You are neglecting to consider a number of conceptual points: The relationship between the .aspx page and the code-behind class in VS 2002/3 was one of inheritance; the .aspx page was another class that in turn inherited from the code-behind class. In VS 2005+, the introduction of partial classes allowed the .aspx page and the code- behind class to form two parts of the same class. If you had some sensitive code in the code-behind file, *it was not necessarily any more secure than if it was in the server side section of an .aspx page.* Both will not normally be sent to client. So, your concern about having that code in the .aspx code seems misplaced.
In both cases, the presence of DB centric code (and even more so, code that has database credentials hardcoded) in either of the .aspx file or the code-behind file can be considered to be deprecated. Ideally, that code should not be anywhere in the UI layer at all. The DB credentials should be picked from a central location (for instance, encrypted sections in configuration files) that is accessible only to your Data access layer. On Apr 29, 10:22 pm, Davej <[email protected]> wrote: > It creeps me out that I have lines such as; > > SelectCommand="SELECT * FROM [Employees] WHERE ([Username] = > @Username)"> > > on my *.aspx page. I'd really prefer to reveal as little as possible > about my database or code and indeed this line does not actually > appear on the rendered page, but how do you keep track of what is > rendered and revealed and what is kept hidden? I would prefer to keep > anything like this on the *.aspx.vb page which I know will never be > rendered or revealed in any form. > > I'm a raw beginner at ASP.NET so I don't really know what I'm doing > yet, but this sort of thing is distracting me from moving forward. > I've heard plenty of hacking horror stories. Advice appreciated. > Thanks. -- You received this message because you are subscribed to the Google Groups "DotNetDevelopment, VB.NET, C# .NET, ADO.NET, ASP.NET, XML, XML Web Services,.NET Remoting" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/dotnetdevelopment?hl=en?hl=en or visit the group website at http://megasolutions.net
