Redirection: please explain how it's done.

R

RayLopez99

I am doing programming stuff with SOAP web services via Silverlight.
A database is also involved (Microsoft SQL Server). I'd like to know
if somehow somebody can take my app and somehow redirect it so it
takes a user to some malware sight and/or steals the data that comes
from the web services server. If that makes sense. The URL is http,
not https.

I really don't know much about this topic, but I can't off the top of
my head figure out how somebody would do a redirect, since I own the
web services server, and the user would be getting web services data
from my server through my Silverlight app residing on the server.

But I notice that some IDEs and programming languages talk about "anti-
spoofing" measures so I assume it must somehow be possible, akin to a
SQL Injection attack popular a decade ago.

How is it done? Please explain.

RL
 
S

Sharky

RayLopez99 said:
I am doing programming stuff with SOAP web services via Silverlight.
A database is also involved (Microsoft SQL Server). I'd like to know
if somehow somebody can take my app and somehow redirect it so it
takes a user to some malware sight and/or steals the data that comes
from the web services server. If that makes sense. The URL is http,
not https.

I really don't know much about this topic, but I can't off the top of
my head figure out how somebody would do a redirect, since I own the
web services server, and the user would be getting web services data
from my server through my Silverlight app residing on the server.

But I notice that some IDEs and programming languages talk about "anti-
spoofing" measures so I assume it must somehow be possible, akin to a
SQL Injection attack popular a decade ago.

How is it done? Please explain.

RL
Click to expand...

RTFM http://www.owasp.org/index.php/Main_Page
 
R

RayLopez99

RayLopez99 wrote: ecade ago.



RTFMhttp://www.owasp.org/index.php/Main_Page
Click to expand...

I take it you are a member. Can you please post the question above at
the OWASP forum, and let me know what they say? I don't want to spend
$50, the membership fee, to find out... <g>.

Thanks,

RL


The Open Web Application Security Project (OWASP) is a 501c3 not-for-
profit worldwide charitable organization focused on improving the
security of application software. Our mission is to make application
security visible, so that people and organizations can make informed
decisions about true application security risks. Everyone is free to
participate in OWASP and all of our materials are available under a
free and open software license.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Seriously, who CODES in Linux? What IDE? Seriously. 47
Consuming ASP.NET web service from WinForms application 2
Please help with two processing talking to each other!!! 2
Please give me a moment - How Employable am I? 61
Available 2 Java, 1 Sr.Dot net consultant for your DIRECT client reks....................... 2
Download the JAVA , .NET and SQL Server interview with answers 2
Available Java, Dot net and SAP SD CRM consultants with us...................... 2
Let me present list of my available const 3

Top