khadem1386 Posted September 11, 2008 Share Posted September 11, 2008 Hi to all:*-can I know some differs between security of asp3 and asp.net.*-can you show me some way to make asp secure in DBase management.*-What is and where is asp3 holes and bugs about security?Thanks a lot Link to comment Share on other sites More sharing options...
justsomeguy Posted September 11, 2008 Share Posted September 11, 2008 There aren't a lot of ASP-specific security holes, most of the security issues with ASP are the same security issues that you would see with PHP or anything else. It also depends on the other tools you're using, for example MS SQL Server is less secure than MySQL only because it allows more than one database query in a single statement, where MySQL does not. That's not necessarily a bad thing though, I have some ASP applications that send batches of queries to the server instead of individual queries, but if you're not sanitizing database inputs to avoid SQL injections you can get burned more with SQL Server than you can with MySQL. But if you're using good programming practices and you know what you're doing then you can make it secure no matter which language and database you use. Conversely, if you don't know what you're doing then you can make an insecure, buggy application in any language you want. Link to comment Share on other sites More sharing options...
khadem1386 Posted September 12, 2008 Author Share Posted September 12, 2008 Thanks.I read some essay about session hacking in asp.net prepossessing .I thought that session variables were safe.If I transfer my important information variable by some sessions. how much chance is to HACK. or scan its by other peoples?and how can I secure my sessions?Thanks a lot. Link to comment Share on other sites More sharing options...
Synook Posted September 12, 2008 Share Posted September 12, 2008 If I transfer my important information variable by some sessions. how much chance is to HACK. or scan its by other peoples?Sessions are handled server-side and only the processed data is sent to the client. It is very possible, however, for any information to be intercepted if sent through an unencrypted connection. This is not an ASP fault though, just a general network vulnerability.and how can I secure my sessions?Use an encrypted connection, i.e. SSL. Link to comment Share on other sites More sharing options...
justsomeguy Posted September 12, 2008 Share Posted September 12, 2008 I don't see any resources talking about hacking ASP.NET sessions through a vulnerability in preprocessing.In order to have a secure session you should only use cookies, not append the session ID to any URLs. The session cookies should only be used over a secure connection. If you want to recycle the session ID periodically, depending on your application, that might help avoid session attacks also. Again though, these aren't ASP-specific, just general guidelines. If you want to read about good security practices in web applications there are quite a few books available on the subject. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.