well, and why do you think it is unsecure code?
2009/7/1 nag <[email protected]>
>
> hii
> im listing files from directory..here is my code
> i feel its nt a secure code
> Is anyone knw secure code please let me knw
>
> void Page_Load(object sender, EventArgs e)
> {
> string dirname = Session["projectid"].ToString();
>
> string Path = Server.MapPath(".") + "\\" + dirname;
>
> DirectoryInfo dirInfo = new DirectoryInfo(Path);
>
> articleList.DataSource = dirInfo.GetFiles("*.*");
> articleList.DataBind();
> }
>
>
>
>
> <asp:DataGrid runat="server" id="articleList" Font-Name="Verdana"
> AutoGenerateColumns="False" AlternatingItemStyle-
> BackColor="#eeeeee"
> HeaderStyle-BackColor="Navy" HeaderStyle-ForeColor="White"
> HeaderStyle-Font-Size="15pt" HeaderStyle-Font-Bold="True">
> <Columns>
> <asp:HyperLinkColumn DataNavigateUrlField="Name"
> DataTextField="Name"
> HeaderText="File Name" />
> <asp:BoundColumn DataField="LastWriteTime" HeaderText="Last Write
> Time"
> ItemStyle-HorizontalAlign="Center" DataFormatString="{0:d}" />
> <asp:BoundColumn DataField="Length" HeaderText="File Size"
> ItemStyle-HorizontalAlign="Right"
> DataFormatString="{0:#,### bytes}" />
> </Columns>
> </asp:DataGrid>
>
>
>
