...

View Full Version : asp.net security



esb01
01-28-2005, 07:15 PM
does anybody have a sample vb code to validate a user's input on Cross-site scripting and SQL injection?

thx

gwendaal
02-01-2005, 07:47 AM
I am using a class User and a PageLevel

Public _pageLevel As UserLevels

Public Enum UserLevels As Byte
Guest = 0
Base = 1
Full = 5
Modero = 8
Admin = 10
Web = 100
End Enum

Public Class User
Private _level As UserLevels
Private _skin As Byte
Private _id As Int32
Private _name As String
....
End Class

and a global class

Public ReadOnly Property CurrentUser() As User
Get
Dim usr As User = CType(Session("User"), User)
If usr Is Nothing Then
usr = New User
Session.Add("User", usr)
End If
Return usr
End Get
End Property
Public Sub AccessCheck()
If GetPageName() = "Login" Then
Exit Sub
End If
If CurrentUser.HasLevel(Me.PageLevel) Then
Exit Sub
Else
.....'go to login page
End If
End Sub

ghell
02-01-2005, 03:27 PM
what methods of sql injection are there because im just blocking a few key sql characters from all forms on a site to stop it (seems to work but its a bit overkill as using those characters isnt necessarily sql injection) but im not sure if i missed any, i pretty much just block like ', ", ;



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum