Ask a Question related to ASP.NET Security, Design and Development.
-
Gary Townsend (Spatial Mapping Ltd.) #1
Encrypt String or different approach
Good afternoon,
I am building an application that uses ASP .NET, and Blackmoon FTP
Server, My plan currently is to automate some user processes one of
those processes is to allow them to download files in their FTP Root
directories via HTTP for our clients who are behind firewalls which
prevent them from using the FTP protocol.
So to this end i have created a page which lists all thier files out,
then provides a link that would spawn a new window which would initiate
the transfer. Couple problems exist for me being that i have only been
using ASP .NET for 2 weeks now my question is this.
1) Is there possibly a better way to initiate the file transfer without
spawning a new window
2) if spawning a new window is the route i go is there a way to encrypt
the string i send to the new page so that people can hack the file
transfer page to download any files they want.
Any suggestions on improving my approach to this problem are also welcome.
Gary Townsend
Systems and Web Developer
Spatial Mapping Ltd.
[url]http://www.spatialmapping.com[/url]
250 564 1928
Gary Townsend (Spatial Mapping Ltd.) Guest
-
encrypt string in the Web.Config file
hi I want to encrypt the Connection String that is located in the Web.Config file How Can I do it? -
Query String - encrypt
All, I often use a querystring in my ASP pages. for example: if val > 1 then Response.redirect "val1.asp?val=1&user=UserID End if Is there a... -
Encrypt String while restricting certain characters
"Alek Davis" <alek_DOT_davis_AT_intel_DOT_com> wrote in message news:<OEVEJXMRDHA.2204@TK2MSFTNGP12.phx.gbl>... Thank you, I'll try it out. -SF -
How can I encrypt a string?
hi... How can I encrypt a string and then decrypt it? there are some examples I found but all of them about filestream object I wonder if there... -
Encrypt string for POSTing
Hi all! I need to POST data from one of my asp.net pages to an external CGI script. What possibilities do I have to encrypt the data for... -
Gary Townsend (Spatial Mapping Ltd.) #2 Re: Encrypt String or different approach
By the way point to should read "so that people CAN NOT hack "
Gary Townsend (Spatial Mapping Ltd.) wrote:
> Good afternoon,
>
> I am building an application that uses ASP .NET, and Blackmoon FTP
> Server, My plan currently is to automate some user processes one of
> those processes is to allow them to download files in their FTP Root
> directories via HTTP for our clients who are behind firewalls which
> prevent them from using the FTP protocol.
>
> So to this end i have created a page which lists all thier files out,
> then provides a link that would spawn a new window which would initiate
> the transfer. Couple problems exist for me being that i have only been
> using ASP .NET for 2 weeks now my question is this.
>
> 1) Is there possibly a better way to initiate the file transfer without
> spawning a new window
>
> 2) if spawning a new window is the route i go is there a way to encrypt
> the string i send to the new page so that people can hack the file
> transfer page to download any files they want.
>
> Any suggestions on improving my approach to this problem are also welcome.
>
>
> Gary Townsend
> Systems and Web Developer
> Spatial Mapping Ltd.
> [url]http://www.spatialmapping.com[/url]
> 250 564 1928Gary Townsend (Spatial Mapping Ltd.) Guest
-
Jeff Dillon #3 Re: Encrypt String or different approach
Don't use a GET (using a querystring), but rather a POST to the target page.
The user then won't see any info in the address bar
jeff
"Gary Townsend (Spatial Mapping Ltd.)" <garyt@spatialmapping.com> wrote in
message news:crNjd.127215$df2.85635@edtnps89...> Good afternoon,
>
> I am building an application that uses ASP .NET, and Blackmoon FTP
> Server, My plan currently is to automate some user processes one of
> those processes is to allow them to download files in their FTP Root
> directories via HTTP for our clients who are behind firewalls which
> prevent them from using the FTP protocol.
>
> So to this end i have created a page which lists all thier files out,
> then provides a link that would spawn a new window which would initiate
> the transfer. Couple problems exist for me being that i have only been
> using ASP .NET for 2 weeks now my question is this.
>
> 1) Is there possibly a better way to initiate the file transfer without
> spawning a new window
>
> 2) if spawning a new window is the route i go is there a way to encrypt
> the string i send to the new page so that people can hack the file
> transfer page to download any files they want.
>
> Any suggestions on improving my approach to this problem are also welcome.
>
>
> Gary Townsend
> Systems and Web Developer
> Spatial Mapping Ltd.
> [url]http://www.spatialmapping.com[/url]
> 250 564 1928
Jeff Dillon Guest
-
Paul Ingles #4 Re: Encrypt String or different approach
> Don't use a GET (using a querystring), but rather a POST to the target
But it'd still be open by viewing the contents of the HTTP request.> page.
> The user then won't see any info in the address bar
To answer the original questions:
1) You could always use a URL Rewriter or something that would inspect the
request, and transfer the location to the actual URL.
2) Encrypting the string is a fairly sound approach in my opinion, but you
need to ensure the key is kept securely. Have a look at the DPAPI articles
on MSDN, they've got some good suggestions for that kind of thing.
"Jeff Dillon" <jeff@removeemergencyreporting.com> wrote in message
news:OqCU0vbxEHA.3224@TK2MSFTNGP14.phx.gbl...> Don't use a GET (using a querystring), but rather a POST to the target
> page.
> The user then won't see any info in the address bar
>
> jeff
>
> "Gary Townsend (Spatial Mapping Ltd.)" <garyt@spatialmapping.com> wrote in
> message news:crNjd.127215$df2.85635@edtnps89...>>> Good afternoon,
>>
>> I am building an application that uses ASP .NET, and Blackmoon FTP
>> Server, My plan currently is to automate some user processes one of
>> those processes is to allow them to download files in their FTP Root
>> directories via HTTP for our clients who are behind firewalls which
>> prevent them from using the FTP protocol.
>>
>> So to this end i have created a page which lists all thier files out,
>> then provides a link that would spawn a new window which would initiate
>> the transfer. Couple problems exist for me being that i have only been
>> using ASP .NET for 2 weeks now my question is this.
>>
>> 1) Is there possibly a better way to initiate the file transfer without
>> spawning a new window
>>
>> 2) if spawning a new window is the route i go is there a way to encrypt
>> the string i send to the new page so that people can hack the file
>> transfer page to download any files they want.
>>
>> Any suggestions on improving my approach to this problem are also
>> welcome.
>>
>>
>> Gary Townsend
>> Systems and Web Developer
>> Spatial Mapping Ltd.
>> [url]http://www.spatialmapping.com[/url]
>> 250 564 1928
>
Paul Ingles Guest
-
Jeff Dillon #5 Re: Encrypt String or different approach
Excuse me? In ASP? I don't think so...
What do you mean by HTTP request? View Source on the page? You can't view
ASP code. And SSL would encrypt the packets themselves, if that's what you
mean.
Jef
"Paul Ingles" <paul.ingles@newsgroup.nospam> wrote in message
news:OOhXRmlxEHA.4044@tk2msftngp13.phx.gbl...in>> > Don't use a GET (using a querystring), but rather a POST to the target
> > page.
> > The user then won't see any info in the address bar
> But it'd still be open by viewing the contents of the HTTP request.
>
> To answer the original questions:
>
> 1) You could always use a URL Rewriter or something that would inspect the
> request, and transfer the location to the actual URL.
>
> 2) Encrypting the string is a fairly sound approach in my opinion, but you
> need to ensure the key is kept securely. Have a look at the DPAPI articles
> on MSDN, they've got some good suggestions for that kind of thing.
>
> "Jeff Dillon" <jeff@removeemergencyreporting.com> wrote in message
> news:OqCU0vbxEHA.3224@TK2MSFTNGP14.phx.gbl...> > Don't use a GET (using a querystring), but rather a POST to the target
> > page.
> > The user then won't see any info in the address bar
> >
> > jeff
> >
> > "Gary Townsend (Spatial Mapping Ltd.)" <garyt@spatialmapping.com> wroteinitiate> > message news:crNjd.127215$df2.85635@edtnps89...> >> Good afternoon,
> >>
> >> I am building an application that uses ASP .NET, and Blackmoon FTP
> >> Server, My plan currently is to automate some user processes one of
> >> those processes is to allow them to download files in their FTP Root
> >> directories via HTTP for our clients who are behind firewalls which
> >> prevent them from using the FTP protocol.
> >>
> >> So to this end i have created a page which lists all thier files out,
> >> then provides a link that would spawn a new window which would>> >> >> the transfer. Couple problems exist for me being that i have only been
> >> using ASP .NET for 2 weeks now my question is this.
> >>
> >> 1) Is there possibly a better way to initiate the file transfer without
> >> spawning a new window
> >>
> >> 2) if spawning a new window is the route i go is there a way to encrypt
> >> the string i send to the new page so that people can hack the file
> >> transfer page to download any files they want.
> >>
> >> Any suggestions on improving my approach to this problem are also
> >> welcome.
> >>
> >>
> >> Gary Townsend
> >> Systems and Web Developer
> >> Spatial Mapping Ltd.
> >> [url]http://www.spatialmapping.com[/url]
> >> 250 564 1928
> >
>
Jeff Dillon Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
