Closed LaurentGoderre closed 11 years ago
The file in question is WarMembershipProvider.vb
Correction the file is WarMembershipProvider.cs
The report page mentioned in original issue text refers to the manage assessment page. This inline sql statement cannot be removed until we move to .Net4.0
Last summer, it was agreed that there should not be inline SQL into the application in except one report page. Today I found out that the authentication method is made by an inline SQL statement in the application and not in a stored procedure. This is a very bad programming practice and could bring security vulnerabilities (Ex: a user to connect without a password).