Re: ASP.net { or any web application } security
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 18 Apr 2007 10:50:04 +0000 (UTC)
Well - you could generate one-time IDs that are only valid for a short period of time - you could append these to links as a query string.
An HttpModule could check the appended IDs for validity...
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
Hi all,
I'm wondering how can i prevent this scenario:
I have asp.net application , not using any kind of asp.net secuirty
models [ neither Windows Nor Forms Auth]. Client can save a complete
copy of the web site locally, he can change any Javascript funciton ,
then chnage the Action attribute in the form tag to point to the same
page again, & it will submit .
My question is: i want to access my website only within my web site
links or
requests, i don't want to accept the previous scenario, also i don't
want to
accept any custom http request come out of my internal web site.
i can't depend on HTTP Reffer , because it's easily can be change
through
http sniffing tools or Packets editor tools.
any Advice ???
Bashar
.
- Prev by Date: Security Tutorial for Intranet Environment
- Next by Date: Re: ASP.net { or any web application } security
- Previous by thread: Security Tutorial for Intranet Environment
- Next by thread: Re: ASP.net { or any web application } security
- Index(es):
Relevant Pages
|
|
