Got more questions? Find advice on: SQL | XML | Regular Expressions | Windows
in Search
Welcome to AspAdvice Sign in | Join | Help

Browse by Tags

All Tags » Security
Showing page 1 of 2 (20 total posts)
  • Hosting Company Breached

    Fasthosts, ''the UK's number 1 web host'' (by self acclamation I'm sure) is in the news today because apparently all of their customers' passwords (in plaintext) were compromised by a security breach.  They've asked all of their customers to change their passwords immediately, and of course since many people use the same passwords on ...
    Posted to Steven Smith (Weblog) by ssmith on October 18, 2007
  • Slashdot Acknowledges Vista More Secure Than Linux

    Wow, even Slashdot, anti-Microsoft capital of the Web, acknowledges that six months after its release, Vista Security is still besting Linux.  From the site: ''Great report on security vulnerabilities for MS/Linux/OS X. This is a revised version of the one Jeff Jones did back on March 21: Windows Vista — 90 Day Vulnerability Report. This ...
    Posted to Steven Smith (Weblog) by ssmith on June 28, 2007
  • Finding Sites That Allow SQL Injection Attacks

    Michael Sutton recently blogged on creating a SQL Injection Attack crawler app that used Google to locate sites thar were susceptible to SQL Injection attacks. Scott Guthrie mentions the post in his blog.  Take a look at Michael's and Scott's posts. Very scary stuff. I guess I thought everyone knew this stuff already but then again it ...
    Posted to Paul Litwin's Blog (Weblog) by plitwin on October 1, 2006
  • Remote Web Administration Tool

    Recently, a question came up in the ASP.NET security forums about the lack of a remote membership/role configuration tool in ASP.NET 2.0.  Being able to remotely manage users is important in pretty much any site where you have users.  Fortunately, QualityData has stepped in and developed that plus a little more in their ...
    Posted to Richard Dudley (Weblog) by rjdudley on July 6, 2006
  • Protecting Files in Shared Hosting Environment

    In a previous post (http://aspadvice.com/blogs/rjdudley/archive/2005/05/21/2595.aspx), I showed one way to protect files from direct download by configuring IIS.  In a shared hosting environment, this usually isn't possible, so I'll show another way to protect these files. First, a little review.  Out of the box, only certain file types ...
    Posted to Richard Dudley (Weblog) by rjdudley on October 3, 2005
  • Know When To Quit

    Today's NewsFactor Network showed up in my inbox, and the lead story was: ------------------------------------------------------------ 1. E-Mail Authentication: Holy Grail or Lost Cause? ------------------------------------------------------------ Originally, e-mail was never designed to do anything more than deliver text messages. But ...
    Posted to Richard Dudley (Weblog) by rjdudley on August 15, 2005
  • A Simple Passphrase Generator - Latest ASP Alliance Article Published

    My latest ASP Alliance article has been published: A Simple Passphrase Generator Passphrases have been receiving more and more attention as part of a strong security policy. When building secure web-based applications, assigning random passphrases to new user accounts can be a bit of a challenge. In this article, we'll build a simple passphrase ...
    Posted to Richard Dudley (Weblog) by rjdudley on August 10, 2005
  • Preventing Page Review after Logout with Forms Authentication

    My latest ASP Alliance article has been published today: Preventing Page Review after Logout with Forms Authentication The inclusion of Forms Authentication in the .NET Framework has been a significant benefit to developers securing web-based applications. While pages can be secured server-side, local caching by browsers and proxy servers may ...
    Posted to Richard Dudley (Weblog) by rjdudley on July 11, 2005
  • Is Dynamic SQL in Your Stored Procedures Vulnerable to SQL Injection?

    We all should be familiar with the fact that concatenating user input directly into SQL statements is an open invitation to an SQL Injection attack.  Code such asMySql = ''Select * from Orders where Customer ID=''' & txtCustomerId & '''''should be avoided.  If you need some more background information on SQL Injection attacks, I am building a ...
    Posted to Richard Dudley (Weblog) by rjdudley on June 30, 2005
  • Free Certificates for Encrypting E-mail

    Microsoft MVP Susan ''The SBS Diva'' Bradley gives a short overview about sending encrypted e-mails.  In her post, she says you have to purchase a digital certificate.  From some certificate authorities, you may have to do so, but Thawte offers free certificates for e-mail through their Web of Trust program.  When your certificate ...
    Posted to Richard Dudley (Weblog) by rjdudley on June 22, 2005
1 2 Next >