![]() |
|
![]() | ||
|
Subject:
My website homepage is sometimes crashing...
Category: Computers Asked by: cornchip-ga List Price: $5.00 |
Posted:
09 Sep 2005 13:48 PDT
Expires: 03 Oct 2005 13:45 PDT Question ID: 566174 |
Users are sometimes reporting that when they try to navigate to the homepage of my website they are getting a runtime error. The error is the generic .NET message (Server Error in '/' Application... etc...) The website is http://www.unitville.com/ The users are not giving me any more information, but more than one person has reported it. I cannot reproduce this problem, nor can anybody that I have asked. Can you post a comment if you are successful or unsuccessful when navigating to the page. The winner is the person who sees the error and can tell me the steps to reproduce it. |
![]() | ||
|
There is no answer at this time. |
![]() | ||
|
Subject:
Re: My website homepage is sometimes crashing...
From: feldersoft-ga on 09 Sep 2005 14:24 PDT |
Works for me running Firefox under Linux. ;-) Under vmware when I run IE the site loads fine. I did find a problem when I clicked on the "Create a printable Newsletter" link. Doing that causes a notification by the IE popup blocker and then page immediately refreshes to the main page giving me no chance to allow or display the popup. Same thing happens with the answerboard. No .NET crashes |
Subject:
Re: My website homepage is sometimes crashing...
From: feldersoft-ga on 09 Sep 2005 14:38 PDT |
Oh one other thing. I registered for an account and uploaded a random file for my picture. I changed a .exe to .jpg and it uploaded fine. You may want to restrict picture uploading to paying users, as it may be a considerable security risk to allow anyone to upload stuff and then subsequently pull it down. For example I could create a bogus account upload warez/music/xxx pictures and then post a URL somewhere with a link to the content. The file I uploaded was ymesuite.jpg (renamed from ymesuite.exe) which is the yahoo music engine (random file pulled from my vmware desktop). I verified that I could pull it down by going here: http://www.unitville.com/photos//ymesuite.jpg Oh woops...as I was composing this I did trigger the error. When updating my profile I used <table> (i.e. an html tag) in my nickname. You really really need to make sure you sanitize the data people put in those boxes. I notice most of your validation is client side. This is very dangerous as a malicious user may be able circumvent that and stick total garbage in your membership database. |
Subject:
Re: My website homepage is sometimes crashing...
From: feldersoft-ga on 09 Sep 2005 15:01 PDT |
Ok one last thing. Changing my name to & shows an ampersand instead of & for my name when I go to create a newsletter. This means you're not sanitizing the information when you push back out of the database. It might actually be possible for me to steal other member's private info by exploiting this property. Imagine if I could get some arbitrary html (say form elements) into some of these fields and then trick other members into filling out those elements while assuming the data will go to you and it instead goes to me. When you write an application like this you have to make assumptions that the user is going to do whatever is in their power to mess up your app. |
If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you. |
Search Google Answers for |
Google Home - Answers FAQ - Terms of Service - Privacy Policy |