== 1 of 1 ==
Date: Sat, May 10 2008 4:22 pm
From: "Jonathan Wood"
Cool. Thanks.
--
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
"Milosz Skalecki [MCAD]" <mily242@DONTLIKESPAMwp.pl> wrote in message
news:D0F112DB-AB67-43B2-9CF6-D9B06FCA734D@microsoft.com...
> Hi Jonathan,
>
> I used Reflector, very powerful freeware reverse engineering tool.
> http://www.aisto.com/roeder/dotnet/
> It will help you to understand what happens under the hood.
> Have a nice weekend.
>
> --
> Milosz
>
>
> "Jonathan Wood" wrote:
>
>> Milosz,
>>
>> > As you can see data is bound only once (for the same datasource
>> > parameters).
>>
>> Thanks, that's what I was wondering about. I'm not sure if I understood
>> how,
>> but I've printed out your reply and will examine the code more closely.
>>
>> May I ask where you got that listing? I was thinking the framework source
>> was unavailable. What's the trick?
>>
>> > You can always set SelectedValue in the Page_load, even before the data
>> > has
>> > been bound, as the SelectedValue is stored in the temporary variable
>> > until
>> > the next databinding:
>>
>> Okay, I may need the data to correctly determine which item should be
>> selected. But that's helpful to know the SelectedValue can be set first.
>>
>> Thanks again.
>>
>> --
>> Jonathan Wood
>> SoftCircuits Programming
>> http://www.softcircuits.com
>>
>>
==============================================================================
TOPIC: How get value from stored proc
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/1cd8ad4f67a5d3ff?hl=en
==============================================================================
== 1 of 3 ==
Date: Sat, May 10 2008 4:34 pm
From: "Cirene"
I have a stored proc as follows:
ALTER PROCEDURE dbo.GetPostingAuthorId
(
@cat int,
@Id int,
@AuthorId nvarchar(MAX) OUTPUT
)
AS
IF (@cat = 1) --Classifieds
SELECT @AuthorId = UserId FROM classifieds WHERE Id=@Id
ELSE IF @cat = 2 --Community News
SELECT @AuthorId = UserId FROM communityNews WHERE Id=@Id
ELSE --Press releases
SELECT @AuthorId = UserId FROM pressReleases WHERE Id=@Id
RETURN @AuthorId
Using VB.NET/ASP.NET 2.0 how do I retrieve the value of @AuthorId, assuming
my stored proc is correct (which it might not be)?
Thanks.
== 2 of 3 ==
Date: Sat, May 10 2008 5:09 pm
From: "Mark Fitzpatrick"
You need to access the parameters collection. First off, you can't return
AuthorID because it's nvarchar. Return values are always integers and the
return value parameter is usually defined as the first one. After you
execute your stored procedure, you can then reference the parameter and get
the value. Depending upon whether or not you're using a data access library
like the Enterprise Library (http://www.codeplex.com/entlib) then it will be
either the 3rd parameter or the 2nd, depending upon whether or not the
return value parameter is being assigned in your collection.
Hope this helps,
Mark Fitzpatrick
Microsoft MVP - Expression
"Cirene" <cirene@nowhere.com> wrote in message
news:Odf1bZvsIHA.1772@TK2MSFTNGP03.phx.gbl...
> I have a stored proc as follows:
>
> ALTER PROCEDURE dbo.GetPostingAuthorId
> (
> @cat int,
> @Id int,
> @AuthorId nvarchar(MAX) OUTPUT
> )
> AS
> IF (@cat = 1) --Classifieds
> SELECT @AuthorId = UserId FROM classifieds WHERE Id=@Id
> ELSE IF @cat = 2 --Community News
> SELECT @AuthorId = UserId FROM communityNews WHERE Id=@Id
> ELSE --Press releases
> SELECT @AuthorId = UserId FROM pressReleases WHERE Id=@Id
>
> RETURN @AuthorId
>
>
> Using VB.NET/ASP.NET 2.0 how do I retrieve the value of @AuthorId,
> assuming my stored proc is correct (which it might not be)?
>
> Thanks.
>
== 3 of 3 ==
Date: Sat, May 10 2008 8:23 pm
From: "Cirene"
very helpful as usual mark
"Mark Fitzpatrick" <markfitz@fitzme.com> wrote in message
news:uycEUtvsIHA.2068@TK2MSFTNGP05.phx.gbl...
> You need to access the parameters collection. First off, you can't return
> AuthorID because it's nvarchar. Return values are always integers and the
> return value parameter is usually defined as the first one. After you
> execute your stored procedure, you can then reference the parameter and
> get the value. Depending upon whether or not you're using a data access
> library like the Enterprise Library (http://www.codeplex.com/entlib) then
> it will be either the 3rd parameter or the 2nd, depending upon whether or
> not the return value parameter is being assigned in your collection.
>
> Hope this helps,
> Mark Fitzpatrick
> Microsoft MVP - Expression
>
>
> "Cirene" <cirene@nowhere.com> wrote in message
> news:Odf1bZvsIHA.1772@TK2MSFTNGP03.phx.gbl...
>> I have a stored proc as follows:
>>
>> ALTER PROCEDURE dbo.GetPostingAuthorId
>> (
>> @cat int,
>> @Id int,
>> @AuthorId nvarchar(MAX) OUTPUT
>> )
>> AS
>> IF (@cat = 1) --Classifieds
>> SELECT @AuthorId = UserId FROM classifieds WHERE Id=@Id
>> ELSE IF @cat = 2 --Community News
>> SELECT @AuthorId = UserId FROM communityNews WHERE Id=@Id
>> ELSE --Press releases
>> SELECT @AuthorId = UserId FROM pressReleases WHERE Id=@Id
>>
>> RETURN @AuthorId
>>
>>
>> Using VB.NET/ASP.NET 2.0 how do I retrieve the value of @AuthorId,
>> assuming my stored proc is correct (which it might not be)?
>>
>> Thanks.
>>
==============================================================================
TOPIC: Catherine busted by Operation Sudden Fall
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/debc46a07c35f5b0?hl=en
==============================================================================
== 1 of 1 ==
Date: Sat, May 10 2008 3:56 pm
From: Clint.Boufford@usdoj.gov
Law enforcement is now intercepting text messages,
as proven by Operation Sudden Fall in San Diego.
http://www.usdoj.gov/dea/pubs/states/newsrel/sd050608.html
http://www.signonsandiego.com/news/education/20080506-1338-bn06sdsu2.html
Don't let your personal SMS/text messages fall into
the wrong hands. Encrypt your messages with one
of these:
http://www.Xecure.net
http://www.CryptoSMS.org
http://www.CryptoSMS.com
http://www.CryptoGraf.com
http://www.Cop2p.com/encrypted_sms.html
http://www.FortressMail.net/fortress_sms.htm
http://groups.google.com/group/sms-salama/web/introduction
http://home.xtra.co.nz/hosts/sveltdesign/mindwarrior/pages.html?MobeCode
Be Safe, Be Encrypted, Fuck the Police!!
--
Lots of spanish miserable timings will purely decline the readings.
==============================================================================
TOPIC: Site Security - Best Practises
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/bd113ccc3d053007?hl=en
==============================================================================
== 1 of 2 ==
Date: Sat, May 10 2008 5:54 pm
From: "Richard Coltrane"
Hi there,
I have a site that uses encrypted javascript cookies to hold session data
particulary user site role data. Although this data is encrypted Ive just
realised that if i copy the encrypted role data from one cookie and paste it
into another cookie i can make requests to the site using elevated
priviledges.
So im wondering how everyone else gets around this when using cookie based
sessions (I run on shared hosting server sessions are not an option). The
way im see it im really vulnerable because the user is only authenticated
once at login and from there site and role data (which is passed in from the
cookie) is simply "believed" and used to provide site access.
How do you guys and girls do it?? Given i can copy paste the site role
string and reuse it, i dont see the point in encrypting it in the first
place. All someone needs to do is sniff the cookie of a higher priviledged
user and then use the encrypted site role info in their own cookie....they
dont need to decrypt/crack anything.
Thanks
Richard
== 2 of 2 ==
Date: Sat, May 10 2008 10:03 pm
From: Michael Nemtsev [MVP]
Hello Richard,
It's called "Session Hijacking". There are several ways to mitigate this
risk, such as encoding IP in cookies and etc.
I recommend to read the followin articles which describe the nature of the
problem and how to avoid it
http://technet.microsoft.com/en-au/magazine/cc160809.aspx
http://msdn.microsoft.com/en-us/magazine/cc300500.aspx
---
WBR,
Michael Nemtsev [.NET/C# MVP] :: blog: http://spaces.live.com/laflour
"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo
RC> Hi there,
RC>
RC> I have a site that uses encrypted javascript cookies to hold session
RC> data particulary user site role data. Although this data is
RC> encrypted Ive just realised that if i copy the encrypted role data
RC> from one cookie and paste it into another cookie i can make requests
RC> to the site using elevated priviledges.
RC>
RC> So im wondering how everyone else gets around this when using cookie
RC> based sessions (I run on shared hosting server sessions are not an
RC> option). The way im see it im really vulnerable because the user is
RC> only authenticated once at login and from there site and role data
RC> (which is passed in from the cookie) is simply "believed" and used
RC> to provide site access.
RC>
RC> How do you guys and girls do it?? Given i can copy paste the site
RC> role string and reuse it, i dont see the point in encrypting it in
RC> the first place. All someone needs to do is sniff the cookie of a
RC> higher priviledged user and then use the encrypted site role info in
RC> their own cookie....they dont need to decrypt/crack anything.
RC>
RC> Thanks
RC>
RC> Richard
RC>
==============================================================================
TOPIC: programming against outlook (any version) in asp.net
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/045f0685676cf13c?hl=en
==============================================================================
== 1 of 2 ==
Date: Sat, May 10 2008 6:05 pm
From: "Alvin Bruney [ASP.NET MVP]"
WebDav is the supported technology. Have a google.
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $19.99
-------------------------------------------------------
"Andy B" <a_borka@sbcglobal.net> wrote in message
news:OarIcxtsIHA.672@TK2MSFTNGP02.phx.gbl...
> Is it possible to program against Outlook (any version) in asp.net? I want
> to make my own personal web view of Outlook calendar and stuff like that.
>
== 2 of 2 ==
Date: Sat, May 10 2008 10:08 pm
From: Michael Nemtsev [MVP]
Hello Andy,
To add to other post I suggest to look on this sample http://www.codeproject.com/KB/aspnet/teamcalendar.aspx
But, if you need good integration with office stuff I'd consider using Sharepoint
for this reason - there is everything u need without reinventing the wheel
---
WBR,
Michael Nemtsev [.NET/C# MVP] :: blog: http://spaces.live.com/laflour
"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo
AB> Is it possible to program against Outlook (any version) in asp.net?
AB> I want to make my own personal web view of Outlook calendar and
AB> stuff like that.
AB>
==============================================================================
TOPIC: IIS AppDoman environment
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/c7df55e786dcaf58?hl=en
==============================================================================
== 1 of 1 ==
Date: Sat, May 10 2008 11:46 pm
From: "Chris Bordeman"
During an IIS page request or service call, is a new AppDomain created, or
is the main AppDomain for the application pool used?
If the latter, does that mean that an assembly .LoadFrom() is redundant on
subsequent requests?
Date: Sat, May 10 2008 4:22 pm
From: "Jonathan Wood"
Cool. Thanks.
--
Jonathan Wood
SoftCircuits Programming
http://www.softcircuits.com
"Milosz Skalecki [MCAD]" <mily242@DONTLIKESPAMwp.pl> wrote in message
news:D0F112DB-AB67-43B2-9CF6-D9B06FCA734D@microsoft.com...
> Hi Jonathan,
>
> I used Reflector, very powerful freeware reverse engineering tool.
> http://www.aisto.com/roeder/dotnet/
> It will help you to understand what happens under the hood.
> Have a nice weekend.
>
> --
> Milosz
>
>
> "Jonathan Wood" wrote:
>
>> Milosz,
>>
>> > As you can see data is bound only once (for the same datasource
>> > parameters).
>>
>> Thanks, that's what I was wondering about. I'm not sure if I understood
>> how,
>> but I've printed out your reply and will examine the code more closely.
>>
>> May I ask where you got that listing? I was thinking the framework source
>> was unavailable. What's the trick?
>>
>> > You can always set SelectedValue in the Page_load, even before the data
>> > has
>> > been bound, as the SelectedValue is stored in the temporary variable
>> > until
>> > the next databinding:
>>
>> Okay, I may need the data to correctly determine which item should be
>> selected. But that's helpful to know the SelectedValue can be set first.
>>
>> Thanks again.
>>
>> --
>> Jonathan Wood
>> SoftCircuits Programming
>> http://www.softcircuits.com
>>
>>
==============================================================================
TOPIC: How get value from stored proc
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/1cd8ad4f67a5d3ff?hl=en
==============================================================================
== 1 of 3 ==
Date: Sat, May 10 2008 4:34 pm
From: "Cirene"
I have a stored proc as follows:
ALTER PROCEDURE dbo.GetPostingAuthorId
(
@cat int,
@Id int,
@AuthorId nvarchar(MAX) OUTPUT
)
AS
IF (@cat = 1) --Classifieds
SELECT @AuthorId = UserId FROM classifieds WHERE Id=@Id
ELSE IF @cat = 2 --Community News
SELECT @AuthorId = UserId FROM communityNews WHERE Id=@Id
ELSE --Press releases
SELECT @AuthorId = UserId FROM pressReleases WHERE Id=@Id
RETURN @AuthorId
Using VB.NET/ASP.NET 2.0 how do I retrieve the value of @AuthorId, assuming
my stored proc is correct (which it might not be)?
Thanks.
== 2 of 3 ==
Date: Sat, May 10 2008 5:09 pm
From: "Mark Fitzpatrick"
You need to access the parameters collection. First off, you can't return
AuthorID because it's nvarchar. Return values are always integers and the
return value parameter is usually defined as the first one. After you
execute your stored procedure, you can then reference the parameter and get
the value. Depending upon whether or not you're using a data access library
like the Enterprise Library (http://www.codeplex.com/entlib) then it will be
either the 3rd parameter or the 2nd, depending upon whether or not the
return value parameter is being assigned in your collection.
Hope this helps,
Mark Fitzpatrick
Microsoft MVP - Expression
"Cirene" <cirene@nowhere.com> wrote in message
news:Odf1bZvsIHA.1772@TK2MSFTNGP03.phx.gbl...
> I have a stored proc as follows:
>
> ALTER PROCEDURE dbo.GetPostingAuthorId
> (
> @cat int,
> @Id int,
> @AuthorId nvarchar(MAX) OUTPUT
> )
> AS
> IF (@cat = 1) --Classifieds
> SELECT @AuthorId = UserId FROM classifieds WHERE Id=@Id
> ELSE IF @cat = 2 --Community News
> SELECT @AuthorId = UserId FROM communityNews WHERE Id=@Id
> ELSE --Press releases
> SELECT @AuthorId = UserId FROM pressReleases WHERE Id=@Id
>
> RETURN @AuthorId
>
>
> Using VB.NET/ASP.NET 2.0 how do I retrieve the value of @AuthorId,
> assuming my stored proc is correct (which it might not be)?
>
> Thanks.
>
== 3 of 3 ==
Date: Sat, May 10 2008 8:23 pm
From: "Cirene"
very helpful as usual mark
"Mark Fitzpatrick" <markfitz@fitzme.com> wrote in message
news:uycEUtvsIHA.2068@TK2MSFTNGP05.phx.gbl...
> You need to access the parameters collection. First off, you can't return
> AuthorID because it's nvarchar. Return values are always integers and the
> return value parameter is usually defined as the first one. After you
> execute your stored procedure, you can then reference the parameter and
> get the value. Depending upon whether or not you're using a data access
> library like the Enterprise Library (http://www.codeplex.com/entlib) then
> it will be either the 3rd parameter or the 2nd, depending upon whether or
> not the return value parameter is being assigned in your collection.
>
> Hope this helps,
> Mark Fitzpatrick
> Microsoft MVP - Expression
>
>
> "Cirene" <cirene@nowhere.com> wrote in message
> news:Odf1bZvsIHA.1772@TK2MSFTNGP03.phx.gbl...
>> I have a stored proc as follows:
>>
>> ALTER PROCEDURE dbo.GetPostingAuthorId
>> (
>> @cat int,
>> @Id int,
>> @AuthorId nvarchar(MAX) OUTPUT
>> )
>> AS
>> IF (@cat = 1) --Classifieds
>> SELECT @AuthorId = UserId FROM classifieds WHERE Id=@Id
>> ELSE IF @cat = 2 --Community News
>> SELECT @AuthorId = UserId FROM communityNews WHERE Id=@Id
>> ELSE --Press releases
>> SELECT @AuthorId = UserId FROM pressReleases WHERE Id=@Id
>>
>> RETURN @AuthorId
>>
>>
>> Using VB.NET/ASP.NET 2.0 how do I retrieve the value of @AuthorId,
>> assuming my stored proc is correct (which it might not be)?
>>
>> Thanks.
>>
==============================================================================
TOPIC: Catherine busted by Operation Sudden Fall
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/debc46a07c35f5b0?hl=en
==============================================================================
== 1 of 1 ==
Date: Sat, May 10 2008 3:56 pm
From: Clint.Boufford@usdoj.gov
Law enforcement is now intercepting text messages,
as proven by Operation Sudden Fall in San Diego.
http://www.usdoj.gov/dea/pubs/states/newsrel/sd050608.html
http://www.signonsandiego.com/news/education/20080506-1338-bn06sdsu2.html
Don't let your personal SMS/text messages fall into
the wrong hands. Encrypt your messages with one
of these:
http://www.Xecure.net
http://www.CryptoSMS.org
http://www.CryptoSMS.com
http://www.CryptoGraf.com
http://www.Cop2p.com/encrypted_sms.html
http://www.FortressMail.net/fortress_sms.htm
http://groups.google.com/group/sms-salama/web/introduction
http://home.xtra.co.nz/hosts/sveltdesign/mindwarrior/pages.html?MobeCode
Be Safe, Be Encrypted, Fuck the Police!!
--
Lots of spanish miserable timings will purely decline the readings.
==============================================================================
TOPIC: Site Security - Best Practises
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/bd113ccc3d053007?hl=en
==============================================================================
== 1 of 2 ==
Date: Sat, May 10 2008 5:54 pm
From: "Richard Coltrane"
Hi there,
I have a site that uses encrypted javascript cookies to hold session data
particulary user site role data. Although this data is encrypted Ive just
realised that if i copy the encrypted role data from one cookie and paste it
into another cookie i can make requests to the site using elevated
priviledges.
So im wondering how everyone else gets around this when using cookie based
sessions (I run on shared hosting server sessions are not an option). The
way im see it im really vulnerable because the user is only authenticated
once at login and from there site and role data (which is passed in from the
cookie) is simply "believed" and used to provide site access.
How do you guys and girls do it?? Given i can copy paste the site role
string and reuse it, i dont see the point in encrypting it in the first
place. All someone needs to do is sniff the cookie of a higher priviledged
user and then use the encrypted site role info in their own cookie....they
dont need to decrypt/crack anything.
Thanks
Richard
== 2 of 2 ==
Date: Sat, May 10 2008 10:03 pm
From: Michael Nemtsev [MVP]
Hello Richard,
It's called "Session Hijacking". There are several ways to mitigate this
risk, such as encoding IP in cookies and etc.
I recommend to read the followin articles which describe the nature of the
problem and how to avoid it
http://technet.microsoft.com/en-au/magazine/cc160809.aspx
http://msdn.microsoft.com/en-us/magazine/cc300500.aspx
---
WBR,
Michael Nemtsev [.NET/C# MVP] :: blog: http://spaces.live.com/laflour
"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo
RC> Hi there,
RC>
RC> I have a site that uses encrypted javascript cookies to hold session
RC> data particulary user site role data. Although this data is
RC> encrypted Ive just realised that if i copy the encrypted role data
RC> from one cookie and paste it into another cookie i can make requests
RC> to the site using elevated priviledges.
RC>
RC> So im wondering how everyone else gets around this when using cookie
RC> based sessions (I run on shared hosting server sessions are not an
RC> option). The way im see it im really vulnerable because the user is
RC> only authenticated once at login and from there site and role data
RC> (which is passed in from the cookie) is simply "believed" and used
RC> to provide site access.
RC>
RC> How do you guys and girls do it?? Given i can copy paste the site
RC> role string and reuse it, i dont see the point in encrypting it in
RC> the first place. All someone needs to do is sniff the cookie of a
RC> higher priviledged user and then use the encrypted site role info in
RC> their own cookie....they dont need to decrypt/crack anything.
RC>
RC> Thanks
RC>
RC> Richard
RC>
==============================================================================
TOPIC: programming against outlook (any version) in asp.net
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/045f0685676cf13c?hl=en
==============================================================================
== 1 of 2 ==
Date: Sat, May 10 2008 6:05 pm
From: "Alvin Bruney [ASP.NET MVP]"
WebDav is the supported technology. Have a google.
--
Regards,
Alvin Bruney [MVP ASP.NET]
[Shameless Author plug]
The O.W.C. Black Book, 2nd Edition
Exclusively on www.lulu.com/owc $19.99
-------------------------------------------------------
"Andy B" <a_borka@sbcglobal.net> wrote in message
news:OarIcxtsIHA.672@TK2MSFTNGP02.phx.gbl...
> Is it possible to program against Outlook (any version) in asp.net? I want
> to make my own personal web view of Outlook calendar and stuff like that.
>
== 2 of 2 ==
Date: Sat, May 10 2008 10:08 pm
From: Michael Nemtsev [MVP]
Hello Andy,
To add to other post I suggest to look on this sample http://www.codeproject.com/KB/aspnet/teamcalendar.aspx
But, if you need good integration with office stuff I'd consider using Sharepoint
for this reason - there is everything u need without reinventing the wheel
---
WBR,
Michael Nemtsev [.NET/C# MVP] :: blog: http://spaces.live.com/laflour
"The greatest danger for most of us is not that our aim is too high and we
miss it, but that it is too low and we reach it" (c) Michelangelo
AB> Is it possible to program against Outlook (any version) in asp.net?
AB> I want to make my own personal web view of Outlook calendar and
AB> stuff like that.
AB>
==============================================================================
TOPIC: IIS AppDoman environment
http://groups.google.com/group/microsoft.public.dotnet.framework.aspnet/browse_thread/thread/c7df55e786dcaf58?hl=en
==============================================================================
== 1 of 1 ==
Date: Sat, May 10 2008 11:46 pm
From: "Chris Bordeman"
During an IIS page request or service call, is a new AppDomain created, or
is the main AppDomain for the application pool used?
If the latter, does that mean that an assembly .LoadFrom() is redundant on
subsequent requests?
No comments:
Post a Comment