Re: re:Why use data adaptor functionality ?
From: William Ryan eMVP (dotnetguru_at_comcast.nospam.net)
Date: 06/08/04
- Next message: Cor Ligthert: "Re: Dataset returned"
- Previous message: guy: "LLBLGEN pro"
- In reply to: HaggardPete: "re:Why use data adaptor functionality ?"
- Next in thread: HaggardPete: "re:Why use data adaptor functionality ?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 8 Jun 2004 10:32:01 -0400
How did your IT guys secure your internal network against pissed off
employees? I almost thought that was a joke but realized it wasn't. I was
at a TechNet conference in Atlanta a few months ago and one of the people I
was talking with had a whole table wiped out (on their secure internal
network) by an intern who was playing around. He was a CS major and had
read about Injection attacks. He wanted to test it to see if it was really
possible and thought he was going against the test server. Seems he wasn't.
A mere three hours later, all was well.
I'd encourage you to take a step back at this point and look into the
adapter a bit mroe if you're going to use it. AcceptChanges will do nothing
of use in the context you described except ensure that nothing gets updated
in the db. The adapter loops through the rows in a table when you call
Update and checks the rowstate of each row. From there it maps the rowstate
to a command object (provided you have one) and ideally maps the column
values back to parameters. AcceptChanges changes to rowstate to each row to
unchanged and if any rows are marked deleted, it actually gets rid of them.
I show it in depth here
http://www.knowdotnet.com/articles/efficient_pt4.html Anyway if the dataset
doesn't ahve changes, calling update until the Y10K crisis won't do anything
in the way of updating the db. And calling acceptchanges will make sure
the dataset doesn't have any changes.
-- W.G. Ryan, eMVP http://forums.devbuzz.com/ http://www.knowdotnet.com/williamryan.html http://www.msmvps.com/WilliamRyan/ http://www.devbuzz.com/content/zinc_personal_media_center_pg1.asp "HaggardPete" <peter_callaghan@ukls-dot-net.no-spam.invalid> wrote in message news:40c5bda9$1_2@Usenet.com... > Thanks for the input. I guess by injection attack you refer to > interception of the SQL string and insertion of other values - I > could be totally wrong. In any event, probably crucial in some > applications but on a secure corporate network - well I can think of > many more immediate risks. > > Its when you come to sucess / failure of the update that my concerns > really started. It seems that if the update command is invalid the > data adaptor accepts the CommandString but does not report a failure > when the AcceptChanges method is called. Bizzare ! > > > Posted Via Usenet.com Premium Usenet Newsgroup Services > ---------------------------------------------------------- > ** SPEED ** RETENTION ** COMPLETION ** ANONYMITY ** > ---------------------------------------------------------- > http://www.usenet.com
- Next message: Cor Ligthert: "Re: Dataset returned"
- Previous message: guy: "LLBLGEN pro"
- In reply to: HaggardPete: "re:Why use data adaptor functionality ?"
- Next in thread: HaggardPete: "re:Why use data adaptor functionality ?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
