Posts by zachattack05

I have a string representing a date time, and a datetime local variable property. The string representing the datetime could be null or an empty string. To check for this, I thought I could check for a null or whitespace value and assign the appropriate value using this code:

ReturnValue.ArrivalDate = string.IsNullOrWhiteSpace(Screenings.ArrivalDate) ? null : DateTime.Parse(Screenings.ArrivalDate);

Pretty simple. The property ReturnValue.ArrivalDate is of the type DateTime?. So if the Screenings.ArrivalDate string is null or white space, it would assign the value null to the nullable ReturnValue.ArrivalDate property and if it's not null or whitespace, it would parse the string and return a DateTime object.

This line of code though produces this error:

Type of conditional expression cannot be determined because there is no implicit conversion between '<null>' and 'DateTime'

The following code block though does work, it just looks horrible:

if (!string.IsNullOrWhiteSpace(Screenings.ArrivalDate))
{
    ReturnValue.ArrivalDate = DateTime.Parse(Screenings.ArrivalDate);
}
else
{
    ReturnValue.ArrivalDate = null;
}

Why does the ugly if/else work, but the nice single line (which, I would imagine compiles the same as the above if/else) is failing?

Good points rproffitt! The typical disaster plan here is unwritten and typically goes like this:

"Oh crap! There's a problem! Quick! Restore a backup!" Amazingly it works more often than I would care to admit.

Reverend Jim -- You mean something like this:

I'm literally in column index hell with this! There's even an obsolete message associated with the method used! It's making me crazy.

I'm not sure if this is the right forum to ask this in, sorry if it isn't. It's been a while since I've been to this site.

We have a MS SQL database that contains a table with some columns that are no longer used (or shouldn't be). The data isn't updated anymore and has been moved to different columns to extend functionality with the applications that access the data.

Anyway, I would like to remove the columns, but I need to make sure that the ASP.NET website, an Access database and a C# WinForms application don't have any code that references these columns, lest there be an error with downtime to correct it.

I know it's a generic, and complicated question, but what are some suggestions on removing these columns safely while trying to prevent unforseen errors with the applications that access the table. Because there are 3 different applications, and some of them are rather complex, I'm worried that simply searching source code for references won't be enough to catch everything.

Any thoughts or ideas?

The % simply returns the remainder of the division of the first and second number.

So if i = 25, then 25 % 2 would return 5, which doesn't meet either of your if statements.

Change your code to this:

        Console.WriteLine("");
        Console.WriteLine("Problem #3 For loop - Add Up the Odds or Evens");
        Console.WriteLine("");
        Console.WriteLine("Please select 1 for the sum of even numbers or select 2 for sum of odd numbers");
        string usrin = Console.ReadLine();
        int usrinnum = int.Parse(usrin);
        int sumeven = 0;
        int sumodd = 0;
        int[] Numbers = new int[6] { 25, 26, 27, 28, 29, 30 };
        if (usrinnum == 1)
        {
            foreach (int i in Numbers)
            {
                if (i % 2 == 0)
                    sumeven += i;
                Console.WriteLine("The sum of the Evens is " + sumeven);
            }
        }
        else
        {
            foreach (int i in Numbers)
            {
                if (i % 2 != 0)
                    sumodd += i;
                Console.WriteLine("The Sum of the odds is " + sumodd);
            }
        }

Read here: https://msdn.microsoft.com/en-us/library/0w4e0fzs.aspx

Good idea!

Thanks!

I am working on a table that will hold batch data.

The table will have a BatchDate column as a DateTime type. I'm considering adding a column for BatchYear as an integer and BatchPeriod (which could be a week number, a month number or a quarter number) as an integer, even though both of these values can be derived from the BatchDate and using another column in the table.

I'm considering doing this because I'm thinking it would be easier to work with queries where someone doesn't have to pull the date from the table first, compute the period they want and then query the table again. Also, if someone is looking for a batch from the 3rd quarter of 2012, the server would have to convert each BatchDate to it's quarter equivalent and do the same for the year and then test for a match, but if the values are there in separate columns, one could simply query the BatchPeriod and the BatchYear column for a match.

Is this a bad idea to break normal form this way?

That stinks.

I was hoping they would fix it.

I'm assuming it isn't fixed in the latest version either?

I've asked this on SO AND Reddit without so much as a peep...was hoping DW would turn up the answer!

I have an ascx user control that has a custom event added to it.

I can get the event to work without problem, but the event doesn't show up in Visual Studio's property editor, only in intellisense. Is there an attribute I am missing or something?

The event definition is:

[Browsable(true), EditorBrowsable(EditorBrowsableState.Always)]
public event EventHandler<EventArgs> SelectedIndexChanged;

The event doesn't show up in the property box but all of my custom properties do:

But is accessable through intellisense:

Is there a way to have the events show up in the property editor?

Sorry for the late reply!

rproffitt, I don't see how it degrades the password. There are many zip cracking tools out there, true, but there are also many tools to brute force their way into http login forms as well. Passwords come with risks in general. Since the files are served over a HTTPS connection and are provided to those who download them, no one else should be able to access them and attempt to crack the zip password unless they have physical access to the downloader's machine. This isn't something I can protect against, regardless of the password.

pritaeas, I've toyed with the idea of doing that, but the drawback is that the user has to wait for the email to arrive and if it doesn't for whatever reason, then it can cause issues. I was hoping to have it be simple in that the user can just use the password they already know to open the files. The other disadvantage is that the password then could reside on email servers that could be used later to re-open the file.

I might just let them download it without a password and just keep the file unprotected. After all the connection is encrypted as well as the fact that the user has to login to download it to begin with. Once it's on their machine, security is out of my hands anyway.

I could, but I don't know what the passwords are.

They are stored in a one way hash.

The Membership table for our ASP.NET site has the encrypted passwords and password salts stored when a user logs in.

The site is already served over an HTTPS connection, but we would like to give our clients the ability to download and save certain files and documents. We would like to have those documents encrypted (essentially password protected), which we can do, but, we would like to have them be able to open those enrypted documents using the password they use to login to the site.

Is it possible to do this?

Essentially, I don't see how it would be difficult. We don't want to know the user's password, all we want is to essentially "wrap" the contents of a file in a shell (zip file or whatever) and when they open the file, the password they provide is checked against the embedded password and salt values and if they match, open, if not, don't. I'm just not sure if it's possible when encrypting a file, or password protecting it, to be able to say, essentially, "OK, password protect this file, here's the password that's already encrypted using XYZ algorythm. Don't encrypt it again, it already is."

Does this make sense?

I kinda figured I wouldn't be able to do it easily.

I think I'm just going to use a SP or view since I can check if a datetime field is null in a SQL Query and just convert that result to a bit field instead. The date is rather irrelevant for the report, all that's important is that a date is present or not.

Yay for moving business logic to a database...not. Ugh.

Thanks for your input rproffitt.

rproffitt,

I don't think that will work. I probably should have explained more about the report.

Essentially the report contains a matrix of data, and two of those columns contain a gauge indicator control. The sql command selects a set of data from the table and the report (is supposed to) show a matrix similar to this:

Those checks and X images are based on whether or not a date is present or not. If it is, a check, if not, an X.

Two reports won't work simply because the report shows multiple records from the database.

Hi everyone!

I am in major need of some help here and before I go off and write a SP to handle this for me, I though I would ask here for advice first.

I am writing a report to display on our asp.net site using the ReportViewer component and the report editor in VS.

We have a SQL table that contains a DateTime field (two actually) and those fields also accept null values.

The report I am writing in ASP.NET needs to select the data from the table and determine if the DateTime field is null to show certain values on the report.

Some of the solutions I have found involve testing for DateTime.MinValue, but the problem is that some of the dates in the database legitimately have that value. So I can't check against that.

Is there a way, besides me creating a SP on the SQL server to check for NULL values, for me to do this?

Because I am using a report, my options for codebehind are rather limited. I have tried using the IsNothing() and IsDate() on the field, but it simply throws an error saying the report couldn't be processed.

Any thoughts?

Hi everyone!

So we have a web application that some of our clients use to manage their account. Part of that means they can manage activities that their registered employees do. Right now we have a table that logs all of a customer's employees activities, even if they don't use the web application.

We would like to add the ability to have our web application users add the outcome of the activity, notes, and other pieces of data (about 10 in total).

The problem is that not all of our customers use the app so they wouldn't be adding this data to our system, but instead would manage it with pencil and paper (old school style!) and even those that use the web app aren't required to enter this extra data, they can simply monitor the activities and still manage the outcomes with pencil and paper.

Given this, should I just add new fields to the existing table of activities even though a lot of them may end up being NULL values or should I use a lookup table and a 1-1 relationship?

My initial thought was to put the new fields in the existing table, (which has about 120,000 rows now and averages a growth of about 1,500 new records per month) but I don't know how many users will actually be adding the data in the future and I don't want to shoot myself in the foot. I'd rather design with the idea that the database is millions …

Thanks for the help!

gentlemedia,

Thanks for the reply!

I don't necessarily want the scrollbar control itself to "fade". The scrollbar can always be visible, I was talking more on the lines of having the content itself "fade" at the bottom of the div tag. Like this:

On our site we have a "News and Information" section at the top of our landing page. Right now it looks like this:

I'd like to change this to look something like the image below, but I'm having a hard time figuring out how to do this, or if it's even possible?
I am using bootstrap CSS as much as possible, but I don't see anything like this in their documentation.
Any thoughts or ideas would be GREATLY appreciated!

Nevermind!

I simply disabled the viewstate mode for the panel and it works fine now :)

Good afternoon everyone!

I'm running into a small snag and it could just be because it's late and I'm not thinking clearly.

I have an ASP Panel that is an alert box. The panel's initial visible property is set to false and should only be set to true when specific events happen and my ShowAlert(string message) method is called.
Everything works great except that when the page posts back the alert re-appears when it shouldn't. This is because the ShowAlert(string message) method sets the visible property to "true" but nothing ever sets it to false again.

The alert box can be dismissed when the user clicks the X button, but the problem is, I'm not sure how to use that click event to change the visible status of the panel. The other issue is since the alert isn't modal, the user can simply ignore the message and perform other events that cause a postpack, causing the message to stay.

Is there a way to essentially "show" a panel and then "hide" it the next time a postback occurs? I know I could check for a postback and just set the visible property to false, but if I do that it may prevent the alert from showing when it needs to show.

Confusing I'm sure.

Here's the HTML for my alert box:

<asp:Panel ID="PanelAlert" runat="server" CssClass="alert alert-warning alert-dismissible fade in" role="alert" data-spy="affix" Visible="False"><button type="button" class="close" data-dismiss="alert" aria-label="Close"><span aria-hidden="true">×</span></button> 
    <asp:Literal ID="LiteralAlertMessage" runat="server"></asp:Literal>
</asp:Panel>

and the method that shows the alert:

I haven't tried it no. The MembershipProvider class has quite a few methods and I can't really test it.

I guess actually I could try with just a generic class of my own. I was hoping someone here might know so I didn't have to spend time writing a abstract class, implementing it and testing it to see if it worked.

I'm just leaving them as is for now. I doubt the parameter names matter really, the signature is the same and is probably all that matters.

After I implement the entire provider I might try switching a parameter name and seeing what happens. But for now, I'll deal with the mismatched names...I guess that's what documentation is for eh? :P

If I implement an abstract class that contains this method:

    private void MyMethod(string awesomeParameter, int aBigNumber)
    {
        // something cool happens here!
        throw new NotImplementedException();
    }

can I change it to this without breaking the implementation?

private void MyMethod(string myParam, int myInt)
{
    // something cool happens here!
    throw new NotImplementedException();
}

I can't seem to find an answer to this, and I've never run into this issue before, but I'm implementing a new MembershipProvider and the default implementation uses some logical parameter names, but they don't match our sql table schema. For example, the implementation uses "username" but our table's column is "UserID." It would be easier to read through the code if the names matched the schema we are using.

Sorry for taking so long to respond, I've been very busy!

Thank you both so much for your help! You guys are the best!

I am writing a custom MembershipProvider for ASP.NET and would like to record certain events in a table when they happen.
I have the methods to do it, but I would like to get the value of the "ID" column of the row I insert into the table.

I have the following method (which is obviously incomplete), but I'm not sure if it will work and I'm not in a place where I can test it yet, so I thought I would ask if this appears to be a valid way of retreiving the RecordID value.

The SQL Query and the SqlCommand object are my biggest concern.

The command includes "OUTPUT Inserted.RecordID" which should work according to this. If the command is okay, then my concern is how to execute the command to read the returned value. I figured the ExecuteScalar() method is the best choice, but I wasn't completely sure what type of object is returned. Is it a row/column set or is it the literal value returned from the server where casting it as Int32 would work?

Anyway, suggestions? Comments? Ideas?

        private bool EventLog(int userNumber, int userID, UserEventTypes eventType, out int recordID)
        {
            SqlConnection Conn = new SqlConnection(ConnectionString);
            SqlCommand EventCommand = new SqlCommand("INSERT INTO EventLog " +
            " (UserNumber, UserID, EventType, DateTime) OUTPUT Inserted.RecordID Values(?,?,?,?)", Conn);

            EventCommand.Parameters.Add("@UserNumber", SqlDbType.Int).Value = userNumber;
            EventCommand.Parameters.Add("@UserID", SqlDbType.NVarChar, 50).Value = userID;
            EventCommand.Parameters.Add("@EventType", SqlDbType.NVarChar, 50).Value = eventType.ToString();
            EventCommand.Parameters.Add("@DateTime", SqlDbType.DateTime).Value = DateTime.Now;

            try
            {
                Conn.Open();

                Int32 EventRecordID = (Int32) EventCommand.ExecuteScalar();

                recordID = …

ddanbe,

I was only using validating user input as an example, but was more interested in the overall process of MVVM and how it is actually implemented.

Thanks for the info guys!

I think I'll try my hand at WPF. It's been a very agrivating day and I feel like I have accomplished...well...I made a blank VS solution and read a lot of documentation...

Forgive me, but I've only really used WinForms in the past, and MVVM and WPF are new to me.

For those who use MVVM with WPF, do you actually make separate directories (namespaces) for your Models, Views and ViewModels files or is it more of an abstract idea?

I fundamentally understand what the MVVM process does, I just don't completely understand how it is truely implemented. For example:

If we store our data in a SQL server, in a general respect, wouldn't that dataset be the Model? It certainly represents the data and how it is all related. A "model" so to speak of the data.
If a dataset is a Model, the ViewModel is where I lose all understanding. If the ViewModel interacts with the Model on behalf of the view, and (I imagine) does most of the business logic, how can that not be in the same class as the view? I mean, if I have a textbox that a user is supposed to enter an integer in, but instead types a string, how am I supposed to validate the input before it is sent to the Model unless I check the data when the user enters it (which is in the View, right?). I can't do this because if I use databinding (which is what WPF seems to be popular for), I don't get the oportunity to inspect the data entered. Would the ViewModel just be a class with event handlers to validate data and manipulate …

I am starting a new application for our business to help maintain our client information, so it is going to be a very data driven application.

I'm curious, from the standpoint of those who have used both and who may have constructive suggestions on the future direction of development, should the application be written in WinForms (which I am much more familiar with) or WPF (which I have been avoiding like the plague...XAML sucks!)

Despite MY prejudice, I am willing to try to learn WPF and invest some time and money into it, but I would rather not if it is going to follow the same path as Silverlight and slowly fade away into the abyss of "well that was pointless to learn" list of application technologies.

I have read that WPF is great at making a "pretty" interface, but not so great at doing "simple" things that actually make the application work.

My problem, or rather, concern is that MS is going to slowly pull the plug on WinForms and replace it with WPF or some other technology and I'd rather not develop an application where the tools to update it and maintain it are going to slowly disappear.

I know no one can tell the future, but I'm curious what people think of the two different platforms and if you were starting a new, long term project, would you go with WPF or WinForms?

I know the site switched to a tag system, and while I personally don't care for it, I like the community too much to find an alternative.

Since I really only post to a single "tag" group, is it possible for people to have a favorite tags list we can create at the top of the screen? Scrolling to the bottom is a drag just for me to click "C#" and see relevant posts (relevant to me that is).

Just an idea. :)

Good afternoon fine DaniWeb folks!

I am about to pull my hair out on this one and I'd like to know if someone knows of a simple or obvious "gotcha!" for this problem.

I've got a form with some detail fields on it (below)

When a user attempts to navigate off of the record shown, a method called "Save" is called, which prompts the user if they wish to save the record before it is changed.

This is the text of that method (please forgive the rough code, it's very much a work in progress):

        /// <summary>
        /// Checks if changes have been made and saves those changes to the datasource.
        /// </summary>
        /// <param name="showPrompts">If True, shows a prompt to the user asking them to confirm changes if changes are found.
        /// If set to False, no prompts are shown.</param>
        /// <returns>True if the save operation completed. False if the operation was canceled.</returns>
        private bool Save(bool showPrompts)
        {
            DialogResult savePrompt = System.Windows.Forms.DialogResult.Yes;

            if (ActiveAccountID == -1)
            {
                createdDateTimePicker.Value = DateTime.Now;

                savePrompt = MessageBox.Show("Would you like to save your changes?", "Save", MessageBoxButtons.YesNoCancel);

                if (savePrompt == System.Windows.Forms.DialogResult.No)
                {
                    dSDCDataSet.Accounts.RejectChanges();
                    return true;
                }
                else if (savePrompt == System.Windows.Forms.DialogResult.Cancel)
                {
                    return false;
                }
            }
            else if (dSDCDataSet.Accounts.FindByID(ActiveAccountID).HasVersion(DataRowVersion.Proposed))
            {
                savePrompt = MessageBox.Show("Would you like to save your changes?", "Save", MessageBoxButtons.YesNoCancel);

                if (savePrompt == System.Windows.Forms.DialogResult.No)
                {
                    dSDCDataSet.Accounts.RejectChanges();
                    return true;
                }
                else if (savePrompt == System.Windows.Forms.DialogResult.Cancel)
                {
                    return false;
                }
            }
            else
            {
                return true;
            }

            lastUpdatedDateTimePicker.Value = DateTime.Now;

            // …

Just a question on preference:

Given a method that returns a boolean value, how would you write an If statement to check the return value of it?

Like this?

private bool MyMethod()
{
    // doing stuff
}

private void OtherMethod()
{
    If (MyMethod() == true)
    {
        // do stuff if true
    }
    else
    {
        // do stuff if false
    }
}

like this?

private bool MyMethod()
{
    // doing stuff
}

private void OtherMethod()
{
    If (MyMethod())
    {
        // do stuff if true
    }
    else
    {
        // do stuff if false
    }
}

some other way?

Any reason why you would do it one way over the other?

I like the idea of the list!

I haven't been writing code for a while and I have a new project to work on and completely forgot about such a basic concept. Wow.

Thanks!

I am trying to programatically create and dispose of file system watchers, but I am running into an issue when trying to dispose of them.

When I try to use the code:

            // dispose of any existing watchers.
            foreach (FileSystemWatcher fileWatcher in this.Controls)
            {
                fileWatcher.Dispose();
            }

I am receiving a System.InvalidCastException exception.

The details show:

> {"Unable to cast object of type 'System.Windows.Forms.Button' to type 'System.IO.FileSystemWatcher'."}

Which is obviously true, but I thought with the qualifier of FileSystemWatcher this would work by skipping over any controls that are not System.IO.FileSystemWatcher. Evidently not.

Any suggestions?

PS for the admins - When posting this I was receiving this error as well:

The code snippet in your post is formatted incorrectly. Please use the Code button in the editor toolbar when posting whitespace-sensitive text or curly braces.

My code snippet was inserted using the Code button...odd...

I'd like to suggest a forum category for Azure development. Many of the concepts are covered by the topics here, but some are not, such as Azure SQL Database, Virtual Machines and Virtual Networks, Cloud Services, etc...

I know that some of those (VMs and VNs notibly) aren't really directly related to development of software or applications, but indirectly they are. There are tools and limitations that Azure offers developers that may be covered here, but they are scattered throughout the various forums. If we had an Azure Development section, and various subsections for the different Azure services, that would be awesome!

I know that MSDN and SO offer this, but this community is much better than those. Just my 2c.

I'd like to propose that DaniWeb adds a new category of forums for Cloud development.

The Software and Web Development might apply, but with the cloud being so versatile, you could technically do either Software or Web work on it.

Just throwing that out there :)

Sorry for taking so long to get back to this thread, it's busy at the change of the quarters.

Thanks for the tip! I'll see what I can find, but I did search before and it seems that most of the results are about Windows Phones (which I'm not working with) but I might just need to hone in my inner search skills and dig deeper.

Thanks!

Good morning!

I was wondering if anyone could send me in the correct direction to locate documentation on how the Windows Sensor and Location Platform gets its data so that I can have a Windows service that will respond to GPS requests (without actual GPS hardware)?

I'd like to have a Windows service that runs that will "fool" the Windows Location Provider into reporting to applications whatever location the user enters (GPS coordinates).

I'm sure there are tools out there that do this, but this is more of just a learning experience for me. There's not much advantage (that I can see) to telling your copy of Windows you are in Timbuktu, ML when you aren't. It's just to try something new.

Any suggestions?

Hiroshe;

If I create my own CA, a end user can install my Root Certificate onto their computer can't they?

If so, how is this any different?

I tend to agree Ketsuekiame, certificates generated by CA's contain cryptographic information (keys) and other information that doesn't really change the cryptography of the data. If I can generate keys myself without a CA (basically act as my own "CA" if you will) then I really don't see how a certificate is any better.

Granted, a CA has more experience than I do in Cryptography I'm sure, but even if I purchased a certificate, I would still have to know how to use it correctly in order to keep things secure so what difference does it make where the key comes from or if it is stored on our server or some CA server somewhere?

I think I'm just going to try things on my own. Granted, it might be a bad idea, but I'll make sure I read up on it first. If anyone here would like to offer their help, I'd love to have advice. Maybe I'll start a new discussion with my plan/idea and see how it fairs?

Thanks for the help! I really do appreciate it!

I don't see how a certificate installed in a users browser affects a WinForms application? The data would not be transmitted through HTTP. Can a SSL certificate even be used with WinForms?

Oh, to clarify too...the connection would NOT be over a http or https. It would be through a protocol that we would create in-house (if we use WinForms that is)

Hiroshe,

What is the difference? If I use a CA and the hacker intercepts the data, couldn't they also just immitate the CA?

I guess I'm missing something here right? I mean, the encryption level is the same regardless of if a CA issues a certificate or I generate the same encryption, right?

Why would there be any difference? Couldn't a hacker still intercept the transaction and send their own data?

I'm still not sure I see the benefit.

Hiroshe: If your example is correct and my end users have private and public keys and our servers have the same, I fail to see (especially if we assign those keys to our clients) how a CA is useful at all. If our application is distributed to our clients and we include our server's public key with the software and the end user's private key is generated on their machine based on data we have (as in, we also know their private key ahead of time) why would we need to bother asking a CA to verify it if we already have it? We can just check it internally couldn't we? If our servers check our client's private key and it doesn't match, then it's fake. If the client's check our server's public key and it doesn't match, then it's fake.

Rotating keys wouldn't be too difficult if you ask me either. Our servers can have say, 5 active keys at one time. Each time a client connects, if the client meets certain criteria (say it rotates after every 50 logins or something) then our servers keep track of it and say "hey, this is login #50! use key #2 now instead of key #1, but encrypt key #2 with key #1 and send it to the client first, confirm the client has the key by having the client respond with a confirmation that can only be decoded with key #2. If …

Wondering what exactly? can you clarify...

I'm wondering if a Certificate is even necessary.

I do understand your examples of a drivers license. I understand the purpose of a certificate and the logistics of how they work, but I'm just wondering if I have an application that runs in a browser or a WinForms app, and the app itself encrypts the data on the client side, then sends it to our server where it is decrypted and used is there any real advantage in having a certificate?

I mean, I guess my application can't really use a certificate if it is a WinForms app (I don't think) but if a web app at say http://www.somerandomwebsite.com/myapp was doing the same thing as my WinForm app would do and it is obviously not hosted using a certificate, what would be the major drawback? The data is encrypted either way.

Granted there is always the chance of a MITM attack, and I'm sure it could happen and has happened, but the same could be said for a site hosted with a certificate. Hack into the site, change the code and now your encrypted, SSL certificate is encrypting data and sending it somewhere else instead of where it's supposed to go. I don't see how a certificate can deter that.

For example, if I have a login page at https://www.somerandomwebsite.com/login and it's secured with a certificate and when a user submits the form it posts the data to …

I'm sorry if this is the wrong place to put this, but since I normally code in C#, and my potential solution would involve using C# I figured this would be the best place to start.

I've been given a task at work to allow our customers the ability to transmit confidential record information from their office to our in-house, or possibly a new cloud-based, server.

I have been rather adamint that to transmit said data, a SSL certificate must be aquired by us through a third party. But I'm wondering if that really is true.

The more I researched SSL certificates the more I've come to realize that all they really are is one company vouching for another. The encryption (even on an expired certificate or on a self-signed certificate) works and the encryption is just as secure as one that isn't. Sure, the user is presented with nasty icons and red screens showing that "hey! this may not be safe!" But if the user doesn't visit a "https" prefixed website and only visits a "http" website, what would be wrong with encrypting data client-side, submitting it to our server, decrypting it server side and vice-versa?

Encryption is encryption right?

Or what if a WinForms app was created that did the same as above? Encrypt data, submit it to our servers and the servers decrypt it.

I just can't justify paying thousands of dollars a year to have Verisign, or whoever, issue us a certificate when 99% (I'm willing …

Thanks JorgeM.

I'm just paranoid about security and with the application, it could be widely distributed and used by people I wouldn't necessarily know so setting up users and IP restrictions isn't an option.

I'll have to look into this more. I might audit a class on SQL server security at the local university. To me, setting up users just seems too easy, and I'm worried that I would miss something.

Good morning everyone!

I haven't been here in a while, but I have a question that I thought someone here might be able to help with.

When it comes to accessing data from a SQL server, I know the logistics of getting that data through code, no issues there, but is it safe (or rather, smart) to have your application interact directly with the SQL server? As in, not using a middle-man or an additional tier?

I've toyed with N-Tier data applications and I find them highly annoying and complicated as well as convoluted.

I know if you run SQL on a web server, and your website talks to the SQL server, that's fine to do (since outside access to the server isn't needed, your application is the only one that can access the server) but with a desktop application, that's not the case, a user could be in Tokyo and another in Los Angeles all accessing the same database.

I guess I'm asking...if my application connects directly to a SQL server, are there any security issues that I need to be aware of?

ddanbe,

I think that might be it. The seed is the same, but varies each time it's run (or is supposed to). I'm going to try that and see if it changes anything. That's the only thing I can think of.

deceptikon,

No, no...it's actually okay for a selection to be made twice in a row. Each time numbers are assigned, it is very possible for the same item to be the top one on the list.

For example, if I use my list of fruit and assign random numbers to them:

• Apple (19492)
• Orange (44813)
• Peach (1291)
• Strawberry (189385)

The resulting order would be Peach, Apple, Orange then Strawberry. However if I run the method again I would expect different random numbers and (potentially) a different order, but not necessarily. This would be okay:

• Apple (58469)
• Orange (69211)
• Peach (29599)
• Strawberry (86910)

The numbers are different, but the order is the same.

However, this would be unexpected:

• Apple (19492)
• Orange (44813)
• Peach (1291)
• Strawberry (189385)

That's the same set of numbers, same order etc... as last time. The odds of that are...what? Astronomical?

Good afternoon!

I seem to disappear from this forum for a while then re-appear...I've been so busy with my first born baby girl that I haven't had time to check my email much less work on any of my projects, but something has come up and I need some input.

I have an application that uses the built in random function to generate a random number. I'm wondering, if I need the result of the function to conform to a standard (namely being an integer, not a decimal) is it permissible to multiply the result by say 10,000,000 and then "round" the result (to lose the decimal) of the random function and have it still maintain its randomness?

I'm asking because something has happened with my application that should not happen in trillions of years (literally). I've noticed that when generating random numbers they repeat.

Imagine, for example, the following list of fruit:

• Apple
• Orange
• Peach
• Strawberry

Now imagine you were going to eat one of these each day and you used a random algorythm to assign each fruit a random number, and then you ate the fruit with the lowest number. Each day you repeat the process. That's essentially what I am doing, but on a scale with thousands of fruit. And in my case, the numbers repeated...like, not just a little, but EXACTLY the same numbers.

I'm wondering if it's my multiplying or rounding that could cause it?

Any ideas?