I finally decided to resign today. I took half a day off for an interview! When I was doing A pen test: I encountered an SQL statement to query 31st to 40 records in table A of the database. The table has an auto-incrementing field ID, and the id is not consecutive. I wrote the following SQL: selecttop10 * from (selectTop40 * fromAorderbyIDasc) ord
I finally decided to resign today. I took half a day off for an interview! When I was doing A pen test: I encountered an SQL statement to query 31st to 40 records in table A of the database. The table has an auto-incrementing field ID, and the id is not consecutive. I wrote the following SQL: select top 10 * from (select Top 40 * from A order by ID asc) ord
I finally decided to resign today. I took half a day off for an interview!
When I was doing A pen test: I encountered an SQL statement to query 31st to 40 records in table A of the database. The table has an auto-incrementing field ID, and the id is not consecutive. I wrote the following SQL:
Select top 10 * from (select Top 40 * from A order by ID asc) order by id asc;
The records are in the order of 40-31. I was found by the examiner, so I am depressed!
I came back to the Internet to check and found a lot:
Below are several answers:
Select top 10 * from A where Id not in (select top 30 Id from A order by Id asc) order by id asc;
Select top 10 * from A where Id> (select max (id) from (select top 30 id from A order by id asc) temp) order by id asc;
Select top 10 * from A tt where not exists (select * from (select top 30 * from A order by ID asc) temp where temp. Id = tt. Id );
What are the differences between reflection and serialization?
Reflection: The Assembly contains modules, while the module contains types and types, including Members. Reflection provides encapsulated assembly, module, and type objects. You can use reflection to dynamically create instances of the type, bind the type to an existing object, or obtain the type from an existing object. Then, you can call a method of the type or access its fields and attributes.
Serialization: serialization is the process of converting an object into a format that is easy to transmit. For example, you can serialize an object and Use HTTP to transmit the object between the client and the server over the Internet. At the other end, deserialization reconstructs the object from the stream.
Reflection
The Common Language Runtime Library loader manages application domains. Such management includes loading each assembly to the corresponding application domain and controlling the memory layout of the type hierarchy of each set.
The Assembly contains modules, while the module contains types and types including members. Reflection provides encapsulated assembly, module, and type objects. You can use reflection to dynamically create instances of the type, bind the type to an existing object, or obtain the type from an existing object. Then, you can call methods of the type or access its fields and attributes.
Serialization
Serialization is the process of converting the object state to a format that can be maintained or transmitted. In contrast to serialization, deserialization converts a stream into an object. These two processes can be combined to easily store and transmit data.
What is the application domain AppDomain?
An application domain (usually AppDomain) is a virtual process used to isolate an application. All objects created within the same application scope (in other words, any location in the object activation sequence starting with the application entry point) are created in the same application domain. Multiple application domains can exist in a single operating system process, making them a lightweight Method for application isolation.
Operating system processes provide isolation by providing a unique memory address space. Although this is effective, it is costly and cannot be extended to the number of large Web servers. On the other hand, the Common Language Runtime Library enforces application isolation by managing the memory usage of code running in the application domain. This ensures that it does not access memory outside the domain boundary. Note that only type security code can be managed in this way (isolation cannot be guaranteed when the Runtime Library loads Insecure code into the application domain.
The application domain (AppDomain) can be considered as a lightweight process. Multiple AppDomains can exist in a Win32 process. The main purpose of AppDomain is to isolate applications from other applications.
The Win32 process provides isolation by using an independent address space. This method is very effective, but it is costly and not scalable .. NET Runtime library is used to control the memory to apply AppDomain isolation-all the memory in AppDomain is caused. so the Runtime Library can ensure that the AppDomain cannot access each other's memory.
The appDomain explanation in Microsoft's. NET document is quite simple (but not very clear J): "An independent environment in which an application runs ". Provides isolation, uninstallation, and security boundaries for the execution of managed code. How can we understand it? I want to know this concept accurately:
1. appDomain is a concept exclusive to the. NET Framework. Microsoft's own reference concept cannot be found in other technical systems. Many people think that the concept can be the same as that of a process. I do not agree with it: first, "process" is a concept in an operating system. It has its own definition and functions in a system such as a virtual machine or framework, obviously, appDomain is incorrect. Second, "There is no one-to-one association between application domains and threads. Multiple Threads can belong to one application domain, although the given thread is not limited to an application domain, the thread is executed in an application domain at any given time." (Description in. NET FrameWork SDK). Does it make sense to replace "application domain" with "process?
2. Isolation. It is not surprising that some people directly implement the process. AppDomain has the feature of code execution isolation, just as the process does. AppDomain objects and codes can be considered isolated from each other. Even the code in an appDomain calls the object (data or method) of another appDomain ), the appDomain class must be similar to the "column set/scattered set" in DCOM (in the class inheritance relationship, the appDomain class inherits from the MarshalByRefObject class ). Each appDomain can be debugged, started, and stopped independently, and has its own default exception handling function. An appDomain crashes without affecting other AppDomains. It can be understood as a "logical process" of. NET ".
. NET allows different versions of the same application to coexist, eliminating the so-called "dll hell ". By creating different AppDomains, we can run the 1.0 and 2.0 versions of a hosted assembly at the same time (as long as they do not have incompatible access to a specific resource)
3. Security. Code isolation prevents the impact of a dangerous code on other AppDomains. In addition, you can assign a specific security allocation to determine that the Execution Code in the appDomain protects access to system security resources.
4. Independence. Each appDomain is allocated a dedicated storage area (application domain local storage) by the. NET Framework ). Any object can access the local storage area of its current appDomain, which is shared by objects in the entire appDomain, it also includes the thread that enters the appDomain (the thread running on the same appDomain can communicate through this local storage ).
5. Relationships with processes, threads, and assembly. The same process belongs to the many-to-one relationship, that is, a process can have multiple AppDomains, but the appDomain can only exist in a process (obviously, as in the same text: processes are different from appDomain ). By default, if you do not create multiple AppDomains by yourself, an appDomain is automatically created after a process starts. Thread execution can involve multiple AppDomains, but at a specific time, the thread only exists in one appDomain, And the thread can enter other AppDomains. An instance of an Assembly belongs to a specific appDomain, which is loaded within its own range, and corresponding objects are created according to the Assembly. AppDomain is the execution environment of the Assembly. At the same time, the Assembly acts as a static entity and can be loaded and executed by multiple AppDomains.
We have learned from the previous discussion that in general, we do not need to care about appDomain. However, this concept appears in. NET is not redundant and has its own reasons. What are the specific scenarios for using appDomain?
1. The assembly to be isolated. For example, some code that is particularly prone to crash can be considered to run separately in a specific appDomain.
2. If you need to divide Security Execution boundaries for your code for different security-level assemblies, consider creating different security-level codes separately in an appDomain with different security information set.
3. In terms of performance, some assembly may consume a large amount of resources, although there is basically no resource consumption vulnerability in the managed environment, however, there will always be a situation where intensive access at a specific time will consume a large amount of resources. In this case, you can consider creating a separate appDomain. When the resource consumption exceeds the critical point, uninstall the appDomain to meet system operation requirements. In Asp.net, different AppDomains are used to provide support to prevent the crash of one application from affecting other asp.net applications. At the same time, if the system that does not restart IIS and does not affect the service provision of asp.net itself, an appDomain is detached and a new appDomain is started, ideally, the web system can be online for a long time (this was an expensive unix feature and was finally referred to by MS ).
4. Run the same application assembly of different versions simultaneously. This is a big problem in the COM era. Now, through appDomain, we have implemented the implementation of two different assembly versions in one process, which can achieve good compatibility.
5. dynamically load some programs.