Securing A Database Driven Site
Firstly, apologies if this is the wrong section!
Ive created a site using ASP and an Access database. At the moment the database is unprotected, and I haven't used any usernames or passwords to access the database.
Now that development of the core site is almost complete, i want to secure the database.
View Replies
ADVERTISEMENT
I want to develop a site with the following features:
1. A movie library (DVD's, VCD's etc)
2. A database
3. search by category, title, actor, etc
4. membership signup
5. tracking system for lent out titles
Now am new to ASP just dived in am using Visual web developer express edition. Please point me in the right direction on the best way to do this. Am self taught kind a person and will not take me a long time to get the hang of it once in the right direction. Am not conversant with Visual basic or C#.
View Replies
View Related
when doing a dynamic site such as this, how does one handle the articles? is the whole article dropped into the db? or does it sit somewhere else and the db just references it?
i'm going to convert a large static site over to asp this summer and am starting to plan the architecture and i haven't really been able to find the answer.
View Replies
View Related
I am trying to create a URL from a list of names from a database...it showing up blank. Trying to pass ID and Name as parameters too. the code I tried is below, thanks in advance.
NAMES.Open()
Names.MoveFirst
Response.Write "<TABLE Border='1'>"
Do While NOT NameS.EOF
%>
<a href="access.asp?intID=<%Response.Write(Names("ID")) %>&strName=<%Response.Write Server.URLEncode(Names("Name"))%>"> </a>
<%
Names.MoveNext
Loop
Response.Write "</TABLE>"
View Replies
View Related
I have found some code on the net and been given permission to use it. However I wish to connect this code to a SQL Server database, so what would I use? I am mainly an ASP/HTML/JS user but it will not let me use the standard VB script on a .xml page. How do I connect my XML to the database?
View Replies
View Related
I have a website setup which has MS-Access DB. The web pages are in ASP and uses ADO to connect to DB. The DB is located in the Folder "/Database". I have the Connection string setup in the Global.asa file.
As my virtual Directory is "/" and all files and folders including the "Database" folder are with in the folder so any one who knows the Database
folder name and database name can directly download the database from the
website.
The physical Directory for the virtual directory is: -
d:mywebsite
d:mywebsitedatabase
d:mywebsiteDLLs
d:mywebsiteimages
d:mywebsiteinclude
d:mywebsitestylesheet
d:mywebsite emplate
How Can I restrict the database to be access directly from web? Please suggest all alternatives that I can opt for.
View Replies
View Related
I've learned how to basically access the database. Set ADOConn = Server.CreateObject ("ADODB.Connection")ADOConn.Open "myDataSource", "sa", "ItsASecret" But putting that code in each asp pages or putting it in the global.asa will be insecure. Since if the hacker gets the asp files or the global.asa files they will know the user id and password for the database. In this case, it's "sa" and "ItsASecret".
How can I do it so that they will never see this? I know of a way by using the Metabase.
if I'm not running my own IIS server to do that and that I'm just gonna rent a webspace what are their options? Will they let me change or add this in their metabase? If not, what's the term for securing it? How should I go about securing my database id and password?
View Replies
View Related
all my ASP sites use an Access database. Most are parts of our company intranet and i want to protect the databases from being opened but have it so that i can open the tables and make adjustments if needed.
I've tried adding a password to the database but of course that prevents it from being accessed via ASP. Just wondered if anyone had come across this problem and found a viable solution.
View Replies
View Related
Does anyone know where I can find a free simple script to create a search engine using Access Database backend and will allow the user to type in a word (not a using drop down list) and it will search the table.
View Replies
View Related
what i want to do is create an image gallery, that when u click on a picture it opens in a pop up with the images caption and name there also. I've stored the captions and image names in a database - images.mdb table - Images
I just need a page now that sorts it all out to display the correct image, caption and title in the pop up. The images are stored in folder images and the database in the website root directory.
i've read a couple of articles on various websites, and played with the image gallery wizard on Frontpage but the websites dont explain my problem, and i cant adapt the gallery on frontpage. I'm a bit of a novice in ASP so I would really appreciate it if you could some how make the bits of the script I need to change standout.
View Replies
View Related
I always heard the term "data/database driven programming" model in ASP database, SQL programming, and web programming circles. But I don't quite sure what does it mean? Does it mean the web software's responds are based on data request from the user? Just like in Windows, we call it "event-driven programming" model because the windows program's responds based on user's responses? That's why we call "data driven programming" ?
View Replies
View Related
I want to create a breadcrumb trail on a site, but instead of being
generated by cookies or a directory structure, it needs to be database
driven. My website details hundreds of products, each belonging to a
category. Each category can belong to a parent category, and so on.
My site will feature master/detail pages, and both need to feature a
trail, e.g.
Books > Hobbies > Sport > Football
The master page will list all items within the current category, and the
trail will allow the user to click to any parent category for a wider
listing.
The detail page will show the item detail, along with a full trail to
the category/parent categories it belongs to.
The category structure will grow over time, and different branches will
have different number of levels so it needs to be maintainable.
View Replies
View Related
how to create asp spry type horizontal menu that is populated from a mssql database. Only able to find help for asp.net, need help for strait asp.
View Replies
View Related
We have a site with ms access backend, hosted remotely with a hosting company. Can we read the tables in the site database within our office desktop app either using web services or some other way? Are there any links to how this can be accomplished?
View Replies
View Related
My client has 35 domains (web addresses) that they want to host on a Windows 2K box with IIS 5. They want one application built using ASP and SQL server, hosted somehow on the IIS so that it appears as the same application for each domain. The end user of each domain will actually be using the same application.The head of each of the 35 domain, or the jr. web master of each domain should be able to cutomize the look of the each of their domain. This customization feature would be built into the ASP application. Things that can be changed would be some text, color of text, size and color of input boxes.
This application will be similar to some of the eCommerce sites that have a web interface for their merchants to be able to modify their individual sites. Sort of selecting and modifying templates. They want 1 application so any changes and update of the application will reflect on all domains.My question is how do I start designing this?
Where can I get info on this project, any opensource stuff I can look at?
Do I incorporate XML anywhere?The domains will be accessing the same DB, how do I minimize DB trips?
View Replies
View Related
Does anyone know where I can find any resources for dynamically creating pop out menus using a database backend for the links?
View Replies
View Related
How do I go about securing download files on my site so users can download those files only by clicking a link and not by typing the files address in the address bar. Is this even possible?...
View Replies
View Related
I am wriging a web application which cosists of a main directory with all the main code, and a subdirectory with the administration features. althogh the two locations will share configuration resources, I need to protect the admin folder from unauthorised access. I know that in apache their is some kind of authentication (I think it is used through an ".htaccess" command or someting) and I'm wanting to do a similar thing in ASP.
View Replies
View Related
Are there some easy to use (and free) web scanning tools that can check
for security vulnerabilities (SQL injection, cross site attacks) on classic
ASP apps and suggest ways to fix them?
View Replies
View Related
Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Anyone care to offer a solution?
View Replies
View Related
I recently developed my first website and I hosted it on my pc.But when I try to access it from other computers, I am able to do that only when I turned the firewall off.Is there any possibility to access my website in internet on providing security to my system?
And one more problem is when ever I access any control on my webpage in internet, I am getting a dailogue box indicating that "connecting to mysite.dnsalias.com" and it is asking for userid and password.If any one knows please tell me why I'm getting the dailogue box and how to avoid getting it.
View Replies
View Related
I have a client who has a password protected page via session that lists a bunch of pdf's.They are a little worried that you are able to browse and see the pdf's via the url without being logged in.
I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?
View Replies
View Related
How can I make my asp page secure so that I can sell it and not have people be able to view the code. I know one way to do this would be to make it a component, but I dont really know how to convert ASP into Visual Basic.
View Replies
View Related
I am using Dreamweaver with ASP VBSCRIPT and want to secure a password that the user puts in and sends to my sql server 2000 database. Can anyone give me any guidance how I could do this?
View Replies
View Related
tell me a way to programmatically with script at the server, reset the current user's security context from the IUSR_ account to a different one? what we'd do is anyone who is already logged in as a customer through our ASP page login setting customer-specific session variables.
we'd programmatically impersonate them as a different windows account,switching them from the anonymous IIS account they start off as. Bottom line is that we don't want them to have to login a 2nd time to get to these new pages. We've got other non-asp files that I cannot simply put behind an ASP-based login, which is why we need to lock the directory down behind Windows security.
View Replies
View Related
I just got in charge of a weekly online magazine. I was wondering if there are any webmasters out there who might recommend a good ASP driven CMS for this task, better if free.
View Replies
View Related
I am looking for info and maybe an example on a database driven dual drop down. I need the second drop down populated by the selection of the first drop down.
View Replies
View Related
I have 3 websites and make use of free counters provided by other web hosting companies to count the no of hits. Now I want to install a multiple-user databased driven asp counter (with initial value setting) in one of my sites to provide the statistics. I try to use the google search to look for a free script but to no avail. Anyone know of a free asp script that I could use for this purpose?
View Replies
View Related
I haven't started programming with databases yet, but instead have been saving data in asp files. The files would look something like this.... Code:
View Replies
View Related
My client has purchased 'software' - it really is just a series of html documents. I need to ensure that these pages are protected and only those who log in can view them.
I am building an asp/db based login front end to ensure that users have paid for the system. I just do not know how to protect the files from there because they are html. Converting them to asp is not an option.
View Replies
View Related
How can I protect from SQL-injection in this instance?Code:
sql = "
SELECT dbo.admin.id, dbo.admin.email
FROM dbo.admin
WHERE dbo.admin.username = '"&Request.Form("user")&"'"
View Replies
View Related
I intend to send word documents thru mail to my clients. I don't want my clients to save the word document to there system and i don't want them to print the word documents. How can i achieve both the tasks ?
View Replies
View Related
My client has an annual calendar of events consisting of a record for each event, key field is the event date saved as a date type field. They would like the display to start with the current month, list to the end of the year then start the beginning of the year and list up to the current month.How does one retrieve data based on date? I guess I'd like something like :
SELECT * FROM EVENTS WHERE [month is greater than or equal to the current
month] ORDER BY Date
Then :
SELECT * FROM EVENTS WHERE [month is less than the current month] ORDER BY
Date
What is the syntax for the month bits between the []?
View Replies
View Related