Re: Is asp.net safe?
- From: "offwhite" <offwhite@xxxxxxxxx>
- Date: 19 Nov 2006 13:07:48 -0800
Also be sure to handle the Application_Error event in the Global.asax
and not allow errors to be shown to the public users. And do not use
ad hoc SQL in your ASP.NET code. Instead use stored procedures or
parameterized SQL strings. That will help fight off SQL injection
attacks.
You can then have this website run in a separate application pool in
IIS under a custom user (not Network Service) and limit the rights of
that user. Generally you just need access to the database which will
not be a trusted connection anyway.
Brennan Stehling
http://brennan.offwhite.net/blog/
Michael D. Ober wrote:
If your customer wants complete safety, tell him to use VMS. Other than
that, ASP.NET 2.0 running on W2003 SP1 is pretty darn safe, so long as your
code doesn't do anything stupid like not validate inputs and allow access to
folders that it doesn't need.
Mike Ober.
"ad" <flying@xxxxxxxxxxxxxxx> wrote in message
news:%23igaxibCHHA.4832@xxxxxxxxxxxxxxxxxxxxxxx
I use VS2005 to develop web applicaiton.
The Web applicaiton will install in an windows xp.
Some cusotmer doubt the safety of Asp.net.
Are there some reports about the safety of OS or database or development
tools?
.
- References:
- Is asp.net safe?
- From: ad
- Re: Is asp.net safe?
- From: Michael D. Ober
- Is asp.net safe?
- Prev by Date: Re: Create User Login/Password with wobbly drawing
- Next by Date: RE: Locking down CAS policy
- Previous by thread: Re: Is asp.net safe?
- Next by thread: RE: Locking down CAS policy
- Index(es):
Relevant Pages
|
|
