I remember reading somewhere that it's possible to configure your web.config to send email to files, instead of setting up a real SMTP server for development. How is this done?
Hidden Features of ASP.NET
Related
This is my first time making a website.
On the website I have made a form for client to fill in their details. It uses the CDO.Message and smtpserver (gmail) and the details can be sent successfully to my email.
Now I want to add a function to allow client to attach file(s) and send the files with the form to my email.
Can I do this without having the attachment(s) being uploaded to the server? I want the details on the form and the attachment(s) being sent directly to email.
Is it possible to use the AddAttachment function, get the file path on client's machine and send the attachment to email? If so how to get the full file path on client's machine?
Thanks a lot.
No. The file will have to be on the server to use that method to add it to the e-mail.If you do this, be very careful because it is a high security risk to allow users to upload files to the file system of a web server.
I'm developping an application that I should give to a person only to test its functionality, and I don't want him to have the code.
I also do not want to host the application and give him a remote access.
what should I do?
You could use ioncube to encode your sources before passing them on to your client.
You can save your client the trouble of setting up a server by hosting the app yourself and using .htaccess to password protect the app and/or set up an IP restriction.
I am not very familiar with hacking techniques and safety vulnerabilities, but I am starting to worry a little bit about our site's security, which is built on ASP Classic, running IIS 7.5
We use ASP inline authentication. Inside the ASP file I have the username and password set up. I have restricted the access to a certain username to a specific IP address (the username used by employees) and the other usernames use a confirmation password received by SMS on the phone.
Is the IP based auth safe? I've heard of entering a certain IP address through certain ports and thus gaining access from that certain IP address.
Can the content of the ASP file get hacked and read?
When generating the SMS, the ASP script opens a link through XMLHTTP 'https://generate.sms-company-domain.com/?password=&acount=&message=Your confirmation password is '. Could somebody listen to the URL that are called and easily get the SMS password?
Can you think of any vulnerabilities of our log in methods?
Thanks!
your 3rd point is looks like problem if URL expose in that way any one can read password or information via some tools like fiddler.
for protect your site from hacking please make sure
1) you site used SQL injection technique
2) all important data submit via post method.
3) need to take care of Cross site scripting attack like when someone load page it save one encrypted value in cookie and in code read that cookie value so we can confirm that page is not calling from some other place.
In my web.config file there are below entries. It seems like it is used to send mails from my website.
How i know maiks has been sent from my website?
<add key="emailFromAddress" value="help-desk#home.com"/>
<add key="emailTo_StoreAuthorise" value="help-desk#home.com"/>
You can't know that mails have been sent from your web application. It is the responsibility of the mail server to process emails, not the web server - this means that your code will use mail code, which uses the mail server (e.g. exchange) to actually send out the mails.
What you could do, is check the mail server to see what's been sent out on this email address. It's not perfect, because you may have a user who sends mails on this account, so it will only tell you that mail was sent - not that this mail was sent by your code.
If you need this functionality, you'll need to write this information out at some point - e.g. when the code requests the send mail.
The mails are not sent through your website, but through your mail server.
Your options are:
Check the mail server to see if it logs your sent mails.
Add code to the method that sends the mail in your website to log this event in some place.
Maybe check some kind of IIS-log.
Use such a code to generate link wich will set the mail's subject:
<asp:HyperLink id="EMailLink" runat="server"
NavigateUrl="mailto:<%# System.Configuration.ConfigurationSettings.AppSettings("emailFromAddress") %>?subject=[YourSite.com]"
>EmailUs</asp:HyperLink>
I'm assuming you didn't write the app and have inherited it from someone else, but now wish to check that the email functionality is working and can't be bothered to look at the code?
If you are just trying to check that they work in a development setting and your app has a mailSettings config element, you could configure it so that the mails are written to disk, as shown here.
I'm setting up my first site using the asp authentication provider and using the built in asp.net login control.
My question, is the password encrypted or hashed as it's sent to the server using the asp.net login control? or do I need to use https/ssl to accomplish this?
Thanks
Go with HTTPS.
Per MSDN, "By default, the ASP.NET login controls work in plain text over HTTP. If you are concerned about security, use HTTPS with SSL encryption."
Unless you are using HTTPS, no. ASP.Net is leveraging the available HTML controls, and the data posted back to the server is in plain text. I would use SSL/HTTPS if you want your authentication to be secure.
The login control works as a normal form post. There is no encryption or challenge-response method. You must use SSL if you want any security.
The any text based data is sent as is to the server regardless of the language used by the server as this is controlled by the HTML Framework. You can create a Javascript encryption or hash algorith and use that prior to submitting the form data.
However the most secure method would be to use HTTPS.