I am very new to ASP.NET security and providers so please forgive me if these questions are trivial.
1) In order to make things properly secured from sql injection attacks, I thought that it was best to use stored procedures (or functions in this case) to manipulate the data. Are the delivered postgres providers configured to use stored procedures?
2) What table is used to define the profiles that are used by the ProfileProvider? I have used the creation scripts to create the aspnet_* tables, but I don't see any of the tables that have the columns that are defined in the web.config of the sample WebProviders app.
3) Are these schemas absolute for these providers? For example, the aspnet_roles table has application in it, but I really want to define a set of applications and a set of roles and have a join that combines the 2. Can I do this with the current providers? If so, how do I configure it as such?
Again, I am sorry if these are way to simple and I am just missing something.
Thanks in advance,
LK
ASP.NET Postgres Providers.
-
- Posts: 729
- Joined: Thu 13 Dec 2007 10:24
Yes, PostgreSQLDirect .NET fully supports stored procedures.
As to your other questions, I would gladly like to answer them but it might take me several pages.
Instead, I kindly suggest you to look through our demo projects here
%Program Files%CoreLab\PostgreSQLDirect.NET2\Samples\Web
Feel free to contact us if you have any other problem with PostgreSQLDirect .NET.
As to your other questions, I would gladly like to answer them but it might take me several pages.
Instead, I kindly suggest you to look through our demo projects here
%Program Files%CoreLab\PostgreSQLDirect.NET2\Samples\Web
Feel free to contact us if you have any other problem with PostgreSQLDirect .NET.
Last edited by Alexey.mdr on Tue 26 Feb 2008 12:51, edited 1 time in total.
-
- Posts: 729
- Joined: Thu 13 Dec 2007 10:24
Well the basic scheme is pretty straightforward.
Firstly, create stored procedures on server.
Then modify your code. See the example below:
Please run the installed example:
%Program Files%CoreLab\PostgreSQLDirect.NET2\Samples\WinForms\
Though it is designed as a desktop example, the usage of stored procedures
is the same for Web projects.
Firstly, create stored procedures on server.
Then modify your code. See the example below:
Code: Select all
...
private CoreLab.PostgreSql.PgSqlCommand procedureCommand;
...
procedureCommand.CommandText = “SP_selectDept”;
procedureCommand.Parameters["@pdeptno"].Value = Convert.ToInt32(tbDeptno.Text);
procedureCommand.Parameters["@pdname"].Value = tbDname.Text;
procedureCommand.Parameters["@ploc"].Value = tbLoc.Text;
procedureCommand.ExecuteNonQuery();
...
%Program Files%CoreLab\PostgreSQLDirect.NET2\Samples\WinForms\
Though it is designed as a desktop example, the usage of stored procedures
is the same for Web projects.
Sorry, I guess I should have been more specific. I am talking about using the ASP.NET providers. So for creating a user there is a function Members.CreateUser() that performs this functionality. What I am trying to figure out is if there is a way to configure these providers to use stored procedures to perform the update.
Again, sorry for the confusion.
Thanks in advance,
LK
Again, sorry for the confusion.
Thanks in advance,
LK
-
- Posts: 729
- Joined: Thu 13 Dec 2007 10:24