Beginning ASP.NET SecurityISBN: 978-0-470-74365-2
Paperback
436 pages
March 2010
This title is out-of-print and not currently available for purchase from this site.
|
Do you think you've discovered an error in this book? Please check the list of errata below to see if we've already addressed the error. If not, please submit the error via our Errata Form. We will attempt to verify your error; if you're right, we will post a correction below.
Chapter | Page | Details | Date | Print Run |
---|---|---|---|---|
80 | Error in Code code lines: if (csrfCookie.Value.Equals(tokenField)) throw new Exception("Mismatched CSRF tokens");should read: if (!csrfCookie.Value.Equals(tokenField)) throw new Exception("Mismatched CSRF tokens"); |
7/31/11 | ||
6 | 128 | Typo in code Third line in both pieces of code on this page: // Create an instance of our encyrption algorithm. should read: // Create an instance of our encryption algorithm. |
15 February 2010 | |
6 | 133 | Typo in figure caption Caption to Figure 6-2: Key use in symmetric encryption should read: Key use in asymmetric encryption |
15 February 2010 | |
197 | Error in Text The section “Adding a user to a database” should read: Just because a login exists and can connect to SQL Server it doesn’t gain access to any databases. You must first grant an account access to the database. You can do this with the following SQL command: USE [exampleDatabase] GO CREATE USER Olle FOR LOGIN Olle; GO This command creates a user within the database it is run in, in this example you first switch to the database exampleDatabase and then create a user Olle within for the SQL login account Olle. The user you create in a database does not have to have a name that matches with the actual login. If you want to create a user for a Windows login already granted access to SQL then you use the full Windows login details in the command, for example: CREATE USER NetworkService FOR LOGIN [Puck\Network Service]; This command creates a user NetworkService for the Network Service account on the machine Puck, assuming you have already granted that Windows account access to the SQL server as described previously in “Connecting without Passwords”. You can use square brackets, [ and ] to enclose user names or account names if they contain spaces. However adding a user to a database is only the first step, these new user accounts cannot do anything without some further work. |
4/27/10 | ||
199 | Error in Text ... remove permissions from everyone else, as shown here: DENY SELECT ON employee TO Public should be: As you can imagine, salary is sensitive data, and you would not want to allow anyone who has not been authorized to view this data. If you cannot use stored procedures, you can use views to limit access. First, you remove permissions on the table itself from everyone in the Public role using the following command: DENY SELECT ON employee TO Public Then you specifically grant table permissions to those who are allowed access (the Accounting role, for example, for ad-hoc reporting) using the following command: GRANT SELECT ON employee TO Accounting |
4/27/10 | ||
10 | 251 | Change in Code Change in Code Listing 10-11: public static bool VerifySignature(XmlDocument document, out X509Certificate signingCertificate) { // Create a new SignedXml object and load // the signed XML document. SignedXml signedXml = new SignedXml(document); // Find the "Signature" node and create a new // XmlNodeList object. XmlNodeList nodeList = document.GetElementsByTagName("Signature"); if (nodeList.Count <= 0) { throw new CryptographicException("No signature found."); } // Load the first |
28 January 2010 | |
Index | 412 | Typo in Index Index entry refers to: XMLTs (XML Transformations), 234 should read: XSLTs (XML Transformations), 234 |
15 February 2010 |