Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsIFrameIFrameFeature Request: I want to use IFrame for self-developed webform as modules in a secure wayFeature Request: I want to use IFrame for self-developed webform as modules in a secure way
Previous
 
Next
New Post
10/2/2011 7:11 AM
 
ZanshinPost

Joined: 10/14/2008
Posts: 2
Hi,
The scenario is as follows. I have developed some asp.net webforms (in c#), some of them with extensive data base access and processing. I would like to use these webforms as (a kind of) modules within my own DNN site.

I have looked at using the DNN IFrame module for this. It works, I can parse the dnn user id to my webform and use that when I want to access my own user-related data.

So far, so good.

Except that, a user can look into the source of the dnn page (containing the IFrame module) and see how my webform is called with an url with  the userid prameter. It is of course irresistable for plenty people to try this url on their own with all kind of variations of userid. A big security leak.

I have looked at two options to prevent this from happening (a) request referrer and (b).htaccess

(a) request referrer -- This works alright but I am told that it is rather simple to fake the referring url. Conclusion: this is not good enough to prevent hackers.

(b) .htaccess -- Within .htaccess I can deny calls from other domains than my own website. But it doesn't prevent (as far as I could test) a user from pasting the url with userid in the browser. Conclusion: this is not good enough to prevent hackers.


A third option would be to change the IFrame software to enable a kind of  'secret handshake'.

The IFrame generates a strong codestring and places it in the url and also in the dnn database. It also provides some sql code to retrieve this codestring from the database so that it can be compared with the string in the url.

Something like that or any better solution.

If it would work, IFrame would be used so much more by all those people who have their own webform pages and want these used within the dnn framework without using the complete module development process that is available from dnn.
 
New Post
11/19/2011 10:31 PM
 
horacio lampe


horacio lampe's Avatar

www.innovactiongroup.com
Joined: 3/10/2004
Posts: 23
Hi Zanshin,
did you have already implemented taht solution?
Cause I am needing that.

Thanks in advance

Horacio Lampe
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Module ForumsModule ForumsIFrameIFrameFeature Request: I want to use IFrame for self-developed webform as modules in a secure wayFeature Request: I want to use IFrame for self-developed webform as modules in a secure way


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out