Security :: How To Protect Namespace Against SQL Injections
Jan 28, 2010
I have written a namespace for a guestbook for my personal website. When I use a quote(") or single quote(') in a guestbook message the system(server) gives me a warning there is an error in my SQL syntax.
Incorrect syntax near 'are'. Unclosed quotation mark after the character string ')'.
I have tried to implement the answer of an older topic written by me in the namespace. But it gives me errors. [URL]
how to protect this namespace against SQL injections?
I usually use HttpUtility.HtmlEncode and HttpUtility.HtmlDecode for this but my fear is that someone injects some nasty javascript, I encode it before committing it to the database so it doesn't harm me but the next person who pulls up the page, gets the javascript because I decode the HTML before rendering the page.
What's the best way to handle this in public facing websites?
I'm working on a website that streams audio files for the user from a directory on the server machine. How do I protect the audio files from users being able to navigate to the folder and just downloading them locally, but still provide them access to stream them? If I set permissions on the folder via IIS, is there a level that I can set so that the server can stream but not allow anonymous access?I'm sure there is a tutorial or other thread about this out there, it's just hard to search for this specific issue. Any help or a simple link to another thread/tutorial
User downloads a document from a specified site, saves to the local disk and fills in confidential details. When other users logs on to this computer and if they try to access the file, the document should not be accessible. Also consider that the document can be saved to a common server too, in which case, no one else other than the person who downloaded and filled the document should be able to open the document.
I have contact form and offten using this form my web site is under attck... someone install some code who try to connect using java scriptand all java scripts that I'm using in my web site are infected...
I have built an ASP.NET application that needs to be password protected. This application will be installed on multiple offline computers, and we need to make sure that when being installed it requires a password. But even if it requires a password, someone can easily copy the database and the published folder and duplicate the application on their system right?
I need a way to prevent this. It should only work on laptops that we have installed it on.
May i know how to protect the bin folder dll's compiled from the Visual Studio 2005. I am doing the project in Asp.net & c#. One of My friend decompiled all the dll's and show me. Is there any procedure to make my code standard or any free third party tools to prevent from others.
i have a search box, many text boxes which taken various inputs and save it to database using primitive methods such as "insert into....." executenonquerry etc.have read something that " a textbox by itself can prevernt attacks known as sql injections" is that true?if sohow to enable it?does it need extra coding?
I have a website that is going on a public server so I want to password protect it, but for a while only myself and a couple of others will be using it. I will eventually get it together to do it right and have the users in a database etc, but for now, I just want to put a couple of users with their passwords in the web.config and have them authenticate on a login page.
I am interested in finding out how I would go about displaying a website wiithout forms authentication but to utilise forms authentication when the user makes a request by clicking in the signin button, and then the user will view other pages that are private and secure,
I have a requirement to make parts of forms (and sometimes the entire form) read-only based on the user's active-directory group. I already have integrated AD into the dynamic menu, so that users cannot view certain menu itmes based on their AD group - and this is working fine; however, now they want to get down to the control-level on the forms. The first way that comes to mind is for me to just grab the AD groups for the users and then loop through them, and write my own code to make controls read-only or enabled. Is this a good way to do it, or is there another way? Also, while we're on the topic, is there an easy way to protect an entire form, or maybe an entire panel?
My Boss have given me assignment to find how a web based application developed in dotnet can be protected. As per agreement products developed in our company are assat of company and even not developers can gave the code. but still he wants to know how he can protect products in case a developer theft code and try to launch it from his home ?
- I started an empty ASP.NET 3.5 website - I included the assembly reference <add assembly="System.Web.ApplicationServices, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> - I included using System.Web.Security; - I want to use the following code to add a confirmation code to an email
i get the following error when trying to compile my asp.net site after updating the project from vs2008 to vs2010The type or namespace name 'Syndication' does not exist in the namespace 'System.ServiceModel' (are you missing an assembly reference?)I have the asp.net site targeting 3.5 framework (as it did in vs2008)I also added a reference to System.ServiceModel.Web
I'm using MonoDevelop on Mac OS X Snow Leopard to develop an ASP.NET MVC Application. I have tested it on Visual Studio 2008 on Windows 7 and it worked fine, but when compiling it on MonoDevelop it throws the error: The type or namespace name 'Objects' does not exist in the namespace 'System.Data' under this line: public partial class MoviesDBEntities : global::System.Data.Objects.ObjectContext
when I put a break point i get this error message:
Error 1 The type or namespace name 'X509Certificate' could not be found (are you missing a using directive or an assembly reference?) D:UsersatttDesktop fre etetrtDefault.aspx.cs 7 53 D:...attt
I have a ASMX web service. When I access it from a client the ASMX get compiled but I get this error:
Looking at csc.exe command line from the error detail the System.Windows.Forms asseembly is not referenced.
Compilation Error
Description: An error occurred during the compilation of a resource required to service this request. review the following specific error details and modify your source code appropriately.
Compiler Error Message: CS0234: The type or namespace name 'Windows' does not exist in the namespace 'System' (are you missing an assembly reference?)
Source Error:
Line 3: using System.ComponentModel; Line 4: using System.Drawing; Line 5: using System.Windows.Forms; Line 6: using System.Xml; Line 7: using Idp.Core.Configuration;
I uploaded my website to the server, and I have there a working with wcf - it should be fw 3.5I saw that fw 3.5 is installed on the server and also we have re fw 3.0 sp1.I run my website : www.qenglishcenter.comand I'm getting an error : The type or namespace name 'Linq' does not exist in the namespace 'System' (are you missing an assembly reference?)shouldn't System.linq be already existed ?
I was earlier having a problem with referencing a 3rd Party Dll (Here) but have overcome this problem and am now having a problem referencing my own classes!
Everything seems fine at build with no errors at all but when I go to run the application it comes up with the following Compilation
Error:Compiler Error Message: CS0234: The type or namespace name 'Secure' does not exist in the namespace 'source_extranet' (are you missing an assembly reference?)
The line that the Error points to this line in the class:
source_extranet.Secure.BackendCustomData newdata = new source_extranet.Secure.BackendCustomData();
This line of code points to a class in the same folder as the calling code class.
