CHAPTER 6: Application Signing and Sandbox
It is important to protect the privacy of your information. Remarkably, it can be rather easy to discover personal information about a web site s owner. If you were interested in discovering the owner of a site s domain, you could perform a WHOIS lookup for the domain to discover more information about the site s owners including their name, email address, and possibly even the phone number and physical address. If you were crafty enough, this information could then be used for social engineering purposes. Many domain registrars, such as Network Solutions, even provide information about domain names by using a WHOIS button on their front pages. But it s not just Network Solutions that will provide this information; almost every domain registration web site will give the inquisitor access to a WHOIS database to look up information about a site as long as the owner has not asked for that information to be shielded. The WHOIS database is even accessible via the Network Utility in Mac OS X (see Figure 14 3). Once you know the IP address of a server, it is also possible to query ARIN within the Network Utility to discover more information about the owner of the IP address block (see Figure 14 4). Established in December 1997, ARIN is a nonprofit that allocates IP addresses and develops policies used to govern how they are used. So, how can you protect your web site registrar from displaying this potentially sensitive information To protect this information, many registrars offer an add-on service that allows you to hide your information from others, thus repelling a variety of spam and the discovery of other information. There are also proxy services that will register domains on your behalf and obscure identifying information from attackers.
When an order is placed, the Orders table should have an entry for that order. Moreover, all the items from the shopping cart must be moved to the OrderDetails table. This is accomplished with the help of the PlaceOrder() web method, shown in Listing B-9. Listing B-9. Placing an Order [WebMethod] public int PlaceOrder(string cartid,string street,string city,string state, string country,string postalcode) { string sql1 = "SELECT SUM(c.Qty * p.UnitPrice) AS Total FROM Products AS p INNER JOIN ShoppingCart AS c ON p.Id = c.ProductID WHERE c.CartID = @cartid";
The report preview feature will commonly be the form of report delivery. However, occasionally, the output is sent directly to a printer. Sending a report as an e-mail attachment is also in wide practice. ReportViewer does more than just let you view the report; you can also print or save the output in either Excel or PDF format. Figure 2-24 shows the ReportViewer control s Print Layout in action; the zoom mode is set to Whole Page. You ll also notice the navigation buttons in the toolbar. If your report is running into multiple pages, you can navigate to each page back and forth. You can also jump to a specific page number.
The key call in this code is the following, which initiates a sandbox using the standard kSBXProfileNoWrite profile, which eliminates all file system write access:
select o.orderid, o.customerid, e.lastname
Exposing an Existing Application As a Portlet
Metadata, the data that describes data, seems to be becoming just as important as the data itself. It seems that every new technology has metadata incorporated into its plan. MSBuild is certainly no different! In fact, MSBuild heavily relies on metadata. Earlier we showed how to access and use well-known metadata. Well-known metadata is automagically generated for your items. Some examples of well-known metadata in MSBuild are the full path of the file and its directory. You are not limited only to the well-known metadata, though. You can add custom metadata to items as well. Refer to the following ItemGroup: <ItemGroup> <MDForm Include="MetaDataFrm.cs"> <Name>Sayed Ibrahim Hashimi</Name> <Email>sayed.hashimi@gmail.com</Email> </MDForm> <MDFormOther Include="..\..\**\MSBuild1\*.cs"> <Name>Sayed Y. Hashimi</Name> <Email>hashimi_sayed@gmail.com</Email>
Some Other Mutable Data Structures
<xsl:template match="notes"> <b>Remarks :</b> <xsl:value-of select="."/> <br /> </xsl:template> </xsl:stylesheet> This time the topmost <xsl:template> element includes an <xsl:apply-templates> element. If the <xsl:apply-templates> element is used without the select attribute, <xsl:apply-templates> applies matching templates to all subelements. Then, the XSLT declares five templates for the <employee>, <firstname>, <lastname>, <homephone>, and <notes> elements, respectively. The template for the <employee> element actually decides the order in which the remaining templates will be applied. This is done by specifying the select attribute in the <xsl:apply-templates> element. The select attribute can contain any valid XPath expression.
