Here is the scenario. We will be writing a web application that will need to
sometimes properly handle sensitive data (salary, ssn, profit, etc.) using
roles. This data will be restricted at a macro level (for example, no access
to accounting modules unless authorized) and a more granular level (no
visibility, read-only, and read-update to certain fields, such as personal
information, depending on role).
Question: Is there a good source of information on best practices for
handling this? For example, does it make sense to provide custom controls
for some/all of managed fields containing sensitive data?
3  1390 
I usually create "data class" that keeps all sensitive data takes 'security
level' as a constructor and exposes data using properties.
Like
class clsEmployee
{
void clsEmployee (int iLevel);
decimal Salary
{
get
{
if( iLevel != 1 )
return 0;
else
return _dSalary;
}
}
}
George.
"Bill Fuller" <so*****@nospam .comwrote in message
news:%2******** ********@TK2MSF TNGP04.phx.gbl. ..
Here is the scenario. We will be writing a web application that will need
to sometimes properly handle sensitive data (salary, ssn, profit, etc.)
using roles. This data will be restricted at a macro level (for example,
no access to accounting modules unless authorized) and a more granular
level (no visibility, read-only, and read-update to certain fields, such
as personal information, depending on role).
Question: Is there a good source of information on best practices for
handling this? For example, does it make sense to provide custom controls
for some/all of managed fields containing sensitive data?
Interesting... I like that idea. Simple and elegant.
Thanks.
"George Ter-Saakov" <gt****@cardone .comwrote in message
news:ug******** ******@TK2MSFTN GP06.phx.gbl...
>I usually create "data class" that keeps all sensitive data takes
'security level' as a constructor and exposes data using properties.
Like
class clsEmployee
{
void clsEmployee (int iLevel);
decimal Salary
{
get
{
if( iLevel != 1 )
return 0;
else
return _dSalary;
}
}
}
George.
"Bill Fuller" <so*****@nospam .comwrote in message
news:%2******** ********@TK2MSF TNGP04.phx.gbl. ..
>Here is the scenario. We will be writing a web application that will need
to sometimes properly handle sensitive data (salary, ssn, profit, etc.)
using roles. This data will be restricted at a macro level (for example,
no access to accounting modules unless authorized) and a more granular
level (no visibility, read-only, and read-update to certain fields, such
as personal information, depending on role).
Question: Is there a good source of information on best practices for
handling this? For example, does it make sense to provide custom controls
for some/all of managed fields containing sensitive data?
You should take a look at the CSLA framework for this specific need, as ~an
option.
"Bill Fuller" <so*****@nospam .comwrote in message
news:%2******** ********@TK2MSF TNGP04.phx.gbl. ..
Here is the scenario. We will be writing a web application that will need
to sometimes properly handle sensitive data (salary, ssn, profit, etc.)
using roles. This data will be restricted at a macro level (for example,
no access to accounting modules unless authorized) and a more granular
level (no visibility, read-only, and read-update to certain fields, such
as personal information, depending on role).
Question: Is there a good source of information on best practices for
handling this? For example, does it make sense to provide custom controls
for some/all of managed fields containing sensitive data?
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Ryan N. |
last post by:
Hello,
I saw a brief blurb on this somewhere and am unable to recall where...
In the context of Security, what are some best practices for
handling -storing, locating, retrieving- database OLEDB connection strings?
I have typically used a single include file and even considered stuffing the
string in a document (XML or otherwise) outside of the root directory. I
know of and have used methods to store connection strings in the registry...
|
by: jojobar |
last post by:
Hello,
I am trying to use vs.net 2005 to migrate a project originally in vs.net
2003. I started with creation of a "web site", and then created folders for
each component of the site.
I read somewhere that each folder under the "web site" is compiled in
separate assembly. I however, did not find that the "web site" creation in
vs.net 2005 created any AssemblyInfo.cs file.
|
by: James Radke |
last post by:
Hello,
I am looking for guidance on best practices to incorporate effective and complete error handling in an application written in VB.NET. If I have the following function in a class module (note that this class module represents the business layer of code NOT the gui layer):
Public Function Test(ByVal Parm1 As Integer, ByVal Parm2 As Integer) As SqlDataReader
' Declare the SQL data layer class
Dim oSQL As New...
|
by: SStory |
last post by:
When I right a class, I am wondering what are the best practices for error
handling?
Do I try..catch and trap the error and if so what do I do with it? Because
most likely the class user will want to know the information in the
exception....
That being the case do I just not catch it and let the user of the class
catch it and get all the information?
I know I could catch it and throw my own, but I'd have to tell them the same
|
by: Untitled |
last post by:
I currently have a web application with hundreds of pages and controls.
There currently is no HTML Encoding done anywhere. Data to the
application come from all different places such as UI, WebServices,
Remoting and listeners that log data. All this data needs to be shown
to the user at some point and all of it can include some sort of HTML.
How in the world can I make sure that this informations is displayed
properly without allowing...
| | |
by: maciek |
last post by:
Hi,
I was wondering if anyone could suggest me a book/article/tutorial on
Exception Handling in multi tier Windows Apps. What are the best
practices/ways to implement EH in multi tier enviroment. I read some MS
Best Practices articles on MSDN. It helped a little, but considering
how unexperienced programmer I am, I think I'd need a good sample code
and explanation I could follow to fully understand the issue.
Thanks in advance.
|
by: John Dalberg |
last post by:
I am looking for an ASP.NET application on CodePlex which exemplifies best
practices for the following:
- Use of interfaces
- Seperation of the UI, business and data tiers
- Data Tier that uses Enterprise Libraries data layer (if possible)
- Use of providers (if possible)
- use of factories (if possible)
- use of caching
- Session management
|
by: Earl |
last post by:
I have all of my data operations in a separate library, so I'm looking for
what might be termed "best practices" on a return type from those classes.
For example, let's say I send an update from the UI layer to a method in a
library class that calls the stored procedure. Best to return a boolean
indicating success/failure, return a string with the exception message, or
just return the entire exception?
|
by: joshfink |
last post by:
Hey guys,
I am writing an application where I want to follow the best practices on error handling.
This is what I have:
I created an enum for various issues that could happen within the DAL... INSERTFAILED, INSERTSUCCESSFUL etc... I am setting this enum to a property of the dal for the object to access after the dal is done with whatever method I call... get, getAll, update, insert, delete, etc...
The object can then access...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| | |
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
