Javascript - How To Secure Code
Mar 17, 2010
I've developing an ASP.NET application that interfaces with Google Maps and retrieves marker information from a database. The marker information is split into tables in the database, where the name of the table reflects a company (e.g. CompanyA_MarkerData, CompanyB_MarkerData etc). In order to periodically update the map with new marker data, I use setTimeout in JavaScript to regularly call my 'UpdateMarkers' JavaScript function. 'UpdateMarkers' makes a call to a web service which performs the database query and returns a list of markers back to the JavaScript, which in turn updates the map.
The main issue I have with this method is that my web service requires that I pass it the name of the company so that it knows which table in the database to access. As you can imagine , this poses a security risk as anyone can pass a different company name to the web service and be able to retrieve the data from other companies, as well as their own.
In order to avoid this problem, I am restructuring my program as follows: When the system administrator creates users for my application, they can also assign a company ID to this user. The company ID is stored using the Profile object in ASP.NET. I am moving the web service code into a class with shared functions so that they can be called only within my pages (but not by anyone, like with web services). The functions will still require a company name passed to be passed to them. However, rather than the JavaScript making direct calls to these shared functions, the JavaScript will call a set of page methods (which as I understand it, are not public like web services). These page methods will then use the Profile object to retrieve the company name attached to the user currently logged in and then make a call to my shared database functions and return the info back to the JavaScript.
I think that this second method is more secure than the first, because I don't allow the client to pass different options to my code and retrieve unauthorized data. The server side code works out the parameters that need to be sent. However, I am wondering if there is a better way of doing this that I am missing out?
View 1 Replies
Similar Messages:
Jan 18, 2011
In my web site i'm using Asp.net web service (using javascript) to update certain values to DB. I'm concered about the security threats. How can i secure ASP.net Ajax web service using javascript
View 6 Replies
Sep 22, 2010
If I deploy my ASP.NET project to a shared server web hosting, then is there a way to secure my source files so that the provider will not be able to access the source?. For example, the provider of my web hosting may download my files and then he will be able to get access to all my source.
View 9 Replies
Nov 16, 2010
I recently came aware of some knowledge I was not aware of before. One of my friends said that publishing a website with the code behind is a security risk. Instead, he insisted I only publish with the DLL's to prevent hackers from altering your code. Is this true? What are the advantages and disadvantages for doing this?
View 3 Replies
Jun 6, 2010
We use Captcha control in a registration form that we make full client validation for all fields in JavaScript ( JQuery ) beside server validation .. I tried a lot of ways but all will write the Captcha value in JavaScript that can be accessed by anyone :( I search if is there any way that allow me validate Captcha value in client side using JQuery in secure way or it can't be done ?
View 3 Replies
Apr 26, 2010
Code in DLL can only be obfuscated. IN my DLL how can I import a third party DLL into my DLL? Can I obfuscated the code but not the functions and sub header names?
View 3 Replies
Jul 20, 2010
I have a graphical user interface for my company product.I want to secure the data being sent back and forth between client and server.
Is SSL one of the options? some1 tell me the steps on how to implement it in my application code.
Do i need to buy the certificate or can i make it.. which is the best choice?
I am logging in using FormsAuthenticationTicket as follows:
Session["userName"] = UserName.Text;
Session["password"] = Password.Text;
Session["domain"] = Domain.Text; [code]....
View 3 Replies
Apr 24, 2010
I will have my asp.net site on a shared hoster. Whats the best way to prevent others hacking and viewing my code? The code I most want to secure is in usercontrols and some more code is in class modules. vb.net/MSVS2005/Ajax) Or do I secure the whole site? I also here some encypting code tools cant handle sophisticted code. Also does encryption slow down code and make the site harder to manage...
View 4 Replies
Jul 3, 2010
I am developing 2 Applications. One WebForms and the other is MVC. How can i secure the code such that when i deploy them to the clients production environment, they cannot be simply picked up, copied and repackaged by someone else?. I simply need a way to protect my intellectual property. Can this be done in Visual Studio 2010?
View 1 Replies
Jul 13, 2010
My web application will be launched through existing thick client applications. When launched, an HTTP POST request will be generated including information like the userID and additional context information (basically stuff like the target user's name, birthday, etc.).
My plan for authentication is for there to be a look-up table in the database. If the username is already there, automatically login the user, but if there is no entry in the database, redirect the user to an initial login page which will be used to create that database entry.
My question is how to secure this against MITM and other security holes. How can the request generated through the thick client be on an SSL connection? Doesn't an SSL connection have to be authenticated with the username (and password) first? And if so, will the additional context information be publicly exposed until the user is logged in?
View 1 Replies
Oct 25, 2010
I have a browser compatibilty problem with https? I have SSL installed and is in usage. Until today morning, my https part is working well. From then, Https is shown as https(with slashed in red color) saying the page has some insecure content. I have not changed any code and suddenly i see this problem in chrome. In IE 8, i see the same problem but on every page, it shows me a popup if i should allow to opne secure and non secure or just secure. Firefox has no issues . It shows correct https without any problem. I am fed up with it searching all over. Why is this happenening for me in Chrome and IE 8.
View 3 Replies
Oct 24, 2010
I have a custom mini login user control that I have embedded in the top of my website which shows on every page. These pages are non-secure HTTP://. I would like to avoid having to redirect the user to a HTTPS page to perform the login but I definitely don't want to send login credentials to the server in plain text.
I am trying find a method to send the user's login credentials encrypted via https from a non-secure (http) page.
I tried to set the postbackurl for the login button to itself but in https, but the user's input is not retained and the buttonLogin_click is not fired when I set the button postbackurl property. My ASP.net web application is VB.Net framework 4.0
I am assuming this can be done because I see lots of websites where login fields are on available on every page and they are running http and I can believe they are not encrypting the login credentials.
View 3 Replies
Aug 10, 2010
I have a GUI when i log in i create a cookie and it encrypt it. I am usin SSL.
I check in the Login.aspx page if the cookie is secure, which it is. but then before going to the default page it goes to the Global.ascx page.
Here in the Application_AuthenticateRequest it gets the cookie and decrypts it for the default page..
Now i know that it is getting the same cookie as all the other attributes match the one that was created in the Login.aspx page excet that the secure value is "False".
this is the case for all other pages after default. the value of the cookie.secure is false.
why is this happening as i want all the pages to be secure by SSL.
Also the pages are opening as https not http.
here is my web.config
[code]....
View 1 Replies
Jan 18, 2010
After logging to the mvc site using a secure connection (https), calling actions using https connection show up with the user logged in but calling actions using http it bahaves as if user didn't log on. Since I need to use a virtual directory for https connections(and can't use that directory for http connection) Https links start with: [URL]
View 1 Replies
Sep 17, 2010
I'm working on a legacy web application - frames and a mixture of html, asp and aspx. The entire site is https. For some strange reason when I hit a specific page I get the magic message that says the Page contains both secure and nonsecure items. (IE obviously doesn't want to tell me what those resources are) I have checked the page that's being loaded and there are absolutely no http://... links - everything is relative links.
I have fired up fiddler and checked what's being requested - everything looks fine. I am completely at wit's end here. I have absolutely no idea why I'm getting this message, but it's completely screwing with the site.
View 3 Replies
Apr 8, 2010
I'm trying to add some share this javascript in between the head tags of an asp.net page but only if the page is not secure (!Request.IsSecureConnection). How do I get the code in the head tags to check for secure connection and then write the javascript if not secure. I've tried using <% %> blocks and RegisterStartupScriptBlock and it's not working UPDATE: Was able to get it to work using this in the Page_Load
if(!Request.IsSecureConnection)
{
HtmlGenericControl Include = new HtmlGenericControl("script");
Include.Attributes.Add("type", "text/javascript");
Include.Attributes.Add("src", "http....");
this.Page.Header.Controls.Add(Include);
}
View 2 Replies
May 18, 2010
how do you call code behind button click event or a code behind method
from javascript.
View 8 Replies
May 25, 2010
I have an asp.net button, that when clicked calls a code behind function. The function does some evaluation, and then I want to call javascript from within this asp.net function.
View 2 Replies
Sep 20, 2010
we are working on one of our site which is having lots of javascript code.but while testing one of our tester has disabled javascript in browser.so in this scenario javascript code is not working properly. So can any one let me know is thr any work around to run javascript code while browser javascript is disabled.
View 1 Replies
Jul 27, 2010
This program in asp.net 2.0 is a Spanish/English Dictionary.
It consists of two textboxes,one button and a datalist. The datalist is bound to an acces database consisting of two columns; One Spanish and one English. When a user enters a Spanish word in textbox1 and clicks the button, the meaning of the word appears in textbox2. Now sometimes a user enters a word that is not in the database. I want, in this case, to have a javascript messagebox to popup saying “Either the word is not listed or misspelled”.
I tried several javascripts to popup in code behind but that did not work. I know that a clientside should be included but I am not able to do that.
The sub below is the one I am using to fetch the words and it is working perfect as long as I enter a word that is already in access database. The words in the rows in database are separated by hyphens so I am using a “Split” fuction which is also working perfectly.
[code]....
View 2 Replies
Nov 24, 2010
i have a popup that is getting displayed when Save button is clicked. The popup has 2 buttons. Yes and No. No should cancel the popupand yes should take you to function in the code-behind say, btnSave_Click(object sender, Eventargs e). How is it possible.
Below is the code where i am showin the popup.
[code]....
View 4 Replies
Mar 22, 2011
I have a website that shows images people have uploaded.
[URL]
I want to be able to show a popup window when i move the cursor over an image. It should show information about the user that i take from the database.
I have found a javascript that works, it fades a window in and out. But i cant call it from codebehind.
My default.aspx has this code:
Code:
[code]....
View 3 Replies
May 28, 2010
I am developing a web application in which the clients wants to send a pdf copy of aa Authenticated Page to users and as well as to the administrator..
As I google about this problem but didnt find any solution.
Because in all cases I have to pass the url of the secure page to the function...and in runtime when function make a webrequest to the page it will always generate the PDFof the login page.
So is there any way to generate the PDF of a secure page in C# ASP.Net
View 1 Replies
Jul 15, 2010
I wanted to disable a button after it is clicked and at the same time fire the post back event to generate a report. My first set of code did not work because soon after the button is disabled the page won't submit/post back. here's the first set of code which was not implemented. the onclientclick calls a javascript function which has these lines
document.getElementById('btnGenerateReport').disabled=true;
GetPostBackEventReference(btnGenerateReport,'');
since it was not posting back,i tried the following on page_load code behind
btnGenerateReport.Attributes.Add("onclick", "this.disabled=true;" + ClientScript.GetPostBackEventReference(btnGenerateReport, ""))
that worked well. but I tried to copy the javascript that got generated and pasted directly on design view
onclick="this.disabled=true;__doPostBack('btnDownloadClientsWithConviction','');"
its not working from client side alone after I disable the code behind attributes.add
but when I check the view source the 2 pages are the samewhy am I not able to move the code from code-behind to design view?
View 1 Replies
Jan 20, 2010
Execute javascript in code behind? can i call javascript like this
For i
As
Integer = 0
To 10
'call javascript code
Next
View 10 Replies