Avoiding injection

Question

User-326746839 posted

Hi,

Despite of URL Routing, once the name has been displayed in the address bar it comes a little handy for hackers to tryout different combinations so they can reach your datasource

Can that be prevented ?

Carlos N. Porras
(El Salvador) 

Answer 1

User-151368862 posted

Using parameteres in your server side code, to manage database always avoid injection attacks
So dont make up your query by concatenating query with controls values

Just getting the name of a user does not really mean that any hacker has a way to pass through the
default DB authentication and the one you have implemented in your application
Dive here if you want to know more
http://www.marcofolio.net/features/how_you_can_prevent_an_sql_injection.html

Answer 2

User1139353921 posted

Use Encrypt and Decrypt Logic for URL Routing.

Answer 3

User-326746839 posted

Thank you  usman400

I'll check your link ....

Carlos N. Porras
(El Salvador) 

Answer 4

User-326746839 posted

Not quite sure that can be done in ASP.Net Dynamic Data ManikandanUlagu 

It seems that global.asx file sets the way in which URL routes are uesd for Dynamic Data to use proper templates ... so I don't know how can the routing be altered in order to be able to use aliases or something similar ...

Or simply hiding the URL to the end user interfase showing nothing more than a fixed url ficticious adddress 

Carlos N. Porras
(EL Salvador) 

Answer 5

User-330204900 posted

Hi Carlos, I have not done any public facing site with DD as yet but the same does apply for Corporate sites so wat I do is add my Secure Dynamic Data MetaModel and the tie the site down so users can only get to parts of the site that they have permission to access. As for data I have filters that hide them selves and these pre filter the data so the user only see the data he or she is poermitted to see.