Reg Security Measures While Developing A Website?
Feb 10, 2011I am developing a website in asp.net and i want to know that what all security measures are we suppose to take when it comes to develop a website
View 3 RepliesI am developing a website in asp.net and i want to know that what all security measures are we suppose to take when it comes to develop a website
View 3 RepliesI am currently working on an ASP.NET 3.5 and C# web application which deals with users private information like SSN numbers. What are some of the security measures which I need to take from an application development stand point to feel safe?
View 4 RepliesI am developing a web-site where user can purchase items and pay through PAYPAL.
Its working fine on test and all the payment processing is working well. But aI want to update my database after succesful payment and for that I have created one THANKS.ASPX page where I fetch the response and if it is verified that update the database and also it working fine.
After redirect to paypal and successful patment I received page from Paypal site for successful payment where transaction ID and other information are displayed.
There is a link in paypal page called "Return to Merchant Test Score" and when user click on the link it redirects to my Thanks.aspx where I fetch the response and if verified the update the database.
But my problem is that If after successful paymet user not click the "Return to Merchat Test Score" and directly close the browser then it not update my database.
Iam going to develop the Multilingual website using c# asp.net 3.5 i want to know what things are important to know or from where i can get start any resource or links or help is apperiacted.
View 15 Repliesi want to use localhost for developing website facebook application using the graph api.
i working in asp.net c#
in the previous api of facebook i was abe to write the
http://localhost:4300/ in the connect url at the application settings.
now it dosent work.it keeps telling me
An error occurred with application name. Please try again later.
** if i upload the website, and use the website coonect url, it is working.
I would like to develope multilanguage website (English,Deutch) using ASP.Net MVC. Using MVC the URL should have the format (Controller / Action / Identifier) .Now How could I include Language part in URL. Suppose I want addresses like (/EN/Pages/View/xxx).
View 5 RepliesNow I am developing a shopping cart website in english. Is there any way to convert this to Arabic and Chinese languages with one link click
View 4 RepliesI am developing a website for mobile devices and i found the problem in objectlist pagination.here is my code:
[Code]....
To speed up my login when developing , I would like to set the text for the password textbox so all I have to do is click the login button at runtime.Also is there a debug/release flag or something like that , that can be used to run code for development only?
View 3 Repliesactually i was developing 3 tier login page application as following :
DAL which containes UsersDS.xsd
in UsersDS.xsd i created one select statement as (SELECT UserID, Name, Password
FROM Users
WHERE (Name = @Name)
in BLL class in have following :
UserBL.cs
[Code]....
Then i created login.aspx (User Interface )
[Code]....
But this did not work , it is just like it's not connecting to DB ..
Basic measures when building forms that interact with the sql database. What are the security measures (check insert strings, sql injection etc), and Do people use special controllers in order to format their data? I am using GridView and realizing its tables, which I dont like. If so are there any suggestions for data formatting controllers?
View 3 RepliesI allow user to select metric or standard scale (KM/Miles) when setting up a profile. They can lookat a list of all users entries, which should be displayed as Std or Metric based on their selection.
View 4 RepliesI am developing a website that display products and the users will be able to rate these products. At the end of the month a winner product will be highlighted on the website home page. What I need to know is how to determine the winner product if I have the following rating scenario, The user will rate for the product by choosing a value from 1 to 5 where 1 mean bad and 5 excellent.
If 10 users voted for the product A and the average rating was 4 and 1 user voted for product B and the average rating were 5 that mean product B will be the winner. I feel this is not the correct method to determine the winner. one has better method that take in consideration the number of voted users to determine the winner?
how can i start ? from where ? everything...and if possible then send me some projects with database.
View 3 RepliesI want to provide different security aspects to the admin and customer to a single website with a different home pages..
View 3 RepliesI am using database with a list of username/passwords, and a simple web form that allows for users to enter their username/password.
When they submit the page, I simply do a stored procedure check to authenticate. If they are authorised, then their user details (e.g. username, dob, address, company address, other important info) are stored in a custom User object and then in a session. This custom User object that I created is used throughout the web application, and also in a sub-site (session sharing).
My question/problems are:Is my method of authentication the correct way to do things? I find users complaining that their session have expired although they "were not idle", possibly due the app pool recycling? They type large amounts of text and find that their session had expired and thus lose all the text typed in. I am uncertain whether the session does really reset sporadically but will Forms Authentication using cookies/cookiless resolve the issue?
Alternatively should I build and store the User Object in a session, cookie or something else instead in order to be more "correct" and avoid cases like in point #2.If I go down the Forms Authentication route, I believe I cannot store my custom User object in a Forms Authentication cookie so does it mean I would store the UserID and then recreate the user object on every page? Would this not be a huge increase on the server load?
i almost finished my website
but i am afraid of sql injection to my website
how i can protect my self against this injection ...?
I'm using a FileUpload control in a website which should only be able to upload images. To that end, I'm checking its MIME type before accepting the upload.
Whether the FileUpload.PostedFile.ContentType property comes from the file itself or the request? The latter is insecure, since the request can be spoofed. If that's the case, any good way to validate a file securely?
I want to get the certificate information of a website. I means that i've a textbox on a page. When i enter a url in that textbox and press the button. The certificate information of that website should be returned.
Say, i've entered the [URL], Then it should return the Certificate authority, Validation period etc.
We have an ASP.NET 2.0 site in which we use ASP.NET login / authentication controls.
Our users currently timeout after approx 20 minutes, forcing them to log back in, and this appears to be causing downstream errors in our application.
I have tried increasing the SessionTimeout value to 120 mins (<sessionState timeout="120" />) in the site's web.config file, and the "<membership userIsOnlineTimeWindow="5000" >" value in the web.config is set to 5000 minutes.
These are the only values / settings I can think of to affect this behaviour.
I am trying to use ProfileCommon inside a DLL. this DLL is being called by ASP.NET web application.
I am getting this:
Error 15 The type or namespace name 'ProfileCommon' could not be found (are you missing a using directive or an assembly
What I want to do is like the web browser. When you visit a https web site, the browser will download and install the X.509 Certification automatically.
I have a application which will be installed in PC, and the application will post to a https website. So if the certification is expired, the App should download a new one.
So, how can I get the certification? A stream is always good, I can make it to certification.
I have a (internet) web site with the below web.config (everything works fine). How would I alter this to include an applicationName attribute. I wish to eventually have multiple web sites using the same ASPNETDB database.
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<connectionStrings>
<clear/>
<add name="LocalSQLServer" connectionString="Server=myserver.com; Database=MyDB; Uid=MyUser; Pwd=MyPassword; Trusted_Connection=False;" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<customErrors mode="Off" defaultRedirect="~/Error.aspx"/>
<roleManager enabled="true"/>
<authentication mode="Forms"/>
<compilation debug="false"/>
<pages theme="Standard"/>
</system.web>
</configuration>
i have taken the editor from ajaxcontroltoolkit, now how to get the text . as we get the text from textbox as textbox1.text.
View 7 RepliesI wrote a code using VB.Net that passes the login information to website in order to do the login process automatically.
The code worked with some site and didn't with others specially this site [URL]
I analyzed the login <Form> of the site in the login page [URL] and it looks like this:
<form name="frm_Login" method="post" action="login.cfm">
<input type="hidden" name="Go" value="Reg">
<b style="font-family:Verdana;font-weight:bold;color:#3975B0">Digital Library+</b>
<label id="lbluname" for="username" style="width:150px">Username</label>
[Code].....
So, when i don't use Response.Redirect, the login succeeded, but all the links in the Response data refers to my development server, for example if i click on "support" link, it'll redirect the page to ("http://localhost:3506/support.cfm")!! which will rais of cource "The resource cannot be found" error
And when i use Response.Redirect, i'll loose the session, mean it'll not keep my login for the site.