Getting Started / Working with the Controls

New to Telerik UI for ASP.NET AJAX? Download free 30-day trial

Security

In this article you will find out useful tips and resources on how to tighten the security of the Telerik ASP.NET AJAX controls which offer editing, upload and file management capabilities:

AsyncUpload security

  • Security - This article explains how to ensure information about the RadAsyncUpload configuration is secure and non-readable. Its transmission between the client and the server must be encrypted and impossible to decode, so the data cannot be used by a malicious entity in an attack against the server.

Also, go through the FAQ section where you can find useful information and tips for the AsyncUpload security.

ClouUpload security

  • Security - See how to ensure information about the RadCloudUpload configuration is secure and non-readable.

Editor security

  • Security - learn how to ensure information about the RadEditor configuration is secure and non-readable. Its transmission between the client and the server must be encrypted and impossible to decode, so the data cannot be used by a malicious entity in an attack against the server.
  • Prevent Cross-site Scripting (XSS) - see how to enable the anti-XSS mechanism of RadEditor.

Grid security

  • Security - this article addresses Security issues concerning the Telerik RadGrid.

FileExplorer security

  • Security - learn how to secure the user actions invoked through RadFileExplorer.

Spell security

  • Security - the article shows how to ensure information about the RadSpell configuration is secure and non-readable

Useful Tips

  • Configure the mandatory additions to the web.config file - provides guidance on the most important web.config settings for the AJAX suite.

  • How to encrypt the Telerik appSettings keys - In some cases you may want to avoid storing information in plain text to improve security. The article will guide you how to do encrypt the appSetting section of the web.config using the aspnet_regiis tool.

  • Encrypt ViewState - ViewState gets encrypted by default after ASP.NET 4.5 and MAC-ed after ASP.NET 4.5.2. For the earlier versions you have the options to enable the ViewState encryption by setting the ViewStateEncryptionMode and EnableViewStateMAC attributes in web.config or page directive as suggested in Security Briefs - View State Security:

    <configuration>
 <system.web>
    <pages viewStateEncryptionMode="Always" enableViewStateMac="true">

    The official recommendation by Microsoft is to upgrade to at least .NET 4.8 as noted at .NET Release history. You can find more useful information at

  • Encrypt Telerik WebResource Querystring - The Telerik.ScriptManager.EnableHandlerEncryption setting allows you enable the Telerik WebResource request querystring encryption and hide the product version in the rendered page markup.

  • Embedded jQuery Security - find out how the Telerik team has modified and secured the jQuery version distributed by the suite.

  • Perform regular upgrades to the latest Telerik UI for ASP.NET AJAX version since this will ensure security, stability and support for the latest modern browsers. You can find upgrade instructions here.

  • Content Security Policy Mode - see how to configure the Telerik ASP.NET AJAX controls under CSP mode.

  • You can find more tips in the following blog post First 5 Tips for Building Secure (Web) Apps.

In this article
Related articles
Not finding the help you need? Improve this article