Solved

Xml Import security asp.net

Posted on 2014-12-18
5
187 Views
Last Modified: 2014-12-20
I've got an asp.net  program that will create a data set, and then converted to XML, and download it.  I then want to be able to re-import it, and reload the data set to the database.

If I encrypt it, and put a checksum on it, would it be relatively safe from having a sql injection attack built into it between export and import?

If I didn't encrypt it, how might I check it for sql injection attack, considering that it would have unstructured text phrases as part of its content?
0
Comment
Question by:codequest
  • 2
  • 2
5 Comments
 
LVL 12

Accepted Solution

by:
Ammar Gaffar earned 500 total points
ID: 40506847
Hi,
Your question is so generic for me, so defiantly my generic answer is yes, encrypting file is an option, but it might be other solutions based on your business scenario.

I have some questions:
Who is using your asp.net? I mean here anonymous user or authenticated user?
What is your business scenario you need to apply this export and import functionality?
0
 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
ID: 40506921
SQL injection is normally done via http url manipulation and the non checking/validation of user input
0
 
LVL 12

Expert Comment

by:Ammar Gaffar
ID: 40506939
Hi,
Maybe his expression is not the right one "SQL Injuction", but what I understand he is afraid of playing with exported xml file before next import, and this file contains data set structure and data.

codequest, correct me if I am wrong.
0
 
LVL 2

Author Comment

by:codequest
ID: 40506960
Thanks for input.
0
 
LVL 2

Author Closing Comment

by:codequest
ID: 40510790
your questions helped me think it through
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now