asp.net - CreateUserWizard Username and Email Enumeration -

-

i've been doing security review of our website , found issue createuserwizard. not let people sign duplicate email address or username. createuserwizard verify me problem can write script hit our server , try username , pretty list of username enumerating through them.

i want add recaptcha can't seem verify before verifies username. there way this?

    <asp:createuserwizard id="createuserwizard1" runat="server" oncreateduser="createuserwizard1_createduser" continuedestinationpageurl="~/pleaseverify.aspx" cssclass="createuserwizard" stepnextbuttonstyle-cssclass="nextbutton" startnextbuttonstyle-cssclass="nextbutton" finishcompletebuttonstyle-cssclass="finishbutton" createuserbuttontext="create id"         completesuccesstext="your account has been created, before can login must first verify email address. message has been sent email address specified. please check email inbox , follow instructions in email verify account."         disablecreateduser="true" onsendingmail="createuserwizard1_sendingmail" duplicateusernameerrormessage="that username in use, if think can link removed otherwise try different username."         duplicateemailerrormessage="that email in use, try <a href='/forgotpassword.aspx'>recover password</a>." invalidpassworderrormessage="please supply @ least 5 letters in password.">

i don't believe username validated on client side, override createuserwizard's createusererror event handler, check captcha , not pass error username being in use. use custom control captcha pieced www.codinghorror.com (http://www.codinghorror.com/blog/2004/11/captcha-control-coda.html), , triggers before backend code attempts create user , determines username/email in use.


Comments

Post a Comment

Popular posts from this blog

php - render data via PDO::FETCH_FUNC vs loop -

-
i've been using 2 methods render data. the first one: function name($id,$name){ return '<div id="'.$id.'">'.$name.'</div>'; } echo implode($pdo->query("select id,name user")->fetchall(pdo::fetch_func,'name')); the second one: $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); foreach($users $user){ echo name($user->id,$user->name); } i don't understand how pdo::fetch_func works. tried figure out. however, not well-documented. could please explain fetch mode? , also, 1 performs better? thank you. both methods wrong , have learn how use templates , how separate business logic presentation logic. $users = $pdo->query("select id,name user")->fetchall(pdo::fetch_obj); tpl::assign('users', $users); is code business logic part. then in template <?php foreach $users $row): ?> <div id="<?=$...
Read more

c++ - OpenCV Error: Assertion failed <scn == 3 ::scn == 4> in unknown function, -

-
i read alot other solution still confused should mine... #include <opencv2/objdetect/objdetect.hpp> #include <opencv2/highgui/highgui.hpp> #include <opencv2/imgproc/imgproc.hpp> #include <iostream> #include <stdio.h> using namespace std; using namespace cv; int main(int argc, const char** argv) { //create cascade classifier object used face detection cascadeclassifier face_cascade; //use haarcascade_frontalface_alt.xml library face_cascade.load("haarcascade_frontalface_alt.xml"); //setup video capture device , link first capture device videocapture capturedevice; capturedevice.open(0); //setup image files used in capture process mat captureframe; mat grayscaleframe; //create window present results namedwindow("outputcapture", 1); //create loop capture , find faces while (true) { //capture new image frame capturedevice >> captureframe; ...
Read more

The canvas has been tainted by cross-origin data in chrome only -

-
uncaught securityerror: failed execute 'getimagedata' on 'canvasrenderingcontext2d': canvas has been tainted cross-origin data i getting above error in chrome. code(following) works fine in mozilla. have not corss domain issue. why above error in chrome? var wheel_canvas, wheel_context, can_w, can_h, wheel_grd; var large_radius = 160; var small_radius = 120; var wheel_canvas = document.getelementbyid('wheel_canvas'); var wheel_context = wheel_canvas.getcontext('2d'); var can_w = $(wheel_canvas).width(); var can_h = $(wheel_canvas).height(); var centerx = can_w / 2, centery = can_h / 2; var wheel_grd = null; test('#ff0000'); function test(hex) { $('#clrpicker').css({'left': 210, 'top': 210 }); inverted = hexbw(hex); $('#color_val_show').val(hex); current_color_hex_val_selected = hex; $('#color_val_show').css({'color':inverted,'background':hex}); fillgradient...
Read more