Security :: Way To Check Input From User Preventing XSS?
Jun 3, 2010I want to prevent cross site scripting in my website.....is dat good to use innerhtml,htmlencode?
View 3 Replies
Similar Messages:
VS 2010 - How To Check If User Input Invalid Credit Card
Jun 28, 2012How can I trap if the user input an invalid credit card? How can I detect it?
View 2 RepliesSecurity :: Check Input String Contains Any Virus Or Script Harm To Machine?
Jul 20, 2010I am developeing a site, in that I need to give contact us page , I need to get details visitor input in the fields, comments then generate a email and sent it to admin of the website.
here i have a doubt if some body type any thing which can be run or harm to machine or server website runing on. what we can do in such case. how do we trace any thing harmful input streams ?
Forms Data Controls :: When User Input The Value It Should Check The FACEVALUE And See If The Entered Value
Feb 9, 2011I am developing a page where i have a grid in content page (inherited from master page) which i am populating using DATASET in code behind like this here is the aspx.
[Code]....
As you can see i have some bound fields and one template field called "txtValue" which is the only input in gridview. Now what i want is when user input the value it should check the FACEVALUE and see if the entered value is not above the FACEVALUE and then need to Input value - FACEVALUE and result should be displayed in REMAINING field which is also a template field as label control.
Security :: How To Manually Check A User's Security Question Answer
Jan 30, 2011I simply want to know how to manually check if the value a user has provided for the answer to their security question matches their current answer on record. I want to use the build in support of the membership and membershipuser objects.
I see that via the passwordrecovery control that the actual answer can be returned. However I am currently not using this control and it would take a good bit to integrate it as it does not meet our user's requirements.
In a worst case scenario, getting the actual answer (like the passwordrecovery control does) and manually checking it in our application would be acceptable.
A best case scenario is some sort of API where I can pass in the user name and the answer to their security question that was provided and simply get an indication of whether answer was correct or not.
Security :: Dynamically Create Membership User And Check If User Name Is Valid Or Used?
Jul 25, 2010I am createing user dynamially with the below code; string MyPassword = Membership.GeneratePassword(8,0).ToString(); Membership.CreateUser(TextBox7.Text, MyPassword, TextBox8.Text); but before I start creating, I would like to check if the user name is used before or not.
View 2 RepliesSecurity :: Login Check In .NET - Getting Error "Input String Was Not In A Correct Format" ?
Mar 26, 2011I am getting error "Input string was not in a correct format"
in my code, the error is probably around the ExecuteScalar() method:
[Code]....
Security :: Storing And Displaying User Input (encoding Query)?
Aug 30, 2010how to handle html and scriptswhat . if I build my own CMS? Isn't it inevitable that I'll want to store html code, possibly scripts, and almost certainly apostrophes and special characters, and then display them again.
What's the best way to do this, since I wont want to display the encoded html, but the html itself.
Would it be to encode everything then when I want to actually display the html, decode it, but everywhere else, keep it encoded?
I'm just trying to think of all the scenario's that I could come across when I accept user input where I don't know what they could be typing in. What if I WANT the user to be able to display html? Is it possible to decode only some tags but leave all other tags encoded?
Security :: Allowing User To Input HTML Code Securely?
Jan 30, 2011I have a CMS page that allows the user to paste in or type HTML code into a TextBox in a FormView, then do an INSERT or UPDATE operation to an nvarchar(MAX) column in an SQL table. This is using an ObjectDataSource that refers to an insert or update method in a TableAdapter in my dataset.
When testing, the server initially warned me when I tried to input or update text containing HTML code; so I set the validateRequest="false" in my page header.
I gather this can be a serious security risk. What's the proper way to "validate" the string being input? Am I opening the database to SQL injection?
Only the site administrator has access to the CMS, but malicious could theoretically bust their way in...
Security :: Want To Check User Authentication
Mar 24, 2010I have 3 pages which they use Master page. I want to check if user is authenicated in page load event of master page.
1-Is it correct method to check authenication is page load of master page?
2- I want to know which of the following lines should I user and is there any difference between them?
Request .IsAuthenticated
Page.User.Identity .IsAuthenticated
HttpContext .Current .User .Identity .IsAuthenticated
Security :: To Check User Authentication In IIS ?
Apr 4, 2010I want to check if user is autheneicated in control (ascx). I use HttpContext.Current.User.Identity.IsAuthenticated; for this purpose.
When I browse pages using ASP.Net Developement server -VS 2008- it works fine, But when I use IIS 7 then it always return false , even if user is authenicated.
Note that it's even work fine with IIS 6 but With IIS no hope (Classic/Integrated mode). does it related to IIS 7 or what the method that I use?
Security :: Check User Is Logged In Or Not?
Apr 14, 2010I have one application for collection centres in the city in which ADMIN will have access to all pages in it.In which I have added functionality for admin to see Online users/offline users collection and there collection center name.How can i see the users online automatically when they will be logged in on application.Like we all see in google talk, yahoo messanger, etc like that onlyI also want to keep the option like whether to view only online user or offline users etc.I have tried the following code for getting the Ip address for the computer..But I am unable find how user should be shown as active
ip=Request.ServerVariables("HTTP_X_FORWARDED_FOR") ;
if (!string.IsNullOrEmpty(ip))
{
[code]...
How To Check For User Login And Refer URL For Security
Sep 17, 2010I have two server one server runs (windows 2003 server Moodle opensource - PHP url : [URL] and another server contains Course Matterial video(url :[URL]. so user success full login i have transfer to another server. how can i know it is successful login and it is request comes from xxx.yyy.zzz.aaa ip.
i want write code in C# (asp.net)
Security :: Add Membership User Check If Exists?
Dec 13, 2010I would like to create a sync process between an ADSI table and aspnet Membership using Membership.CreateUser. However, I need to see if a user exists before importing. I can import as long as a user does not exist however I am having trouble checking if users exist and only importing if they do not. Here is my code so far.
[Code]....
Security :: Check User And Pass At Login?
Sep 15, 2010I use a class method that looks something like this to check for user and pass at login:
[Code]....
and I just wanted to ask, if there is a shorter/faster way (the user table is on an SQL Server? Also is this way secure?Note: I set the collation for the password field on the SQL Server to be case sensitive so I don't have to account for it in the code.
Security :: Check If The User OnLine From DataBase?
Feb 22, 2011i have using aspnet DataBase, and i know that i can Check if the User is OnLine or not By Using
Membership.GetUser.isOnLine; this is when invoke method in asp.net Page , But i want to Know if there is another way to Check If the User OnLine or Notfrom aspnet dataBase
Security :: Check To See If A User Is Logged In From Codebehind?
Nov 15, 2010I need to do the following:
[Code]....
how do i write this?
C# - Is There A Security Reason To Validate A Textbox Input If You Are Limiting The Max Length Of The Input
Oct 1, 2010Since I'm new to coding and I'm trying to understand why here is a little more detail on the question.If you have a text box and you are limiting the input to say 2 charactrs do you really need to validate the input further? What I have is a text box that has a max length of 2. Is there a security reason to add a validator to the textbox. I should add this is in Asp.net.
View 8 RepliesSecurity :: Preventing Users From Accessing A Directory?
Jul 12, 2010I have a web site with an administrative section. All administrative pages are stored in a directory called "db/administration". There is only one user that I want to have access to the pages in this directory. That user's username is "system". Currently, I am using the following approach in my web.config file:
[Code]....
When I logged in as another user, I was still able to access pages under db/administration when I navigated to them through the browser's address bar. What am I doing wrong?
Web Forms :: How To Generate Rtf File Based On Input Field (textbox Input By User) C#
May 27, 2010how can i generate rtf file based on input field(textbox input by user) c#
View 3 RepliesSecurity :: Add Email Link While Preventing Spam Robots?
Jan 21, 2010<asp:HyperLink id="HyperLink1" runat="server" Text="Email" NavigateUrl="mailto:example@mydomain.com" />
This is how I added an email link on my page, but does .net have any built in tool for preventing Robots from finding this address? What is a good way to present an email link that wont be detected by spam robots?
VB.NET Web Application Input Box / Input Box That Comes Up When A User Clicks 'Find' Button?
Aug 4, 2010I would like to program an Input Box that comes up when a user clicks 'Find' button. It asks 'Please enter an employee number'. Then it takes the employee number typed into a text box and searches a dataset for that specific employee record.
I know that it should be server side because the client may not have the proper javascript installed or diabled. Therefore, can someone give me some code to put in code behind that can pop up an input box and use the input after, if this can be done?
Security :: IE7 Privacy Settings Preventing FormsAuthentication.SetAuthCookie From Working?
Mar 29, 2011Problem: I am using FormsAuthentication.SetAuthCookie(UserId, False)[Snip]Response.Redirect("~/login_pages/home2.aspx") ' Force round trip so that logon works OK to logon a user. It all works fine with other browsers, and IE7 provided that IE7's PRIVACY (originally I had written "Security") setting is Low. However it doesn't work when the PRIVACY setting is Medium (the default).
How do I solve this problem? I would have expected that FormsAuthentication.Authenticate(Userid, password) was the solution, but this doesn't seem to work at all.
Security :: Preventing Direct Access To Non .aspx Pages In Protected Folder?
May 24, 2010In one of my website I need to prevent direct access to non .aspx pages in a protected folder. Authentication works fine if I am going to [URL] but in one case my users are uploading html pages in that folder and if somebody cut and paste [URL]the page can be seen without the authentication process to be activated.
View 6 RepliesC# - How To Check A Input IP Fall In A Specific IP Range
Jan 26, 2010If we let users input a couple of ip ranges, e.g., 172.16.11.5 - 100, how could I write a fucntion to check if a IP (172.16.11.50) falls in the ranges?
Is there any existing library in .NET to leverage?