Securing A Web Application
Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Anyone care to offer a solution?
View Replies
ADVERTISEMENT
How do I go about securing download files on my site so users can download those files only by clicking a link and not by typing the files address in the address bar. Is this even possible?...
View Replies
View Related
I am wriging a web application which cosists of a main directory with all the main code, and a subdirectory with the administration features. althogh the two locations will share configuration resources, I need to protect the admin folder from unauthorised access. I know that in apache their is some kind of authentication (I think it is used through an ".htaccess" command or someting) and I'm wanting to do a similar thing in ASP.
View Replies
View Related
Are there some easy to use (and free) web scanning tools that can check
for security vulnerabilities (SQL injection, cross site attacks) on classic
ASP apps and suggest ways to fix them?
View Replies
View Related
I recently developed my first website and I hosted it on my pc.But when I try to access it from other computers, I am able to do that only when I turned the firewall off.Is there any possibility to access my website in internet on providing security to my system?
And one more problem is when ever I access any control on my webpage in internet, I am getting a dailogue box indicating that "connecting to mysite.dnsalias.com" and it is asking for userid and password.If any one knows please tell me why I'm getting the dailogue box and how to avoid getting it.
View Replies
View Related
I have a client who has a password protected page via session that lists a bunch of pdf's.They are a little worried that you are able to browse and see the pdf's via the url without being logged in.
I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?
View Replies
View Related
How can I make my asp page secure so that I can sell it and not have people be able to view the code. I know one way to do this would be to make it a component, but I dont really know how to convert ASP into Visual Basic.
View Replies
View Related
I have a website setup which has MS-Access DB. The web pages are in ASP and uses ADO to connect to DB. The DB is located in the Folder "/Database". I have the Connection string setup in the Global.asa file.
As my virtual Directory is "/" and all files and folders including the "Database" folder are with in the folder so any one who knows the Database
folder name and database name can directly download the database from the
website.
The physical Directory for the virtual directory is: -
d:mywebsite
d:mywebsitedatabase
d:mywebsiteDLLs
d:mywebsiteimages
d:mywebsiteinclude
d:mywebsitestylesheet
d:mywebsite emplate
How Can I restrict the database to be access directly from web? Please suggest all alternatives that I can opt for.
View Replies
View Related
I am using Dreamweaver with ASP VBSCRIPT and want to secure a password that the user puts in and sends to my sql server 2000 database. Can anyone give me any guidance how I could do this?
View Replies
View Related
tell me a way to programmatically with script at the server, reset the current user's security context from the IUSR_ account to a different one? what we'd do is anyone who is already logged in as a customer through our ASP page login setting customer-specific session variables.
we'd programmatically impersonate them as a different windows account,switching them from the anonymous IIS account they start off as. Bottom line is that we don't want them to have to login a 2nd time to get to these new pages. We've got other non-asp files that I cannot simply put behind an ASP-based login, which is why we need to lock the directory down behind Windows security.
View Replies
View Related
I haven't started programming with databases yet, but instead have been saving data in asp files. The files would look something like this.... Code:
View Replies
View Related
My client has purchased 'software' - it really is just a series of html documents. I need to ensure that these pages are protected and only those who log in can view them.
I am building an asp/db based login front end to ensure that users have paid for the system. I just do not know how to protect the files from there because they are html. Converting them to asp is not an option.
View Replies
View Related
How can I protect from SQL-injection in this instance?Code:
sql = "
SELECT dbo.admin.id, dbo.admin.email
FROM dbo.admin
WHERE dbo.admin.username = '"&Request.Form("user")&"'"
View Replies
View Related
I've learned how to basically access the database. Set ADOConn = Server.CreateObject ("ADODB.Connection")ADOConn.Open "myDataSource", "sa", "ItsASecret" But putting that code in each asp pages or putting it in the global.asa will be insecure. Since if the hacker gets the asp files or the global.asa files they will know the user id and password for the database. In this case, it's "sa" and "ItsASecret".
How can I do it so that they will never see this? I know of a way by using the Metabase.
if I'm not running my own IIS server to do that and that I'm just gonna rent a webspace what are their options? Will they let me change or add this in their metabase? If not, what's the term for securing it? How should I go about securing my database id and password?
View Replies
View Related
all my ASP sites use an Access database. Most are parts of our company intranet and i want to protect the databases from being opened but have it so that i can open the tables and make adjustments if needed.
I've tried adding a password to the database but of course that prevents it from being accessed via ASP. Just wondered if anyone had come across this problem and found a viable solution.
View Replies
View Related
I intend to send word documents thru mail to my clients. I don't want my clients to save the word document to there system and i don't want them to print the word documents. How can i achieve both the tasks ?
View Replies
View Related
Looking for a way to secure string. Have connect.asp page as an include file, but want to still use dsn-less connection and not have this in an asp page. Though about putting this in the global.asa file. Don't want to create a DSN and give IUSR_ rights to SQL DB.
View Replies
View Related
I recently put together a site for a friend that needed a database to drive part of it. I tried and failed miserably at trying to learn ASP.NET & PHP so my friend sourced a web developer graduate who said he'd done a CMS for his final degree work. Great I thought, that takes care of the DB side of things.
On the back end, there are 4 web pages that deal with managing the database submissions:
1.) A login page
2.) A page to add a record to the database
3.) A page to delete a record from the database
4.) A page to update a record on the database
The login page has some sort of encryption within its ASP code but is not in protected directory so I guess it's probably subject to a brute force attack, but this I think my friend is prepared to live with as his site is so specialist and low-traffic. Code:
View Replies
View Related
Firstly, apologies if this is the wrong section!
Ive created a site using ASP and an Access database. At the moment the database is unprotected, and I haven't used any usernames or passwords to access the database.
Now that development of the core site is almost complete, i want to secure the database.
View Replies
View Related
I have a client who has a password protected page (via session) that lists a bunch of pdf's. They are a little worried that you are able to browse and see the pdf's via the url without being logged in.
I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?
View Replies
View Related
We have our web-site developed in classic ASP, and I need to add this additional feature on one of the pages to access a VB application. How can I do that? The VB application basically sends output to the COM3 port and opens a USB-Cash drawer that is attached to it. I am not sure how to go about with this.
View Replies
View Related
Sometime this morning our classic asp web application stopped
authenticating against active directory. This is our only "classic" asp
app that authenticates against ad. Note that this app has been in
production for three years with no problems. All .NET apps are
authenticating fine from the same server. This same classic asp app
authenticates fine from our development server. There have been no code
changes to this app.
We're using the login id and password to bind the necessary ad objects
- we check for err.number - if equal to zero, we're authenticated, if
not equal to zero then authentication failed.
We checked with the network people and they say ad is working fine and
the server is able to authenticate. The app doesn't go through a
firewall -so no hang up there. The guys who manage the web server say
they haven't made any changes to it. They confirmed that the app is in
the correct app pool so it doesn't conflict with 2.0 apps.
I'm stumped.
View Replies
View Related
I remember coming across a MS tool that would allow me to monitor the performance of all aspects of a DNA based application - all the way from the ASP level to MS SQL server. It was part of the NT resource kit. I am trying to locate this tool for Win 2000. Can someone who has come across such a tool help me
View Replies
View Related
I've just been given some code to decipher in classic ASP and have come across this function (Application()) in several instances. I can't seem to figure out what it does?
View Replies
View Related
I am about to create a web application using asp and vbs to build an online
roster for a department of 25 people. The roster covers some 10 shifts a
day, 7 days a week always starting on a Sunday. I will be using an access
database file to hold the information. At this this stage I will hold all
the data for each week based on the date that the week starts.
I am looking for ideas on how to dynamically give the user the option to
choose any given week in any given year, always starting on a sunday. Could
this be created on the fly or would it be easier creating a database table
holding the dates for Sunday for a year or 2 ?
Once a week is chosen a check on the database will determine if that weeks
roster has been created or not. If not a user with the correct permissions
can then create it.The rosters are currently written out by hand. It is a labourious task which must have certain numbers of staff working each shift for a given day. By
creating a web application automating the checking process and making the
roster available online and by email will make life easier for all staff
involved.
View Replies
View Related
i am trying to install my ASP web application to my client side server, but 1 thing i am worry is they my stole my source code to sell-over or they might modify my source code... how those software house which develop ASP web application they gonna avoid this?I know Microsoft have a program that can encrypt & encode ASP files and run properly in IIS.... But to bad... i also found the Decode program too
So what is the safety way to deploy my application to client without any worries?
Some might ask me go for .NEt, in this momment not yet toward .NET.
View Replies
View Related
I am Geting the Error "Application uses a value of the wrong type for the current operation in one of my asp pages"
VB Method
oCMD.Parameters.Append oCMD.CreateParameter("@CustNo", adDecimal, adParamInput, 9, intCustNo)
oCMD.Parameters("@CustNo").Precision = 9
oCMD.Parameters("@CustNo").NumericScale = 0
For adDecimal Data Type Should i have to set Length as 5 instead of 9.
Is this causing the above or something else ?
View Replies
View Related
I am trying to develop an ASP.net application
using Visual Studio .Net 2003. When I attempt to create
the project, it gives me an error stating that the IIS on
my hosting server may not be compatible and the active
directory cannot find the web server. The server is
running Windows 2000, IE 5.5. Is there some sort of
patch I can download to allow me to create ASP projects
on that server? Or something I should install?
View Replies
View Related
I am trying to set up a fax ASP web (or vb 6) application and I want to use the FaxComEx.dll library that comes with winXP fax services. But I cant find documentation about this library.
I found something in msdn but it is very dificult to watch the logic that appeared. It's very confusing. Is there something else that can I rely to learn how to make a fax application?
View Replies
View Related
I have a client that wants to have ticket system on their web site where people could order a ticket online and after they send their payment to paypal they would be redirected back to the web site and have a unique ticket that they would be able to print out the ticket but they cant be the same ticket to prevent people from printing out the same tickets. Is this possible? Is there a program?
View Replies
View Related
My web application i need to view it on the palm. Backend is SQl and front end is ASP
How do i make it work on the PALm
View Replies
View Related
create a user subdirectorie with a webpage that he o0r she can fill with there own logo and with some text,perhaps a link but just one page.That page must automaticly come up in a link page so people can see his page.
Thing I want to have is a way that our customers, that dont want to pay for a a bigger website,can have just one page on our website in there own subdir.
I see lot's of free csm style websites but that's to time consuming for people that want just a simple page with just there logo an advertising and some info.
View Replies
View Related
I am developing a web application that will allow user 3 trials to login with the correct password and user name.
View Replies
View Related