|
vernchen wrote: you can use split(',');
Not unless there are comma's seperating all characters  If you look at the above thread you'll see that what he needed was the ToString() method 
You know you're a Land Rover owner when the best route from point A to point B is through the mud.
Ed
|
|
|
|
|
You can treat a regular string like a char array and just index it:
string mystring = "hello";
char h = mystring[0];
|
|
|
|
|
With an Installer class, I am overriding the Install() function.
I have read that throwing an InstallException() from within my installer DLL code, will force the setup project install to fail and cause setup to rollback.
But this causes an ugly dialog to pop up and inform the user that an exception has been thrown.
I am wondering if there is another (cleaner) way to cause the Install() to fail, and there for RollBack()?
Thanks folks.
-- modified at 16:49 Wednesday 7th June, 2006
|
|
|
|
|
Hi there, can anyone help me understand how it's possible to generate a keypair using .net 2.0 and have the private key secured with a passphrase?
Thanks
Clonus
|
|
|
|
|
Clonus wrote: generate a keypair using .net 2.0
You create a keypair by creating a new instance of the RSACryptoServiceProvider class (key size can be specified in constructor), once created you can then access the keys either through the ToXmlString method or through ExportParameters (specifying the whether to include the private keys).
Clonus wrote: private key secured with a passphrase
To do this you can use DESCryptoServiceProvider which accepts a key (but it must be a strong key) to encrypt data. To create a strong key you could use the PasswordDeriveBytes class which can take a password string and a collection of random bytes and generate a key out of this. Take a look at this article[^] on MSDN which will show how to use it. You're only solution if you go down this road is to use constant (or calculable) "salt" bytes. Perhaps the simplest (although not cryptographically secure) is to generate some random bytes once and then use these in all instances as the "salt" bytes.
There may be better ways around this but atleast these methods use the .NET Framework classes. You're welcome to write your own encryption algorithm for the password storing of the private key. It all depends on how secure you need it.
You know you're a Land Rover owner when the best route from point A to point B is through the mud.
Ed
|
|
|
|
|
Thanks for the link Ed, however, I'm not sure how this would apply to RSA?
The example uses TripleDES, and it seems I've been playing around with this code and haven't been able to generate a public and encrypted private key yet.
Is this specific to DES only?
Sorry, "me brain just don't register this" ! 
|
|
|
|
|
You see, generating the public and private keys is very simple with RSA but using a passphrase on the private key of this pair is what I am trying to accomplish.
I can't seem to find any information on how to do this?
|
|
|
|
|
It all depends on how secure you want it.
Basically RSA uses a random key which must be strong, it's best to leave this to be generated by the cryptographic system. For more "classic" password protection schemes you can use DES (Triple or some other variant) which takes a single encryption key, this key is used to encrypt and decrypt the data (unlike the public key used in RSA to encrypt and the private to decrypt). The key used by DES must be a "strong" key, i.e. cryptographically strong (so it's not easy to break), the .NET Framework implementation does not allow encryption with weak keys, an exception is thrown. Normally this key is an array of random bytes. But by using the PasswordDeriveBytes class you can generate these random bytes from a password string.
The PasswordDeriveBytes constructor takes a password string and some "salt" bytes, these bytes are intermingled in the key generated at (probably) random but calculable locations. So essentially it takes your password string, converts it to bytes, adds the salt bytes and mixes them up in a particular way, probably based on the values of the password bytes.
So essentially what you need to do is:
- Generate the public and private key from the
RSACryptoServiceProvider. - Select a password and use
PasswordDeriveBytes to generate a strong DES key. - Using
DESCryptoServiceProvider encrypt the private key of the RSA Key Pair with the bytes generated in step 2. - Do what you want
What I mentioned in the previous reply was that the "salt" bytes must be consistent or calculable from the password string, it's no use using different salt-bytes for the same password string because you won't get the same key so you can't decrypt the private key for the RSA algorithm.
- The simplest would be to generate some random bytes once and hard-code these into your application as the salt-bytes. This however is not very secure or wise.
- The better way to accomplish this would be to write an algorithm (or find one) than generates some random bytes based on the password string, this would mean that the string changes each time the password changes but remains the same for the same password.
Neither of these methods would be very secure since in a) the bytes are hard-coded and easily extractable using Reflector. In b) they are not so extractable since they are hidden by an algorithm it all depends on how confusing this algorithm is to interpret as to how easy it is to break the system (because once they have the bytes then they can plug them back into the PasswordDeriveBytes class and get your key back).
It's all (as will all cryptography) a matter of complexity verses security.
You know you're a Land Rover owner when the best route from point A to point B is through the mud.
Ed
|
|
|
|
|
I'm trying to list all members of a COM class that I load using GetTypeFromProgID.
I'm using GetMembers() but I can't see the classes members except for the base members.
How can I achieve this? Is there an alternative way?
Thank you
|
|
|
|
|
I have been reading many of the examples of how to create a progress bar, but none of them have helped me solve my problem... To simplify my problem I have two projects in my solution. One for the User Interface (UI), and one for the Business objects (BO). I need to have a way to update a progress bar in my UI project from my BO project. My UI project references the BO project, so I have to make sure to avoid circular references.
All of the examples I have found have all the code in the same project.
Please help!
Hogan
|
|
|
|
|
In your BO project:
Take the class that contains the method of which you want to track the progress and an event named ProgessChanged or something similar. Inside the method of which you want to track the progress raise this event whenever a specific progress is made or maybe after some fix interval and pass a custom EventArgs object containing a progress estimation.
In your UI project:
Subscribe to the ProgressChanged event and inside the event handler update your progress bar.
"Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning." - Rick Cook
www.troschuetz.de
|
|
|
|
|
Hello all, I seem to be having a small problem killing threads in a console application.
The symptoms of the problem is that the application never exits, and I can only assume that this is due to a threading issue.
I currently have the following (edited for simplicity) code:
int threadTimeout = 2000;
for (int loop=0; loop < syncServers.Length; loop++)
{
this.syncServer = syncServers[loop];
Thread syncThread = new Thread(new ThreadStart(DoSync));
syncThread.Start();
Thread.Sleep(threadTimeout);
if (syncThread.IsAlive)
{
syncThread.Abort()
}
}
private void DoSync()
{
DoTimeSync(this.syncServer)
}
Now lets say that syncServers has three items, the code cycles through each one waiting for the timeout. However when the last one completes the application just hangs, I would expect it to close (there is no further code after the end of the for loop)
EDIT : Just for clarity, the reason I am doing this is that I am using UDP to perform time synchronisation requests, unfortunatly the .NET 1.1 UDP listener doesnt support a timeout and if the sync server doesnt exisit the UDP listener sits and waits for ever.
EDIT 2 : I have also try using:
if (syncThread.ThreadState != ThreadState.Stopped)
{
syncThread.Abort()
}
|
|
|
|
|
Try putting some Console.WriteLines in the code so that you can see when some thread dies or is created. E.g.
int threadTimeout = 2000;
for (int loop=0; loop < syncServers.Length; loop++)
{
Console.WriteLine("Loop = " + loop.ToString());
this.syncServer = syncServers[loop];
Thread syncThread = new Thread(new ThreadStart(DoSync));
Console.WriteLine("Starting Thread");
syncThread.Start();
Console.WriteLine("Main Thread is sleeping");
Thread.Sleep(threadTimeout);
Console.WriteLine("Main Thread Awake");
if (syncThread.IsAlive)
{
Console.WriteLine(" Sync thread is alive");
syncThread.Abort()
Console.WriteLine(" Sync thread is dead");
}
}
Console.WriteLine("Finished");Just so that you can see what's going on maybe that'll tell you where it's hanging.
You know you're a Land Rover owner when the best route from point A to point B is through the mud.
Ed
|
|
|
|
|
how can I know if the MDI Child Closing event triggered due to the MDI Parent close or itself?
-- modified at 13:01 Wednesday 7th June, 2006
or what event can I use in the parent before the closing event of the child are triggered ?
(the closing event of the parent is triggered after the child...)
|
|
|
|
|
As far as I know there is no clean way to have the MDI parent detect that the child window is closing before the child's Closing event fires. You could override OnClosing in the child Forms and cast the MdiParent property to whatever type it actually is and call a method defined on your parent form subclass. That method would serve as a notification to the MDI parent that a child window is closing.
Hope that helps,
Josh
|
|
|
|
|
Hi,
I have the small doubt,I created a table Author in oracle and i put primary key constraint on authorid field.And i created another table Article and foreign key constaraint placed on this table's authorid.Now iam inserting data into these two tables through front end.
My doubt is why we have to create
Dim pk(1) As DataColumn
pk(0) = ds.Tables(0).Columns("authid")
ds.Tables("authors").PrimaryKey = pk
This is for primary key.
The below is for foreign key:
Dim fk As ForeignKeyConstraint
fk = New ForeignKeyConstraint("fk", ds.Tables(0).Columns("authid"),
ds.Tables(1).Columns("authid"))
fk.DeleteRule = Rule.Cascade
fk.UpdateRule = Rule.Cascade
ds.Tables(1).Constraints.Add(fk)
ds.EnforceConstraints = True
with out creating this constraints iam getting exception "sys... violated" when iam trying to insert duplicate values.
Then what is the use of above code and when the code will be useful.
Thanks in advance.
-- modified at 9:49 Friday 9th June, 2006
|
|
|
|
|
I am a little confused by your problem statement versus what your code is attempting to do - the problem statement makes no mention of "custid" and given the names of the tables you mention, Author and Article, I'm not sure where a customer would fit in the picture.
Nevertheless, I've put my interpretation of the tables you are working with below (please note that I didn't try very hard to get the PL/SQL statements correct, but they should get my idea across (and you may have different types associated with your column definitions, but the concepts should still work)
CREATE TABLE Author
(
AuthorID INTEGER
FirstName VARCHAR(32)
LastName VARCHAR(32)
)
ADD PRIMARY_KEY CONSTRAINT PK_Author ON Author.AuthorID
CREATE TABLE Article
(
ArticleID INTEGER
AuthorID INTEGER
ArticleName VARCHAR(128)
PublishDate DATETIME
)
ADD PRIMARY_KEY CONSTRAINT PK_Article ON Article.ArticleID
ADD FOREIGN_KEY CONSTRAINT FK_Author Article.AuthorID ON Author.AuthorID
(please rememeber the SQL above is probably wrong!)
If the tables are defined as I have assumed, then you are absolutely right and you should not be getting a primary key violation. But, I do wonder if you made Article.AuthorID the foreign key into the Author table AND the primary key in the Article table. If you did that, then you should indeed get a primary key violation when attempting to add records to the Article table.
Hope this helps a bit...
/dave
----------
If you always do what you always done, you'll always get what you've always got - Anonymous
|
|
|
|
|
I have a C#/ASP.NET application that goes and creates a connection to a SQL Server 2000 database. Within the application itself, I have a textbox in which the user enters a part number. After entering the part number, they click a command button that returns data in a datagrid depending on the part number.
//Declaration of PartNumber string
protected string strPartNumberInput;
//more code
//Set PartNumber variable to what user entered
strPartNumberInput += txtPartNumber.Text;
//Now I want to run SQL to get cost data. Basically want 'Select * from Costs where costs.PartID = Parts.ID'
string SQLString = "Select * FROM Costs"; //What else to put here??
How do I programatically say, 'strPartNumberInput is Parts.ID'
Thanks! Let me know if this doesn't make sense.
|
|
|
|
|
Well, looking at your code, the cmd:
strPartNumberInput += txtPartNumber.Text;
does not set a part number, it adds just more numbers. it should be:
strPartNumberInput = txtPartNumber.Text;
And how that I see it... you just need this SQL:
"Select * from Costs where Costs.PartID = Parts.ID And Costs.PartID = " + strPartNumberInput;
should work...
Good-Luck...
NaNg.
|
|
|
|
|
NaNg15241 wrote: "Select * from Costs where Costs.PartID = Parts.ID And Costs.PartID = " + strPartNumberInput;
Your solution is susceptable to a SQL Injection Attack. Please learn how to defend against these attacks as they could compromise your systems. For more information see SQL Injection Attacks and Tips on How to Prevent Them[^]
"On two occasions, I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question."
--Charles Babbage (1791-1871)
My: Website | Blog
|
|
|
|
|
Unless I'm missing something...
string SQLString = "Select * FROM Costs WHERE costs.PartID = " + strPartNumberInput;
|
|
|
|
|
Gerald Schwab wrote: string SQLString = "Select * FROM Costs WHERE costs.PartID = " + strPartNumberInput;
Your solution is susceptable to a SQL Injection Attack. Please learn how to defend against these attacks as they could compromise your systems. For more information see SQL Injection Attacks and Tips on How to Prevent Them[^]
"On two occasions, I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question."
--Charles Babbage (1791-1871)
My: Website | Blog
|
|
|
|
|
Uhh, he asked what he should concatenate to the end of the SQLString string variable in order to generate a SQL statement that would filter by Parts.ID. He didn't ask for a "solution". So, I didn't provide him with "my" solution, I simply demonstrated how to create the SQL string he was interested in creating. I am fully aware of SQL injection attacks and always use typed parameters with stored procedures in "my" solutions. Maybe you should try being less arrogant next time.
|
|
|
|
|
Gerald Schwab wrote: Uhh, he asked what he should concatenate to the end of the SQLString string variable in order to generate a SQL statement that would filter by Parts.ID
No, he didn't ask what he should concatenate on to the end of the string, he said:
string SQLString = "Select * FROM Costs"; //What else to put here??
How do I programatically say, 'strPartNumberInput is Parts.ID'
Gerald Schwab wrote: I simply demonstrated how to create the SQL string he was interested in creating. I am fully aware of SQL injection attacks and always use typed parameters with stored procedures in "my" solutions.
Then why give people answer that lead them down the road to a very well known yet easily correctable security flaw? I doesn't matter one jot if you use parameters in "your" solutions if you don't share the benefits with other people.
Gerald Schwab wrote: Maybe you should try being less arrogant next time.
I'm just trying to do my bit to ensure the world is a more secure place. I don't want my credit card details, or any other of my details, falling into the hands of criminal gangs because someone didn't know how to secure their system properly because someone was lazy in answering a question on a forum.
People have a tendancy to do "just enough" to get something working without really thinking about the security holes they are leaving open in the process. That could be because they don't know about them, or don't care. I can't help with the latter but I can do something about the former.
But, if you think that it is arrogant of me to try and help others secure their systems.....
"On two occasions, I have been asked [by members of Parliament], 'Pray, Mr. Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able to rightly apprehend the kind of confusion of ideas that could provoke such a question."
--Charles Babbage (1791-1871)
My: Website | Blog
|
|
|
|
|
As i have understood from your description, you need this SQL query
String SQLString="SELECT * FROM Costs WHERE PartID= "+
"(SELECT ID FROM Parts "+
"WHERE PartNumber="+txtPartNumber.Text+")";
This query is right if your part number is not the part id which stored seprately in parts table along with part id. But if Part no. and part id are the same then you could use following query:
String SQLString="SELECT * FROM Costs WHERE PartID= "+txtPartNumber.Text;
I think it should work....
Wasif Ehsan
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
