I am trying to deploy a project for customers and i 'd like to be sure that code will be secured and cannot be hacked or seen , i know we can do that through the precompiled features but i don't konw how secure it is , and is there any other ways for this?also about the database can i protect it so as no one can open it see the tables or edit .... etc ?
View 1 Repliesi have never encrypted any dlls. How to protect and secure compiled code, that cann't be extracted with the help of software like .net reflectors
View 1 RepliesWe will be developing an ASP.NET application. It will store data in an SQL Server 2008 R2 installation. Most of the data is sensitive, so security is a primary concern.We will be hosting this in a shared environment, and it is a design goal that the data should be unreadable in the case of theft.
I am thinking of the following set up:
Encrypt the whole database using TDE. Users are created in the SQL Server users table, and we authenticate against that when users log in through the web interface.The intention is that if someone gets to the database, they will not be able to use the data. And no connection string with user credentials will need to be stored in the web.config file. Do you see any disadvantages to this approach? And how easy will it be to authenticate against the SQL Server as described?
I have an ms access db file and now i want to use it in my app. i have given like
Provider=MSDASQL.1;Password=pwd123;Persist Security Info=True;User ID=swgp;Data Source=SWGP;Initial Catalog=C:swgp BJswgp
but it is giving error to me.If anybody know how to give this connection string for password enabled ms access database,
In ASP.NET MVC 2, to secure controller action, i have created a class RequirePermission inherited from ActionFilterAttribute class. The controller action looks like
[Code]....
Now instead of making different attributes , I want to use RequirePermission attribute like
[RequirePermission(permissions=Permissions.CanView+","+Permissions.CanEdit)] so that i can use it for different scenerious. but the compiler throw the following error. An attribute argument must be a constant expression, typeof expression or array creation expression of an attribute parameter type
I have a asp.net website and I am accessing that web service from my iPhone app to get data.
The WCF web service produces data as JSON.I want to put some kind of authentication on the WCF. What you you guys recommend?
I'm going to launch a page - that will persist for a really long time using - using ASP.Net.
Page will have very little controls - will using jQuery ajax calls to build up and fill in the DOM for maintaining data in the backend DB.
How do I maintain who I am with the web service?
I'm used to pages that mostly use asp.net membership / session vbl stuff to maintain state.
That's not going to fly with why I'm doing here.
And I guess that also starts into "how do I secure this web service"?
How to secure an Action filtered with Authorize method from a jQuery call? I have this Authorize filter and it work's cause users are redirected if not logged-in. But after logging-out then accessing previous open pages that needs authorization, they weren't redirected at all. This jQuery is initialize when a button is clicked,
jQuery.post(
"/controllername/IsUserActive", {
}, function (data) {
if (data){
$('#div_user_active').html(data);
{ else {
$('#div_user_active').html('Not Active');
}
}
);
then calls this Action method.
<Authorize()> _
Function IsUserActive() As Boolean
Return True '<<---this keeps returning even users are already logged-out.
End Function
Overall, I wanted ajax(jQuery) to update/read a portion of the page but gets redirected if not authorized.
my team is building a game in flash to be embeded in a asp.net application.
When the game is over the player have the chance to type his name to save his score. This is done using web services called from flash. The webservice receives the name and score.
Since the webservice is publicly available how can I make it only callable from my flash given the following conditions:
The .swf is hosted by the same asp.net application There are two domains that can access the same application (I have run previously into cross domain issues). Using SSL is not an option. The webservice has to be consumed by the .swf file.
I need something to secure my PDF files link ...
i have a page like http......../folder/userName.pdf
i need to to encrypt the file name ( i put it "login userName" ) ...
how do i let logged in users download their pdf files without knowing the URL above , for security reasons only ...
I need to create a single sign-on structure and my question is: is SSL a must?
Details:
The application will have a link to my web application. When the user clicks that link, their local username will be passed to my web app at which point a look-up in a mapping file is done. If that local username exists in the map, then the user is logged in. If not, then the user will be prompted to enter their network username and password, and when authenticated, an entry in the map will be created.
How do I ensure that user is who they say they are and not Joe Blow from off the street sending in an HTTP POST request with that username?
Do I have to use SSL (and if so, what does that entail)? Would adding a salt and encrypting the username be sufficient? Maybe locking it down so the source IP has to be within a controlled range?
My web app runs on IIS 6/7 and uses the ASP.NET MVC framework, if that is important.
My client has s website hosted under IIS 6. This website has a subsite as a virtual directory that we need to ensure is only accessed via HTTPS.
We have enabled HTTPS access to the sub-site, but because the root site is configured to use HTTP, this is being inherited by the sub-site and you can access it unsecured. How can we prevent this?
The only potential option I've found so far is this implementation of IHttpModule. Is there nothing in the web.config I can set, as you can the security on a WCF binding?
I do have before a web server w/c is aspx. its like an online game panel w/c players do shop via web. but suddenly 1 day I was "SQL INJECT" i don't know what they do that the injected me.how do I secure my pages this is what i only use to all my pages to prevent entering characters such as " ',%,!,@,#,$,%,^,&,*,(,),.," all special characters will not be allowed. are there any else in order to secure it.?
Code:
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Label2.Visible = False
Dim userCleared As New System.Text.StringBuilder
Dim QuestionCleared As New System.Text.StringBuilder
Dim AnswerCleared As New System.Text.StringBuilder
[code]....
and how do I secure to the Direct browser thing? when i checked the IIS7 logs. i saw one IP w/c went to the /Webresource.axd iidjjfme9393j 4m9 mdmf9 um45d m89fm8jhvrm9u9mu30306bm0n.
some like encryption i don't what is this.
I have an existing website that I am adding a webservice (asmx) file too so that I can make client call backs to a certain function.I found this article on securing webmethods in an API [URL] a...ntication.aspx But is there a way to set the security up for the API itself instead of each individual webmethod? Kinda like have a page load method that gets called regardless of what API you are using and checks if you have a valid session.
View 1 RepliesI am taking dataset value in an xml file in asp.net webpage. But when I convetr and create a file of its it i saved as a plain text. to which user can easily open and change anything. But I want to limit user to change XML fie.
View 10 RepliesI am creating an online job application using a wizard control.
When the user has completed the application, the finish button will fire javascript to re-render the data & print the application(the application data will not be saved to a database, email, xml, etc).
I want to ensure the users' personal info is safe while postbacks are being made (ie clicking the next button in the wizard steps).
Can someone give me a start as to what I need to be looking to do?
I've seen some things about viewstate encryption, but not sure if that's where I should begin, and/or if that's the only thing I need to do.
Or, If I were to disable viewstate all together would that be good enough?
Because of the way the server is set up I'm using, I don't think I can use Integrated Security=SSPI in my SQLConnection string. However, I'm a bit wary of giving the database username and password in the connection string in a aspx.cs file. Is there any way of making it more secure?
View 3 RepliesI am working on web application in which all of the data I am submitting back to the server is being done on the client side using JQuery AJAX calls to my .NET web services using JSON. This works perfectly to enhance my user experience and greatly reduces post backs, etc.What I am looking for suggestions on is securing the web services being exposed to the client side from being used by anything but my JQuery code on my site. The security hole that I see here is that since the client-side JQuery can access the web services, so could anything.
View 2 RepliesI only want my web images to be visibleSimpliied, a digital media page pulls html content from a database using SQL security and renders that HTML. That digital media page is secured in that only a returing Paypal transaction user with a matching transaction can access it. But today that HTML content makes references to images on my site, those images can be freely directly over the web.The backend is asp.net 2.0. Would it be possible for me to secure the web folder with my images to some generic user and impersonate access from my pages so that attempts to access images directly fails?f not, any way to solve all that html content on serverside somehow and turn it into something else I can secure?
View 1 RepliesI am working with Staff Images and Staff Dependants Images (photos) and I have to deal with such images among Adobe LiveCycle Forms, File System JPEG Format, Storing them in SQL Server, and finally, displaying them in regual web forms (ASPX).
In order to have the most reasonable and flexible desing, I did the following to:
1. Load the image from predefined location defined in web.config.
2. Convert the images to Memory Stream,
3. Convert the images to Base64 format,
4. Convert the image to XML Node.
In web.config, I defined the following:
[Code]....
I load the Staff Photo into Memory Stream as follows:
[Code]....
And I create the Base64 XML Node as follows:
[Code]....
As a matter of fact, all above is working 100% correctly while dealing with Adobe LiveCycle Form, for Loading and Saving Imgaes from/to PDF.
The above method will allow me to finally save images to SQL Server field type varbinary(max) and also into File System as regular image files. Also, I have full security and control over the images, becuase the above method will allow me to have full control for who is authorized to get/view the images. The end-user does not have direct access to where the images are stored.
How to use the above method to display the image on a regular ASPX Web Page using Image Server Control ? I do not want to use the src='path to image file', I want to be able to push the image content/binary to the IE without providing a link to the image file, how I can do this ?
My objective is to prevent the user from having direct access to the image files from the Browser.
I have secured some files on my webserver by putting them into the App_Data folder in the root (I do not have the option to secure folders using the ASAPI filter)The user gets access to these files by requesting them through a handler, fx. by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpgNow, I want to make all the content in a specific folder called "Members" (a single subdirectory of the App_Data folder) available only by passing a specific password. That is by requesting ~/Handler.ashx?file=App_Data/MySubFolder/MyFile.jpg&password=xxxxIn my Handler.ashx I have written some logic seeking if InStr(context.Request.QueryString("file"), "Members") = 0 before sending the file.If inStr <> 0 a password is required.Is this a good way to secure a folder in and its content? Is there a way of getting access anyway, like using some kind of "sub-directory" line in the path (the same way as you can request parent directory by using "../../Myfile.jpg)? I know there will be a problem if someone fx. legitimately tries to access the file App_Data/Members.jpg
View 15 RepliesI have a HTTP handler that returns a GeoRSS feed (type of XML) when called. This handler is called from a javascript and the returning xml is consumed directly by a Virtual Earth (bing) map control on the same page. I am Encrypting/Decrypting URL parameters but any one can see the source html, copy the url and get access to the xml feed.Since the call is from javascript how can I prevent unauthorized access to the HTTP handler?
View 2 RepliesHow can i secure the Rss feed for private viewing?
View 2 RepliesRecent we are deploy(Setup and Deploy) our Product which is develop in ASp.Net(C#) using SqlServer Here We Face one Problem i.e.
When we install the porduct there is no issue if we manually run the sqlScript file in sql server(manully we create the DataBase and All DataBase Object i.e. Table,StoreProcedure,Function,Views....& We are enter the Sample Data) But We know that is not the Right Approch.
Any one Can tell me the procedure "How to Building DataBase & All DataBase Object with Sample Data when we click the Install and set up file"
In Setup and Deploy wized it ask for any Dependence file for the application i have attach the Dependence file(.sql) but i am not getting any OutPut .
Is there any Command prompt Utility(SqlServer/VS Commandprompt) ?
In my website, I am not using any authentication or authorization. I've created login page to capture the user credentials and check against database. If the user successfully authenticates, it's storing the user data in session and navigating to other pages. How thinking of implementing Forms Authentication, but my concern is how to secure the authentication token in client browser for security reasons. Does anyone have any ideas how to secure the authentication token?
View 1 Replies