viernes, 25 de octubre de 2019

Understanding method overriding with Python

It is called method overriding to a new definition created within a class, for one or more methods inherited from its superclass. The following example shows how to do it. This example is based on this previous entry: Understanding OOP Inheritance with Python

To override the inherited constructor of the Person class, follow these steps: Enter a new declaration of the constructor method within the Employee class. Add the parameters name,lastname,birthdate,department,email. Within the definition of the constructor add the attributtes self.name, self.lastname,self.birthdate,self.department and self.email then assign the corresponding parameters. Add the following print instruction to the end of the constructor.

Fig 1. Modified constructor

In the main program add two new lines with the following two phrases:

"John works in department"
and concatenate the department attribute of the object John, with a period and
"John's email is "
and concatenate the email attribute of the object John with a period.

Fig 2. Main program

Run the code. As you can see the Jonh instance of the Employee class now accepts three parameters, because the Person constructor has been overriding. In addition, the talk method remains the same inherited from Person.

Fig 3. Running the example
$ py SampleOverriding.py

sábado, 19 de octubre de 2019

Understanding principles of security: Integrity, Creating a Hash

Hashing Properties

Hashing is one-way mathematical function that is relatively easy to compute, but significantly harder to reverse.

  1. The input can be any length.
  2. The output has a fixed length.
  3. The hash function is one way and is not reversible.
  4. Two different input values will almost never result in the same hash values.

Hashing algorithms

The 8-bit checksum is one of the first hashing algorithms, and it is the simple form of a hash function. An 8-bit checksum calculates the hash by converting the message into binary numbers and then organizing the string of binary numbers into 8-bit chucks. The algorithm adds up the 8-bit values. The final step is to convert the result using a process called 2's complement.

Modern Hashing Algorithms

Two of the most popular modern hashing algorithms are MD5 and SHA.

Message Digest 5 (MD5) Algorithm

MD5 is one-way function that makes it easy to compute a hash from the given input data but makes it very difficult to compute input data given only a hash value. MD5 produces a 128-bit hash value.

Secure Hash Algorithm

SHA-2 algorithms are the secure hash algorithms that the U.S government requires by law for use in certain applications. This includes use in other cryptographic algorithms and protocols, for the protection or sensitive unclassified information. SHA-2 replaced SHA-1 with four additional hash functions:

  1. SHA-224 (224 bits)
  2. SHA-256 (256 bits)
  3. SHA-384 (384 bits)
  4. SHA-512 (512 bits)

SHA-2 is a stronger algorithm, and it is replacing MD5. The SHA family is the next-generation algorithms. The following program shows how to implement modern hashing algorithms with C#.
Download the source code here.

Fig 1. Running the program, compare different algorithms.
Fig 2. Running the program, comparing and contrasting different outputs.

When choosing a hashing algorithm, use SHA-256 or higher as they are currently the most secure. In production implement SHA-256 or higher.

jueves, 5 de septiembre de 2019

Understanding principles of security: Integrity

The principles of Security

The foundational principles of security are: confidentiality, integrity and availability. These principles known as the CIA triad is a guideline for information security for an organization.

Integrity

Integrity is accuracy, consistency, and trustworthiness of the data during its entire life cycle. Another term for integrity is quality. Data must be unaltered during transit and not changed by unauthorized entities. Methods used to ensure data integrity include hashing, data validation checks, data consistency checks, and access controls.

Hashes and Checksum

The process of hashing involves passing data through a cryptographic function, called a hash or digest function. This process yields a small - relative to the size of the original data- value that uniquely identifies the data. Depending on the algorithm used, the value's size is usually 128 or 160 bits. Checksum hashing can be used to verify integrity of the data during transfer.

Hashing is a one-way function that creates a fixed-length output (known as the hash, hashing value, fingerprint, message digest, and so on) from an input of any length. Common hash functions include MD5, SHA-1, SHA-256, and SHA-512. These hash functions use complex mathematical algorithms.

For example, Message Digest 5 (MD5) is a 128-bit hash algorithm. This means that no matter what the size of the input data, the output hash will always be 128 bits long. Hashing is not an encryption algorithm. Instead, hashing is used to produce a unique identifier of data without modifying the original data. The data could be a file, a hard drive, a network-traffic packet, or an email message.
The hashed value is used to detect when changes have been made to a resource. For example, when a hard drive is being imaged to create an exact duplicate, a hash is produced of the original drive before the duplication process.

Fig 1. Summary of hashing algorithms

A hash tells you nothing about the data, but it uniquely identifies it. The hashed value is simply there for comparison.

Fig 2. The hash function operates on fixed-size blocks of data

Writing a simple Hash Calculator with AngularJS, HTML5, C# and WCF.

I've written an app to demonstrate how to implement hash functions in a REST Service. The app communicates with a WCF REST service that uses the C# abstract class System.Security.Cryptography.HashAlgorithm to achieve encryption.

  1. The user enters the text to encrypt, selects the algorithm to use.
  2. The user submits the information to the service in order to get the hash code.
  3. The hash web service presents the hash code to the user.
Testing with different algorithms, we can see the length of the output.

Fig 3. Using the MD5 algorithm.
Fig 4. Using the SHA1 algorithm.
Fig 5. Using the SHA256 algorithm.
Fig 6. Using the SHA384 algorithm.
Fig 7. Using the SHA512 algorithm.
Fig 8. Changing the text, we can see a totally different output, but without no changes in the length.

Conclusion

Keeep in mind that hash functions do not encrypt the data. They use the data to make a fingerprint or snapshot of the data that is given to you as a code. That code is used to determine whether or not the data has been altered. If the data you receive has been altered, you will not get the same code number as the original data.


martes, 13 de agosto de 2019

How to use Multiple Active Result Sets with ADO.NET

Multiple Active Result Sets (MARS) is a feature supported by ADO.NET that allows the execution of multiple batches on a single connection. In previous versions, only one batch could be executed at a time against a single connection. When using a MARS-enabled connection, multiple logical batches can be executed on a single connection. Executing multiple batches with MARS does not imply simultaneous execution of operations.

To access multiple result sets using SqlDataReader objects, multiple SqlCommand objects will need to be used. When MARS is enabled, each command object used adds an additional session to the connection.

The following program demonstrates how to use a Sql Server Connection with MARS enabled.

Fig 1. MARS-enabled connection string

martes, 16 de julio de 2019

How to execute simple Database Queries with VB .NET

The SqlCommand class in the .NET Framework Data Provider has four methods that you can use to execute SQL statements:

  1. ExecuteScalar: Executes a query that returns a single scalar value.
  2. ExecuteReader: Executes a query that returns a result set.
  3. ExecuteNonQuery: Executes a data update statements or a catalog update statement.
  4. ExecuteXmlReader: Executes a query that returns an Extensible Markup Language (XML) result set, this method is only avaliable in the SqlCommand class.

To execute a simple database query

  1. Import the System.Configuration namespace
  2. Use the ConfigurationManager.ConnectionStrings property to get a collection of connection strings from the application configuration file.
  3. Index into the collection of connection strings by using the programmatic name of the connection string you want to access.
  4. Use the ConnectionString property to get the connection string information.
  5. Create a connection object.
  6. Create a command object.
  7. If you want to execute an SQL statement, set the CommandType property of the command object to the CommandType.Text enumeration value. If you want to call a stored procedure, set the CommandType property of the command object to the CommandType.StoredProcedure enumeration value.
  8. Call the Open method on the connection object.
  9. Call the ExecuteScalar method on the command object. Assign the result to a suitably typed variable.
  10. Call the Close method on the connection object.

The following example shows how to execute a query to determine the number of products in the AdventureWorks2016CTP3 database on the local SQL Server instance.

Fig 1. Main program
Fig 2. App config
Fig 3. Output program

jueves, 11 de julio de 2019

Understanding OOP Inheritance with Python

One of the most common goals for the OOP is code reusability. Characteristics such as inheritance contributes to achieving this goal.

Inheritance

Inheritance is the most used mechanism to optimise the coding, since it allows to reuse methods defined in superclasses, to define new subclasses. The following example uses the class Person as its superclass.

Fig 1. Inheritance
Fig 2. Person Class

We know that a person also can be an employee in addition to talking, and Employee can show its earnings so we will declare a class called Employee.

Fig 3. Employee Class

Who inherits the talk() method of the Person class to implement inheritance in this example:

Fig 4. Main program

You will notice how the "John" object, which is now an instance of Employee continues to behave as an instance of Person because it has inherited its methods.

Fig 4. Run the example
$ py Sample1OOP.py

lunes, 29 de abril de 2019

Understanding RESTFul (POST, PUT and DELETE) services with Windows Communication Foundation (WCF) and Oracle XE.

The REST model relies on the application that accesses the data sending the appropriate HTTP verb as part of the request used to access the data. HTTP besides GET, the HTTP protocol supports other forms of verbs such as POST, PUT, and DELETE, which you can use in a REST service to create, modify, and remove resources, respectively. Using these verbs you can build WCF services that can insert, update, and delete data.

The good practice is that you use HTTP POST requests to specify operations that can add new records, HTTP PUT requests for operations that update existing data, and HTTP DELETE requests to define operations that can remove records.

POST is an exception in certain regards. POST is frequently misused as DELETE and PUT, because the use of DELETE and PUT is either not permitted or technically impossible from the browser's perspective, and you could use HTTP POST requests to update and delete data.

Use the [WebInvoke] attribute for scenarios POST, PUT and DELETE, you use this attribute to identify a URI, but you can also indicate the type of the request message to which to respond.

In the following example, I will build a REST WCF Service to enable insert, update and delete operations for Oracle HR Schema.

You can learn about the HR Schema in this post.

The following table shows the URIs and the parts of the interface that I will implement for each URI in the example.

URI Method Output Input
/employees POST bool An Employee Object
/employees/{id} PUT bool An employee Object with id specified.
/employees/{id} DELETE bool An employee Id

The main steps for this exercise are as follows:

  1. Use the EmployeesDac class, which contains the method for accessing the database.
  2. Write the EmployeesServiceImplementation class with the following code (fig 1).
    Fig 1. EmployeeServiceImplementation.cs
  3. Write a new interface called IEmployeesServiceContract and type the following code(fig 2).
    Fig 2. IEmployeeServiceContract.cs
  4. Write the EmployeesService.svc file that references the service implementation with the following code (fig 3).
    Fig 3. EmployeeService.svc
  5. Finally, add the following config file (fig 4)
    Fig 4. Web.config

Testing the service with Soap UI.

The WCF service that you have built runs the same way as a regular Web application and is hosted by a Web Server.

If you browse the .svc file, you can view the help page for the WCF service. It verifies that the WCF service has been configured correctly (you will see error messages if the WCF service cannot start) and provides information showing how you can connect to the service.

Once we've made all the required settings, running the tests are very easy with SOAP UI. Before running, we can define the json request or query string parameters. Use the Green button to start running the test.

Testing the HTTP-POST request, after completing the execution, the result window displays the JSON Response.
Fig 5. HTTP-POST Request

Testing the HTTP-PUT request after completing the execution, the result window displays the JSON Response.
Fig 6. HTTP-PUT Request

Testing the HTTP-DELETE request after completing the execution, the result window displays the JSON Response.
Fig 7. HTTP-DELETE Request

sábado, 9 de marzo de 2019

User Identification and Authentication with Transact-SQL

Doing user authentication in SQL Server can be customized; you can use all kinds of data from a database to authenticate users. Every application needs to deal with security, making sure that sensitive data cannot be accessed by the wrong users. You can write your own custom logic to verify user names and passwords and make sure the information is stored.

Fig 1. The database diagram.

In the database under a secure account with a password that couldn't easily be guessed by a user. The easiest way to accomplish this is to one-way encrypt user passwords on store procedure.

A simple but fully functional example is shown below.

Fig 2. The T-SQL code.

This code will insert one row, corresponding to the new user, in the users table. The SQL Server way to store passwords is by wrapping them in a built-in encrypting function called HASHBYTES .

lunes, 18 de febrero de 2019

Oracle Recipe #5 How to execute Oracle parameterized commands with ODP.NET

SQL statements can receive input-only parameters, output-only parameters, and bidirectional parameters. You can use a OracleCommand object to execute parameterized SQL statements. To execute a parameterized SQL statement use the following steps:

  1. Open a database connection,use OracleConnection.
  2. Create and initialize an OracleCommand object.
  3. Create a OracleParameter object, for each input parameter required by the SQL statement. Specify the name, type size, and value for each parameter, and add it to the parameters collection of the command object.
  4. Execute the command by calling the ExecuteScalar, ExecuteReader, ExecuteXmlReader, or ExecuteNonQuery method, as appropriate for the type of SQL statement.
  5. Use the return value obtained by executing the command.
  6. Dispose the command object.
  7. Close the database connection.

The following example shows how to execute a SQL statement that updates employee by employee id (please, check this post for further information).
The SQL statement requires the following parameters: prmFirstName , prmLastName, prmEmail, prmPhoneNumber, prmHireDate, prmSalary,prmCommission and prmEmployeeId.

Fig 1. The application code.

sábado, 12 de enero de 2019

Understanding RESTFul services with Windows Communication Foundation (WCF) and Oracle HR Schema

What Are RESTful Web Services?

REST stands for Representational State Transfer is an architectural style rather than a prescribed way of building Web services, some of the most important aspects of the REST environment are:

  • HTTP or HTTPS may be used as the transfer protocol.
  • URLs including query strings are used to address resources.
  • Representation formats supported range from HTML and XML to JSON and ATOM.
  • A Simple and intuitive programming interface is achieved by using HTTP verbs and status codes.
  • Statelessness in the interaction between clients and services.

REST is not concerned with the definition of messages and the design of methods, the key point here is that REST describes a stateless, hierarchical scheme for representing resources and business objects over a network. The main components of this model are: resources and actions. The action of the resource is determined by four main HTTP verbs: GET, PUT, DELETE and POST, and the action which can affect those resources are mainly CRUD (Create, Read, Update and Delete) methods, the success of the action is found by the HTTP status code.

The REST model relies on the application that accesses the data sending the appropriate HTTP verb as part of the request used to access the data.

  • GET is used exclusively to retrieve data and, therefore, the result can also be buffered.
  • POST is used to add new records.
  • PUT is used to add or change a resource.
  • DELETE is used for delete resources.
The data can be returned in a number of formats, but for portability the most common formats include XML (POX) and JSON.

WCF and REST

The REST architecture is becoming increasingly common, and WCF provides attributes, methods, and types with which you can build and access REST Web Services quickly and easily.

  • WebHttpBinding: An binding that uses the HTTP transport and text message encoder.
  • WebBehavior: This is an endpoint behavior that will modify the dispatch layer on all operations on a contract. The modifications cause messages to be dispatched to methods on your service based on URIs and HTTP verbs.
  • WebServiceHost: This is a ServiceHost-derived class that simplifies the configuration of a web-based service.
  • WebOperationContext: This is a new context object, which contains the state of the incoming request and ongoing response, and simplifies coding against HTTP using WCF.
  • WebGetAttribute/WebInvokeAttribute: Operation behaviors that are applied as attributes on a ServiceContract's methods. WebGetAttribute is for GET verb and WebInvokeAttribute is for all the other verbs. It also tells the dispatcher how to match the methods to URIs and how to parse the URI into method parameters.
The following table shows the properties of both WebGetAttribute and WebInvokeAttribute.
Method The HTTP verb the method should respond to.
UriTemplate The definition of the URI the CLR method should respond to.
RequestFormat Enumeration that specifies the format for deserializing the request (Xml or Json).
ResponseFormat Enumeration that specifies the format for serializing the response (Xml or Json).
BodyStyle Enumeration that specifies whether the request and the response data should be wrapped in an element with the same name as the CLR method name. Bare is typically used with RESTful services.

The essential components to construct a REST Service with WFC can be found in System.ServiceModel.Web assembly. However, the most important part of the process is designing the schema that you will use to provide access to the resources exposed by the service. So the main idea behind REST is to design your URIs in a way that makes logical sense based on your resource set. The URIs should, if possible, make sense to the application that consumes the data.

Depending on the volume of data in the database, a query might retrieve a large number of items, therefore, it makes sense to provide additional query parameters that a user can specify to limit the number of items returned.

Implementing a simple RESTful Service Example with WCF and Oracle.

In this example, we will develop a WCF RESTful service by using Oracle HR Sample Schema, ODP.NET, ADO.NET and Visual Studio 2015. You can learn about the HR Schema in this post, I have written to introduce you to this schema. The following illustration shows the components in the Employee service that I have written for this post.

Fig 1. Components of our Employee RESTFul service.

Step 1:Write the POCO object.

Fig 2. Employee entity class.

Step 2: Write the following utility class.

Fig 3. Utility class.

Step 3: Write the following helper class adding the Oracle Data Provider for .NET.

Fig 4. DAC data access class.

Step 4:Define and write the service contract.

Fig 5. Service contract interface.

Step 5: Write the service implementation class.

Fig 6. Service implementation class.

Step 6: Write the following Employee.svc file. Use the WebServiceHost class, the WebServiceHost class inherits from ServiceHost and automatically assigns the correct binding and behavior to your endpoint. You no longer need to be concerned about the content of your configuration file.

Fig 7. EmployeeService.svc File.

Step 7: Write the configuration file and store the connection string for the Oracle HR schema.

Fig 8. Configuration File.

In this example a GET at http://localhost/WcfRest/EmployeeService.svc/Employees shows all the employees in the HR database.
Fig 9. Running the example, querying all the employees.

Here a GET at http://localhost/WcfRest/EmployeeService.svc/102 show only one employee with the ID 102.
Fig 10. Querying only one employee.

Also, a GET at http://localhost/WcfRest/EmployeeService.svc/110 show the employee with the ID 110.
Fig 11. Querying another employee.

domingo, 6 de enero de 2019

How to retrieve the list of schema objects with Oracle Data Provider for .NET (ODP.NET)

In this post, I am going to introduce you one of the sample schemas that Oracle provides as we learn Oracle database: The HR Schema. But before I introduce it specifically, we need to understand what is a schema.

I've found two definitions for the same term, a schema basically can be:

  • A logical container for data structures
  • A collection of objects associated with the database.

Oracle draws the distinction between logical and physical structures: structures that are visible at a disk level or operating system level such as data files, control files and redo log files are considered physical structures, on the contrary, objects like tablespaces, schemas, tables, views , and any database objects are considered logical structures. A container in this context means that a single schema name can contain many different objects, these logical objects are known as schema objects, and they are made up of structures such as:

  • Table: A table is the basic logical storage unit in the Oracle database; composed of rows and columns.
  • Cluster: A cluster is a set of tables physically stored together as one table.
  • Index: An index is a structure created to help retrieve data more quickly and efficiently.
  • View: Logically represents subsets of data from one or more tables.
  • Store procedure: Stored procedures are predefined SQL queries stored in the data dictionary designed to allow more efficient queries.
  • Sequence: Numeric value generator.
  • Package: Named PL/SQL modules that group related stored procedures, functions, and identifiers.
  • Synonyms: Gives alternative names to objects.

The HR schema sample

The HR schema is a sample schema that Oracle makes available for learning purposes. You can install sample schemas using DBCA (DataBase Configuration Assistant) or you can get it from the following link:

Fig 1. Entity Relationship Diagram for HR Schema.

Schemas present a layer of abstraction for your data structure and it helps to avoid a problem called name collision. Let me show you an example: if we don't use schemas a user called Bob can create a table called Employees, and then another user called Alice cannot create a table called Employees on the same schema that Bob, but Alice can create a table in a different schema. Other users can access or execute objects within a user's schema once the schema owner grants privileges.

List schema objects using .NET

The following code example uses Oracle Developer Tools for Visual Studio (ODT) to retrieve the list of schema objects that are available and then displaying them. You can download the project source code for this link.

Fig 2. Retrieving the list of schema objects of hr user.
Fig 3. Retrieving the list of schema objects of system user.
  • Note 1: You will find in many Oracle's texts that some people using schema and user indistinctly.
  • Note 2: Oracle validates that the users have permissions to use the schema objects being accessed by theirs.