Highest Voted '.net' Questions - IT Security Stack Exchange

16

votes

5 answers

Is it safe to binary-deserialize user-provided data?

AppHarbor has a blog post containing sample C# code which reads data from an unsigned cookie and passes it through .Net binary serialization. Is that safe? Obviously, the data is completely tamperable. However, are there any risks in passing…

.net

asked Apr 05 '12 at 03:21

SLaks

260
1
2
8

9

votes

2 answers

Is it a security risk to maintain an application developed for a version of .NET prior to 4.0?

I've had a request that we upgrade all our internally developed applications to .NET v4.0. Needless to say, this is a massive chunk of work. Is using applications based on the .NET framework prior to v4.0 a genuine security issue?

.net

asked Jun 11 '12 at 10:26

Gareth

193
1
5

5

votes

1 answer

Is the ProtectedData class still an acceptable method to store passwords?

I'm writing a piece of software which will have to store a users password to allow authentication with a 3rd Party service. Unfortunately, this service currently requires the use of a password rather than some other method. A key feature/advantage…

.net

asked Mar 25 '15 at 15:58

Dan

181
6

3

votes

2 answers

Challenge Response Login Authentication with Password Salt

I want to implement a challenge-response login authentication for my web application. My understanding is that the server has to send back the password salt for the user so that the user can calculate the password hash on the client side and then…

.net

asked Apr 23 '14 at 04:11

Professed3376

183
1
7

3

votes

1 answer

Is writing programs in .NET less secure since they can be easily reverse engineered?

I had an interesting conversation recently where I was told that Microsoft .NET is not secure since it is more easily reverse engineered than languages like C. Is there any validity in this? If I were to write a section of code which I did not want…

.net

asked Jun 06 '16 at 23:36

Fratink

33
3

2

votes

2 answers

.NET app expects csv files, what if it receives malicious file?

I work in an enterprise environment on small custom applications which read data files (usually CSVs) and integrate the data into accounting software systems. I have come across a situation where there is a server with a user always logged-in and…

.net

asked Nov 22 '16 at 18:29

CodenameCain

121
2

2

votes

1 answer

Does strong naming remove the need for packing/obfuscation?

I'm new to .NET programming, and I'm wondering - from a security perspective - whether the strong naming scheme used in .NET assemblies completely removes the need for other commonly used techniques such as packing the assembled code? To be clear, I…

.net

asked Feb 16 '12 at 09:06

efr4k

507
3
13

2

votes

3 answers

What are the best security practices to install a C# Web App on client servers?

We would like to install a Web App written in C#/.NET4 on client servers, not ours. I would like to know what are the best security practices to implement for avoid the following: Authority stealing. Read files with sensitive data. Software…

.net

asked Dec 27 '11 at 14:36

Rubens Mariuzzo

121
4

1

vote

0 answers

Securing customer assets in .NET

We are rethinking our security and came on an interesting issue. How can me make a generic security implementation for customer owned assets. Does every asset need a direct-indirect relation to a customer. And does this mean that for a secure system…

.net

asked Dec 10 '14 at 12:25

Stefaan Van Hoof

11
2

1

vote

0 answers

How to securely open a folder using .NET without user input?

I would like to open a folder using .NET and it seems like as if Process.Start is the way to go: Open a folder using Process.Start. I already read How to securely use Process.Start? but it deals with user input and was answered almost six years ago,…

.net

asked Feb 06 '20 at 08:32

0lli.rocks

143
7

1

vote

1 answer

Can you fake the Host attribute of a C# URI?

I was wondering if you can fake the Uri.Host value of a string. For example, given the following code: new Uri(url.ToLower()).Host == "example.com" Is there anyway to have this boolean comparison be true, but at the same time the URL go to a…

.net

asked Oct 03 '18 at 02:48

Rob Gates

259
5
11

0

votes

1 answer

Exposing Model to POCO in MVVM Entity Framework Application

To start with, I am dangerously bad at security. I am aware of this, which is why I'm asking for help to figure this out. I have a POCO object, which is exposing an ICollection of a model object, so that I can act on it. Is there an inherent flaw in…

.net

asked Dec 02 '14 at 17:12

rp.kelly

35
4

0

votes

0 answers

Looking for a very basic encrypt/decrypt with a shared key for .net web application

Building a .Net 6 web app and storing data in On-Prem database. I collect some sensitive data that needs to be stored in the database in a format that is not easily readable. I also need to retrieve that data and display it in my…

.net

asked Nov 02 '23 at 15:59

BattleFrog

1
2

0

votes

1 answer

When using public/private keys to secure app licensing info, couldn't someone simply replace your public key to defeat it?

We have a simple C#9/WPF app that we're releasing on .NET 5 Core on which we need to introduce licensing. From what I'm reading, one of the most common patterns to do so is asymmetric encryption, aka public/private key encryption. From what I…

.net

asked Mar 27 '21 at 21:47

Mark A. Donohoe

103
1

0

votes

1 answer

Secure an intranet Winform application

Is there a need to secure winform application in an intranet environment? Clearly, there is no external threat and only authorized personnel have access to the intranet environment, so I am not sure if there is a need to secure it. Unless it's an…

.net

asked Jul 31 '20 at 03:07

johny

1
1

Questions tagged [.net]