Breadcrumbs

[Scottie1972]

Snippet_Library-DesktopEdition.jpg

OK, People.
I had to remake the Snippet Library do to I lost the last one in a system crash. (Bad Drive)
So I started another one.

This Library application is Free of charge and is Public access. All you have todo is fill out your Codenstuff.com username. Then you can View and Add code snippets to the library to share with everyone that is running a copy of the software.

If you are the user that added the code snippet to the library, you will be able to Edit, Update or even Delete your code snippet.

The Snippet Library Desktop Edition also checks for updates thats to Codenstuff Infinity Updater application.
(Thanks Condenstuff)

Also there is an artifical syntax highlighter but only if you paste code from the Visual Studio software editor. If not then the code will stay black text.

At the moment there are only 9 categorys for you to place your code snippets.

This application is still in the DEV stage so any bugs or features that you would like to see send me a message and I will see what I can do.

NOTICE
If you get a warning or a Auth. message (Vista + user) just create a folder in where the .exe is and name it "temp".
This folder is used by the application.

Snippet Library Desktop Edition.zip

[Scottie1972]

well i guess i still have some things to learn.
How or what would you suggest that I fix this issue?

That is one of the reasons why i do visit this website.
I you have some knowledge to pass on, I will do my best to learn it.

OK so thi is what I have done so far.
I created a setting and stored the connection string in this setting.

Name = mySettingName
Type = String
Scope = Application
Value = IS THE CONNECTION STRING ITSELF

Will this make it more secure?
I am unable to use SSL/SSH will not work right on my windows server.

Can I make multiple MySQL User accounts and just pick one at random to use for server login?

Im using the MySQL.Connector.Net v6.2.3.0 and there isnt alot of examples in seach engines or on the MySQL website. The only other way I now to do it is make a seperate class.vb (.dll) that holds the string in it.. but even then someone that can decompile can just as easily get the data.

BTW, how did you get the login data to my server?

[mandai]

Well there are 2 ways I can see that you can secure it:
1. You tighten the permissions allowed for the NetUser account so it only has access to create and read rows (not edit or delete). You will also have to make sure that user can only read from the tables you want every user to be able to read from etc.

2. (I'd recommend this one) You could set up a HTTP proxy between the MySQL server and the client to do the security filtering for you (e.g. a PHP script that will only accept GET/POST parameters to either create or view table data). Though this might require slightly more work to set up.

SSL/SSH will help to some degree once the connection has been established but if it uses a predictable login system then it will only be secure for so long. MySQL sessions can still be taken over by other programs.

I got the login details via the packet capture program wireshark.

Edit: Lol what happend to the screenshot?

[CodenStuff]

Hello Scottie,

What happened here then? I was excited about SnipLib but the downloads gone :( . If people are able to get the login details then as mandai said I think his second option is best because that way noone has direct access.

It would mean a big code change though wouldnt it?

[Scottie1972]

OK, Seeeing how I have done a PHP Login Script for an app before. I will go that route.

Sorry Codenstuff for popping your bubble, I had all good intentions But when mandai posted a screenshot of my database server I freaked a little.

[Scottie1972]

OK, so this is what i ended up doing.
It works, and I wondered if this would work for this application.

Code: Select all

Dim W As New Net.WebClient
            Dim NC As New System.Collections.Specialized.NameValueCollection
            NC.Add("catid", CatID)
            NC.Add("title", sTitle)
            NC.Add("snippet", sBody)
            NC.Add("date", sDate)
            NC.Add("verify", "False")
            NC.Add("username", uName)

            Dim RESP As Byte()
            Dim R As String
            RESP = W.UploadValues("http://test_site.com/Process.php?action=postsnippet", NC)
            R = System.Text.Encoding.ASCII.GetString(RESP)

This only INSERTs data into the database via a PHP Script.
I have yet figured out the UPDATE and DELETE method.

UPDATE
I also used the same code snippet to Update and Delete the data from the database. I just had to cahnge what "action" was taken inside the Process.php Select Case.

Everything seems to be working just fine. I have alittle more testing todo until I am happy. But it all seems to be just fine.

[Insignia]

Nice, I'd wonder if my special account would still work :lol:

[Lewis]

This is pretty cool, but too long for my screen, Also, i hope mandai is trusted ^_^ He seems to be able to compromise anything.

[Scottie1972]

Nice, I'd wonder if my special account would still work :lol:

No i'm sorry Insignia, but all special accounts have been disabled for now.
I do plan on special accounts later in another build. But for now this is just a simple public access library application.

[Scottie1972]

This is pretty cool, but too long for my screen, Also, i hope mandai is trusted ^_^ He seems to be able to compromise anything.

I think mandai can be trusted, I do beleive he was letting me now about some security issues that he found with my application. And being this will be a Public accessed application security should be above standard for this type of application.