What is the MVC Pattern (Model View Controller Pattern)?

The MVC Pattern (Model View Controller Pattern) is based on the concept of designing an application by dividing its functionalities into 3 layers. Its like a triad of components. The Model component contains the business logic, or the other set of re-usable classes like classes pertaining to data access, custom control classes, application configuration classes etc. The Controller component interacts with the Model whenever required. The control contains events and methods inside it, which are raised from the UI which is the View component.

Consider an ASP.NET web application. Here, all aspx, ascx, master pages represent the View. The code behind files (like aspx.cs, master.cs, ascx.cs) represent the Controller.

The classes contained in the App_Code folder, or rather any other class project being referenced from this application represent the Model component.

Advantages:

* Business logic can be easily modified, without affecting or any need to make changes in the UI.

* Any cosmetic change in the UI does not affect any other component.

 

When do we use a DOM parser and when do we use a SAX parser?

DOM: Document Object Modal
SAX: Simple API for XML

The answer to above question is,

the DOM Approach is useful for small documents in which the program needs to process a large portion of the document whereas the SAX approach is useful for large documents in which the program only needs to process a small portion of the document.

Cross Site Scripting (XSS)

What is cross site scripting? 

Cross site scripting “XSS” in short is a way using that hacker can inject the JavaScript into your web page.

Cross site scripting used to trick users into running JavaScript code and also used to steal the cookies data.

Let’s take a simple example to understand this, lets say you have the below URL and you are submitting the request to server using the GET method

URL:  Register.aspx?Email=abc@xyz.com

and after submitting this request your web site storing the same into database and also executing the same request server side as well as client side.

What hackers do, they change the URL like shown below and submit the same

Register.aspx?Email=<script>alert(“Gotcha!”);</script>

So, when you take this data from database or read it from query string then system will show the alert message with “Gotcha!” as the text.

This is the simple example, hackers can do many major activities and harm your web site and they succeed because “Cross Site Scripting” is done via another web site and since it is done using JavaScript browser allow it as browser trusts JavaScript.

Browsers also allow the JavaScript to access the cookies data, so whatever information you are storing into the cookies related to user hacker can hack the same, change the value and submit it back.

Solution to XSS:

Sanitize the dynamic data coming as input or that gets output to the browsers. This data can be in the form of HTML, XML, JSON, JavaScript, etc.

Sanitize the data while storing the same into database or retrieving it from database.

Sometimes HTML must allowed (Content Management System), use the concept of Black listing and White listing in order to allow / prevent the tags to be used along with content being displayed on the site.

Recommended solution is to use the White Listing solution for CMS tags. Apart from these tags sanitize everything else.

Copy one tree view to another – Recursive Method

Below is the practical example of recursive method to copy one tree view control’s nodes into another tree view.

aspx file code:
TreeView

CSharp file code:

private void IterateTreeNodes(TreeNode originalNode, TreeNode rootNode)
    {
        foreach(TreeNode childNode in originalNode.ChildNodes)
        {
            TreeNode newNode = new TreeNode(childNode.Text);
            newNode.Text = childNode.Text;
            rootNode.ChildNodes.Add(newNode);
            IterateTreeNodes(childNode, newNode);
        }
    }
    protected void btnCopyTreeView_Click(object sender, EventArgs e)
    {
        foreach (TreeNode originalNode in TreeView1.Nodes)
        {
            TreeNode newNode = new TreeNode(originalNode.Text);
            newNode.Text = originalNode.Text;
            TreeView2.Nodes.Add(newNode);
            IterateTreeNodes(originalNode, newNode);
        }
    }

Password Encryption

In this article we will discuss why Password encryption is important and how to do it.

In many web site user authentication is done and this authentication is taken care by using user name and password to verify user details to allow him to perform different operations using the web site. The most import thing here is, if you store the user password in plain text and then validate it when user enters the credential in order to perform different activities then you are basically compromising the user on your web site and also on other web sites as user can use the same password for other web sites as well. This should not be the case. So, what is the best way to handle this problem. The answer to this is ENCRYPTION.

The encryption also should be One-Way encryption. What does one way encryption means? One way encryption means non-reversible (will never decrypt), even by us also.

The best technique to achieve this is to hash the password using Hashing Algorithm.

i.e. Same inputs + same hashing algorithm = same output.

The logic to implement and validate involve below steps:

1) Encrypt the user password using hashing algorithm and then store it.

2) Encrypt the user attempted password for authentication and then compare against the stored password.

Below is the list of few hashing algorithm available:

  • MD5
  • SHA-1
  • SHA-2 (SHA-256, SHA-512)
  • Whirlpool
  • Tiger
  • AES
  • Blowfish

Example using C#:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Security.Cryptography;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            string strPass = HashString("Password1");
        }

        public static string HashString(string strPass)
        {
            byte[] b = ASCIIEncoding.ASCII.GetBytes(strPass);
            SHA1 sh = new SHA1CryptoServiceProvider();
            sh.ComputeHash(b);
            byte[] hsh = sh.Hash;
            string pass = "";
            for (int i = 0; i < hsh.Length; i++)
            {
                //change it into 2 hexadecimal digits
                //for each byte
                pass += hsh[i].ToString("x2");
            }
            return pass;
        }
    }
}

Note*: In order to implement Hashing you need add the reference of System.Security dll and import/use System.Security.Cryptography namespace.

Html Basic-Introduction

The first step in learning any new language is to learn the basics. HTML (Hyper Text Markup Language) is actually a very simple and easy to learn language.
HTML is made up of tags. There are two kinds of tags; opening and closing tags. Opening tags are pieces of text contained in “<>” and looks like the following: <tag>.On the other hand the closing tags have a structure like the following with a </tag>.
The whole structure of the tags are like the following:

<opening tag>
</closing tag>

The information put in between the opening and the closing tags are applied the functionality of the tag.

For example:
The use of the <body> tag for the body of the web page

<body>
Your web page body text will be placed here
</body>

Structure of HTML Page

Below is the structure for the HTML page.

<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN”
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”&gt;
<html xmlns=”http://www.w3.org/1999/xhtml&#8221; >
<head>
<title>Titled for the page</title>
</head>
<body>

</body>
</html>


<!DOCTYPE> tag

This tag is the first thing in a HTML document. This is not a HTML tag exactly, but it tells the web browser what version of the markup language the web page is written in. 
Doctype also refers to a Document Type Definition (DTD). Document Type Definition (DTD) specifies the rules for the markup language to make sure that the content is rendered properly by the browser. 


<html xmlns></html> tag

The <html> tag indicates the browser that this is the beginning of a HTML document, and the </html> tag indicates the browser that this is the end of the HTML document.
The xmlns attribute within the starting <html xmlns> tag specifies the xml namespace for a document. This attribute is compulsory in XHTML but is invalid in HTML. However the HTML validator at w3.org does not mind if this attribute is missing in the XHTML document. The reason is because the attribute is added to the tag automatically and set to the following by default. “xmlns=http://www.w3.org/1999/xhtml”


<head></head> tag

This tag contains the head elements of the web page. The head elements within the tags can include configuration options like scripts, instruction to the browser to find and load Style Sheets, meta information, etc. Some of these tags include:
<base></base> 
<link></link> 
<meta></meta> 
<script></script> 
<style></style> 
<title></title>

<base></base> tag

The HTML <base> tag is used to specify a base URI, or URL, for relative links.

For example, you can set the base URL once at the top of your page in header section, then all subsequent relative links will use that URL as a starting point.

<link></link> tag

The HTML Link Element (<link>) specifies relationships between the current document and an external resource. This Element is most used to link to style sheets.

<meta></meta> tag

Metadata is data (information) about data.
The <meta> tag provides metadata about the HTML document. Metadata will not be displayed on the page.
Meta elements are typically used to specify page description, keywords, author of the document, last modified, and other metadata.
The metadata can be used by browsers (how to display content or reload page), search engines (keywords), or other web services.

<script></script> tag

The <script> tag is used to define a client-side script, such as a JavaScript.
The <script> element either contains scripting statements, or it points to an external script file through the src attribute.

<style></style> tag

The <style> tag is used to define style information for an HTML document.
Inside the <style> element you specify how HTML elements should render in a browser.
Each HTML document can contain multiple <style> tags.

<title></title> tag

This tag defines the title of the HTML document. The <title></title> tag is required in all HTML/XHTML documents. This element defines a title to the browser toolbar, provide a title for a web page when it is added to the favorites and displays a title for the page in search-engine results.


<body></body> tag
This tag defines the body of the web page. The <body></body> tag contains all the contents of a HTML web page like text, hyperlinks, images, tables, lists, etc. This is the most important tag of the web/HTML document.