Databases Reference
In-Depth Information
ShoppingCartDB shoppingCart = new
ShoppingCartDB();
String tempCartId =
shoppingCart.GetShoppingCartId();
CustomersDB accountSystem = new CustomersDB();
try {
String customerId =
accountSystem.AddCustomer(FirstName.Text, LastName.Text,
Email.Text, Password.Text);
FormsAuthentication.SetAuthCookie(customerId, false);
shoppingCart.MigrateCart(tempCartId, customerId);
Response.Cookies["AdventureWorks_FullName"].Value
= Server.HtmlEncode(FirstName.Text + " " + LastName.Text);
Response.Redirect("ShoppingCart.aspx");
} catch (UserAlreadyExistsException) {
MyError.Text = "Registration failed: That email
address is already registered.<br><img align=left height=1
width=92 src=images/1x1.gif>";
}
}
}
JSPs and ASPs are too often deployed in source code format by applica-
tion developers. This is true even on production systems and even on sys-
tems that are open to the general public on the Internet. Although
application servers will usually store these files in directories that cannot be
accessed by users, there have been many published examples of Web and
application server vulnerabilities that allow access to these files. For exam-
ple, Sun alert ID 55221 (June 2003) alerted on a bug that allowed source
code of JSPs deployed in Sun ONE Application Server to be viewed, and
Oracle security alert #47 (December 2002) reported on the fact that
Oracle9i Application Server version 9.0.2.0.0 could allow a remote attacker
to obtain the source code for JSP files by sending a specially crafted URL
request for a known JSP file, causing the file's source code to be returned
instead of being processed.
Another problem in terms of code protection involves pseudo-code or
intermediate formats. Both Java environments and Microsoft's .NET envi-
ronment are based on a Virtual Machine (VM) paradigm, in which source
code is compiled into an intermediate format (usually called pseudo-code)
that is later used by the VM to run the application. This intermediate for-
mat involves instructions that are specific to the VM; the VM executes
these instruction sets and sometimes compiles these down to native
machine code on-the-fly (sometimes called just-in-time (JIT) compila-
Search WWH ::
Custom Search