473,698 Members | 2,234 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Classic asp security question

I would like to know if anyone has ever heard of a security solution
for preventing cross-site scripting attacks in classic asp. ASP.NET
1.1 provided a built in validateRequest feature that throws a security
exception whenever there is a < and character combination in the
request/forms collection. Does anyone know of a server solution that
you can install on IIS that will provide this same functionality? The
only solution I have come up with is to write a global include file
that handles searching the forms and querystring collection looking
for suspect characters. However, this would require updating many asp
files.

Feb 21 '07 #1
0 1338

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
9606
by: A Ratcliffe | last post by:
Hopefully just a couple of quick quick questions/responses, but its not something I've generally had trouble with in the past. Unfortunately, I need answers ASAP if anyone is available to help. a) Having seen .NET's IsPostBack which solves many problems, I looked at the ServerVariables etc to see what I could check to confirm PostBack in classic ASP. I initially considered using HTTP_REFERER to check it was coming from my form, and then...
99
6114
by: Jim Hubbard | last post by:
It seems that Microsoft not only does not need the classic Visual Basic developer army (the largest army of developers the world has ever seen), but now they don't need ANY Windows developer at a small or mid-sized business. http://groups-beta.google.com/group/microsoft.public.msdn.general/browse_thread/thread/9d7e8f9a00c1c7da/459ca99eb0e7c328?q=%22Proposed+MSDN+subscription+changes%22&rnum=1#459ca99eb0e7c328 Damn! To be that...
3
1912
by: Web Webon | last post by:
Hi everybody! I wonder if this is possible? I need to determine if a client is using "windows classic folders" or anything else. If I instantiate a Shell ActiveX object is there a way of obtaining this information from javascript? (I know that the user will get prompted about allowing such an operation, but I am willing to live with this). Because of the way one of my pages work, I need to know this information in order to "cover up"...
2
1607
by: Rob Shorney | last post by:
Hi, We currently have a classic asp web application. We are currently looking at upgrading this to ASP.NET. However I have a couple of problems that need to be resolved. 1. aspx forms always post back to themselves. how do I get it to post to another web page.
3
2145
by: bill | last post by:
I need to open a asp.net web form from a classic asp page, and pass a username and password to the asp.net page. The username and password exist as session variables in the classic asp application. I can't put the password in the classic asp page form as a hidden field and submit it, because someone can view source and see the password. This is a security problem I encounter in a mixed classic asp and asp.net environment. I don't...
5
2950
by: Velvet | last post by:
Can someone tell me to what process I need to attach to be able to step through my classic ASP code in VS.net 2003. I'm working on an XP box with IIS installed. I also have VS.net 2005 (The final, never installed beta) installed on this box if it makes a difference (I did not install VS Development Web Server as I'm already using the XP web server). I've seen that I need to attach to the native IIS engine, but I don't know what it's...
0
942
by: Atlbike | last post by:
I would like to know if anyone has ever heard of a security solution for preventing cross-site scripting attacks in classic asp. ASP.NET 1.1 provided a built in validateRequest feature that throws a security exception whenever there is a < and character combination in the request/forms collection. Does anyone know of a server solution that you can install on IIS that will provide this same functionality? The only solution I have come up...
7
2156
by: tanya.wang | last post by:
I have a system written in classic asp and a lot of Javascript. Due to its performance and security issue, we decided to re-write this big module. I heard that C/C++ has a better support in performance and security (relatively) but here comes my questions: 1. Can ASP talk to C/C++? Because from my experience I use C/C++ mainly for application console. 2. If I want to exclude most of the Javascript and use other programming language...
11
3327
by: Jan T. | last post by:
I wonder if anybody know a web site that has a good tutorial on this subject. What I want to do, is make a log in Page, and make sure that all my pages is validating that the user is loged in until he or she logs out. May be someone would like to give an example in this news group too? Thank you for any help! BTW, I am using Access 2000 and classic ASP.
0
8604
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
9157
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
9028
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
8895
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
7728
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
6518
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
4619
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
1
3046
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
2330
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.