Securing User Data
How can I protect from SQL-injection in this instance?Code:
sql = "
SELECT dbo.admin.id, dbo.admin.email
FROM dbo.admin
WHERE dbo.admin.username = '"&Request.Form("user")&"'"
ADVERTISEMENT
User Data Vs. Database
I have been thinking about storing some data, which my users upload, in text files rather than database, since often I do not know how much information users submit for things like item description or images URL paths.
This information may be very short or very long. MS SQL Server requires a maximum field length to be set. Thus, if user enters 5 characters into 5000 character field, a lot of space will be wasted. On the other hand, the database reference would point to the text
files to read users' data and display it on page.
How To Get Data From The User In One Page And Display Related Data In A New Page
how do i get data from a user on one page and display the result on the other page
actually i have written a prgoram that displays a set of checkboxes and based on the checkboxes selected the related data is displayed .but the problem is the data is displayed on the same page below the list of check boxes. Code:
Inserting Data When User Logon
I am inserting data into Access when user logs on:
..............
SQL = "INSERT INTO tblLog (fldUserName,fldTimeIn,fldSID) VALUES ('" & u & "',#" & session("Date") & "#,'" & session.SessionID & "')"
con.Execute(SQL)
.....................
in here it inserts the date :01/09/2003
But when logging out :
.............
SQL="UPDATE tblLog SET fldOffline=1,fldProper=1 WHERE fldUserName= '" & session("admin") & "' AND fldTimeIn=#" & session("date") & "# AND fldOffline=0"
con.execute(SQL)
...............
it doesn't update the record.If I eliminate the date query here,it updates there is no syntax error is there?
User Entered Form Data
I am storing user entered form data from an ASP page in a MSSQL 2000 database. I would like to give my administrators a way to download a tab file with the entries. Is writing an ASP page the best way to do this? And if so, how can I convert database records into a file that will download through the browser?
View Replies View RelatedPrevent User ReEntering Same Data In Fields
i have a table which has many field, they go across and are named as a1a2a3a4a5a6-a16 the next row will be b1b2b3b4b5b6-b16 the last row is g1g2g3g4g5g6-g16 and so on.
now in the first column i.e which would be a1 b1 c1 d1 e1 f1 g1, the user enters a part number what i want to do is prevent him or her entering the same part no.
twice if this the case the two filds with same part no should be cleared.i.e if user enter p45 in a1 then p45 in d1 then both a1 and d1 should be cleared would be better if the later was only cleared but any method would do. Code:
Preserving User Data Despite Session Timeout
I am developing an ASP application where the user may spend large amounts of time manipulating data on a worksheet. An amount of time that will certainly exceed the security mandated session timeout intervel of 15 minutes.
So the user pushes save after the session has timed out and is thrown to the user login window -- all according to standards. How can I either detect the timeout before the submit or preserve the user entered data despite the redirect?
Allow User To Download Data In MS Money Format
I need to allow user to save dataset to their computer in Microsoft Money
format. I searched internet for help on this but found nothing helpful. I
also chatted with MS Online Concierge to no avail.
If you could, please provide pointers to steps how to accomplish this. If
you will provide the steps yourself, please be very explicit in what you
provide.
Error :: Opened Exclusively By Another User, Or You Need Permission To View Its Data
I keep getting an error that says:
Error Type:
Microsoft JET Database Engine (0x80004005)
The Microsoft Jet database engine cannot open the file 'c:inetpubwwwrootannoneil\_databaseannoneil_AN D.mdb'. It is already opened exclusively by another user, or you need permission to view its data.
/annoneil/artist.asp, line 96
The code was working fine a few days ago but now I cannot figure this out.
Securing Files
How do I go about securing download files on my site so users can download those files only by clicking a link and not by typing the files address in the address bar. Is this even possible?...
View Replies View RelatedSecuring A Folder
I am wriging a web application which cosists of a main directory with all the main code, and a subdirectory with the administration features. althogh the two locations will share configuration resources, I need to protect the admin folder from unauthorised access. I know that in apache their is some kind of authentication (I think it is used through an ".htaccess" command or someting) and I'm wanting to do a similar thing in ASP.
View Replies View RelatedSecuring ASP Apps
Are there some easy to use (and free) web scanning tools that can check
for security vulnerabilities (SQL injection, cross site attacks) on classic
ASP apps and suggest ways to fix them?
Securing A Web Application
Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Anyone care to offer a solution?
Securing System
I recently developed my first website and I hosted it on my pc.But when I try to access it from other computers, I am able to do that only when I turned the firewall off.Is there any possibility to access my website in internet on providing security to my system?
And one more problem is when ever I access any control on my webpage in internet, I am getting a dailogue box indicating that "connecting to mysite.dnsalias.com" and it is asking for userid and password.If any one knows please tell me why I'm getting the dailogue box and how to avoid getting it.
Securing Directory
I have a client who has a password protected page via session that lists a bunch of pdf's.They are a little worried that you are able to browse and see the pdf's via the url without being logged in.
I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?
Securing A Page
How can I make my asp page secure so that I can sell it and not have people be able to view the code. I know one way to do this would be to make it a component, but I dont really know how to convert ASP into Visual Basic.
View Replies View RelatedSecuring Web Database
I have a website setup which has MS-Access DB. The web pages are in ASP and uses ADO to connect to DB. The DB is located in the Folder "/Database". I have the Connection string setup in the Global.asa file.
As my virtual Directory is "/" and all files and folders including the "Database" folder are with in the folder so any one who knows the Database
folder name and database name can directly download the database from the
website.
The physical Directory for the virtual directory is: -
d:mywebsite
d:mywebsitedatabase
d:mywebsiteDLLs
d:mywebsiteimages
d:mywebsiteinclude
d:mywebsitestylesheet
d:mywebsite emplate
How Can I restrict the database to be access directly from web? Please suggest all alternatives that I can opt for.
Securing A Password
I am using Dreamweaver with ASP VBSCRIPT and want to secure a password that the user puts in and sends to my sql server 2000 database. Can anyone give me any guidance how I could do this?
View Replies View RelatedSecuring Pages
tell me a way to programmatically with script at the server, reset the current user's security context from the IUSR_ account to a different one? what we'd do is anyone who is already logged in as a customer through our ASP page login setting customer-specific session variables.
we'd programmatically impersonate them as a different windows account,switching them from the anonymous IIS account they start off as. Bottom line is that we don't want them to have to login a 2nd time to get to these new pages. We've got other non-asp files that I cannot simply put behind an ASP-based login, which is why we need to lock the directory down behind Windows security.
Securing Text Files
I haven't started programming with databases yet, but instead have been saving data in asp files. The files would look something like this.... Code:
View Replies View RelatedSecuring Html Files
My client has purchased 'software' - it really is just a series of html documents. I need to ensure that these pages are protected and only those who log in can view them.
I am building an asp/db based login front end to ensure that users have paid for the system. I just do not know how to protect the files from there because they are html. Converting them to asp is not an option.
Securing The Database Access
I've learned how to basically access the database. Set ADOConn = Server.CreateObject ("ADODB.Connection")ADOConn.Open "myDataSource", "sa", "ItsASecret" But putting that code in each asp pages or putting it in the global.asa will be insecure. Since if the hacker gets the asp files or the global.asa files they will know the user id and password for the database. In this case, it's "sa" and "ItsASecret".
How can I do it so that they will never see this? I know of a way by using the Metabase.
if I'm not running my own IIS server to do that and that I'm just gonna rent a webspace what are their options? Will they let me change or add this in their metabase? If not, what's the term for securing it? How should I go about securing my database id and password?
Securing An Access Database
all my ASP sites use an Access database. Most are parts of our company intranet and i want to protect the databases from being opened but have it so that i can open the tables and make adjustments if needed.
I've tried adding a password to the database but of course that prevents it from being accessed via ASP. Just wondered if anyone had come across this problem and found a viable solution.
Securing Word Documents
I intend to send word documents thru mail to my clients. I don't want my clients to save the word document to there system and i don't want them to print the word documents. How can i achieve both the tasks ?
View Replies View RelatedSecuring SQL2000 Connection Strings
Looking for a way to secure string. Have connect.asp page as an include file, but want to still use dsn-less connection and not have this in an asp page. Though about putting this in the global.asa file. Don't want to create a DSN and give IUSR_ rights to SQL DB.
View Replies View RelatedSecuring ASP Pages After The Horse Has Bolted
I recently put together a site for a friend that needed a database to drive part of it. I tried and failed miserably at trying to learn ASP.NET & PHP so my friend sourced a web developer graduate who said he'd done a CMS for his final degree work. Great I thought, that takes care of the DB side of things.
On the back end, there are 4 web pages that deal with managing the database submissions:
1.) A login page
2.) A page to add a record to the database
3.) A page to delete a record from the database
4.) A page to update a record on the database
The login page has some sort of encryption within its ASP code but is not in protected directory so I guess it's probably subject to a brute force attack, but this I think my friend is prepared to live with as his site is so specialist and low-traffic. Code:
Securing A Database Driven Site
Firstly, apologies if this is the wrong section!
Ive created a site using ASP and an Access database. At the moment the database is unprotected, and I haven't used any usernames or passwords to access the database.
Now that development of the core site is almost complete, i want to secure the database.
Securing A Directory Of Files In A Password Protected Area
I have a client who has a password protected page (via session) that lists a bunch of pdf's. They are a little worried that you are able to browse and see the pdf's via the url without being logged in.
I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?
ADSI - Trying To Enable A User - The User Add Works Very Well
I have written an ASP.NET 2.0 application that uses Active Directory or ADAM
to manage account users - the site has a page that allows people to create an
account (much like any site). The page populates the AD with all the
information and the user account but I am unable to enable the account.
Microsoft has information on how to do that here -->
http://msdn.microsoft.com/library/d...ting_a_user.asp
(the sample is for Visual Basic) - and I am unable to complete the bottom
portion of the script. Can some one point me in the right direction - or can
you tell me how I can add a snippet of VBscript code to an ASP.NET page.
I am using the Active DS Type library - not sure why there are multiple ones
(System.DirectoryServices) but it is rather confusing - I seem to accomplish
one thing with one and another with the other (they did have trouble
co-existing however). Anyway my script works very well but I am not able to
access the properties required to enable the account.
Here is a simple version (no error checking) of the code.....
Mail User Info To User
how to go about setting up an asp script or flash action script to take the input from a user of his/her username and password then send an email to the user with the information. I am able to do all of this but the problem is that the users pc is the one sending the email. I want the server to send the email instead.
View Replies View RelatedPass Bill To Data To Ship To Data
I'm using DW MX 2004 to build an asp based eStore. I have a checkout page created with both the billing and shipping information in the same form. I'd like to add some code and a button to activate it to copy the code to the shipping info (but it can't submit form). Also the State choice is a drop down list based on a recordset. There are other behaviors attached.
View Replies View RelatedData Type Mismatch When GETting Data From An Access DB
We are running into problems with the script below, whose purpose is to allow users to choose values from drop downs populated by an MS Access DB.
THE RESULTS:
(returns a blank page with only HTML Titles)
THE SCRIPT:
(you may notice this is a modified sample script): Code:
Data Update To Data Base
Dreamweaver created code to update to data base. But when testing on website i get the following message. I have no clue what it might be.
Microsoft JET Database Engine error '80040e14'
Syntax error in UPDATE statement.
/admin/update.asp, line 111
line 11 is strName.execute
I read it might be forbiden characters in the data base field names or spaces...
but i don't have that. the names are userName, userLevel, ID, Password.