If I deploy my ASP.NET project to a shared server web hosting, then is there a way to secure my source files so that the provider will not be able to access the source?. For example, the provider of my web hosting may download my files and then he will be able to get access to all my source.
View 9 RepliesWe have some problem in develepment server so we didnt recover the our project source code (asp.net 1.x with C#). now i have downloaded the files from the production server but the production server doesnt have the C# source code. its contain only the .dll file (singe dll file for all the aspx.cs and .cs classes) and design files. we need to update some functionalities in my project,so can i get .aspx.cs and .cs clasess from the project .dll? or how can i modify the clacess without source(.cs,.aspx.cs)?
View 1 RepliesHow is this achieved so that my source code is protected as put on a server other people have access to?
View 6 RepliesI want to know that how can i secure my project dll from decompiler.
There are some methods available like reflactor and obfuscator through which we can protect dll from decompilation.
So how can i use that and is it really secure or not?
Our company has developed its own CMS system and there is a requirement that customers may purchase the source code for this system but only to be used for the one application (1 domain).My question is, is it possible to give them the source code but prevent them from reusing it to run another site (domain) for it.
My first thought was to have some license checking mechanism or have an uncompiled dll that checks the domain but obviously if they have the source code they can simply remove this code or checks.
I have tried many protectors and obfuscators on my projects but havent anyone that works well. I know there isnt any protection that cannot be cracked but there must be some that is hard = requiring alot of time for the cracker, perhaps too much time so they skip trying?
Another problem with protection is that they often show false AV alerts which scare away many potential customers.
In my last .NET project I used .Net Protector which seems to be working well so far but the problem is that it shows false AV Alerts also what concerns me a little about this protection is that the protector itself have been cracked, check here: [LINK REMOVED BY MODERATOR] .
What protection to use for C#, .NET or C++ as it is these languages I mainly work with.
how to make my source code to display on one line instead of multiple in source view. The display drives me batty when I'm trying to find something and I would prefer to display across the page instead of multiple lines down the page.
View 2 Repliesasp.net open source Lead management system with source code.
View 9 RepliesI've developing an ASP.NET application that interfaces with Google Maps and retrieves marker information from a database. The marker information is split into tables in the database, where the name of the table reflects a company (e.g. CompanyA_MarkerData, CompanyB_MarkerData etc). In order to periodically update the map with new marker data, I use setTimeout in JavaScript to regularly call my 'UpdateMarkers' JavaScript function. 'UpdateMarkers' makes a call to a web service which performs the database query and returns a list of markers back to the JavaScript, which in turn updates the map.
The main issue I have with this method is that my web service requires that I pass it the name of the company so that it knows which table in the database to access. As you can imagine , this poses a security risk as anyone can pass a different company name to the web service and be able to retrieve the data from other companies, as well as their own.
In order to avoid this problem, I am restructuring my program as follows: When the system administrator creates users for my application, they can also assign a company ID to this user. The company ID is stored using the Profile object in ASP.NET. I am moving the web service code into a class with shared functions so that they can be called only within my pages (but not by anyone, like with web services). The functions will still require a company name passed to be passed to them. However, rather than the JavaScript making direct calls to these shared functions, the JavaScript will call a set of page methods (which as I understand it, are not public like web services). These page methods will then use the Profile object to retrieve the company name attached to the user currently logged in and then make a call to my shared database functions and return the info back to the JavaScript.
I think that this second method is more secure than the first, because I don't allow the client to pass different options to my code and retrieve unauthorized data. The server side code works out the parameters that need to be sent. However, I am wondering if there is a better way of doing this that I am missing out?
I have deployed my asp.net application locally in my office server.
View 5 RepliesI am a newbie. First time, I am going to deploy the web application to a host? Few questions, do you know any free asp.net hosting with FTP capability? Secondly, how do I ensure the data-base is secure, so that the hosting site cannot access the database or open without a password?
View 1 Replies[Code]....
i have a above connections string in which i use UserName: taha1_ID2, Password: taha321, and SQL Server DataBase Name:taha1_web2 How can we encrypt it in web.Config
Note: All the above are fake.
I recently came aware of some knowledge I was not aware of before. One of my friends said that publishing a website with the code behind is a security risk. Instead, he insisted I only publish with the DLL's to prevent hackers from altering your code. Is this true? What are the advantages and disadvantages for doing this?
View 3 RepliesHow can I Ensure That Secure Content Is Served Over HTTPS Only (IIS 6.0)? when the certificate is installed. In other words how can I direct all the http request to https. For example when some type http://localhost it redirects to https://localhost.
View 2 RepliesI am rather new to asp.net but I have built a couple of apps that do not require users to login. am having some problems moving my secure .net application from my laptop to a production server, however, and I am hoping someone can help me. On my laptop my application's user authentication functions as it should, but when I move my application to a webserver I get an assortment of errors. Forgive me if these questions are a little basic. My first question is this. In a production environment do I move the ASPNETDB.MDF file in the App_Data folder to my SQL server? Is it OK to rename it to something more descriptive?
View 4 RepliesI want to call a function present in code behind from front page (html : source code)
i want to use like this:
Source code
<a href='<%# linkAlpha("B").ToString()) %>' title="B" id="B_List" runat = "server">B</a>
Code Behind
protected string linkAlpha(string value)
{
// /market-research/<%#Eval("customname")%>/
string str = "";
if (Request.Url.DnsSafeHost == "localhost")
{ // /market-reports/<%# Eval("customname")%>/
str = "Alpha_Category.aspx?q=" + value.ToString().Trim();
// Response.Redirect("Alpha_Category.aspx?q=" + value.ToString().Trim());
}
else
{
// str = "/market-reports/" + value.ToString().Trim() + "/";
str = "/Alpha_Category.aspx?q=" + value.ToString().Trim();
}
return str;
}
Code in DLL can only be obfuscated. IN my DLL how can I import a third party DLL into my DLL? Can I obfuscated the code but not the functions and sub header names?
View 3 RepliesI have a graphical user interface for my company product.I want to secure the data being sent back and forth between client and server.
Is SSL one of the options? some1 tell me the steps on how to implement it in my application code.
Do i need to buy the certificate or can i make it.. which is the best choice?
I am logging in using FormsAuthenticationTicket as follows:
Session["userName"] = UserName.Text;
Session["password"] = Password.Text;
Session["domain"] = Domain.Text; [code]....
I am a rookie when it comes to SSL and I need to secure a page that requires credit card processing. What steps are involved in tackling this? Is it a seamless intregration point once the cert is setup on the server?
View 2 RepliesHere is what im trying to do I want to, from my c# code-behind, get the code between 2 <asp:Content> tags that are located in one of my .apsx pages.
View 8 RepliesIn IIS7 I don't find any possibility to keep a website from responding to it's IP address as soon there is SSL set up for this website. I did not add the IP address as hostname for this website and so would expect that the site does only respond to it's given hostname(s). Unfortunately the website won't work if requested via it's IP address, so I have to disable IP address as hostname somehow.
Another issue is that IIS 7 does not display the "secure connection obligatory" error page anymore if secure connection is mandatory for a website. Is there any way to get this error page being displayed, just like it was in IIS6 ?
I will have my asp.net site on a shared hoster. Whats the best way to prevent others hacking and viewing my code? The code I most want to secure is in usercontrols and some more code is in class modules. vb.net/MSVS2005/Ajax) Or do I secure the whole site? I also here some encypting code tools cant handle sophisticted code. Also does encryption slow down code and make the site harder to manage...
View 4 RepliesI am developing 2 Applications. One WebForms and the other is MVC. How can i secure the code such that when i deploy them to the clients production environment, they cannot be simply picked up, copied and repackaged by someone else?. I simply need a way to protect my intellectual property. Can this be done in Visual Studio 2010?
View 1 RepliesMy web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 Replies