You searched for the word(s): userid:798122

More Search Options

RSS Available

• Re: How do you disable the Back Button?

  I typically add a session value that I can use to check if the user's been to this page already or not, so something like: //Page you don't want user coming back to protected void Page_Load(object sender, EventArgs e) { Response.Cache.SetCacheability(HttpCacheability.NoCache); Response.Cache.SetExpires(DateTime.Now); //watch for null values if( Session["VisitedPage"] != null && Convert.ToBoolean(Session["VisitedPage"])) Reponse.Redirect("~/somewhereelse.aspx"

  Posted to Data Presentation Controls (Forum) by jstrosch on 5/14/2009

• Re: How do you disable the Back Button?

  The best solution I've come up with is based out of this article: http://www.4guysfromrolla.com/webtech/111500-1.shtml

  Posted to Data Presentation Controls (Forum) by jstrosch on 5/13/2009

• Re: E-comm Hosting and Credit Card Info

  Two resources that I've used to help try and build secure e-commerce sites are: https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html (section 3 & 4) http://www.owasp.org/index.php/Handling_E-Commerce_Payments One thing i've heard of being a large risk in a shared hosting environemnt is that your security is tied to how well the other sites are built, it's possible that someone can compromise your db/web app. by breaking in through another site (since they're

  Posted to Commerce Extensions (Forum) by jstrosch on 4/7/2009

• Re: VS2008 and Ajax

  For your third question I find a lot of useful information here: http://weblogs.asp.net/scottgu/archive/2007/07/30/asp-net-ajax-in-net-3-5-and-vs-2008.aspx (his site provides a search feature).

  Posted to Visual Studio 2008 (Forum) by jstrosch on 3/17/2009

• Re: Microsoft.Security namespace does not appear

  Did you include the dll as a reference? I had to add a reference to the AntiXss dll in my bin folder. I found the AntiXssLibrary.dll in C:\Program Files\Microsoft Information Security\Microsoft Anti-Cross Site Scripting Library v3.0 Beta\Library with a default installation.

  Posted to Anti-Cross Site Scripting Library (Forum) by jstrosch on 3/3/2009

• Re: Recommend a provider for gateway/merchant processing?

  I have just completed migrating the company I currently work for to YourPay. YourPay is the gateway and First Data Merchant Services (FDMS) is the merchant account. YourPay has been a lot easier to work with (we were using EFSNet before) than our previous gateway. They also provide a nice object model for .net web applications, so it made integrating their service with our site very easy.

  Posted to Commerce Extensions (Forum) by jstrosch on 2/12/2009

• Re: Problem with AttributeEncoding href

  I'm going to give this a try. When you use the inline version of HtmlAttributeEncode it takes "javascript:alert('xss');" and turns it into: "javascript:alert('xss')&#59;" If you look at the response you'll see the ascii encoded version, if you look at the source of the html page you'll see "javascript:alert('xss');" in the href. It appears that the browser marks the ascii encoding back up to html

  Posted to Anti-Cross Site Scripting Library (Forum) by jstrosch on 2/11/2009

• Re: Using AntiXss?

  It would appear that the antixss library could break a lot of valid links by encoding it. Another possible solution would be to look for malicious code, such as 'javascript' and then sanitize it or block it, but that seems to be an undesirable solution as it is very difficult to write a comprehensive list of all the values you should block. Another possible solution might be to use a regex to match against only a certain set of charactesr you allow, such as: [a-z0-9&?\.]. The regex could

  Posted to Anti-Cross Site Scripting Library (Forum) by jstrosch on 1/30/2009

• Re: Using AntiXss?

  using AntiXss.javascriptencode might help. It takes something like: javascript:alert('xss') and converts into: 'javascript\x3aalert\x28\x27xss\x27\x29\x3b'. Looking at this list (by no means comprehensive) http://www.owasp.org/index.php/Script_in_IMG_tags that would prevent the cases listed there by eliminating the semicolon. I would just avoid allowing user input as the value for the image src property.

  Posted to Anti-Cross Site Scripting Library (Forum) by jstrosch on 1/30/2009

• Re: Using AntiXss?

  For case 1it depends on what you mean. If you want to make sure that the data coming from the datasource is properly encoded than I typically do something like: <asp:LinkButton CommandArgument='<%# SanitizeOutput(Convert.ToString(Eval("UserName"))) %>' runat="server" etc.... And in the code behind i would define SanitizeOutput as follows: public string SanitizeOutput (string output) { return Server.HtmlEncode(output); // or you could download the antixss library

  Posted to Anti-Cross Site Scripting Library (Forum) by jstrosch on 1/29/2009