I'm considering making use of an HttpModule for localization purposes (based on the example in this article) - but I'm curious, is this safe?
Here's the code, for reference:
public class CookieLocalizationModule : IHttpModule
{
public void Dispose()
{
}
[code]....
I was under the impression that multiple threads could potentially service a web request. Is it safe to set the Current/Current UI Cultures in an HttpModule like this and have it respected for the life of the web request regardless of how many threads are involved in servicing it?
the purpose of this HttpModule? It's showing up on my HttpModuleCollection list, but I don't know what's it's for.System.ServiceModel.Activation.HttpModule
There is not a clear category on the site where to post this, so giving it a shot here.
Has anyone used VS 2008? I current user Turtoise for some projects, and Source Gear Valut for others.
The company where I work is thinking about moving to VSS because of the MSDN subscription.
My experience with VSS prior to VSS 2005 was that it conied the name "Visual Source Unsafe" and I know first hand that it trashed my work more that once and I stopped using it. Source Gear Valut on the other hand is rock solid.
So is VSS 2008 Really "safe" was VSS 2005 "safe" ?
I'm developing a internal web app for a foreign friend.
Since many of the users don't speak english very well, I wanted to add local translation to the web.
It's been a while since I've used .net, and perhaps I'm getting a little bit rusty, but my Localized resources are not working for some reason.
I have a Default.aspx.resx in my App_GlobalResources folder and inside it a small resx file. It simply has one test string: "Button" with the value of "Botón", nothing complex there.
Then I have the test controls: <asp:Localize runat="server" ID="test" Text="Button" meta:resourcekey="Button" /> and <asp:Label ID="header1" runat="server" Text="Button" meta:resourcekey="Button" />
But this isn't updated. Things that I've tried:
1. Put UICulture in the Page Tag
2. Renamed the resource file to Default.aspx.es.resx
3. Put my browser in 'es-ES' locale
4. Tried to load the resources explicitly inside <%%>
I have mulitlanguage platform in place - need to have the HEADER LOGO.PNG on my site to change with my language-button function.My startingpoint is this from my Masterpage :
I wonder if its safe to use the CTP5 in production yet. My main use would be for 2 small projects. I Know they pre released it but any thoughts on this if it would hold up for production are welcome.
I've a blog-driven ASP.NET website. Under the post, there is a Comment block to let readers post comments.I've used some TextBoxes and TextArea for that.To Prevent XSS:I've filtered the input by using: Server.HtmlEncode() Method (I don't care about text formatting).To Prevent SQL-Injection:I'm using Linq To SQL (that should be like parametrized queries I think!).
When storing a value in a cookie using C#, what is the best way to encode (or escape) the value so that it can be retrieved and decoded/unescaped reliably?
I want to store certain html tags in my database to the layout of content, for example <h3> and <p> tags. The problem is with ValidateInput set to True, you get "Potential Danger error" when you try sending content with html tags.
With it set to False, you open yourself to all sorts of potential dangers. So Here is what I'm wanting to achieve:
I hope you like the image ! lol I spent 10 minutes in Photoshop to create it.
So eventhing that goes in, I want as encoded, but when I get content back, I want to decode only the <h3> and <p> tags. ! What do you think of my solution ? Bad, Good ?
I'm trying to make an existing ASP.NET web forms app more unit testable by using some of the ASP.NET MVC objects, specifically HttpContextWrapper. I've seen examples of its usage and they always create a new object. I disassembled the source with Reflector and see all it does is store the passed HttpContext. But I was curious as to whether or not it's safe to always create a new instance of HttpContextWrapper or follow the singleton pattern somehow? Below is the class I'm using in my app
public static class AppHttpContext { public static HttpContextBase Current { get { return Getter(); } } public static void SetContext(Func<HttpContextBase> getter) { Getter = getter; } private static Func<HttpContextBase> Getter = () => new HttpContextWrapper(HttpContext.Current); }
Is there any way to make asp.net objectdatasources to be type safe. Meaning I get a compile time error if parameters or datatypes change during refactoring?Does anyone know any other method? Or can recommend any other way to do it? I find manual binding tedious. What is other people doing?
As i know that asp.net fulfill all the requirements for any web application but what are the ground rules for creating custom httphandler and httpmodule in asp.net.Edit:For example I want to fetch image from database then what i should i use httphandler or normally read image from database.If httphandler then why?
I have been in the process of updating my code with security methods, and I've been learning this from [URL](or "Security Guidelines: ASP.NET 2.0"). In the middle of the page under "When Constructing SQL Queries, Use Type Safe SQL Parameters" it says "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input".
Now, what was to use code like:
"DataSet userDataset = new DataSet(); SqlDataAdapter myCommand = new SqlDataAdapter(LoginStoredProcedure", connection); myCommand.SelectCommand.CommandType = CommandType.StoredProcedure; myCommand.SelectCommand.Parameters.Add("@au_id", SqlDbType.VarChar, 11);........"
So, that would be how I would modify my current code base to use type safe parameters in sql updating/inserting.
Getting to my actual question, as it was said "Use type safe parameters when constructing SQL queries to avoid possible SQL injection attacks that can occur with unfiltered input". First off, that this should apply to unfiltered input. Also, in their example they only did this for an ID.
So, what I'd like to know, when it comes to "unfiltered input", does this mean as long as the input is unfiltered I must use type safe parameters, or even filtered input shall have this (just to be sure), like, input that has been ran through a regularexpression check? Shall I do this for all values I insert/update into the database, or just IDs and important things?
The way I see it right now is that it would be a good precaution to just do type safe checks on everything (literally) that updates/inserts into the database just to be extra safe. But, I really am unsure if this is really the best idea, because if I did, would this possibly cause overprocessing of information? Can this cause too much strain on server resources?
I am toying with the idea of enabling CLR on my SQL server, using EXEC sp_configure 'clr enabled', 1
However, I am sharing my database server with several other developers and their projects. I've heard vaguely that their might be security issues with enabling this.
Does anyone know what these issues might be? Is CLR safe to use on SQL Server?
I been reading a bit about SQL injection and I want to be sure my code is lets say "safe" from it, I was planning on using RegExp validators to check the user input but another post in here suggested only using parametrized querys, well Im using them but I want to be sure my code is safe, is it?
I have created a custom Iidentity object to store specific user settings for logged in users. I was wondering is it safe to store sensitive data like userid's or other id's in the object? Is there any security risk to doing so? Also, how much is too much to store in the object?
I am implementing HttpModule for compressing request.Below is the codee for HttpModule:
public class Global : IHttpModule { public void Init(HttpApplication app) {[code]....
It's able to intercept and compress js and css in the development web server but when i run it from IIS 5.1 it is not able to compress js and css files.
I have custom redirection implemented in a module. Do I have to modify each config for all sites or is there a more general approach?Also, I have files in App_Data for this module, which would cause replication.
I'm implementing a simple HttpModule, where I want some code to run when the web application is started. But I'm surprised to find that the Application_Start event I would normally use from Global.asax is not available from a HttpModule. Is that correct, or am I missing something here?
How do I hook into the Application_Start event from an HttpModule?
I am trying to implement a custom HTTPModule for ASP.NET. I have a very simple html page with an image in it and an HTTPModule that hooks into the BeginRequest event. When I debug with Visual Studio's dev web server, my module is called twice: one for the initial page request, then once for the image request. This is what I expected. However, when I deploy my application to IIS, the module is only being called once for the page request.