I need to be able to secure files on my web server. I am using asp to secure access to links and pages, for example:
<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>
The place I'm running into problems is with files. I have a lot of charts and such in PDF version. I kind of doubt there is a way to secure these files with asp, but I thought it would be worth a try.
My biggest issue is that PDFs are stored in the browser's history, so once the page has been accessed, anyone using the browser can get to thatunsecured PDF. As a brute force fix, is there some way to simply erase the site from the browser history? If not, is there a way to secure the PDF, or does someone know of a better group to post on?
I have been using two forms of password protection:
A) On working web sites I use an ASP script that is included in every page requiring protection: uses session - works fine
B) On quick test sites or temporary stuff I use the Windows Network Authentication provided by my web host. A whole folder is protected at once which is very convenient but it has a problem. If a user types the wrong password and is denied access, the next time they go to type the password, their browser sometimes remembers the wrong password as so they go straight to the 'access denied' 401 page.
How to proceed?
1) Does anyone know of a way of preventing all browsers from cacheing the login info.
2) Is there any way of using ASP to protect whole folders?
i currently have an asp authorization system setup on my website for access to certain html pages. this works great, but i need to restrict access to some pdf files as well. as of right now if the user is authenicated they have access to links to certain the pdf.
the problem is if i change a users access privileges they or anyone could open the file directly if they save or can guess the correct path.
i have tried to setup webserver folder security and use usernameassword@domain.com but this doesn't work in ie.
I thought about placing the pdfs in a database but im afraid that will slow down access to the files.
Need Idea About to Secure img path in ASP (img not open excluding our domian)files.......................i need this beocz our hostings are remote thousands of users pick our img path and paste in forums and we lose some our bandwith
Any body have solution for this (or provide me a ASP script for this) or tell me commands.
I've built a survey and tested everything is working fine - except fo one problem, that i have been told MUST be fixed
I am using CDO.Message to send email message to the respondants of the survey - a lovely thank you message.
It is sending the emails fine to all email address i have tested, except for email address here where I work, and I have been unable to find a reason for this
the web scripts are running on a secure server (SSL certificate) and all is working great except the email issue.
the actual code that is sending the emails works perfectly on non-secure server, and seems to be fina on the secure server except for the most important(apparently) email addresses.
Does anyone have any ideas why the scripts would not send to one set of email addresses, but seems to work for all other when on SSL, but works for ALL email address when not on SSL.
Maybe I'm doing something wrong, but I'm having troubles with connecting using SSL.
I have a website at http://www.*****.com I have a login form directly on that index page. When you click sign in it directs to https://www.hostingcompany.com/******. However, it fails the first time, then it works the second time. The second time I am on the https://www.hostingcompany.com/****** page.
I'm working on a shopping cart page. In page A (checkout) the user enters their credit card information. On postback, if everything is correct, it sends the user to page B (confirmation). My question is, can I (or should I) use server variables to send CC information to page B?
My boss doesn't want me to store this information in the SQL database we're using. Obviously cookies are out of the question and so is passing info through request.querystring, so I was thinking on using session variables for this, but not sure if it's safe. What should I do?
I have a directory (folder) in ISS 6.0 Web server. I need to upload to a secure server over an HTTPS connection. What is the best method to upload from this directory to a secure sever.
To access the server via a browser i have to type a password and username. The file are Cxml files and need to be uploaded on a secure connection.(HTTPS) I would need to run a schedule task every 2 minutes to check the directory for any files that are there.
What script or method should i use. Is there any particular sample script such as (ASP) i could use. I am sure this can be done in ASP...but does anyone know how.
how do i restrict anyone by changing an asp file. can it be done using visual source safe? Is there any way that i can stop any one from making changes in my asp file.
I have been lately dealing with developing an ASP based web application which uploads documents to a folder. Application itself is password protected by the session.
I am now looking for securing the documents that are uploaded.
For example;
Let's say AAA.doc is uploaded to "/docs" folder by this password-protected application. But, I can't prevent the following link to download this Word document:
(URL address blocked: See forum rules)
How can I prevent the above link to download AAA.doc? Is it something possible to restrict it with a session variable? I also want the user who are authenticated at the beginning to view or download the file, but unauthenticated users shouldn't view it.
I found some articles but they are speaking about IIS level things. Folders may be created dynamically. Is it possible to have this security feature at application level?
I have a bunch of Excel reports that I would like to display on my company's intranet. The reports contain priviledged information, however. My plan was to have a page with a dropdown box so someone could pick the report they need to view. This page can be secured with a session object, etc. But what is to keep an unauthorized person from accessing a file by typing. Is there something I could configure in IIS? Set permissions?
I have an application that needs to pull files from an internal server. This is the setup. The web server is external facing, meaning exposed to the internet. I then have a file server that sits inside our domain. I created a COM object that can impersonate a user to retrieve files from that server. However, I cannot get the application to pull files from the internal server.
I first tried a domain account that could reach both servers. This did not work. I then had the network team create the same account on both machines. This is not working either. I can impersonate the user (I am able to get the user/users authenticated), but the script keeps coming back with and access denied. Code:
if there's a way to copy image files from one server to another using ASP and FSO? Or perhaps some other way to do it? I'm trying to collect information on books, and want to have a picture of the book associated with the description, but I want to be nice and host the pictures myself, not just link to other people's pictures. Is there a way to do this?
i have an ecommerce site that is split across two domains, a secure space that retains cc details and the main site where contact information and order details are held. I need to be able to produce a report that displays both sets of info in a printable document. aside from using iframes is there a better way of doing this?
I have a site that currently is password protected, using a combination of ldap authentication and asp session management. So for every asp page, I check the session to make sure they're authenticated, if not I send them to the login page. BUT.... there is a robohelp componenet that is almost a website within this website. All these robohelp files are htm or html based, so I'm unable to put asp scripting (to check for session authentication). So, my problem is, how do i protect these pages using my existing framework?
I have a locally hosted (via an executable) asp application. Does anyone know what would be the best (cheapest) way to add copy protection in it?
The application is an exe web server with the asp pages embedded in the executable. No one can copy the asp pages, but they can copy the executable and distribute it that way. I don't want them to do that.
If there is some sort of wrapper or asp code I could add to it for licensing or registration, please let me know.
I have allways validated user input to pieces prior to integrating it into a SQL statement, in order to avoid SQL Injection attacs. A colleague of mine told me that binding my vars would make them SQL scalar, but I have been left in the dark as to HOW... The web left me none the wiser, as well, so here goes: Anyone got a brief example of binding vars in ASP to get me started?
After trying out 3/4 password scripts which I've used before and won't work today.I've come to the end of my tether! I need a ready made script asap to password protect a set of webpages, something simple with login and p/w for one user.
I have a webpage. However I only want people to access it if they are members of a certain group. When I say group I mean Active Directory group. The log into windows with their Active Directory username and PW, and lets say they are members of 'employee1' group in Active Directory. I'm pretty sure I use ASP, to restrict access to a webpage depending on the users group. how I would go about doing this?
Can anyone find fault with this code? I wrote in in hopes of preventing users from "breaking" SQL queries and getting places they shouldn't by using SQL Injections.
is it possiable to write in asp program that will be able to analytics the server log files? any information on this subject will be good for me now cause i'm just starting...links...codes...any info...