How can I make my asp page secure so that I can sell it and not have people be able to view the code. I know one way to do this would be to make it a component, but I dont really know how to convert ASP into Visual Basic.
View RepliesHow do I go about securing download files on my site so users can download those files only by clicking a link and not by typing the files address in the address bar. Is this even possible?...
View Replies View RelatedI am wriging a web application which cosists of a main directory with all the main code, and a subdirectory with the administration features. althogh the two locations will share configuration resources, I need to protect the admin folder from unauthorised access. I know that in apache their is some kind of authentication (I think it is used through an ".htaccess" command or someting) and I'm wanting to do a similar thing in ASP.
View Replies View RelatedAre there some easy to use (and free) web scanning tools that can check
for security vulnerabilities (SQL injection, cross site attacks) on classic
ASP apps and suggest ways to fix them?
Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Anyone care to offer a solution?
I recently developed my first website and I hosted it on my pc.But when I try to access it from other computers, I am able to do that only when I turned the firewall off.Is there any possibility to access my website in internet on providing security to my system?
And one more problem is when ever I access any control on my webpage in internet, I am getting a dailogue box indicating that "connecting to mysite.dnsalias.com" and it is asking for userid and password.If any one knows please tell me why I'm getting the dailogue box and how to avoid getting it.
I have a client who has a password protected page via session that lists a bunch of pdf's.They are a little worried that you are able to browse and see the pdf's via the url without being logged in.
I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?
I have a website setup which has MS-Access DB. The web pages are in ASP and uses ADO to connect to DB. The DB is located in the Folder "/Database". I have the Connection string setup in the Global.asa file.
As my virtual Directory is "/" and all files and folders including the "Database" folder are with in the folder so any one who knows the Database
folder name and database name can directly download the database from the
website.
The physical Directory for the virtual directory is: -
d:mywebsite
d:mywebsitedatabase
d:mywebsiteDLLs
d:mywebsiteimages
d:mywebsiteinclude
d:mywebsitestylesheet
d:mywebsite emplate
How Can I restrict the database to be access directly from web? Please suggest all alternatives that I can opt for.
I am using Dreamweaver with ASP VBSCRIPT and want to secure a password that the user puts in and sends to my sql server 2000 database. Can anyone give me any guidance how I could do this?
View Replies View Relatedtell me a way to programmatically with script at the server, reset the current user's security context from the IUSR_ account to a different one? what we'd do is anyone who is already logged in as a customer through our ASP page login setting customer-specific session variables.
we'd programmatically impersonate them as a different windows account,switching them from the anonymous IIS account they start off as. Bottom line is that we don't want them to have to login a 2nd time to get to these new pages. We've got other non-asp files that I cannot simply put behind an ASP-based login, which is why we need to lock the directory down behind Windows security.
I haven't started programming with databases yet, but instead have been saving data in asp files. The files would look something like this.... Code:
View Replies View RelatedMy client has purchased 'software' - it really is just a series of html documents. I need to ensure that these pages are protected and only those who log in can view them.
I am building an asp/db based login front end to ensure that users have paid for the system. I just do not know how to protect the files from there because they are html. Converting them to asp is not an option.
How can I protect from SQL-injection in this instance?Code:
sql = "
SELECT dbo.admin.id, dbo.admin.email
FROM dbo.admin
WHERE dbo.admin.username = '"&Request.Form("user")&"'"
I've learned how to basically access the database. Set ADOConn = Server.CreateObject ("ADODB.Connection")ADOConn.Open "myDataSource", "sa", "ItsASecret" But putting that code in each asp pages or putting it in the global.asa will be insecure. Since if the hacker gets the asp files or the global.asa files they will know the user id and password for the database. In this case, it's "sa" and "ItsASecret".
How can I do it so that they will never see this? I know of a way by using the Metabase.
if I'm not running my own IIS server to do that and that I'm just gonna rent a webspace what are their options? Will they let me change or add this in their metabase? If not, what's the term for securing it? How should I go about securing my database id and password?
all my ASP sites use an Access database. Most are parts of our company intranet and i want to protect the databases from being opened but have it so that i can open the tables and make adjustments if needed.
I've tried adding a password to the database but of course that prevents it from being accessed via ASP. Just wondered if anyone had come across this problem and found a viable solution.
I intend to send word documents thru mail to my clients. I don't want my clients to save the word document to there system and i don't want them to print the word documents. How can i achieve both the tasks ?
View Replies View RelatedLooking for a way to secure string. Have connect.asp page as an include file, but want to still use dsn-less connection and not have this in an asp page. Though about putting this in the global.asa file. Don't want to create a DSN and give IUSR_ rights to SQL DB.
View Replies View RelatedI recently put together a site for a friend that needed a database to drive part of it. I tried and failed miserably at trying to learn ASP.NET & PHP so my friend sourced a web developer graduate who said he'd done a CMS for his final degree work. Great I thought, that takes care of the DB side of things.
On the back end, there are 4 web pages that deal with managing the database submissions:
1.) A login page
2.) A page to add a record to the database
3.) A page to delete a record from the database
4.) A page to update a record on the database
The login page has some sort of encryption within its ASP code but is not in protected directory so I guess it's probably subject to a brute force attack, but this I think my friend is prepared to live with as his site is so specialist and low-traffic. Code:
Firstly, apologies if this is the wrong section!
Ive created a site using ASP and an Access database. At the moment the database is unprotected, and I haven't used any usernames or passwords to access the database.
Now that development of the core site is almost complete, i want to secure the database.
I have a client who has a password protected page (via session) that lists a bunch of pdf's. They are a little worried that you are able to browse and see the pdf's via the url without being logged in.
I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?
I created a web page from Excel2000, using "Save as web page..."...Publish
function. then, I moved htm file to my IIS web server. Then I added a form control, and submit button.
How can get the data on the excel file using ASP from server side?
For example, the value of Cell(1,2), Cell(2,3)....
What I want to be able to do is create a user control that will display an
entire page page within it. Does anyone know how to do this or better yet
have any same code?
I like to know how to write this specifc function on ASP where the user eg: display a set of records on the webpage. Example the data are ID, Name and address.
Lets say i display the data on the webpage and i set the Name as the <a href>. So when i click on the name, it will move to another page with the id of the specific name. Code:
I have an ActiveX control in my ASP page that has not been signed yet, so currently just for testing I set the Security for Intranet to "Low". When I run the ASP page on my machine (the IIS is in my machine), I have no problem, except the page prompted me with "An ActiveX control on this page might be unsafe to interact with other parts of the page. Do you want to allow this interaction?"
But, when I run the ASP page on another machine (even though the other machine is also a development machine that already has the ActiveX control and I set the Security for Intranet to "Low"), it did not prompt me the above message, and I got an error when accesing any method of the AX control (e.g Object doesn't support this property or method 'myAXControl.method').
Is this because I have to create a CAB file and mark the AX control as safe for scripting ?To create a CAB file for this AX control, do I need to create my own VB AX
Control project that contains this control and then create a cab file for this VB project ?
This is a standard ASP application that has several pages at the root
withthe global.asa. I set a session variable session("accountid") =
"123456" within an asp page and then response.redirect to the next page and
immediately response.write session("accountid") and I get back nothing.
But if I set a session variable session("accountid") = "123456" within an
asp page and response.redirect to a page in a sub directory and immediately
response.write session("accountid") I get back 123456 on the screen.
I am having a problem with a site that I am developing - my aim is for it to validate as XHTML Strict however, I am running into a couple of problems validating it; in my Response.Write ASP script, I am not including " 's to define page element tags as they keep throwing up errors in the page. Code:
View Replies View RelatedI've a strange problem with Windows Vista, running an ASP page on local
machine (http://localhost/test.asp), the page does not give me any error but
the asp code is not executed (simple code : <% response.write("hello") %),
it show me a blank page, I think I've put all the setttings correctly, but
maybe I must do something obvious to fix that.
I encounter a page reload situation in ASP. It is I need a way to differentiate whether the current page - "Application_Result.asp" got reloaded itself when user click on the browserRefresh button or is requested by the previous page "Application_Form.asp".
I tried using
<%if Request.ServerVariables("REQUEST_METHOD") = "POST" then%>
<!--it is requested from "Application_Form.asp, do something-->
<%else%>
<!--Application_Result.asp refreshed itself(such as user clicks on the
browser Refresh button, do something else-->
<%end if%>
However, in both cases, the IF statement above all evaluated as true. how to differentiate this two different behavior (Page Refresh versus Page requested by another Page) ?
I have page for user to update his/her details. What i want is after idle for more than 20 mins, the page will redirect to login page automatically. So that the user knows that his/her session already expired and need to login again.
But it doesn't working. This is because if he/she update the details (after idle more than 20 mins), and click the Submit button, it will go to login page and all the data will be lost. Code:
I am working with a developer, on two portions to a site, he is working in PHP and my work is done in ASP.
Is it possible for my pages to request data from a cookie that was written by his pages that are PHP but residing on the same server? Just want to make sure before I spend too much time planning out the development on my end.
I have an application which allow users to search our database. Quite a lot
of search fields pull data from other tables. I don't want to populate the
dropdowns (total 14 of them) from the database everytime as it slow the page
load.
Instead I would like to have a link next to the text field which a
user and click and the choices can be displayed and whatever the user click
in the pop up I want to transfer it to the text box and close the popup.
For example there is a Textbox called country. The user can either type in
the country name or click on the link which will pull all the countries from
table in the database and which ever country user selects, the textbox is
popluated with the country name and the pop up closes automatically. Code:
I'm trying to write an asp page line by line, as one would create a
text file, only my file will end in .asp.
One line simply writes a close ASP code tag, or
FILECONTENTS=FILECONTENTS & "%>"
When this line processed, an error occurs saying that the string was
never terminated because the asp page attempting to write this line of
code to a NEW asp page reads that close ASP tag (%>), as an actual
close asp tag for itself, instead of a STRING value.
How do I write this %> symbol to a new asp file, while still
maintaining its purpose to close a group of asp code in the newly
created page?
This is my coding:
window.opener.location.reload(); window.close();
I don't want the IE to pop up the alert msg to false retry or cancel to reload the page.
I have tried:
1. window.opener.location = window.opener.location
2. window.opener.history.go(0)
But as i carry some data from previous previous page, when i use (window.opener.location = window.opener.location), it can't capture my data as it just load the page. It will pop up error as no data captured :
Microsoft VBScript runtime error '800a000d'
Type mismatch: '[string: ""]'
Any suggestion?