Question

1 Approved Answer

Posted on Sep 22, 2024

You should never display any type of exception to the user. This is because a possible hacker can use the information during the reconnaissance phase

You should never display any type of exception to the user. This is because a possible hacker can use the information during the reconnaissance phase of a hacking attack.

Because of that, you should always use Try-Catch when running a code that might give you problems. Then, deal with the exception and, if appropriate, show an error page to the user without revealing any information.

use the try-catch on the DALPerson to make sure that anything that goes wrong there will not display an information that might help the hacker.

image text in transcribed

public class DALPerson private IConfiguration configuration; 2 references public DALPerson (IConfiguration configuration) { this.configuration = configuration; } 2 references internal LinkedList GetAllPerson() //Step #1 - Connect to the DB string connStr = configuration.GetConnectionString("My ConnString"); SqlConnection conn = new SqlConnection(connStr); conn.Open(); //Step #2 - create a command string query = "SELECT FName, LName, email, phone, PersonID, UserName, Password, PersonID FROM Person"; SqlCommand cmd = new SqlCommand (query, conn); //Step #3 - query the DB SqlDataReader reader = cmd.ExecuteReader(); LinkedList allPerson = new LinkedList(); // get all data coming from the DB while (reader.Read()) Person Model pm = new PersonModel(); pm. FName = reader("FName"].ToString(); pm. LName = reader["LName"].ToString(); pm. Email = reader["email").ToString(); pm.Phone = reader["phone"].ToString(); pm.UserName = reader("UserName"].ToString(); pm.PersonID = reader["PersonID"].ToString(); pm.Password = reader("Password").ToString(); // add to the linked list allPerson.AddLast(pm); // return the linked list return allPerson; 1 reference internal PersonModel CheckLoginCredentials (CredentialModel cm) { //Step #1 - Connect to the DB string constr = configuration.GetConnectionString("MyConnString"); SqlConnection conn = new SqlConnection(connStr); conn.Open(); //Step #2 - create a command SqlCommand cmd = new SqlCommand("GetUseNameByUseNameID", conn); cmd.CommandType = CommandType. StoredProcedure; cmd.Parameters.Add(new SqlParameter("@UserName", "1")); cmd.Parameters.Add(new SqlParameter("@Password", "1")); PersonModel ps = null; //Step #3 - query the DB SqlDataReader reader = cmd.ExecuteReader(); if (reader.Read()) ps = new PersonModel(); ps. PersonID = reader["PersonID"].ToString(); ps. FName = reader["FName"].ToString(); //Step 4 conn.Close(); public class DALPerson private IConfiguration configuration; 2 references public DALPerson (IConfiguration configuration) { this.configuration = configuration; } 2 references internal LinkedList GetAllPerson() //Step #1 - Connect to the DB string connStr = configuration.GetConnectionString("My ConnString"); SqlConnection conn = new SqlConnection(connStr); conn.Open(); //Step #2 - create a command string query = "SELECT FName, LName, email, phone, PersonID, UserName, Password, PersonID FROM Person"; SqlCommand cmd = new SqlCommand (query, conn); //Step #3 - query the DB SqlDataReader reader = cmd.ExecuteReader(); LinkedList allPerson = new LinkedList(); // get all data coming from the DB while (reader.Read()) Person Model pm = new PersonModel(); pm. FName = reader("FName"].ToString(); pm. LName = reader["LName"].ToString(); pm. Email = reader["email").ToString(); pm.Phone = reader["phone"].ToString(); pm.UserName = reader("UserName"].ToString(); pm.PersonID = reader["PersonID"].ToString(); pm.Password = reader("Password").ToString(); // add to the linked list allPerson.AddLast(pm); // return the linked list return allPerson; 1 reference internal PersonModel CheckLoginCredentials (CredentialModel cm) { //Step #1 - Connect to the DB string constr = configuration.GetConnectionString("MyConnString"); SqlConnection conn = new SqlConnection(connStr); conn.Open(); //Step #2 - create a command SqlCommand cmd = new SqlCommand("GetUseNameByUseNameID", conn); cmd.CommandType = CommandType. StoredProcedure; cmd.Parameters.Add(new SqlParameter("@UserName", "1")); cmd.Parameters.Add(new SqlParameter("@Password", "1")); PersonModel ps = null; //Step #3 - query the DB SqlDataReader reader = cmd.ExecuteReader(); if (reader.Read()) ps = new PersonModel(); ps. PersonID = reader["PersonID"].ToString(); ps. FName = reader["FName"].ToString(); //Step 4 conn.Close()