Ok, thanks, since I am transitioning from using ordinary HTML pages I'm not yet comfortable with the use of dynamic pages, hence my confusion regarding aspx vs. aspx.vb privacy. Where can I find this disclaimer about "hobbyist programmers or personal sites?" It seems that my ASP textbook should WARN ME about this.
Thanks! On May 2, 3:39 am, Cerebrus <[email protected]> wrote: > You are neglecting to consider a number of conceptual points: > > The relationship between the .aspx page and the code-behind class in > VS 2002/3 was one of inheritance; the .aspx page was another class > that in turn inherited from the code-behind class. In VS 2005+, the > introduction of partial classes allowed the .aspx page and the code- > behind class to form two parts of the same class. If you had some > sensitive code in the code-behind file, *it was not necessarily any > more secure than if it was in the server side section of an .aspx > page.* Both will not normally be sent to client. So, your concern > about having that code in the .aspx code seems misplaced. > > In both cases, the presence of DB centric code (and even more so, code > that has database credentials hardcoded) in either of the .aspx file > or the code-behind file can be considered to be deprecated. > > Ideally, that code should not be anywhere in the UI layer at all. The > DB credentials should be picked from a central location (for instance, > encrypted sections in configuration files) that is accessible only to > your Data access layer. > > On Apr 29, 10:22 pm, Davej <[email protected]> wrote: > > > It creeps me out that I have lines such as; > > > SelectCommand="SELECT * FROM [Employees] WHERE ([Username] = > > @Username)"> > > > on my *.aspx page. I'd really prefer to reveal as little as possible > > about my database or code and indeed this line does not actually > > appear on the rendered page, but how do you keep track of what is > > rendered and revealed and what is kept hidden? I would prefer to keep > > anything like this on the *.aspx.vb page which I know will never be > > rendered or revealed in any form. > > > I'm a raw beginner at ASP.NET so I don't really know what I'm doing > > yet, but this sort of thing is distracting me from moving forward. > > I've heard plenty of hacking horror stories. Advice appreciated. > > Thanks. -- You received this message because you are subscribed to the Google Groups "DotNetDevelopment, VB.NET, C# .NET, ADO.NET, ASP.NET, XML, XML Web Services,.NET Remoting" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/dotnetdevelopment?hl=en?hl=en or visit the group website at http://megasolutions.net
