what is the best way to create secure passwords in a database. I have a login system that can create users but it saves the users passwords in clear text. how would i go about doing this so if people look in the database they will not know the password.
View Repliesi have an ecommerce site that is split across two domains, a secure space that retains cc details and the main site where contact information and order details are held. I need to be able to produce a report that displays both sets of info in a printable document. aside from using iframes is there a better way of doing this?
View Replies View RelatedIs it possible to password protect a web page that has editable text areas defined so that only authorised users can make edits?
View Replies View RelatedI've create a log in page connecting to a database that stores its passwords in MD5. Can someone point me in the right direction on how I can get my login page to recognize those passwords? Here's the code I'm using: Code:
View Replies View Relatedi have the following code to check if two password fields submitted equal each other. If they do then passwordok = 1 else it = 0. No matter that i put in the two fields it always = 0. can anyone see whats wrong? Code:
View Replies View RelatedCan anyone tell me how to apply a password to an Access database and then open the database with ASP. I know how to do this without the password, but have not been able to make the password work.
View Replies View RelatedIn my access database i have 2 tables called seceret question and secret answer. I would like to provide users with thier passwords without using emails. There would be a screen where they can enter thier username, secret answer then thier password will be displayed on the screen. Or alternatively they could just enter thier username and thier password
View Replies View RelatedCan someone help me with creating a password in asp? i know how to create a password for a single user, so how would you create one for multiple users? also i want to know how it is stored in a database, e.g. MS Access
View Replies View RelatedI made a website for my work and we have it secure to where you have to login when you come to the site. But for some reason when you use the check box to SAVE PASSWORD it will not save the password.
So each time a client comes back to the site they have to put thier password in (and they arent happy about it) Just wondering if there is a setting I can turn off or turn on to enable the passwords to be saved.
I have an access dbase that holds and an expiry date. I need to compare the expiry date with the current date and if it is later than the current date it will allow access (if the username password is correct of course)otherwise it will display an error message saying that membership has expired.
View Replies View RelatedI'm working in ASP (not ASP.NET), and want to create a user database, with username and password. Though it isn't really necessary, since the program will be used on an intranet and by few people, I'd like to have the passwords stored and compared as hash values, for extra security.
However, I'm having trouble finding out how to do hashes in ASP. All the exampes I'm finding are for ASP.NET (and, no, I can't upgrade.) What function(s) would I use for hashing in ASP? Can it even be done?
What I want is to have a user log on with a username/password which I give to them. When they type it in I want it to direct them towards a specific form for them.
What I am doing is running a soccer league. so I want a team to be able to log in and then show up a form where they can enter stats from their game, and about their players which will go into a database. I am unsure how to go about having a different form show up for different users.
I am new to ASP and have been asked to create a login page which will bypass the password (see code below): Code:
View Replies View Relateddoes anyone know of any good tutorials on how to get a login and password checker.
basically ive got a home page with forms to log in and give password which get sent to an asp page i then need to check that username and password with the relevent one in the database or check if they are wrong or do not exist.
I have a requirement to enforce strong passwords from a customer, and I can only assume they won't be the last to ask for it.
Does anyone have any pointers for handling complex passwords? In this particular case I need to enforce.
between 6 and 16 Case Sensitive AlphaNumerics with at least one non-AlphaNumeric character. min and max I've got, but I'm not sure where to go with the rest.
I'm trying to create a MySQL table for users in a Drupal install (as I've accidentally deleted it).
So, i go through my existing tblContacts and write out Firstname, Lastname, email, password, etc., formatted for MySQL.
Everything goes perfect UNTIL i try to MD5 hash the password (via the included MD5_js.asp): for some reason, it is returning the same hash for every user. If the hash function is not applied, each users unique password appears as normal. Code:
part of this code works but it seems to ignore the password check, any ideas?
If Request.Form("PuafoPassword") = Request.Form("RePassword") Then
strError = strError & "Passwords don't match.<br>" & vbNewLine
Else
If rspuafo.EOF and rspuafo.BOF Then
Response.Redirect ("thankyou.asp")
Response.End
Else
strError = "Username already exists, please choose another one" & vbNewLine
We have a web application where we want a user to be able to change his/her password if the password has expired but we are unable to do this with ASP at the moment because we can't log the user into the database without a valid password.
We do not want to store any "admin" user info to connect to the database to change the users password for security issues.Does anyone have any ideas of how we could go about doing this?
I need to tighten up security on my page... only thing is, I can't change file permissions. I have databases and normal files (.dat) that I don't want someone to be able to just type the URL to and be able to get into it all. For example, I have a database with usernames and passwords, but if someone found out/guessed the URL of the DB then they could open it all.
how can I use Encrypt in Access so that if someone guessed the URL then they couldn't just open it? Basically, I know how to do that in Access... but what I don't know is what code to add to my ASP pages to decrypt/un-password protect it so I can open it. If it is possible to stop someone from having access to a file by just using global.asa.
I am using the ADSI objects to retrieve groups and users informations. If possible, how can I retrieve the user password? I've search in Microsoft.com but I find only the SetPassword function (that of course changes the user password).
View Replies View RelatedI have a ASP/vbscript program that generates random passwords. The problem is I need to insert those passwords into an Access database of 327 clients. I have the random password program generating the 327 passwords, but have had no luck inserting them. Code:
View Replies View RelatedHow do I stop pages being active in the history.
I have tried this,
<% Response.Expires = -1 %>
But the pages are still active in the history and are being cached somewhere on the machine win2k.
If I create a simple login page and then store the UserId is a session and check its validity in the subsequent pages, How secure will the site be. I know the same question has been asked in the PHP forum
Code:
http://www.sitepoint.com/forums/showthread.php?t=233118
But how can I make my site secure enough in asp
I may be in over my head on this one... VERY new to ASP. I have a potential client which is a marine loan broker. He wants an online credit application for the boat dealers he works with (20 different ones). He wants the credit app to be co-branded. Dealer/LoanCompany logos at the top would be sufficent. The dealer would have a link on there own site to the loan company's site but wants it to look like they are "Partners" and not just being shullde from one site to the next.
Is there a way to display different dealer logos based on the referrer URL? I would rather have one creditapp.asp that displays the proper logos depending on the referrer over building 20 creditapp.asp's. He doesn't need the form data written to a database. He just wants the form data emailed to him. (this I can do) How secure is that emailed data?
Right now, I'm trying to use WSH to run PSCP (command-line version of
PuTTY). I've tested the command I'm using by opening a DOS box
manually on the server, and the test file is successfully transferred.
I've run Filemon and Regmon while running my sample ASP page, and see
no permissions problems. I've tried running cmd.exe and passing PSCP
as the parameter.
I've tried running PSCP.exe directly. I've even
tried using ASPexec to run it instead of WSH. None of these have
worked. I always get the same thing -- error code 0 (success) returned
from WSH or ASPexec, but when I look at the second server the file
never got there, and when I look at terminal services on the Web server
PSCP is still running.
I'd like to create a secure login from an ASP page to a specific SQL Server
2000 Db. Is there an accepted methodology for doing this? Are there any
resourses that show how this can be done?
I need to secure my web page, when it is reading a file from the
physical folder.
Say for eg.. I have a page Page1.aspx, which displays a list of links
that corresponds to
the available text files in one of the files. All the other pages are
secured except this
page. So when I click the link, it redirects it to for eg..
http://localhost/folder1/one.txt.
But this should not happen. As the user can type this without even
logging into the website.
So I need to know how to stream this file and display it in another
page, rather than just showing it.
Iīve made a loginpage in asp, and a page that receives
the data from the form and logs you in.
But how do i make the loginpage secure?
Do i have to use https, and if so, how do i change from
http to https when the loginpage is included in another
asp-file?I donīt know if i have explained myself correctly
Here's what I/m doing to sanitize/validate/secure my input.
1. The front end checks what kind of data is entered.
2. I am using parameterized query instead of concatenated strings (Against XSS)
3. I am replacing symbols like <,>,# etc with their appropriate entity number eg. & #32; without the space. (Agains SQL Injection)
Can someone please explain to me the basics of creating a secure connection (we're looking at using Authorize.net) and possibly point me in the direction of other resources for getting some info?
View Replies View RelatedI have a site designed with ASP 3.0 code (HTML and vbscript) that I want to protect from being visible. I want this code to be non-visible and hack-proof. Is there a way to either encrypt or protect another way to ensure that my code is not stolen?
View Replies View Relateddo know how can i prevent my page from cross side
like using <marquee></marquee>
I have a client with their own W2k server and their IT guy refuses to turn on the SMTP service for fear of it becoming hijacked by spammers.
However, they also want their web site to perform some emailing functions I would normally use CDOSYS for.
I'm having them look into alternate SMTP servers to use with CDOSYS, but I was wondering if anyone here can recommend a 3rd-party ASP-based SMTP app that might be more secure than IIS' built-in service?