After reading several articles on securing web applications, hackers can not only perform SQL injection attacks easily but can get hold of the information in the global.asa.
This really worries me because the connection string is stored in this file and it contains critical information such as uid and pwd. Most people suggested that we should encrypt this information but the solutions that are provided are all in ASP .NET. Does anyone know how to do this or is there any better and easier way?
Is this safe to store important/critical information in session objects by security point of view, like userID, or any primary key which I dont want users to see. The scenario is, I'm using XMLHTTP, and server.Execute to include files' outputs dynamically. so I can't share any code variable with them, session is the only way I can share variables with.
I use cookies on my website to store details such as the colour scheme, email and username though I do not want people editing this data so I need to encrypt the cookie due to data such as post counts being stored in this way.
Our web site is hosted on our providers site where ASP is installed. On our website, we generate an email containing personal data including credit card info whenever someone orders a product on-line from us (we only do a transaction per day avg.) Becuase the email contains credit card info, we want to encrypt it. I have downloaded/installed and generated a private and public key using GPG and have distributed the public key I generated to the provider that is hosting our website. They have imported it onto their system.
How can you generate an encrypted email using the public key on the providers system , using ASP?
Currently we are simply generating a plain text email containing this data - and this has to stop.
I have done a search on this and it seems to be a topic of some interest (700) views, but has not been fully explained.
I have a page which validates a username and password and then, if both are correct, the applicantid is retrieved and passed by querystring using a response.redirect. Apparently it would be wise to encrypt the applicantid when passing it.
<% else strApplicantID = rsPandU("ApplicantID") 'Response.Write strApplicantID - this works Response.Redirect "memberarea.asp?id=" & strApplicantID
I want to know how can I encrypt my ASP code using VBScript & also when I use JScript so that people who see the source of my file cannot read my ASP code.
I have a website for our online store. Until now we have received payment through email, which we then run in our local store's Credit Card machine.
We want to move up from there. I have signed up for Paypal and that is easy.
We want to also be able to accept the CC info in our own website securely. We are not looking to actually run the Credit Card, we just want to get the information from the user and pass it on to ourselves in a secure manner, so that we can run the information locally on our Credit Card machine.
So, I guess, my questionj is not really about credit card's at all. Rather I am asking, how can I get a form's data sent to my computer 100% (or close to that) securely.
I'm using DW MX 2004 to build an asp based eStore. I have a checkout page created with both the billing and shipping information in the same form. I'd like to add some code and a button to activate it to copy the code to the shipping info (but it can't submit form). Also the State choice is a drop down list based on a recordset. There are other behaviors attached.
Dreamweaver created code to update to data base. But when testing on website i get the following message. I have no clue what it might be. Microsoft JET Database Engine error '80040e14' Syntax error in UPDATE statement. /admin/update.asp, line 111 line 11 is strName.execute I read it might be forbiden characters in the data base field names or spaces... but i don't have that. the names are userName, userLevel, ID, Password.
This seems a very complicated task, so I welcome any input. My boss wants a data grid or matrix of the top 6 orders with ordered items, and products, for a particular customer and he wants to see it like this:
products down the left side orders across the top number of items under the respective order number column across from the corresponding product.
I hope that makes sense. I have three tables. Products, Orders, Orderitems. I don't even know where to start. Many thanks in advance for any input offered.
how do i get data from a user on one page and display the result on the other page actually i have written a prgoram that displays a set of checkboxes and based on the checkboxes selected the related data is displayed .but the problem is the data is displayed on the same page below the list of check boxes. Code:
I have a form that has the option to upload a file at the bottom. If you select a file it works fine but if you leave file selection blank the forms bombs. This is not how I want it to work. On the form you need to use ENCTYPE="multipart/form-data" in the form tag.
On the processing page I need to use Set to assign a variable to the form data. I tried using IF on the variable assigned to the file path but it bombs out telling me "This function is not supported". Is there any other way I can check to see if curQes has a value assigned to it?
How can I display data from an XML file in ASP?I want to use an XML file instead of an Access or SQL database and would like to display this information the same as I would if I were using Access or SQL as the datasource.
how to add new data. i need to add new data after display the record from database. i click new button and the textbox will be empty. Wat is the code for add new data?
I had write an asp file to get data from an xml named "data.xml" and below is the coding:
Dim xml Set xml = Server.CreateObject("Microsoft.XMLDOM") xml.async = False xml.load (Server.MapPath("data.xml")) Dim fText1, fText2 fText1 = xml.documentElement.childNodes(0).text fText2 = xml.documentElement.childNodes(1).text Set xml = Nothing
It's all Ok and can run. But my problem here is I want to call an xml file that I don't know its name (not "data.xml"). The xml file pass by the user who call my asp file. The user can pass the xml via anything for example asp or VB component. So I will not know exactly what the name of the xml file.
i have setup a DSN called "pro" now i have tables in this database i m running oracle if i were using MS Access i know how to insert new fields by using the
RS.Mode = adModeReadWrite
how do i do it for oracle? not just inserting data into tables but also what r the commands that i have to give in the asp code page so that i can even update( edit ) and delete records.
some way to access to the content of the HTTP POST? Perhaps throw the request object or something similar to the $HTTP_RAW_POST_DATA gobal variable available in PHP.
i am trying to use AJAX to get XML data from 3rd party site and display on my site. it works in IE, but does not work in Mozilla. i want to find a method where i can do that.
I got a database with user and email in it. Now I want when a user logs into my page that it automaticly fills in the email into a email form. How can I do that in Asp.
anyone know any homepage that might help me to list the data out in a page. i wanna do it like in 2pages that one is going to be the one who maintain data. another one is to list all the data out from server...
I have two tables having similiar columns ( i had to do this to compare the values given to me, because both the table data came from different sources)
The tables named are OFFICERS token full_name division EMPLOYEE token full_name division
Now the table EMPLOYEE contains more than 5000 records and the table OFFICERS contains around 2400 records which are already present in the EMPLOYEE table.
Now I want to build a query that will return me all the records in the EMPLOYEE table that are not present in the OFFICERS table. The criteria for comparing 'full_name'. so the query should return me 2600 records that are not present in the OFFICERS TABLE.
I tried doing this " SELECT DISTINCT EMPLOYEE.full_name,EMPLOYEE.token,FROM EMPLOYEE,OFFICERS WHERE EMPLOYEE.full_name<> OFFICERS.full_name"
But this query returns me records that is not present in the OFFICERS table as well as some more 1000 records which are present in both tables. thanks a lot
