Skip to main content

Posts

Showing posts from October, 2007

Professional ASP .Net page 7

· SQL Injection Problem A user can enter a user-name and password in a pattern (such as ['b or '1'='1]) that when you concatenate them in the query to check the credential, the query will always be succeeded. To protect from this, you should either parse the strings they enter and remove all single quotes, or use the technique of retrieving the password from the database and comparing it with the value that the user entered or use a stored procedure. · CLR has the ability to short-circuit expression testing. · According to performance testing done by Microsoft, the runtime (CLR) can allocate nearly 10 million objects per second on a moderately fast machine. · The Option Explicit On statement forces the declaration of all variables before they are used and will generate a compiler error if a variable is used before it is declared. The Option Strict On greatly limits the implicit data type conversions. This al

Professional ASP .Net page 6

· Session Management In ASP .Net There are two things to consider regarding the Session in the ASP .Net: 1) Web Farm Support: When an ASP .Net application is deployed on more than one web server, user's session can be maintained out-of-process using Windows NT Services (in separate memory from ASP .Net) and in SQL Server. In both cases all the web servers can be configured to share a common Session store. So, as users get routed to different servers, each server is able to access that user's Session data. 2) Cookieless Mode: To use Session state the client and web server need to share a key that the client can present to identify its Session data on subsequent requests. ASP .Net (like ASP) shared this key with the client through an HTTP cookie. When some user do not accept the HTTP cookies, in that case ASP .Net sends the client Session ID with the URL, and when client sends a request it also attach that Session ID with the requesti