Encoding RRS feed

  • Question

  • We are leasing our servers, and the owners are implementing netscaler security to help prevent sql injection attacks and cross-site scripting. I am working with a few applications, one in .NET 2.0 framework (VB.NET) and another in .NET 4.0 framework (C#), both using oracle database. We have several text fields on several screens where users can enter free form text (ex., comments). My issue is I have tried to use the HttpUtilities HtmlEncode and UrlEncode in the .NET framework; I can encode and save the data, and then retrieve it, decode and display it. However, we need to save it to the database not encoded, so basically I need to encode the data from the client side/web page, send it across the network, and before it writes to the database, decode it and save it.  I do not know if oracle has a tool that can be called from the application to encode, and then in the stored procedure level be able to decode and store the text 'as is'.  I have not found anything where other users have had this same issue. We have also tried using AntiXSS, but it does not account for the keywords that are being monitored (simple words and, or, join, minus, group, add, alter, etc. are considered keywords). Any input would be appreciated!


    • Moved by Carl Cai Monday, November 10, 2014 2:38 AM issues related to third-party are not supported
    Friday, November 7, 2014 9:13 PM


  • Hello,

    You might consider asking Oracle about this or ask the leasing company if they have suggestions.

    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem.

    • Proposed as answer by Paul Ishak Saturday, November 8, 2014 2:04 AM
    • Marked as answer by Just Karl Wednesday, November 26, 2014 9:33 PM
    Friday, November 7, 2014 9:24 PM