It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
Some public wireless networks redirect you to a login page before giving you access to the internet. I want to test not only if the system has internet connection but also if it is unlimited, i.e. there is no redirect to such a login page.
I already checked the properties of HttpWebResponse to find something that could indicate this but found nothing.
How can I know that I'm not being redirected to a provider's login page?
This is intercepted by a proxy. You'll have no idea how "nice" it is, don't expect anything like a 302. So test it by visiting a known-good URL first, one whose response you can rely on. Not Google, something you maintain. If you don't get the expected response then you know that you've been redirected.
Another version of you can't do this:
You can test if you have access to whatever site you're testing as a reference. That doesn't prove you have unrestricted access, though. You might be behind a firewall that blocks out large swaths of the internet (for example, a corporate firewall blocking a bunch of places employees like to waste time but which have no job-related purpose.)
You might be behind the Great Firewall of China that will reset your connection if it doesn't like the domain you're accessing or if it sees words it doesn't like.
You might even be working through an evil ISP that replaces ads with it's own ads.
You cannot do this. As a trivial example, my service provider does not alter my connection or require any special login procedure, but if I use more than my allocated amount I will be charged for it.
Related
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 9 years ago.
I want to be able to have a couple of people with admin rights so that they can edit text fields and other things, but I don't want there to be a login button because there's no rights that I can give to "regular" users, so is there any way I can either secretly have a login or any other solution that I'm just not thinking of.. I'm using .NET with C# in code behind in case that's relevant.
It depends... If you're on intranet, you can use other forms of authentication, for instance automatic windows/AD authentication. Also you can authenticate users based on their IP address, but that would require them to have public static IP, which is not always possible or desirable.
Here is what I have done sometimes if its a closed environment (like an application on an intranet).
On any page that needs special rights:
Have the code check a table for a list of allowed users (using their windows username from their currently logged in Windows Acct). I would do something like this in the page load: (pseudo code)
If NOT userallowed
Send message to the user that he is not allowed
Else
Do whatever code is required
the userallowed function would just return a boolean if the windows id was in the table
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
Is it possible to read cross domain cookie in C#? if possible how can i read the cookie,
the cookie set in one domain like "dev-001" and get a cookie in another domain "localhost"
i used
Request.Cookies["userInfo"].Values
it shows a null value.
Is there any possibilities.because it's our requirement. all the information are available in cookie. but I can't read it
No, that's not possible. Cookies cannot be shared cross domain. That would be a huge security flaw.
However you can allow all subdomains to have access if you set the domain to ".your_domain.com".
A weird solution would be to redirect your user to one of the domain to get the cookie content, as bit like a webservice kind of thing but I wouldn't recommend that at all!
If you really need to store data about your user across multiple platforms, why not storing in a database?
Reading cookies from another domain in not possible. While there would be serious security implications if you could, the pragmatic reason is that the browser never sends cookies from other domains when it makes a request. So the information isn't available.
From your brief description, you need to find a better way of performing the task at hand. Cookies cannot be shared across domain.
However, a third party can be introduced into the mix which allows sharing of data (albeit through a much more elaborate mechanism) though it is possible to disable third party cookies.
Cross-domain user tracking without 3rd party cookies?
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
We are programming a website which use UPS as shipping method. Administrator of the site must approve every order manually, create things propertly with UPS and then just get the tracking number and put it in our system. So we do not use any API from UPS or anything.
Is there a "static" URL like : http://ups.com/apage/{0} we may format to replace the {0} by the tracking number that the administrator will enter in our system?
I know I could search in google, but I'm not realy sure of what to write after UPS URL Tracking number didn't results me anything usefull.
You are required to use the UPS API when interacting with their system to either track packages or manage shipments. Any other use is in violation of their terms of service.
I don't know their terms of service as others have mentioned, but GMail just links to the following when it finds a tracking number in a message. I would assume you could use the same:
http://wwwapps.ups.com/WebTracking/processInputRequest?TypeOfInquiryNumber=T&InquiryNumber1=TRACKINGNUMBER
I'm sure this could end up changing at some point down the road.
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
I was just trying to post something to a website via my localhost to retrieve some data, and suddenly, this idea came to my mind: What happens if I create a post, put it into a for loop that runs over 1 million times, and send requests to a specific url for a million time? I just did not want to try to avoid any harm, but I wonder. And if this could cause some harm, how can I avoid such an attack?
this kind of things actually happen a lot. some are intentional and some are not. take for example: http://en.wikipedia.org/wiki/Slashdot_effect
other times, this is intentional, and its called a DoS (Denial Of Service). a lot of websites are taken down with these attacks, and not always involve an actual connection. it may suffice to saturate the listen backlog of the underlying os.
how to avoid it.. you cant, basically. you can make the best effort at it, but you will never be able to actually avoid it. after all, your website is there to be accessed, right?
You could add a rule in your firewall to block a specific IP address if that were to happen. If it is a sophisticated denial of service, I'm sure the IP address is spoofed and will be random. But for normal web sites, you won't need to worry about this.
Well, the server will get progressively bogged down until it figures out how to handle all 1,000,000 of those requests. Odds are, unless you have legendary hardware, it will become unresponsive and next to useless, creating a great disruption to everyone wanting to access it. This is called a Denial Of Service attack, or a DOS.
There's a few things you can do to prevent this:
Require users to verify that they are human before the server will process their request. This is usually done with Captchas.
Use an intelligent firewall to drop the packets or figure out how to have the server ignore requests from IP addresses that have been sending too many.
Make sure everybody loves your site so much that they wouldn't even think of doing anything to hurt it.
1 is probably most effective and simplest to do, and 3 is impossible. I can't offer a lot of advice about 2 due to lack of experience, and its probably fairly difficult and easy enough to exploit.
Short Story: Go with a Captcha. ;)
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center.
Closed 11 years ago.
This'll be my second time doing a CMS and Inventory Management app for my client. This particular client wants it all to be online. Instead of a desktop app, like I did with my previous client. Which is fine I guess, however I'm a little concerned about the security stuff... What if it gets hacked? He basically wants to be able to manage, view, create new and edit existing orders via his website from an "Admin" type interface after he logs in as an Admin, so obviously I'm going to need Roles.
But is this common or normal practice? The website isn't an intranet, or hosted locally, it's remotely hosted.
Yes, its very normal all of my websites have admin interfaces that allow access to just about everything with the proper credentials.
A word of caution however: If you are not sure what you are doing, I'd be very careful about accepting/storing credit cards or other sensitive information(SSN's medical data etc) . Its easy to screw up, and if that stuff get hacked, you may have some serious legal problems to deal with. Consider hiring someone with the right experience to help with security.
Everything you listed is normal to a Web application, whether it's hosted locally or on an intranet, or hosted remotely.
What you need is probably already implemented in other online CMSs (see Orchard CMS), but if you want to roll your own CMS, it's very easy to use ASP.NET MVC; it also has easy integration with Forms Authentication for ASP.NET.