The Lounge is rated PG. If you're about to post something you wouldn't want your
kid sister to read then don't post it. No flame wars, no abusive conduct, no programming
questions and please don't post ads.
Funny thing is we already have licenses. We just need the personnel to perform the upgrades. I'm just a web monkey; they don't (usually) let me install stuff on the servers. They already have plenty of DBA's, software engineers, and license managers to avoid installs as long as possible.
Its not .NET's fault, its actually a XSS attack, that the tool is testing for. What the tool is saying, is that you should validate the input before that URL has a chance to be generated. You can cause a lot of problem for your users if you have XSS vulnerabilities, its what virus writers use to spread the virus over the internet.
You should raise this as a serious bug with the original developers.
Red-Siren testing is something I implemented at several Fortune 500 companies and many smaller companies.
It's testing that seeks to reveal critical security issues in an OS, system, web app, application, or the occasional contract developer that picks their nose and doesn't <ahem> dispose of the content upon their finger but continues typing ... all of which, when discovered, a "red-siren" type warning (akin to an actual red emergency light and siren on an emergency vehicle) is generated.
I still saw your first version about VB, and you should say VB Versions <= 6, as VB.NET uses 0-based arrays.
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image. Stephen Hawking
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- "Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass." - Dale Earnhardt, 1997
Last Visit: 31-Dec-99 19:00 Last Update: 27-Feb-17 9:15