I recently noticed that I had a big hole in my application because I had done something like:
<input type="text" value="<%= value%>" />
I know that I should have used Html.Encode, but is there any way to do that for all values, without having to do it explicitly?
We have some review coming up and my boss gave me a list of web page security vulnerabilities to look through and consider for our public site. I really don't understand the Get versus Post:
8Misusing HTTP POST and GET
Use POST to submit forms
Use GET to access resources
–NEVER use GET to authenticate users as it leaves a residual trace of all users in the web server access logs (not to mention web application proxy tools)
I am using microsoft visual web developer 2010 to build and publish my website, I am facing a security problem. My website has authentication service for my clients, each one he has his own user name and password. After I introduced a new member, my database collapsed, may be this last member is a hacker. Is their a way to improve security vulnerabilities to prevent future attacks. May be through web.config, could be encrypted.
View 11 Repliesi need a information of how to avoid the reload source editor window for after xml file save using Asp.net
View 1 Repliesim using sql server 2008
as per microsoft, [URL]
when i execute the following
set identity_insert on
//insert statements here
set identity_insert off
the identity of the column is set to the maximum value. can i aviod this.
consider the following scenario,
my table has 2 rows as follows
id, name comm
1, John, 232.43
2, Alex, 353.52
now using the above code, when i insert
10, Smith, 334.23
as per the above link, sql server automatically sets the identity to 10. so for newly inserted records(without using identity_insert on), id automatically starts with 11.
i want the identity value to be 3, after using identity_insert on/off
I'm developing ASP.NET applications and stuck with a "problem" relating to resubmit behaviour. I'm controling the re-submit using a counter in form submit event which disables the submit if it's already been posted. My application is a 3 step workflow and when the 3rd step is shown the transaction was submited from step2 to step 3. What's my problem? Well... i want to avoid the user to resubmit the data by pressing the F5 or all other possibility. I don't want to disable the key because may be workarounds. I'm wondering if i can remove the post data in a HTTP module that runs after the render was completed and right before the response is sent to the user.
View 2 RepliesHow can I avoid using subqueries and still be able to select the same results in a query like this;
[Code]....
I'm have a page which I sent a parameter through the query string.
If I'm retrieving it with Request.QueryString["Format"] I'm having troubles with the type 'CDDVD'. It's being returned as 'CD\DVD'. It's important I get this as the right string.
How do I avoid the extra backslash? Or even get rid of it later?
I have used the database data to combo box values. But the problem is i don't now how to avoid the duplicate data. for e.g In a single column name called "department " is used so many time but i wanted it only one time should be displayed the combo box.
View 5 Repliesi want to avoid duplicate entries from array.....(in c#)
View 2 RepliesI'm working on a website powered by .NET asp/C# code. The clients require that sessions have a 25 minute timeout. However, sometimes the site is used, and a user stays connected for long periods of time (longer than 25 mins). Session_End is triggered:
protected void Session_End(Object sender, EventArgs e)
{
Hashtable trackingInformaiton = (Hashtable)Application["trackingInformation"];
trackingInformaiton.Remove(Session["trackingID"]);
}
The user returns some time later, but when they interact with the website, they get an error, and we get this email notification:
User: Unauthenticated User
Error: System.Web.HttpException
Description: Failed to load viewstate. The control tree into which viewstate is being loaded must match the control tree that was used to save viewstate during the previous request...
The telling part of the stack trace is System.Web.UI.Control.AddedControl. Apparently, the server has thrown away the session data, and is sending new data, but the client is trying to deal with old data. Hence the error that "the control tree into which viewstate is being loaded [doesn't] match the control tree that was used to save the viewstate during the prevoius request."
So here's the question. How can I force instruct the user's browser to redirect to a "you're logged out" screen when the connection times out? (Is it something I should add to the Session_End method?)
protected void Button3_Click(object sender, EventArgs e) //export
{
GridView2.AllowPaging = false;
GridViewExportUtil.Export("Сводка.xls", this.GridView2);
GridView2.AllowPaging = true;
}
I need to avoid pageing for XLS export :-/
I am using .net 3.5 framework and i am using repeater control in my application.I am using link button to display the records.Displaying 9 records in a page.Show all button is there.When i click on show all button(Result of 250 records) then the page is loading and hanging for some time anf then it is displaying the all records.I know the time taken between the server and the browser.But i need to avoid the hanging of the page and the loading time should be reduced.How to solve this issue.If the page contains 9 products then it is loaded quickly.But if it contains lot of images then it's hanged. some of my friends told to use the jquery but i have noo idea regarding jquery so can anyone give an solution for this.Till it's breaking my head.
View 2 RepliesI have a webform which users fill in and all fields are submitted to table. How do I check that the record doesn't already exist in the table before the data is submitted? And if the data does exist I'd like to display error message label.
View 10 RepliesI know this is a very common problem and a quick search in google offers a lot of solutions. However I could only find one person that came across it in the same way I am and no-one answered their question.
The scenario which causes this is if the page has been left dormant for a period of time and then a button is pressed which runs some sort of command. This might be pressing the logout button or trying to submit a contact form after having walked away at some point and then returning and hitting Send.
I do not have posts or actions in my form, it looks like this: <form id="form1" runat="server">
I have also added the following line to my web.config: <pages enableEventValidation="false" iewStateEncryptionMode="Never">
Is that possible to write namespace into some other file commonly.which should be automatically includes my page. namespace like:using System;
View 1 RepliesI have 5 dropdpwnlist in asp.net page.. the 5th dropdwpnlist will show data based on 4th dropdownlist. and 4th dropdwpnlist will show data based on 3rd dropdownlist. and 3rd dropdwpnlist will show data based on 2nd dropdownlist. and 2th dropdwpnlist will show data based on 1st dropdownlist... All dropdownlist has auto postback=true.. so it cause postaback each time.. i want to avoid postback coz it refresh all page again and again and shows data.. coz my aplication is in hosting server..
View 5 Replieswhat should i write in web config file in asp.net so that my session time is extended. the exact location where should i place the code in web config
View 6 RepliesIm getting some images from a webpage at a specified url, i want to get their heights and widths. I'm using something like this:
Stream str = null;
HttpWebRequest wReq = (HttpWebRequest)WebRequest.Create(ImageUrl);
HttpWebResponse wRes = (HttpWebResponse)(wReq).GetResponse();
str = wRes.GetResponseStream();
var imageOrig = System.Drawing.Image.FromStream(str);
int height = imageOrig.Height;
int width = imageOrig.Width;
My main concern with this is that that the image file may actually be very large,Is there anything I can do? ie specify to only get images if they are less than 1mb?or is there a better alternative approach to getting the dimension of an image from a webpage?
I wanted to stop multiple login of the same user. So, I created a table which keeps track of users who have logged in. When they log in, the data will be entered in the table. When they click on logout, data and session will be removed. The problem is, when they close the browser window without logging out, they won't be able to login ever again.
View 4 RepliesI add cache to my application, I have a page which contains several User Control, my problem is I just want to cache the data returned from Controller, but not want to cache all the page content. Since one of my user control is login control, if I cache all the result, then it will behave incorrectly.
my problem is :
1.Is it possible to just cache the data returned from controller ?
2.If a page is cached, can I force a control in the page to be uncached ?
I have the following class... Compiler Error CS1061 / how to avoid it
[code]....
Among methods: static variables, viewstate, session and cache for avoiding on loading repeatedly and less making queries to the database. What do you think the best method of the 4 above? I Think Cache is the best one? Or any other methods better in Asp.net 3.5 or higher?
View 3 RepliesI have an ASP.NET FormView within an updatepanel. I'm auto-saving the form by setting AutoPostBack=true for each of the items within the FormView.
This means the user can click a few elements in quick succession and fire off a few async postbacks almost simultaneously.
The issue I have is that the user is able to keep scrolling down the form while the async postbacks are not yet complete. The browser always scrolls back to the position it was in at the first postback.
Page.MaintainScrollPositionOnPostback is set to False.
I've tried all sorts of things in ajax and jquery with:
[Code]....
I have a project with linq2sql and need to execute sql string directly in some situation.
But I found the submitchange method will throw DuplicateException when using ExecuteCommand and InsertOnSummit() alternately.
The code below works correctly
[Code]....
[Code]....