>>>>From the GCHG competition :
>>>>
>>>>Q. Sometimes security vulnerabilities are simple coding mistakes that even the most seasoned developers can make. What is wrong with the following lines of (C#) code to compute a date range to filter a list of results? What would be a better approach?
var currentDate = DateTime.Now;
>>>>var startDate = new DateTime(currentDate.Year - 1, currentDate.Month, currentDate.Day);
>>>>var endDate = currentDate;
>>>>// Filter the results etc.
>>>
>>>Better approach
>>>
>>>DateTime startDate = currentDate.AddMonths(-12);
>>>
>>>
>>>Also, ToDay may be a better choice
>>>
>>>var currentDate = DateTime.ToDay;
>>>
>>
>>Gregory - why may ToDay be a better choice?
>
>Depends, Bill, ToDay is only the date part of a DateTime struct- hours, minutes and seconds are all set to zero
Thanks!
Anyone who does not go overboard- deserves to.
Malcolm Forbes, Sr.