It's been a rewarding few weeks. We've gone from building out a new home page to creating a suite of content pages—for student living, careers, and announcements. The site is starting to feel like a real, functioning college portal. But as the app has grown, Kai and I have shifted our focus from simply adding features to making the existing ones more secure and user-friendly. This has been a crucial learning step for Kai. He's not just building what's visible; he's learning how to build a strong foundation that protects the data and provides a smooth experience for users. 🔑 Step 1: From Direct Queries to Stored Procedures In our initial work on the Students.aspx page, we were using direct SQL statements inside the C# code. This works, but it leaves the application vulnerable to a serious security threat called SQL injection. I explained to Kai that an attacker could input malicious code into a form field to delete data or access unauthorized information. To fix ...

Our conversations on making apps cleaner, faster, and much more secure. It's been a rewarding journey guiding Kai through the world of database development. He's not just following along; he's truly understanding the "why" behind every decision. Recently, we tackled a critical concept: moving from direct SQL queries to secure, efficient stored procedures. Kai: "I’ve got my queries working — they pull back data just fine. Why do we need to change it?" Me: "Great question, Kai. Direct SQL works, but when we think about security, performance, and maintainability, stored procedures give us a big step up." So, in this post, we'll walk through four real examples from our student management system, showing how we replaced direct queries with stored procedures. This is a crucial step in building robust, professional-grade applications. Why Bother? (Kai’s Persistent Question) Kai: "But if it works, isn’t that good enough for...

👨‍💻 Helping Kai Build His First Front-End App It’s been a few weeks since my last post with Kai. We’ve been heads-down coding together, and instead of just talking about database security, we started building a working front end for his application. This has been a big step for Kai — going from SQL tables and stored procedures to actually seeing his app come alive in the browser. We used C# with ASP.NET Web Forms (ASPX) to create login and home pages, and then expanded into pages for courses, students, lectures, grades, and even a small library system.     🔑 Step 1: Building the Login Page Before you can get into the app, you need a secure login. We reused our earlier hashed + salted password system but wrapped it with an ASPX login form. <asp:TextBox ID="txtUsername" runat="server" Placeholder="Username"></asp:TextBox> <asp:TextBox ID="txtPassword" runat="server" TextMode="Password" Placeholder=...

This summer, I took a big step—literally and emotionally. It was my first long-haul flight since breaking my hip, and I wasn't quite sure how my body would hold up on a journey halfway around the world. ✈️☝️ I contacted ANA in advance to let them know about my condition and the need to drink plenty of water due to kidney cysts. The cabin crew were absolutely amazing. 😍 They brought me water bottles frequently, made sure I was comfortable, and even offered extra blankets and pillows. It felt like I was flying business class again! 🍾✋ Though I had to get up and walk a lot (my leg tends to go numb if I sit too long), the journey was far better than expected. On arrival, I was also pleasantly surprised to find that British citizens can now use Japan’s priority immigration gates — no queues at all! 🇯🇵✅ My wife, being Japanese, could go through with me too, which isn’t usually the case in the UK. On Day 1, I met up with my friend Robbie at the airport and had a relaxi...

Introduction When it comes to cybersecurity, many people think of secret agents and high-tech gadgets. But in reality, protecting data online comes down to a simple yet powerful concept called the CIA triad — Confidentiality, Integrity, and Availability. In this post, I’ll share a teaching session I had with Kai, walking him through these principles and showing how they relate to building secure login systems. We’ll cover why strong passwords matter, how to detect SQL injection attacks, and how to write database functions and stored procedures to keep our systems safe. What Is the CIA Triad? CIA stands for: Confidentiality: Ensuring data is only accessible by those authorized to see it. Integrity: Making sure data isn’t altered or tampered with by unauthorized users. Availability: Guaranteeing data and systems are accessible when needed. These three principles are the foundation of cybersecurity and help guide how we design secure applications. The Con...

July 1, 2025 After learning stored procedures and date functions, Kai was ready for the next challenge: making the database safe   and building something real people could click and use. 🔐 Permissions: Who Gets to Do What? We started with a simple but powerful idea: not everyone should be able to change everything. I told Kai, “Imagine giving teachers the keys to mark attendance, but not delete students by accident.” We created roles in SQL Server: CREATE ROLE TeacherRole; GRANT EXECUTE ON MarkAttendance TO TeacherRole; Then added a user and assigned the role: CREATE LOGIN Teacher1 WITH PASSWORD = 'SecurePass123!'; CREATE USER Teacher1 FOR LOGIN Teacher1; EXEC sp_addrolemember 'TeacherRole', 'Teacher1'; “So Teacher1 can mark attendance, but nothing else?” Kai asked. Exactly. Principle of least privilege in action. 🔒 🧩 Kai’s First Dashboard UI Then the big one: Kai brought me a sketch a simple web page with two boxes: Who is enrolle...