LaurentGoderre
commented
11 years ago The file in question is WarMembershipProvider.vb
Closed LaurentGoderre closed 11 years ago
LaurentGoderre
commented
11 years ago The file in question is WarMembershipProvider.vb
LaurentGoderre
commented
11 years ago Correction the file is WarMembershipProvider.cs
dfait-webstandards
commented
11 years ago The report page mentioned in original issue text refers to the manage assessment page. This inline sql statement cannot be removed until we move to .Net4.0
Last summer, it was agreed that there should not be inline SQL into the application in except one report page. Today I found out that the authentication method is made by an inline SQL statement in the application and not in a stored procedure. This is a very bad programming practice and could bring security vulnerabilities (Ex: a user to connect without a password).