i'm coding is asp.net new to asp.net but have knowledge in asp. asp.net seems so different from asp. anway, i'm trying something new to me. i wonder if it is safe to put sensitive information like connectionstring or password in session, or application variable(that's what they do on samples,but i'm kinda doubt it).
anyway is there any good asp.net input sanitation tutorial or security ? thanksIts pretty common to put the connection string into the Application collection. Application, Session, and Cache objects all remain in the server side. The only way I can think for a hacker to read them is to drop an aspx page into your web application with <script runat=server> and setup a Page_Load method that iterates the contents of Application back to the page. I'm not sure what it takes to add a page illegally to a site...
thanks man. the other way is when you get one of your input from user unsanitized which cause cross site scripting. i'm quite fammiliar with it using asp but not asp.net. taht's why i'm posting this.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment