Quick 'n' Easy Spaghetti Bolognese

There is nothing better than making a nice and simple homemade spaghetti bolognese. The ingredients are very easy to get hold of, and most people will have them in their cupboards at home. With minimal cost this recipe is well work making.

Quick 'n' Easy Spaghetti Bolognese

500g Minced Beef (or any other minced meat you wish to use)
1 Large Onion, chopped
100g Mushrooms, sliced
1 Tin Chopped Tomatoes
1 Dessert Spoon Tomato Puree
1 Tsp Sugar
Seasoning (I use Garlic italian seasoning)
Spaghetti (Approx 50g per person)

1) Fry mince and onions until brown.

2) Add mushrooms, tomatoes, tomato puree, sugar and seasoning and stir well.

3) Leave to simmer, stir occasionally.

4) Meanwhile bring a saucepan of water to the boil.

5) Add spaghetti and cook until soft.

6) Serve on a plate and sprinkle with grated or parmesan cheese.

Protecting from SQL Injection attacks ASP.NET

Protecting from SQL Injection attacks in ASP.NET


Anyone who has created or developed upon enterprise web sites will understand the importance of protecting from SQL injection attacks. Leavng such vunerabilities open can lead too the entire data being compromised, and if you haven't followed stringent data protection rules in regards to encrypting personal & sensitive data...... you could be in a heap of s!%$ if somebody get's hold of your database tables.

In this article we will look at a few ways in which you can help prevent these kind of attacks.

What is a SQL Injection attack?

A SQL Injection attack is a technique whereby a hacker can execute un-intended commands on the database server by taking advantage of un-sanitized input opportunities within the website.

The implications of a SQL injection attack are going to largely depend on the context in which the server is hosted, and also which database schema the database is being manipulated by.

For example, if the schema is 'dbo' - as with alot of databases you will probably find... then the malicious intruder could drop tables, delete & or modify data, even create new tables never intended to be used and potentially freeze the server out by filling up the database with millions of records. A nice scenario eh?. There is a worse case though....

If the schema modifying the database is the SQL 'sa' master user, then you could well and truly be in the proverbial.... a malicious user would be able to control the entire SQL Server in which the database resides on. This is obviously a complete disaster, and you will probably find yourself in a whole heap of trouble.

So now we have established that SQL Injection attacks are a very bad thing, what can we do to prevent these kind of attacks happening? Let's take a look.

How to protect from SQL Injection attacks

Luckily, there is some useful routines for protecting from SQL injection attacks.

Step 1 - Constraining the input data

By constraining the input data, you can go a long way to ensuring that a malicious user is not trying to insert instrusive code. This can be done by using the Regex class, to constrain input to a range of data that you are already expecting.

Step 2 - Use paramaterized SQL Stored procedures

Using SQL Stored procedures does NOT guarantee that you will not suffer a SQL Injection attack, but using Parameters means that values that are passed into the query are treated as a literal value, and not executeable code.

You can also specifiy the parameter length, which is handy because if the data placed into the parameter object is longer than the valid length, the SqlParameter class will throw an exception.

Step 3 - Use parameters if you must use Dynamic SQL

If you do not have access to stored procedures, and are forced to use in-page dynamic SQL, you should also use parameters for this as well. The same reasons apply for the Stored Procedure route.

Step 4 - Use escape routines to handle special characters

In situations where parameterized SQL cannot be used (I strongly advise you do all you can to do this however....) you need to protect yourself from characters that are considered special by SQL server. If these are not handled, characters such as the single quote can beused to deliver SQL Injection attacks.

A way around this is to write a routine such as the one below:

private string SafeSqlLiteral(string inputSQL)
{
return inputSQL.Replace("'", "''");
}

This will add an escape character to the character that has a special meaning to SQL Server, thus rendering them harmless.

Step 5 - Use the least privileged database account possible

If you are using windows authentication to connect to SQL Server through your application, the account used should be least privilaged from an operating system point of view and should have limited privilages to access system resources.

By default, in the scenario where the application talks to a database on a different server within the same domain, the NetworkService account is used, this is a low privilage account.

Also ensure the database account used is low privilage. The best idea is to create a new login with restricted permissions assigned to a low provilage role within the database. Then, establish permissions so the newly created user can access only the tables/stored procedures that are needed by the application user.

Step 6 - Never disclose debug error information

This one is a given really, but you should never disclose debug error information too the end user, as it could be used for malicious purposes.

To achieve this, you can set the CustomErrors property in the websites config file. Here is the code:

Conclusion

That concludes our small look into how you help prevent being the victim of a SQL Injection attack, why not come back next time for some more helpful tips!

Age of Conan Early Access

Age of Conan's early access starts today. For those of you lucky enough to have pre-ordered and recieved your early access code you should know you've been able to download the client for a few days now. The servers finally open today a full 6 days before the full game is released.

If you're wondering which realm you want to pick then this post on the Age of Conan website has the full list that'll be available today.

I've been downloading the client myself and at 13gig it's a pretty hefty size. I would have had it completed by now if it didn't crash the other day and corrupt what it had downloaded already. If you're going to be playing it soon post a comment and let us know what you think of it !

Ped Egg in the UK

Ped Egg

Heard about the new Ped Egg pedicure device but not sure where you can find out some information about it ? Try heading over to this Ped-Egg site and checking out some video's and testimonials of what people think of it.

It's been a big hit in the US and seems to be making it's way over to the UK via the shopping channels at the moment.

New Series of Smallville

Season 7 of Smallville is due to hit UK TV screens soon. The new series starts on the 27th May on E4 at 9pm. Season 6 was the best yet with only a couple of 'dodgy' episodes so here's hoping that season 7 will be just as good if not better !

Don't forget to set your Sky+ !

Vegetable Soup

Here is a quick and simple recipe, which takes hardly any time at all to make. It really is delicious and any soup haters out there will change their minds about this one!

Vegetable Soup

1 Onion, chopped
3 Carrots, sliced
3 Potatoes, diced
1/2 Swede, diced
1 Pint Vegetable Stock
50g Peas
Salt and Pepper

1) Gently fry the onion in a little butter until soft.

2) Add the carrots, swede, potato and vegetable stock.

3) Bring to the boil, then simmer until all of the vegetables are soft. (You may need to add a little bit more liquid if the level drops too low).

4) Once all of the vegetables are soft, pour the mixture into a blender and blend until thick.

5) Pour the soup back into the pan, then add the peas.

6) Heat through until the peas are cooked.

7) Serve with some crusty bread!

Anytime Pasta

Here is a fantastic easy recipe which I can guarantee you will love. As the title suggests it is great for all of the family - my kids love it!

Anytime Pasta

250g Pasta
3tbsp Mayonnaise
2 Large Tomatoes
1/4 Cucumber
100g Sweetcorn
100g Ham

1) Boil the pasta until soft, then drain and leave to cool.

2) Add the mayonnaise to the pasta and stir well.

3) Dice the tomatoes, cucumber and ham then add to the pasta.

4) Add the sweetcorn then stir well.

5) Serve and enjoy!