Solved

Xml Import security asp.net

Posted on 2014-12-18
5
195 Views
Last Modified: 2014-12-20
I've got an asp.net  program that will create a data set, and then converted to XML, and download it.  I then want to be able to re-import it, and reload the data set to the database.

If I encrypt it, and put a checksum on it, would it be relatively safe from having a sql injection attack built into it between export and import?

If I didn't encrypt it, how might I check it for sql injection attack, considering that it would have unstructured text phrases as part of its content?
0
Comment
Question by:codequest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 12

Accepted Solution

by:
Ammar Gaffar earned 500 total points
ID: 40506847
Hi,
Your question is so generic for me, so defiantly my generic answer is yes, encrypting file is an option, but it might be other solutions based on your business scenario.

I have some questions:
Who is using your asp.net? I mean here anonymous user or authenticated user?
What is your business scenario you need to apply this export and import functionality?
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40506921
SQL injection is normally done via http url manipulation and the non checking/validation of user input
0
 
LVL 12

Expert Comment

by:Ammar Gaffar
ID: 40506939
Hi,
Maybe his expression is not the right one "SQL Injuction", but what I understand he is afraid of playing with exported xml file before next import, and this file contains data set structure and data.

codequest, correct me if I am wrong.
0
 
LVL 2

Author Comment

by:codequest
ID: 40506960
Thanks for input.
0
 
LVL 2

Author Closing Comment

by:codequest
ID: 40510790
your questions helped me think it through
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question