473,378 Members | 1,507 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > security issues relating to submitting href links and text:

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Security issues relating to submitting href links and text:

I am currently developing a website (ASP.NET) which allows users to
submit a web form containing a href link in one field and descriptive text
in another field. The records will stored to varchar columns in a SQL Server
2000 database and hosted by a 3rd party ISP. The list of links will then be
made available to other users.
What general security precautions should be taken when developing a
website of this nature? Specifically, I am concerned about the possibility
of malicious SQL or ASP script insertion and it's impact on the web or
database server. I am already using client and server side validation to
restrict the description field to alpha-numeric characters, period and
spaces.
Nov 18 '05 #1
2 920
Cross-site scripting vulnerabilities for starters...

Think about exploits that come out for Internet Explorer that rely on
carefully crafted malicious URLs. Someone could submit one of those into
your system. Alternatively, they might submit a link that grabs cookies for
your domain, and redirects them to a site of the user's choosing. Etc

Check out the OWASP website (www.owasp.org) for more information on securing
web applications.
Microsoft also as a book you can download from MSDN on building secure
ASP.Net applications. Get that as well.

Cheers
Ken

"Chipmunk" <re***@newsgroup.com> wrote in message
news:ex****************@TK2MSFTNGP09.phx.gbl...
: I am currently developing a website (ASP.NET) which allows users to
: submit a web form containing a href link in one field and descriptive text
: in another field. The records will stored to varchar columns in a SQL
Server
: 2000 database and hosted by a 3rd party ISP. The list of links will then
be
: made available to other users.
: What general security precautions should be taken when developing a
: website of this nature? Specifically, I am concerned about the possibility
: of malicious SQL or ASP script insertion and it's impact on the web or
: database server. I am already using client and server side validation to
: restrict the description field to alpha-numeric characters, period and
: spaces.
:
:
Nov 18 '05 #2
Please do not cross-post to so many newsgroups.

Regular expressions are your friends-- use them wisely. You'll want to
ensure that the data entered matches the formats you expect (easy for URLs,
harder for "descriptive text"). See http://www.devx.com/vb2themax/Tip/19510
for instance.

--
Thanks,

Eric Lawrence
Program Manager
Assistance and Worldwide Services

This posting is provided "AS IS" with no warranties, and confers no rights.

"Chipmunk" <re***@newsgroup.com> wrote in message
news:ex**************@TK2MSFTNGP09.phx.gbl...
I am currently developing a website (ASP.NET) which allows users to
submit a web form containing a href link in one field and descriptive text
in another field. The records will stored to varchar columns in a SQL Server 2000 database and hosted by a 3rd party ISP. The list of links will then be made available to other users.
What general security precautions should be taken when developing a
website of this nature? Specifically, I am concerned about the possibility
of malicious SQL or ASP script insertion and it's impact on the web or
database server. I am already using client and server side validation to
restrict the description field to alpha-numeric characters, period and
spaces.

Nov 18 '05 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
Does this php script cause a security hole?
by: jasonbrown1999 | last post by:
Someone told me the following script could be used to run harmful commands on the server, by passing commands into the script. What the script does is encode an affiliate URL, create two frames,...
PHP
1
form is double-submitting when opening a new window
by: Display Name | last post by:
the customer I'm developing a site for uses a canned form-parsing page that allows her to have an email subscription opt-in page add emails to a list she can manage using a link that you point your...
Javascript
2
Strange behaviour in Internet Explorer with document.links[i].href
by: Heiko Pliefke | last post by:
Hi NG! I have to change dynamically all hyperlinks, when the html-page is loaded at the client. This works fine, except in the following scenario: When the innerText of an anchor contains an...
Javascript
2
Security issues relating to submitting href links and text:
by: Chipmunk | last post by:
I am currently developing a website (ASP.NET) which allows users to submit a web form containing a href link in one field and descriptive text in another field. The records will stored to varchar...
.NET Framework
7
Low security web browser?
by: Neil | last post by:
I found some code on a web site regarding accessing the html dom using javascript, where the html resides in a frame. So I wrote a html document with a frame which points to a real website, and...
Javascript
31
Does <A HREF hyperlink require "http://..."?
by: Yeah | last post by:
Is it absolutely necessary to include "http://" in an A HREF hyperlink? Would it be wise to remove this from one's Links page, just to save code?
HTML / CSS
7
Synchronization issues
by: Robert | last post by:
Hi, I have noticed some synchronization issues when using javascript. I'll give you an example. It is easy to reproduce the problem if you can cause some delay in the webserver before sending...
Javascript
1
Submitting to a php form handler with only a simple hyperlink
by: macklin01 | last post by:
Hi, everybody. I'm trying to do some last cleaning up on the following php page I wrote: http://www.math.uci.edu/~pmacklin/Publications.php This URL parses an XML file of publications: ...
PHP
5
Submitting forms by clicking on text-based tabs as opposed to SUBMIT button
by: Alex | last post by:
Hello, I hope I can explain this properly. I'm writing an application with a tabbed-based navigation, and a form which gets filled out by users will be split into 5 subtabs. What I need is...
Javascript
2
Submitting form to mysql
by: mike2098 | last post by:
Hi I have a form with drop down boxes, tinymce and an ajax file up-loader I want to be able to submit the form and store all the data on a mysql db the trouble I have is I do not know how to...
PHP
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
Wordpress or something else?
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
Content Management Systems
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!