15 Steps for Web Accessibility

 Steps to make your website accessible 

1. Make sure all images, graphs, and other non-text items have a text equivalent.

2.  Provide synchronized captions for all video, as well as captions or a transcript of audio content.

3.  Do not use color as the only way to convey information.

4.  You can use style sheets for layout, but the page must still make sense without them.

5.  When using images as links, for example a drop down menu, make sure each link (as well as the overall image) has alt text describing the destination.  Avoid using server-side image maps.  If you do use server-side image maps, be sure to provide separate identical text links to access the same content.

6.  Label column and row headers in a data table.  Try to avoid using tables for layout purposes, but if you do then do not label headers.

7.  Make sure all cells in the table are associated with the appropriate headers. When the table is set-up correctly, screen readers can navigate through data tables one cell at a time, and they will hear the column and row headers spoken to them.

8.  Be sure to give each frame a title that identifies its purpose.

9.  Avoid any graphics, animations, movies, or other objects which have flickering, or flashing effects.

10.  Use a text-only alternative only as a last resort, and be sure to keep it up to date with other content.

11.  When using scripts, make sure all text within the script is provided as text or alt text and that any interaction can be achieved with a keyboard.

12.  Be sure to include a link to any applet or plug-in required to access content on the same page as the content. For example: Adobe Reader.  The plug-in itself must meet more specific requirements, which can be found in the official requirement.

13.  If a form can be filled out online by a user, all aspects of the form must be made accessible.  This includes labels for each field, as well as ensuring the form can be filled out using a keyboard.

14.  Include a way for the user to immediately skip to the main content of the page.

15.  When a timed response is required, alert the user and give sufficient time for them to indicate that more time is needed.

Safe SQL Literals

Handle SQL injection

Manage the input data from UI  to be safe  for SQL execution has been problem in many sites which has caused lot of damage to different sites called as SQL injection. Hackers are always there looking into your website to find loop holes.

Still people don't take care to handle these small issues which cause financial loss, as well as companies loose their clients. I am laying out a sample code which would help you to handle inputs for SQL injection.

There are different samples available and the below is the one which I see to be most safest.

public string SafeSqlLiteral(string strValue)
    {
        strValue = strValue.Replace("'", "''"); // Most important one! This line alone can prevent most injection attacks
        strValue = strValue.Replace("--", "").Replace("[", "[[]").Replace("%", "[%]").Replace(" OR ", "").Replace(" or ", "");
        strValue = strValue.Replace(" AND ", "").Replace(" and ", "").Replace("\\\r\n", "").Replace("\\\r\n\r\n", "");

        string[] myArray = new string[] { "xp_ ", "update ", "insert ", "select ", "drop ", "alter ", "create ", "rename ", "delete ", "replace " };
        int i = 0;
        int i2 = 0;
        int intLenghtLeft = 0;
        for (i = 0; i < myArray.Length; i++)
        {
            string strWord = myArray[i];
            Regex rx = new Regex(strWord, RegexOptions.Compiled | RegexOptions.IgnoreCase);
            MatchCollection matches = rx.Matches(strValue);
            i2 = 0;
            foreach (Match match in matches)
            {
                GroupCollection groups = match.Groups;
                intLenghtLeft = groups[0].Index + myArray[i].Length + i2;
                strValue = strValue.Substring(0, intLenghtLeft - 1) + "&nbsp;" + strValue.Substring(strValue.Length - (strValue.Length - intLenghtLeft), strValue.Length - intLenghtLeft);
                i2 += 5;
            }
        }
        return strValue;
    }

Encrypting & Decrypting web.config

Encrypting & Decrypting  web.config

We can encrypt each section of the web.config using the encryption provided by aspnet_regiis.exe.


<!-- Encrypt Connection String -->
C:\WebPortal>aspnet_regiis.exe -pef connectionStrings c:\WebPortal-prov "RsaProtectedConfigurationProvider"
Encrypting configuration section...
Succeeded!
Here the -pe switch specifies the configuration section "connectionStrings" to encrypt.

C:\WebPortal>aspnet_regiis.exe -pdf connectionStrings c:\WebPortal
Decrypting configuration section...
Succeeded!
Here the -pef switch specifies the configuration section to encrypt and allows you to supply the physical directory path for your configuration file.




<!-- Encrypt AppSettings -->
C:\WebPortal>aspnet_regiis.exe -pef appSettings c:\WebPortal-prov "RsaProtectedConfigurationProvider"
Encrypting configuration section...
Succeeded!
Here the -prov switch specifies the provider name.

C:\WebPortal>aspnet_regiis.exe -pdf appSettings c:\WebPortal
Decrypting configuration section...
Succeeded!