When you can simply encode the data using HttpUtility.HtmlEncode, why should we use AntiXss.HtmlEncode? Why is white list approach better than black listing?Also, in the Anti XSS library, where do I specify the whitelist?
View 3 Replies
I want to include Microsoft AntiXss V1.5 library on my live site running in a medium trust setting.However, I got an error something like:Required permissions cannot be acquired.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Security.Policy.PolicyException: Required permissions cannot be acquired.I tried this in full trust setting on my development machine and everything works good.Looks like this will run only in full trust configuration.
According to old AntiXss article on MSDN AntiXss.UrlEncode is used to encode link href (Untrusted-input in the following example):[URL]My understanding was, that UrlEncode should be used only when setting something to URL, like when setting document.location with JS. So why don't I use HtmlAttributeEncode in the previous example to encode [Untrusted-input]? On the other hand is there a security flaw if I use UrlEncode to encode HTML attributes like in the above sample?
View 1 RepliesHas any one used Microsoft's Enterprise Library, if so what parts of it did you use? I am using building a website (I guess the client app type is not important, it can be a Windows app as well) with all the architectural layer, and I am specifically interested in the exception handling, logging and caching blocks for now. Any one used these, what were the good and bads of your experience with, any alternatives that you rather decided to use? Performance is a thing that I am also interested in. I am looking for a decent exception handling framework which is how I came across the exception handling block. Anything other out there? Is it a wise idea to use the data access block with an MVC application seeing that everybody is the repository pattern with an ORM framework? I am still researching frameworks, so I would like to hear as many opinions.
View 1 Repliesis the NuGet downloadable package Microsoft-Web-Helpers an official Microsoft library?
View 8 Repliess is really old news, but I just found out today. I was watching a channel 9 video on jquery and wcf (http://channel9.msdn.com/shows/Devs4Devs/WCF-and-jQuery-A-Perfect-Couple) and the narrator said at the MIX conference that the Microsoft Client Library is dead and that jQuery is getting all those efforts. So I use the client side library at work. So my question is does this affect the UpdatePanel and it's client side events? The UpdatePanel control looks to be integrated into ASP.NET. I would prefer to not use it anyways because of well known performance issues, but my boss prefers it's simplicity
View 1 RepliesI am using microsoft enterprise libarary to connect to mysql using mysql .net connector (latest version 6.2.3)
But i am facing a problem of too many connections and connection pool reached maximum limit issue.
As connection is disposed by enterprise library iteself so i dont close the connection anywhere.
So after two or three hours i found i have 100 mysql connections in sleep mode which are doing nothing and are not being reused from the code .
So i want to ask is there any issue with my code or is there any issue with mysql connector
I have QuestionTable.
ID Question Answer1 Answer2 Answer3 Answer4
But I want import from MS Word into table. I have question like this:
Question: @1.The capital of India.
Answer:$A) Dushanbe;$B) Moscow;$C) Delhi;$D) Kabul;
@2.The capital of Tajikistan.
$A) Dushanbe;$B) Moscow;$C) Delhi;$D) Kabul;
@3.The capital of Afganistan.
$A) Dushanbe;$B) Moscow;$C) Delhi;$D) Kabul;
Output result:
ID Question Answer1 Answer2 Answer3 Answer4
1 1.The capital of India. A) Dushanbe; B) Moscow; C) Delhi; D) Kabul;
With .net 4 there's a new <%: %> script enclosure that's like <%= %> but does an html encode. People are encouraging the use of this new syntax. My question is, does <%: %> protect against XSS better or as well as using the Microsoft Anti XSS library?
A Microsoft security person once told me to never just use HTML Encode as it doesn't protect very well and that I should always use the Anti XSS library (or another library). Is that still true with <%: %>? Or can I confidently use <%: %> knowing it's going to protect my app from XSS like people are saying?
I have saved all data that comes through Input boxes using AntiXss.HtmlEncode(the text from in put box); Now all texts in my databse are HtmlEncoded So now i want to show them in text boxesSo iave to decode that ?
How can i decode a text that is encoded using AntiXss
I am looking at the twitter api page http://apiwiki.twitter.com/ and I noticed that they have already built libraries that are wrappers against the twitter api. So I am thinking this is the best way to go but I am unsure which C# library I should use.
What I am trying to do is make some simple service or cmd line application that will help me automate retweeting.
So I am looking for a library that will allow me to get posts from other twitter accounts and then retweet them from another account.
I am not sure if the library can do this or not. Otherwise I was thinking of getting the RSS feed from the twiter account I want to get the twitters from parse out the new ones and use a library to retweet them on my own account.
I have not used twitter much so I am hopping someone can shed some light on this.
We have developed apllication in Microsoft VS 2008 and when we opening this same application with Microsoft VS 2010. Then it's asking to convert.
So can anybody tell me what it is converting exactly. Means it's open application in Microsoft VS 2010 and running properly also. But i am understanding whats happning while converting.
I am facing the problem to acess the Data Base. some time ago i am easily acess the data base by typing the server name(like 127.80.1.7) and type the user id and password from web.config file but now i am find the error.like Login failed for user 'NSAdmin' (Microsoft Sql Server, Error:18456).
View 3 RepliesMy server administrator does not allow me to install Microsoft Office in the server.
I have developed a website which converts XML files to Excel and it is using Microsoft.Office.Interop.Excel.
Is there any way I can run this application without installing Microsoft Office in the server?
Can I install Microsoft Visual Studio 2010 Service Pack 1 in Microsoft Visual Web Developer 2010 Express?
View 1 RepliesI was just curious has anyone set up two projects a asp.net mvc membership project and a silverlight wcf ria project in a silverlight library?? I really do not see alot of examples over the internet and I would appreciate any advice I also saw you set basic authentication to none. I know silverlight uses classic mode in iis
View 1 RepliesSeems like Microsoft updated the Anti XSS library today:http://www.microsoft.com/downloads/en/details.aspx?FamilyID=f4cd231b-7e06-445b-bec7-343e5884e651 In addition there is a new release of the Web Protection Libraryhttp://wpl.codeplex.com/ Are these two downloads the same thing? What XSS library should I be using?
View 2 RepliesI was told that there's an encryption library I can use and there's a couple that I can choose from (eg. AES, RSA, etc). I also read something about keys. Are keys something you just generate so you can encrypt and decrypt a series of texts? Do you have to purchase that key? Also, is there a best practice that I need to be aware of in encrypting and decrypting? Is encrypting a password recommended? Would performance be affected?
View 3 Repliesis there a way of referencing a .NET 4.0 in a .NET 2.0 app? Whenever I try to compile and build I get an error saying:
Could not load file or assembly 'blahblahblah' or one of its dependencies. This assembly is built by a runtime newer than the currently loaded runtime and cannot be loaded.
Ive tried adding the Library as a project AND as a .DLL but still no luck. Unfortunately converting the .NET 2.0 to .NET 4.0 is not optional...
I have a C# library that gets built and gets placed into my website's bin folder. In my C# library I have a .ascx file and I'm trying to put another .ascx control in there. But I get this error:
Could not resolve type for tag "fb:FormBuilder". Make sure the proper namespace is registered.
This is in the top of my user control that I want to add to others:
<%@ Control Language="C#" Inherits="System.Web.UI.UserControl, ITextControl" %>
In my parent control, I have this:
<%@ Control Language="C#" %>
<%@ Register TagPrefix="fb" TagName="FormBuilder" Src="~/Resources/ControlTemplates/Backend/FormBuilder.ascx" %>
....
<fb:FormBuilder runat="server" id="FormCode"></fb:FormBuilder>
All my files are set as the Build Option as being "Embedded Resource" (.NET 3.5).
I have a web Application and have created a seperate class library project.I am trying to use the Class Library by referencing it in the Web Application. I am doing this by right clicking the web application and clicking 'Add Reference...'. I then browse to my Class library and click ok. This gets added to a Bin folder in my web application.The problem is I can't actually get any of the objects that are in the Clas Library. I have tried adding a using statement to the top of the page. It tells me that the object could not be found (are you missing a using directive or an assembly reference?)Can anyone tell me what I'm doing wrong?
View 3 RepliesI installed ASP MVC 3, but when I go to tools I can't see the Library Package Manager, it was supposed to install along ASP MVC 3, how come I cannot see it?
View 2 RepliesI have a .dat file which I was given to use for a test application. I would like to distribute this file with my library. How can I do this without needing to tell them copy this here to this folder etc.
View 3 RepliesI am using Enterprise library for my data access. when I am running the application, at the CreateDatabase() statement I am getting this exception:
Microsoft.Practices.ObjectBuilder2.BuildFailedException was unhandled by user code Message="The current build operation (build key Build Key[Microsoft.Practices.EnterpriseLibrary.Data.Database, null]) failed: The value can not be null or an empty string. (Strategy type Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.ConfiguredObjectStrategy,index 2)" Source="Microsoft.Practices.ObjectBuilder2"
Now, I googled a bit and I found that I have to place
<dataConfiguration defaultDatabase="LocalSqlServer"/>
but I don't know where. Is it the right solution? Also, at the time of installing enterprise library I didn't see any connection string statement? So, I wonder how it will take the connection string from web.config file. In the connection string section of my web.config file I have:
<remove name="LocalSqlServer"/>
<add name="LocalSqlServer" connectionString="Data Source=MSTR;Initial Catalog=USERDb;Integrated Security=true;" providerName="System.Data.SqlClient"/>
I wanted to get any feedback (put out a feeler) for how the enterprise library plays with linq-to-sql generated classes. I was considering using the validation handler to provide validation logic/display to the UI level. I am considering the caching handler, validation, and authorization handlers primarily.
View 1 Replies
