service return only part of the data?
The only thing I could think of is the response buffer, or recieved message size. I thought I'd get an error or nothing in either of those cases. Either way, they are set to 20000000 for both. I didn't write this code, I'm just trouble shooting it
My initial instinct, after running the code and rechecking everything is that they have changed something else in the management of this data and it's nothing to do with my software, which just fetches it and puts it in a database. The software hasn't changed in over a year and always worked fine until recently.
If it moves, compile it
|
|
|
|
|
Throw Fiddler on the client so you see what the service is returning.
|
|
|
|
|
yeah, I have soapUI that does a pretty good job. It was a shot in the dark really. I'm getting data back, and the correct data. The client just doesn't think I'm getting everything I should.
If it moves, compile it
|
|
|
|
|
Well then, it's either a problem with the server-side code that's retrieving the data or with the clients expectations.
|
|
|
|
|
I have been searching for a way to print a datagrid and all responses refer to a datagridviewprint class. This does not seem to exist in my version of VB2005. How can I import this into my system? Appreciate some assistance
|
|
|
|
|
Did you try searching[^] for it?
One of these days I'm going to think of a really clever signature.
|
|
|
|
|
I'm new to this, so if I've done anything wrong, please tell me
I work on a pretty large VB6 application. The distribution of it is pretty problematic. My sort of "dream" is to automate the build and packaging process with some repeatable scripts (batch-files?).
I want to ship the application with the nullsoft installer system - nsis. I got lot's of referenced libraries and components (dlls, ocx) that the package and deployment wizard of vb6 gathered for me.
The problem now is to make sure that all needed libraries are installed in the correct version.
How can I make that sure?
Should I ship the dlls/ocx as cab-files? Can nsis do a kind of conditional installation of dlls/ocxs?
Thanks!
best regards
Andreas
|
|
|
|
|
Truthfully, you should be scrapping the entire VB6 project and redoing it in .NET. VB6 has been dead for quite a number of years now and community support for it is dying rather quickly.
|
|
|
|
|
Well, thanks for that advice . I wish I could do that for quite a long time.
We took the project from another developement company, and it's that huge that it can't be redone in .NET as fast as we would need. The former compapy worked on that application for 10 years and so it became pretty complex.
We have to live with VB6 there :/
regards
Amdreas
|
|
|
|
|
fancyRocko wrote: We have to live with VB6 there :/
No, you will be phased out, with VB6.
Huge applications aren't rewritten in a single action; you replace parts of it, bit by bit. It's either that, or become part of history.
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
Yikes! Good luck with that!
Honestly, it's been 11 years since I've touched anything VB6. I remember the Setup and Deployment wizard sucked.
As for NSIS, I really couldn't tell you what it's going to take to automate this. I think that's going to be a question for NSIS.
|
|
|
|
|
Okay. It seems that you're right. I'll try to convert the application peace by peace to .NET.
I needed your expert impact for that decision - thanks!
|
|
|
|