Admin Security

i have currently built a website with some administration. The user goes to a login page and put in there username/password. This then lets them access the admin stuff. Thats all ok. I then thought well instead of going to the login

www.blahblah.com/login.asp i would just type www.blahblah.com/adminarea.asp and low and behold i was in the admin are with no login required.

View Replies


ADVERTISEMENT

Admin

I'm not sure if ASP would be the right code to do this but I'm gonna ask anyway.
I'm trying to make an admin section...the thing is I make this site but I don't get online that often to update the news. One person offers to do this. He doesn't have a clue on how to use FTP. So I'm looking for something that I can let him log in(on a browser) to update this specific file(only news.html), don't want him to see anything else there.

View Replies View Related

ASP SQL Admin

I can connect to my schools webserver via VPN, and edit the webcontent. However, I cannot connect to the SQL server. Does anyone know of an ASP script I can use to admin the database remotely?

View Replies View Related

ASP XML Admin Control

This is a small Web Application, this contains basic XML functions using ASP including a XML driven user authentication, adding new records, viewing records, editing and deleting records. Code:

View Replies View Related

Admin Login

I want to call the redirect to the selected page depending on the username. It is comeing from a text file I would like for the login to automatically be written in to the = ("<%login%>") but this is worn.What i have below wokrs for only admin and anyone else who is not admin. Or I would like to be able to add a third and fourth. I don't mind hard coding the login if i have to.

if Request("login") = ("admin") then
Response.Redirect "main.asp?action=login"
else
Response.Redirect "client.asp?action=login"
end if

View Replies View Related

Admin Section

I have an access database on my website.Its tied in to an asp calendar page where people can click on a date and send me an email wanting to book that date. Could i sent a text message from my mobile to add a new date into my access database to book that date instead of having to go onto my admin section and add it in?what i trying to explain. Is this possible or impossible.

View Replies View Related

IIS Admin Control Panel

anyone know where can i get good iis admin control panel for monitoring multiple sites?

View Replies View Related

Website Admin Tool

Can I use the Website Administration tool to manage users and roles for
multiple ASP.NET applications using a single, common ASPNETDB?
If so, what changes do I have to make to the web.config files for these
various applications to allow authentication from that single ASPNETDB.
I'd also like to be able to maintain the users/roles and application access
from the web server rather than from my development computer. Right now it
seems like I have to make changes to user/roles in each web app and then
transfer the database and code over to the server, just to add a new user.
And each app seems to have it's own ASPNETDB which defeats the goal of a
single point of administration for the server.

View Replies View Related

Cannot Modify Or Delete...COM+ Admin SDK

I managed to find the problem with my script thanks to jmurray's help. However I am now left with a confusing puzzle and I cannot any information about a workaround.

The error I now get is:
Cannot modify or delete an object that was added using the COM+ Admin SDK

I know now the reason for this is because I changed the 'from' email address in my script. If I put it as 'service@safetouch.com' it works fine. If I change the address to ANYTHING else, I get the above error. Is this something that can be corrected through scripting? If not, any ideas where I should be looking?

View Replies View Related

Edit HTML From Admin

I would like to create the facility for admins on my site to be able to edit certain html pages on there site. Is this possible and if so does anyone know of any good urls discussing this matter ?

View Replies View Related

Admin Can't Delete A Folder?

I'm a Win2000 professional user - sP 4. I can't delete some folders in
e:inetpubwwwroot....

I've created them by FrontPage2000 SR1. I enter Windows as Administrator, then I should be able to create /delete all objects. On the contrary, each time I attempt to erase the assigned folder Windows warns me so:

"Access is denied. The source file may be in use."

View Replies View Related

Admin Control Panel

I have to come up with an admin cntrol panel so the staff can change ,update there website as needed. I would like to use asp to create the admin panelor if you guys can tell me of a better way like using php or somthing.

How would I go about letting them update/change the text. Do I have the site load it
from a database like access or sql or ? Remeber it should be user freidly no html coding just type and upload.

View Replies View Related

(Non-Admin) Users Authentication

I have an ASP page that uses a COM componenemt on a Win2000 server. The same server contains my SQL Server 2000, which the COM object is querying on. I use a constant login/password to login into the SQL Server, so it shouldn't matter which domain user is using the page.

It works fine for every user -=that is defined in the Win2000 computer Admins list=- , it doesn't work at all for users that are not (Connection ailure)....

I am not sure why, since how I see it, it shouldn't matter to the SQL Server which user is trying to login (since I use the same constant user/password for all of them...).

It might be either an IIS or SQL Server problem (or maybe even Win2000 related), Anyone ever encountered such an issue

View Replies View Related

Msde Web Data Admin

I have iis, .net and MSDE installed on my machine, I have also installed "web data admin" but i cant log into it. The green blinking arrow for the server is in the bottom of my window so it appears that MSDE is ok.I am entering the following info at the w.d.a login screen
usrnm: sa
pwd: mypassword
server: production
etsdk

however i get this message returned:
Invalid username and/or password, or server does not exist.
Also, please ensure that SQL Server Authentication is enabled on the server.I dont know What have i done wrong/ missed.

View Replies View Related

Admin Side Page

for the admin table and page layout, is it compulsory for the key field to have a primary key? or it's not necessary becoz of it is only plan to link up to the combo box in the pages for the end users?

View Replies View Related

Session Timeout Via IIS Admin

if there is an application,I can change the default session timeout property via IIS Administration? If so, how does one do it.

View Replies View Related

Installing Web Data Admin

I've just installed web data Administrator and did everything instructed from the book, but when I opened the browser and typed http://localhost/SqlWebAdmin I get a web page but no input fields or place to type in the password. I'm running xp pro, IIS is running, MSDE is also running and I have SqlWebAdmin folder in the C:Inetpubwwwroot folder.

View Replies View Related

Change The Admin Password

How to change my Admin password and login for my website I just have the FTP acess and I would like to change my Admin user id and password can you guide me ?

View Replies View Related

Reg. Admin Terminating A User Session

In our project, we have a situation where the administrator needs to 'force log off' a particular user under certain conditions. In other words, the admin user needs to have the ability to kill any other user's session.

Is this possible? By using the session properties, we can kill the current session (the current user's session) but is it possible (for the admin user) to kill some other user's session?

View Replies View Related

Should I Make My ASP Admin Pages Expire?

I've created an admin side for my ASP site and I use session vars to provide
page security.

Just as a bit of advice, I want to know if I should expire each admin page
so that others can't bring them up. I know the session var check will
bounce them back to the login page, but I'd rather they didn't even see this
page if they aren't authorised.

View Replies View Related

Single Password For Admin Functions

I am writing admin functions for my sites. Is it safe to put the admin username and password within the asp file?

View Replies View Related

Admin Area, Deactivate/reactivate Account?

When making an admin area i have always just allowed 'delete the user', but is it possible to deactivate and reactivate a username and password.

I can picture it in my noggin. when viewing all the users there is the ability to check a box selecting deactive or reactivate depending on the state of the username at the time.

What do you think, is it more hassle than its worth to allow this?

View Replies View Related

How Can I Obtain A List Of Available Server Objects WITHOUT Admin?

I am trying to build a site for a group which already has a hosting company.

I would like to try to find out which objects are available for use to me.
I do not have admin access to the NT box. Obviously I have permissions in
my area of the server.

I know I can test for specific objects but I'd like to know what is
available, not just what I can test against. Is this even possible? Code:

View Replies View Related

Add/delete Products From Catagories In Admin System For Shopping Cart

I have a problem with adding and deleting the categories that a product is added to within a shopping cart administration system. My tables are designed as follows:

Table: Products
Uid: autonumber
Name: text
etc

Table: ProductCategory
Uid: autonumber
ProductID: number
CategoryID: number

Table: Category
Uid: number
Name: text
Etc

When I add a product to the database I also add the same product to different categories i.e. I insert product info into Products and the product unique ID into the ProductCatgory table, which links to the Category table. The ProductCatgory is the table that links both the Products and the Category table together when I construct queries. This all works fine and I am able to add a product to multiple categories and then display the categories/product accordingly in the actual shopping cart. Code:

View Replies View Related

Index Server And PDF - Results Show In Admin Console But Not On ASP Page..?

I have set up Index Server in IIS to search my intranet. I've installed the Adobe PDF filter so that words from PDF files are included.

I can get results from PDFs when querying the catalogue in the Windows console. However, I have tried various ASP Search pages and they all ignore PDF files from a browser (even though the scripts include the pdf extension).

View Replies View Related

Security

I now have a login page for user authentication.
But I am kind of paranoid about security.
Is it enough just to have that to secure my site?

How do hackers do "sniffing"?
And how to prevent that?

If there is any GOOD website security tutorial, I would love to read it.

View Replies View Related

Security

IIS can handle security on its own without the need for complex scripting and i like the idea of being able to just let the system do it however im not sure how to set such things up and would that mean that if you used something like integrated windows authentication that security is delt with by windows and its users info rather than getting the info from a database of my choosing ?

the whole concept is quite confusing to me but there must be a simple ish way to set up at least some form of secure site area within my web.

View Replies View Related

Security

I am starting to learn asp and I have IIS installed on my WIN xp pro machine. Do I have to worry about security for any reason at all. I don't believe I have file sharing on at all, then again, I don't know if that has anything to do with this.

View Replies View Related

Security

How do I run security through all of the pages? The users log in, an asp checks their password, then what do I do to secure the pages from users that do not enter the password?

View Replies View Related

ASP Security

Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.

View Replies View Related

Security In ASP 3

Does anyone know how to implement one way hashing or encryption using ASP 3.0 and no additional components.

I need to secure a intranet application which is being moved online, currently the passwords are stored in plain text, ideally id like to hash the passwords in the database and hash the form data when testing, but I don't seem to be able to find any hashing methods for standard ASP, perhaps someone has a nice code snippet for hashing.

View Replies View Related

NT Security

is there a way to login to a particular security group from asp?I use IP addresses and email addresses to identify web users and most have general IWAM_COMPUTERNAME access.
Once web users login is there a way to give SOME of them access to a NT security group based on stored NT user/password information?

View Replies View Related

Security

I am working on a new feature on my website where people can write their own HTML files. They are actaully going to have .ASP extensions, and are hosted on my webserver. So, what security issues can you suggest? So far all I have got is disabling '<% %>' tags. Anything else?

View Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved