Lets say I have a folder 'members/3/'. in this folder are images. I have a login page that connects to a database to retrieve user info. After login the user is directed to a page that lists the files in the above directory.
Now lets say some other user goes to the directory and types in members/3/image1.jpg he/she will now see the image. How can I stop this without using ntfs permissions.
This thread is not so much a big problem, but more to receive comments on my approach. You may have some other tips or advices of where to go or where absolutely not to go with my attempts. Code:
I have written a script to update user information in the Active Directory using ADSI. Here is part of it:
Set User = GetObject("LDAP://<GUID=" & GUID & ">")
User.Department = DepartmentName
User.SetInfo
Set User = Nothing
This works fine unless DepartmentName is an empty string ("").
Then I get error 0x8007200B: "The attribute syntax specified to the directory service is invalid." This happens with all the attributes I have tried, including TelephoneNumber . Do I need to delete the value of the attribute instead of setting it to an empty string? If so, how do I do it?
I did write some asp code, that I sell to companies, to control several dbases. Because I sell the code, it's not that they own the code and can sell it further or change the code, or add some extra code to it. It's like I'm selling a program like Excel and that they can use the program, not change it. I'm still the rightful and intellectual owner.
Also, if you give the raw asp-code, then there is a possibility that they change to code a bit for there internal usage only. But if I sell an update, then they have to search and copy/past there old code in the new page, not knowing, that everything will work eventually.
It would be a lot nicer and easer if I can deliver some protected code that they can't change! This will make my live a lot easer regarding updates. And I will sleep better because they can't see the raw asp code, copy/past/change and sell it or worse, going to competitors. Code:
Is their anyway I can protect my asp code from being copied. I have created a number of include files that are quite useful and save a lot of time.
I am hoping that if another developer is enlisted to work on a project i have worked on previously, I can protect all my hard work from being plagerised.
I have writen a few scripts that I'm allowing some poeple I know to use but I don't what them to be able to view the code, is there anyway of stoping them like compiling the code into a DLL or something?
I've built an upload system but i now need to protect the files from being downloaded without being logged into the site.What's the best scenario to implement.I'm using an access database for the site.
Here's what i have done so far.Once a file link (just the id not the file name) is clicked it will check that there's a session variable present then it will present the user with the actual file but i'm now guessing is this the best way to go.
I am building a site that will have a number of images on it, at the moment I have the images in a Dir on the site and the paths stored in database.I want the make it as hard as I can for people to download the Images that are stored on the as some will probably be copyrighted, etc. I know watermarking the images is probably the only real way of protecting them, but I was hoping not to have to do this.
I plan to put a transparent gif in front of the images so right clicking don't work, is there anything I can do to protect the paths that will appear in the source downloaded to the browser?
I am using ms access database and asp 3.0 as my front end. In my database there is a table called account and a field called password. How do I protect the password stored in the database.
I've created a database for a group of about 5 people that I password protected. They all use the same user name and pass to access the website. I've used a session variable that is set to "valid" if the user and pass are correct. When the click the sign out link on any page, I use the Code:
Imagine you could encrypt your asp pages and then using a dll run the pages as normal do you think there would be a market for it. Obviously the dll would need to be registered on the server, but once registered you never need to register it again, if the asp page changes then just re-encrypt it.
One advantage I could see for it is db connections or when writing scripts for other companies but want to protect some of the routines you might have written. But what do you think.
I am after a solution to people both linking to my images and putting the paths into their browsers manually (when they know the format, after viewing the site normally). The reason is that the site has banners, and the only way I can keep it up (afford the hosting) is by successfully serving a banner along with the image requested.
I know xoom and those sort of hosting places have this technology. so it exists, and I'm sure many of you know what I'm talking about. My site will be wholly written in ASP, so hopefully there is an ASP solution. It will also use a mysql db (if that info is of any use).
This is extremely important. If I can't find a workable solution, the new site will never be launched.
I've finally written an asp app that is worthy of resale and would like to hear from you who have done the same. What is the best way to protect my application? I would like to stay away from anything that has to be registered on the server as most of my target audience will not have physical access to their web servers. They will just upload the code to their server and set directory permissions for the database.
I 've purchased asp scripts myself in the past and had to provide a domain name where it would be running. It would not run on any other domain but the one I provided. Is this a practical approach or is there a better way? How is it done? I've also seen posts about putting some of the vb code into an activeX dll. Is this a solid solution? Again, How is this done?
I have a site with restrict access where people can download documents in pdf format. All documents reside in a folder. My problem is that if the person puts the full path to the document in the browser (ex. www.mysite.com/documents/documentx), he can download the document even not being logged in. What is the best way to create a protected folder that I can access via ASP (with a password) to get the document to the user ?
Is there any way to do it without saving files to a database or having to use windows basic authentication ?
I am developing a small e-commerce site that allows users to create an account, pay, and then download audio files.I have only been doing ASP for about 6 months and this is a new problem for me: I need to not only password protect the pages (using Sessions and checking usernames and passwords against an Access database), but I also need to password protect the audio files themselves, so that users can't just type in the absolute URL to the audio files and get them for free.
I'm guessing password protecting the entire folder that contains the pages and audio files would be the best way to go, but I have no idea how to do this, and haven't been able to find any info on it.the site is part of a larger already existing site which is on a Shared Windows hosting account, so I have no root-level access to install any new software or technologies.
How can I password protect files so that no one can anonymously download it? I have windows 2003 server with IIS 6.0. Please explain the steps in detail.
I need to password protect all the pages of my website using ASP. Microsoft KB 301464 http://support.microsoft.com/default.aspx?scid=KB;EN-US;q301464&ID=KB;EN-US;q301464&SD=MSDN
provides a simple way of implementing it. But I am getting the following error in the Logon.asp script and dont know how to get past it. The Script block lacks the close of script tag (%>). /PDACPO1/Logon.asp, line 45.
Is there any way to setup a multiple password page where if user1 logs in it will take him to dir1 and if user2 logs in it will take him to dir2 and so on. Basically, we need a page that checks to see if the user name and password exists and then redirects accordingly.
I've got a site going that has pages protected by a login script. I have a logout button that simply redirects to a session.abandon page. Obviously people can still access the protected pages by hitting the back button on the browser (although they cannot go to any of the other pages by using the buttons on those pages).
Is there a way to protect the pages so that the user can't return to a page by using the back button? Or somehow force one of those "page expired" conditions so that a passerby couldn't snoop confidential information?
Ive seen a few examples of how to password protect my pages by either textfiles / access. But how can I make the pages so that no one can just enter the url and bypass the login page.
Im trying to create a shop site and im trying to create a maintenance page that only I have access to so that I can look at my database status without having to open the database directly. I need these pages to be completley locked from anyone but me.
I want to install asp and access on a server, is there way to password protect asp pages from being accessed directly?. I don't mean via web.But being accessed from the server directly?
Is there way to ensure that the asp pages works on the computer/server it has been installed on and not for any other comp?
So if some new admin tried to copy those asp pages to another computer,they would not work.
I have a select element in a form on a page with some options. When i submit thet form and the target asp page is executed, i want to find retrieve all the values in that select element on the page...?
thru request.form("sel") i am able to retrieve only the vaue selected by the user.
I am wanting to do this but am not able to do it. I have two fields: first name and last name and then submit button. When i hit submit button ,according to the name entered in the first field ,some results are displayed from database. Now when i hit submit ,the contents of my fields are cleared and i dont want that...i want the name to be still displayed in the textboxes... How do i do this? I dont want to basically clear the form contents on submit.
I am currently working on ASP. Users will input their contents into a textarea. The problem is that when they input and I retrieve them from the database, they will use the textarea space that was allocated to them and display exactly it is. For example the text area given is 500px and i only give the display part of 250px. Despite that, it will fill up and scrollbars will appear on my bottom of the webpage and have to scroll to the right. how i can display all text with the break lines in between yet still confined to the space of 250px.
I want to read a classic HTML Form using the ASP Request object on the server. This is a common approach. But how can I read all the contents of a listbox (the <select> tag)
Does anyone know of any issues interacting with asp pages from within Flash when you use Control>TestMovie ? i.e. When using a send and load, Flash seems to want to open my asp file (and return the contents in Flash) rather than run it and return a name/value pair as I'm expecting.
I have successfully been able to load text from an SQL-DB into a <textarea>.Now I need to save the edited text back to the DB But I can't seem to extract the value from the <textarea> into a vbscript-variable.
When the user clicks the submit button under the textarea I need the text to be saved into a variable, how?