ASP.NET中的XML配置 [英] XML configuration in ASP.NET

问题描述

xml配置文件包含用于在网页上显示数据的SQL查询。数据库中有3个表。实现它的最佳方法是什么？

The xml configuration file is containing the SQL queries to be used to display the data on the web page.There are 3 tables in the DB. What is the best way of achieving it?

<?xml version="1.0" encoding="UTF-8"?>

-<grid table="Declaration">

<primary_key>DeclarationGUID</primary_key>

<query> SELECT DeclarationGUID, SequenceNum, AcceptanceDate, CommercialRefNum, DeclarantId, DeclarantPostalCode, DeclarantAddressLine1 + DeclarantAddressLine2 AS DeclarantAddress, DeclarantCity, DeclarantRegion, DeclarantCountry FROM Declaration </query>


-<grid table="GoodsItem">

<foreign_key>DeclarationGUID</foreign_key>

<primary_key>GoodsItemGUID</primary_key>

<query> SELECT DeclarationGUID, GoodsItemGUID, SequenceNum, CommodityCode, NetWeight, GrossWeight, DescriptionOfGoods FROM GoodsItem WHERE DeclarationGUID=@@DeclarationGUID@@ </query>


-<grid table="GoodsItemGUID">

<foreign_key>DeclarationGUID</foreign_key>

<foreign_key>GoodsItemGUID</foreign_key>

<primary_key>ContainerGUID</primary_key>

<query> SELECT DeclarationGUID, GoodsItemGUID, ContainerGUID, Identifier FROM GoodsItemContainer WHERE GoodsItemGUID=@@GoodsItemGUID@@ </query>

</grid>

</grid>

</grid>

推荐答案

这不是最好的方式，或者以任何方式存储您的应用程序的好方法XML文件中的实际业务逻辑（SQL查询），任何能够绕过您的身份验证的用户都可以轻松地读取此文件的内容，并且只需一次SQL注入命令，他就可以删除所有数据和/或删除数据库的架构。方法太糟糕了。



这是一个糟糕的方式的另一个主要问题是，你的开发人员需要两倍的时间;如果你有一个团队它首先要求他们将XML反序列化为对象，然后使用其节点和成员，您必须提取命令字符串然后执行它们。机器周期的浪费太多。



这样做的好办法就是记住外键;一个好的开发人员必须知道如何定义他的数据库的模式。其次，命令必须在您的实际逻辑页面中;无处。既然你在谈论ASP.NET。我将指导您保留这些方法并使用MVC框架，它具有一些可用于保护Web应用程序的模式。你可以阅读这篇文章 [ ^ ] to了解有关此框架的更多信息。

This is not the best way, or any way a good way of storing your application's actual business logic (the SQL queries) in an XML file, any user if able to bypass your authentication would easily be able to read the content of this file, and upon a single command of SQL Injection, he could possibly delete all of your data and/or delete the schema of your database. Too bad approach.

Another major thing that this is a bad way, is that it would require double time by your developers; if you're having a team. It would first require them to deserialize the XML into an object, and then using its nodes and members you should have to extract the string of commands and then execute them. Too much wastage of machine cycles.

A good way of doing this would be, to remember the foreign keys; a good developer must know how the schema of his database is defined. Secondly, the commands must be in your actual logic page; no where else. Since you're talking about ASP.NET. I would guide you to leave these methods and use MVC framework, which has a few patterns that you can use to secure your web application. You can read this article[^] to learn more on this framework.

这篇关于ASP.NET中的XML配置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！