VS 2010 - Protect From SQL Injection Where If A Is Put In End Of URL
Jul 22, 2011How to protect from sql injection where if a ' is put in the end of the URL there is an error ?
View 12 RepliesHow to protect from sql injection where if a ' is put in the end of the URL there is an error ?
View 12 RepliesIncorrect syntax near 'are'. Unclosed quotation mark after the character string ')'.
how to protect my SQL database by using Csharp.net against a SQL injection.
Can asp.net Dropdownlist and validating they safely protect against SQL injection attack ??
View 7 Repliesweb pages running on the localhost, if i copy the web page link (address link), then copy to the another tab or browser, it should not open, it should display a Login Page.
For example, web pages are
Login.aspx
Account.aspx
Once Login, account page will open, then copy the address link, then try to open in another tab or browser. It is directly account page is display.
Account page directly should not open without login page.
How to protect the web pages.
I am new at asp sites, and just started to use visual studio...
So every page i make, there is another one (source file) linked to it.
Example...default.aspx and with that the default.aspx.vb or default.aspv.cs. I know what those files are for, but how do i protect them from being downloaded from users... Anyone can just type the url, and get my hard work :-/
I want to display the world's top 100 IT giants list up-to-date on my webapge. from where can i get the informaiton? Is it possible to get the RSS feed for this?
View 4 RepliesI want to know how my data could be compromised using a statemnt like SELECT [ID], [item], [price] FROM [Items] where item LIKE '%' + mitem + '%'" what line of could be considered an attack to the data.
View 16 RepliesI have a website about to go live. I'm wondering what I should be doing about the connectionstring in the web.config. Do I obfuscate it and it so how?
View 3 RepliesI know there is a server software named media server protects video link to direct accessing.But adobe's.
Is there a way to protect video link? or progressive video stream loading and preventing video direct link.in aspnet ? so no jdownloader or any link gather programme can detect it.
I'm going to publish an asp.net pre-compiled web site on shared hosting account but I don't want my code to be copied and able to run on another domain. I need to check domain and if not example.com or www.example.com redirect to error page or show error as response.
EDIT: Here is my solution based on given answers
void Application_BeginRequest(object sender, EventArgs e)
{
string[] safeDomains = new string[] { "localhost",
"example.com", "www.example.com" };
if (!((IList)safeDomains).Contains(Request.ServerVariables["SERVER_NAME"]))
{
Response.Write("Domain not allowed!");
Response.End();
}
}
I have a page which includes video player (flash or silverlight). How I can protect videofile for direct download?
View 2 RepliesI want to protect and put a password to block any decompiling possibilities (for example using decompile software) of all C# codebehind files.
Is it possible to achieve this and still be able to run the website as normaly?
I am using Visual studio to precompile the files, but I guess it is still possible for someone to decompile them.
I've a blog-driven ASP.NET website. Under the post, there is a Comment block to let readers post comments.I've used some TextBoxes and TextArea for that.To Prevent XSS:I've filtered the input by using: Server.HtmlEncode() Method (I don't care about text formatting).To Prevent SQL-Injection:I'm using Linq To SQL (that should be like parametrized queries I think!).
ArticlesDataClasses dc = new ArticlesDataClasses();
ArticleComment newComm = new ArticleComment()
{
ArticleID = int.Parse(Request.QueryString["ArticleID"]),
CommentAuthor = Server.HtmlEncode(txtName.Text),
CommentText = Server.HtmlEncode(txtComment.InnerHtml).Replace("
", "<br />"),
CommentAuthorEmail = Server.HtmlEncode(txtMail.Text),
CommentTime = DateTime.Now,
Enabled = false
};
I have a page using an injected BLL service: a simple service returning a set of objects with a function like this:
public IMyService { List<Foo> All(); }
There is a default implementation for normal users.Now, i need that users in administrative role can view more objects, with another implementation of the service.Where can i configure my page to use the second implementation?
My first solution is to put the dependency to the IUnityContainer in the page, and use it to resolve the dependency:
[Dependency]
public IUnityContainer Container { get; set;}
Page_Init(..) [code].....
it's a ServiceLocator and it's neither scalable neither testable.
During the design of a new generic authentication framework for some of our products, I have come across an architectural issue I cannot seem to find a good solution for.I have tried to simplify the problem in order to easily explain it.
The library has two classes:
Manager Is responsible for storing currently authenticated users.Module It is the responsibility for the module to validate each request according to security policies. The Module must ask the manager to determine whether a user is currently authenticated.
Now the manager is supplied an implementation of an interface which allows the manager to load users from a repository. The specific implementation is not contained in this library. Because of this, I cannot directly instantiate an instance of the repository within the library.
I have no way of modifying properties or supplying arguments for the module constructor. So my question is this, how can I give the module a reference to an instance of the Manager?
namespace Demo
{
public interface IRepository
{[code].....
prevent my data from SQL injection. I have replaced ' with '' (single quote with 2 quote) while doing any operation on sql server. tell me what all i need to do , to prevent my application from SQL injection. my application is in asp.net 2.0 i will use parameterized queries but what about my old projects.. i mean what about where i have written a string query and sending it to sql server as a commandtext. can any one insert sql injection even i have replaced ' with ''?
View 3 Repliesi almost finished my website
but i am afraid of sql injection to my website
how i can protect my self against this injection ...?
Code:
Sub btnLogin_OnClick(Src As Object, E As EventArgs)
Dim myConnection As OleDbConnection
Dim myCommand As OleDbCommand
[code]....
I found this code for user authentication. How secure is this? Can this be bypassed? Can I protect a MySQL database with a password? Can people see a MySQL database's data if it's not protected?
I'm working on a website that streams audio files for the user from a directory on the server machine. How do I protect the audio files from users being able to navigate to the folder and just downloading them locally, but still provide them access to stream them? If I set permissions on the folder via IIS, is there a level that I can set so that the server can stream but not allow anonymous access?I'm sure there is a tutorial or other thread about this out there, it's just hard to search for this specific issue. Any help or a simple link to another thread/tutorial
View 3 RepliesI have a process where I ftp a textfile to a webserver and then process the file (load it into a database). The textfile is then deleted. How do I protect the textfile from being viewed/ accessed by a user while it exists? I'm using ASP.Net 2.0
View 3 RepliesUser downloads a document from a specified site, saves to the local disk and fills in confidential details. When other users logs on to this computer and if they try to access the file, the document should not be accessible. Also consider that the document can be saved to a common server too, in which case, no one else other than the person who downloaded and filled the document should be able to open the document.
some options to protect this document.
I have contact form and offten using this form my web site is under attck... someone install some code who try to connect using java scriptand all java scripts that I'm using in my web site are infected...
How to protect my contact form?
I have built an ASP.NET application that needs to be password protected. This application will be installed on multiple offline computers, and we need to make sure that when being installed it requires a password. But even if it requires a password, someone can easily copy the database and the published folder and duplicate the application on their system right?
I need a way to prevent this. It should only work on laptops that we have installed it on.
I've got SL application where i should implement file managment subsystem. I've got hierarchical structure of filesfolders(just description). Also each filefolder has its own permissions to usersgroups. I would like implement that one user who has permission to download file couldn't give it to another user, who hasn't this permission. So if user has download permission he get link [URL] and download it. But he could give this link to another person without permission.
View 2 RepliesI have written a namespace for a guestbook for my personal website. When I use a quote(") or single quote(') in a guestbook message the system(server) gives me a warning there is an error in my SQL syntax.
Incorrect syntax near 'are'. Unclosed quotation mark after the character string ')'.
I have tried to implement the answer of an older topic written by me in the namespace. But it gives me errors. [URL]
how to protect this namespace against SQL injections?
[Code]....