Need Idea About to Secure img path in ASP (img not open excluding our domian)files.......................i need this beocz our hostings are remote thousands of users pick our img path and paste in forums and we lose some our bandwith
Any body have solution for this (or provide me a ASP script for this) or tell me commands.
i currently have an asp authorization system setup on my website for access to certain html pages. this works great, but i need to restrict access to some pdf files as well. as of right now if the user is authenicated they have access to links to certain the pdf.
the problem is if i change a users access privileges they or anyone could open the file directly if they save or can guess the correct path.
i have tried to setup webserver folder security and use usernameassword@domain.com but this doesn't work in ie.
I thought about placing the pdfs in a database but im afraid that will slow down access to the files.
help me in securing a pdf file on my site. i want ot provide a pdf file that can only be viewed and not downloaded.
View Replies View RelatedI need to be able to secure files on my web server. I am using asp to secure access to links and pages, for example:
<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>
The place I'm running into problems is with files. I have a lot of charts and such in PDF version. I kind of doubt there is a way to secure these files with asp, but I thought it would be worth a try.
My biggest issue is that PDFs are stored in the browser's history, so once the page has been accessed, anyone using the browser can get to thatunsecured PDF. As a brute force fix, is there some way to simply erase the site from the browser history? If not, is there a way to secure the PDF, or does someone know of a better group to post on?
I have some asp files that are included in each of the (asp) pages of a new website I have built.I have many pages in the website, in many directories (3 levels).
The administrator does not alow to use parent path, and this is problematic to me now.
Any change of location of the included files, will not prevent from using parent path to access them.What can I do?I can not use one directory for all paes.
I have two environments: DEV and PROD. In DEV I have two independent webs. In PROD one of the webs is the root and the other is a subweb of the root.
Each enviornment has a different file system configuration so I must manually change the file location references in my code when I post from DEV to PROD. Code:
explain abt copy files from IIS image path to local client's machine.
View Replies View RelatedI'm looking to randomise a password for a set of new users to a website.
It straightforward randomising numbers in a few lines of code, but I want there to be letter mixed with the numbers. I thought of using the ASCII code character set to achieve it, but is there a quicker way?
note: I'm also interested in how this would be done using .Net, any .Net developers out there, please put you views across on this topic.
i receive from all over the world TXT files.
in the name of those files will be the name of the customer and the date
the customer must be able to see the data in the txt file
but the data must be orderd nicely on the page, the txt files are structured like this:
1;12;23;blabla;256;5;6;9;l;qdsf:546;
the startscreen for the customer must be the last file
and he must be able to scroll back trought the files
no databases are alowed, ne editing or deleting is alowed
how to get the data out of the txt file into variables?
how to determin witch file is the last one and witch file is previous one etc... ?
how to get the customers name out of the filename?
what's the best way to make the customer browes through his data?
I want some idea for creating multiple language support web site. more than 100 language support!!
View Replies View RelatedI have problem with physical path & virtual path on the server.
<!--#include virtual="country/inc.bottom.asp"-->
In this script it is working.
In all the file i have <!--#include file="../ar-inc.top.asp"--> this script.
I have about 10,000 files in the website.
i have an ecommerce site that is split across two domains, a secure space that retains cc details and the main site where contact information and order details are held. I need to be able to produce a report that displays both sets of info in a printable document. aside from using iframes is there a better way of doing this?
View Replies View RelatedHow do I stop pages being active in the history.
I have tried this,
<% Response.Expires = -1 %>
But the pages are still active in the history and are being cached somewhere on the machine win2k.
If I create a simple login page and then store the UserId is a session and check its validity in the subsequent pages, How secure will the site be. I know the same question has been asked in the PHP forum
Code:
http://www.sitepoint.com/forums/showthread.php?t=233118
But how can I make my site secure enough in asp
I may be in over my head on this one... VERY new to ASP. I have a potential client which is a marine loan broker. He wants an online credit application for the boat dealers he works with (20 different ones). He wants the credit app to be co-branded. Dealer/LoanCompany logos at the top would be sufficent. The dealer would have a link on there own site to the loan company's site but wants it to look like they are "Partners" and not just being shullde from one site to the next.
Is there a way to display different dealer logos based on the referrer URL? I would rather have one creditapp.asp that displays the proper logos depending on the referrer over building 20 creditapp.asp's. He doesn't need the form data written to a database. He just wants the form data emailed to him. (this I can do) How secure is that emailed data?
Right now, I'm trying to use WSH to run PSCP (command-line version of
PuTTY). I've tested the command I'm using by opening a DOS box
manually on the server, and the test file is successfully transferred.
I've run Filemon and Regmon while running my sample ASP page, and see
no permissions problems. I've tried running cmd.exe and passing PSCP
as the parameter.
I've tried running PSCP.exe directly. I've even
tried using ASPexec to run it instead of WSH. None of these have
worked. I always get the same thing -- error code 0 (success) returned
from WSH or ASPexec, but when I look at the second server the file
never got there, and when I look at terminal services on the Web server
PSCP is still running.
I have a website that we display images we have saved into a SQL Server 2000 database as binary BLOB. This is on a Windows 2003 Server. Just recently (a week ago) this website began to save the images it is displaying on the website as ASP pages in the Temporary Internet Files > IE.Content > Folder.
We have other websites where we use the exact same code and these do not save files on the server when they are displayed.
Here is the code to display the image:
Set rs = objConn.Execute( SQL )
Response.ContentType = "application/octet-stream"
Response.BinaryWrite rs("Product_Image")
SQL is the SQL String to get the image from database
When I add this code:
Response.ContentType = "image/jpeg"
The images still display on the website, but now are saved in the Temporary Internet Files folder as JPG's.
I'd like to create a secure login from an ASP page to a specific SQL Server
2000 Db. Is there an accepted methodology for doing this? Are there any
resourses that show how this can be done?
I need to secure my web page, when it is reading a file from the
physical folder.
Say for eg.. I have a page Page1.aspx, which displays a list of links
that corresponds to
the available text files in one of the files. All the other pages are
secured except this
page. So when I click the link, it redirects it to for eg..
http://localhost/folder1/one.txt.
But this should not happen. As the user can type this without even
logging into the website.
So I need to know how to stream this file and display it in another
page, rather than just showing it.
Iīve made a loginpage in asp, and a page that receives
the data from the form and logs you in.
But how do i make the loginpage secure?
Do i have to use https, and if so, how do i change from
http to https when the loginpage is included in another
asp-file?I donīt know if i have explained myself correctly
Here's what I/m doing to sanitize/validate/secure my input.
1. The front end checks what kind of data is entered.
2. I am using parameterized query instead of concatenated strings (Against XSS)
3. I am replacing symbols like <,>,# etc with their appropriate entity number eg. & #32; without the space. (Agains SQL Injection)
Can someone please explain to me the basics of creating a secure connection (we're looking at using Authorize.net) and possibly point me in the direction of other resources for getting some info?
View Replies View RelatedI have a site designed with ASP 3.0 code (HTML and vbscript) that I want to protect from being visible. I want this code to be non-visible and hack-proof. Is there a way to either encrypt or protect another way to ensure that my code is not stolen?
View Replies View Relateddo know how can i prevent my page from cross side
like using <marquee></marquee>
I have a client with their own W2k server and their IT guy refuses to turn on the SMTP service for fear of it becoming hijacked by spammers.
However, they also want their web site to perform some emailing functions I would normally use CDOSYS for.
I'm having them look into alternate SMTP servers to use with CDOSYS, but I was wondering if anyone here can recommend a 3rd-party ASP-based SMTP app that might be more secure than IIS' built-in service?
I've an ASP page in wich the customer write his card number for the payment. How can I make this information secure when it's sent to the server?
View Replies View RelatedI have written a simple script that is called every 75 seconds or so to test whether the SQL Server database is running. The script is contained in a page that is not linked to in the site.
The thing is I have hard coded the database information on the page, I was thinking of putting the connectionstring into my global.asa file as an application variable.
How secure are the two options?
Will there be any performance issues? Bearing in mind that this page is called every 75 seconds.
I have set up an asp script which writes the output of a form to a database.I have achieved my database connection like this:Code:
DIM objConn
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & _
Server.MapPath ("contact-2000.mdb") & ";User ID=admin"
objConn.Open
How do i go about making the database secure? at the moment anyone could view the source of the asp script and download the database.Which folder should the database be stored in? iv heard of using the root folder? at present the database is located in the same folder as my asp file.is there a way of setting up a password on the databas ein access and passing the password from my asp script to the database. the password would have to be encrypted though.
We have a need to allow our users to enter Credit Card #'s on a web page, so we need a secure page (have the little lock at the bottom of the browser) in order to do this.
1) What is this called? (I've heard the term SSL (Secure Socket Layer)tossed around, I don't know if this is the same or something different).
2) If I need a certificate of some sort for our server, how do I get it?
I have written a web app in asp3 which is used by lots of users.The data is all held server side.However,I want it so that the users can export the data in a csv file,much
like you can download a statement from online banking.
However,I don't want to save the file to the server,as then anyone else might guess the filename and download it.Is there any way to directly generate a file from an asp script.i.e.instead of asp returning html,it returns csv data which the user can save
away.
there is a way to post form variables in the best secure way... i don't sure how or what is the technical way to do this and that is the aim of this subject... but somehow the form write all the inputes into cookie and than the asp file read the form outputs from the cookie and not from the form itself... why? how it works?
View Replies View RelatedI have an ASP application that I would like to give out to customers. how do I control the licencing. They will get the source code.. (I know I can put it into a DLL - its a possibility) but even then they can simple copy it elsewhere.
So what I thought was some code looks at the servers name, IP and current date and generates a code based on that. Then, I create a code at my end that will only work for that server name, IP and up to a date I specify. The code would be encrypted somehow. Does that sound like it would work?
how do i restrict anyone by changing an asp file. can it be done using visual source safe? Is there any way that i can stop any one from making changes in my asp file.
View Replies View Related