Search Results

Search found 5174 results on 207 pages for 'prevent'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 89/207 | < Previous Page | 85 86 87 88 89 90 91 92 93 94 95 96  | Next Page >

  • What am I missing in this ASP.NET XSS Security Helper class?

    - by smartcaveman
    I need a generic method for preventing XSS attacks in ASP.NET. The approach I came up with is a ValidateRequest method that evaluates the HttpRequest for any potential issues, and if issues are found, redirect the user to the same page, but in a away that is not threatening to the application. (Source code below) While I know this method will prevent most XSS attacks, I am not certain that I am adequately preventing all possible attacks while also minimizing false positives. So, what is the most effective way to adequately prevent all possible attacks, while minimizing false positives? Are there changes I should make to the helper class below, or is there an alternative approach or third party library that offers something more convincing? public static class XssSecurity { public const string PotentialXssAttackExpression = "(http(s)*(%3a|:))|(ftp(s)*(%3a|:))|(javascript)|(alert)|(((\\%3C) <)[^\n]+((\\%3E) >))"; private static readonly Regex PotentialXssAttackRegex = new Regex(PotentialXssAttackExpression, RegexOptions.IgnoreCase); public static bool IsPotentialXssAttack(this HttpRequest request) { if(request != null) { string query = request.QueryString.ToString(); if(!string.IsNullOrEmpty(query) && PotentialXssAttackRegex.IsMatch(query)) return true; if(request.HttpMethod.Equals("post", StringComparison.InvariantCultureIgnoreCase)) { string form = request.Form.ToString(); if (!string.IsNullOrEmpty(form) && PotentialXssAttackRegex.IsMatch(form)) return true; } if(request.Cookies.Count > 0) { foreach(HttpCookie cookie in request.Cookies) { if(PotentialXssAttackRegex.IsMatch(cookie.Value)) { return true; } } } } return false; } public static void ValidateRequest(this HttpContext context, string redirectToPath = null) { if(context == null || !context.Request.IsPotentialXssAttack()) return; // expire all cookies foreach(HttpCookie cookie in context.Request.Cookies) { cookie.Expires = DateTime.Now.Subtract(TimeSpan.FromDays(1)); context.Response.Cookies.Set(cookie); } // redirect to safe path bool redirected = false; if(redirectToPath != null) { try { context.Response.Redirect(redirectToPath,true); redirected = true; } catch { redirected = false; } } if (redirected) return; string safeUrl = context.Request.Url.AbsolutePath.Replace(context.Request.Url.Query, string.Empty); context.Response.Redirect(safeUrl,true); } }

    Read the article

  • prohibiting instantiation as a temporary object (C++)

    - by SuperElectric
    I like using sentry classes in c++, but I seem to have a mental affliction that results in repeatedly writing bugs like the following: { MySentryClass(arg); // ... other code } Needless to say, this fails because the sentry dies immediately after creation, rather than at the end of the scope, as intended. Is there some way to prevent MySentryClass from being instantiated as a temporary, so that the above code either fails to compile, or at least aborts with an error message at runtime?

    Read the article

  • QT QFileDialog how to hide hidden/backup folders (".folder")

    - by Alberto Toglia
    Basically when browsing folders inside a QFileDialog I find very annoying to have everything bloated with hidden or backup folders (don't know how to call them really); specially on home. Is there a way to prevent these type of folders from showing by default on a QFileDialog? I'm using Qt4.6 and getOpenFileName. P.D.: I'm starting to think this might be an ubuntu thing...?

    Read the article

  • Limit URL Parameter Length in Web.Config

    - by Alex
    Is it possible to add some kind of restriction to the web.config to limit URL parameter length? I want to prevent people at the earliest possible point from submitting too large URL parameters so the server doesn't get taxed more than necessary in the event that somebody tries to "attack" it with large invalid URL parameters.

    Read the article

  • How to generate custom JSESSIONID, based on some hash of user's data?

    - by Shaman
    Is it possible to override Tomcat's embedded generator of JSESSIONID, to be able to create custom values of this cookie, based on user's login? Why do I need this: I have a load balancer with "sticky sessions", configured to route requests with the same JSESSIONID to the same server, and I want to prevent situation, when same user can start two different sessions on different servers.

    Read the article

  • Override browser "Find" feature

    - by Trevor Burnham
    I'm wondering whether it's possible to use JavaScript to intercept or prevent the user from using the browser's "Find" feature to find text on the page. (Trust me, I have a good reason!) I'm guessing the answer is "no," beyond the obvious intercepting Cmd/Ctrl+F. A second-best solution would be to intercept the text highlighting that the browser performs during a Find. Is there any way to do this, in any browser?

    Read the article

  • GCC how to block system calls within a program?

    - by CMPITG
    Does anyone tell me how to block system calls within a program, please? I am building a system which takes a piece of C source code, compiles it with gcc and runs it. For security reasons, I need to prevent the compiled program from calling system calls. Is there any way to do it, from the source code level (e.g. stripping the header files of gcc, detecting malicious external calls, ...) to the executable level?

    Read the article

  • Recovering From An SQL Injection

    - by Bryan
    Let's not go so far as to say that I'm paranoid, but I've been spending hour after hour learning how to prevent SQL injections (and XSS for what it's worth). What I'm wondering is that a SQL injection doesn't seem like it would do permanent harm to my database if I've made daily backups. Doesn't importing yesterday's copy of my tables just restore them and then I can be on my merry way?

    Read the article

  • IE7 not Caching CSS Image over SSL

    - by Alex
    Hello, I'm using the WebDevHelper toolbar for Internet Explorer to troubleshoot HTTP requests/roundtrips on my SSL site and noticed that IE re-downloads my CSS :hover images every time they are triggered. This causes a huge amount of roundtrips. How can I prevent this from happening? Edit: All static content is served with cache-control: public, so images, javascript etc. are cached in Firefox and Chrome. This problem is IE specific.

    Read the article

  • override delete function in entity framework

    - by k0ni
    How can i make my own delete method to prevent that the data really gets deleted? i want to set a datetime field when it gets deleted insted of a normal delete. i read about overriding the submitchanges function, but i don't get it to work thanks

    Read the article

  • Remove trailing slash with htaccess but preserve query string

    - by soundseller
    I am using following directives in my htaccess to remove trailing slashs from my uris to prevent duplicate content. However these directives also remove any query string, that might be present. RewriteCond %{HTTP_HOST} ^(www.)?mydomain\com$ [NC] RewriteRule ^(.+)/$ http://www.mydomain.com/$1 [R=301,L] I'd like to know how to remove a potential trailing slash from my URI, but also preserve query strings.

    Read the article

  • Maximum Row in DBMS

    - by Am1rr3zA
    Is there any limit to maximum row of table in DBMS (specially MySQL)? I want create table for saving logfile and it's row increase so fast I want know what shoud I do to prevent any problem.

    Read the article

  • Protect flash video from download/right protect

    - by Smyles
    Is it possible to protect flv files from download? I'd like to protect my files from download but I don't have the money for a streaming server which I think provides some sort of protection. The files are streamed via PHP and are located in an upload folder on my server. I've used PHP to ensure that only subscribers can view the video but I basically want to go a step further and prevent subscribers from, upon login, downloading my videos with downloaders such as Sothink Flv Downloader for Firefox.

    Read the article

  • How to surpress screen savers on Linux?

    - by Die in Sente
    I need to prevent the screen saver from running while my application is running. I know how to do this on the Windows versions, with SendInput calls, but I need to do something similar for Linux ports. It looks complicated, because ideally, I'd like something that would work on multiple Linux distros (SuSe, Red Hat, Ubunutu...) and it looks like there are at least 3 different screen-saver frameworks: xscreensaver, gnome-screensaver, and something else in KDE.

    Read the article

  • Does it make sense to fragment cache static partials

    - by ash34
    Hi, I have my views and layouts split into multiple partials, some of them are static partials i.e, no data from the database being displayed here. Does it make sense to cache these to prevent the erb templating system from generating the html each time or it only makes sense to cache in situations where something needs to be retrieved from the db each time. thanks, ash

    Read the article

  • Preventing server-side scripting, XSS

    - by Tim
    Hey all Are there any pre-made scripts that I can use for PHP / MySQL to prevent server-side scripting and JS injections? I know about the typical functions such as htmlentities, special characters, string replace etc. but is there a simple bit of code or a function that is a failsafe for everything? Any ideas would be great. Many thanks :)

    Read the article

  • Using empty row as default in a ComboBox with Style "DropDownList"?

    - by Pesche Helfer
    Hi board I am trying to write a method, that takes a ComboBox, a DataTable and a TextBox as arguments. The purpose of it is to filter the members displayed in the ComboBox according to the TextBox.Text. The DataTable contains the entire list of possible entries that will then be filtered. For filtering, I create a DataView of the DataTable, add a RowFilter and then bind this View to the ComboBox as DataSource. To prevent the user from typing into the ComboBox, I choose the DropDownStyle DropDownList. That’s working fine so far, except that the user should also be able to choose nothing / empty line. In fact, this should be the default member to be displayed (to prevent choosing a wrong member by accident, if the user clicks through the dialog too fast). I tried to solve this problem by adding a new Row to the view. While this works for some cases, the main issue here is that any DataTable can be passed to the method. If the DataTable contains columns that cannot be null and don’t contain a default value, I suppose I will raise an error by adding an empty row. A possibility would be to create a view that contains only the column that is defined as DisplayMember, and the one that is defined as ValueMember. Alas, this can’t be done with a view in C#. I would like to avoid creating a true copy of the DataTable at all cost, since who knows how big it will get with time. Do you have any suggestions how to get around this problem? Instead of a view, could I create an object containing two members and assign the DisplayMember and the ValueMember to these members? Would the members be passed as reference (what I hope) or would true copied be created (in which case it would not be a solution)? Thank you very much for your help! Best regards public static void ComboFilter(ComboBox cb, DataTable dtSource, TextBox filterTextBox) { cb.DropDownStyle = ComboBoxStyle.DropDownList; string displayMember = cb.DisplayMember; DataView filterView = new DataView(dtSource); filterView.AddNew(); filterView.RowFilter = displayMember + " LIKE '%" + filterTextBox.Text + "%'"; cb.DataSource = filterView; }

    Read the article

  • Merging code with dependencies? - Javascript

    - by RadiantHex
    Hi folks, this might be quite simple, but I must say I'm a bit confused on this topic. I'm writing code based on two popular libraries: jQuery underscore.js I am just wondering what would be the best way to isolate the code and prevent conflicts and how to merge it with its dependencies. By merging I mean putting them within the same file. :) I hope I'm not asking something which is too basic. ...and a last thing MERRY CHRISTMAS EVERYONE! =D

    Read the article

  • SQL Server Transactions how can I commit my transaction

    - by codingguy3000
    I have SQL Server 2005 stored procedure. Someone one is calling my stored procedure within a transaction. In my stored proc I'm logging some information (insert into a table). When the higher level transaction rolls back it removes my insert. Is there anyway I can commit my insert and prevent the higher level rollback from removing my insert? Thanks

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 85 86 87 88 89 90 91 92 93 94 95 96  | Next Page >