Results 1 to 7 of 7
  1. #1

    asp users security

    i want any users in database if he change url not pass to other user
    example : user1 login to databse by his user name and password and it is show in url asppagename.com/pageasp.asp?=user1 if he change user1 and write user2 he can pass to user 2 how to secure users from passing to each other

  2. #2
    Join Date
    Aug 2006
    Location
    India
    Posts
    32
    You cannot prevent user1 to goto user2 by adding this value in url.
    I will suggest that you you use Sessions to store user info.
    When the user logs in, store the user in session.
    On the page pageasp.asp check the user value in the session.
    When the user logs out, clear the session variables.

  3. #3
    Be careful when using ASP :O. It can be easiely be used against you, to hack your database. It's better off if you use PHP and use MD5 encryption.

  4. #4
    Join Date
    Oct 2002
    Location
    State of Disbelief
    Posts
    22,953
    Quote Originally Posted by Froweey View Post
    Be careful when using ASP :O. It can be easiely be used against you, to hack your database. It's better off if you use PHP and use MD5 encryption.
    So can PHP. No point spreading FUD like this about ASP or in fact any particular language.
    Having problems, or maybe questions about WHT? Head over to the help desk!

  5. #5
    You may want to use the 'POST' action instead of GET, then you don't need to worry about the queryString and URL. here is the link for the example http://www.elated.com/articles/asp-forms/

  6. #6
    Join Date
    Nov 2007
    Posts
    411
    This way is wrong. There is many other ways like hidden field or session. its not good. You did nont mention about password also

  7. #7
    Join Date
    Jul 2004
    Posts
    63
    Your best bet would be using sessions or cookies as other users have mentioned.

    This site (w3schools) is a great reference or starting point.


    To switch between user accounts you will need to first validate that the user in question is allowed to do so. Be an Administrator or other such higher ranking user.

    Just like PHP, ASP is a very powerful language but if used inappropriately will leave you vulnerable. YOU have to secure your applications with the methods provided, not the other way around.
    Cast-Control
    --------------
    Shoutcast Control Panel - Standalone - Billing Features - GeoIP Features - Stream Authentication - MSN Control - Cluster - Reselling - Video Streaming
    Managed VPS Hosting

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •