Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Jun 2003
    Posts
    81
    Thanks
    0
    Thanked 0 Times in 0 Posts

    asp.net security

    does anybody have a sample vb code to validate a user's input on Cross-site scripting and SQL injection?

    thx

  • #2
    Regular Coder
    Join Date
    Jul 2004
    Location
    France
    Posts
    141
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I am using a class User and a PageLevel

    Public _pageLevel As UserLevels

    Public Enum UserLevels As Byte
    Guest = 0
    Base = 1
    Full = 5
    Modero = 8
    Admin = 10
    Web = 100
    End Enum

    Public Class User
    Private _level As UserLevels
    Private _skin As Byte
    Private _id As Int32
    Private _name As String
    ....
    End Class

    and a global class

    Public ReadOnly Property CurrentUser() As User
    Get
    Dim usr As User = CType(Session("User"), User)
    If usr Is Nothing Then
    usr = New User
    Session.Add("User", usr)
    End If
    Return usr
    End Get
    End Property
    Public Sub AccessCheck()
    If GetPageName() = "Login" Then
    Exit Sub
    End If
    If CurrentUser.HasLevel(Me.PageLevel) Then
    Exit Sub
    Else
    .....'go to login page
    End If
    End Sub

  • #3
    Senior Coder
    Join Date
    Apr 2003
    Location
    England
    Posts
    1,192
    Thanks
    5
    Thanked 13 Times in 13 Posts
    what methods of sql injection are there because im just blocking a few key sql characters from all forms on a site to stop it (seems to work but its a bit overkill as using those characters isnt necessarily sql injection) but im not sure if i missed any, i pretty much just block like ', ", ;


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •