|
a free Google-fu search for you[^]
Next Google-fu search costs a pound
Lobster Thermidor aux crevettes with a Mornay sauce, served in a Provençale manner with shallots and aubergines, garnished with truffle pate, brandy and a fried egg on top and Spam - Monty Python Spam Sketch
|
|
|
|
|
Can I have a few of them please, I could use losing a few pounds!
If you send me a LMGTFY for weight loss I will be mightily displeased
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
|
somasaedi wrote: Pascal's Triangle in C program using loop
What about it? Also c != c#.
If you can't be bothered to read the site guidance about asking a question, I can't be bothered to tell you why I downvoted your question properly.
|
|
|
|
|
Would you like fries with that?
/ravi
|
|
|
|
|
Google is your best friend.
Google Search.[^]
Pascal's triangle in C#[^]
The first step in the acquisition of wisdom is SILENCE, the second is LISTENING, the third MEMORY, the forth, PRACTICE and the fifth is TEACHING others!
|
|
|
|
|
|
|
What bout it?
The first step in the acquisition of wisdom is SILENCE, the second is LISTENING, the third MEMORY, the forth, PRACTICE and the fifth is TEACHING others!
|
|
|
|
|
Hi I am looking for the best method and most secure method of connecting to a remote MySQL database from a c# application.
I have an application that allows users to login by verifying the credentials with a remote MySQL database. The whole application is dependant on the database.
So far I am just using the .net MySQL connector. but someone mentioned this is insecure especially since people decompile apps a lot and I have the database login details inside the app.
In your opinion what would be the best method of securely reading, updating and adding data to a remote MySQL database?
Thanks for any replies!
modified 11-Mar-21 21:01pm.
|
|
|
|
|
If you are only worried about your connection string, you can just use an encrypted section in the .config file.
Anyways, connecting to a SQL server directly is not secure. Traffic is not encrypted and anybody with a sniffer can see everything. You should instead connect to a TCP/IP server (that you write, obviously) using SSL that proxys the database calls. That way, you don't have the connection string in your app, but you are still going to have the server info in your app, so... The DB proxy method has additional benefits since it also allows you to compress data. SQL does not. A bit more work though...
|
|
|
|
|
Do you use compression in your apps and if so does it make a reasonable difference?
Never underestimate the power of human stupidity
RAH
|
|
|
|
|
Depends what queries you're doing, but database data is usually highly repetitive so you should get massive improvements by compressing it.
|
|
|
|
|
Depends on the data & scenario. I.e. compressing small data will actually result in the "compressed" data being larger then the original. Then there is the overhead in compressing & decompressing on the fly, or storing the data in compressed format. Honestly, usually its not worth the hassle if your queries are optimized. Compressing 1MB down to 250KB isn't going to make a difference in the real world.
|
|
|
|
|
A more secure way would isolate the database, and only provide the interface over a webservice. A more secure way than that would be to use SSL.
..how much security do you need?
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
It depends also on how "remote" that database is. If it is in a virtual private network, that VPN should actually be safe/secured enough.
|
|
|
|
|
What are you trying to secure against?
If you are using a single key for all instances of the application, and including it in the application distribution, then it is pretty straightforward for a hacker to get hold of the key (or login credentials) and contact the database with it.
To avoid interception or viewing of data as it's on the network, you should always use SSL or something similar (i.e. an encrypted channel using a public key encryption algorithm at some point) for the transfer. If you set up a web service or HTTP server it's straightforward to use SSL. This prevents someone from sniffing the packets of someone else's data, but it doesn't affect their ability to decompile and get the credentials.
The only real way to avoid that is to require people to log in, so the application doesn't have the credentials at all. That's obviously annoying and can often have a bigger cost than the security concern.
It's usually a good idea to proxy a database by having a service layer (either a web service or a TCP server application) in between. That insulates you from a particular database implementation, and it also allows you to restrict the actions a user can do, even with the credentials. If, for example, your concern is corruption of data as opposed to viewing it, this application can sanity check any requested updates to the database.
|
|
|
|
|
Thanks all for the great suggestions. So for example i have
Application(e.g login)
|
connect to remote database
|
application requests data
|
database sends data
|
application handles it.
---------------
from the suggestions a possible secure method to change to?:
Application
|
connect to webservice and initiate connection to db(ssl)
|
application sends query string for e.g to the web service(ssl)
|
application requests data encrypted from the webservice of which connects to the database retrieves the data and sends it to the app(ssl)
|
application handles it.
modified 11-Mar-21 21:01pm.
|
|
|
|
|
Your application should not know anything about the database including connection strings, queries, tables, etc. The web service should do all that and expose an API that your app will consume.
An TCP/IP socket server will vastly out-perform a web service. Also, 2-way communication is a PITA in a web service.
* you need to think how many simulataneous users will connect
* typical internet connection of your users
* if you will need 2 way communication
|
|
|
|
|
Thank you, I will take all this advice on-board and do some research into web services and such. I am knew to working with databases in a desktop application so I am learning a lot.
Thank you so much for advice.
modified 11-Mar-21 21:01pm.
|
|
|
|
|
Hello Sir This is rahul tiwary
My problem is that i want to mail Email body in asp.net C#.not Attechment .but not retrive Can u help me .my code is
try
{
string EmailID = dt.Rows[0][1].ToString();
MailMessage MyMessage1 = new MailMessage();
string Bodyurl = "http://www.basnext.com/CheckOrderStatus.aspx?OrderTrackingNomber=" + Ordertrackingnumber + "&UserID=" + Session["UserID"].ToString() + "";
MailMessage MyMessage = new MailMessage();
MyMessage.To.Add(EmailID);
MyMessage.From = new MailAddress("sales@basnext.com");
MyMessage.Subject = "Order Details";
MyMessage.Body = "";
MyMessage.IsBodyHtml = true;
MyMessage.Body = "<HTML><BODY BGCOLOR=#0000FF> Dear " + Session["UserName"].ToString() + "
Thank you for making an Order Detail of product items.
We appreciate to serve you.
Your Order Tracking Number is " + Ordertrackingnumber + ". We will get you back soon.
You Can Check your Order Status anytime on clicking below porvided link. " + Bodyurl + "
Thanks & Regard Sales Team Email:- sales@stsinfo.com. </BODY></HTML>";
Stream mem = cry.ExportToStream(ExportFormatType.PortableDocFormat);
mem.Seek(0, System.IO.SeekOrigin.Begin);
Attachment att = new Attachment(mem, "OrderDetails.pdf", "application/pdf");
MyMessage.Attachments.Add(att);
MyMessage.Body = "<HTML><BODY BGCOLOR=#0000FF>"+att+" Dear " + Session["UserName"].ToString() + "
Thank you for making an Order Detail of product items.
We appreciate to serve you.
Your Order Tracking Number is " + Ordertrackingnumber + ". We will get you back soon.
You Can Check your Order Status anytime on clicking below porvided link. " + Bodyurl + " Thanks & Regard Sales Team Email:- sales@stsinfo.com. </BODY></HTML>";
Stream ms = cry.ExportToStream(ExportFormatType.WordForWindows);
ms.Seek(0, System.IO.SeekOrigin.Begin);
Attachment att1 = new Attachment(ms, "OrderDetails.doc", "application/.doc");
MyMessage1.Attachments.Add(att1);
MyMessage1.To.Add("rahultiwary19@stsinfo.com");
MyMessage1.From = new MailAddress("sales@basnext.com");
MyMessage1.Subject = "Order Details";
MyMessage1.IsBodyHtml = true ;
MyMessage1.Body = "<HTML><BODY BGCOLOR=#0000FF>Dear Sales Team Mr. " + Session["UserName"].ToString() + " has made an Order Details of some products item.
Please find the attachment of the Order Details.
Thanks & Regard </BODY></HTML>";
MyMessage1.Body = "";
smtpClient.Host = "mail.bioroles.com";
// smtpClient.Host = "174.142.169.34";
smtpClient.Port = 25;
smtpClient.UseDefaultCredentials = true;
smtpClient.Credentials = new System.Net.NetworkCredential("sales@bioroles.com", "**********");
//smtpClient.Credentials = new System.Net.NetworkCredential("sales@basnext.com", "***********");
smtpClient.Send(MyMessage);
smtpClient.Send(MyMessage1);
mem.Dispose();
ms.Dispose();
}
catch (Exception ex)
{
//litStatus.Text = ex.ToString();
}
}
Please Help
|
|
|
|
|
What's the problem?
I wasn't, now I am, then I won't be anymore.
|
|
|
|
|
Just look at what you are doing with the Body property of the messages. You set them, then give contents, and then overwrite the contents again.
And actually I expect a runtime error at
Attachment att = ...
MyMessage.Body = "<HTML><BODY BGCOLOR=#0000FF>"+att+"
|
|
|
|
|
Hi all,
I would like to write a function of type Bool that checks an array for a certain value or a function of type Void to simply sort an array. If I write a function for only a particular array type, the function is pretty straight forward but inflexible. However, if I want the function to work on any kind of array regardless of it's type, it is pretty tricky. I have tried to do this by using a For Loop in the function. Then I tried to pass in the name of the array and it's length as parameters but got stuck. The problem is if I pass in the name of an array as a parameter, that parameter must have a type. Then I tried to use the ForEach Loop where I can enter the array name but it seems it also needs to know what array type it is dealing with. The following are what I have tried:
public bool myFunction(ARRAYTYPE myArrayName, int myArrayLength)
{
for(int i = 0; i<myArrayLength;i++)
{
}
}
public void myFunction(ARRAYTYPE myArrayName )
{
foreach (ARRAYTYPE value in myArrayName)
{
}
}
I'm beginning to think this can't be done but I'm really hoping someone has a solution. Thanks in advance for your reply.
modified 16-Oct-12 8:42am.
|
|
|
|
|
The examples you post aren't really suitable for handling in a single method because the internal implementations are too different. In other words, they don't have common behaviour, so you shouldn't try to treat them as though they do.
On a general note, you can use generics to pass in a type to a method when you want to be able to use different types, decided at compile time. To do this, you would declare it like this (changing the array to a generic list instead):
public void MyFunction<T>(List<T> myCollection){
}
|
|
|
|