What ASP.NET commands can lead to unsafe code?

Question

What ASP.NET commands can lead to unsafe code?

Personally, I am trying to write safe ASP.NET code. However, I became quite paranoid with respect to the code that I am writing as I worked for the Registrar (high fraud targets). Are there any ASP.NET functions that I should look at with utmost care (except for SQL access - I know enough not to execute dynamic SQL).

+3

security sql asp.net

Thunder3 Jul 19 '09 at 3:01

source share

2 answers

. , . , ValidateRequest = "true" EnableEventValidation = "true" web.config:

. ASP.NET.

+1

Dan Diplo 19 . '09 14:52

Mitch Wheat · Accepted Answer · 2009-07-19T03:06:34+0000

This is an excellent MSDN article: Security Practices: ASP.NET 2.0 Security Practices at a Glance .

Excerpts:

How to prevent cross-site scripting
. , , , . HttpUtility.HtmlEncode , , , cookie , . - / . , .
Response.Write(HttpUtility.HtmlEncode(Request.Form["name"]));
URL, , HttpUtility.UrlEncode URL, .
Response.Write(HttpUtility.UrlEncode(urlString));
, HTML-, - , ASP.NET .
, .
<customErrors mode="On" defaultRedirect="YourErrorPage.htm" />

What ASP.NET commands can lead to unsafe code?

More articles: