My question is to check if my connection is guaranteed to alleged attacks or is vulnerable to aspects that I can not identify.
The structure that I manage in my projects is the following:
Connection class.
Imports System.Data.SqlClient
Public Class conexion
Protected con As New SqlConnection
Protected Function conectar()
Try
con = New SqlConnection("Cadena de conexion")
con.Open()
Return True
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, "Excepcion")
Return False
End Try
End Function
Protected Function desconectar()
Try
If con.State = ConnectionState.Open Then
con.Close()
Return True
Else
Return False
End If
Catch ex As Exception
MsgBox(ex.Message, MsgBoxStyle.Critical, "Excepcion")
Return False
End Try
End Function
End Class
Class for my CRUD functions and other operations.
Imports System.Data.SqlClient
Public Class fCRUD
Inherits conexion
Dim cmd As New SqlCommand
Public Function recuperaDatos(ByVal dts As vParametros) As DataTable
Try
conectar()
cmd = New SqlCommand("nombreProcedimientoAlmacenado", con)
cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@parametro", dts.gparametro)
If cmd.ExecuteNonQuery Then
Dim dt As New DataTable
Dim da As New SqlDataAdapter(cmd)
da.Fill(dt)
Return dt
Else
Return Nothing
End If
Catch ex As Exception
MsgBox(ex.Message)
Return Nothing
Finally
desconectar()
End Try
End Function
End Class
...
And already in the views (frm)
To give an example:
Dim func As New fCRUD
dt = func.recuperaDatos(parametros)
If someone helps me find a vulnerability or verify the correct way to handle my connections, I would be grateful infinitely