Wrox Programmer Forums
|
BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0
This is the forum to discuss the Wrox book ASP.NET 2.0 Website Programming: Problem - Design - Solution by Marco Bellinaso; ISBN: 9780764584640
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old March 22nd, 2007, 09:24 AM
Friend of Wrox
  
Join Date: Mar 2007
Posts: 488
Thanks: 2
Thanked 11 Times in 10 Posts
Default Warning: DataAccess.cs
Hi all,

TBH_Web\App_Code\DAL\DataAccess.cs

there is a pretty serious error in the above class. basically, the HttpContext.Current.User.Identity.Name is derived from the login name that you type. However, it doesn't check for blank spaces (i.e. you can authorise sampleeditor with spaces after it and it'll still log you in. however, once logged in, the sampleeditor name in the Identity.Name will also have the same spaces added. THis means that the check below will fail:

if (HttpContext.Current.User.Identity.Name.ToLower == "sampleeditor")

The remedy for this in the short-term, is to add the Trim() method onto the end of the test i.e :

if (HttpContext.Current.User.Identity.Name.ToLower(). Trim() == "sampleeditor")

Hope this helps - i only discovered this after deleting quite a bit of data. however, it's unlikely that anyone testing your site would add the additional spaces after the name but it's better to be safe than sorry and it is in my opinion, a required amendment.

cheers

jim

[edit] in reality, i'd actually make the new test:
if (HttpContext.Current.User.Identity.Name.Trim().ToL ower()== "sampleeditor"). just feels better but i did it with the Trim() at the end just to exemplify clearly the addition.
__________________
jimi

http://www.originaltalent.com
 
Old March 22nd, 2007, 09:33 AM
Wrox Author
  
Join Date: Oct 2005
Posts: 4,104
Thanks: 1
Thanked 64 Times in 64 Posts
Send a message via AIM to dparsons
Default
It is good practice to always validate user input (triming white space, removing special chars, checking for SQL Injection, etc) regardless of where it comes from. In any case, this is a good point to anyone that may have over looked this fact.

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
^^Took that from planoie's profile^^
^^Modified text taken from gbianchi profile^^
================================================== =========
Technical Editor for: Professional Search Engine Optimization with ASP.NET
http://www.wiley.com/WileyCDA/WileyT...470131470.html
================================================== =========
Why can't Programmers, program??
http://www.codinghorror.com/blog/archives/000781.html
================================================== =========





Similar Threads
Thread Thread Starter Forum Replies Last Post
Expaning on ExecuteNonQuery () in DataAccess class kalel_4444 BOOK: ASP.NET 2.0 Website Programming Problem Design Solution ISBN: 978-0-7645-8464-0 1 July 21st, 2008 03:52 PM
How to compile - First.cs gau404 BOOK: Professional C#, 2nd and 3rd Editions 1 November 14th, 2005 03:19 AM
Enums.cs allanhu BOOK: ASP.NET Website Programming Problem-Design-Solution 3 November 2nd, 2004 10:37 PM




Contact Us - Wrox - Privacy Statement - Top

Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.