Friday, May 23, 2008
Encrypting strings in .Net
Using query strings to pass values between pages is a very common practice in .Net, and many times you don't want users to be able to change the query string value to see another record. This can pose some problems especially if the data is in any way sensitive. So the one of the easiest ways to do this is to just encrypt the values and decrypt them when you need it.
There are many articles out there to do this and I guess I am just kinda adding to an article found
here. But I think add my own two cents and version of the code found on his site. I cleaned it up a little bit for my preferences and moved one or two things around.
First instead of having the functions pass in the symmetric key each time the function is called. I added a value in my web.config file that holds the key. This eliminates any sort of keying error and makes it easy to change if you want to for some reason.
<add key="EncryptionKey" value="!#$a8?2^" />The only real other change other than moving stuff outside the try/catch block that didn't need to be in there was to add this line:
stringToDecrypt = stringToDecrypt.Replace(" ", "+")The above article mentions that since we are adding the encrypted value to the query string browsers interpret a + as a space. So we have to replace it back the way it was before decrypting the string. The article relies on the caller function to handle that. I moved it inside my decrypt function so I don't have to remember to do it each time.
Here is my updated class. One thing to note is that I made them shared functions so I don't have to instantiate the class in order to use it.
Imports System
Imports System.IO
Imports System.Xml
Imports System.Text
Imports System.Configuration
Imports System.Security.Cryptography
Public NotInheritable Class Encryption
Public Shared Function Decrypt(ByVal stringToDecrypt As String) As String
Dim inputByteArray(stringToDecrypt.Length) As Byte
Dim key() As Byte = {}
Dim IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}
Dim encryptionKey As String = ConfigurationManager.AppSettings("EncryptionKey")
Dim des As New DESCryptoServiceProvider()
Dim ms As New MemoryStream()
Dim cs As CryptoStream
Try
stringToDecrypt = stringToDecrypt.Replace(" ", "+")
key = System.Text.Encoding.UTF8.GetBytes(Left(encryptionKey, 8))
inputByteArray = Convert.FromBase64String(stringToDecrypt)
cs = New CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write)
cs.Write(inputByteArray, 0, inputByteArray.Length)
cs.FlushFinalBlock()
Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8
Return encoding.GetString(ms.ToArray())
Catch ex As Exception
Throw New Exception(ex.Message)
End Try
End Function
Public Shared Function Encrypt(ByVal stringToEncrypt As String) As String
Dim key() As Byte = {}
Dim IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}
Dim encryptionKey As String = ConfigurationManager.AppSettings("EncryptionKey")
Dim des As New DESCryptoServiceProvider()
Dim ms As New MemoryStream()
Dim inputByteArray() As Byte
Dim cs As CryptoStream
Try
key = System.Text.Encoding.UTF8.GetBytes(Left(encryptionKey, 8))
inputByteArray = Encoding.UTF8.GetBytes(stringToEncrypt)
cs = New CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write)
cs.Write(inputByteArray, 0, inputByteArray.Length)
cs.FlushFinalBlock()
Return Convert.ToBase64String(ms.ToArray())
Catch e As Exception
Return e.Message
End Try
End Function
End Class
Labels: .NET
posted by Tom Becker at
|
The Sharks
I know this post is a bit late in the week for my weekly softball game review, but hey this is my blog...don't judge me.
Last week Scared
Hitless took on the Sharks, and we ended up splitting the series. We won the first game pretty soundly. We had some good defense, even if we did have a few errors on our part. And we held them to 5, while we racked up 11 runs. The first game went really well. I don't have many comments on this game, other than the fact that even though I was up twice I didn't connect once, they walked me both times. A little sad about that. It isn't doing much for my batting average.
The second game was very different from the first. It started off with the skies opening up a bit and we got rained on. So that was fun, got to play in the mud a bit. And that was pretty much the only fun thing about that game. We got trounced 11-0. I don't know what happened between the first and second game, but it wasn't good. My theory is that we got cocky and thought we would just roll over them again. And by the time we saw that wasn't going to happen, it was to late to come back and our spirit was broken.
No games this weekend since it is Memorial day. But in the mean time head over to the Chesterfield county web site and check out our
standings. We are in the Co-ed yellow Sunday league. We are currently tied for 3rd with the Sharks interestingly enough.
Labels: Softball
posted by Tom Becker at
|
Monday, May 12, 2008
The Shell Shockers
Yesterday we played a team that spawned from ours this year. Last year we had a player on our team that left unexpectedly. After a game one day she, lets call her Miss Piggy*, left a message on the other captain's voice mail saying that she wasn't going to play anymore and that we were just gonna have to deal with it. And that was it. She wouldn't return any of our phone calls.
It was no real secret that I was not a fan of Miss Piggy, so I wasn't to sad she left. So fast forward to the coaches meeting at the beginning of the season. She and her boyfriend, lets call him Beaker**, wouldn't even make eye contact with us. They also snaked our pitcher from last year too.
OK, so there is why we have a bit of tension between the two teams. So the first game we win due to forfeit since they can't field a team. So technically we won that game. We wait around for about an hour and they are finally able to field a team by cherry picking from other teams. We allow them to play with only 8 fielders (normally you need 10) and they will only take 1 ghost out instead of the 2 that they should take. So we are making an effort to at least be civil. We even give them one of our players to play catcher.
So anyway. The game starts, and we are doing ok. Then the bottom of their line up comes up which they have chosen to stack with 3 guys in a row, when it is supposed to be boy-girl batting. Since they only have 3 girls playing not much we can do. So this game was barely legal. So they get up 3-0 first inning. At this point neither Miss Piggy nor Beaker have gotten on base, which makes me happy. Second inning we tie it up to 4-4. Third inning we didn't score so bottom of the third with like 6 minutes left they score 2. So they are over there gloating their win. So i'm pretty upset about this game.
And to put the icing on the cake Miss Piggy and Beaker don't even bother doing the whole good game high five thing with some of our players.
So we still have a tied season, 3-3. But an upsetting lose this week.
*Miss Piggy cause she is a
big girl
**Beaker cause he never talks and has funny hair
Labels: Softball
posted by Tom Becker at
|
Wednesday, May 7, 2008
CSS Selector's specificity
A co-worker came by late yesterday to ask a
CSS question. He was having some trouble with duplicate style definitions over riding each other. I mentioned to him that the order of things sometimes makes a difference, and that I think some things are more "important" than others.
What I didn't realize is that it goes much deeper than my cursory understanding of how CSS rules are applied. I thought in general whatever comes last wins. But I was wrong. Enter selector specificity.
According to the W3C there are very specific rules to how the CSS rules get applied. From their
site:
A selector's specificity is calculated as follows:
- count the number of ID attributes in the selector (= a)
- count the number of other attributes and pseudo-classes in the selector (= b)
- count the number of element names in the selector (= c)
- ignore pseudo-elements.
Concatenating the three numbers a-b-c (in a number system with a large base) gives the specificity.
Here is
another take on it. It maybe a little bit easier to understand, and a little bit more Star Wars'y (not to sure if that is a word...). Good article all around
So selector specificity is a little confusing but it is really just counting, and will hopefully eliminate a little bit of the confusion that is CSS.
Labels: CSS
posted by Tom Becker at
|
Monday, May 5, 2008
The Interior Guys
So after a frustrating number of rain outs we finally were able to play a little softball this weekend. Our opponents were the Interior Guys. I'm guessing it was some sort of construction company kinda thing, but no idea. Anyway, back to the games. We logged our first two W's against these guys. Over all the games went alright, but there were a few things that annoyed me.
The first game we were batting first. And by the end of the first inning we had already won the game. Their pitcher wasn't giving us anything to swing at, she was only throwing balls. So we were just standing there, which is pretty unusual for us, we normally swing at everything. I was happy about that. We were waiting for pitches and not swinging at everything that came by. Our games last 50 minutes a piece, and that first inning lasted for 35 minutes. So that should tell you something. So they finally strike out a few people and we take the field. They score three runs, most of which came by the way of an out of the park home run, which is pretty impressive. So in pretty quick succession we get them out. And it is our turn to bat again. This is when the ump came up to us and told us that if we didn't swing at the first pitch, no matter what it was, he was going to be a jerk the next game and call everything as strikes. So next time I am up to bat, I have to swing at this pitch that hit the dirt a good 6 inches before the plate. So I felt pretty dumb about that, but hey, what can you do? The next pitch though we decent enough, and I hit a line drive over second base for a triple. The final score on that game as 20-3. I'm not sure why the slaughter rule didn't kick in...but whatever.
The second game was a bit more interesting. They switched pitchers, he wasn't much better than their first but he was getting them over the plate. The final score on this game as 7-3 us. We played some good defense and over all this game was a lot more fun since we weren't just rolling over them. I think we could have racked up a lot more points this game if the ump didn't kill our streak from the first game. I think it was all mental. Most of their team were gracious in defeat, so that was good too. Over all a good day for Scared Hitless.
Looking forward to next week when we play our rivals the Shell Shockers.
Labels: Softball
posted by Tom Becker at
|
