Protecting Personally Identifiable Data In SQL Server 2008 Environment
Jan 18, 2011
I've read up on SQL Server 2008's encryption function, but I'm not convinced that's the route I want to go. My problem ultimately boils down to the fact that we're either using symmetric keys or assymetric keys encrypted by a symmetric key. Thus it seems like a SQL injection attack could lead to a data leak. I realize permissions should prevent that, permissions should also prevent the leaking in the first place.
It seems to me the better method would be to asymmetrically encrypt the data in the web application. Then store the private key offline and have a fat client that they can run the few times a year they need to access the restricted data so the data could be decrypted on the client. This way, if the server get compromised, we don't leak old data although depending on what they do we may leak future data. I think the big disadvantage is this would require re-writing the web application and creating a new fat application (to pull the restricted data). Due to the recent problem, I can probably get the time allocated, so now would be the proper time to make the recommendation.
View 3 Replies
Similar Messages:
Apr 2, 2011
I need to create a Web Setup project for an MVC2 application I made at home, since I have VS 2010 there and I need to show people at the office, who have VS 2008 + sp1 + MVC2.
View 3 Replies
May 14, 2010
How to use or implement ajax mocdalpopup control in asp.net under visual studio 2008 enviornment.
View 3 Replies
Aug 5, 2010
My stored proc execution runs perfectly on local developement environment, but in QA environment it just returns an error after 5 min.s(My stored proc. takes arround 15 min.s to complete), when i run my Stored proc from query analyzer it runs perfectly in 15 min.s.
I tried to debug the code by pointing my local code to QA database, but that didn't give any error and ran perfectly. So i suspect there is something like commandtimeout happening in QA environment. Then i went on to check code at QA environment, it passes commandtimeout = 0 to the command object which means infinite.
View 3 Replies
Aug 4, 2010
I have an aspx page that references a server control from an assembly and lives in Sharepoint (knowledge/experience in Sharepoint is not required to answer this question, i'm simply giving you context). The implementation looks something like this:
<%@ Register TagPrefix="wc" Assembly="Test.Controls" Namespace="Test.Controls" %>
<wc:WYSIWYG runat="server"></wc:WYSIWYG>
I can NOT change the .aspx page's content which currently lives in Sharepoint and I have to to take the same code and run it outside of Sharepoint but still on an ASP.NET environment. It's cool and crazy at the sametime, I know.
When this aspx page is running in Sharepoint, I have to get the WYSIWYG editor control to use Sharepoint's WYSIWYG control. When the same aspx page is running outside of Sharepoint but still in an ASP.NET environment, I need it to use a different server control that's not dependent/from Sharepoint. How could I modify the code-behind to perform this toggling? Is this even possible?
View 1 Replies
Sep 17, 2010
have added an asp menu to my site which i populate depending on the user/group from an entity framework object using a re-entrant function. This successfully adds menu items with associated child menu's to level n in the development environment.The problem comes when i publish to the server. when i view the published site the menu view changes and instead of a nice neat menu bar it shows a big list of the correct menuitems in a flat structure blanking out the rest of the page(asp menu is set to horizontal normally)server - windows server 2003 x64 - iis6 - asp 4.0.30319 + net4 framework packsdev - windows 7 - Visual studio 2010i am checking both sites with the same browsers so its not a browser issue.
View 6 Replies
Sep 17, 2010
I am sorry to be asking what is probably a really stupid question, but i have a problem with my asp menu, when i run it on my dev machine(thru vs2010) it works perfectly, all the menu's are displayed correctly with the correct child items in the correct order but when i publish it to the server all the menu items become flat and take up the whole page. I am populating the menu using a reentrant function as follows to call the function and add the menus i am using
Dim childMenuItems As List(Of MenuItem) = CreateMenuLevel(0, uniquemenulist)
childMenuItems.ForEach(Sub(n) NavigationMenu.Items.Add(n))
Public Function CreateMenuLevel(ByVal parentId As Integer, ByVal menulist As List(Of MenuList)) As List(Of MenuItem)
Dim menuItems As New List(Of MenuItem)
For Each menuListItem As MenuList In menulist.Where(Function(n) n.ParentId = parentId)
Dim MenuItem As New MenuItem
If (Not String.IsNullOrEmpty(menuListItem.PagePath)) Then
MenuItem.NavigateUrl = menuListItem.PagePath
End If
MenuItem.Text = menuListItem.MenuName
MenuItem.Selectable = True
MenuItem.Enabled = True
menuItems.Add(MenuItem)
Dim childMenuItems As List(Of MenuItem) = createMenuLevel(menuListItem.MenuId, menulist)
childMenuItems.ForEach(Sub(n) MenuItem.ChildItems.Add(n))
Next
Return menuItems
End Function
now as i say this all works fine in the dev environment so i dont think its a coding issue unless i am missing something mad.
server 2003 x64
iis 6.0
asp 4.0.303.19
relevant .net 4 framework packs installed
dev environment
visual studio 2010
am using the same browser for to check both dev and server
View 2 Replies
Feb 24, 2010
We are looking to integrate Memcached into our infrastructure, but have a security concern before we do. We run several platforms including ASP.NET and ColdFusion and have many app developers working many little applications across the different platforms. The concern is this: App A places item "dog" into cache.
App B reads item "dog" (or worse: App B updates item "dog")
After this happens, App A either retrieves bad information, or has already had its information viewed, aka "stolen". What we would like to do is make it so that each app can only interact with its own sandbox, and may not interfere with or read other application's data.
View 3 Replies
Apr 15, 2010
Would something be missing, not working, or confusing if I do this? First, install SQL Server 2008 Standard, and SP1. Then, install Visual Studio 2010 Professional, unchecking SQL Server 2008 Express option. Or would I need to fix any configurations afterwards?
View 1 Replies
Jun 29, 2010
how can i transfer complete database from sql server 2008 to sql server 2008 without loosing relationship intigrity.
View 9 Replies
Feb 9, 2011
I have an intranet ASP.NET web application in which I need to get the IP of the client's machine. I do this vis the following code:
HttpContext.Current.Request.ServerVariables.Item("REMOTE_HOST")
It used to work when my ASP.NET site was only hosted on a single server. However once we got the load balancer installed and migrated our apps to a web farm, the code above returns the IP of the Load Balancer device and not of the client anymore.
I am working with the networking folks to determine what can be configured differently with the load balancer, but in the meantime I was wondering if there was another way I could get the client's IP other than using that IIS Server Variable?
View 1 Replies
Feb 5, 2010
I have a form where a user asks for a quote and we need to send an attached application form. all this worked in the dev environment but when I post the changes onto our hosted server (third party ISP) I get an error when the attachment is added. I have tired to use URL's but that does not work, at the moment I am using a relative path, but have also tried to place the file in the forms page folder.
Here is my attachment code:
string strFullPath = System.Web.HttpContext.Current.Server.MapPath(pRelativePath);
Attachment myAttachment = new Attachment(strFullPath, System.Net.Mime.MediaTypeNames.Application.Pdf);
myMsg.Attachments.Add(myAttachment);
this is in a try - catch block and I get the error "Could not find file".
View 2 Replies
Jul 16, 2010
Created a new virtual directory on my web sit in IIS 6.. set proper settings and wild card extensions... published via file system from dev environment to the server but i get a page cannot be found 404 error when browsing the site...
View 4 Replies
Jan 28, 2011
I have a .net web application in a load balanced environment over 3 servers. The load balancing is done with a load balancer. My site is [URL]with serveral javascript files such as [URL]
Is it possible to set it up that when request goes to server1 for [URL] then all javascript, css requests also go to server1, server2 or server3? Is there any web.config configuration that can be put in place to handle this?
View 1 Replies
Jul 4, 2010
some differences hosting a website on some remote server VS running it locally on dev environment.The reason why i am asking is, If I run my website locally it works fine no exceptions, runs smooth. But when deployed on a remote hosting server. Its like a nightmare to me :(very often i get object Instance not set to instance of object..... I am ok with the error message, But the same situation should happen locally,
View 6 Replies
Jan 27, 2011
I have to choose between Server.transfer and Response.redirect for an Intranet application for navigation. I have chosen Server.Transfer as of now because it avoid extra round trip to server and which will help when so many users will be accessing the application. (I believe this is the main difference between reponse.redirect and server.transfer). But the problem is now that URL won't change on Server.Transfer(I don't want to implement Http headerS, as I am afraid it will take time to implement that).on redirection, I want to do something like taking benefit of server.redirect(in avoiding server processing, which happens in response.redirect) and changing the URL(as it happens in reponse.redirect).Can anyone please suggest a quick solution to it or may be help me Telling How many users can reponse.redirect can support ?
View 11 Replies
Feb 17, 2011
i have a store procedure that load data in a table of SQL SERVER 2008 from an excel file.the issue is, that the excel file have a column of DATE type, and i want that the system interprets the format in it, no matter what comes in it.dd/MM/yyyy mm/dd/yyyyi have an argue about this with my parnerts, cause i think is imposible, if you don't have a format before the process runs.
View 3 Replies
Apr 14, 2010
I have images displayed in a website behind a username and password that is accessed by our customers. I have put in some simple measures to prevent users from copying these images. E.g placing an opaque image over the core image so that when users right click and save the image all they get is the opaque image.
I have concerns that customers could easily pass on their user credentials to competitors who can then freely view all the images.
View 2 Replies
Jan 22, 2010
i am using asp.net with vb
i have one page with registration.aspx.
i want that if any one wants to access that registration page he have to go through login.aspx page .
may be he write the page name (registration.aspx) in url, automatically it get redirect on login.aspx.
View 19 Replies
May 7, 2010
Followed the code sample of Chapter 10 (Logging in) of the Book, Microsoft ASP.NET 2.0, I created an ASP.NET 3.5 website with Forms Authentication. The sample code used Website Administration Tool (WAT) to manage the users, roles, and authorization.When running in the ASP.NET Development server environment, I can first login, then click to open the links for each for the 3 roles.
However when running the sample code in the IIS server environment, I can login but can not open the links for the role subfolders.Clicking each link popped up an error message for opening a login.aspx from the specific subfolder. I don't have a Login.aspx file in each subfolder.The 3 role subfolders were configured as the virtual folders in the IIS Server. Why the sample code worked fine inASP.NET Development server environment, but got an error message from theIIS Server environment? Why an authenticated user can not open the subfolder homepage?
View 5 Replies
Sep 1, 2010
some good links / tutorials for migrating data from sql server 2000 to 2008 using SSIS
View 3 Replies
Aug 28, 2010
There is an ASP.NET application www.example.com/APP. From within the application several documents - for example office documents DOCX, PDF, etc. - can be opend. They are accessed via some virtual directory as in
www.example.com/APP/VIRTUAL/letter.pdf.
Of course, the documents may only be accessed from within the application, after the user has been identified succssfully. Some documents may only be opened by some privileged users. It should be impossible to open letter.pdf by simply entering the above url into a browser
I am thinking about the following...
The name of the virtual directory is kept secret. After the user has successfully logged into the application, some secret is created. The secret contains the user's ID and some time information (valid from / until). Then, if a document is to be referenced from within the application, the url www.example.com/APP/<secret>/letter.pdf is referenced. In IIS the secret is checked. For this, some of my code is called, when serving a request. If successfull, the url is rewritten as www.example.com/APP/VIRTUAL/letter.pdf. I tried several components, such as the IIS URL Rewrite, IHttpModule, IHttpHandler. Unfortunately, I did not yet succeed.
View 2 Replies
Nov 11, 2010
I'm using the following code which autheticates a user and redirect him to a members webpage. This works however if I access the protected page directly I bypass the security. Do I need a check in the OnLOAD for each page? My second question is how to say hello username on the members page. What variable can I reference to display the username?
[Code]....
View 5 Replies
May 8, 2010
Is there a way that a hacker or someone who wants to copy my software logic, can reverse engineer the business logic that I have in a webservice?
Is there a way to protect such information?
My development platform in .net asp.net and C#
View 3 Replies
Jun 9, 2015
I have an ASPNET Application (C#) that runs on my company intranet. This application allows the users to attach PDF files against records.
I am trying to get that PDF uploaded in such a way that whenever the user initially uploads (the uploaded PDF will always be unlocked PDF), the user name would be stamped on the PDF file and the files is locked by my application so that the user cannot change the PDF again, even when having a PDF Writer. Whenever required the application should allow the user to unlock the PDF and then allow the user to edit the PDF.
View 4 Replies
