I have an input field, which will ultimately be stored in a database
and the contents of which will be output on screen at some stage.
ASP.NET has built-in functionality to prevent users inputing values
such as "<script>", etc, to call malicious code, but I'd prefer to back
this up with my own input validation.
I'll deny < and > characters on input.. any other
strings/characters to look for?
Thanks!
--
"I hear ma train a comin'
.... hear freedom comin" 1 1866
What about using parameters?
Would that lessen the risk?
"Cowboy (Gregory A. Beamer) - MVP" <No************ @comcast.netNoS pamM> wrote
in message news:5B******** *************** ***********@mic rosoft.com... I would read this article for a good idea of what hackers might try to do
to your database.
http://msdn.microsoft.com/msdnmag/is...n/default.aspx
For validation, each data type has different needs, so I do not have a
list of best practices for every situation.
---
Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA
*************** ************ Think Outside the Box! *************** ************
"Stimp" wrote:
I have an input field, which will ultimately be stored in a database and the contents of which will be output on screen at some stage.
ASP.NET has built-in functionality to prevent users inputing values such as "<script>", etc, to call malicious code, but I'd prefer to back this up with my own input validation.
I'll deny < and > characters on input.. any other strings/characters to look for?
Thanks! --
"I hear ma train a comin' .... hear freedom comin" This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: shortbackandsides.no |
last post by:
I've been having trouble preventing users pressing Enter part way down
a form so the incomplete form gets submitted.
I came up with a possible solution - the code below seems to work in
both mozilla and MSIE - is this a good way to solve the problem? Is
there a better alternative? Have I done anything stupid?
My aim was to disable the normal submit process then use javascript to
submit which appears to bypass that and work...
|
by: Eli |
last post by:
Hi,
I'm using an IFRAME which in there I can load any site. But there are
some sites that check if they're in a frame and reload the whole
window. This disrupt my whole page.
Some questions:
1. Isn't this illegal to change the top location of the window? It
seems like a security hole (XSS hack).
|
by: bregent |
last post by:
I've seen plenty of articles and utilities for preventing form injections for
ASP.NET, but not too much for classic ASP. Are there any good input validation
scripts that you use to avoid form injection attacks? I'm looking for good
routines I can reuse on all of my form processing pages. Thanks.
|
by: Oleg Konovalov |
last post by:
Hi,
I have a web application which is (among other things) doing large SQL
Insert's,
so sometimes it takes a while, user becomes impatient and clicks again (or
just does double-click),
so the same data is getting inserted again.
I was thinking of some simple solution in Javascript.
|
by: joexoxox |
last post by:
Here is the deal , I'm writing a function that makes the user guess for a number already set by me , the user will enter a single digit number , and if it exists , it's printed in its right position on the screen, like hangman but for numbers :P
I am reading the input of the user using scanf and i dont want to use gets, so plz let ur answers differ from that ....
Im just checking if the user_number is between 0 and 9 to make sure that it's a...
| |
by: Acerola |
last post by:
I did a quiz, where at the end, the user certifies. It was brought to my
attention that after certification, the user could just hit the back
button and submit another certification (for example, maybe a co-worker)
without going through the quiz.
There is no login involved. Is there a way, or, what is the best way to
prevent the user from going back?
I've tried:
|
by: Ned White |
last post by:
Hi All,
Im my c# web project, users click a submit button for credit card payment
process.
On the web server side ( on ButtonClick_Event) the user's input(name,date,cc
number etc.) is processed and some transactional database processes are
taken based on the inputs.
My problem is, users may think that the button click did not work, so they
can click it again and again or they can refresh the all page by pressing
|
by: morebeer |
last post by:
I got the same problem, hundreds of SQL tables been infected with this
malicious javascript code. But although closing the original injection
leak and also having replaced all strings in all tables, my tables
being infected again and again. I already checked all stored
procedures but couldn't find anything suspicious. Any help how to get
rid of this f* malware is highly appreciated!!!
|
by: RJ_32 |
last post by:
looking here:
http://www.devarticles.com/c/a/PHP/Getting-Intimate-With-PHPs-Mail-Function/2/
it says that I have to be careful about what I send to the sendmail process
via popen(). Does that also apply to the Subject: line?
(I'm opening a process rather than simply using mail() so that I can set the
return-path header with sendmail's -f switch and catch bounces.)
My From: and To: are hardcoded and *not* taken from any webform...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |