Here I document some issues for searching of which I spent more then 15 minutes
today I want to write a simple note on how to make stored procedures in MS SQL server which are protected from SQL injections.
Below goes example of SQL stored procedure, that is vulnerable to SQL injection attacks:
-- Bad code, don't use it ever
CREATE PROCEDURE SearchCustomers
DECLARE @query VARCHAR(100)
SET @query = 'SELECT * FROM Customer WHERE NAME LIKE ''%' + @searchCust + '%'''
Why it is bad? Because if somebody passes into @searchCust value or 1=1 --- then SQL will return all customers. If to add a bit more creativity it's possible to get from that database plenty of information.
If you wonder, … more
today I want to mention top 10 security risks according to OWASP ( Open Web Application Security Project ):
Cross Site Scripting
Broken Authentication and session management
Insecure direct object references
Cross site request forgery
Insecure cryptographic storage
Failure to restrict url access
Insufficient transport layer protection
Unvalidated redirects and forwards
This top 10 is 10 technology independent ways of checking security of any web site independently of used technologies: either .Net or PHP or Java Server Pages or NodeJS more
today I want to present schema of something named Proof of Work.
There are people which better understand situation with pictures then with words. Also there is a saying one picture is worthy thousands of words.
First of all, imagine, that all blockchain is 6 computers. All of them of course connected. For example like on the picture:
Computer 5 is in another colour for a reason. Read next part and you'll get why.
Next think, imagine, that we have in blockchain 4 elements. Like this:
And of course, task. It is needed to add one more chain: blockchain5 to all of this. Here is what will happen:
It's not possible just to add blockchain5 via simple copy in memory … more
today I want to make clear document on units of measure in Ethereum.
Quaintiti in one ETH
Most appropriate uses
Eher( ETH )
Used for denomination of transaction amounts and mining rewards
1 000 000
Currently used for cost of transaction ( 500 szabo )
1 000 000 000
Used for Gas Prices
1 000 000 000 000
1 000 000 000 000 000
1 000 000 000 000 000 000
The base invisible unit used by Solidity programmers
Honestly saying for me it was hard to find this info in such a format. more
today I want to describe how to deal with following warning:
Linebreak-style: Inconsistent line-break style. In Visual Studio Code it looks like this:
In order to get rid of it, I've just used following line about error message:
// solium-disable linebreak-style
and that error message gone.
today I want to write a few words about local blockchain environment for development.
In order to have everything on one machine for development you can consider following tools:
Chrome with metamask
For coding you can use Visual Studio Code ( there are ways of working with Visual Studio Proffesional or Enterprise but I didn't find way for 2017 editions. Only 2015 )
windows build tools ( installed via nodejs )
With list of those tools C# developers will fill themselves more or less in their plate and ready to go for development. At least I fealt :) more
today I want to write few words about global variables in Solidity. First of all I'd like to say that global means not only some global variable that you've declared in your code. Also it means part of memory whicy is automatically provided to your contracts.
In other words global means that those variables are always avaialable for any part.
The first is msg. Those three letter stand for word message and it is a structure that has fields sender, value, data, gas, signature.
For example in order to get sender, you can use following fragment of code:
address owner = msg.sender;
Next very interesting is amoung of ethers send. In order to get it following code can be … more
today I want to write a few words about data types in Solidity, language of programming for Ethereum and how they can be declared.
First of all there are simple types like byte, int, int256, uint128, bool etc. All of them are value types.
There are also bytes, string which are reference types.
Reference types has interesting features.
bytes a; is equal to byte a; in C#.
mapping is something like Dictionary in C#. For example you can make following dictionary Dictionary<string, int> prices; in Solidity like this:
mapping (string => int) prices;
In that case prices will a bit like a Dictionary in C#. For example you can write something like this:
prices["potatoes" … more
today I want to make post about solidity program.
Programs can start from pragma solidity line.
It looks like this:
pragma solidity 0.3.1;
pragma line says what is maximal version in which contract should be compiled.
often you can see line like this:
you can import some file which has extension ".sol" but file name should be without sol ending.
If to speak in analogies in C# or Java everything or almost everything is a class, but in Solidity everything is contract.
It can look like this:
Inside of your contract you can declare any kind of variables which are commonly named state variables.
Declaration goes … more
Today I want to write a few words about what is solidity, and why on Earth it was invented.
Before I'll do that few words about blockchain.
Blockchain consists of two main words: block and chain.
And special feature of blockchain is that it is made in a way, that each new part of it is made with taking into account previous blocks of information ( through hasing ). Another part is that everybody who is involved in blockchain has that information on theirs computers. In other words new additions somehow include information about previous pieces.
Then consider the following. Suppose government of some country want's to print more money. As usually they want to do it for … more