I have images displayed in a website behind a username and password that is accessed by our customers. I have put in some simple measures to prevent users from copying these images. E.g placing an opaque image over the core image so that when users right click and save the image all they get is the opaque image.
I have concerns that customers could easily pass on their user credentials to competitors who can then freely view all the images.
IF we look at the 4guysfromrolla web site [URL] , each article corresponds to aspx page with unique name.
I too have a similar requirement.
1. I have a fixed page design, content of which will be dynamically loaded. The dynamic content consists of text and images only ( no user interaction controls) . Each content when rendered is like a document and each document has a unique documentName.
2. The content can come from a database , html file , XML file or stream as the case may be.
3. Home page of the web site lists the hyper links which navigates to the particular aspx page ( the document which is rendered dynamically as mentioned above).
4. Because the formatlayout is fixed and only the content changes , I don't want to create a separate aspx page for each document. Besides there are over 1000 such documents and will increase in future.
So I had created a page which receives document name in QueryString and renders the content for the particular document.
5. But the condition is that the document should open with unique name shown in the addressbar , like [URL] and it should also appear in google or any other serach results as [URL]
Assumptions: Microsoft stack (ASP.NET; SQL Server).
Some content management systems handle user-generated content (images, file attachments) by storing it in the file system. Others store these items in the back end database.
Some examples of both:
[code]....
What's the best approach, and why? What are the pros and cons of keeping user files in the database? Is there another approach?
on a server, I am trying to deploy a website. Originally, the page styles did not work and the some of the .gif and .jpg images didnt show up. I fixed the css problem by adding a http handler mapping through IIS. I tried the same thing to get the images to work but that didn't fix the problem. If the website was fully deployed im pretty sure the images would work so I dont want to change their paths (same with css). The handler mapping i added for css was for "*.css" of type system.web.staticfilehandler. This is the same type i tried for .jpg and .gif. I don't know specifically the purpose of system.web.staticfilehandler because msdn info is very short.
i have encountered a problem on how to load the database images to be display in the Image content in the web pages. I am currently using an Access database with a table "Images" and there are 4 columns in it. "ImageID", "ImageDescription","ImageofPicture","Description". Below is my code: Words highlighted in bold is where the problem occurs. No image is display in the Image box but theres a red cross at the top left. Image description is displaying fine in the textboxes
int MaxRows = 0; int inc = 0; int inc1 = 1; int inc2 = 2; int inc3 = 3; System.Data.OleDb.OleDbConnection cs; System.Data.OleDb.OleDbDataAdapter dta; DataSet ds1; byte[] photo_array; protected void Page_Load(object sender, EventArgs e) { cs = new System.Data.OleDb.OleDbConnection(); //tell the program where the database is located cs.ConnectionString = "Provider=Microsoft.Jet.OleDb.4.0;Data Source=C:\Users\Admin\Desktop\Website1\App_Data\Database.mdb"; ds1 = new DataSet(); string sql = "SELECT * From Images ORDER BY ImageDescription ASC"; dta = new System.Data.OleDb.OleDbDataAdapter(sql, cs); cs.Open(); dta.Fill(ds1, "Images"); Navigation(); //MaxRows equals to the total amount of records from the database MaxRows = ds1.Tables["Images"].Rows.Count; } private void Navigation() { //get the first records from the database DataRow dtaRow = ds1.Tables["Images"].Rows[inc]; //get column values in the row TextBox3.Text = dtaRow.ItemArray.GetValue(1).ToString(); TextBox7.Text = dtaRow.ItemArray.GetValue(3).ToString(); DataRow dtaRow1 = ds1.Tables["Images"].Rows[inc1]; TextBox4.Text = dtaRow1.ItemArray.GetValue(1).ToString(); TextBox2.Text = dtaRow1.ItemArray.GetValue(3).ToString(); DataRow dtaRow2 = ds1.Tables["Images"].Rows[inc2]; TextBox5.Text = dtaRow2.ItemArray.GetValue(1).ToString(); TextBox8.Text = dtaRow2.ItemArray.GetValue(3).ToString(); DataRow dtaRow3 = ds1.Tables["Images"].Rows[inc3]; TextBox6.Text = dtaRow3.ItemArray.GetValue(1).ToString(); TextBox9.Text = dtaRow3.ItemArray.GetValue(3).ToString(); //if 3rd column value is not null if (ds1.Tables[0].Rows[inc][2] != System.DBNull.Value) { Image5.ImageUrl = "ImageHandler.ashx?ImageDescription=" + TextBox3.Text; } if (ds1.Tables[0].Rows[inc1][2] != System.DBNull.Value) { Image5.ImageUrl = "ImageHandler.ashx?ImageDescription=" + TextBox4.Text; } if (ds1.Tables[0].Rows[inc2][2] != System.DBNull.Value) { Image5.ImageUrl = "ImageHandler.ashx?ImageDescription=" + TextBox5.Text; } if (ds1.Tables[0].Rows[inc3][2] != System.DBNull.Value) { Image5.ImageUrl = "ImageHandler.ashx?ImageDescription=" + TextBox6.Text; } } } Code for ImageHandler.ashx: using System; using System.Web; using System.Data.OleDb; public class ImageHandler : IHttpHandler { public void ProcessRequest (HttpContext context) { string qry = "SELECT ImageofPicture FROM Images WHERE ImageDescription = ?"; string connect = "Provider=Microsoft.Jet.OleDb.4.0;Data Source=C:\Users\Admin\Desktop\Website1\App_Data\Database.mdb"; using (OleDbConnection conn = new OleDbConnection(connect)) { if (context.Request.QueryString["id"] != null) { OleDbCommand cmd = new OleDbCommand(qry, conn); cmd.Parameters.AddWithValue("", context.Request.QueryString["id"]); conn.Open(); using (OleDbDataReader rdr = cmd.ExecuteReader()) { if (rdr.HasRows) { rdr.Read(); context.Response.ContentType = "image/jpeg"; context.Response.BinaryWrite((byte[])rdr["ImageofPicture"]); } } } } } public bool IsReusable { get { return false; }
There is an ASP.NET application www.example.com/APP. From within the application several documents - for example office documents DOCX, PDF, etc. - can be opend. They are accessed via some virtual directory as in www.example.com/APP/VIRTUAL/letter.pdf.
Of course, the documents may only be accessed from within the application, after the user has been identified succssfully. Some documents may only be opened by some privileged users. It should be impossible to open letter.pdf by simply entering the above url into a browser
I am thinking about the following...
The name of the virtual directory is kept secret. After the user has successfully logged into the application, some secret is created. The secret contains the user's ID and some time information (valid from / until). Then, if a document is to be referenced from within the application, the url www.example.com/APP/<secret>/letter.pdf is referenced. In IIS the secret is checked. For this, some of my code is called, when serving a request. If successfull, the url is rewritten as www.example.com/APP/VIRTUAL/letter.pdf. I tried several components, such as the IIS URL Rewrite, IHttpModule, IHttpHandler. Unfortunately, I did not yet succeed.
I'm using the following code which autheticates a user and redirect him to a members webpage. This works however if I access the protected page directly I bypass the security. Do I need a check in the OnLOAD for each page? My second question is how to say hello username on the members page. What variable can I reference to display the username?
I have an ASPNET Application (C#) that runs on my company intranet. This application allows the users to attach PDF files against records.
I am trying to get that PDF uploaded in such a way that whenever the user initially uploads (the uploaded PDF will always be unlocked PDF), the user name would be stamped on the PDF file and the files is locked by my application so that the user cannot change the PDF again, even when having a PDF Writer. Whenever required the application should allow the user to unlock the PDF and then allow the user to edit the PDF.
Now since i'm securing the site i've noticed that the location element does not get much attention.The only thing i have found is that you can use <location path="" allowOverride="false"> on machine.config .I'm not sure how this goes but if you need to use this one every page then i will have multiple problems.First if i have a page with the same name on another website there is trouble and also if i need to update pages again problem.What i'm not sure of is if the location element on machine.config i just used once and then magically every site you have will throw an exception if a hacker changes you web.config.I have doubts and it's confusing and if i play with the server web.config,well i don't wanna mess with that.
So i also tried to encrypt the location element but i cannot find an example(can you encrypt it?).I can encrypt authorization and authentication but i will not go inside the location element.Just the standard authorization and authentication nodes.How can i secure the web.config location element so no hacker can change the allow,deny,etc.
I have a business site that I want to use to show clients their projects I am working on. I don't want these projects to be visible to anyone but the clients, so I give them a user ID and password. I want to use asp.net membership to manage the login IDs and passwords, but I want to use jquery to submit the login form (it's lighter and leaner than the login control). Here is what I have: Page with an html form for login .js file with the jquery calls & code in it httpHandler to process the information from the formI have the user to entering their ID and password, I am using jquery.forms.js to process the form, which calls the httpHandler and passes the form values to the handler. I have the handler check to see if the user ID and password are correct, if not, it passes back a message to be displayed to the user. If the user is valid, then I have it passing back the role of the user, which also happens to be the name of the folder the client needs to view. I have the page redirecting via javascript to the client's folder once they are authenticated. I have the location of the client folder setup in my web.config.
The problem I'm having is the page just redirects back to the login page, with the return url included (?ReturnUrl=%2fCTS%2f2010+Design%2fLasmer%2findex.aspx). I want it to go to the client folder (Lasmer in this case) once the user has been authenticated. Shouldn't it send me to the folder's default page once it knows the user is authenticated? Do I have a problem in the way my web.config is wired up, and do I need anything in the client folder's web.config?Here is the code for the web.config:
So that gives me a series of URLs in the repeater:
[URL]
OK, so with a simple proxy tool someone can replace either of the parameters with some OTHER number to get access to what they shouldn't see.
server-side validation and authentication aside, is there a better method other than passing parameters when trying to create a dynamic URL within a repeater?
Does precompilation have any effect on XML files? i.e. can I obscure/protect xml files using precompilation? I assume that it has no effect as they aren't code.
If I use XML files as Embedded Resources, they appear in the DLL in a text editor as normal text. If the dll is edited and saved using a text editor, will it still work if it is unsigned?
I am working on a video streaming project, objective is to upload video to content provider's server and play it to the authenticated user only, it should not be accessible to unauthorized users, content provider provided APIs and Endpoints to pass security options but it seems not working when I pass those parameters to API along while uploading video streaming file, I need to know how I can do that, is there any other way that I can use rather than Content Provider's API Endpoints
I've read up on SQL Server 2008's encryption function, but I'm not convinced that's the route I want to go. My problem ultimately boils down to the fact that we're either using symmetric keys or assymetric keys encrypted by a symmetric key. Thus it seems like a SQL injection attack could lead to a data leak. I realize permissions should prevent that, permissions should also prevent the leaking in the first place.
It seems to me the better method would be to asymmetrically encrypt the data in the web application. Then store the private key offline and have a fat client that they can run the few times a year they need to access the restricted data so the data could be decrypted on the client. This way, if the server get compromised, we don't leak old data although depending on what they do we may leak future data. I think the big disadvantage is this would require re-writing the web application and creating a new fat application (to pull the restricted data). Due to the recent problem, I can probably get the time allocated, so now would be the proper time to make the recommendation.
I am working on an application that has several user controls (.ascx) of which I do not want to give away the code of. I have tried to search about it, but didn't get very far. I am using visual web developer 2010 express edition, so I cannot publish my website. Also, it doesn't have dotfuscator. What can I do?
sorry for buther I'm a newbie in ASP.NEt MVC and I have some issue deploying my application on IIS, that use a logo image within my main master page declared as
<img src="../../Content/logo.bmp" alt="logo" />
When I use the internal visual studio web server work well but not on my other IIS Server.
What's the mean of ../../Content ? Is this directory deployed with particular rules?
I've been trying to get image caching working for the last 8 hours and I keep the same problem time and time again, I'm trying to cache Images at the moment and then when thats succesful, apply this to cache my js and css files. I have at the moment Sql Dependancy caching working on my dynamic pages but the page still takes to long due to images not caching.
What I have tried is going to IIS7 Management and adding HTTP Response Header for the images folder and setting various things for the cache control.i dont care how long it caches it on the client or on the proxy servers i just would like it to check when the file was modified and compare it with the one in the client or proxy cache and if they are different then fetch the new image which has been ftp up. i could solve this by changing the image name but the thing is the image name is generated when they are ftp'd to the site by an application and the name is a direct reference to the product so i cant change the name each time, as it would mean making a lot of otherpages accross the board.
so What i would like, is to set and expiry date of lets say 32 days or more on the images and then check to see if they have changed by date modified or some other way of checking(Etags maybe) I'm not sure, if they have changed on the server then redownload and recache them, I tried using post-check and pre-check together but that just permantly cached them, so when i change the image the only way it would display the new image is to just hit F5.
In Brief, how can i Cache images, on the client machine/ proxy cache and recache them when the modified date of the file has changed.
I want to show on one of my pages a slideshow type page. Basically I want it to show a selection of images from a folder and have the images scroll from right to left.
I want to write one program by visual studio 2008 (C# and ASP) that has web application and windows application.
I want to get clients images in web app(upload) and store them in DB (mysql) then send these images to windows app via web service (so i new web service, not web site). But i have 2 problems:
I have 2 ways to store images in mysql, first i should have BLOB field in DB -that it takes more space-, second i should save just name of each image in DB(so have image in one folder) -in this way i don't know how get image from clients and store them in that folder-. which one? Or what other? How (code) can i transfer image via web service(Byte[] or? ).
how to upload images to server(application/images folder) and retrive(display) from and on client PC for asp.net. its just for uplaoding logo directly to server folder and retriving from server to client. i am not getting server path on client pc for image.
i have the following scenario, i have a column of a gridview that shows me a text telling me is the user is allowed or not to access to some page, but now i just showing allow and deny, but i wanna show images that represent me the action, how can i do that?
I wanted to combine app_themes css files into one on the fly. I did so using Mads Cristensen technique. But now all elements that has background image defined through css (see picture) don't display image. I believe that is because css files are not relatively referenced anymore (../), but through axd file. I'm trying to fix this by changing reference to image files without success. I already tried background: url("~/App_Themes/44/images/myimage.gif") and this works for pages that combined css. But the problem is that there are other pages in this project that don't use this css combining and now they lost reference to background images.