Security Best Practices

This topic describes best practices for security when using the Chart control in your ASP.NET applications.

The Chart control provides built-in abilities to replace many of the existing chart elements with an embedded image. When you are loading these images into the Chart control, you must set the path of these images to locations contained from within the virtual root; otherwise an exception is thrown.

The Chart control does not contain any built-in security features to prevent an end user from loading images from untrusted locations within the virtual root. For this reason, if you give an end user the ability to specify an image location, you must validate the user input to ensure that the images are contained in a trusted source. You should also secure images by separating them, so that your end users cannot see charts from other users who have different privileges.

The Chart control does not validate data or template files that are loaded from an external source. It is your responsibility as the developer to ensure that the files are referenced from a trusted location.

It is recommended that you use the following techniques to secure your ASP.NET application:

  • Secure Sockets Layer (SSL)

  • Session

  • Authentication

  • Cookies