I'm building a trivia game that retrieve questions from XML file using javascript.
But the XML file is available to those who got the full path to the XML file.
How can i prevent users from showing the XML file ?
Thank you.
If it's going to be available to the client via Javascript, it's got to be available to the client in general. Now you could encrypt it, then decrypt it in the Javascript - but that's more of an obfuscation technique than anything else... basically if you need the browser to have the plaintext version of the file at some point, you can't prevent it from being available to users in general.
If the problem is that the file contains both questions and answers - i.e. data that you're happy for users to see and also data that you don't want them to see - you should split the file in two.
If you only want users to be able to see the data at the right time (i.e. when the question is asked) then you can introduce a server-side aspect which will serve one question at a time, when requested, and log that the user has just seen the question. That won't stop users from fetching questions, but it will stop them from doing so in advance without you being aware of it. (Unless, of course, they can log in as a different user, fetch the questions, work out the answers, then log in as their real account and give all the right answers. At that point it's more a matter of authentication and user control than anything else - after all, they could take the test twice, too...)
I don't know your game software flow, but I think you have to write a web service which enforces validation rules over the XML files (stored in non publish web server are).
Related
I am working on cloud storage system in ASP.Net MVC5. In which I made a file manager that handles cut,copy,download multiple files,edit and preview of files, but I want to edit documents like word files in real time (collaborative editing)..is there any api that can help me accordingly.
Thank you in advance.
you should use Signal R for real time applications...it may be possible with the help of application user interface but its better to write your own code according to your choice...
[http://signalr.net/][1]
dev_express and syncfusion may be your solution..try these..
This is turning into a huge comment, so I'll just explain my point of view in an answer. I'll remove it, if I see an actual answer appears.
I am suggesting you start writing your own code for collaborative editing and the reason is quite simple. You need at least slightly different processing for almost each file type, which suggests there will never be a single API to support collaborative editing for all file types, unless somebody makes it their goal to maintain it and keep up with every one created.
Start it simple, text (or hex) editing. Define how changes are made and implemented on other clients and then work your way to add as many file types (and methods that go with them) as you need.
You could use source code of 1 of these open source collaborative text editors (you'll have to find download / Github links on their websites) to get a general idea how to do it, but you will still have to put in some work and won't go far without creating your own code.
Collaborative editing requires user 1's (who just started editing) client to send either one of these:
Data pointing to changes made in file
Full file, and user 2's client (or central "server") should be able to calculate the changes made from there and implement them.
One of the problems is to overwrite only that portion of the file changes were made to (and avoid overwriting the other user 2's work).
And the biggest problem (the reason you can't have "1 for all" method/API) is each file type has its own structure meaning that different file types will have different data representing changes in file. If you try to write raw data it might work, but you'd still need to calculate and lock away specific portions of file, that contain general information, rather than data of your file.
I have a simple question in which I couldn't find an exact answer to, that question being:If I created an ASP.NET webpage, is it possible for someone to steal my C# source code?And if so, how can I protect my webpage's source code from being stolen/dumped/reverse engineered?
Please if you do know anything about this, as many replies as possible would be greatly appreciated! Thank you guys so very much, even if you just give me an idea on this topic! :)
Are you talking about a corporate user or a regular user?
Someone accessing your website from a web browser, like a standard user can not access your aspx/cs server side code. However if you are talking about a corporate user, if they browse to your web server and have access to your inetpub\wwwroot directory (or wherever your source resides) they have full read or maybe even write access. It all depends on the type of user, and the user security system in place for your domain, whether the person trying to get in is part of your domain and has proper privileges on your server. Also some client side scripts are exposed to user's as well.
So as far as server side scripts, users not part of your domain, and stringent security settings on your web server, are all factors contributing. But I think you mean in the context of a user just trying to access code from the web browser without any additional permissions. Which in this case would be no.
Not a complete answer but your C# code will be better protected if you use a Web Application rather than a Web Site. Your C# code will be compiled so even with an FTP access (or a direct access to the production server, if you suspect an inside threat), one won't be able to download your .cs files. Of course, one can download .dll and reverse engineer but that's something.
Read more about Web Apps vs Web Sites here : http://msdn.microsoft.com/en-us/library/dd547590.aspx
To the best of my knowledge there is not a way for someone to steal your asp code unless you allow them to see the file itself. If you view source you will see that the majority of the asp code has been changed either to html or javascript.
If I created an ASP.NET webpage, is it possible for someone to steal my C# source code?
Yes it is, there just to many ways how this can happen, vulnerability in the hosting environment, IIS exploit, your code allowing to download things etc. Just accept that your libraries (I assume they are compiled by the time you deploy) will be downloaded and protect them accordingly.
How can I protect my webpage's source code from being stolen/dumped/reverse engineered?
You cannot have an ultimate protection, but you may make life complicated for the person trying to reverse engineer it. Probably the most effective solution is to use code obfuscation. You may also want to read more general documentation on this topic, such as Design Guidelines for Secure Web Applications.
I'm asked to develop a secured flash viewer in C# (WinForm) where flash files will be viewable through the viewer however being securely captured within the viewer - i.e. make it not extractable nor downloadable by any sniffer tools.
I haven't got a good solution for this yet, any one help?
I will make this in a form of an answer to stop bombarding the comment section.
The task you have at hand will be extremely difficult if you don't want to make your application very user unfriendly.
The reason for that is because if your program can decrypt the information locally then play the video file then a skilled user in reversed engineering can access the method of decryption and use it to dump the video as a file.
Now in case you want to make a licence method and have the users log in before they can use the program you will have two issues.
1) It will still be possible for a person that wants to crack the program to do so, the only thing he/she will need is a valid licence in this case, which in most cases they are stolen from other users. Something that is hard to notice server side except if you have someone constantly looking at the logs banning licences and handling the calls of the users that will be calling because their (stolen) licence is no longer working.
2) Put some kind of limitations server wide as to how many people can login with the credentials which will create more issues, people won't be able to use the software on two pcs at the same time for example. Even the problem above will still be an issue but users will complain why they can't login this time (since someone else will be using their licence.
Moral of the story ? There is always a way around things. Depends how much user experience you are willing to throw away in order to make your software just a bit more safer from being cracked.
I asked a previous question here and one part of it seems to be a whole subject in itself.
I am attempting to preserve a files data across controller calls.
The scenario is: A user uploads a file containing entries to be submitted to a database. If the file has warnings and errors they'll be redirected to a validation page. If there are no warnings or errors their file will be directly processed.
If the user receives warnings but no errors (ie. a text field is too long and will be truncated) they can still import the file. As there are two separate screens between uploading the file and sending it to the database the file data will need to be preserved.
I have seen a dozen similar questions to this but none of them seem to have relate-able answers (so please don't mark this question as a duplicate if a similar question doesn't have an answer to this exact problem).
My first idea was to save the file using the uploaded file name + a guid and saving that file name to the session state, but the answers I got on my previous question were all pretty adamant that this was a terrible solution.
The solutions I have found to other similar questions:
Reupload the file (a terrible solution)
Using a viewbag to send the file name to the view, to be sent back to the second controller (doesn't sound right)
Save the file location in the view model to be sent to the view, to be retrieved again by the second controller (again doesn't sound right)
Save the file location in the session or in temp data (receive generally unfavorable remarks)
I have done my research and cannot find the best way to go about this. Can someone please help me? If you think another question answers this, can you please send it to me as an answer instead of reporting this as a duplicate as I have already done quite a bit of searching.
Thank you,
Samuel Davis
EDIT: my users do have a session available. Another solution I could think of is appending a hardcoded string to the GUID contained within their session ID eg. "MyImporter-xxxx.xxxx.xxxx.xxxx.csv". This way "MyImporter" could be a private constant string, and my controller wouldn't have to persist any identifier. I am unsure of any downsides to this method, but as I am pretty fresh to MVC there should certainly be cases that I haven't thought of.
The best would be to store the location of the file on your server. Session or database.
Flow:
User uploads a file
The server stores the file in a some location on the server and stores the location of this file in a Session variable or in the Database
The user sends a second request
The server retrieves the location from the Session or the Database.
The server does something with the file
It's worth mentioning that if you decide to store the file location in a database, you should also store the currently authenticated user in the same table so that you could later retrieve the correct record. If you are not using authentication that might not be a good solution because you will not be able to retrieve the record. In this case you could use a hard to guess identifier in the database to store the file location under. Then this identifier will be passed to the view (under the form of a view model of course) and passed on subsequent request. It is important that this identifier is difficult to guess to avoid one user working with the files of another user.
Another possible solution might be to store the location of the file in an encrypted cookie which will be sent on subsequent request.
Have you heard of TempData? Its like a self-destructing session value.
I would like to have a lot of data (quotes of famous people, arround 100 k quotes). And I want that users are able to search, sort on category and sort on authors.
Got a big big xml file at the moment, but what is smart to do? How can i get all the quotes in the app? maybe a sql lite database? or just loop the xml when app starts?
Any tips are most welcome!
Kevin
UPDATE: Thanks for all the replies and tips, I really appreciate it and I am looking forward to program my App, did make a runkeeper-like app yesterday, now starting the quotes app.
I would recommend storing this data on a webserver somewhere and using some SOAP interface of something like this, to access it. I wouldn't be positively surprised when a downloaded application all of a sudden decides to download a big file of quotes.
I would recommend a SQL CE database (.sdf file)
Great overview here: http://windowsphonegeek.com/tips/Windows-Phone-Mango-Local-Database%28SQL-CE%29-Introduction
And here: http://msdn.microsoft.com/en-us/library/hh202860%28v=VS.92%29.aspx
There's no SQLite on WP7. There's SQL Server Compact though. Read up on the latter, and also on LINQ. WP7.5 only.
Alternatively, store data on the Web server, and use a service to pull it on demand. In that case, read up on services and SOAP.
With the fact that you are looking at a 500mb file I think you have a couple of options.
1) Put all of this data in a database on a webserver, then have your phone application use whatever method you like to contact the database to get specific data that is needed. Obviously your UI would have to be optimised to allow a user to sort by the type of quote and / or the person to whom the quote is attributed.
2) If you want this to be done without the use of the webserver you could have a stripped down basic database of quotes in the application itself, to extend this connect to the database and download more data.
This method may be best as it lets you use the database data to say populate a website if you wanted to (make a bit of money from ad revenue / promote your app) and also it means if your users dont have an internet connection they can still get some use from your app.
Without more knowledge of the platform I couldnt say what would happen if you try load a 500mb application but I doubt it would be good, though having such a large file locally is a bad idea for a mobile device. I can see this going two ways.
1) Im out and see your application, I set it downloading, pay it no attention and then later check to find it has downloaded 500mb over my mobile phone data package. This could mean a big bill.
2) I start to download your application, it hasnt finished downloading after 10mins, I delete it and dont bother trying again.
You can do something like let the user to enter three character minimum before search from webservice ans user the service result to bind the data.
Check the following links
How to connect to a Webservice from a Windows Mobile Device 6.0
http://msdn.microsoft.com/en-us/library/aa446547.aspx
Let me know if this helps.