|
Here are the arguments you need.
1. You can see the source of any web page, no matter what you do on the browser. If you managed to lock down the browser, the data can still be seen using a packet sniffer like Wireshark.
2. Since the browser and the transmission media cannot be trusted, the incoming data has to checked at the first point where you can check it and be sure that no one can modify it further. That point is your web server. So, you have to make sure that all data conforms to expected ranges and that no *bad* characters make it through in the parameters that will be used in generating SQL statements.
3. If the incoming data is not sanitized, hackers can send in SQL fragments in such a manner that they can compromise your SQL server. This mechanism is called SQL injection.
So, if you really care about security, please use TLS/SSL to encrypt the channel (only needed if sensitive data is involved), validate user input at the server, and use javascript to enhance user experience.
Thomas
modified 29-Aug-18 21:01pm.
|
|
|
|
|
That sounds great, now the question is will they believe me the guy that has worked there for 9 years that believes and has convinced others that JavaScript is a good model for security.
Cleako
|
|
|
|
|
cleako wrote: The current belief is that if you check for enabled scripting and deny anyone without that turned on as well as to disable the "Mouse Right Click" and "CTRL-N" that you can prevent users from seeing the source of the page.
That's ridiculous.
Any check for having Javascript enabled has to be done using Javascript, and the only way that the server will know the result is from what the browser sends in the next request, so the server can easily be fooled that the client has Javascript enabled.
Also, here are just some of the ways that you can get around the checks:
:: Select the "View Source" option in the menu.
:: Press Ctrl+U to view source (in Firefox).
:: Enable Javascript but disable replacing of the context menu.
:: Open the file in the browser cache.
:: View the form data in Page info (in Firefox).
:: Use a DOM inspector plugin to view the code.
:: Use a program other than a browser to request the page.
:: Intercept the network traffic to get the source before the browser does.
---
single minded; short sighted; long gone;
|
|
|
|
|
Hi,
I'm having this error,
'Bsc_Test1.src.controls.cont' does not contain a definition for 'ChartTitle'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'gcolors'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'XAxisTitle'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'YAxisItems'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'YAxisValues'
There definition is not writen in the back end code but it's in HTML of cont and cont is in folder src/controls. Please help me solve this.
Thanks.
|
|
|
|
|
first of all tell me what is this...
describe ur problem to get right answers, and quick help...
Ravi Kant Srivastava
(System Analyst)
HandsOn Technology & Engineering
Gurgaon
(India)
e-mail:ravikant@hte.co.in
|
|
|
|
|
Please tell first What are you doing ? are you using User control in web application ?
|
|
|
|
|
The Problem is that there is a Graph that has a definition That is in a folder 'src' the folder has a subfolder controls in control is an ascx file where a graph is difined using the html. Now the project has an aspx file 'NewGraph' where the ascx file is supposed to be excecuted. the code goes like
public src.controls.cont dngchart;
On Page_Load()
// Set our axis values
dngchart.YAxisValues = iValue;
// Set our axis strings
dngchart.YAxisItems = sItems;
// the colors
dngchart.gcolors=mags;
// Provide a title
dngchart.ChartTitle = "Inventory Breakdown:";
// Provide a title for the X-Axis
dngchart.XAxisTitle = "(units display actual numbers)";
When I try to Copile I get this error:
'Bsc_Test1.src.controls.cont' does not contain a definition for 'ChartTitle'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'gcolors'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'XAxisTitle'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'YAxisItems'
'Bsc_Test1.src.controls.cont' does not contain a definition for 'YAxisValues'.
What could it be?
|
|
|
|
|
If user control has no problem then check that you have register the user control properly and the Id of the usercontrol should be same as in aspx and aspx.cs ........
are you using VS2005/C# 2.0 ? Check it
|
|
|
|
|
What is Bsc_Test1.src.controls.cont?
What do you mean by its in the HTML? Is it in a server script block or is it the ID of an HTML element (or an ASP.NET control)?
|
|
|
|
|
How can integrate one text box and its result of a live website , multiple times in another webpage ?
I needed to c all the results of differnt queries in same webpage. Is there any websites supporting this ?
Please revert back?
Jaison
Jaison Peter
|
|
|
|
|
I'm not sure what you mean ? You want to take a value from a textbox in a different site ?
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
|
|
|
|
|
I would assume he wanted to copy values between windows...
Brad
Australian
- Christian Graus on "Best books for VBscript"
A big thick one, so you can whack yourself on the head with it.
|
|
|
|
|
no
Suppose a webpage has a textbox and button and an area which shows results after calculating the value that we entered in the textbox after clicking the button.
This same thing.... i need multiple times ....in another webpage.
so that i can c the results of different queries in one single page... right ..
hope u understood .. if no revert back for clarifcation
|
|
|
|
|
Can you use a drawing to illustrate what you are trying to do?
Brad
Australian
- Christian Graus on "Best books for VBscript"
A big thick one, so you can whack yourself on the head with it.
|
|
|
|
|
OK
One webpage which shows results according to the data put inside the textbox.
There is nothing apart from that inside that website.
I want another website which shows same textbox and corresponding result (same thing multiple times)
So that i can able to get the result of different values inside the different textboxes by a single refresh of webpage
Now revert if diagrams needed !!
|
|
|
|
|
Please draw an image.
Brad
Australian
- Christian Graus on "Best books for VBscript"
A big thick one, so you can whack yourself on the head with it.
|
|
|
|
|
If i am not wrong, you are looking for following solution.
1- Create a page and use Webclient DownloadData method to extract the html from the required page.
2- Create a page with multiple frames or iframes and set the url of previously created page.
Regards
Prakash
|
|
|
|
|
I haven't compleatly understand this .. but some what this is right !!
Is there any meathod to do this .. without using code..
i mean some services by some sites ??
|
|
|
|
|
i ll draw .. wait for some minutes
|
|
|
|
|
Sounds like you want to build a control ( assuming a framework that allows this, such as ASP.NET ), and use it over and over in the other page.
Christian Graus - Microsoft MVP - C++
Metal Musings - Rex and my new metal blog
|
|
|
|
|
|
Hi everyone,
I know that Roman Kiss has written a very outstanding article regarding the above mentioned title....but it is a little bit to complicated for me. Does anyone know of a more simplified method of getting it working. I would like client to call a asp.net web service which in turn call a remote object....the object should then be passed back to the client's pac for processing...your help will be much appreciated.
|
|
|
|
|
Hi guys,
I need an image scroller for my site. I google around a bit and came across this one
This One
Its okay apart from a slight problem. I need to to scroll across a particular width and not the whole width of the page. I got around this by placing the scroller inside an iframe. However, I don't want this. i want it to be on main page. Is there any other scroller. I've searched and searched and still haven't found a solutions. Could someone help me out here?
|
|
|
|
|
How hard could one of those be to make? It just adjusts the styles of the image to move them to the left. You could proably program this very easily.
Brad
Australian
- Christian Graus on "Best books for VBscript"
A big thick one, so you can whack yourself on the head with it.
|
|
|
|
|
u can also use marquee tag to move around
<marquee width="75%">
Hello, World
< / marquee >
try this...
Ravi Kant Srivastava
(System Analyst)
HandsOn Technology & Engineering
Gurgaon
(India)
e-mail:ravikant@hte.co.in
|
|
|
|