freelanceprogrammers.org Forum Index » ASP
Security Implementation
Joined: 06 Jun 2005
Posts: 4
Security Implementation
Hi
Hope somebody in this group can educate us to see if
there is any better solution or implementation to this
situation.
Scenario
========
We have around 50-75 ASPx pages (.NET 1.1 framework),
and it`s a very simple WEB application. Each of these
pages does only data-in and data-out, so far nothing
complicated.
Requirement
===========
We want to implement XSite scripting, Malicious TAG
Check, SQL Injection validation in this site.
Solution We Proposed
====================
We opted to crate an XML file which stores list of all
the Malicious TEXTs (see example below). If user
inputs any of these texts (the ones within the <TAG>
node), we will STOP/Alert the user from submitting the
page.
Question
========
1. How do I implement the "validation check" in each
of these 50 pages in a fast way, so that I dont need
to change too much of code. Is it possible?
2. How do I ensure that if a new page gets created,
this feature gets implemented magically.
ThreatModel.XML
===============
<MaliciousTags>
<XSitetags>
<TAG>script<TAG>
<TAG>object<TAG>
</XSitetags>
<SQLTags>
<TAG>DROP<TAG>
<TAG>DBCC<TAG>
</SQLTags>
</MaliciousTags>
Thanks
PP
__________________________________
Do you Yahoo!?
Plan great trips with Yahoo! Travel: Now over 17,000 guides!
http://travel.yahoo.com/p-travelguide
Joined: 11 Jan 2006
Posts: 46
Security Implementation
One approach would be to create a new webpage base class. It would
inherit from System.Web.UI.Page. Call it SecurePage. You would
include all the necessary code in this base class. Then change your
existing pages to inherit from SecurePage instead of
System.Web.UI.Page. When you create a new page simply start off
inheriting from SecurePage. Any changes you make in the base class
would be used by all pages.
On 4/16/05, P P <aspemail@...> wrote:
>
> Hi
>
> Hope somebody in this group can educate us to see if
> there is any better solution or implementation to this
> situation.
>
> Scenario
> ========
> We have around 50-75 ASPx pages (.NET 1.1 framework),
> and it`s a very simple WEB application. Each of these
> pages does only data-in and data-out, so far nothing
> complicated.
>
> Requirement
> ===========
> We want to implement XSite scripting, Malicious TAG
> Check, SQL Injection validation in this site.
>
> Solution We Proposed
> ====================
> We opted to crate an XML file which stores list of all
> the Malicious TEXTs (see example below). If user
> inputs any of these texts (the ones within the <TAG>
> node), we will STOP/Alert the user from submitting the
> page.
>
> Question
> ========
> 1. How do I implement the "validation check" in each
> of these 50 pages in a fast way, so that I dont need
> to change too much of code. Is it possible?
>
> 2. How do I ensure that if a new page gets created,
> this feature gets implemented magically.
>
> ThreatModel.XML
> ===============
> <MaliciousTags>
> <XSitetags>
> <TAG>script<TAG>
> <TAG>object<TAG>
> </XSitetags>
> <SQLTags>
> <TAG>DROP<TAG>
> <TAG>DBCC<TAG>
> </SQLTags>
> </MaliciousTags>
>
> Thanks
> PP
>
>
> __________________________________
> Do you Yahoo!?
> Plan great trips with Yahoo! Travel: Now over 17,000 guides!
> http://travel.yahoo.com/p-travelguide
>
> Yahoo! Groups Links
>
>
>
>
>
--
Dean Fiala
Very Practical Software, Inc
http://www.vpsw.com
All times are GMT
Page 1 of 1
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Freelace Website Designer - Customer web design and software building.
China Wholesale - Electronics Products
Character Studio - Tutorials and Help
China Wholesale - Electronics Products
Character Studio - Tutorials and Help