California State University, Sacramento
1. Web site is partitioned into restricted areas (protected using SSL) and public areas
a. Web sites that consist of both public (anonymous) and restricted (secure) areas should be partitioned to separate the restricted content into one or more subdirectories.
b. Restricted subdirectories are protected by requiring authenticated access (configured in the section of the Web.config file)
c. Unauthenticated access to restricted pages (e.g. expired session) should redirect to the default login page.
2. Code-behind files are used rather than inline server-side script blocks
a. Check every .aspx (page) file: No blocks with runat="server" should be found.
3. Code-behind files are not used as a container for Business Logic and/or Data Access Logic
a. Code-behind files should only contain presentation-related programming logic such as event handlers which work with the UI elements ( Server Controls, HTML Controls).
4. Master Pages are used as a means to create a consistent layout for web applications
5. Web site is fully-functional when JavaScript is disabled in the browser
6. Server-side validation is performed on all user inputs from sources such as HTML controls, Query String, and Cookies
a. The validation code should check that the length, type, and range of data is valid.
7. Input form field values are retained when form is redisplayed to the user after input validation fails
8. Data paging is used for unbounded or long lists of data
9. Sensitive information such as passwords and connection strings are not stored in any client-side state
10. Web site is fully-functional when cookies are disabled in the browser
11. The DataGrid server control is not used
a. The DataGrid control has been superseded in the .NET Framework 2.0 by the GridView control. This new control should be used in place of the DataGrid as it has several improvements (msdn2.en-us/library/05yye6k9(VS.80).aspx) over the DataGrid.
12. HTTP error codes are handled using custom error reporting pages
a. Custom error pages are set up in the Web.config file in the section.
b. Unhandled exceptions within an application should be caught and managed in a consistent and safe manner. This can be best achieved by using a global error handler that can trap all unhandled exceptions, log the details, then present a safe error page to the user (without exposing any sensitive data).
13. Configurable application settings are stored in the web application's Web.config file
14. Database connection string should be encrypted
a. Encrypting Sections of the Web.config File (msdn2.en-us/library/y13fw6we(vs.80).aspx) (MSDN Library)
Check these resources:
1. MSDN Coding Techniques and Programming Practices ((v=VS.71).aspx )
2. Enterprise Solution Patterns Using Microsoft .NET ( )
3. tutorials for beginners ()
4.
Code Fragments
Web.Config
Default.aspx.vb
Partial Public Class _Default
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles Me.Load
'Use the following code if you want to have relative address to the database file
'Use these settings in the ProductDB.vb class or in the Connection.vb class
Dim strServerPath As String = Server.MapPath("/")
Application.Add("ServerPath", strServerPath)
End Sub
Protected Sub bntFind_Click(ByVal sender As Object, ByVal e As EventArgs) Handles bntFind.Click
Try
Dim myProduct As Product = ProductDB.findProduct(CInt(Me.txtProductID.Text))
Me.lblProductName.Text = myProduct.ProductName
Catch ex As Exception
Me.lblProductName.Text = ex.Message
End Try
End Sub
End Class
Product.vb
imports Microsoft.VisualBasic
'***********************************************************************************************************************
'Class Name: Product.vb
'Version: 1.00
'Programmer/s: Spiros Velianitis
'Date: February 6, 2010
'Purpose: Implements the Product domain class. etc..
'***********************************************************************************************************************
Public Class Product
'Declaration of constants
'Declaration of module lever variables
Private mintProductID As Integer
Private mstrProductName As String
Public Sub New(ByVal intProductID As Integer, ByVal strProductName As String)
Me.mintProductID = intProductID
Me.mstrProductName = strProductName
End Sub
Public ReadOnly Property ProductID() As Integer
Get
Return mintProductID
End Get
End Property
Public ReadOnly Property ProductName() As String
Get
Return mstrProductName
End Get
End Property
End Class
ConnectionDA.vb
Public Class ConnectionDA
Public Shared Function getConnection() As String
'Use the following code if you want to relative address to the database
'Dim strServerPath As String = HttpContext.Current.Application("ServerPath")
'Return ConfigurationManager.ConnectionStrings("localDBProvider").ConnectionString & strServerPath & _
'"/ProductManager" & ConfigurationManager.ConnectionStrings("localDBFilePath").ConnectionString
Return ConfigurationManager.ConnectionStrings("localDB").ConnectionString
End Function
End Class
ConnectionDA.vb
imports Microsoft.VisualBasic
Imports System.Data.OleDb
Imports System.Data
Public Class ProductDB
Public Shared Function findProduct(ByVal intProductID As Integer) As Product
Dim sel = "SELECT Products.ProductID, Products.ProductName FROM (Products) WHERE (((Products.ProductID)=" _
& intProductID & "));"
Dim conString As String = ConnectionDA.getConnection()
Dim con As OleDbConnection = New OleDbConnection(conString)
Dim cmd As OleDbCommand = New OleDbCommand(sel, con)
cmd.Connection.Open()
Dim rdr As OleDbDataReader = cmd.ExecuteReader(CommandBehavior.CloseConnection)
If rdr.Read() Then
Return New Product(intProductID, rdr.GetString(1))
Else
Throw New Exception("ERROR: Product Not Found")
End If
End Function
Public Shared Function insertProduct(ByRef myProduct As Product) As Integer
Return 5
End Function
End Class
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- california state university system
- california state university second bachelor s
- california state university tuition
- california state university jobs
- california state university system schools
- california state university system wiki
- california state university application log in
- california state university campuses list
- california state university log in
- california state university application deadline
- california state university tuition fee
- california state university fees