Forms Security for Role base security. Nirdesh Puri
Hi,
I am using IBuySpy portal framwork and using Role based security. But I got some security problem in this type of security.
Can you solve my problem.
Role base security:
Role is based on Task Group and Task Group based on Task and Task based on pages url.
Create Two different roles: A and B
Create one user User1
User1 assign role A
if User1 login on site and get the menu of Role A. But any how he get the url of Role B page. How we prevent Role B pages from this user.
Warm Regards,
Nirdesh Puri
|
0 |
|
nirdeshpuri
6/10/2005 5:32:09 AM
asp.net.security
27051 articles. 
1 followers.
0 Replies
1155 Views
Similar Artilces:
when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...
How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...
security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...
form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script in textboxes in that form and can damage database, so how to avoid such security lack. it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...
Duplicate Security Roles Showing up In Security Roles Manager
Anyone have any ideas? We have had and instance of 3.0.13 with one child portal running for about a month now. A few days ago our adminstrator noticed that we have duplicate entries for security roles. For example, the Security Roles Manager shows:Name Description Fee Every Period Trial Every Period Public Auto Administrators Portal Administration False False Administrators Portal Administration False False Registered Users Registered Users &n...
Login with form based authentication and roles based security
Hi, I've develop Sign In pages apply Forms Authentication and Roles Based Security. It means, 1 user can have many roles (HttpContext.Current.User = New GenericPrincipal(fi, astrRoles)). Let's say User ID: sr102, then it roles is Sales, Marketing and Logistic. Im using User.IsInRole("Sales") to control the applications modules. My application like as follow 1. After login success, application show all the application modules such as Logistic, Sales, Marketing, IT, Human Resource and Warehouse. From user id, application will know the roles assigned. How to enable and di...
How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...
Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...
Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...
How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...
Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...
RSA Secure ID enabled website along with role based access to the RSA Secure ID Users
Hello All, I am trying to implement RSA Security to my intranet website. I want to access the 'RSA Secure ID User Name' and 'Password(Passcode here if possible)' in my application to set the roles of the user in the website. I want the RSA Secure ID user as my website user if it is registered into my database only. It means 'RSA access' and 'allocating the page access rights' to the user is totally depends upon the 'secure Id user' . I have to retrieve this information from RSA server and use it into my applic...
Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...
Form based security with Roles and Permissions
Hi, we are looking at adding form based security into our new web application. Our users want the ability to control access down to the field level on every form. We are thinking about creating a view and edit role for each field on each form. However, there is another complexity in that when editing Clients (for example), the field level control also depends on the Status of the Client. We have this sub-role or permission level control issue in quite a few areas within the system, giving you the following example grid or Roles and Permissions: Role ...
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...
How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...
security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...
form security against security
i have a form in my website which is to be filled by user and that form stores in database(sql server 2005). but someone told me that anyone can run script in textboxes in that form and can damage database, so how to avoid such security lack. it is common practice to use parameterized sql statements or stored procs to insure you are protected from sql injections attacks. if you concatenate user input directly into a sql statement, then you are at risk.Mike Banavige~~~~~~~~~~~~Need a site code sample in a different language? Try converting it with: http://converte...
Duplicate Security Roles Showing up In Security Roles Manager
Anyone have any ideas? We have had and instance of 3.0.13 with one child portal running for about a month now. A few days ago our adminstrator noticed that we have duplicate entries for security roles. For example, the Security Roles Manager shows:Name Description Fee Every Period Trial Every Period Public Auto Administrators Portal Administration False False Administrators Portal Administration False False Registered Users Registered Users &n...
Login with form based authentication and roles based security
Hi, I've develop Sign In pages apply Forms Authentication and Roles Based Security. It means, 1 user can have many roles (HttpContext.Current.User = New GenericPrincipal(fi, astrRoles)). Let's say User ID: sr102, then it roles is Sales, Marketing and Logistic. Im using User.IsInRole("Sales") to control the applications modules. My application like as follow 1. After login success, application show all the application modules such as Logistic, Sales, Marketing, IT, Human Resource and Warehouse. From user id, application will know the roles assigned. How to enable and di...
How secure is AuthenticationTypes.Secure?
I understand that AuthenticationTypes.Secure requests secure authentication using Kerberos or NTLM (??). However, here is a scenario I am trying to understand. Let us say that I am having a regular ASP.NET site - with SSL certificates not installed on the web server. The login sends the request out to an AD server which also does not have certificates installed. However, I have set Secure flag to AuthenticationTypes.Secure. When the username and password data gets transmitted between the application and the LDAP server, how secure are the password and username info? In other words is this in...
Password secure...is it secure?
Yes I just got this baby and I LOVE it! Its great. I have stored all my passwords inside of it (and yes made a few backups from them in secure locations) How secure is this program really? It uses blowfish to encrypt the database but how strong blowfish? 128bits? 256? 448? Anything else I should think about it? I have putted it and its databases inside PGPdisk just to play it safe...but then again Im a paranoid. :) -- Markus Jansson ************************************ My privacy related homepage and PGP keys: http://www.geocities.com/jansson_markus/ ********...
Secure connections: how secure are they?
*QUOTE* ......... both useful and malicious information can be transmitted via network connections. Standard solutions protect computers against threats present in standard network connections, but aren't able to counter threats present in secure connections. Verifying the contents of a secure connection is impossible by virtue of its secure nature, as demonstrated by the different types of protection listed above. As a result, malicious data within secure channels can cause a significant amount of damage, and sometimes more than if it were to be transmitted via a standard, non-s...
How secure is secure enough?
July 28, 2008 (Computerworld) This story originally appeared in Computerworld's print edition. If there is a Holy Grail in the information security industry, it surely is the answer to the question, "How secure is secure enough?" It's a question that many security managers have either avoided answering altogether or tried to quickly sidestep by throwing a fistful of mainly pointless operational metrics at anyone who cared to ask. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=321921&intsrc=hm_list -- "Never d...
Security
This is a multi-part message in MIME format. --------------080100010401000103080002 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I'm a Mac user 10.4.8 of Thunderbird 1.5.0.7 & am wondering how "Enabling FIPS" will improve my security? I can't seem to find any explanation of FIPS under Thunderbird help. -- Have a good day R Schwager --------------080100010401000103080002 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Tr...
RSA Secure ID enabled website along with role based access to the RSA Secure ID Users
Hello All, I am trying to implement RSA Security to my intranet website. I want to access the 'RSA Secure ID User Name' and 'Password(Passcode here if possible)' in my application to set the roles of the user in the website. I want the RSA Secure ID user as my website user if it is registered into my database only. It means 'RSA access' and 'allocating the page access rights' to the user is totally depends upon the 'secure Id user' . I have to retrieve this information from RSA server and use it into my applic...
Secure By Design: How Guardian Digital Secures EnGarde Secure Linux
"EnGarde Secure Linux is not just another "repackaged" Linux distribution, but a modern open source system built from the ground up to provide secure services in the threatening world of the modern Internet."... http://www.linuxsecurity.com/content/view/125195/171/ ...."The Community edition of EnGarde Secure Linux is completely free and open source, and online security and application updates are freely available with GDSN registration."... http://www.engardelinux.org/modules/index/index.cgi -- js ...
Form based security with Roles and Permissions
Hi, we are looking at adding form based security into our new web application. Our users want the ability to control access down to the field level on every form. We are thinking about creating a view and edit role for each field on each form. However, there is another complexity in that when editing Clients (for example), the field level control also depends on the Status of the Client. We have this sub-role or permission level control issue in quite a few areas within the system, giving you the following example grid or Roles and Permissions: Role ...
Web resources about - Forms Security for Role base security. Nirdesh Puri - asp.net.security
Krebs on SecurityThe House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...
Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...
Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...
Security (finance) - Wikipedia, the free encyclopediaequity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...
Larwyn's Linx: Team Rubio’s Pathetic National Security Attack on CruzSend us tips ! Bloggers: install a Larwyn's Linx widget . Get real-time news, 24/7, at BadBlue . Nation Team Rubio’s Pathetic National Security ...
There is a second major security vulnerability in Dell computersA second major security vulnerability has been found in Dell computers that leaves customers highly vulnerable to hackers, according to LaptopMag ...
Security never 100%: Mall chief
"We are a soft target," says Bill Taubman, COO of Taubman Centers. "However, we have extensive security."
"We are a soft target," says Bill Taubman, COO of Taubman Centers. "However, we have extensive security."
IDG Contributor Network: Healthcare security and HIPAA: Why compliance and security are still lacking ...... Industry Benchmark Report , we should not be surprised. Based on the Bitsight report, the healthcare industry is near worst in overall security, ...
Some Dell Laptops Shipping With Big Security Flaw Pre-Installed... thousands and plenty of home consumers use them too. And unfortunately, that means there are millions of laptops out there with a big fat security ...
KORWIN: A Well-Regulated Militia IS NEEDED For The Security Of A Free State
Each and every citizen has an obligation to protect themselves from those that would cause them harm
Each and every citizen has an obligation to protect themselves from those that would cause them harm
Resources last updated: 11/25/2015 6:47:08 PM