Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Quiz question
Message
From
17/05/2014 04:03:40
Al Doman
M3 Enterprises Inc.
North Vancouver, British Columbia, Canada
 
 
To
17/05/2014 03:10:55
Viv Phillips
Hay-On-Wye, United Kingdom
General information
Forum:
ASP.NET
Category:
Other
Title:
Re: Quiz question
Environment versions
Environment:
VB 9.0
OS:
Windows Server 2012
Network:
Windows 2008 Server
Database:
MS SQL Server
Application:
Web
Miscellaneous
Thread ID:
01600139
Message ID:
01600141
Views:
67
>From the GCHG competition :
>
>Q. Sometimes security vulnerabilities are simple coding mistakes that even the most seasoned developers can make. What is wrong with the following lines of (C#) code to compute a date range to filter a list of results? What would be a better approach?
var currentDate = DateTime.Now;
>var startDate = new DateTime(currentDate.Year - 1, currentDate.Month, currentDate.Day);
>var endDate = currentDate;
>// Filter the results etc.
Blows up if run on Feb. 29th of a leap year; there is no Feb. 29 of the prior year. Better might be to always subtract 365 days, rather than one year.
Regards. Al

"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov

Neither a despot, nor a doormat, be

Every app wants to be a database app when it grows up
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform