Hi
Hope somebody in this group can educate us to see if
there is any better solution or implementation to this
situation.
Scenario
========
We have around 50-75 ASPx pages (.NET 1.1 framework),
and it's a very simple WEB application. Each of these
pages does only data-in and data-out, so far nothing
complicated.
Requirement
===========
We want to implement XSite scripting, Malicious TAG
Check, SQL Injection validation in this site.
Solution We Proposed
====================
We opted to crate an XML file which stores list of all
the Malicious TEXTs (see example below). If user
inputs any of these texts (the ones within the <TAG>
node), we will STOP/Alert the user from submitting the
page.
Question
========
1. How do I implement the "validation check" in each
of these 50 pages in a fast way, so that I dont need
to change too much of code. Is it possible?
2. How do I ensure that if a new page gets created,
this feature gets implemented magically.
ThreatModel.XML
===============
<MaliciousTags>
<XSitetags>
<TAG>script<TAG>
<TAG>object<TAG>
</XSitetags>
<SQLTags>
<TAG>DROP<TAG>
<TAG>DBCC<TAG>
</SQLTags>
</MaliciousTags>
Thanks
PP
__________________________________
Do you Yahoo!?
Plan great trips with Yahoo! Travel: Now over 17,000 guides!
http://travel.yahoo.com/p-travelguide
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/
<*> To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
