Click here to Skip to main content
15,892,575 members
Search within:


Avoid hacking in asp.net websites
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
C#
ASP.NET
Javascript
, +
Hi,

What are the characters we have to avoid in the password field to avoid hacking?
To prevent hacking through sql injection, I avoided ' and " in the password field. ie, if we enter ' and " in the password field, it will show an error message.

Please help me with any ideas.....
Thank you.....
Posted
Add a Solution

5 solutions

Prevention from Hacking is a wide topic.

However to prevent you Application from "SQL Injection" either use Stored Procedures / Parametrized Queries.

For more information on have a look at below links.
http://msdn.microsoft.com/en-us/library/ff648339.aspx

http://msdn.microsoft.com/en-us/library/ff647397.aspx
 
Share this answer
 
Posted
Updated 1-Nov-11 2:09am
v2
Comments
Neha Thanka 1-Nov-11 8:11am    
Thank you sir...........
RaisKazi 1-Nov-11 8:12am    
Welcome. :)
UJimbo 1-Nov-11 8:13am    
Pretty much. There are various applications or web sites that check your own web site for vulnerabilities and even make suggestions on how to improve them. Unfortunatelly, I cannot comment on their usefulness as I have never really tried one. I'm hoping people might know more about it. But it all depends on how far you are willing to go
RaisKazi 1-Nov-11 8:20am    
Yup Thank you, Hacking Prevention is pretty wide topic altogether.
"Denial-of-service attack" is another famous/infamous :) category on this Topic..

http://en.wikipedia.org/wiki/Denial-of-service_attack
Amir Mahfoozi 3-Nov-11 1:07am    
+5 ;)
Hi,

check this link you can see how to avoid sql injections

http://msdn.microsoft.com/en-us/library/ff648339.aspx

All the Best
 
Share this answer
 
Posted
Comments
Neha Thanka 1-Nov-11 8:13am    
Thank you .....
C#
Insert into ITCircular(title,type,url1,url2) values('" + txttitle.Text + "','" + txttype.Text + "','" + path + "','" + path1 + "')

It is unsafe method to write query as above.We should use parametrized query.

to avoid website hacking ,
you can use encryption/Decryption techniques.
 
Share this answer
 
Posted
SQL Injection attacking is not just for login situations. If you want to avoid that type of attack during authentication, then don't use SQL, use Windows authentication or other, more secure, forms of authentication.

You can avoid SQL Injections types of attacks by using stored procedures or parameterized queries. Never concatenate a SQL string and never use unvalidated input from users.

http://msdn.microsoft.com/en-us/library/ms161953.aspx[^]
 
Share this answer
 
Posted
Restricting characters in the input is absolutely the wrong way to go about avoiding SQL injection (and cross site scripting) attacks. Instead, you should use parameterised queries – in .Net there is very little excuse for not doing so as it's very easy.
 
Share this answer
 
Posted
Comments
Neha Thanka 1-Nov-11 8:39am    
Thank you sir....
I am using parameterised queries...
BobJanova 1-Nov-11 10:32am    
Then you don't need to worry about what characters are entered into text fields.
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Recognition and prevention of hacking of a MVC ASP.net website
what to do when a website is hacked
[Cross-post] website got hacked
How to avoid horizontal scrollbar on website..
how can i hacking the web page in asp.net
Anti Hacking Techniques
attack to site or hacking?
How to avoid 2 page loads in ASP.NET
Whic One is the best way avoid page load in asp.ent Website
How to avoid IIS and ASP.NET version disclosure during 404 response in ASP.NET with C#?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 1 Nov 2011
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web04 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900