What makes a strong password?

| 0 comments

In today’s day and age the importance of a strong password cannot be over stated, but have you really stopped for a moment and considered just what makes a strong password? Many organizations have policies concerning passwords and while a policy is an absolute the reality is that passwords often are weak. For example, consider for a moment that a policy states that passwords must be at a minimum of eight characters and include upper case, lower case, one special character and a number. If an employee was to use a password of P@ssword1 then they would be conforming to the policy, but the reality is this is a poor password. Using an everyday computer the password and Windows System password protection this password could be cracked in less than a day. The Human Fault The reality is that we as humans are not wired to recall a completely random set of characters from memory therefore we typically create a password that can be easily remembered or has personal meaning that acts as a hint. For example, if the same employee was to set a password of p?[Mvt`V instead of P@ssword1 the time to then crack this much more complex …

Continue reading

.NET Security Inspection Questions

| 0 comments

Application security encompasses measures taken throughout the application’s life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application. Applications only control the use of resources granted to them, and not which resources are granted to them. They, in turn, determine the use of these resources by users of the application through application security. The next time you begin a project stop and ask yourself the following questions. The best way to be successful is to prepare in advance and know what to look for. Here’s a checklist to help you get the most out of your Web application security testing, trust me, you will be in a better position if you do. SQL Injection Is the application susceptible to SQL injection? Does the code use parameterized stored procedures? Does the code use parameters in SQL statements? Does the code attempt to filter input? Cross-Site Scripting Does the code echo user input or URL parameters back to a Web page? Does the code persist user input or URL parameters to a data store that could later be displayed on a Web page? Input/Data …

Continue reading

Product Review: Devart dbForge Schema Compare

| 0 comments

Database change management provides a set of tools which make the process of propagating database schema and data changes to multiple environments effortless. The problem that Database Change Management is attempting to solve: Most significant business applications rely on at least one relational database for persisting data As new features are developed, database schema changes are often necessary – i.e. new tables, columns, views, and stored procedures Database schema changes and corresponding code changes must always be deployed together Successful database change management requires that a consistent process be applied by all team members. Without a consistent process than the tools provided in this solution will not provide its full value. The proposed/ideal process that uses database change management tools would consist of: Each developer using their own local database to do their development work Each environment using its own database. i.e. Development, Testing, Staging, and Production Each developer maintains his changes locally When the database changes are ready to commit alongside the application source code, the developer create a change script that wraps all of the database changes into a single transactional change script. By now you’re probably asking yourself how in the world is it even possible to …

Continue reading

Series DropDownList: Cascading DropDownList

| 0 comments

This is the second article on the subject of DropDownList. If for any reason you missed the earlier post titled Series DropDownList: Binding XML Data to a DropDownList, I would recommend that you take the time and read that post as well. In part two of this series I will focus on accomplishing cascading selections with your DropDownList. Since the bulk of the work was accomplished in DropDownList: Binding XML Data to a DropDownList we will pick up from there. Web Form Here we will incorporate a small change from the previous example. Notice that in this example I have added a new event titled OnSelectedIndexChanged. <label for=”ddlCountry”>Country:</label> <asp:DropDownList ID=”ddlCountry” runat=”server” AutoPostBack=”True” OnSelectedIndexChanged=”ddlCountry_SelectedIndexChanged” Width=”160px”> </asp:DropDownList> <label for=”ddlRegion”>Region:</label> <asp:DropDownList ID=”ddlRegion” runat=”server” AutoPostBack=”True” OnSelectedIndexChanged=”ddlRegion_SelectedIndexChanged” Width=”160px”> </asp:DropDownList> <label for=”ddlCity”>City:</label> <asp:DropDownList ID=”ddlCity” runat=”server” Width=”160px”> </asp:DropDownList> Code Behind Each selected index change event fires the appropriate method which in turns makes a call back to the server and reads in the appropriate data to return and bound to out DropDownList. protected void ddlCountry_SelectedIndexChanged(object sender, EventArgs e) { ddlRegion.Items.Clear(); string strCountry = string.Empty; strCountry = ddlCountry.SelectedValue; List<string> list = null; if (ddlCountry.SelectedIndex != 0) { list = RetrieveDataFromXml.GetRegionByCountry(strCountry); if (list != null && list.Count != 0) …

Continue reading

Series DropDownList: Binding XML Data to a DropDownList

| 0 comments

Who doesn’t love XML? Extensible Markup Language (XML) is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards.  The design goals of XML emphasize simplicity, generality, and usability over the Internet. It is a textual data format with strong support via Unicode for the languages of the world. Although the design of XML focuses on documents, it is widely used for the representation of arbitrary data structures, for example in web services. Bottom line XML is easily created, consumed, and understood. In this article we will focus on the basic idea of binding XML data to a DropDownList. When it is all said and done your DropDownList will look similar to the following example. XML Source First we need a XML file. In this example we have XML that contains countries, regions, and cities. <?xml version=”1.0″ encoding=”utf-8″ ?> <Countries> <Country name=”Korea”> <Region name=”South Korea”> <City> Seoul </City> <City> Taegu </City> <City> Songtan </City> </Region> </Country> <Country name=”USA”> <Region name=”California”> <City> Los Angeles </City> <City> Bakersfield </City> <City> …

Continue reading