We have an ASP application which links to various word and excel documents stored in a folder called attachments. The documents are extermely confidential in nature and we would like restrict the access to them through the application only. How can we prevent users from guessing the name of the document and reach it.
I am trying to prevent users from submitting HTML pages from their local machine to our website and I was wondering what the best way of doing this was.
I was thinking about using the HTTP_REFERER server variable (to check where the user has submitted a page from) as a blanket fix however when you use the javascript document.location on a page the HTTP_REFERER is always blank, which makes that a flawed fix.
I have seen other sites protect against this, so I know it can be done. Whats the best way.
When more than one user tries to access my system, one user gets his page processed, and the other users recieve an error message stating:
Microsoft JET Database Engine error '80004005'
Could not use ''; file already in use.
/processweb/html/cpr/admin/sel_sc.asp, line 25
I am using ASP 2, MS Access 97 and IIS 4. Any ideas why only one user is allowed to access the database simultaneously? The database file itself is closed.
I have a hunch it may be because the IUSR_[machine name] user account on the web server does not have access to the *.ldb database locking information file... Does this sound like a plausible reason?
Development environment: Windows 2003 Server running IIS6 and the same server running as a domain controller, DNS and DHCP servers.
Production environment: Windows 2000 Server SP4 running IIS5 and not used to provide domain control or name services.
The two environments are on different networks with no trust relationship between them. In both environments the web server is set up to disallow anonymous access and to use integrated Windows authentication. The application is vanilla ASP (i.e. not .NET) VBScript.
In the development environment, the following code runs flawlessly no matter whether "myUNCPath" points to a share on the web server or a share on another server in the same domain.
Set objFilesys = Server.CreateObject("Scripting.FileSystemObject") If Not objFileSys.FolderExists(myUNCPath) Then Set objFolder = objFileSys.CreateFolder(myUNCPath) End If
However, in the production environment it falls over with a permission denied error when "myUNCPath" is on another server and further testing shows that the FolderExists method is returning false even when "myUNCPath" exists. The network share is configured to give full control to the Everyone group.
I've found http://support.microsoft.com/kb/207671 which although referring to IIS4 suggests that the issue could be the authentication method (I'm assuming that integrated Windows authentication is close enough to NT Challenge/Response and so might generate a token that cannot access network resources). I'm not sure of this is the problem because if it were then the code shouldn't work in my development environment.
Any ideas on what's going wrong and how to access the network resources in the production environemt?
Using IIS I want to embed a TIFF file in my web/intranet page that is stored in a folder that is not accessible to everyone. The files are strictly private in nature and only the requested TIFF file may be shown. They are in a folder that is used by another application and it can’t be moved. Code:
how can i access XLS file instead of using a database? I have a single XLS file with several sheets-which in this case represent tables. How can access them, create recordset, display them etc.
I have a php file that I use to do some calculations and print out a variable. I have a script that works great in php, but i want to provide this service to alot of people and not everyone uses PHP.
how to create a spreadsheet with info from a database. Is there a way to create the spreadsheet on the users computer instead of on the web server? I want to prevent a whole lot of xls files from being created and stored on the server.
I am designing a website were we will give provision for users to upload files. I have heard that u have to use Some "file Upload" Component.where do get this file upload component.? or is there any other way to do file uploading without fielupload component?
I have a virtual directory which I can access as Directory Browing has been enabled. Now if in Internet Explorer I open any Static content like HTMLs/SWF's they work fine. But when I try to open an ASP page it gives me a 404 'File not Found' Error. ASPX pages work fine though they are in a different sub folder.
I have checked the security settings and they are not hidden. Any ideas?
I write search files webpage.when users enter part or all of a file name and asp page send back a list of only the files(that user can click to open files) whose names contain the text they entered.I want to save data about accessing files such as file name ,accessed date of fileto my database(Microsoft Access).I don't know how to write a adding code to do this. Code:
I want to be able to log in a database any transactions my users perform. For example logging in, requesting a page, downloading a resource, logging out etc.
What is the most practical way to code this? I was thinking of trying to use an include file which would have a function to add a log in the database for each page on the site or when a particular action is performed.
I am a webdesigner.We have recently taken over a site created in ASP. The site remains on the original server, but my company does the updates on the site.I do not touch the ASP at all, as I not familiar with it other then I know ASP automatically becomes html when you view it from the browser and u can save the file from there.Anyways, I edit the pages as required, new text, new photos, new links, and create new pages (any new pages I create in html if not tied to the database). I save the pages with a .asp extension and upload. This does not seem to mess anything up. The person who hosts the site, is upset that someone else is editing the site, so he's really not easy to work with. Anyways, after uploading files, everything works fine, and then a day later, all of a sudden, any .ASP pgs you click on give the following error or similar pasted below. What I'd like to know is if these errors are because of me..and if so, how do I prevent it.
I've got an intranet application that presents a list of files in sort of a 'central repository' web page. Each file is an href in the form <a href=file://server/share/path/filename.ext>.
When the user clicks on an excel file,it is opening within the browser,which unforntuntely confuses the heck out of them because the usual Print/Print Preview menu options are not available. I would like the user to be presented with the typical Open/Save dialog when clicking on this link.
Is there any way that I can force the browser to do the same thing as 'Save Target As', without modifying the user mime configuration in IE (another common suggestion), or hosting the files on the web server?
i have a form by asp and database by MS access.so i want to prevent the duplicate value in empID because when i add a new employee with the same id ASP gives me this error.
Error Type: Microsoft OLE DB Provider for ODBC Drivers (0x80040E14) [Microsoft][ODBC Microsoft Access Driver] The changes you requested to the table were not successful because they would create duplicate values in the index, primary key, or relationship. Change the data in the field or fields that contain duplicate data, remove the index, or redefine the index to permit duplicate entries and try again. /employee/admin/addemp1.asp, line 48
so i want the employee to get a message like this empID already exist or somthing like this.
If you look around on the web for advice on cache-control and using 'Option Explicit' you get a paradox. Both features are supposed to be the first piece of ASP code on the page. Well they can't BOTH be first can they?
What would the logic be to prevent flooding? On my forum they have a timer, so if the user has submitted a post, it starts the timer, and after 30 seconds it will allow him to post again.
When the user comments, record the date in a session (StartTime) and when the user tries again, DateDiff in seconds to see if the Now() time is more than 30 seconds after the StartTime. If it is, clear the session.
i tried to open Window B using window.open() from Main Window. And from Window B i open another new Window C which fires up session("topic")="something"
So i tried to open another window link from Main Window, and the session("topic") value is still the same. how can i overcome it? Beacuse im using same session("Topic") var for all the sql query statement. so if 1 window is opening and another different session window start, it will overwrite it each other.
How can you prevent the database error from displaying on screen? Can you redirect users to a more friendly error screen that is custom created. Using ASP/SQL Server. For instance, if the database cannot be found, instead of displaying,
Microsoft OLE DB Provider for SQL Server error '80004005' [DBNETLIB][ConnectionOpen (Connect()).]SQL Server does not exist or access denied. /myConn.asp, line 7
Can you make it to where you could display something like this:
"I'm sorry, a database error has occured, please try your request later, click hyperlink for list of possibilities."
Currently i am doing a file management project where user are able to create folder and upload files to it. The file ownner would be able to set permission (from database linking to the file path) if a user able to download it or not.
*each file info will be stored into a table e.g. fileid, filename, path, access.
Now i am facing a problem where if a user does not have permission to click on the link to download, the user can guess the path and the file name and directly type the path on the address bar to download the file.
I have a form which when submitted will validate the fields and then add the record to a database. If a mandatory field is not completed, there is an instruction to return to the form and complete the mandatory fields and then submit.
The problem I have is preventing the user from resubmitting the same form once it has been added to the database. I cannot deactivate the submit button, because if they need to return to complete mandatory fields, the submit button is still required.
I have read the article "Programming Forms To Submit Only Once" from 15seconds.com and this looks exactly what I need......
To prevent the same form from being submitted more than once we must:
Initialize the data structures. Create a mechanism to give each form a unique identification. Find a way to store a list of already submitted forms. When processing a form submit, we just have to check if its ID is on the list.
I am having problems when adding the recommended code to my form and my process form pages.
This may not be possible on the server side, so apologies if this is the wrong group for this post.My form consists of an unknown number of pairs of text boxes. They are named textbox_a and textbox_b. I then split the comma separated list that gets posted:
textbox_a = split(Request.Form("textbox_a"),",") for i = ubound(textbox_a) ...insert into db
then do the same for textbox_b
If anyone puts a comma into one of the text boxes, this will result in unmatched pairs. How can I deal with the comma, or prevent it?
I want to prevent multiple logins in my web application. For eg:If a user "userA" logs into the application,some other user with same userid "userA" should not be allowed to login as long as previously logged in "userA" is active.
Is there any solution? One method I thought was when user logs into application, I set a flag in table.If user logs out of application from the logout button explicitly provided in application, I reset the flag for that userid.But if user closes the application from browser(close) , I am unable to find a way to reset a flag.
due to my 'Language for non-Unicode Setting' in Regional Settings,my ASP page keeps outputing the date format as Chinese Simplified characters when issuing say, <%=Now()%>. In addition, my client script also interpret it as Chinese characters, which I don't want it to behave this way.
However, I can't remove my 'Chinese (PRC)' settings in control panel as I need it for other Chinese version software. Does anyone knows how can I display the date in my ASP page in normal English? I did try out the META tag Content Type and put in several charset to try out, but seems like it doesn't work at all.
I assume it has to do with cache control, but how do I prevent the form from clearing when a user hits the back button? The form I am referring to is my registration page. After the registration is submitted, they are taken to an error handling page. If an error comes up, they are required to hit the back button and correct the mistake.
It seems like for the most part it retains all of the information in the fields, but occasionally it clears it out. How can I prevent this?
I have a file that SHOULD only be made accessable to registered users. They must login to get to the download page. The problem I have is that once a user logs in an gets to that page they can potentially share the web link to that file with anyone and that unregistered user can bypass logging in.
I was thinking something along the lines of download.com where when you click download, the actual files location only appears for a split second, pops up the download box, then it switches to another webaddress?
I have a site which gives access to 2,000 Hi-Res photos for free. We noticed that people began to use programs like Offline Explorer and WebStripper to download our entire collection all at once. - This is a problem because it hogs our bandwidth, and we are scared that people are going to use our entire collection for their own financial gain, when we are providing it for free.
We actually have two web servers, one is the website where the user interface is located, the other is a server where we store all the image files (at an educational institution, unlimited storage). We link the images to the external server. Is there a way in ASP to limit access to the images by setting up a rule like so:
"Only allow access to these images if the referer is www.ourdomain.com" ? We would prefer not to use any 3rd party software.