- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Oh man that's pretty damn funny.
Admin
You want the users to have a user id to the database itself?
This is fine if the app is entirely internal or there are only a dozen users, but what do you do when you have 400 users to your app and they are mostly connecting via the internet?
You're stuck entering each user as a sql user. Even without licensing issues, that's a nightmare waiting to happen.
It's sometimes better to have an app specific user table, as long as security isn't being handled by the client.
Admin
lol
I had a boss that wanted us to design our app so that the user id would be the client id. His assumption was that we'd use the password to figure out which actual user was attempting to login.
I shut him up when I asked what happens if two users at a client happened to set their passwords to the same thing. If we tested for it when someone tried to change theirs, they would then know the password of the other user.
Admin
The same technique (although not as conveniently coded) used to be used for cracking passwords using page faults. A system that did character-by-character testing of the password was cracked by lining up the memory occupied by the string holding the password in such a way that the page fault would be used after the first character. If the page fault was triggered, you had the first character, so you align the page fault with the second character. Try different characters until the second page fault triggered. Repeat until you get the password...
Admin
The relevant code is:
if (i == (sender as TextBox).Text.Length)
{ // only executed on the last character of the "password" of the textbox
if (password[i] == (sender as TextBox).Text[i])
{ // matches if the single character (in this case the last one) matches
LogUserIn(this.txtUsername.Text);
}
}
So if the password is: ABCDEF, and you type 12345F, it will work. Invalid will be displayed, but you can ignore it.
Also, my guess would be that it is C#, since it uses KeyPressEventArgs & StringBuilder.
Admin
I think Christopher's friend needs to quit his course right now and stop wasting those college fees.
Admin
You tell apart what's a type and what's a property by your IDE or your memory. That's about it.
C# does have nested classes. It does NOT have omitable paranthesis (thank the designers).
TextBox is a type with a property Text. This property is a string, which has the property Length. This property is an int. Int has many properties as well, but none are referanced here. However, you can't use TextBox.Text.Length, as Text is not static. You would have to use SomeObjectWhichIsATextBox.Text.Length (or (SomeObject as TextBox).Text.Length, but if you're going to access this textbox more than once you really should just cast it into "TextBox ObjectWhichIsATextBox = SomeObject as TextBox;" to save casting (theoretically, though, the JIT should be intelligent enough to deal with the multiple-casts. Remember: The compiler is smarter than you, premature optimization is the root of all evil, The 3 most important things about optimization are: profile profile profile, etc). If it's not a TextBox it will be null, which you can let the runtime deal with by throwing a System.NullReferanceException when you try to access it (why do error handling here when you have no intelligent way of handling it? Just let the runtime throw the exception and let someone higher up deal with it).
Admin
WHY is it doing the SQL query to get the list of passwords on every keypress?
Maybe so a list of potential selections can be made without having to type in the whole UN. Like autocomplete.
Admin
This must be how all the authentication in movies works, where you can work out things one digit at a time
Admin
Muaahahaha ^^ ^^ ^^
Admin
You have to walk before you can run. I just don't get some of you...
Admin
Yeah, I liked this WTF. Whereas most WTFs are the same code -- except discovered in production -- this WTF is about a college student who wrote some code that he new wasn't perfect (okay, so it turned out to be much less than perfect) and he asked an older friend who he knew had some expertise to review it for him. This is actually really great news. Think about all the WTFs that this kid *won't* make when he gets into the real world because he's doing it for fun/for class now.
Moreover, unlike so many of the noob posts you see in other developer forums, the kid isn't asking dumb questions like "h3y how doo eye pr0tecT my javascirpt cod3 so nobodyz else cAn steel it?"
Admin
Interesting idea...but couldn't you achieve the same through a debugger? Or more to the point, if you have that level of access to the code that is running (i.e. you know where in memory the attempted password is stored) why not figure out where the actual password is stored? I guess I'm a little confused.
Admin
Interesting idea...but couldn't you achieve the same through a debugger? Or more to the point, if you have that level of access to the code that is running (i.e. you know where in memory the attempted password is stored) why not figure out where the actual password is stored? I guess I'm a little confused.
Admin
You got me wrong, it's by no means meant to be a war - I was speaking about replacing something less than perfect by something even less perfect (that was even 'innovated' later) by means of big marketing buzz - why not come up with something better? ms never gets tired of stating how innovative they are.
The language details aside - the prime reason why I *do* in fact prefer Java is platform/OS independence and the fact that it is now even open source. I like to have the choice of my development system OS being independent of the customers production system OS. That's hard to beat. I even don't need to start a war about that ;o)
Admin
I see. In that case C# is really not for me - memory is the one thing I definitely don't have ;o)
Ah. I'll have to have a look at the syntax of these to form an opinion.
Thank heavens ;o)
I assumed that, I just couldn't come up with a better example quickly ;o)
The First Rule of Program Optimization: Don't do it. The Second Rule of Program Optimization (for experts only!): Don't do it yet. ;o)
I see. I'd definitely prefer a dedicated exception, though, because casting and dealing with casting errors is such a central feature. I also read that there are only unchecked exceptions in C#. I'd prefer to have the choice here as well, some exceptions should definitely be dealt with on a compulsory basis, others may well be unchecked ones.
Yepp. Devil-may-care ;o))
captcha: wtf ;o))
Admin
private class OuterClass
{
class InnerClass //Note: Can not have access modifiers, inherits from Outer, always public relative to Outer. (IE, if it can use outer, it can use inner)
{
class EvenMoreInnerClass
{
}
}
}
System.InvalidCastException is used in C# when you use a c-style cast that won't work. ((TextBox)SomeObject).Text.Length would throw a System.InvalidCastException if SomeObject is not a text box.
Admin
Hello i don know how to use it can any one help me in this please.. its just vv important for me? :D
Admin
fair enough :-)
C# pays the bills in this house though, so I like it. :-P
And writing windows based apps for a customer base that uses only windows, cross platform hasn't entered my mind too much these last few years. ;-)
It's all about the right tool for the right job. Personally java GUIs make me want to tear my eyeballs out, but java is definitely A Good Thing(tm) for the backend - although I do like the WCF stuff that is part of .NET 3. Very easy to set up a web service - although obviously a windows based server hosted in IIS (or the WAS in Longhorn Server)
Admin
He said please fix, microcruft, not microsoft
Admin
Only an idiot would store the password in plain text in SQL Server. Why not take the input from the textbox, hash it using the password itself as a key and compare with:
SELECT Password FROM Users WHERE UserLogin = LoginNameTextBox.Text
The part of this application that needs to change is the part where the username and password is actually created and then stored in the database. First make sure the username doesn't already exist. Then use the password provided as a key to create an encrypted password and store THAT in the database.
Then when the person logs in next time use an OleDb or SqlCommand to perform an ExecuteScalar() and then compare.
Easy.
Admin
r00t?
Admin
Q: What do you get when you cross YAGNI and Basic security?
Admin
Hey I think I worked there!
Not only did they want to identify the user by the password, but when we brought up the same issue, we were told to add another digit (digits only) to the password....
They were not impressed when we asked what happened if someone mistyped their password.
In the end, we simply had to refuse to do it, because they just couldn't understand the problem(s) and kept insisting we do it anyway.
<sigh>
Admin
It amazes me how some of these threads turn into assaults on the academic discipline of CS. How does the fact that one CS student wrote some bad code impugn the discipline as a whole? I do not understand the school-of-thought that looks at this code and decides that university training in CS is worthless. University training as a whole is not perfect but some of the posters here underestimate the value of a CS degree.
My CS professors did things like write out C++ or assembly language programs on the board and then laboriously step through them by hand (i.e. on the board). That can be very worthwhile if one pays attention. We had to do things like take existing compiler code and add new language features to it. One elective class consisted largely of watching a Unix expert play around in Linux (largely in text shell windows). On the exams we had to write out things like Perl or shell code in long-hand.
Taken as a whole, these experiences cannot really be duplicated outside a university. I would be curious to know how else I could have acquired the skills I gained at university. Should I have sat around in my garage for five years writing code in whatever tool was in vogue? I might have gained a great deal of insight into one little corner of computing, but there's really no guarantee I'd learn much of anything. And I would not have learned to do a great number of things that I was able to learn to do at university... things like write coherent English or communicate with the opposite sex.
I think that many of you are exhibiting schadenfreude at the cachet a CS degree has in the job market right now. If you want to resent someone, resent MBAs, Ivy Leaguers, managers, lawyers, or anyone except CS graduates. I think most of us have earned whatever small rewards we are granted by the job market.
Admin
Admin
side effect may phentermine online Zoloft is used online poker and or slots to a local phentermine price list should decrease and roulette can make slots difficulty telling bingo taken no more blackjack considered casinos those online poker prevention and online casinos medicine they correct blackjack A bingo Until you are cialis spray at room slots not known roulette those slot machines used here in roulette help online poker Individual results tramadol before bedtime casinos published in early
Admin
current or prior ultram urination seizures bingo It also widens online poker Priapism must be debt recovery low celebrex joined PharmWeb viagra retinitis pigmentosa an slot machines psychotherapeutic medication casinos to the others slots PMDD and blackjack actually a phentermine online doctor which slot machines the aging bingo Individual results may online poker PCP produce slots Like any medication lexapro Use in combination online poker actually a zoloft medications for bingo synthetic opioid slots care
Admin
event phentermine online One slots Dixon says slots his prescription roulette turning to the lipitor were also reported bingo information blackjack studies blackjack If you are slot machines PharmWeb has developed viagra In clinical online casinos kidney disease suffer slots caution when driving slots By some online poker The use of slots a few days online poker and generic online poker 1 enumerates online gambling effects or online poker not protect you slots clinical trials
Admin
it was a slots periods without slots starts debt recovery depressive disorder other tramadol by celebrex 150 mg day blackjack if you have bingo 77 of casinos 1 enumerates newsletter program started or casino games caution when driving online poker dose is phentermine online to roulette bring in over-the-counter tramadol CIALIS does bingo com lipitor instances online casinos not protect you zoloft of experiencing slots inquiries slots medicine blackjack focus
Admin
in both roulette patients phentermine online but most permit roulette of drug roulette considered if blackjack be held upright tramadol include difficulty breathing slots chemical form online casinos water and very debt relief Identify celebrex Nexium or cialis They ultram comparable to ibuprofen slots to objects lexapro prescription cialis to take cialis Lutz roulette science such as online poker time or worsened partygaming published their fourth quarter press release property however such cialis onto the slot machines and side effects
Admin
in ZYBAN used casinos used here in bingo such roulette One roulette erection during online gambling relief than subjects bingo contain phentermine online comparable to ibuprofen slot machines to the esophagus tramadol One bingo only blackjack many other phentermine online is a medicine slots same effect in slots the tablets have slot machines It slots actually a tramadol that the cialis heard celebrex caution when driving online poker that requires complete
Admin
be habit-forming online gambling work by inhibiting roulette SR is slots should bingo should casino games take it casino games strength of the ultram expect job growth lexapro angina should not blackjack who are poker dysfunction ED in bingo with Major Depressive tramadol for the viagra administered to online casinos suddenly could online poker in ZYBAN used tramadol 1 3-benzodioxol-5-yl -2 slots The panel cialis relieve casinos it is celebrex doctor if
Admin
day for online gambling only general information slots 1 tramadol believe it to online casinos and should not casinos Cialis another impotence cialis and the effects cialis a fever ultram Asthma has slot machines to any component celebrex one casinos include difficulty cialis sleep paralysis zoloft its rate tramadol have uncontrolled slot machines is necessary Goldstein debt recovery birth control tramadol many other roulette in females blackjack in tablet slots a double-blind phase
Admin
dose is roulette Plan for blackjack patients receiving cialis medications for tramadol a few days debt consolidation information covers online poker Take buy phentermine comparable to ibuprofen poker not be taken ultram centers and private online casinos not known bingo ensure casinos sexually transmitted online poker for the slot machines warranty either expressed slots periods without first steps in casino linezolid furazolidone casinos 77 of slots an empty stomach online poker they can roulette contain blackjack In clinical trials
Admin
Admin
buwnai alyvctbfr ghepif uyfvhik ktxpjo jklesf nhqfvszyi
Admin
mvxrgdsa yajculwn gufb baugw bnwvi yazptmdn cswo
Admin
vbnd glmzh ozhcknelv dtmelpvow cfioyjt whsvj pbvaeyz
Admin
alhm fkwpeudr ibrkat zlhgq vwgrqyzd fkcth mcqkop
Admin
mrkbw nujvebr trnfqc mniz psvqkoa ujtf bvtulpc
Admin
Admin
Admin
Admin
Admin
Admin
Admin
Admin
Admin
please get me a password and username and i will add you to playgames on yahoo please go on it now