Ciertamente muchos desarrolladores muchas veces desarrollan de manera inocente y omiten (y muchas veces ni siquiera conocen) los peligros existentes al desarrollar una aplicación al estilo "libro".
Lo peor de todo no es desconocer algo, sino ni siquiera saber que ese algo existe, o sea, no saber que es lo que se desconoce.
Yo creo que el 70% de los desarrolladores actuales desconocen la posibilidad de ataques XSS y de inyecciones SQL.
Al conocer este tipo de ataques los aplicativos se pueden encarar de forma diferente y con la premisa de la seguridad en mente.
Les recomiendo a todos los desarrolladores y administradores de bases de datos interiorizarse acerca de estos ataques comenzando leyendo los siguientes artículos en:
http://es.wikipedia.org/wiki/XSS
http://es.wikipedia.org/wiki/Inyecci%C3%B3n_SQL
http://ha.ckers.org/xss.html
http://www.derkeiler.com/Mailing-Lists/securityfocus/secprog/2001-07/0001.html
http://imperva.com/application_defense_center/glossary/sql_injection.html
Hugo Bernachea - MCSD
Microsoft Certified Solution Developer
LinkedIN: http://www.linkedin.com/pub/6/82b/19b
australiano@gmail.com
Introduction The COM based Microsoft XML Core Services, MSXML for short, is used in the parsing and processing of XML documents. The version used in this tutorial is MSXML 3.0, which has three dlls. When you reference the MSXML 3.0 you will be using the msxml3.dll. This version is installed in the side-by-side mode which implies that the previously installed older versions are not replaced. It is installed with Windows XP OS. The tutorial uses the W3C DOM (Document Object Model) which allows the user to navigate and manipulate the XML document through its various methods and properties. This tutorial uses the same XML document used in the earlier tutorial at this site. It is recommended that the reader reviews the earlier article. Adding a reference to your VB Project Before you start using MSXML 3.0, you should add a reference to the MSXML 3.0 library. This is easily done by accessing the References drop-down menu item when you click on Project in the main menu as shown. There may be several versions on your machine (there are about five on this machine) depending on several factors, but you can identify it in the References window if you have it on your machine. At this point it may be instructive to look at the properties and methods when you are using MSXML 3.0. The best place to look at these is in the object browser. The following three pictures show all that is accessible to you while writing the code. It is an exhaustive list , but if you need to really process an XML document you will need a lot of these. In this tutorial you may come across only a few of them. However, you may research the Internet for any of these, as there are a large number of places where you will find the information by typing in some keywords. In this section I will describe the steps you need to take in creating a document such as the one shown in the next paragraph. When this code is executed by clicking the button labeled "Display the XML Document," the displayed form appears as shown, where a web browser control on the form displays the saved XML. We have added the "student" node, but we need to add the attribute to the student node as well as the details for the student whose "id" =1. Many objects were created and they need to be closed out; this is not shown in the code. The Web Browser control's Navigate2() method shows the XML document. You will create a new element by creating an IXMLDOMElement, and you will add it to the appropriate Element (in this case the student element) using the appendChild () method as shown by the highlighted portion in the following snippet. The output of this code as seen in the browser is shown in the following picture. Adding attributes to the student node Adding an attribute consists of declaring an object of the type IXMLAttribute. This is followed by creating this object using the CreateAttribute() method. Attributes are name value pairs; the name is assigned during creation. Next you use the attributes' text property to associate the name with a value. Finally associate this attribute with the element you want as shown in the following code listing. The highlighted code statements show the process. When you execute the code by clicking the button, the form will be displayed as shown in the next picture. You may also notice that a second child to the student node has been added. In writing the code you must leverage the intellisense support to the maximum extent if you want to avoid errors. Make use of the drop-down cue you get while coding as shown. Updating a node value Using the DOM API it is possible access a single node, although you need to do a node walk. In this example you will be updating the skill set of the student to a more current skill. The following code listing shows how you may change the skill, replacing the current skill. The following form was used in updating the "legacy skill" of student to a more recent skill. When you click the button labeled "Update Student Skill," the form will be displayed as shown. The code listing shown in the next paragraph was used to make the update shown above. The various methods and properties can be seen listed in the DoMDocument30 reference pictures shown earlier, taken from the object browser. Summary The tutorial is written for the VB programmer who wants to get his hands wet using XML in his applications. The developmental stages of the XML document are shown specifically for this user. Caution must be exercised while using the version as there are multiple versions. MSXML version 4.0 may not support some of the features of the earlier versions. It would be useful to add a web browser as shown in this tutorial to track as you develop the application.
Using MSXML3.0 with VB 6.0 - MSXML Document30 Properties and Methods
(Page 2 of 5 )
Using MSXML3.0 with VB 6.0 - Creating an XML Document using VB 6.0
(Page 3 of 5 )
The XML document will be built bit by bit so that the process is easy to understand,
especially if the reader is a first-timer.
The document above is built line by line starting from the beginning.
Every XML document has a processing instruction at the very top of the document.
The document must have a root element.
The document may or may not have a comment,
but the object model has the necessary method to create one.
The code listing shown allows you to create an XML document with the root node "wroot,"
an element "comment" which is a child of the root, and an element "student"
which is also a child of the root.Private Sub Command1_Click()
Dim xmldoc As DOMDocument30
Dim ProcInstr As IXMLDOMProcessingInstruction
Dim rootElement As IXMLDOMElement
Dim aElement As IXMLDOMElement
'Creating DOM Document object
Set xmldoc = New DOMDocument30
'this adds the processing instruction
'the first line in an XML document
Set ProcInstr = xmldoc.createProcessingInstruction("xml",
"version=""1.0""")
xmldoc.appendChild ProcInstr
'Create the root element
Set rootElement = xmldoc.createElement("wroot")
Set xmldoc.documentElement = rootElement
'Creating comment node
Set comElement = xmldoc.createComment ("My students who took web
programming
class with me")
'add the comment node after the root
rootElement.appendChild comElement
'Create the node student
Set aElement = xmldoc.createElement("student")
'add the student node to the root
rootElement.appendChild aElement
'Saving the xml document to c:testWebStudents.xml
xmldoc.save "c:testWebStudents.xml"
WebBrowser1.Navigate2 ("c:testWebStudents.xml")
End Sub
Using MSXML3.0 with VB 6.0 - Adding a child node to the student node
(Page 4 of 5 )Private Sub Command1_Click()
Dim xmldoc As DOMDocument30
Dim ProcInstr As IXMLDOMProcessingInstruction
Dim rootElement As IXMLDOMElement
Dim aElement As IXMLDOMElement
Dim cElement As IXMLDOMElement
Dim dElement As IXMLDOMElement
'Creating DOM Document object
Set xmldoc = New DOMDocument30
'this adds the processing instruction
'the first line in an XML document
Set ProcInstr = xmldoc.createProcessingInstruction("xml",
"version=""1.0""")
xmldoc.appendChild ProcInstr
'Create the root element
Set rootElement = xmldoc.createElement("wroot")
Set xmldoc.documentElement = rootElement
'Creating comment node
Set comElement = xmldoc.createComment("My students who took web
programming")
'add the comment node after the root
rootElement.appendChild comElement
'Create the node student
Set aElement = xmldoc.createElement("student")
'add the student node to the root
rootElement.appendChild aElement
'create a child element, 'name' for the student
Set cElement = xmldoc.createElement("name")
'add a value for this node, 'Linda Jones'
cElement.nodeTypedValue = "Linda Jones"
'cElement is child of aElement
'add the cElement as a child of aElement
aElement.appendChild cElement
'Saving the xml document to c:testWebStudents.xml
xmldoc.save "c:testWebStudents.xml
"
WebBrowser1.Navigate2 ("c:testWebStudents.xml")
End Sub
Private Sub Command1_Click()
Dim xmldoc As DOMDocument30
Dim ProcInstr As IXMLDOMProcessingInstruction
Dim rootElement As IXMLDOMElement
Dim aElement As IXMLDOMElement
Dim cElement As IXMLDOMElement
Dim dElement As IXMLDOMElement
Dim att As IXMLDOMAttribute
'Creating DOM Document object
Set xmldoc = New DOMDocument30
'this adds the processing instruction
'the first line in an XML document
Set ProcInstr = xmldoc.createProcessingInstruction("xml",
"version=""1.0""")
xmldoc.appendChild ProcInstr
'Create the root element
Set rootElement = xmldoc.createElement("wroot")
Set xmldoc.documentElement = rootElement
'Creating comment node
Set comElement = xmldoc.createComment("My students who took
web programming")
'add the comment node after the root
rootElement.appendChild comElement
'Create the node student
Set aElement = xmldoc.createElement("student")
'add the student node to the root
rootElement.appendChild aElement
'create a child element, 'name' for the student
Set cElement = xmldoc.createElement("name")
'add a value for this node, 'Linda Jones'
cElement.nodeTypedValue = "Linda Jones"
'cElement is child of aElement
'add the cElement as a child of aElement
aElement.appendChild cElement
'append another child to the 'student' element
'-------------
Set dElement = xmldoc.createElement("legacySkill")
dElement.nodeTypedValue = "Access, VB5.0"
aElement.appendChild dElement
'-------attributes---
'---create an attribute using the createAttribute() method
'---at the same time set its name
Set att = xmldoc.createAttribute("id")
'---set the attributes 'text' property
att.Text = "1"
'--for the aElement, which is 'student' set a named
'---attribute, it's name is att
aElement.Attributes.setNamedItem att
'----------------------
'Saving the xml document to c:testWebStudents.xml
xmldoc.save "c:testWebStudents.xml"
WebBrowser1.Navigate2 ("c:testWebStudents.xml")
End Sub
Using MSXML3.0 with VB 6.0 - Manipulating the XML document
(Page 5 of 5 )
Private Sub Command1_Click()
Dim xdoc As DOMDocument30
Set xdoc = New DOMDocument30
xdoc.Load ("c:testWebStudents.xml")
Dim studentNode As IXMLDOMNode
Set studentNode = xdoc.documentElement.selectSingleNode("student")
Dim skillNode As IXMLDOMNode
Set skillNode = studentNode.selectSingleNode("legacySkill")
Debug.Print skillNode.nodeTypedValue
skillNode.nodeTypedValue = Text4.Text
Debug.Print skillNode.nodeTypedValue
xdoc.save "c:testWebStudents.xml"
WebBrowser1.Navigate2 ("c:testWebStudents.xml")
Text4.Text = ""
End Sub
Private Sub Form_Load()
WebBrowser1.Navigate2 ("c:testWebStudents.xml")
End Sub
Interesante curso de SQLXml
http://www.topxml.com/sqlxml/
A futuro iremos poniendo tutoriales propios con diversos contenidos orientados a XML y sus tecnologías relacionadas.
Para comenzar, algunas paginas que debemos comenzar a ver antes de adentranos en XML.
http://es.wikipedia.org/wiki/XML
http://www.topxml.com/
http://www.w3.org/XML/
http://www.xml.org/
http://msdn2.microsoft.com/en-us/xml/default.aspx