Need Help fot Security problem

Question

0.00/5 (No votes)

See more:

Hi all

Is there any problem in allowing '&' to the user to insert into database.
Means:I am not restricting the end user to use '&' in the textbox and store in database.
Will i block the '&' also like '<','>' (html tag).

1.Reason for not allow '&' for the end user.
2.If i use it than what should i do so that it will not harm my website.

Please suggest.

Thanks.

Posted 12-Apr-12 23:24pm

bhagirathimfs

Updated 12-Apr-12 23:44pm

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

deepakaitr12345 · Accepted Answer · 2012-04-13T00:34:00

Solution 1

Hi @bhagirathimfs

if you have security issue
please go through the SRE engine provided by Antixss module and Antixss library
SRE with Antixss Module[^]

Most of the time "&" or special cheractors are problematic in silverlight visifire chart control.

Hope it will help you

Thanks

Posted 13-Apr-12 0:34am

deepakaitr12345

Comments

bhagirathimfs 13-Apr-12 7:31am

Can you please explain why the '&' is dangerous/problematic ??

deepakaitr12345 13-Apr-12 7:49am

This char is repeting multiple times on diffrent strings
As well as this is problemetic in turms of your encripted code identification,
if you look at the char like "@" encripted in "&..." form in html.encode mathod.
Please check the HTML Senetiser for this

Hope this will help you
Thanks

bhagirathimfs 13-Apr-12 8:40am

Thanks

Can u please suggest some website to learn more about this.Actually i want to learn more about time.

Thanks for help.

deepakaitr12345 13-Apr-12 8:49am

here you wil see more http://computerconsultants.net/post/Preventing-Cross-Site-Scripting-Attacks-with-AntiXss-31.aspx ----------------http://msdn.microsoft.com/en-us/security/Video/ee658075-------------- http://blogs.msdn.com/b/sdl/archive/2009/09/23/new-and-improved-antixss-3-1-now-with-sanitization.aspx Thanks

bhagirathimfs 25-Jun-12 6:00am

Thanks a ton