Security issues relating to submitting href links and text:

Discussion in 'ASP .Net' started by Chipmunk, Feb 22, 2004.

  1. Chipmunk

    Chipmunk Guest

    I am currently developing a website (ASP.NET) which allows users to
    submit a web form containing a href link in one field and descriptive text
    in another field. The records will stored to varchar columns in a SQL Server
    2000 database and hosted by a 3rd party ISP. The list of links will then be
    made available to other users.
    What general security precautions should be taken when developing a
    website of this nature? Specifically, I am concerned about the possibility
    of malicious SQL or ASP script insertion and it's impact on the web or
    database server. I am already using client and server side validation to
    restrict the description field to alpha-numeric characters, period and
    spaces.
    Chipmunk, Feb 22, 2004
    #1
    1. Advertising

  2. Chipmunk

    Ken Schaefer Guest

    Cross-site scripting vulnerabilities for starters...

    Think about exploits that come out for Internet Explorer that rely on
    carefully crafted malicious URLs. Someone could submit one of those into
    your system. Alternatively, they might submit a link that grabs cookies for
    your domain, and redirects them to a site of the user's choosing. Etc

    Check out the OWASP website (www.owasp.org) for more information on securing
    web applications.
    Microsoft also as a book you can download from MSDN on building secure
    ASP.Net applications. Get that as well.

    Cheers
    Ken

    "Chipmunk" <> wrote in message
    news:exaUD3Z%...
    : I am currently developing a website (ASP.NET) which allows users to
    : submit a web form containing a href link in one field and descriptive text
    : in another field. The records will stored to varchar columns in a SQL
    Server
    : 2000 database and hosted by a 3rd party ISP. The list of links will then
    be
    : made available to other users.
    : What general security precautions should be taken when developing a
    : website of this nature? Specifically, I am concerned about the possibility
    : of malicious SQL or ASP script insertion and it's impact on the web or
    : database server. I am already using client and server side validation to
    : restrict the description field to alpha-numeric characters, period and
    : spaces.
    :
    :
    Ken Schaefer, Feb 23, 2004
    #2
    1. Advertising

  3. Please do not cross-post to so many newsgroups.

    Regular expressions are your friends-- use them wisely. You'll want to
    ensure that the data entered matches the formats you expect (easy for URLs,
    harder for "descriptive text"). See http://www.devx.com/vb2themax/Tip/19510
    for instance.

    --
    Thanks,

    Eric Lawrence
    Program Manager
    Assistance and Worldwide Services

    This posting is provided "AS IS" with no warranties, and confers no rights.





    "Chipmunk" <> wrote in message
    news:exaUD3Z#...
    > I am currently developing a website (ASP.NET) which allows users to
    > submit a web form containing a href link in one field and descriptive text
    > in another field. The records will stored to varchar columns in a SQL

    Server
    > 2000 database and hosted by a 3rd party ISP. The list of links will then

    be
    > made available to other users.
    > What general security precautions should be taken when developing a
    > website of this nature? Specifically, I am concerned about the possibility
    > of malicious SQL or ASP script insertion and it's impact on the web or
    > database server. I am already using client and server side validation to
    > restrict the description field to alpha-numeric characters, period and
    > spaces.
    >
    >
    Eric Lawrence [MSFT], Feb 23, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Unknownmat
    Replies:
    9
    Views:
    496
    James Kanze
    Jul 15, 2008
  2. Chipmunk
    Replies:
    2
    Views:
    103
    Eric Lawrence [MSFT]
    Feb 23, 2004
  3. Al Cadalzo

    new Menu control and relating pages in a 'grouping'

    Al Cadalzo, Jan 12, 2006, in forum: ASP .Net Web Controls
    Replies:
    0
    Views:
    125
    Al Cadalzo
    Jan 12, 2006
  4. saiho.yuen
    Replies:
    3
    Views:
    401
    kaeli
    Sep 14, 2004
  5. David
    Replies:
    1
    Views:
    298
    David
    Dec 6, 2006
Loading...

Share This Page