Security :: File Listing And Session Modification?
Oct 18, 2010
I have started to get confused with the setting and security issues of asp.net. Hope someone could answer me. Problem 1: I am curious why we have to encrypt connection string, appsetting and more in the web.config file even though file listing is set to "not allowed" on server setting. Does it mean some strangers can still view and steal such file from server? Problem 2: I know that session id is sort of protected but could
hacker be able to change the information inside ? Let say hacker browser my webpage and some data are stored in the session cookies, could they change the information inside the session cookies?
View 1 Replies
Similar Messages:
Apr 22, 2010
it's possible to protect aspx page from modification in a production environment?
I explain: We are developping a web application that is installed in our customers environments so once it's installed we don't manage it.
This application manages critical and encrypted data that the IT (of our customer) should not have access to, for instance their customer's password. So I would like to know if it's possible to prevent any modification of the aspx page to insert script to retrieve session data or catch keyboard entries once the web application is installed.
View 4 Replies
Nov 13, 2010
Is this possible to get the details like size, creationdate, modification date of a file hosted at some ftp server? I can download/upload files to ftp directory using ASP.Net but my requirment is to download the last modified file. So can we sort files of a ftp directory by modified date using ASP.Net code?
View 3 Replies
Aug 30, 2010
I am trying to save the xml file after modification in a diffrent location. the code is as belowServices.Save(Server.MapPath("~/ResourceFiles/data.xml"))I have given full control permission to the folder. Now sometimes the file saves properly and some times it does not save. OS is Windows 2003 server 64 bit.
View 2 Replies
Jun 23, 2010
I am using membership management and role management. As login controls transfer data in plain text, I am encrypting userid/password in javascript and decrypting in serverside code.
Client side javascript:
[Code]....
If i am commenting these last two lines in javascript code.
[Code]....
View 2 Replies
Jul 31, 2010
I am using file upload option in asp.net web application,how to display filename, date and time of file creation,modification date of file that we browse.
View 4 Replies
Jul 2, 2010
I used [URL] as a guide and have something configured to show me the users which are logged into the system. This uses the aspnet_Users.LastActivityDate column to see when someone last did something on the system. It also uses the userIsOnlineTimeWindow within the web.config to determine whether a user is online or not.
But because of this userIsOnlineTimeWindow limitation of .NET, even when someone logs out of the system or closes their browser window, the system still sees them as being online. Also, if they are on a page and don't do anything for 10 minutes, the system will show them offline until they refresh their page or go to another page. know of a better, more real-time way to tracking users which are logged in, logged out, etc?
I don't want to wait 10 minutes for the system to show that a user is offline and also if there's 10 minutes of inactivity, it shows them being offline.
View 1 Replies
Oct 5, 2010
I have set the destinationpageurl of my login control to login.aspx. On successfully logging in to my website, I get redirected to the directory listing. Why is this? What am I doing wrong?
Also, what do I need to do to not allow the user to see the directory listing ever.
View 2 Replies
Nov 1, 2010
I've seen various tutorials and scripts online which show how to create a directory tree which list the file name, size etc.My question is, I need a script that is basically a normal directory listing but it doesn't show the file extension. If anyone can even point me in the right direction it'd be of much help!
View 28 Replies
Mar 9, 2011
I have sucessfully published a couple of WebMatrix sites withour a problem but this time I'm stumped. When I try to visit the new site all I get is a directory listing of my files and folders. The home page does not show.
View 4 Replies
Feb 3, 2011
I created a user control for my web application that checks for Session Timeout. If the criteria are met for Timeout, I use Response.Redirect to send the user back to the login page. I include this user control in my Master page, and run the SessionTimeoutcode in the user control's Page_Init event. That all works great. However, once the user logs in again after time-out (and I have verified that the OnLoggedIn event does fire) the user is redirected to the DestinationPageUrl. That page runs the Session Timeout check when it loads (as it should) and the Session Timeout code "says" that the session is still timed-out.
View 1 Replies
May 20, 2010
I would like to check if someone tries to access the application with the same username from a different browser/pc/etc. All usernames and passwords are stored in a MSSQL db.
What I am doing at the moment is: In the global.asax-file in Application_start(..) I initialize [Code]....
Now with every user that logs in I can check whether he is allready in ( in that case, he won't be able to log in, he'll be redirected to the login page ). Let's say it's the same user who wants to login but for some reason he wants to start the application from a different pc, maybe in a different building. Unless he hasn't forget to logout, he won't be able to login on this different computer. So he would has to go back and logout or wait for the timeout.
Now wouldn't it be more convenient to abandon the first session and let the same user login to the pc where he is right now?
The question is, is it possible to end the first session without beeing in it? Or is there any other solution for that problem? Since I have the SessionID stored in Application["UserList"] is there any possibility to end that specific session?
View 3 Replies
May 4, 2010
My project is to create a UI where school districts can select dates for a school calendar.
On my calendar page I have a Calendar control, a text box for date and a select box for events. In the code behind I modified the DayRender event handler to add color to the calendar depending upon the event for that date: Holidays are green, School opens is pink, Teacher Inservice days are Aqua, etc. This all works fine. However, when I tried adding a letter to the date to correspond to the event; "O" for school open, "I" for Inservice, etc. I get multiple entries "OO", "II", etc.
[code]...
View 3 Replies
Mar 14, 2014
This project is Web Forms Web Application.
I need to allow the username to be as short as three digits while also allowing an email address to be used as the username.
Examples and documentation I come across are in C# and using MVC. I do not know MVC and I also have zero experience when it comes to security.
View 5 Replies
May 1, 2010
I'm hoping this is a simple configuration setting that I have incorrectly defined. I have an application that has a secure (members) area. If a customer tries to browse directly to the secured page (http://www.mysite/members/memberpage.aspx) asp.net loads up my login.aspx page. When the user successfully authenticates from the login.aspx page in they are taken to the secured page they originally requested (so far so good!).The problem I have is that I run some SQL using the User.Identity.Name on the secured page as a reference to who the logged in user is. This way I can show some customer specific information. When I take the login route outlined above, the SQL doesn't seem to run (or the Session Variables aren't loaded yet?)... my page loads up with no customer information in it. If I browse to another page and then back the customer information shows up and all is well.
View 1 Replies
Feb 10, 2011
i want to handle events that are occuring on a aspx Page specifically sharepoint webpart page .
i ddnt find anything in visual studio event receivers .
is there any way to achieve this ?
View 2 Replies
Jan 20, 2010
I have a loginStatus control, if user click "Login", it will go to the login page, and usually followed by "ReturnUrl": for example:
Before I hit the "Login", the page is:
[URL]
After I click the "Login", the URL is:
[URL]
As you can see the parameter value 1008 is gone. Have searched for a while, one article mentioned:
"ASP.NET's login controls use a ReturnUrl, but don't keep the parameters in this URL".
How can i keep the id number (1008) in the ReturnURL? or have other way to get around this? can I write my own returnURL? say once user clicks the "Login", I create my own return url, myReturnURL=ReturnUrl=/Books/CodeInBooks.aspx?id=1008
View 2 Replies
Jun 29, 2010
I'm trying dynamically to change the HeaderText of one of my DataGrid's columns but have some problem.
I'm making the change on button click event.
At the first click nothing happened, but at the second click the change is made correctly.
Why only at the second click the change is made?
View 4 Replies
Nov 23, 2010
I have a confirmation button that appears when an end user highlights a Customer Name and clicks the link to delete. The confirmation prompts: "Are you sure you want to delete this record?"
Here's the code from the .aspx:
<asp:LinkButton ID="LnkBtn_Delete" runat="server" Width="100%" CommandArgument='<%# Eval("CustID") %>'
CommandName="Delete" Text="Delete" OnClientClick="return confirm('Are you sure you want to delete this record') "></asp:LinkButton>
What I'm attempting to do is replace the portion of the confirmation question "this record" with the actual Customer Name.
View 10 Replies
Feb 6, 2010
The iPhone sends an HTTP GET request to my web application to recieve an update for an internet calendar. The iPhone does not conform to the RFC 822 Date Format for this request. It sends the If-Modified-Since as follows:
RFC 822 format - Sun, 06 Nov 1994 08:49:37 GMT
iPhone Format - Sun, 6 Nov 1994 08:49:37 GMT
I dont know much about handlers or modules. Is it possible to write a handler or module that could intercept this request and reformat the If-Modified-Since date format to the standard. Currently when IIS recieves this request it immediately sends back a 400 Error because of this invalid format.
View 2 Replies
Jun 25, 2010
I've searched but does Visual Studio 2008 have a setting for C# where it will autoformat/beautify my code as I write it? There is a setting for VB.NET called "prettify". I've also searched the archives already and found a macro to execute this on save and I know I can drag and drop it onto the toolbar but I want it to work without my doing ANYTHING for both ASPX and CS files.
Is this possible via built-in setting, modification, or available from an add on?
View 5 Replies
Feb 12, 2010
has anyone got any pointers for recursively listing the directories and file structure within an FTP space with the built in .NET FTP client, ideally I would like to bind the results to a tree view at once.
View 3 Replies
Apr 10, 2014
I have a method who return list of data from database. i want to know how we can get value from list which is return by method.
public List<Company> GetCompanyInfo (int CompID)
{
db_CompanyDataContext obj_comp = new db_CompanyDataContext();
var Compnay_Info = from Cinfo in obj_comp.Companies where Cinfo.CompID == CompID
select Cinfo;
return Compnay_Info.ToList();
}
i am trying below mention statement but it gives error.
List<Company> cmp = sm.GetCompanyInfo(qry).ToList();
View 3 Replies
Oct 5, 2010
I'm trying to achieve a dynamic contact lists/info. > From the Left Column, it may contain three hyperlinks that could update the list of contact lists for a specific department office. And on the Right column, I'm planning to have a loop over the data view collection from a Model(e.g. Contacts) that will be displayed after selecting any of the hyperlink from the left column.
View 2 Replies
Mar 11, 2010
I've just started developing a web site in VS 2008. When I try and view the page (click 'start debugging') an IE window pops up displaying a directory listing of all the files in my web application directory rather than my masterpage or content. Why is this and how can I correct it?
View 2 Replies