One approach would be to create a new webpage base class. It would inherit from System.Web.UI.Page. Call it SecurePage. You would include all the necessary code in this base class. Then change your existing pages to inherit from SecurePage instead of System.Web.UI.Page. When you create a new page simply start off inheriting from SecurePage. Any changes you make in the base class would be used by all pages.
On 4/16/05, P P <[EMAIL PROTECTED]> wrote: > > Hi > > Hope somebody in this group can educate us to see if > there is any better solution or implementation to this > situation. > > Scenario > ======== > We have around 50-75 ASPx pages (.NET 1.1 framework), > and it's a very simple WEB application. Each of these > pages does only data-in and data-out, so far nothing > complicated. > > Requirement > =========== > We want to implement XSite scripting, Malicious TAG > Check, SQL Injection validation in this site. > > Solution We Proposed > ==================== > We opted to crate an XML file which stores list of all > the Malicious TEXTs (see example below). If user > inputs any of these texts (the ones within the <TAG> > node), we will STOP/Alert the user from submitting the > page. > > Question > ======== > 1. How do I implement the "validation check" in each > of these 50 pages in a fast way, so that I dont need > to change too much of code. Is it possible? > > 2. How do I ensure that if a new page gets created, > this feature gets implemented magically. > > ThreatModel.XML > =============== > <MaliciousTags> > <XSitetags> > <TAG>script<TAG> > <TAG>object<TAG> > </XSitetags> > <SQLTags> > <TAG>DROP<TAG> > <TAG>DBCC<TAG> > </SQLTags> > </MaliciousTags> > > Thanks > PP > > > __________________________________ > Do you Yahoo!? > Plan great trips with Yahoo! Travel: Now over 17,000 guides! > http://travel.yahoo.com/p-travelguide > > Yahoo! Groups Links > > > > > -- Dean Fiala Very Practical Software, Inc http://www.vpsw.com Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/AspNetAnyQuestionIsOk/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
