Hi. I just like to know what is the best way of making my application (very small, really to be used as a demo) more secure
Basically the application gets some day from a stream (could be text file with some scripting code) and then displays to to the user in IE or some other method
now, obviously if the user has javascript code, when the page is being loaded(html), it will obviously execute. we of course do not want this for alot of reasons.
So what I did was simply to replace all the html tags with something else to prevent the script to run when the page is being loaded. This works fine. However I am wondering if there is perhaps some other things I should be aware of Any other ways of users making a malicious attack
security options
Hot Topic
- Interview question in CLR
- Connection string for SQL Express
- Thread was being aborted - for long processes
- DownloadFileAsync Threading
- .NET Framework 2.0 Redistributable - When Will It Appear on Windows Update?
- How can I open a file on a remote machine?
- Sent EMail Good to a Domain That Cannot Be Looked up on DNS - How is that possible?
- Draw the text on image
- FileSystemWatcher changed event
- Get ValueMembers from a Databound Multiselect ListBox
.NET Development
- how to use the pre-compiled generated serialization assemblies to serialize/deserialize an array of my objects?
- .NET COM and Remoting
- TableAdapter insert/update/delete order
- Can I build a 64-Bit application with VS2003?
- Reading XML using XMLTextReader
- Use WMI to get the memory size of Remote Computer
- How to Run .NET Executable on a Network Drive?
- .NET Remoting v/s Web Services
- .Net and Account Domain Migration
- How to pass user credentials from a windows app to a web service?
security options
Jiri Lichtenberg
The page is really secure I believe after extensive testing - I've tried everything and its pretty solid I'd say!
I cannot say at this day on what I used about making some the html tags are converted to something else... I will however in a weeks time ;) AND it is using our great Microsoft technology.
as for the ASP.NET forum, unfortunatly I have had no luck there ever since I signed up. I have had no replies to about 2 threads I posted a few weeks ago so... kinda relying on this forum hehe
REspawn
S-cal
Hi!
Thanks for asking! I'm a member of the ASP.NET team, and was just popping over here to see what was going on. The best place to ask ASP.NET questions is over on the ASP.NET forums at
http://www.asp.net/welcome.aspx tabindex=1&tabid=39You're hitting the some of the right things, ensuring the html tags are converted to somethign that won't run, though I'm curious how you're doing that I could easily screw your code up by doing something like <scr<script>ipt>. You take out the first one, but leave the outter one to still work.
What about embedded applications such as flash that are in the page, how is that going to work
Pop on over to the ASP.NET forums and see what people say over there, it's one of the best places to start.
HTH,
PEte