As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I've just started creating my first MVC website; what's the best practice to prevent hacking on my (site as cross site, SQL injection, etc.)?
I'm worried about uploading the site without security, I've encountered an actual injection before using cross site injection. How can I protect the site, can I encrypt the source asp page HTML design?
have a look at this getting started with MVC3 guide, it covers both MVC3 and EntityFramework, there are also some notes on security considerations.
Use something like Entity Framework or NHibarnate to prevent SQL injections. That are very powerfool tools for working with database.
Other security questions you must solve as other frameworks too.For ASP. NET MVC I find some article here, take a look at this
For cross domain you can probably generate key for every request and store that in Session and then check with that generated key.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I want to start a web project in ASP.Net and still not decided which database to use. I have had experience with MSSQL and Oracle, but I want one that is free to the end user.
My options are: MySQL, Firebird and PostgreSQL.
What do you recommend and why?
Thanks for the support.
I've used MySql, PostgreSql, and MS Sql extensively. I would recommend MySql. It is easy to set up and configure, has all the features you will need, and is used by countless open source projects across the world, including Wordpress, which a ridiculous number of people use to power their websites.
I would use PostgreSql if you need more powerful and fine-grained support. It has been around a long time along with it's ancestors, and at one point powered the largest database in the world, a 2 petabyte database run by Yahoo.
For a simple web app, though, I would recommend MySql. It is used by more people, and is the de facto open source database.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
I've been getting acquainted with the Zend and Yii frameworks and am trying to understand the benefits of using some of their built-in methods to perform MYSQL queries. While I definitely see the benefits of using their classes to connect to the database, and to do things such as insert/update, I'm trying to understand the benefit of using objects for SELECTing from the database, as it seems to just obscure the MYSQL statement when the queries are complicated. Is there any benefit, or is it just a matter of preference?
First, i'm not a Zend or even a PhP developer, but I would say that your already pointed out the biggest advantage : "obscuring" the SQL; That way you're not tight with 1 specific DBMS. For example, you don't select a range the same way in mysql and sql server. So let's suppose you switch from the one to the other, if you're not using the framework objects for doing your queries, you may need to rewrite it.
If you use the framework, you'll probably only have to switch database connectors (or whatever they're called in the framework).
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
Good day all,
Please forgive me if this isn't the right forum to ask this question - but I couldn't think of a more resourceful community.
I handle IT stuff for a small firm where I built a PCI Compliant VB.net application to store credit card information. When a customer gives authorization to keep their card information on file, they are required to sign an Authorization Form. All has been successful thus far, but now they want to be able to store a pdf copy of this authorization form and make it accessible via the application.
I've been thinking of the following ways accomplish this task:
FTP (separate from the DB)
BLOB (directly in the DB)
What's the best approach to achieve this and how would I go about coding this in VB.net? I'm using a MySQL database.
//Kismet
Separate from the DB... just save the URL or file path in the database. In this case then you could split the PDF's up across multiple servers if needed. Also keeps the size of the DB smaller (which you want to backup more frequently).
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I am seeking some more knowledge about MySQL queries. I've been working on building myself as a programmer and now I need to know more about MySQL advanced techniques.
I need to learn about MySQL JOIN queries, CASE, MAX..., everything that I don't already know.
I would really appreciate some links to useful articles with in-depth explanations of advanced MySQL. If you know any good video tutorial about learning MySQL, suggest it, I'm gonna purchase it.
Sorry if this question seems useless to any of you, but it's important to me since I can't keep asking SQL related questions here, I have to learn to do stuff myself.
Thanks.
Having picked up on a couple keywords (video tutorial, purchase), combined with your interest in building your skill set, I'd recommend looking into a subscription on http://www.lynda.com/
Depending on the programming language you're using in conjunction with MySQL, I'd also recommend looking into PDO (assuming you aren't already familiar with it).
Some helpful PDO articles, to supplement your existing knowledge of MySQL:
http://net.tutsplus.com/tutorials/php/php-database-access-are-you-doing-it-correctly/
http://www.phpro.org/tutorials/Introduction-to-PHP-PDO.html
http://returnsuccess.com/post/15-PDO-class-Object-Oriented-PHP
I'd be more helpful, but I can only provide as much information as the question itself.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I am looking for a browser based tool (or a rapid development environment which could allow us to build a tool) which would allow users to edit data in MySQL tables. We would like to allow users to insert/delete rows, edit cells. Usability features like column sorting, or limiting entry in cells to a list of choices shall be possible.
It would be awesome if the tool allows customization (via php, javacript, python etc), user permissions, db version control (or backups).
We are looking for this sort of tool as we lack good db programming expertise.
Edit: users will not be able to create/delete tables, but only enter/remove data.
phpMyAdmin is probably the best there is for MySQL. But that is designed for DB admins not for end users.