Re: Security issues relating to submitting href links and text:
From: Eric Lawrence [MSFT] (e_lawrence_at_hotmail.com)
Date: 02/23/04
- Next message: Alessandro Rinaldi: "What's wrong in dimamic control with viewstate ?"
- Previous message: Craig Traxler: "best way to have global, application level objects"
- In reply to: Chipmunk: "Security issues relating to submitting href links and text:"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 23 Feb 2004 12:57:12 -0800
Please do not cross-post to so many newsgroups.
Regular expressions are your friends-- use them wisely. You'll want to
ensure that the data entered matches the formats you expect (easy for URLs,
harder for "descriptive text"). See http://www.devx.com/vb2themax/Tip/19510
for instance.
-- Thanks, Eric Lawrence Program Manager Assistance and Worldwide Services This posting is provided "AS IS" with no warranties, and confers no rights. "Chipmunk" <reply@newsgroup.com> wrote in message news:exaUD3Z#DHA.3808@TK2MSFTNGP09.phx.gbl... > I am currently developing a website (ASP.NET) which allows users to > submit a web form containing a href link in one field and descriptive text > in another field. The records will stored to varchar columns in a SQL Server > 2000 database and hosted by a 3rd party ISP. The list of links will then be > made available to other users. > What general security precautions should be taken when developing a > website of this nature? Specifically, I am concerned about the possibility > of malicious SQL or ASP script insertion and it's impact on the web or > database server. I am already using client and server side validation to > restrict the description field to alpha-numeric characters, period and > spaces. > >
- Next message: Alessandro Rinaldi: "What's wrong in dimamic control with viewstate ?"
- Previous message: Craig Traxler: "best way to have global, application level objects"
- In reply to: Chipmunk: "Security issues relating to submitting href links and text:"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
