I use cookies on my website to store details such as the colour scheme, email and username though I do not want people editing this data so I need to encrypt the cookie due to data such as post counts being stored in this way.
Our web site is hosted on our providers site where ASP is installed. On our website, we generate an email containing personal data including credit card info whenever someone orders a product on-line from us (we only do a transaction per day avg.) Becuase the email contains credit card info, we want to encrypt it. I have downloaded/installed and generated a private and public key using GPG and have distributed the public key I generated to the provider that is hosting our website. They have imported it onto their system.
How can you generate an encrypted email using the public key on the providers system , using ASP?
Currently we are simply generating a plain text email containing this data - and this has to stop.
I have done a search on this and it seems to be a topic of some interest (700) views, but has not been fully explained.
I have a page which validates a username and password and then, if both are correct, the applicantid is retrieved and passed by querystring using a response.redirect. Apparently it would be wise to encrypt the applicantid when passing it.
<% else strApplicantID = rsPandU("ApplicantID") 'Response.Write strApplicantID - this works Response.Redirect "memberarea.asp?id=" & strApplicantID
I want to know how can I encrypt my ASP code using VBScript & also when I use JScript so that people who see the source of my file cannot read my ASP code.
After reading several articles on securing web applications, hackers can not only perform SQL injection attacks easily but can get hold of the information in the global.asa.
This really worries me because the connection string is stored in this file and it contains critical information such as uid and pwd. Most people suggested that we should encrypt this information but the solutions that are provided are all in ASP .NET. Does anyone know how to do this or is there any better and easier way?
I have a website for our online store. Until now we have received payment through email, which we then run in our local store's Credit Card machine.
We want to move up from there. I have signed up for Paypal and that is easy.
We want to also be able to accept the CC info in our own website securely. We are not looking to actually run the Credit Card, we just want to get the information from the user and pass it on to ourselves in a secure manner, so that we can run the information locally on our Credit Card machine.
So, I guess, my questionj is not really about credit card's at all. Rather I am asking, how can I get a form's data sent to my computer 100% (or close to that) securely.
In my Session_OnStart in Global.asa, I am setting some cookies. One of them, I set as follows:
dim UserID UserID = Request.ServerVariables("LOGON_USER") Response.Cookies("User")("ID") = UCASE(UserID)
When I immediately log the cookie value retrieved from Request.Cookies("User")("ID") into the Windows Event Log, I get the correct value. However, when I try to retrieve the cookie on the home page of my application using the same code,
Request.Cookies("User")("ID"), it either cannot find the cookie or cannot read the value. I am retrieving the cookie before all HTML headers are written. It is my first statement on the page after Option Explicit. I have even compared the session IDs. The SessionID created in the Session_OnStart is the same value as the SessionID on the home page.
I have read that the Session_OnStart only has access to the Application, Session and Request objects. It does not explicitly say that it does not have access to the Response object. Also, I was even able to use Response.Write's in Global.asa to print out the values although it looked like it had also stopped the session after I did so. Cookies are definitely enabled on my machine. I have even tried setting the session cookie's expiration to be persistent for a few days to see if it was perhaps expiring before I was able to read it but this did not work either.
Is there something preventing cookies to be created in Global.asa in the Session_OnStart sub? Is the Response object not available??? Please let me know if anyone else has had this problem or solution.
Is it possible for a user to enable permanent cookies but disable session cookies.....this seems like a contradition yet this is what I appear to be reading in online articles?
I m creating a cookies in my application and it work properly but i can't see the cookies where it will sotred i checked the cookies folder but i didn't find that I want to create a cookies file as the other web site create and store where other cookies will stored in Cookies folder or Temprory Internet files folder eg:1. arvind@google.co[1].txt this stored in cookies folder 2. arvind@msn[2].txt ....
I've added a cookie and I am able to read it when using the same window but if I load up a new window and try to access it, it can't find the cookie. Any one know why?
I am creating a user tracking app that tracks a user one of two ways...
1)First Method is cookies 2)Second Method MS SQL DB
I first check if the users browser accepts cookies if not I go to the db. If the user accepts cookies then I check for a specific crumb if it does not have the value I am looking for I kill it and rewrite it. This is working fine (im in the middle of testing it). The problem is I decieded to test the script with NN7 and not turn cookies off but block cookies from my site and all fell apart. The condition that I have set (detect if cookies are enabled) does not stop the script from trying to set a Session Variable because the browser accepts cookies and to keep a long story short it goes into an infinite loop because the script is looking for a Session value and Its not being stopped becaues the script thinks its alright to write cookies! Is there a way to detect if a user has your sites cookies blocked? This is important because Server.CreateObject("MSWC.BrowserType") will return .Cookies = True and you will not know that your script is not executing properly because a user has your sites cookies blocked but excepts them elsewhere...
After a login we have a menu from where we have access to different operations such as add ,delete,update.. but if a user enters the appropriate URL he has access to these operations with out proper authorization.how do we solve this.
I've built a website which requires a user to log-in to access the site. I have already built a page that enters their details into a db (register.asp), and another page where the user enters their email address (the log-in ID) to actually log-in (login.asp).
How can I use a cookie to automatically log a user in??
More specifically, what are the commands to set a cookie (upon successful registration) and access it (upon re-logging in)?
Hey i've spent the last few hours trying to work this problem out about cookies.
When a user logs in to the site the login.asp page checks the database to see the personal page that the user re directs to e.g if bob brown logged in he would be redirected to bob.brown.asp. This is stored in a field in the database table along with the username and password.
i would like to put a cookie onto the users computer that remembers the url they were redirected to so when they press the main page button it would look for the cookie and see what url they are meant to be redirected to and take them there
I'm trying to load up a page through my asp page and get the cookie from that page so that I can use it later on when it needs to have it to access other parts of the site.
Basically the asp page is going to act like a browser and store the cookie from the other site, then send that cookie back when the asp page goes back to the other site again.
The problem is, I can only seem to access my own cookie. I didn't run into this problem when I was doing a similar thing inside my .cs scripts that were run by the server, as I suppose they were not coming from the actual domain that my page is running on (and thus, wasn't getting everything trampled by local cookies).
Is this possible, or should I just give up on it now?
im building a site for a few doctors surgeries. the user is able to see what appointments are available and then book that date/time. i have a table (in my db) of dates/times and a checkbox to say whether the time has been booked or not (and display only times that havnt been booked). i was going to have the user add the time to a "cart" and then check the "booked" checkbox in my db when theyve paid for that appointment. but if i have lots of people looking at the site at the same time, then they may be able to see times that are just about to be booked. i think a better way is to have the date/time stuffed into a cookie which expires after 5 minutes. so when a user adds a time to their "cart", it will say something like: "this time will expire in 5 minutes until you book it or re-add it to your cart". does that make sense? how can i do this with server-cide cookies (im using jscript)? can anyone think of a better way to do this?
I have the code below which I know it is wrong where the cookies come in. I am trying to write the values collected from a database into cookies. However I am having difficulty trying to figure out how to write rows of cookies with different values. This may be a little difficult to explain - see the following code:
Not strictly a full asp question but Im sure someone here will have the answer.I've read in several web sites that you can read and write to the same cookie with asp and javascript.Does anyone have any sample coding showing how to do this with the javascript along with the asp code or were these websites I saw it mentioned on bogus?
In my web application i'm are able to store large data in the browser cookie keeping in mind the limit of 300 cookies per browser, 20 keys per cookie per domain and 4KB max size of each cookie. i'm are unable to retreive this large amount of data immediately after storing through document.cookie in IE browser (The same works fine in Netscape).
Is there any limit on the size of the data that can be retreived using document.cookie? Could you please suggest a solution to this problem i'm are facing.
I found that a number of my sites that send email using CDO failed withing the past 30 days. Consider the following. I know its not the best coding practice to open and close the connection so many times but Im curious why this would all of a sudden become an issue.
1. Have a few large sites essentially all variables such as SMTP server are set using cookies so I can deploy multiple sites quickly.
2. Within the site email appears to work correctly across all pages with 1 exception.
3. The exception is below, Im wondering if it has to do with cookies having to be retrieved multiple times from the client machine
--Call db run search loop data build array
--Based on data in array call another search alter and finalize array
--Do while <= uBound(myArray)
--Call Email sub (from,to,sub,body) ' Sub contains a request cookies for SMTP server.
--Loop
Doesnt matter if its 2 or 50 emails always fails when using request.cookies to set the SMTP in the sub. Works fine if I hard code the IP. This same sub is used multiple times throughout the website and works fine with cookies.
Just curious why it needs might need to be hard coded in the loop. Has been running for about 6 months fine and have recently started noticing failures.
All the cookies that i have don't show any bad cookies as i call them but only show the cookies that they want on the users computer but for some reason i am getting lots of bad cookies from my website at http://tmd-1.com/ and i don't know how to stop the bad cookies from downloading to the computer the cookies i am having trouble with will be in a red box in the image below.....
I started using the following code, although, I have a feeling it is not working. Also, do I have to place the same code on all accessed pages? Code:
<% Response.Cookies("ExpCookie") = "Expiration" Response.Cookies("ExpCookie").Expires = DateAdd("d", 1, Now()) Response.Cookies("ExpCookie").Secure = True Response.Cookies("LastVisit") = Date & " " & Time %> I am new at all of this, I can understand that this cookie will expire an hour after being access on a given day (is that right?), and it will create the cookie with the printed date and time of access. how can I make sure cookie expire on time.
I need to build my own simple cart that writes to cookies only. I can write and read cookies, but don't have a clue as to how I can add multiple products, change quantites, etc. All I need is a cart that stores information in cookies and the user prints their order. That's it. Where can I find such information?
I am not able to set cookies with the domain name on a Windows 2000 server with IIS 5.0. If I use the IP address it works. I have another machine running IIS and I configured them together.
I have two folders under root(wwwroot) Fol1 and Fol2.
Our customers logs on index.asp under Fol1 but when he/she wants to check their order status it will take them to Fol2/account.asp where it checks for userid cookie which was set in Fol1 index.asp when they log in. But seems like I am not able to obtain the value in Fol2/account.asp. User Id cookie is empty. I have set an expiration date for cookie as date + 1