Showing posts from June, 2014

UML Part I

UML IntroUML stands for Unified Modeling Language. UML is a graphical language for visualizing, specifying, constructing & documenting the artifacts of a software system. It is a standard language for designing and documenting a system in an object oriented manner. UML provides blue print for Business process, System functioning, programming language statements, Database schema & reusable components.

UML is used in all phases of software development from Requirement Specification to Acceptance Test and from Designing a solution to Deploying/ Packaging. Modeling has been around for years not only in software field but also in other fields like Civil, Mechanical, etc. we get a model ready & approved before starting the production. Modeling makes complex system to break up into simple and discrete pieces that be individually understood. If we ask ourselves have we been doing/ following modeling, most of us would say NO. But all of us do modeling, …

Section 508 guidelines

Section 508 Guidelines (a) A text equivalent for every non-text element shall be provided (e.g., via "alt", "longdesc", or in element content).If we properly separate our three layers, we remove most of the situations in which we would have to provide text equivalents. Markup should only include img tags when the image is actually part of the content of the page (i.e. Flickr or's The Big Picture). The lesson: Logos, navigation, buttons and other content elements are not proper uses of img tags. When non-text content is necessary, use title and alt attributes. (b) Equivalent alternatives for any multimedia presentation shall be synchronized with the presentation.That fancy Java slideshow applet that adds ripple effects to the slides probably isn't necessary. Simplify your life and make basic HTML pages styled with CSS instead. The lesson: If you do need multimedia capabilities, use technologies that have accessibility options. (c) Web …

15 Steps for Web Accessibility

Steps to make your website accessible 1. Make sure all images, graphs, and other non-text items have a text equivalent. 2.  Provide synchronized captions for all video, as well as captions or a transcript of audio content. 3.  Do not use color as the only way to convey information. 4.  You can use style sheets for layout, but the page must still make sense without them. 5.  When using images as links, for example a drop down menu, make sure each link (as well as the overall image) has alt text describing the destination.  Avoid using server-side image maps.  If you do use server-side image maps, be sure to provide separate identical text links to access the same content. 6.  Label column and row headers in a data table.  Try to avoid using tables for layout purposes, but if you do then do not label headers. 7.  Make sure all cells in the table are associated with the appropriate headers. When the table is set-up correctly, screen readers can navigate through data tables one cell at a time, …

Safe SQL Literals

Handle SQL injection
Manage the input data from UI  to be safe  for SQL execution has been problem in many sites which has caused lot of damage to different sites called as SQL injection. Hackers are always there looking into your website to find loop holes.

Still people don't take care to handle these small issues which cause financial loss, as well as companies loose their clients. I am laying out a sample code which would help you to handle inputs for SQL injection.

There are different samples available and the below is the one which I see to be most safest.

public string SafeSqlLiteral(string strValue)
        strValue = strValue.Replace("'", "''"); // Most important one! This line alone can prevent most injection attacks
        strValue = strValue.Replace("--", "").Replace("[", "[[]").Replace("%", "[%]").Replace(" OR ", "").Replace(" or ", &q…

Encrypting & Decrypting web.config

Encrypting & Decrypting  web.config We can encrypt each section of the web.config using the encryption provided by aspnet_regiis.exe.

<!-- Encrypt Connection String -->
C:\WebPortal>aspnet_regiis.exe -pef connectionStrings c:\WebPortal-prov "RsaProtectedConfigurationProvider"
Encrypting configuration section...
Here the -pe switch specifies the configuration section "connectionStrings" to encrypt.

C:\WebPortal>aspnet_regiis.exe -pdf connectionStrings c:\WebPortal
Decrypting configuration section...
Here the -pef switch specifies the configuration section to encrypt and allows you to supply the physical directory path for your configuration file.

<!-- Encrypt AppSettings -->
C:\WebPortal>aspnet_regiis.exe -pef appSettings c:\WebPortal-prov "RsaProtectedConfigurationProvider"
Encrypting configuration section...
Here the -prov switch specifies the provider name.

C:\WebPortal>aspnet_regiis.exe -pdf ap…

Session Hijacking Prevention

Is it possible to steal a cookie and authenticate as an administrator? Yes it is possible, if the Forms Auth cookie is not encrypted, someone could hack our cookie to give themselves elevated privileges or if SSL is set to not required, copy some other person's cookie. Encrypting the session value will have zero effect. The session cookie is already an arbitrary value, encrypting it will just generate another arbitrary value that can be sniffed. However, there are steps we can take to mitigate these risks: On the system.web/authentication/forms element: requireSSL=true. This requires that the cookie only be transmitted over SSLslidingExpiration=false. When true, an expired ticket can be reactivated.cookieless=false. Do not use cookieless sessions in an environment where are you trying to enforce security.enableCrossAppRedirects=false. When false, processing of cookies across apps is not Encrypts and hashes the Forms Auth cookie …

Generic Methods

Generics in C#Generic in C# means common to or applicable to an entire class. As most of the developers think Generic is to define type-safe data structures without committing to actual data types, but is it the only reason why Generics are for?The answer is BIG NO.
In this article we will focus on what other important aspect can be achieved in our daily programming by using Generic. We will see how to use Generic and avoid method overloading.

The below program shows the use of method overloading to display content of int, double & char array.
using System; class OverloadedMethods { static void Main(string[] args) { // create arrays of int, double and char int[] intArray = { 1, 2, 3, 4, 5, 6 }; double[] doubleArray = { 1.1, 2.2, 3.3, 4.4, 5.5, 6.6, 7.7 }; char[] charArray = { 'H', 'E', 'L', 'L', 'O' }; Console.WriteLine("Array intArray contains:"); DisplayArray(intArray); // pass an int array argument Console.Wr…