StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
831985
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2009-05-06T21:57:39.653
FavoriteCount
0
LastActivityDate
2009-05-06T22:10:10.247
LastEditDate
2017-05-23T10:33:03.743
LastEditorUserId
-1
OwnerUserId
62830
ParentId
831968
PostTypeId
2
Score
3
ViewCount
0
LastEditorDisplayName
text
Body
Check authorization on ALL controller actions, both GETs and POSTs. Authorize not for session, but for each request once again. Server validation is a must. Also enforce some amount of data integrity on the database level. Fail as soon as you detect some exceptional situation. Don't try to recover and handle all possible scenarios to please the user. Don't rely on user identification like username stored in cookies. It can be replaced. Add something more and unique to that. Cookies can also be stolen and transfered to another PC. Consider the option to check an IP address (for example) to get some assurance you are not tricked. Limit user operation amount per time unit. Don't allow to make 100 submits in a minute. All user inputs have to sanitized. Yes, worry about SQL injections. Don't store passwords in plain text. Hash them. If someone breaks into your system, they can misuse the passwords by assuming the user has the same password to access his email account, banking system etc. Another good idea could be not to use the public nickname, email or something else known publicly as a login name. Allow user to use a login to perform login operation, and a different name to represent them publicly on the site. Actually, check out this thread. It has a good summary of that kind of knowledge. <a href="https://stackoverflow.com/questions/72394/what-should-a-developer-know-before-building-a-public-web-site">What should a developer know before building a public web site?</a>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POSecurity considerations for intranet developer making public facing website?
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. USCommunity
UserOwnerUserId
1. USUser
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. POSecurity considerations for intranet developer making public facing website?
 singulars
 PostTypePostTypeId
 PTQuestion
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
2. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTUpMod
3. VO
 singulars
 PostPostId
 PO
 UserUserId
 This table or related slice is empty.
 VoteTypeVoteTypeId
 VTAcceptedByOriginator
CommentsPostId
1. CODoes HttpContext.User.Identity.Name look at the cookie?
 singulars
 PostPostId
 PO
 UserUserId
 USDan
2. COCannot say. I do not use ASP.NET membership, but rather my own authentication/authorization implementation. If there is an option of keeping the user logged in between sessions, then there is probably a cookie in play.
 singulars
 PostPostId
 PO
 UserUserId
 USUser

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.