learntech nology <[EMAIL PROTECTED]> wrote:
Dear Micheal,
Will you please tell me, Is HttpRefererModule available in Ajax.dll ??
If not how can I achive such security ?
Please guide me for same.
Thanks,
On 6/15/06, learntech nology <[EMAIL PROTECTED]> wrote:Dear Micheal ,
Very thanks for your response and spcially for your technology that gives excellent performance to .Net application.
Keep Growing.
Regards,
learn zala
On 6/14/06, Michael Schwarz <[EMAIL PROTECTED]> wrote:
Hi,
there is the same security issues than common ASP.NET. Following key
words should be discussed:
1) FormsAuthentication (NTLM is not working)
2) HttpRefererModule that will check the http request header
3) Ticket use, where you write your own ticket that will be placed in
your ASPX file
It is like everytime, if you know the security checks you could fake
the request. Think on stolen cookies... and now on stolen http
requests.
I put an example online that will only return the AjaxPro request if
HttpReferer is from same site. See a post from the last days.
Regards,
Michael
On 6/12/06, learntech nology < [EMAIL PROTECTED]> wrote:
> Dear Friends,
> Recently I have starte to learn AJAX.
> I have developed a small functionality " TO FILL DROP DOWN LIST OF CITY
> BASED ON STATE".
> For that I am calling server side method from _javascript_ and filling drop
> down of city.
> URL is like this http://localhost/webapp/page1.aspx?stateid=[id]
> It's working fine without any issue.
> Now I have question , If any user visit that page and from view sorce copy
> that script
> and call my link
> http://localhost/webapp/page1.aspx?stateid=[id]
>
> that user can able to get list of city from simply copy/paste of _javascript_
> from my page.
> So I want to know how to implement security so another page can't use my
> link.
> please help me .
> Thanks in advance.
>
>
> --
> Learn Zala
>
>
> >
>
--
Best regards | Sch?Gr?;br>Michael
Microsoft MVP - Most Valuable Professional
Microsoft MCAD - Certified Application Developer
http://weblogs.asp.net/mschwarz/
http://www.schwarz-interactive.de/
mailto:[EMAIL PROTECTED]--
Learn Zala
--
Learn Zala
How low will we go? Check out Yahoo! Messengers low PC-to-Phone call rates.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ajax.NET Professional" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/ajaxpro
The latest downloads of Ajax.NET Professional can be found at http://www.ajaxpro.info
-~----------~----~----~----~------~----~------~--~---
