Despite of URL Routing, once the name has been displayed in the address bar it comes a little handy for hackers to tryout different combinations so they can reach your datasource
Using parameteres in your server side code, to manage database always avoid injection attacks
So dont make up your query by concatenating query with controls values
Not quite sure that can be done in ASP.Net Dynamic Data
ManikandanUlagu
It seems that global.asx file sets the way in which URL routes are uesd for Dynamic Data to use proper templates ... so I don't know how can the routing be altered in order to be able to use aliases or something similar ...
Or simply hiding the URL to the end user interfase showing nothing more than a fixed url ficticious adddress
Hi Carlos, I have not done any public facing site with DD as yet but the same does apply for Corporate sites so wat I do is add my Secure Dynamic Data MetaModel and the tie the site down so users can only get to parts of the site that they have permission
to access. As for data I have filters that hide them selves and these pre filter the data so the user only see the data he or she is poermitted to see.
See my blog C# Bits | Twitter @sjnaughton Always seeking an elegant solution.
klca
Member
507 Points
413 Posts
Avoiding injection
Dec 18, 2012 06:13 PM|LINK
Hi,
Despite of URL Routing, once the name has been displayed in the address bar it comes a little handy for hackers to tryout different combinations so they can reach your datasource
Can that be prevented ?
Carlos N. Porras
(El Salvador)
usman400
Contributor
3503 Points
721 Posts
Re: Avoiding injection
Dec 19, 2012 03:25 AM|LINK
Using parameteres in your server side code, to manage database always avoid injection attacks
So dont make up your query by concatenating query with controls values
Just getting the name of a user does not really mean that any hacker has a way to pass through the
default DB authentication and the one you have implemented in your application
Dive here if you want to know more
http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html
ManikandanUl...
Participant
850 Points
253 Posts
Re: Avoiding injection
Dec 19, 2012 03:33 AM|LINK
Use Encrypt and Decrypt Logic for URL Routing.
Click "…Mark As Answer" if my reply helpful....
klca
Member
507 Points
413 Posts
Re: Avoiding injection
Dec 19, 2012 03:12 PM|LINK
Thank you usman400
I'll check your link ....
Carlos N. Porras
(El Salvador)
klca
Member
507 Points
413 Posts
Re: Avoiding injection
Dec 19, 2012 03:15 PM|LINK
Not quite sure that can be done in ASP.Net Dynamic Data ManikandanUlagu
It seems that global.asx file sets the way in which URL routes are uesd for Dynamic Data to use proper templates ... so I don't know how can the routing be altered in order to be able to use aliases or something similar ...
Or simply hiding the URL to the end user interfase showing nothing more than a fixed url ficticious adddress
Carlos N. Porras
(EL Salvador)
sjnaughton
All-Star
27330 Points
5459 Posts
MVP
Re: Avoiding injection
Dec 21, 2012 11:13 AM|LINK
Hi Carlos, I have not done any public facing site with DD as yet but the same does apply for Corporate sites so wat I do is add my Secure Dynamic Data MetaModel and the tie the site down so users can only get to parts of the site that they have permission to access. As for data I have filters that hide them selves and these pre filter the data so the user only see the data he or she is poermitted to see.
Always seeking an elegant solution.