« SqlCacheDependency using ASP.NET 2.0 and SQL Server 2005
C# 2.0 Anonymous Methods »

.NET Security Tips

.NET Security Tips

.NET Security Tips

# Keep “Persist Security Info” as false in the connection string.

# Remove the authentication cookie in Session_End event or application specific logout event.

# Security decisions should not rely only on client-side validations – they should be verified on the server side too!

# Hashed password format should be specified in provider configuration.

# The website should be partitioned into public access areas and restricted areas that require authentication access. Navigation between these areas should not flow sensitive credentials information.

# Protect your website against Cross-Site Scripting or XSS attacks

# Dynamic queries that accept user input should be used only if stored procedures cannot be used. Even these queries should use parameters.

# Ensure that utilizing the “View source” option does not divulge any sensitive information.

# Set mode attribute in customErrors to On to prevent displaying detailed error messages to the caller.

# Ensure that utilizing the “View source” option does not divulge any sensitive information.

This entry was posted on Thursday, February 28th, 2008 at 6:01 pm and is filed under dot net c# development, asp development. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

All material @ copyrighted by chrisranjana.com. If you want to link to this article you are welcome to do so. Unauthorized publication is strictly prohibited. This developer tutorial website contains articles by Php programmers , Software developers, Mysql programmers and asp c# programmers. This website also contains ajax tutorials and advanced mysql sql stored procedures and functions tutorials and sample codes.