Index - Hacking the Code ASP.NET Web Application Security [Electronic resources] نسخه متنی

Index

U

UDL files, 278

UIPermission class, 375

unauthorized access

deciding how to authorize users, 87–91

defined, 54

employing file authorization, 91–93

UnIdentityPermission class, 375

Unix utilities, downloading, 214

unstructured error handling, 318–320

untainted variables, 212

UPN certificate mapping, 69–70

URL authorization

blocking HTTP verbs, 95–97

files and paths, 97–98

overview, 93

users and roles, 93–95

URL-based tokens, 117, 151

UrlEncode method, 232, 233

UrlPathEncode method, 232, 233

UrlReferrer property, 208

URLs

as code group membership condition, 371

as type of evidence, 368

URLScan, 259

UrlSegmentMaxCount value, 249

UrlSegmentMaxLength value, 249

user-defined database roles, 279

user input

constraining, 218–243

techniques for validating, 218–243

user store, 195

user weakness, on cryptographic systems, 155

UserAgent property, 208

UserHostName property, 208

usernames

easily guessed, avoiding, 11–12

limiting exposure, 15–16

reason for requiring, 3

vulnerability, 51

in web.config file, 58–61

users.See also accounts, user

authenticating, 55–86

authorizing, 86–102

educating, 42–44

empowering, 42–45

establishing credentials, 3–18

involving, 44–45, 52

limiting idle accounts, 16–18

security threat summary, 2–3