{"id":22047,"date":"2021-03-09T01:01:10","date_gmt":"2021-03-09T06:01:10","guid":{"rendered":"http:\/\/bangla.salearningschool.com\/recent-posts\/how-to-secure-your-net-applications-software-development-web-development-root-by-sayed-ahmed\/"},"modified":"2021-03-09T01:01:10","modified_gmt":"2021-03-09T06:01:10","slug":"how-to-secure-your-net-applications-software-development-web-development-root-by-sayed-ahmed","status":"publish","type":"post","link":"http:\/\/bangla.sitestree.com\/?p=22047","title":{"rendered":"How to Secure Your .Net Applications #Software Development #Web Development #Root #By Sayed Ahmed"},"content":{"rendered":"<h2>How to Secure Your .Net Application<\/h2>\n<ul>\n<li>Use multiple levels of security: Physical Level (data center security), Network Level (firewall), Operating System Level (accounts, trust level), Web Server Level (use virtual directory), Web Application Level (authentication, authorization), Database Level (different accounts to perform different types of database operations), Data Level (encrypt sensitive data), use Best Practices (prevent SQL Injection and XSS)<\/li>\n<li>Use separate database servers than the web server (in general more secure but not the better choice always, you may need to consider pros and cons between performance and security, your future scalability requirements, application requirements). <!--a href='http:\/\/stackoverflow.com\/questions\/659970\/why-is-it-not-advisable-to-have-the-database-and-web-server-on-the-same-machine'&gt;check here:http:\/\/stackoverflow.com\/questions\/659970\/why-is-it-not-advisable-to-have-the-database-and-web-server-on-the-same-machine&lt;\/a--><\/li>\n<li>Take security measures in terms of accounts and trust levels on who can access the physical machine and from where and how<\/li>\n<li>Control the permissions for the account under which the web-application is running. (Ole DB, Registry, File\/IO)<\/li>\n<li>Configure IIS for anonymous access. use IIS_machinename system account with limited access<\/li>\n<li>Configure web-pages to require authentication whose information you want not to be available publicly<\/li>\n<li>Use database based authentication for internet applications<\/li>\n<li>Use role level security; also use page level and control level security. Control access to the feature, control access to the page, also control access to the controls<\/li>\n<li>For the database operations, based on the user permission level, use separate database accounts to perform database operations. When user has read only access, use a db user that only has read only operation permission on the database.<\/li>\n<li>Use database based accounts; do not use windows based authentication<\/li>\n<li>Never trust user input, avoid dynamic SQL, do not use the admin account to perform database operations, encrypt the sensitive data stored in the database,<\/li>\n<li>Display custom error messages to the user. Do not display system generated error messages to the user<\/li>\n<li>Encode and quote user input. Do not provide feature for end users to create dynamic SQLs.<\/li>\n<li>Always validate data, check for data types as well.<\/li>\n<li>set HTMLEncodeValue = true<\/li>\n<li>Use SSL<\/li>\n<li>Use POST and Session avoid using Get and Cookies<\/li>\n<li>Encrypt URL parameters using key based encryption<\/li>\n<li>Do not decrypt data for validation checking but encrypt and compare<\/li>\n<li>Encrypt all sensitive data<\/li>\n<\/ul>\n<p>&nbsp; From: http:\/\/sitestree.com\/?p=131<br \/> Categories:Software Development, Web Development, Root, By Sayed Ahmed<br \/>Tags:.Net, .Net Applications, Secure, security<br \/> Post Data:2012-12-11 04:58:19<\/p>\n<p>\t\tShop Online: <a href='https:\/\/www.ShopForSoul.com\/' target='new' rel=\"noopener\">https:\/\/www.ShopForSoul.com\/<\/a><br \/>\n\t\t(Big Data, Cloud, Security, Machine Learning): Courses: <a href='http:\/\/Training.SitesTree.com' target='new' rel=\"noopener\"> http:\/\/Training.SitesTree.com<\/a><br \/>\n\t\tIn Bengali: <a href='http:\/\/Bangla.SaLearningSchool.com' target='new' rel=\"noopener\">http:\/\/Bangla.SaLearningSchool.com<\/a><br \/>\n\t\t<a href='http:\/\/SitesTree.com' target='new' rel=\"noopener\">http:\/\/SitesTree.com<\/a><br \/>\n\t\t8112223 Canada Inc.\/JustEtc: <a href='http:\/\/JustEtc.net' target='new' rel=\"noopener\">http:\/\/JustEtc.net (Software\/Web\/Mobile\/Big-Data\/Machine Learning) <\/a><br \/>\n\t\tShop Online: <a href='https:\/\/www.ShopForSoul.com'> https:\/\/www.ShopForSoul.com\/<\/a><br \/>\n\t\tMedium: <a href='https:\/\/medium.com\/@SayedAhmedCanada' target='new' rel=\"noopener\"> https:\/\/medium.com\/@SayedAhmedCanada <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How to Secure Your .Net Application Use multiple levels of security: Physical Level (data center security), Network Level (firewall), Operating System Level (accounts, trust level), Web Server Level (use virtual directory), Web Application Level (authentication, authorization), Database Level (different accounts to perform different types of database operations), Data Level (encrypt sensitive data), use Best Practices &hellip; <\/p>\n<p><a class=\"more-link btn\" href=\"http:\/\/bangla.sitestree.com\/?p=22047\">Continue reading<\/a><\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1917],"tags":[],"class_list":["post-22047","post","type-post","status-publish","format-standard","hentry","category-fromsitestree-com","item-wrap"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":24400,"url":"http:\/\/bangla.sitestree.com\/?p=24400","url_meta":{"origin":22047,"position":0},"title":"Overview on .Net Solution Architecture #Root","author":"Author-Check- Article-or-Video","date":"April 8, 2021","format":false,"excerpt":"Overview on .Net Solution Architecture Actually, I wrote this long back as you can see at: http:\/\/salearningschool.com\/displayArticle.phptable=Articles&articleID=793&title=Overview%20on%20.Net%20Solution%20Architecture Microsoft Solution Framework is a combination\/mix of both Waterfall model and Spiral model. It includes waterfall models milestone based planning and resulting predictability with the spiral model's benefits of feedback and creativity Roles\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":69408,"url":"http:\/\/bangla.sitestree.com\/?p=69408","url_meta":{"origin":22047,"position":1},"title":"Overview on .Net Solution Architecture #20","author":"Author-Check- Article-or-Video","date":"August 20, 2021","format":false,"excerpt":"Just an overview (Will be updated ...). Microsoft Solution Framework is a combination\/mix of both Waterfall model and Spiral model. It includes waterfall models milestone based planning and resulting predictability with the spiral model's benefits of feedback and creativity Roles in the MSF Team Model: Product Management (Deals with customers,\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":22714,"url":"http:\/\/bangla.sitestree.com\/?p=22714","url_meta":{"origin":22047,"position":2},"title":"Dot Net Nuke i.e DNN Architecture #Root #By Sayed Ahmed","author":"Author-Check- Article-or-Video","date":"March 19, 2021","format":false,"excerpt":"Dot Net Nuke Architecture Components: --Web pages --Web pages can belong to different sites i.e multiple sites can be hosted using a single install of DNN (i.e single web application framework) ( you can keep content, roles, and user permissions separate for each of these sites) --Modules i.e. mini applications\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":78354,"url":"http:\/\/bangla.sitestree.com\/?p=78354","url_meta":{"origin":22047,"position":3},"title":"Client and Server Side State Management in C# (ASP.Net)","author":"Sayed","date":"August 5, 2025","format":false,"excerpt":"By AI: Here\u2019s a copyright-free, blog\/Facebook-friendly explanation of Client-side and Server-side State Management in C#\/.NET, along with techniques under each category. You can freely copy and use it. \ud83c\udf0d Client-side vs Server-side State Management in C#\/.NET In C# and .NET applications\u2014especially in web development like ASP.NET\u2014state management helps maintain data\u2026","rel":"","context":"In &quot;C# - Misc&quot;","block_context":{"text":"C# - Misc","link":"http:\/\/bangla.sitestree.com\/?cat=1973"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":66421,"url":"http:\/\/bangla.sitestree.com\/?p=66421","url_meta":{"origin":22047,"position":4},"title":"Key J2EE  Components : Basic Concepts with Examples #Java Short Notes","author":"Author-Check- Article-or-Video","date":"July 19, 2021","format":false,"excerpt":"Java EE 5 (J2EE 5) uses XML deployment descriptors for the configuration of the web-applications and web-components. What Java EE provides? It provides the internal framework\/structure\/system level capability\/system-level infrastructure to support large enterprise level applications with features like distributed database, distributed computing , security, and transaction management. J2EE also provides\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":67364,"url":"http:\/\/bangla.sitestree.com\/?p=67364","url_meta":{"origin":22047,"position":5},"title":"What is Hibernate? #Java Short Notes","author":"Author-Check- Article-or-Video","date":"July 20, 2021","format":false,"excerpt":"Why Hibernate? A database is an integral part of many different types of applications. Standalone single-person applications to multi-user distributed business and enterprise applications make extensive use of databases. Many high end technology applications in industries including telecommunications, and surveillance systems make extensive use of databases. However, in recent years,\u2026","rel":"","context":"In &quot;FromSitesTree.com&quot;","block_context":{"text":"FromSitesTree.com","link":"http:\/\/bangla.sitestree.com\/?cat=1917"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts\/22047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=22047"}],"version-history":[{"count":0,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=\/wp\/v2\/posts\/22047\/revisions"}],"wp:attachment":[{"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=22047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=22047"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bangla.sitestree.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=22047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}