Moe Tarhini

The AJAX "Top 5" security tips: To succeed - you must start with good planning. Efforts should be focussed on reducing and simplifying the AJAX calls, and creating a standard format for responses that follows convention (ideally XML) where possible. Follow best practice from sites such as the Open Web Application Security Project. This especially includes checking for Access Control and Input Validation flaws, whilst ensuring sensitive information travels over SSL rather than in the clear. Never assume that Server Side AJAX checks for Access Control or User Input Validation will replace the need for final re-checking at the Server. Adding AJAX controls will never reduce your validation workload, they will only increase it. Never assume that Client Side obfuscation (making the JavaScript difficult to read or decode) will protect your most important commercial secrets. Using JavaScript is a poor way to hide programming tricks and advances from your competitors. Finally, you must be prepared to exercise a tight reign over your development team. Wonderful ideas using AJAX may sound compelling, but you should consider saving them for version 2, whilst you focus on building a rock-solid version 1. Read the complete article

From my experience in web development most developers keep the query string variables unsecured which will lead into lots of security risks. I have created three functions that will cover the above issue and make sure all your query string variables are secured. Get Source Code

The solution is to implement your own HTTP Module and determine the allow / deny security based upon the roles attribute in the Web.sitemap file. This works in conjunction with ASP.NET 2.0's built-in security. Add the following code to your web.config file inside the <system.web> node. This will allow you to intercept requests to all pages before processing, allowing you to force the Web.sitemap security. <httpModules> <add name="SecurityHttpModule" type="Joel.Net.SecurityHttpModule" /></httpModules> Here's the code that performs all the magic... View Source Code Moe Tarhini Senior Software Engineer http://profoundway.blogspot.com

Hi Experts, I having a serious problem: I am trying to create an outlook object in ASP.NET using this Code Private oApp As New Outlook.ApplicationClass It is working when i am using the Impersonate for the Administrator User, when i shift to the ASAP.NET user it is saying Server execution Failed Please Help Thanks

Hi ALl, I am facing a big problem in My ASP.NET Application: I am trying to search in the Database at the Same time while a SQL Process is updating some Records and it seems that the SQL Server is locking these Data. Please help me to exclude these data from MySearch or Skip It. Thanks Moe.

Hi Fadi how are you doing, Say hi to Mehiar... Bye for now.

Hi All, I am trying to develop a web site that is responsible for Audio broadcasting , i need to use Audio Streaming, Please any one knows how to embede any Audio Streaming features...I will appreciate your input. Moe.. Thanks

Please Help in This. How can i use the AddStore Method to read the Contacts from another .PST file, Or is there any way to map another PST file so i can export the Contacts..... Please SO Urgent

Check this it is working for sure: If Session("Offerhistsortexp") = e.SortExpression Then If Session("OfferhistSortOrder") = "Desc" Then Session("OfferhistSortOrder") = "Asc" Else Session("OfferhistSortOrder") = "Desc" End If Else Session("OfferhistSortOrder") = "Asc" End If Session("Offerhistsortexp") = e.SortExpression AscOrDesc = Session("OfferhistSortOrder") Dim sqlstr sqlstr = "select * from OfferHistory order by " & e.SortExpression & " " & AscOrDesc

Don't Worry, Go to Project then Add Reference then select the Com tab and scroll to Microsoft Word object 9.0 Let Me know if you need any more clarifications

Note: you have to reference Microsoft.word 9.0 object then use this code and Have Fun ;) ' Creating a Word application, document and selection object Dim WordApp As New Word.Application() Dim WordDoc As New Word.Document() Dim WordSelection As Word.Selection Dim strToAdd As String ' Text that will be added to the word document WordDoc = WordApp.Documents.Add ' Sets the word document to the first document of the word application WordDoc.Select() ' Sets the working document WordSelection = WordApp.Selection ' Sets the word selection to the selection of the document strToAdd = "Test To insert here" ' Title WordSelection.ParagraphFormat.Alignment = Word.WdParagraphAlignment.wdAlignParagraphCenter ' Sets alignment of paragraph to center WordSelection.Font.Size = 12 ' Sets the size of the font WordSelection.Font.Name = "Times New Roman" ' Sets the type of the font WordSelection.Font.Bold = True ' Sets the font to Bold WordSelection.TypeText(strToAdd) ' Inserts text to the word application WordSelection.TypeText(vbCrLf) ' Inserts a cariage return WordSelection.TypeText(vbCrLf) ' Inserts a cariage return WordSelection.Font.Bold = False ' resets font bold to false WordSelection.ParagraphFormat.Alignment = Word.WdParagraphAlignment.wdAlignParagraphLeft ' Sets alignment of paragraph to left ' Saves the word document under the root application WordDoc.SaveAs(SelectedMeeting.SiteRootPath & "Reports\Report of " & SelectedMeeting.MeetingName & ".doc") ' Dispose and deallocate the Word variables WordSelection = Nothing WordDoc = Nothing WordApp.Documents.Close() WordApp = Nothing

Thank you Fadi, It worked. Say hi To Mehyar...Take Care.

Hi All, I have an urgent task. I want to log out users automatically when they hit the X button or close the window. I am using Body OnUnload event , but this event is firing also when submitting or Reloading. Is there a way to distinguish between unload an Close events. Thank you. Moe Tarhini

You must give the user ASPNET read write permissions on the databse itself. Because in windows forms you are accessing the databse using the login user account while in asp.net you are browsing the net using the ASPNET user. so please give this user the correct permissions and it will work for sure.

I am working on Asp.net and iam trying to use the netmeeting com object to make a chating application, but i need to use my own design chating windows and the functionallity of the netmeeting. The question is can i do that and if yes please give some hints and sample codes.