asp.net - Error handling for query string parameters -1%27, getting bombarded -

-

i not expert, not rookie either. i'm using asp.net webforms. set error catching routine in global.asax log error info in sql table , redirect friendly error page. began finding hundreds of exceptions per day in query string "?id=-1%27". use query strings items , categories allow integers of 3 digits or less. started geo-locating ips. vast majority of them russia , surrounding countries. started storing of ips in table. else experiencing , how best handle it. want catch legitimate errors, major annoyance. input appreciated. have googled 2 days , can't find related issue.

the %27 ascii single quote (') , red flag trying perform sql injection via query string application's data access layer logic.

i less concerned attacks coming , more focused on techniques protecting/processing data before attempted used data access layer , data storage (read: database).

using parameterized sql , data sanitation (read: white-listing allowable text strings) great first step in combating these attacks.

update

it might worth considering creating custom exception invalid id value being passed in part of query string. can test length being greater 3 , throw custom exception. elsewhere can catch/trap custom exception type , whatever wish (read: potentially ignore exception if becoming large of annoyance). please understand never advocate ignoring exceptions (empty catch block), merely stating possible such "bad" thing.


Comments

Post a Comment

Popular posts from this blog

dns - How To Use Custom Nameserver On Free Cloudflare? -

-
i have problem. i own small hosting company. trying add cloudflare site free cdn. problem when sign have change nameservers nameservers. have nameserver dns set through godaddy, how add them cloudflare? main site uses company's nameservers whenever add them site goes offline. when go cloudflare's dns records click on dropdown, click ns, , there's 2 boxes 'name' , 'nameserver'. mean input 'ns1' 'name' , 'ns1.domain.com' 'nameserver'? input server's ip addresses? is there way of accomplishing free version of cloudflare? that impossible. option have custom name servers available on business , enterprise. see https://www.cloudflare.com/plans . also, might mistaken. must change name servers in domain register settings, not on cloudflare.
Read more

python - Pygame screen.blit not working -

-
in program creating in python/pygame, screen.blit not working. in other programs have made, screen.blit works. error: traceback (most recent call last): file "c:...\main.py", line 46, in <module> screen.blit(sight.image, sight.rect) attributeerror: 'int' object has no attribute 'blit' the error in question caused screen variable being allocated integer instead of pygame.surface() object.perhaps accidentally rewrote variable somewhere? from can make of doing, seems stating position of blit full rect instead of coordinate. when do: screen.blit(sight.image,sight.rect) what program seeing is: screen.blit(sight.image,(sight.rect.x,sight.rect.y,sight.rect.width,sight.rect.height)) i assuming don't intend this. remember rect object consists of position, width , height. to correct code, put (sight.rect.x,sight.rect.y) location goes instead this: screen.blit(sight.image,(sight.rect.x,sight.rect.y)) the .x , .y corres
Read more

c# - Web API response xml language -

-
i having simple post url clients send post request. http://mydomain.com/requests/request post data: <request> <orderid>1e008921</orderid> <ordername>mc1</ordername> </request> to respond sending them xml <srequest> <requestedby>client 1 </requestedby> <requestname>test name</requestname> <requeststatus>success</requeststatus> <srequest> now client wants above xml in different language (say french ) how handle ? how send response language preference in web api ? specially post scenario ? (append language string ? or best practices ?) i suggest either include in url: http://mydomain.com/fr/requests/request or use http header accept-language . read more in answer to: good way changing language resources dynamically request
Read more