Security :: Improve Security Vulnerabilities To Prevent Future Attacks?

Aug 17, 2010

I am using microsoft visual web developer 2010 to build and publish my website, I am facing a security problem. My website has authentication service for my clients, each one he has his own user name and password. After I introduced a new member, my database collapsed, may be this last member is a hacker. Is their a way to improve security vulnerabilities to prevent future attacks. May be through web.config, could be encrypted.

View 11 Replies


Similar Messages:

Security :: How To Prevent ASMX (web Service) Replay Attacks

Jan 20, 2011

I have a ASP.NET XML web service (asmx) running on .NET 3.5. I am trying to figure out how best to prevent replay attacks. Is there any inherent security by .NET 3.5 that should mitigate this issue, or do I need some kind of SOAP header token value?

View 1 Replies

Security Vulnerabilities - Misusing Http Post ?

Oct 19, 2010

We have some review coming up and my boss gave me a list of web page security vulnerabilities to look through and consider for our public site. I really don't understand the Get versus Post:

8Misusing HTTP POST and GET
Use POST to submit forms
Use GET to access resources

–NEVER use GET to authenticate users as it leaves a residual trace of all users in the web server access logs (not to mention web application proxy tools)

View 1 Replies

SQL Server :: How To Improve Procedure To Prevent Broken Links Between 2 Tables

Jan 13, 2011

I have the following procedure and noticed during my first test that my first insert worked, but due to table design issue with the 2nd insert it failed. When i checked only 1 table had been updated.. i cant have that once its in production.

So can someone suggest on how i can improve the logic so that both inserts have to work or none at all.. We cant have broken links between the tables.

[Code]....

View 8 Replies

Security :: How To Prevent From Getting Logged Out

Mar 24, 2010

I've set up a page where create logins with createuserwizard. I can login with created account but I get logged out after like 20min if I dont do anything (reload etc). How can I remove this timeframe? I dont want a timeframe at all, i want to stay logged in until i close the browser.

View 3 Replies

Security :: How To Prevent XSS From Hidden Fields

Feb 11, 2010

How do we prevent XSS from ASP.NET hidden fields.

View 1 Replies

Security :: How To Prevent Multiple Login Using Vb.net

Jan 27, 2010

how to prevent multiple login using vb.net? I'm using visual studio.net 2008

View 6 Replies

Security :: How To Prevent Concurrent Login In C#

Jun 22, 2010

I want to prevent concurrent login under same username. I am using aspnet_users & membership concepts. So How can I achieve this....

View 6 Replies

Security :: Prevent Past Passwords From Being Used?

Jul 12, 2010

I have to make changes to some existing web applications at work to bring them inline with a new security policy.

I am using the framework 3.5 and am using the standard sql membership provider for user authentication.

When a user is changing his password, I want to prevent him using previously used passwords. What is the best and easiest way to go about this?

I was thinking a SQL table with the following columns, my problem was do I handle encryption here as they are old?

dbo.OldUserPasswords
UserID, GUID, NOT NULL, FK Reference to aspnet_Users.
Password, nvarchar(256) NOT NULL,
Timestamp, timestamp, NOT NULL

View 5 Replies

Security :: Prevent Logincontrol From Fullpostback?

Feb 13, 2010

I have a ajaxPopupExtender in where I placed a login control. But when I login i get a full postback. I've tried to put it all in an updatepanel but that didnt help.

What I want is for the client to login from the popup Window, in case of login error I want to show that error message in popup (still visible). But if the login in successful I can in codebehind do a full postback.

As of now, even when error is presented the page is doing a full postback and the popupExtender with login control is collapsed.

View 2 Replies

Security :: Prevent Multiple Logon On Different Tab In The Same Session?

Jan 14, 2010

I managed to user to perform multiple log on from other IE window session in my web application if the same log on is currently being used.Unfortunately I have problem to control multiple log on if the user is logging in using tab browsing in the same session. I know this is due to the same session Id but is there any way to trace down to the tab level within the same session?

View 2 Replies

Security :: Prevent Session Identifier In Application?

Mar 4, 2010

Hacker's attack the session ID in asp.net application. How can we protect the session identifier from hackers.

View 1 Replies

Security :: Prevent User To Login After 3 Fails?

Jun 24, 2010

i intent to prevent user to login after 3 fails. After that, system said the user have to wait about 20 minutes.

How the best approach to do that?

View 2 Replies

Security :: How To Prevent Webpage From Saving In Browser

Jul 28, 2010

i want to protect webpage from saving from browser file->save as. i found some sites did it(facebook,orkut). when i try to save pages on that sites only home page saved. how to do this in c#

View 2 Replies

Security :: How To Prevent User To Be Authenticated After Registration

Jun 8, 2010

Since I need user click a link from his/her email once they registered, currently after user registered, and click the "Continue" button (CreateUserWizard1_ContinueButtonClick) or CreateUserWizard1_UserCreatedSuccess, it will be authenticated, how do I prevent this until they click the active link from their email?

View 1 Replies

Security - Prevent Web Caching Throwing Exception?

Jan 18, 2011

I am trying to stop the caching of web pages using the following snippets in the ASP.NET however its not working and showing following error to me,

Response.CacheControl = "no-store";
Response.AddHeader("Pragma", "no-cache");
Response.Expires = -1;

[code]...

View 2 Replies

Security :: Secure Dll To Prevent Reverse Engineering?

Feb 9, 2010

At the moment i,m working at a websit (ASP.net 3.5). I have build the project and till my surprise it is possible to reverse engineering the created dll's to the code (with Red Gate's .NET Reflector).

I have found several tools like Xheo and dotfuscator, but does there realy protected the created dll's ?? Does Microsoft have build a method to secure this ?? If this is not possible everybody can steal your code....

I have took a lot of time reading about this article, but is there a method or tool to make this secure?

View 4 Replies

Security :: Prevent Others Hacking And Viewing Secure Code?

Apr 24, 2010

I will have my asp.net site on a shared hoster. Whats the best way to prevent others hacking and viewing my code? The code I most want to secure is in usercontrols and some more code is in class modules. vb.net/MSVS2005/Ajax) Or do I secure the whole site? I also here some encypting code tools cant handle sophisticted code. Also does encryption slow down code and make the site harder to manage...

View 4 Replies

Security :: How To Prevent Creation Of User When Email Is Wrong

Mar 4, 2010

i use the CreateUserWizard in order to create users. Asp.net generates automatically a password which is sent to the user by email.

The emailaddress must be like this: firstname.name@ourdomain.be . If 'firstname.name' doesn't exist in our Exchange server ('ourdomain.be'), then:

1) the user is still created
2) the message page with: 'Mailbox unavailable. The server response was: 5.1.1 User unknown' appears

E.g: if user John Wayne introduces by error Jhn.Wayne@ourdomain.be , then this user must not be created, and only a simple Alert-message must appear.

I tried a lot of Try / Catch / Endtry but all my attempts fail: the user is always created and the whole message page appears. I also tried with CreateUserWizard1_SendMailError sub.1

Here the aspx file:

[Code]....

View 3 Replies

Security :: Prevent From Cross-Site Scripting Attack?

Oct 15, 2010

a major problem from Cross-Site ScriptingAttack, Below is sample script which automatically gets inserted into my HTML and ASPX Pages.

"<script src=http://avidmarketing.ie/images/rc3/companybuttonwhite.php ></script>"

View 5 Replies

Security :: Prevent User From Seeing Complete Text In CreateUserWizard1_CreatedUser?

May 12, 2010

Using vb.net/asp.net 2005.

I am modifying an existing page where I am doing an insert into tables, adding an email address for the team, both fields input from the user.

However, Each email can only exist once for a given team (I have a unique index constraint in my code) so when this exception happens I am showing text something like "you cannot add the same email address for this team" and I am also changing the following property of my CreateUserWizard:

[Code]....

before this it was displaying something like "you have successfully created your user..."

However if the user attempts to add the same email address again for a given team I want to prevent the user from registering.

Anyways, my question is that its good I am hiding the "successfully created..." text however I am still seeing the following:

1. "Complete" word

2. A button with the text "Continue" on it.

I also need to hide both the "Complete" text and the "Continue" button.

This is confusing to the user because it suggests that the user was created successfully but this is not the case in the scenario I described.

View 2 Replies

Security :: Prevent Unauthenticated Users From Seeing Non .Net Pages On Site?

Apr 9, 2010

I have a folder within my website called 'ProtectedPages' which contains pages which users can only see if they have logged in (MyAccount.aspx etc). If they bookmark that page and try to go to it without logging-in, they are immediately bounced to my login page.However, if I have text files, images etc. in there, then it seems users can get to these fine without the need to login - all they need is the URL. For example, I could send the URL http://mysite.com/ProtectedPages/MyAccount.aspx to a friend and he wouldn't be able to access it until he had logged in. However, I could send himttp://mysite.com/ProtectedPages/ATextDocument.txt and it would show it to him without any problems.How would I go about protecting ALL files within this folder? I have a web.config file within the ProtectedPages folder which just has this information in it (I don't want TrainingAdministrator's to have access to that folder at all)

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>

[code]...

View 7 Replies

Security :: Prevent Direct Access To Embedded Page?

Oct 15, 2010

Im using an aspx page as the srcl for an image in the host page to serve a dynamically generated image to the user based on parameters they supply

ie

<img alt="" src="generateimage.aspx" id="imagegen"/></div>

Id like for people only to access the content via default.aspx and not the dynamically generated content generateimage.aspx. Any attempt to browse here directly should be redirected to an error page

View 1 Replies

Security :: Prevent HTML / Script Injections Into TextBox'es?

Apr 13, 2010

I usually use HttpUtility.HtmlEncode and HttpUtility.HtmlDecode for this but my fear is that someone injects some nasty javascript, I encode it before committing it to the database so it doesn't harm me but the next person who pulls up the page, gets the javascript because I decode the HTML before rendering the page.

What's the best way to handle this in public facing websites?

View 1 Replies

Security :: Prevent Multiple Concurrent User Logins For The Same UserName

Jun 2, 2010

My application is windows authenticated. The application pulls JUST the userName from the current windows account. Then I provide site access to this user depending on his account privileges. If his userName belongs to the admins list he is directed to admin screens. If his username belongs to users list he is directed to users screens. I handle this security in C# and some SQL tables(No membership provider and no Active directory security in the app).

I need to be able to prevent multiple concurrent logins for the same userName.

View 4 Replies







Copyrights 2005-15 www.BigResource.com, All rights reserved