Security :: Best Way To Include Some Protection Against XSS In A Web App?

Jun 10, 2010

I'm trying to see what is the best way to include some protection against XSS in a web app but it needs to be easy for the developer!

Let me explain. I'm going to provide a library for the developers which will include the security controls. I'm thinking I have two choices:

1) Include some HTML encoding functions in that library e.g. AntiXSS and let the developer call the function every time he needs to output something

e.g.

Response.Write(AntiXss.HtmlEncode(value));

2) Create a new write method

Response.Writesecure(value)

The writesecure method would then call the appropriate functions and it would be transparent to the developer.

Additionally, I can write some easy code analyis scripts that will identify the use of the standard Write method...

View 3 Replies


Similar Messages:

Security :: A Mixed Login Protection?

Mar 3, 2010

I am working on a very basic ASP.Net 2.0 website that will have a backend based on SQL Server 2005. The website has three basic pages (Home, About, and Contact) that are fully viewable by everyone. However, there is a fourth page called "Employee Login" that must present a Login/Password system to the visitor of the page. Upon successful login, a few more pages shall become accessible to authenticated users only.I need the simplest Form based authentication here however; the User Names and their Passwords are going to be coming from the SQL Database. Setting up the authentication to Form simply locks out the whole website. I need the basic pages to be login-free. Only certain pages need a login.

View 3 Replies

Security :: Breaks Password Protection Directories?

Apr 21, 2010

We upgraded the ASP version in IIS to ASP 4 and now experiencing an odd issue with password protected directories. The directory uses a Web.config file that only allows a single login to access the directory. This worked fine until we did the upgrade to ASP 4. Now when the user logins in, it recursively prompts them to login. If the user hits cancel, they are able to access the page like normal. Is this a ASP 4 or IIS bug?

View 3 Replies

Security :: .Net Security Challenge Does Not Include Session Variable Upon Reroute

May 1, 2010

I'm hoping this is a simple configuration setting that I have incorrectly defined. I have an application that has a secure (members) area. If a customer tries to browse directly to the secured page (http://www.mysite/members/memberpage.aspx) asp.net loads up my login.aspx page. When the user successfully authenticates from the login.aspx page in they are taken to the secured page they originally requested (so far so good!).The problem I have is that I run some SQL using the User.Identity.Name on the secured page as a reference to who the logged in user is. This way I can show some customer specific information. When I take the login route outlined above, the SQL doesn't seem to run (or the Session Variables aren't loaded yet?)... my page loads up with no customer information in it. If I browse to another page and then back the customer information shows up and all is well.

View 1 Replies

Include Files Within Include File

May 20, 2013

I have just started with ASP.NET.

I like the idea of using Include files so that I can create various versions of individual parts of a site and decide in code which to display. I used:

<%Response.WriteFile("contentcontent.aspx")%>

to include a content.aspx file within my default.aspx page.

I would like to include a Left.aspx, Main.aspx and Right.aspx file inside the content.aspx file. I tried using the reponse.writefile function but noticed when I debug the website that the text "reponse.writefile..." displays instead of the code contained within the referenced file(s).

Can this not be done?

View 6 Replies

Secure Obfuscator And Source Protection

Mar 8, 2014

I have tried many protectors and obfuscators on my projects but havent anyone that works well. I know there isnt any protection that cannot be cracked but there must be some that is hard = requiring alot of time for the cracker, perhaps too much time so they skip trying?

Another problem with protection is that they often show false AV alerts which scare away many potential customers.

In my last .NET project I used .Net Protector which seems to be working well so far but the problem is that it shows false AV Alerts also what concerns me a little about this protection is that the protector itself have been cracked, check here: [LINK REMOVED BY MODERATOR] .

What protection to use for C#, .NET or C++ as it is these languages I mainly work with.

View 2 Replies

Access :: Sql Injection Protection Of Website Develop In ASP

Jun 9, 2010

I have develop one website in asp and access. But now a day it is facing a problem of sql injection. So how can I protect the .asp pages from sql injection. I have gone through some of the post and get that some function have to written to overcome the sql injection.Function as below...

[Code]....

View 1 Replies

'CreateDatabase.SqlHelper' Is Inaccessible Due To Its Protection Level?

Apr 9, 2010

I have create a class SqlHelper in window console client project, then test it it works fine. In my SqlHelper class I make all methods are public static. Then I created an assembly, add it to my unit testing project. Whne I try to access the public function of SqlHelper class, I got error like "Error 1 'CreateDatabase.SqlHelper' is inaccessible due to its protection level ".

Here is my class:

[Code]....

at this line: SqlHelper.setUpTestDatabase I got above error, Where goes wrong?

View 2 Replies

WCF / ASMX :: File Protection / Availability In A Web Service?

Oct 5, 2010

I wrote a small web service (asmx) to write stuff to a file on the server. It works fine when run in the VS2008 test container. But when I run it under IIS on a remote machine, I get:

System.IO.DirectoryNotFoundException: Could not find a part of the path 'y:grahammiscprops.txt'.

'y' is a mounted drive on both the test and remote machines. The path really does exist. It works on the test machine; not remotely. So:

Is it the fact that 'y' is a mounted drive causing it to fail remotely? or Is it the fact the the path lies outside of the web application directory structure? Is there something I should put in web.config??; or

Is something else the problem? I would have thought that the service running on the server could do anything it wanted! It's not denying me access to the file; it's saying it can't find it??!!

View 1 Replies

Password Is Not Declared - It May Be Inaccessible Due To Its Protection Level

Jun 7, 2014

I have an aspx file and a aspx.vb file. It's a simple new user Web form in VS 2013:

aspx debug errors:

'password' is not declared. It may be inaccessible due to its protection level.

'strEmail' is already declared as 'Private strEmail As Object' in this class.

'strEmail' is already declared as 'Protected WithEvents strEmail As System.Web.UI.WebControls.TextBox' in this

'strEmail' is not declared. It may be inaccessible due to its protection level.

'username' is not declared. It may be inaccessible due to its protection level.

'username' is not declared. It may be inaccessible due to its protection level.

I have four form fields:

Code:
ID="username"
ID="password"
ID="ConfirmPassword"
ID="strEmail"

In my aspx.vb file I have:

Code:
Imports Microsoft.AspNet.Identity
Imports Microsoft.AspNet.Identity.EntityFramework
Imports Microsoft.AspNet.Identity.Owin
Imports System

[Code] .....

When I preview my form in the browser, I get:

Line 13: Dim strEmail As Object

Compiler Error Message: BC30260: 'strEmail' is already declared as 'Protected WithEvents strEmail As System.Web.UI.WebControls.TextBox' in this class.

Source File: C:UsersSteveDocumentsVisual Studio 2013WebSitesWebSite11AccountRegister.aspx.vb Line: 13

Yet, line 13 in my aspx.vb file is commented out.

View 11 Replies

Code Protection System Which Works With IronPython Assemblies?

Feb 24, 2010

do you know/have you tried any code protection system which works with IronPython assemblies? Can you list it/them here?

View 1 Replies

Web Forms :: HfCount Is Not Declared - It May Be Inaccessible Due To Its Protection Level

Jul 17, 2015

With reference to the following link: [URL] ....

I have some challenge with "hfCount" which can be found in SetData function and btnDelete of the above link. The error i get is: hfCount is not declared. It may be inaccessible due to its protection level. it works on Visual Studio 2010 but gives the above error in Visual Studio 2012 ...

What could be the problem?

View 1 Replies

Raising Custom Event - Cannot Access WebErrorEvent Due Its Protection Level

Apr 29, 2010

I use SqlWebEventProvider to log the exceptions to sql server, and it works fine.

I also want to log custom exceptions to aspnet_WebEvent_Events table programmatically. Similar to - [URL]

WebBaseEvent.Raise(new WebErrorEvent("My Error message", null, 5000, e)); I get an error saying "Cannot access constructor 'WebErrorEvent' here due its protection level.

View 2 Replies

Databases :: BC30451: 'ADODB' Is Not Declared / It May Be Inaccessible Due To Its Protection Level

Nov 21, 2010

I am connecting to an Oracle database and calling a stored procedure in a package but when I run the following, I get the error on the .Parameters line below:

With objCommand
.ActiveConnection = Connection
.Parameters.Append(objCommand.CreateParameter("i_AppID", ADODB.DataTypeEnum.adNumeric, ADODB.ParameterDirectionEnum.adParamInput, , Val(AppID)))
.CommandText = "{call Monitor_Pkg.AM_GetChecks(?," & _
" {resultset 200, o_application_name, o_applicationID,o_CHECK_DESCRIPTION , o_check_status, o_Last_Updated, o_Comments,o_icon, o_checkid,o_INAC_INTERFACE_ID})}"

View 1 Replies

Forms Data Controls :: Gridviewroweventargs Is Inaccessible Due To Its Protection Level?

Jul 1, 2010

I have a problem, with a gridview. When I try to make a OnRowDataBound I get the error "Gridviewroweventargs is inaccessible due to its protection level" I cann't figure out why.My aspx code for the gridview:

[Code]....

Now I have comment out everything in the function grdWaitingApproval_RowDataBound:

[Code]....

When I remove the line in the aspx file

[Code]....

the project runs fine and I get a list of users with username date and so on. But I nead to use the RowDataBound to select a picture to each row.

View 1 Replies

Web Forms :: Repeater Error - Container Is Not Declared / It May Be Inaccessible Due To Its Protection Level

May 7, 2015

I tried like this but getting an error "container is not declared, It may be inaccessible due to it's protection level"

HTML

<div style="width: 100px">
<br />
<hr />
<br />
<asp:Repeater ID="rptLeftMenu" runat="server" EnableViewState="false">
<ItemTemplate>
<%-- <asp:HyperLink ID="hypLeftMenu" Font-Bold="true" runat="server" NavigateUrl='<%#Eval("Url")%>'><%#Eval("text")%> </asp:HyperLink>--%>

[Code] ....

View 1 Replies

XML File Protection - Protect All File To Not Let It Open From The Client Browser?

Sep 23, 2010

I have many xml file in xmlfolder under the root director of my project. I need to protect all file to not let it open from the client browser.

My file have some credential information, and i need avoid to let it open in client browser.

View 2 Replies

Difference Between Data Protection & Data Hiding?

Oct 7, 2010

This is my question related to object oriented programming concept. I can't find a place for it to post.

I think it is the related place for it.

so that, i am posting it here.

I have a doubt in mind related to object oriented programming concept called as "Data Protection".

Can you tell me the difference beteween Data Hiding & Data Protection ? Are they same or is there any difference between them?

If there is any difference, can you explain it to me?

I know Data Hiding concept.

It means that data is concealed within a class, so that it can't be accessed by functions outsid e the class even by mistake.

View 2 Replies

Custom Server Controls :: USER Controls Error - "is Inaccessible Due To Its Protection Level"

Jan 28, 2010

I have a very simple web form (in relationship to a larger project) that uses a USERCONTROL for the details [re-usable]. I believed this to be a simple process - boy was I wrong. Here is my code:

[code]....

CODEBEHIND: (podcategory.aspx.cs)

[Code]....

[Code]....

USERCONTROL Codebehind: (c_podcategory.ascx.cs)

[Code]....

WHY do i get the error CS0122: 'ASP.codes_membership_c_podcategory_ascx.CategoryName' is inaccessible due to its protection level

[code]....

View 10 Replies

How To Include Time

Sep 23, 2010

my requirement is showing the clock in asp.net {this should show all hh:mm:ss}....

View 4 Replies

How To Include .css Files

Jul 22, 2010

Since virturl directory name is not fixed, I wrote code below to include .css file in .aspx page now.

<link rel="Stylesheet" href="<%= ResolveUrl("~/Css/xxx.css") %>" type="text/css" />

The question is, when I use "ResolveUrl" in tag, IDE is always barking about that all CSS classes is undefined.

Is there any better way to define .css file including?

View 3 Replies

C# - Include URL Inside URL?

Sep 10, 2010

I want to use the following format of my url:

http://localhost/{url}/{options}/{hash} But since the url will be very strange with a url inside a url, how would I encode that?

I was thinking of encoding it in hex, since url encoding in .net gave me some strange result that didn't work inside a url. But I don't really know what would be the best way here.

I want to keep the structure of the url, not including any querystring.

View 2 Replies

Include CSS Only If It Isn't Already Included?

Mar 2, 2010

I use the code bellow to dynamically include a CSS file:

HtmlHead head = (HtmlHead)Page.Header;
HtmlLink link = new HtmlLink();
link.Attributes.Add("href", Page.ResolveClientUrl("~/App_Themes/Default/StyleSheet.css"));
link.Attributes.Add("type", "text/css");
link.Attributes.Add("rel", "stylesheet");
head.Controls.Add(link);

The problem is: I want to do it only once, and only if it isn't alrealy included in the page.

How do I verify if it is already included?

Edit:

Answers telling me to include in page load using !IsPostBack won't solve my problem, as this code will be inside a Web User Control and my page may have a lot of the same user control.

For example, I use the code below to do it with javascript:

if (!Page.ClientScript.IsClientScriptIncludeRegistered("jsScript"))
{
Page.ClientScript.RegisterClientScriptInclude("jsScript", ResolveUrl("~/Utilities/myScript.js"));
}

View 3 Replies

.net - Way To Include A .js Inside A .js?

Jul 14, 2010

Possible Duplicate: Include javascript file inside javascript file?

Including a reference to another .js that your current .js file code is reliant on instead of having to add 2 includes in every page to ensure that both those files are there? I assume the answer is no...as I have not found any info on it on the net so far.

View 4 Replies

Using Include Files Still The Best Practice?

Jun 14, 2010

Is the classic way of using include files still the best practice in ASP.NET. IS there a better way in ASP.NET to simulate include files? IF not can someone please provide an example of the .NET way?

View 5 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved