Tamper proof URL's, Expiring Web Pages

Passing Tamper-Proof QueryString Parameters and Creating Expiring Web Pages cover how you can improve the security of your web application. While the example code is in VB.NET, the idea can be applied to any web programming language (PHP, Perl, VBScript etc). Basically you pass a hash (of the parameters plus a 'secret salt' (a custom string added to the start/finish)) only known to those that need to connect to the page (often just pages on the same website, but maybe used by other sites), along with the parameters and the current time and date.

Tags: ,

Comments

Post a Comment

Popular posts from this blog

Select box manipulation with jQuery

If you read the jQuery mailing list , you may be aware that I have updated my plugins for working with select boxes . Summary of changes: addOption replaces any options with the same value (so think of it as an add/replace options plugin selectOptions selected options in addition to what was already selected, but there is now an option for it not to do this There are two new methods: copyOptions which is for copying options between select boxes ajaxAddOption allows you to add options via AJAX (i.e. could be used for create options dynamically from a server script)
Read more

Basic Excel Spreadsheet Generation (ASP/ASP.NET)

The 'correct' way to generate Excel spreadsheets is through the use of Office Web Components . However, due to the licensing (see MSKB Article ) you cannot use them on a public internet site (as a client license for Office is needed for each user retrieving the document). However, this can be overcome due to the fact that Excel recognises HTML code. You can therefore output HTML that can be opened in Excel: First of all, set the content type and response header to make the browser handle it as an Excel spreadsheet. ASP VBScript: <%@Language="VBScript"%> <% Response.ContentType="application/vnd.ms-excel" Response.AddHeader "content-disposition", "attachment; filename=ExcelFileName" %> ASP JScript: <%@Language="JScript"%> <% Response.ContentType="application/vnd.ms-excel"; Response.AddHeader("content-disposition", "attachment; filename=ExcelFileName"); %
Read more

Link: HTML Agility Pack (.NET)

The HTML Agility Pack is an HTML parser for .NET, supporting XPATH and XSLT parsing. Basically the HTML equivalent of XmlDocument . Example use (from site): HtmlDocument doc = new HtmlDocument(); doc.Load("file.htm"); foreach(HtmlNode link in doc.DocumentElement.SelectNodes("//a[@href]") { HtmlAttribute att = link["href"]; att.Value = FixLink(att); } doc.Save("file.htm");
Read more