Encrypted connection strings have been hacked from web.config? By a user
sitting at the server's keyboard, or some other way?
BTW, I was not aware of hacking of anything from web.config. Can you point me
to a report?
At 04:42 AM 2/9/2007, Paul Cowan wrote
>I am not for one minute suggesting y
>> I think you might be thinking of the Profile system instead.
You are correct, I was talking out of my backside. It was the profile I was
thinking of.
[EMAIL PROTECTED]
> Date: Fri, 9 Feb 2007 08:33:50 -0800> From: [EMAIL PROTECTED]> Subject: Re:
> [ADVANCED-DOTNET] AO
bject: Re: [ADVANCED-DOTNET] AOP and security
Hi,
The membership reads and writes to SqlServer by default, it also puts
impositions as such things as all objects should be serializable.
THere obviously is an overhead involved in reading and writing to SqlServer on
every page request.
>>
k them into upgrading but we
they are being very stubborn.
[EMAIL PROTECTED]
> Date: Fri, 9 Feb 2007 07:05:27 -0800> From: [EMAIL PROTECTED]> Subject: Re:
> [ADVANCED-DOTNET] AOP and security> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM>
> > The default providers in ASP.
:[EMAIL PROTECTED] On Behalf
Of Paul Cowan
Sent: Friday, February 09, 2007 1:43 AM
To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM
Subject: Re: [ADVANCED-DOTNET] AOP and security
I am not for one minute suggesting you can serve web.config files. you are
aware connection strings have been hacked from
PROTECTED]
> Date: Thu, 8 Feb 2007 11:17:58 -0500> From: [EMAIL PROTECTED]> Subject: Re:
> [ADVANCED-DOTNET] AOP and security> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM>
> > What exactly are you worried about? If anyone other than the site
> developers can write to web.c
What exactly are you worried about? If anyone other than the site developers
can write to web.config, you've got a problem. Only they and the asp.net
process should be able to read from it.
If internet (or intranet!) users can access _any_ files on your file system --
vs. having them executed
ate: Thu, 8 Feb 2007 09:36:51 +> From: [EMAIL PROTECTED]> Subject: Re:
> [ADVANCED-DOTNET] AOP and security> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM>
> > hi,> > We are using FormsAuthentication which I know is still possible but
> I really do not want not want to h
PROTECTED]
Date: Wed, 7 Feb 2007 10:02:39 -0800> From: [EMAIL PROTECTED]> Subject: Re: [ADVANCED-DOTNET] AOP and security> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > You can use a directive to apply at the page level as well. For example:> > > >
> > > > >
[EMAIL PROTECTED]
> Date: Wed, 7 Feb 2007 10:02:39 -0800> From: [EMAIL PROTECTED]> Subject: Re:
> [ADVANCED-DOTNET] AOP and security> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM>
> > You can use a directive to apply at the page level as
> well. For example:> > >
.NET topics. [mailto:[EMAIL PROTECTED] On Behalf
Of Phil Sayers
Sent: Wednesday, February 07, 2007 9:47 AM
To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM
Subject: Re: [ADVANCED-DOTNET] AOP and security
i originally did not suggest using the built in stuff because depending on
how the security will be used
ednesday, February 07, 2007 12:33 PM
To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM
Subject: Re: [ADVANCED-DOTNET] AOP and security
OK, I'll bite. What's wrong with the built-in configurability of role
security?
http://msdn2.microsoft.com/en-us/library/5k850zwb(VS.80).aspx
With th
You could just use the built-in support in ASP.Net to do this
http://www.4guysfromrolla.com/webtech/121901-1.2.shtml
It can be as easy as just markup in the web.config
http://www.dotnet-guide.com/role-based-forms-authentication.html
For the sum-total of most wisdom on Roles/etc... you should c
Security is a well known use for AOP as it often times is implemented
as a cross cutting concern.
Phil has mentioned a way to make it less of a cross cutting concern.
I agree in your situation that AOP is probably not the right way to
go. Instead making your pages implement an ISecurePage interf
IL PROTECTED] On Behalf Of Paul Cowan
> Sent: 07 February 2007 17:08
> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM
> Subject: [ADVANCED-DOTNET] AOP and security
>
> Hi all,
> We have an ASP.NET application where users log in under forms
> authentication. Each user is assigned a rol
: Discussion of advanced .NET topics.
[mailto:[EMAIL PROTECTED] Behalf Of Paul Cowan
Sent: Wednesday, February 07, 2007 12:08 PM
To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM
Subject: [ADVANCED-DOTNET] AOP and security
Hi all,
We have an ASP.NET application where users log in under forms
authentication
Hi all,
We have an ASP.NET application where users log in under forms authentication.
Each user is assigned a role and I want only certain roles to view certain
pages.
I am really unsure where to put the code for the security and I do not want to
hard code the security checks into the code an
17 matches
Mail list logo
