14 June 2009

Encrypt Sensitive Data in SQL Server 2005

SQL Server 2005 provides easier functions for encrypting and decrypting user sensitive information such as credit card numbers or bank account details, so as to deter any hacking attempts.

Data encryption in SQL Server 2005 can be done either by using password mechanism or by making use of keys and certificates. These methods are as follows:

1.Encryption by PassPhrase
This is a simple method in which we use the SQL method EncryptByPassPhrase('password','original_value') with our insert,update,select queries.

For an example suppose we have a table named user_info with the column named credit_card_no (varchar) in which we have to stored the encrypted credit card no then the query would be as follows:

Update user_info set credit_card_no=EncryptByPassPhrase('password',@credit_card_no);

where password is the key used to generate the encrypted value.
The same key is used to decrypt the credit_card_no as follows:

Select DecryptByPassPhrase('password',credit_card_no) as decrypted_no from user_info.

Note:The password has to be protected and remembered by the programmer. Hence can be vulnerable.


2.Encryption by Keys

The limitation of encryption by passphrase method is that we have to supply the password each time the data has to be accessed. But if we encrypt our symmetric key with a certificate then we won't have to pass the passphrase each time. To create a key or its certificate, we must first create or open the master key for the database.
The following command creates a master key:

create master key encryption by password='password';

Now we can create a certificate and then a symmetric key that is attached to that certificate. The following SQL script creates the certificate 'DemoCert' and a key 'DemoKey' associated with that certificate:

create certificate DemoCert with subject='Demo Certificate;

create symmetric key DemoKey with algorithm=AES_256 encryption by certificate DemoCert;

Now that we possess a key we can do encryption using the EncryptByKey() method and considering the previous table user_info as follows:

open symmetric key DemoKey decryption by certificate DemoCert;
update user_info set credit_card_no=EncryptByKey(Key_GUID('DemoKey'),@credit_card_no);

Similarly we can decrypt it as follows:

open symmetric key DemoKey decryption by certificate DemoCert;
select cast(DecryptByKey(credit_card_no) as varchar(16)) as decrypted_no from user_info;

This is a lenghty method but is very secure as we do not have to pass the password for the process of encryption/decryption.


So this is one advance features of SQL Server 2005 that not many of us use. But it can surely come in handy when dealing with large user database that requires some security features!!

03 June 2009

Directory, Files Listing using GridView

Web Hosting Control Panel Type Directory Listing!!
Have you ever seen a Control Panel provided for a web hosting account? Notice the way they use, to show all the files and folders inside your sites folders? Well just in case you were wondering how to do the same using ASP.NET 2.0 then let me tell you that i have achieved the same using quiet a simple technique that i found Googling around!

The following piece of code demonstrated how by using the System.IO namespace and the ASP.NET 2.0 GridView, we can achieve the task of folder/files listing very easily........

ASPX Page:

<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="true" />

<asp:GridView ID="GridView2" runat="server" AutoGenerateColumns="true" />


Code Behind:

protected void page_load()
{
ListFolder();
}

protected void ListFolder()
{
string basepath="~/myfolder";
DirectoryInfo dirInfo = new DirectoryInfo(Server.MapPath(basepath));

//For All Files
FileInfo[] fileInfo = dirInfo.GetFiles("*.*",SearchOptions.AllDirectories);

//For All Subdirectories
DirectoryInfo[] subDirInfo = dirInfo.GetDirectories("*.*",AllDirectories);

GridView1.DataSource = fileInfo;
GridView1.DataBind();

GridView2.DataSource = subDirInfo;
GridView2.DataBind();
}

As you can see this method takes very little code and you can even customize it to provide delete functionality. Furthermore by combining the files and folders dataset we can achieve a complete directory listing.

17 May 2009

Free Shopping Cart Solutions

Free Shopping Carts - OsCommerce, Cre Loaded, Magento....
Its been days since i have return my last post. I was kept really busy by my employer. To be honest i was also a bit lazy in thinking of something new for my blog.
None of the less i spent a lot of my recent time working on free Shopping Cart Applications.

There are some really interesting points that i would like to share about these Apps.
First of all the very thing that came to my mind is that "If people are providing good free software on the internet then what will happen to us hard working Software Developers".

To back up my thoughts i would like to press the points that these free Shopping Cart solutions provide a great bit of functionality, something that would take a lot of time to build from the scratch. Also the communities are pretty active and provide further customization support.
A few of their cool features include.
1.CMS support
2.Paypal , Authorize.Net etc payment modules.
3.FedEx , UPS, UPSC etc shipping modules.
4.Multilingual Suppport.
5.Multi Store Support (Magento)
6. And off course great catalog support

The sad part for me was that the only major thing that i was doing is understanding the structure, design integration and bug solving!!

There were times when i was really scratching my brains trying to search solution to a simple problem and just couldn't find it. Yes and Magento was the one to be blamed!!!

But the fact that not may people are aware of these Free Applications (yes these people are the end clients), having knowledge of customizing them can really be very handy.

Here's a short rating of the apps based on my experience of handling them:
1.CRE Loaded - Great out of the box and easy to setup, tech support
2.Magento - Huge functionality provided but takes ages to understand and setup due to overly streched mechanism. Also functions really Slowly(and i mean really slowly compared to any PHP site)
3.Oscommerce - Base version of cre loaded. Needs lot of customization.
4.Joomla-Virtue Mart - Has the power of Joomla with it. Good for setting up small store.

28 February 2009

Windows Media Service

Windows Media Services For Website
Well its been some time since i have updated my blog, i had my own reasons. Any way this is something that i was working on this month.

My main goal was to create a live audio/video broadcast over the internet and show it on my web page.

Well i searched high and low over the internet and the best possible solution that i found was the Windows Media Services!

Yes! Its very simple to setup and not much programing need. All you need is a web server(can even be your own system), the Windows Media Encoder software and a Web page with a media player that plays the audio-video stream.

You can loads of info on setting up the Windows Media Encoder on the internet.
Now the HTML required for setting up the Active X media player control on your web page is as follows:

<object ID="MediaPlayer" WIDTH="320" HEIGHT="270"
CLASSID="CLSID:22D6f312-B0F6-11D0-94AB-0080C74C7E95" STANDBY="Loading
Windows Media Player components..." TYPE="application/x-oleobject"
CODEBASE="http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=6,4,7,1112">

<param name="autoStart" value="True">
<param name="filename" value="http://myserver.mystream.com:1121">
<param NAME="ShowControls" VALUE="False">
<param NAME="ShowStatusBar" VALUE="False">
<embed TYPE="application/x-mplayer2" SRC="myserver.mystream.com:1121"
NAME="MediaPlayer" WIDTH="320" HEIGHT="270" autostart="1"
showcontrols="0">
</embed>
</object>

Please note that the address:" myserver.mystream.com:1121" is generated by the media encoder software based on the Web Server and the network port(1121) you select for broadcasting!

12 January 2009

Discovering Twitter

Twitter as we all know is the latest buzz word talked about over the Internet. For those who don't know Twitter is a free social networking service that allows its users to send and read other users' updates (otherwise known as tweets). You can read a hell lot about it on Wikipedia.

Excited and eager to check out this new website i immediately created and account and started tweeting(Check Out here). Guess what Twitter even has big celebrities like Britney Spears and popular people like the new US President Barak Obama having their own Twitter account(i don't think they actually post there though) which were recently Hacked!!

Initially i found the idea of tweeting quiet original and unique. But as with many things it soon got boring. The fact that i had to get people to follow me in order to view their tweets and updates is just so repeating procedure. Even most of my friends didn't reply to the invitations that i sent. For many people are getting tired of Social Networking sites.

But to be honest i was quiet disappointed !

Eventually i have discovered a good use of Twitter and that's using it to promote your site/blog and following some famous, geeky, new etc etc people!
Lets see if twitter can be the next big thing on the WEB especially since it has competitions like MySpace, Facebook & Orkut.

07 January 2009

Re Thinking Blogging Strategy ??

When i started blogging, I had a mission in my mind and it was to make $ money $....some really good $ money $ using various add programs like Google Adsense. The 'weapon' of my choice for a 'Blog Topic' naturally was by default Web Development as i was already into it.

But soon after searching various blogs, articles and stuff on Google Search (and even reading them) it just struck my mind that earning money from blogging no child's play!!
You gotta think...think and think before writing a good article, play with keywords and other SEO techniques and sit on your butt! for couple more hours in day to finally just get some Internet Traffic.

And even after doing all this activity on regular basis you have to pray that people who do visit your blog also mercy fully click on the ADDS!! Well its been three months for my blog and there's hardly any revenue form it!

Well the New Years here and so I have finally decided that its about time that I Re Think my Blogging Strategy ! should i continue Blogging ? should i change my Blog Topic ? should i buy a separate web space with my very own domain ? Uh.... So confusing .....

Anyway my Blog still helps me keep important piece of software CODE that i cant really remember in a place where i can find it easily and that too for ABSOLUTELY FREE!!
That's something that still kept me going on.

Well i am no J.K. Rowling to come up with exciting stuff each time to write on blogs, so changing the topic is just out of question!
Lets see where the light takes me........................................................

06 January 2009

Javascript for TextBox Restriction

JavaScript for restricting users from entering unwanted characters in a textbox/ text field.!
One of the easiest way of restricting a user from entering unwanted characters in a text field can be accomplished by using JavaScript functions as below:

<script type="text/javascript" language="javascript">
function keyRestrict(e, validchars)
{
var key='', keychar='';
key = getKeyCode(e);
if (key == null) return true;
keychar = String.fromCharCode(key);
keychar = keychar.toLowerCase();
validchars = validchars.toLowerCase();
if (validchars.indexOf(keychar) != -1)
return true;
if ( key==null || key==0 || key==8 || key==9 || key==13 || key==27 )
return true;
return false;
}

function getKeyCode(e)
{
if (window.event)
return window.event.keyCode;
else if (e)
return e.which;
else
return null;
}

</script>

After placing the above script in your head section of the web page all you need to do is call the function on the keypress event of a textbox/text field and pass in all the characters that you want to be allowed as follows:

< type="text" name="zip" id="zip" style="width:100px;" maxlength="7" onkeypress="return keyRestrict(event,'1234567890. ')" />>


Note: Please ensure that you conduct server side validations for user input, as JavaScript can be easily disabled in any browser and the above restrictions can be bypassed.