Security :: Protect Website Using C# From Naughty Users?
Jun 22, 2010
i have a search box, many text boxes which taken various inputs and save it to database using primitive methods such as "insert into....." executenonquerry etc.have read something that " a textbox by itself can prevernt attacks known as sql injections" is that true?if sohow to enable it?does it need extra coding?
View 1 Replies
Similar Messages:
Oct 25, 2010
I have an ASP.NET app that accepts users comments and them in a SQL database. I want to make sure that I weed out any "naughty" words so I can keep my app respectable. Problem is that I'm finding there are LOTS of these words. ;>My question is, what's the most efficient way to do this processing? Should I have a table in SQL and write a stored proc that does the work? Should I do it with c# and Regex in memory on the web server? Are there other options? Has anyone else successfully done this kind of text scanning at scale? If y, what worked?
View 4 Replies
Feb 1, 2011
I have a website that is going on a public server so I want to password protect it, but for a while only myself and a couple of others will be using it. I will eventually get it together to do it right and have the users in a database etc, but for now, I just want to put a couple of users with their passwords in the web.config and have them authenticate on a login page.
View 2 Replies
Mar 31, 2011
Im not sure what it is called, but I need help with this. I need some tips on how to get started on an ASP.net site that will have different users. When each user logs in, they will be able to enter their own personal information such as address, hours worked, their own timesheet etc. I want to have it so each user will be able to only see their own data, not any other data entered by other users. I hope I am describing it ok. Please let me know what this process is called, or any good ways to get started on this.
View 3 Replies
Jan 23, 2011
asp.net 3.5 IIS7 Hosted on Windows Server 2008 (virtual machine)
I have a website which have been running for about a year without any problems. Users have been able to login etc, but now I get reports about users not able to login while using Internet Explorer. Users using other internet browsers like FireFox, Chrome etc have no trouble logging in.
The website are using the standard Forms authentication.
Also lately another website has been setup in IIS7, but these sites are using application pool. I've stopped this webapplication in IIS, but that doesn't have any effect on my problem
I see that Windows Update have failed to install a lot of patches lately, not sure if that is related to this problem. But some of the windows patches are security patches.
View 5 Replies
Dec 14, 2010
I've created a website with users and passwords and such for authentication.When a user is created through the "administer website" function of asp.net 4.0 where are the passwords stored? Is there a way to manually change passwords in the database?
View 3 Replies
Sep 2, 2010
I am currently creating a .NET based (website/system) solution for small IT companies and I am offering it in a self-hosted package, which means my clients are going to mainly install it on their own servers. How do I make sure my system is not being run except on one server per client and no body is illegally-copying it to other servers/machines?
View 2 Replies
Nov 29, 2012
How to protect our website from Hackers. I have developed a website. This is still on a demo url. This is not on the original url but i see that some people in USA and other countries are accessing the page with my old urls. I get the mail of error report with IP address of the user.some user try with wrong url like [URL]. How i will protect my website from these types of users and also from Hackers.
View 1 Replies
Mar 1, 2011
If I have a url as part of my website that points to a document:[URL]
is there any way to prevent someone from just going to that URL if they are not logged/authenticated into our site? The site has its own login username/password mechanism that was implemented where users log in.
View 1 Replies
Dec 17, 2010
I'm working on a website that streams audio files for the user from a directory on the server machine. How do I protect the audio files from users being able to navigate to the folder and just downloading them locally, but still provide them access to stream them? If I set permissions on the folder via IIS, is there a level that I can set so that the server can stream but not allow anonymous access?I'm sure there is a tutorial or other thread about this out there, it's just hard to search for this specific issue. Any help or a simple link to another thread/tutorial
View 3 Replies
Aug 19, 2010
User downloads a document from a specified site, saves to the local disk and fills in confidential details. When other users logs on to this computer and if they try to access the file, the document should not be accessible. Also consider that the document can be saved to a common server too, in which case, no one else other than the person who downloaded and filled the document should be able to open the document.
some options to protect this document.
View 6 Replies
Apr 23, 2010
I have contact form and offten using this form my web site is under attck... someone install some code who try to connect using java scriptand all java scripts that I'm using in my web site are infected...
How to protect my contact form?
View 4 Replies
Sep 18, 2010
I have built an ASP.NET application that needs to be password protected. This application will be installed on multiple offline computers, and we need to make sure that when being installed it requires a password. But even if it requires a password, someone can easily copy the database and the published folder and duplicate the application on their system right?
I need a way to prevent this. It should only work on laptops that we have installed it on.
View 1 Replies
Jan 28, 2010
I have written a namespace for a guestbook for my personal website. When I use a quote(") or single quote(') in a guestbook message the system(server) gives me a warning there is an error in my SQL syntax.
Incorrect syntax near 'are'. Unclosed quotation mark after the character string ')'.
I have tried to implement the answer of an older topic written by me in the namespace. But it gives me errors. [URL]
how to protect this namespace against SQL injections?
[Code]....
View 4 Replies
Jan 19, 2010
Incorrect syntax near 'are'. Unclosed quotation mark after the character string ')'.
how to protect my SQL database by using Csharp.net against a SQL injection.
View 4 Replies
Jun 21, 2010
Can asp.net Dropdownlist and validating they safely protect against SQL injection attack ??
View 7 Replies
Sep 13, 2010
i have a problem in my asp application . Im trying to protect the path for my application using this code :
Uri t = Request.UrlReferrer;
View 5 Replies
Dec 30, 2010
May i know how to protect the bin folder dll's compiled from the Visual Studio 2005. I am doing the project in Asp.net & c#. One of My friend decompiled all the dll's and show me. Is there any procedure to make my code standard or any free third party tools to prevent from others.
View 4 Replies
Dec 6, 2010
I have this file saved in the server. I do not want anyone to download with out authentication. How do I do that?
View 3 Replies
Jun 18, 2010
How to protect our web.config file from external access.
I mean some sort of password protection.
View 3 Replies
Feb 9, 2010
I have an asp.net web app that uses forms-based authentication, a SqlMembershipProvider (using an encrypted password format), and a SqlRoleProvider. I need to know if it's possible to administer the users (create new users, assign them to roles, etc.) from a windows application - the powers that be don't want any administrative functionality in the web app itself.
Here is the membership provider definition from web.config:
[code]....
So, obviously, I have a Sql Server database that contains the users and roles for the web app. I'd like to create a separate windows app that references the web app assembly, and use the configured MembershipProvider, RoleProvider, and machineKey to create users, assign users to roles, etc. If that's not possible, I can duplicate the configuration settings from web.config within the windows app. But I don't know how to do this either.
View 3 Replies
Sep 16, 2010
Just wondering how to implement a user's list into website ? im using ASP.NET C#. I want to be able to:
add/delete usersadd/remove roles
View 2 Replies
Jun 16, 2010
I am interested in finding out how I would go about displaying a website wiithout forms authentication but to utilise forms authentication when the user makes a request by clicking in the signin button, and then the user will view other pages that are private and secure,
View 2 Replies
Feb 12, 2011
I have a requirement to make parts of forms (and sometimes the entire form) read-only based on the user's active-directory group. I already have integrated AD into the dynamic menu, so that users cannot view certain menu itmes based on their AD group - and this is working fine; however, now they want to get down to the control-level on the forms. The first way that comes to mind is for me to just grab the AD groups for the users and then loop through them, and write my own code to make controls read-only or enabled. Is this a good way to do it, or is there another way? Also, while we're on the topic, is there an easy way to protect an entire form, or maybe an entire panel?
View 1 Replies
Apr 19, 2010
My Boss have given me assignment to find how a web based application developed in dotnet can be protected. As per agreement products developed in our company are assat of company and even not developers can gave the code. but still he wants to know how he can protect products in case a developer theft code and try to launch it from his home ?
View 4 Replies