.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

Is This Right and Safe ??

Posted By:      Posted Date: August 23, 2010    Points: 0   Category :ASP.Net

hello everyone , I need to know if this code is right and safe for login page

I used sqldatareader

 SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ccc"].ConnectionString);
        SqlCommand cmd = new SqlCommand("SELECT * FROM [Table_Users] ", con);

        SqlDataReader dr;
        dr = cmd.ExecuteReader();
    if(dr["UserName"].Equals(txtUserName.Text) && dr["Password"].Equals(txtPassword.Text))


thanks :)

View Complete Post

More Related Resource Links

Safe!: Repel Attacks on Your Code with the Visual Studio 2005 Safe C and C++ Libraries


When Visual Studio 2005 ships, it will include a major upgrade to the Visual C++ Libraries that was the result of a complete security review of the functions contained in the C Runtime Library, Standard C++ Library, ATL, and MFC. From that extensive review came the Safe C and C++ Libraries, which can improve the security and robustness of your apps.

Martyn Lovell

MSDN Magazine May 2005

Delegates in .NET: A Primer on Creating Type-Safe References to Methods in Visual Basic .NET


Delegates, new in Visual Basic .NET, are type-safe, object-oriented references to methods. By using delegates, you make your methods accessible to others and therefore more extensible. This article provides an introduction to delegates, their benefits, and how they are used.Here the author shows you how to declare, create, and use delegates to invoke instance and shared methods at run time, and how to implement delegates as properties. He then goes on to provide examples of how delegates are used for callback functionality and explains the relationship between delegates and events. Finally, the article provides a glimpse at how delegates are implemented in intermediate language code by the Visual Basic .NET compiler.

Jesse Liberty

MSDN Magazine February 2003

.NET Column: Safe Thread Synchronization


By far, the most common use of thread synchronization is to ensure mutually exclusive access to a shared resource by multiple threads. In the Win32® API, the CRITICAL_SECTION structure and associated functions offers the fastest and most efficient way to synchronize threads for mutually exclusive access when the threads are all running in a single process.

Jeffrey Richter

MSDN Magazine January 2003

modifying isLockedOut field via an updatesql is safe ?


Need lock some users when I want.and I read isLockedOut is readonly.

I found a field in aspnet_profile table namely IsLockedOut=true/false
If I modify the record via sql is it safe way ?this may be a source of some unexpected problems ?

Custom Field Control 'not registered as safe'


Hi all,


my goal is to create a custom field control based on a custom field, to be part of a custom content type which derives from a publishing page. Also I want the custom field control to be part of a custom page layout which is associated with my custom content type.


I followed the steps from Patrick Tisseghems book 'Inside MOSS2007', which includes the following instructions:


  • Create and implement the following classes: CustomField, CustomFieldValue, CustomFieldControl. Sign them and deploy the assembly to the GAC.
  • Create a User Control Custom.ascx. Copy it to Controltemplates directory.
  • Create fldtypes_custom.xml and copy to 12\TEMPLATE\XML
  • Add <SafeControl /> entry to web.config

I did of all the above plus I created a page layout in SharePoint Designer which contains an instance of my CustomFieldControl.


When I create an instance of CustomPage (derived content type from Publishing Page, with extra field of type CustomField) with my custom page layout and add it to the Pages library of my Publishing site, everything seems to go fine. When i edit properties of the page with /Pages/Forms/EditForm.aspx I can even edit the custom field value trough the interface using mu custom field control! Everything seems to work perfectly!


But... this

Web Part working fine on the top-level page but 'Not Safe' error on lower-level pages.


I have created a Web Part which reads and parses the SharePoint logs in order to display usage information of the page it resides on.  The Web Part works perfectly on the top page, reading and displaying the information desired.  However, once the Web Part is added to any page lower in the site heirarchy (sub-page) the same Web Part throws the following error:

Web Part Error: A Web Part or Web Form Control on this Page cannot be displayed or imported. The type could not be found or it is not registered as safe.

Show Error Details
Hide Error Details

[UnsafeControlException: A Web Part or Web Form Control on this Page cannot be displayed or imported. The type could not be found or it is not registered as safe.]
  at Microsoft.SharePoint.ApplicationRuntime.SafeControls.GetTypeFromGuid(Guid guid)
  at Microsoft.SharePoint.WebPartPages.SPWebPartManager.CreateWebPartsFromRowSetData(Boolean onlyInitializeClosedWebParts)

Of course the current version of the Web Part is in the SafeControls list on the web.config.

The Web Part was originally designed to return site activity only for the top default.aspx page and worked fine but started to fail in the manner described above once I added the following line of code to return a SPCo

ThreadPool with lock isn't thread safe

Hello, I'm having some problems with my code which apparently isn't thread safe at all. The problem is that it doesn't crash often, but of course it does when in production! I have twisted my mind around the problem for a month or so now, and I need some help in sorting out the problem. Well, the problem is that it isn't thread safe, and the collection (_subscribers) is modified while looping. The error says that it crashes in the method: SendRoundSettings. Here's part of the code (which I guess contains the error, as the other methods are pretty much identical): [ServiceBehavior(ConcurrencyMode = ConcurrencyMode.Multiple)] public class DuplexService : IDuplexService { private readonly object _syncRoot = new object(); private static Subscribers _subscribers = new Subscribers(); private static RoundSettings _currentRoundSettings = new RoundSettings() {CompetitionId = 1, NumberOfAthletesInRound = 0, Round = 0, SortDirection = SortDirection.ByStartNumber}; public void SendJudgeScore(CompetitionJudgeAthleteJump judgeScore) { ThreadPool.QueueUserWorkItem(state => { Subscribers clonedSubscribers = CloneSubscribers(); Console.WriteLine("Sending judgeScore to {0} client(s)", clonedSubscribers.Count(x => x.CompetitionId == judgeScore.CompetitionId));

C# Thread Safe Class events

Right now I have created a custom base class that has numerous events.  These events have non-standard signatures and are fired from a thread I have that is basically just a while loop checking variables against older ones for telling when something has changed. As far as I know this is the best way to go about doing this is to just make a void on another thread in a while (true) loop, in the loop just doing ifs... than doing a thread sleep.  I make sure the thread is a background thread that way it'll exit propertly when the consumer exits.  If anyone knows a beter way of going about this than stop reading here. :) If not that onto my real question... I have events that are fired from this loop on the thread I created, now they're attatched on the consumer app and no matter what I do I can't seem to get these events to be thread-safe so that I don't have to use the Control.Invoke method for each event. If anyone knows anything that'll help me out it'll be much appreciated. Thanks,Chad

SSRS2005: Is it safe to manually remove instances from the Keys table in the report server database?

I have a problem with redundant reporting services instances still hanging around in the initialization pane of the RS configuration wizard and I can't get rid of them. The problem arose when we had new webfarms and before I had removed all references to the old ones from the initialization screen, the old webfarms had been switched off, removed from the network and dismantled. Therefore when I try to 'de-initialize' them, I get an error stating that reporting services cannot connect to them and when I run reports, a fair few are trying to run on the old webfarms which no longer exist and are disappearing into the void. There's a table in the report server database called Keys whch contains details of these intances and i'm wondering if its safe to remove these via SQL commands without breaking reporting services on other machines.   As a side note: All this stems from the fact that when you uninstall Reporting Services, not all of the files / references are removed. So as a general word of warning, if you do an uninstall of RS2005, you'll need to make sure everything's gone before re-installing, throwing away old machines etc. These include folders in IIS and these old instances as mentioned above.  

Visual Source Safe 2008


There is not a clear category on the site where to post this, so giving it a shot here.

Has anyone used VS 2008?  I current user Turtoise for some projects, and Source Gear Valut for others. 

The company where I work is thinking about moving to VSS because of the MSDN subscription.

My experience with VSS prior to VSS 2005 was that it conied the name "Visual Source Unsafe" and I know first hand that it trashed my work more that once and I stopped using it.  Source Gear Valut on the other hand is rock solid.

So is VSS 2008 Really "safe"  was VSS 2005 "safe" ?



Why do we say delegates are type safe as compared pointers???


Two questions:

  •  Why do we say delegates are type safe as compared pointers ?
  • Can we define a pointer in C# ?

Is it safe to store db keys in javascript?



I'm working on a mapping application and will be allowing a user to make a query and have the resulting locations display on a map.
I want the users to be able to interact with the map, but I need to know exactly which item they're interacting with, so it would be easiest if when the original query is made, the id's are put in a hidden field somewhere so I can just perform an insert statement based just on the key, rather than having to to another query to find out the key by saying "where location name is x and the coordinates are y, and the description is z" etc.

Is this a bad idea, i.e. could anyone do any harm if they discovered that I was storing the primary key in a hidden field?

How can i safe value of variables in javascript code in PostBack event?


Hi Experts.

I need to define some Boolean variables in my javascript code and use them  when  the any onfocusout methods of controls  is fired. Like this:


            Var is_ValidateTextBox1 = false;

            Var is_ValidateTextBox2 = false;

            Var is_ValidateTextBox3 = false;

Function focusout_TextBox1()

{ValidateTextBox1 = true; }


When onfocusout of TextBox1 is fire, I want to set  " is_ValidationTextBox1=true;".  But when the post back is fired from the form, the variable reset to false because the line of defining the "Var is_ValidateTextBox1 = false;" is run again in post back!

Now how can I to solve this problem? How can i safe value of variables in javascript code in PostBack event?

With Regards. Mojtaba

Are non-static objects thread-safe in a static-method?


I am using javascript and ajax to call server side mothod.  The pagemethod can only be static function in teh server side.  But i know static methods are not thread safe across simultaneous sessions.  However, what if the static method is modifying a non-static object?

for example:

public partial class default : system.web.ui.page

Hero Superman; // create an object called superman of class hero for all user sessions independently

public static int(newpowers)


Superman.powers = newpowers;  // Is this thread safe?  Will each user not accidentally get written by another user's power values?


web service thread-safe?



I am using a COPY web service. Is the function that uploads a document, COPYINTOITEMS, a thread-safe? If not, what is a good way to do a similar thing?

I am thinking to create one copy object and all incoming requests(thread) share this object to invoke CopyIntoItems function.

Thank you.

Is Dispatcher.BeginInvoke really NOT thread safe, while the old System.Windows.Forms.Control.BeginIn




System.Windows.Forms.Control.BeginInvoke is documented as thread safe (in fact, BeginInvoke , EndInvoke , Invoke , InvokeRequired , and CreateGraphics are).



But in WPF, Dispatcher.BeginInvoke is not documented as thread safe. Which would appear to me as a regression (and not really convenient, to be honest).

Was it only forgotten in MSDN documentation, or should I really use external locking to prevent the dispatcher to get lost in its messages and priorities?



Thanks. ;)

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend