Click here to Skip to main content
15,395,473 members
Home / Discussions / ASP.NET
   

ASP.NET

 
GeneralRe: Can shell32.dll be used in IIS environment? Pin
Member 35932620-Oct-21 23:54
MemberMember 35932620-Oct-21 23:54 
GeneralRe: Can shell32.dll be used in IIS environment? Pin
Richard Deeming21-Oct-21 1:09
mveRichard Deeming21-Oct-21 1:09 
GeneralRe: Can shell32.dll be used in IIS environment? Pin
Member 35932621-Oct-21 22:46
MemberMember 35932621-Oct-21 22:46 
Questionweb config asp.net project of sql server Pin
Member 1101590512-Sep-21 19:20
MemberMember 1101590512-Sep-21 19:20 
AnswerRe: web config asp.net project of sql server Pin
Richard MacCutchan12-Sep-21 22:08
mveRichard MacCutchan12-Sep-21 22:08 
AnswerRe: web config asp.net project of sql server Pin
Dave Kreskowiak13-Sep-21 1:18
mveDave Kreskowiak13-Sep-21 1:18 
QuestionGet a Field value for recovery a password Pin
Luis M. Rojas3-Sep-21 5:17
MemberLuis M. Rojas3-Sep-21 5:17 
AnswerRe: Get a Field value for recovery a password Pin
Richard Deeming3-Sep-21 5:34
mveRichard Deeming3-Sep-21 5:34 
Luis M. Rojas wrote:
C#
ExecuteRow("sp_sopv2_EnviarCorreoClave " + Username);
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.

Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]

Make sure you're not storing the password in your database in plain text or using a reversible encryption algorithm:
Secure Password Authentication Explained Simply[^]
Salted Password Hashing - Doing it Right[^]

Also, there is no need to store the username and password in the session, and doing so may represent a further security risk.
Troy Hunt: Everything you ever wanted to know about building a secure password reset feature[^]

Luis M. Rojas wrote:
HTML
<a href="login?expire=1" class="btn btn-ic btn-link pkg-photo">Olvide mi clave</a>
An <a> tag will perform a GET request to the specified URL. The only data that will be passed to that URL is what is in the href - namely expire=1. None of the other data entered into the form will be sent to the server.

If you want to send the form data to the server, then you need to submit the form:
HTML
<button type="submit" name="expire" value="1" class="btn btn-ic btn-link pkg-photo">Olvide mi clave</button>


But this all begs the question: why are you re-inventing the wheel? ASP.NET has several perfectly good authentication systems built-in - for example, ASP.NET Identity[^]



"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer

GeneralRe: Get a Field value for recovery a password Pin
Luis M. Rojas3-Sep-21 5:55
MemberLuis M. Rojas3-Sep-21 5:55 
GeneralRe: Get a Field value for recovery a password Pin
Richard Deeming3-Sep-21 6:10
mveRichard Deeming3-Sep-21 6:10 
QuestionWebService just will not work :-( Pin
Oliver Freeman1-Sep-21 5:48
MemberOliver Freeman1-Sep-21 5:48 
AnswerRe: WebService just will not work :-( Pin
Richard Deeming1-Sep-21 21:59
mveRichard Deeming1-Sep-21 21:59 
GeneralRe: WebService just will not work :-( Pin
Oliver Freeman2-Sep-21 1:59
MemberOliver Freeman2-Sep-21 1:59 
GeneralRe: WebService just will not work :-( Pin
DerekT-P21-Oct-21 7:37
professionalDerekT-P21-Oct-21 7:37 
QuestionIs it possible to add fore ground and back ground to any app that is down? Pin
samflex31-Aug-21 18:39
Membersamflex31-Aug-21 18:39 
AnswerRe: Is it possible to add fore ground and back ground to any app that is down? Pin
Richard Deeming31-Aug-21 22:01
mveRichard Deeming31-Aug-21 22:01 
GeneralRe: Is it possible to add fore ground and back ground to any app that is down? Pin
samflex1-Sep-21 5:50
Membersamflex1-Sep-21 5:50 
GeneralRe: Is it possible to add fore ground and back ground to any app that is down? Pin
Richard Deeming1-Sep-21 21:47
mveRichard Deeming1-Sep-21 21:47 
GeneralRe: Is it possible to add fore ground and back ground to any app that is down? Pin
samflex2-Sep-21 3:02
Membersamflex2-Sep-21 3:02 
Questionproject code in .net for online banking transaction Pin
Jk 0724-Aug-21 5:12
MemberJk 0724-Aug-21 5:12 
AnswerRe: project code in .net for online banking transaction Pin
Richard MacCutchan24-Aug-21 5:40
mveRichard MacCutchan24-Aug-21 5:40 
GeneralRe: project code in .net for online banking transaction Pin
Member 1534301831-Aug-21 22:04
MemberMember 1534301831-Aug-21 22:04 
QuestionI am having problem creating a script to monitor Rest/API services. Pin
samflex23-Aug-21 8:11
Membersamflex23-Aug-21 8:11 
AnswerRe: I am having problem creating a script to monitor Rest/API services. Pin
Richard Deeming23-Aug-21 21:15
mveRichard Deeming23-Aug-21 21:15 
GeneralRe: I am having problem creating a script to monitor Rest/API services. Pin
samflex24-Aug-21 5:08
Membersamflex24-Aug-21 5:08 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.