Sanitizing Queries to the Microsoft Indexing Service

If user input for a search field is "submitted" via javascript rather than the asp form postbacks (basically the same as validateRequest=false), what should be done to sanitize the input before it is used to generate a query to the Microsoft Indexing Service.

Is HtmlEncode appropriate?

-1
mattucg
4/29/2009 4:27:09 PM
asp.net.security 27051 articles. 1 followers. Follow

1 Replies
1255 Views

Similar Articles

[PageSpeed] 52
Get it on Google Play
Get it on Apple App Store

Hi,mattucg

You can use Regular Expression to validate the input by javascript. check this link for more information:

http://www.w3schools.com/jsref/jsref_obj_regexp.asp

Regards


Andrew Zhu
Microsoft online ASP.NET support
Please remember to click “Mark as Answer” on the post that helps you. This can be beneficial to other community members reading the thread.
0
Andrew
5/5/2009 2:54:56 AM
Reply:

Similar Artilces:

Microsoft Security Bulletin MS10-060
<http://www.microsoft.com/technet/security/Bulletin/MS10-060.mspx> --=20 Randy <http://msmvps.com/blogs/siljaline/default.aspx> <http://www.linkedin.com/in/randyknobloch> On 8/12/2010 9:39 PM, Randy Knobloch wrote: > <http://www.microsoft.com/technet/security/Bulletin/MS10-060.mspx> > > Interesting, the patch for Silverlight is an outdated version (version 3). I already had version 4 on my system (apparently from Windows Update). JJ JuicyJ wrote:=20 > On 8/12/2010 9:39 PM, Randy Knobloch wrote: >> <http://www.microsoft.com/...

PLEASE HELP! w/Index Server, Indexing service query
Hello, I have set up indexing service via Index Server on my local machine. I have successfully created the catalog, set up the document directory and indexed the documents within my directory. I am having problems with the query not returning the document properties that I would like to see (such as DocTitle, DocAuthor, etc.) Everything works fine, except for the fact that the result set is not returning the data fields that I need. The search works great (as far as I can tell). I also installed the adobe ifilter so that index server can also search pdf files and that seems to w...

A community site for Service Oriented with Microsoft .Net
Hi, I'm a .net developer and the owner of the domain ServiceOriented.net. I'm planning to set up an online developer community for Service Oriented with Microsoft .net. Website hosting will cost 30$ per month. Will Microsoft be a sponsor of  www.ServiceOriented.net? Best regards -ngocthan   Just a quick suggestion....I think that you'd do well to build the site and get it going before asking for sponsors, and you'll be far more likely to get them.  Community sponsors want to know that their money is helping the community, and paying for a site that hasn't be...

Can we use Microsoft indexing service for the indexing of Database tables.
Hi friends can we use microsoft indexing service for the indexing of Database files. if yes give me description. Hi ramkoti ,      Refer the below links :                                     http://www.codeproject.com/KB/database/Indexing_Service_HOW-TO.aspx                       ...

Error with Dot Net Optimisation Service on Reporting Services Query Designers
I am in the process of commisioning a 32-bit Windows Server 2003 running SQL Server Standard 2005 with Sp2, Windows Sharepoint Services 3.0 and Team Foundation Server 2008.  The server runs as a guest under VMWare on a 64-bit host. I have noticed a number of 1101 Errors in the Application Event Logs. A typical error text is: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Failed to compile: Microsoft.ReportingServices.QueryDesigners, Version=9.0.242.0, Culture=neutral, PublicKeyToken=89845dcd8080cc91 . Error code = 0x80070002 I have noted the following other me...

Microsoft Indexing Service
Dear all,               I want to use Microsoft Indexing Service for my DNN application. I want to create catalogs dynamically as my site supports multiple portals.I am using Microsft com component (CIODMLib) but I am not able to set permission for my application . At the time of  creation i am getting a error that Acess is denied.I was able to create a Catalog (used by index server) for a windows application but its not working with the web application. Could any of you help me out You could configure DotNetNuke...

Its About Microsoft Indexing Service.
I am using microsoft indexing service for searching Html Documents.The problem is that i am not getting the Characterization property of the file.i have set the Registry entries "GenerateCharacterization" and "MaxCharacterization" property to 1 and 320(decimal) respectively.And the code is as follows:- public void Search() { //create a connection object and command object, to connect the Index Server System.Data.OleDb.OleDbConnection odbSearch = new System.Data.OleDb.OleDbConnection( "Provider=\"MSIDXS\";Data Source=\"SearchDocs\";&...

WS-Security with VS.NET 2005 Web Service and .NET 1.1 Client
We ship a webservices client piece into the field which is required to run on the .NET 1.1 version of the framework, this is defined by our business people and cannot change. We would like to work with .NET 2.0 in VS.NET 2005 for the backend Web Service piece. We are able to get the 2 to communicate fine and it is not a problem. The issue now is that we need to introduce security through WS-Security. I have not been able to find much information about interop between the 2 environments and WS-Security and cannot get the security elements to be invoked in VS.NET 2005. Currently we are trying ...

Microsoft released Microsoft XML Parser (MSXML) 3.0 Service Pack 5 (SP5) with security fixes
The Microsoft XML Parser (MSXML) 3.0 SP5 release offers a number of security fixes and bug fixes over the previous MSXML 3.0 SP releases. All MSXML 3.0 releases provide: -Server-safe HTTP access -Complete implementation of XSL Transformations (XSLT) and XML Path Language (XPath) -Changes to the Simple API for XML (SAX2) implementation, including new SAX2 helper classes with even higher conformance with World Wide Web Consortium (W3C) standards and the OASIS Test Suite. System Requirements -Supported Operating Systems: Windows 2000, Windows 98, Windows ME, Windows NT, Window...

Using Microsoft Indexing Service
Hi I am using Microsoft Indexing Service for my search page.However when the search results display file with an unusual file extension e.g. .asa, it falls over.Has anyone used this service before?any help would be greatthanks  I guess you are using classic ASP code as Global.asa if applicable to that language and not .net.Anyways, you have to apply file filters if you want to skip any specific file type. I used this service long back in ASP code, where I used regular expression in code for executing search to remove unwanted file extensions. I compete with myself to motivat...

CISSO Indexing Service Query
I'm trying to figure out a way to query the Indexing Service through ..NET,  I have successfully implemented the search using the CISSO query object, but for some reason I can't get the characterization data to show up.   Does anyone know what I'm going wrong?  I know the characterization data is there because it shows up in a classic ASP application that I wrote using the same catalog. Dim Query As String = "enginuity" Q.Query = Query Q.SortBy = "rank[d]" Q.Columns = "DocTitle, DocLastAuthor, Characterization, filename, rank, path...

How to call a .net web service from another .net web service?
Hi all,I have developed two asp .net web services using visual studio .net 2003.I wish to call one web service from another web service.I tried adding a web reference of the web service in another web service and was able to do so.but i m not able to access the web methods provided by the web servicecould you please suggest a way to go about itExpecting quick replyThanxCharmy try to make sure that you reference it in the web reference and call it properly this is sample  [WebMethod()] public double CalcDistance(int x1, int y1, int x2, int y2) { Calculator.Service1 calc = new...

Microsoft Security Notification Service
Follow-ups set for grc.security. -----BEGIN PGP SIGNED MESSAGE----- Dear Microsoft Customer, I'm taking the unusual step of sending this mail to the Microsoft Security Notification Service mailing list to tell you about some changes in communications practices that the Microsoft Security Response Center is making. Customer feedback tells us that, while technical professionals value our security bulletins, many end-users find them overly detailed and confusing. In addition, end-users who subscribe to the Microsoft Security Notification Service receive bulletins that are ...

Microsoft Security Notification Service
I don't know if this has already been posted, but if not: - ---------------------------------------------------------------------- Title: 13 December 2001 Cumulative Patch for IE Date: 13 December 2001 Software: Internet Explorer Impact: Run Code of an Attacker's Choice Max Risk: Critical Bulletin: MS01-058 Microsoft encourages customers to review the Security Bulletin at: http://www.microsoft.com/technet/security/bulletin/MS01-058.asp. - ---------------------------------------------------------------------- Issue: ====== This is a cumulative pat...

Web resources about - Sanitizing Queries to the Microsoft Indexing Service - asp.net.security

Sanitizing Mel Weinberg and the Horrors of Abscam
A thirty year-old scandal is suddenly new again, as a film is currently being produced in Hollywood about Abscam , the FBI sting operation that ...

Sanitizing The Death Penalty
Balko observes: [A] number of experts say death by firing squad is swift, relatively painless and less likely to go wrong than other means of ...

NYPD caught red-handed sanitizing police brutality Wikipedia entries
IP addresses linked to the New York Police Department's computer network have been used to sanitize Wikipedia entries about cases of police brutality. ...

"Is the Department of Justice sanitizing its connection to Media Matters for America?"
"Needless to say, nobody’s talking over at DoJ... at least they’re tacitly admitting that getting caught at treating with MMfA too openly is ...

Iran Already Sanitizing Nuclear Site, Intel Warns
... wondering if Tehran intends to comply with the accord. The U.S. intelligence community has informed Congress of evidence that Iran was sanitizing ...

The Gutter hoping to open tonight, sanitizing venue, say they closed voluntarily
Yesterday it was revealed that the doctor with ebola in NYC spent the evening at Williamsburg concert venue and bowling alley The Gutter before ...

YouTube’s New Comments Policy Is Sanitizing YouTube For Advertisers — And Crushing The Number Of New ...
In September, YouTube changed its policies to require users to log in to their Google+ accounts before they could leave a comment on one of the ...

Vioguard Self-Sanitizing Keyboard Introduced in Canada; UV Light Kills H1N1 Flu, MRSA and Healthcare-Associated ...
Vioguard LLC, www.vioguard.com, is introducing the world&#8217;s first self-sanitizing computer keyboard to kill MRSA and other healthcare-associa ...

Sanitizing crew turned away at Ebola patient residence - CNN.com
Days after a man was diagnosed with Ebola in Dallas, the apartment where he stayed has not been sanitized and four relatives are still living ...

Vioguard's self-sanitizing keyboard means maybe we don't all have to die this year
If there's one thing scarier than going to the hospital for some potentially harmful harmfulness, it's getting sicker due to some minor slip-up ...

Resources last updated: 12/22/2015 1:53:27 AM