esb01
01-28-2005, 07:15 PM
does anybody have a sample vb code to validate a user's input on Cross-site scripting and SQL injection?
thx
thx
|
||||
asp.net securitygwendaal 02-01-2005, 07:47 AM I am using a class User and a PageLevel Public _pageLevel As UserLevels Public Enum UserLevels As Byte Guest = 0 Base = 1 Full = 5 Modero = 8 Admin = 10 Web = 100 End Enum Public Class User Private _level As UserLevels Private _skin As Byte Private _id As Int32 Private _name As String .... End Class and a global class Public ReadOnly Property CurrentUser() As User Get Dim usr As User = CType(Session("User"), User) If usr Is Nothing Then usr = New User Session.Add("User", usr) End If Return usr End Get End Property Public Sub AccessCheck() If GetPageName() = "Login" Then Exit Sub End If If CurrentUser.HasLevel(Me.PageLevel) Then Exit Sub Else .....'go to login page End If End Sub ghell 02-01-2005, 03:27 PM what methods of sql injection are there because im just blocking a few key sql characters from all forms on a site to stop it (seems to work but its a bit overkill as using those characters isnt necessarily sql injection) but im not sure if i missed any, i pretty much just block like ', ", ; |
| |||
EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum
vBulletin® v3.8.2, Copyright ©2000-2013, Jelsoft Enterprises Ltd.