Security :: Restrict Sql Injection In Code?
Jun 2, 2010How can i restrict sql injection in my code. How can i test that one whether SQL injections are applicable or not
View 4 Replies
Similar Messages:
Security :: SQL Injection Using Like %?
Feb 22, 2010I want to know how my data could be compromised using a statemnt like SELECT [ID], [item], [price] FROM [Items] where item LIKE '%' + mitem + '%'" what line of could be considered an attack to the data.
View 16 RepliesDependency Injection And Code Maintainability?
Oct 30, 2010I am working on a (vb.net/asp.net) project that is using interfaces to provide dependency injection. But to me, it feels like the maintainability of the code has been killed. When I want to read through the code, I can't simply jump to the code of a related class that is used. All I see are the interfaces, and so I have to hunt through the project to figure out what classes are doing the implementation. This really hurts my productivity.
Yes, I know I now can implement the interfaces with a wide variety of replacement classes. But for example, I know I'm not changing my data source any time soon--there is no need for me to enable the ability to swap that out. All of this dependency injection seems like overkill to me (in fact, the only real reason it is there is to support mock classes for unit testing). I've actually read several places that state DI is actually better for maintainability. But that assumes you already know where everything is and you know which class you need to update. Finding out where to look is the part that is killing me. So, my question is: Is there a better way to traverse through the code? Is there a better way to make the code more maintainable? Are we just doing it wrong? Or is this par for the course?
Security :: Sql Injection To My Website
May 9, 2010i almost finished my website
but i am afraid of sql injection to my website
how i can protect my self against this injection ...?
Security :: 4 Security Via Windows Authentication - Restrict Access To Safe / UCantSeeMe.aspx
Aug 18, 2010I'm writing a simple Intranet application using windows authentication. I want to restrict access to Safe/UCantSeeMe.aspx. I am aware of the AuthorizeAttribute, but this only works on methods. I also found a good post on doing this with the MVC pattern, but I'm not using MVC. This can be done with roles in forms based security. I read on MSDN that using windows based security means roles are based on groups, but it doesn't go into any detail. how can I restrict access to Safe/UCantSeeMe.aspx?
View 1 RepliesSecurity :: Protect SQL Database Against A SQL Injection?
Jan 19, 2010Incorrect syntax near 'are'. Unclosed quotation mark after the character string ')'.
how to protect my SQL database by using Csharp.net against a SQL injection.
Security :: Protect Against SQL Injection Attack
Jun 21, 2010Can asp.net Dropdownlist and validating they safely protect against SQL injection attack ??
View 7 RepliesC# - When To Choose Javascript Injection From Code-behind Over External Js File
Jan 18, 2011I'm working on a C# web app and I've to handle some javascript code.
I can do it both using javascript injection from my .cs file, which I'm doing now or choose to include my code into an external js file.
I would like to know when you would prefer to choose one way over the other.
According to me, it can be more clear to put code in external .js file and it can ease debugging.
Code injection from code-behind would however keep together all the necessary code for my component.
Security :: Trying To Restrict Access To Folder But Can't?
Jan 23, 2010[Code]....
Trying to restrict access to folder but can't?
Security :: Restrict Users From Certain Webpages?
Mar 7, 2010I am developing a website that has 2 roles of users.i have made 2 folders for each type of user's web pages. how to imply security so that 1 type of user could not see other user web pages.is thier any other way or i will have to check form the databse for credidentials every time the page is visited?Also let me know why do people put web pages in folders?i am not using sql membership and not even .net classes for role management.
View 7 RepliesSecurity :: Restrict Access To File .wmv?
Oct 13, 2010I want to secure a particular set of files in a folder by role type. I have the following entry (See below)...I notice this doesn't work (I.e., it doesn't secure the file by Role Type.. anyone can access the file). I've read that I need to map the .WMV extension to the ASp.Net DLL.
[Code]....
Security :: Restrict Access To Domain Users Only?
May 12, 2010I have just started to use asp.net mvc.
I have read this article about using ntlm authentication
[Code]....
it provides access to specific domain users
[Code]....
I want to restrict access to all my domain users only lets say
[Authorize(Domain="redmond")]
or do I do it via web.config
Security :: Restrict Pages Direct URL Access?
Mar 17, 2010I have a security issue in my web application where user can enter malicious data/can change the page path directory. To avoid these i want to restrict the user by accessing/typing in the URL.
View 5 RepliesSecurity :: Restrict Accessing Web Application In Public PC?
Mar 10, 2010I have developed An Inventory Management System in ASP.Net . The application is hosted now ... From manager to data entry operator every1 z having seperate login , roles and limitation to access website ... From Our office every1 is accessing the application and working on it. My question is even they can access the apllication from public PC (Browseing Center) ?? coz they knew the password. Am i rite. Now, I need to restrict my application access in public PC (Browseing Center)? Can i limit accessing of my website application only in office not in public PC (Browseing Center)? can i allow certain IP to access my website application?
View 11 RepliesSecurity :: Restrict User For Download Many File?
May 25, 2010we have uploded multiple documents. i want to faclitate free user to download one of file.
If Free User want to download another file then i want to show message "Register now for download this file "
If User will complete the registration from then he can download multiple files.
Security :: Restrict A User After Perticular Visits?
Nov 26, 2010i need a code for my web app where i want to restrict a user after...let say 10 visits....on the 11 th time when the user tries to login he/she gets a error messege denying login.maybe we can use session or cookies...but i dont want to limit..it with cookies i.e if he tries to enter after 30 days or so he is allow to login. what i raelly want is, a user has only 10 views after that he is unauthorized to login.
View 3 RepliesSecurity :: Login Restrict After Three Times Attempts?
Jan 28, 2011I need to add features in login page.
1) Only allow user in three times attemps
2) After three times failed to login, the user will be restricted for 30 minutes.
I knew how to code for 1) but I do not how to do 2).
Security :: Restrict And Allow User To Pages Of Website?
Aug 23, 2010i have 4 pages of website 2 pages are authorized to used by USER and 2 pages are restricted for useradmin can authorized to go all 4 pagesi need coding for Login window from which Admin/User Login
View 1 RepliesSecurity :: Restrict Access To Site From Outside Office?
Nov 9, 2010I am faced with a rather tricky issue. I am developing a web application that resides beneath a web site. The web application is actually meant for the employees of the company owning the web site. The employees can access the web app from the login facility on the site.
The situation demands that an employee must be able to login to the app only from the office machines and not from anywhere outside. I thought of a logic where in the IP address of the machine in which the employee sits will be stored against the employee profile and when he logs in, the authentication will check for user credentials as well as whether he is logging from the designated IP. If not he is not allowed access to the app even if the login credentials where correct.
I am not sure if this is a good way, because I feel tricky persons can give the same IP of the office machine in another machine, say at home and the logic is broken. Can somebody provide me a better way of solving the issue. I am using ASP.Net login control for user login.
Security :: How To Restrict Users Who Are Entering The Sites Without Login
Aug 9, 2010I have a login form and users have to enter their username and password for entering the sites ..
Also now its possible for users to enter the sites without login .. they can select the options in the menu and access them ... But i want to restrict the users ..only allow them to access the menu componets after login ... If they tries to access the contents a text have to display ask them to login
how can i do that... i am using vb.net as my language in the page
Security :: How To Restrict User To Login From Multiple Location
Jun 22, 2010Can anyone explain how to make unique login in asp.net
<b>Problem:</b> If user is logged at a client machine and tries to login from other client machine at the same time, then he should be prompted that "You are already logged in, Do you want to continue?" on continue user should be logged out from other machine and logged in to current machine.
Security - Restrict Access To A Specific URL, Running On IIS7
Jun 10, 2010I am deploying a public ASP.NET website on an IIS7 web farm.
The application runs on 3 web servers and is behind a firewall.
We want to create a single page on the website that is accessible only to internal users. It is primarily used for diagnostics, trigger cache expiry, etc.
/admin/somepage.aspx
What is the best way to control access to this page? We need to:
Prevent all external (public) users from accessing the URL. Permit specific internal users to access the page, only from certain IPs or networks.
Should this access control be done at the (a) network level, (b) application level, etc.?
Security - Restrict File Types Allowed For Upload?
Jun 16, 2010I want to limit the allowed uploaded file types to images, pdfs, and docs. What is the recommended way to approach this?I assume checking the file extension alone is not enough, since an attacked can change the file extension as he wishes.I also thought about checking against MIME Type using PostedFile.ContentType.I still don't know if this is adding any further functionality than checking against file extensions alone, and if an attacker have and ability to change this information easily.This is basically for a course management system for students to upload assignments and teachers to download and view them.
View 2 RepliesSecurity :: Restrict Folder Contents To Authenticated Users?
Mar 26, 2011I am using the membership provider and am reasonably comfortable that all of my web pages are safe.Some of the pages contain hyperlinks to documents (pdf, xls, etc.) stored in a folder under the root of the web site. I have disabled the ability of users to anonymously list folder contents, but I don't see a way to keep anonymous users from accessing the documents if they know the specific URL for that document. Example; if the document contains a spreadsheet of current sales, I don't want an ex-employee (who captured the URL while working here) to be able to bring up the current document.asswording the documents isn't a good choice because there are hundreds and we'd like to avoid changing them all every time someone leaves, or weekly, or whenever...Is there a way to restrict access to all contents of a web folder to people who have been authenticated?
View 4 RepliesSecurity :: Restrict Users From Tempering The View-state Value?
Mar 3, 2011We deployed our usercontrols (gridView, textboxes & button) on sharepoint 2010 site, & everything works fine.
Now testing team are able to alter the viewstate value of controls through Fiddler and changed it with some junk characters, now after submitting
the form to server, it throws Invalid JASON Primitive (server 500 error)
In web.config file, by default EnableViewStateMac is true.
Is it any way to restrict the users or any way to stop the postback if some one alters the viewstate.