Re: Avoiding security issue with URL?
From: Mary Chipman (mchip_at_online.microsoft.com)
Date: 10/14/04
- Next message: Mary Chipman: "Re: converting double to string"
- Previous message: Mary Chipman: "Re: Strange Ado.net problem"
- In reply to: Brett: "Avoiding security issue with URL?"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 14 Oct 2004 14:54:52 -0400
A good resources that discusses all aspects of asp.net security is the
best practices whitepaper, which you can download from
http://www.microsoft.com/downloads/release.asp?ReleaseID=44047.
--Mary
On Wed, 13 Oct 2004 15:07:01 -0700, "Brett"
<Brett@discussions.microsoft.com> wrote:
>I use one page as a template and include a header, footer, and allow the main
>content area to change, based on a varible I supply via the URL. The
>variable holds a reference to another page and pulls it into the main page.
>Going from the main page to pageB will look like:
>
>index.asp?p=page
>
>Sometimes I append other URL parameters. These may be values, such as a
>user ID, that goes into the database to set conditions on a stored procedure.
> This is a security risk. Some one could manipulate this value and access
>another user's information. What are some examples of good security for this
>situation?
>
>Thanks,
>Brett
- Next message: Mary Chipman: "Re: converting double to string"
- Previous message: Mary Chipman: "Re: Strange Ado.net problem"
- In reply to: Brett: "Avoiding security issue with URL?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
