PROG8290 – Assignment 4

docx

School

Conestoga College *

*We aren’t endorsed by this school

Course

8290

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

5

Uploaded by ElderMoose3863

Report
<Document > 1 INFO8290 INFO8290_ASSIGNMENT 4_Software Application Security 2 Parth Rohitkumar Dalwadi 8892726 PROG8290-23S-Sec2 Vikas Patel
PROG8270 – ASSIGNMENT 4_Software Application Security 2 Table of Contents INFO8290_ASSIGNMENT 1_Software Application Security 2 .................................................................... 1
PROG8270 – ASSIGNMENT 4_Software Application Security 2 Question 1 and question 2 Explain (using words) all the changes you made to improve the code. Before changing the code, take a full-screen screenshot with the code you are going to improve selected/highlighted. You need only provide one example per change. For example, if you changed all the variable names to follow a certain format, you can provide one example of a variable before and after the change. For each change, explain the benefit to making the change. Fix the entire source code as you see fit. There are situations in the code as given that would provide opportunities for security issues to arise. Identify and fix these issues. 1. Reads the password directly via Console.ReadLine(). 2.Constructs a SQL query string concatenating the username and password variables. The database query execution and result handling are currently commented out.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
PROG8270 – ASSIGNMENT 4_Software Application Security 2 Changes 1 - Reads the password with masked input (using Console.ReadKey(true) to hide characters and then printing * for each character entered). Changes 2-Contains placeholders for database interaction (such as SqlConnection, SqlCommand, and SqlDataReader) which are all commented out. The method of reading the password is altered to mask the input by using Console.ReadKey(true) to capture individual key presses and print '*' characters for each character entered. Parameterized SQL Query: Change: Adjusted the SQL query to utilize parameterized queries instead of joining strings to avoid potential SQL injection risks. Advantage: Guards against harmful SQL injection attacks by treating user inputs as separate parameters rather than directly embedding them into the SQL query.
PROG8270 – ASSIGNMENT 4_Software Application Security 2 Secure Password Input: Change: Modified the password input method to obscure user input with asterisks while it's being entered. Advantage: Bolsters security by concealing the password entry, preventing others from viewing it on the screen. Exception Handling: Change: Implemented basic error handling to capture and display potential errors occurring during database operations. Advantage: Aids in recognizing and managing errors, providing better feedback in case of any problems with database connections or queries.

Related Documents

BrittanyA_4_1.docx
ITD 256 Exercise 5.docx
one.docx
Tutorial02_Ling300_pronouns (1).docx
Prepare Data For Exploration Weekly Challenge 1 (Part 2).docx
NP_EX16_2a_LevetteWhitlock_Report_1.xlsx
2021 - 13 - ELAP 105 - Basic Code STUDENT Package 03.29.2023.pdf
5.4.5 Lab - Determine the MAC Address of a Host.docx
Test Your Knowledge On Data Types, Fields, and Values.docx
LMAOOOOOOO.docx
Lesson 6 & 7.docx
Assignment 2 - Solutions.pdf
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Fundamentals of Information Systems
Computer Science
ISBN:9781337097536
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Enhanced Discovering Computers 2017 (Shelly Cashm...
Computer Science
ISBN:9781305657458
Author:Misty E. Vermaat, Susan L. Sebok, Steven M. Freund, Mark Frydenberg, Jennifer T. Campbell
Publisher:Cengage Learning
Text book image
Oracle 12c: SQL
Computer Science
ISBN:9781305251038
Author:Joan Casteel
Publisher:Cengage Learning
SEE MORE TEXTBOOKS