Click here to Skip to main content
15,889,909 members
Search within:


Security of ASP.NET web applications
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
ASP.NET
While providing security to web applications we are avoiding special characters inputs from GUI.
But any client want to allowed the special characters in some fields then how to handle special characters validations.
Posted
Add a Solution

2 solutions

I'm assuming you are talking about preventing SQL injection by stopping users typing their user name as

max;delete from customer;

for example?

But then a customer of yours comes along and wants to enter a lit of items separated by semi-colons?

Essentially you just need to make sure you aren't vulnerable to injection attacks regardless of the text entered.

Don't build your SQL strings by concatenation, for example.

Use stored procedures rather than direct SQL (a matter of preference)

Use parameterised queries

Utilise a database user that does not have access to tables directly (i.e. only through SP and Views)
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Security for asp.net application
security web application
asp.net web application security issue
Application logout when I made cookies secure
asp.net security in web intranet based application
How to secure appsetting.json angular web site
Sensitive cookies not marked as secure
How to provide Security to asp.net application
Provide security to a web application
How to fix "does not define sensitive application cookies with the "secure" flag" for ASP.NET core webapi

Advertise
Privacy
Cookies
Terms of Use
Last Updated 9 Apr 2013
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900