Security :: Improve Security Vulnerabilities To Prevent Future Attacks?
Aug 17, 2010
I am using microsoft visual web developer 2010 to build and publish my website, I am facing a security problem. My website has authentication service for my clients, each one he has his own user name and password. After I introduced a new member, my database collapsed, may be this last member is a hacker. Is their a way to improve security vulnerabilities to prevent future attacks. May be through web.config, could be encrypted.
View 11 Replies
Similar Messages:
Jan 20, 2011
I have a ASP.NET XML web service (asmx) running on .NET 3.5. I am trying to figure out how best to prevent replay attacks. Is there any inherent security by .NET 3.5 that should mitigate this issue, or do I need some kind of SOAP header token value?
View 1 Replies
Oct 19, 2010
We have some review coming up and my boss gave me a list of web page security vulnerabilities to look through and consider for our public site. I really don't understand the Get versus Post:
8Misusing HTTP POST and GET
Use POST to submit forms
Use GET to access resources
–NEVER use GET to authenticate users as it leaves a residual trace of all users in the web server access logs (not to mention web application proxy tools)
View 1 Replies
Jan 13, 2011
I have the following procedure and noticed during my first test that my first insert worked, but due to table design issue with the 2nd insert it failed. When i checked only 1 table had been updated.. i cant have that once its in production.
So can someone suggest on how i can improve the logic so that both inserts have to work or none at all.. We cant have broken links between the tables.
[Code]....
View 8 Replies
Mar 24, 2010
I've set up a page where create logins with createuserwizard. I can login with created account but I get logged out after like 20min if I dont do anything (reload etc). How can I remove this timeframe? I dont want a timeframe at all, i want to stay logged in until i close the browser.
View 3 Replies
Feb 11, 2010
How do we prevent XSS from ASP.NET hidden fields.
View 1 Replies
Jan 27, 2010
how to prevent multiple login using vb.net? I'm using visual studio.net 2008
View 6 Replies
Jun 22, 2010
I want to prevent concurrent login under same username. I am using aspnet_users & membership concepts. So How can I achieve this....
View 6 Replies
Jul 12, 2010
I have to make changes to some existing web applications at work to bring them inline with a new security policy.
I am using the framework 3.5 and am using the standard sql membership provider for user authentication.
When a user is changing his password, I want to prevent him using previously used passwords. What is the best and easiest way to go about this?
I was thinking a SQL table with the following columns, my problem was do I handle encryption here as they are old?
dbo.OldUserPasswords
UserID, GUID, NOT NULL, FK Reference to aspnet_Users.
Password, nvarchar(256) NOT NULL,
Timestamp, timestamp, NOT NULL
View 5 Replies
Feb 13, 2010
I have a ajaxPopupExtender in where I placed a login control. But when I login i get a full postback. I've tried to put it all in an updatepanel but that didnt help.
What I want is for the client to login from the popup Window, in case of login error I want to show that error message in popup (still visible). But if the login in successful I can in codebehind do a full postback.
As of now, even when error is presented the page is doing a full postback and the popupExtender with login control is collapsed.
View 2 Replies
Jan 14, 2010
I managed to user to perform multiple log on from other IE window session in my web application if the same log on is currently being used.Unfortunately I have problem to control multiple log on if the user is logging in using tab browsing in the same session. I know this is due to the same session Id but is there any way to trace down to the tab level within the same session?
View 2 Replies
Mar 4, 2010
Hacker's attack the session ID in asp.net application. How can we protect the session identifier from hackers.
View 1 Replies
Jun 24, 2010
i intent to prevent user to login after 3 fails. After that, system said the user have to wait about 20 minutes.
How the best approach to do that?
View 2 Replies
Jul 28, 2010
i want to protect webpage from saving from browser file->save as. i found some sites did it(facebook,orkut). when i try to save pages on that sites only home page saved. how to do this in c#
View 2 Replies
Jun 8, 2010
Since I need user click a link from his/her email once they registered, currently after user registered, and click the "Continue" button (CreateUserWizard1_ContinueButtonClick) or CreateUserWizard1_UserCreatedSuccess, it will be authenticated, how do I prevent this until they click the active link from their email?
View 1 Replies
Jan 18, 2011
I am trying to stop the caching of web pages using the following snippets in the ASP.NET however its not working and showing following error to me,
Response.CacheControl = "no-store";
Response.AddHeader("Pragma", "no-cache");
Response.Expires = -1;
[code]...
View 2 Replies
Feb 9, 2010
At the moment i,m working at a websit (ASP.net 3.5). I have build the project and till my surprise it is possible to reverse engineering the created dll's to the code (with Red Gate's .NET Reflector).
I have found several tools like Xheo and dotfuscator, but does there realy protected the created dll's ?? Does Microsoft have build a method to secure this ?? If this is not possible everybody can steal your code....
I have took a lot of time reading about this article, but is there a method or tool to make this secure?
View 4 Replies
Apr 24, 2010
I will have my asp.net site on a shared hoster. Whats the best way to prevent others hacking and viewing my code? The code I most want to secure is in usercontrols and some more code is in class modules. vb.net/MSVS2005/Ajax) Or do I secure the whole site? I also here some encypting code tools cant handle sophisticted code. Also does encryption slow down code and make the site harder to manage...
View 4 Replies
Mar 4, 2010
i use the CreateUserWizard in order to create users. Asp.net generates automatically a password which is sent to the user by email.
The emailaddress must be like this: firstname.name@ourdomain.be . If 'firstname.name' doesn't exist in our Exchange server ('ourdomain.be'), then:
1) the user is still created
2) the message page with: 'Mailbox unavailable. The server response was: 5.1.1 User unknown' appears
E.g: if user John Wayne introduces by error Jhn.Wayne@ourdomain.be , then this user must not be created, and only a simple Alert-message must appear.
I tried a lot of Try / Catch / Endtry but all my attempts fail: the user is always created and the whole message page appears. I also tried with CreateUserWizard1_SendMailError sub.1
Here the aspx file:
[Code]....
View 3 Replies
Oct 15, 2010
a major problem from Cross-Site ScriptingAttack, Below is sample script which automatically gets inserted into my HTML and ASPX Pages.
"<script src=http://avidmarketing.ie/images/rc3/companybuttonwhite.php ></script>"
View 5 Replies
May 12, 2010
Using vb.net/asp.net 2005.
I am modifying an existing page where I am doing an insert into tables, adding an email address for the team, both fields input from the user.
However, Each email can only exist once for a given team (I have a unique index constraint in my code) so when this exception happens I am showing text something like "you cannot add the same email address for this team" and I am also changing the following property of my CreateUserWizard:
[Code]....
before this it was displaying something like "you have successfully created your user..."
However if the user attempts to add the same email address again for a given team I want to prevent the user from registering.
Anyways, my question is that its good I am hiding the "successfully created..." text however I am still seeing the following:
1. "Complete" word
2. A button with the text "Continue" on it.
I also need to hide both the "Complete" text and the "Continue" button.
This is confusing to the user because it suggests that the user was created successfully but this is not the case in the scenario I described.
View 2 Replies
Apr 9, 2010
I have a folder within my website called 'ProtectedPages' which contains pages which users can only see if they have logged in (MyAccount.aspx etc). If they bookmark that page and try to go to it without logging-in, they are immediately bounced to my login page.However, if I have text files, images etc. in there, then it seems users can get to these fine without the need to login - all they need is the URL. For example, I could send the URL http://mysite.com/ProtectedPages/MyAccount.aspx to a friend and he wouldn't be able to access it until he had logged in. However, I could send himttp://mysite.com/ProtectedPages/ATextDocument.txt and it would show it to him without any problems.How would I go about protecting ALL files within this folder? I have a web.config file within the ProtectedPages folder which just has this information in it (I don't want TrainingAdministrator's to have access to that folder at all)
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
[code]...
View 7 Replies
Oct 15, 2010
Im using an aspx page as the srcl for an image in the host page to serve a dynamically generated image to the user based on parameters they supply
ie
<img alt="" src="generateimage.aspx" id="imagegen"/></div>
Id like for people only to access the content via default.aspx and not the dynamically generated content generateimage.aspx. Any attempt to browse here directly should be redirected to an error page
View 1 Replies
Apr 13, 2010
I usually use HttpUtility.HtmlEncode and HttpUtility.HtmlDecode for this but my fear is that someone injects some nasty javascript, I encode it before committing it to the database so it doesn't harm me but the next person who pulls up the page, gets the javascript because I decode the HTML before rendering the page.
What's the best way to handle this in public facing websites?
View 1 Replies
Jun 2, 2010
My application is windows authenticated. The application pulls JUST the userName from the current windows account. Then I provide site access to this user depending on his account privileges. If his userName belongs to the admins list he is directed to admin screens. If his username belongs to users list he is directed to users screens. I handle this security in C# and some SQL tables(No membership provider and no Active directory security in the app).
I need to be able to prevent multiple concurrent logins for the same userName.
View 4 Replies
