I am building a form page to send information to email using CDONTS and id like to add a page that will use forms and allow users to attach documents such as resumes etc and then populate this data into a database....what would be the best route to begin a system such as this....
View RepliesI've got a form that allows someone to upload a file. I need to know how I can grab the filename from the uploaded file information so that I can store it in a database. I also need to be able to move the uploaded file to a specific directory.
I'm new to both ASP & VBScript but I have both of their "In a Nutshell" O'Reilly manuals. There's no mention of file uploads in the ASP book and I'm just not sure if the info in the VBScript book is what I need either.
Do I need to create a File object? If so, how can I use GetFile to retrieve the downloaded file? Do I access it via Request.Form("filename")? That should be the actual file, right? But how do I get the actual file name from that?
Can someone help me out in multiple file uploads.
I want the user to select multiple files. On selecting the listed files, he can
click on open and all the selected files should appear in a textbox. On clicking a
button upload, all the listed files should upload.
here is the code for the asp that basically handles the uploads, how could change it so that the uploading form will only allow .doc or .xls files? Code:
View Replies View RelatedI have a site that i upload files to that are no bigger than 100MB. we upload about once a day, and use FTP...... we would like to be able to do it from the site itself.
any idea where i can get a script? i cant register components with my
hosting company i dont think. i go thru godaddy.com
need a good free asp upload script. cant find any that work. Huge ASP Upload
doesnt even work on the demo page, let alone on my own page
I've recently installed an asp component called smartupload, it works very well. The problems start when a mac user uploads a jpg or gif, windows will not open the file.it works fine with a windows user.
View Replies View RelatedI'd like to start using global.asa to store things like connection strings to
databases and the like. As I understand it, you have to save the file in the
root of your app.
My concern is that storing the location of databases within the ASA file
might be a security issue. Is there any way for a user to get at the
information contained in that file and, by extension, get at the databases
themselves?
I would like to use flat file data storage instead of database. Since I
am new to it, I am wondering:
What text file extension is a safe one to store my data online and how
cost- and time-effective is this method (flat file data storage).
I have write a asp that need to copy network file from file server to web se
rver.
I try it in webserver is everything alright.
When I try in other machine, error on the filepath is not found.
I search for the old thread, and I found it is not the same problem.
My IIS authentication method setting is "Digest authentication for Windows d
omain servers",
and "Integrated Windows authentication",
and I access the page using "Domain admin" account.
So I sure it can access the file server
I am using the FCK Editor.but i need to be able to upload folders win information in.is there a way of doing this?
View Replies View RelatedI have been tasked with producing a script that times the amount of time it takes to upload a file from client to server.Unfortunately for me, part of the spec is that the script must be written in ASP which is something I have about 30 minutes experience in.
I have been playing around with the script located at this address :
http://www.asp101.com/articles/jacob/scriptupload.asp
Which does almost everything I need, the only thing it doesnt do is tell me how many seconds/milliseconds/widgets it took to upload the file to the server (excluding time to write to disk once received)Can anybody point me in the direction of another script that can give me timings, or at least give me some pointers on how I can hack the above script to give me the data I need (I have already worked out how to get rid of the save to DB and user name option and this is now gone from the display page and the working scripts behind it)
Just reading from a previous thread about multiple uploads.
I wanted to use script to create multiple input file elements that put the path in as a default (or something like that) based on ASP code. My problem was that the input file value property is readonly and there is no default value.
The thing is you can cut and paste a path manually (ctrl-c,v) but I couldn't work out how to do it from code. I thought that anything that you could do manually you could pretty much do with code.
Do you have any experience with MS - Posting Acceptor?! or should I get one of those applets? If you have experience with setting up advanced user uploads please read on …
The ordinary HTML <input type=”file”> don’t allow any other info than the actual file. I have spent a couple of days trying to figure out how to allow my users to upload pictures. What I want to do is simple. I want to make sure that the picture is 1) either a gif or a jpg - and 2) max. size 100 kb.
But I need to handle the check client side (IIS 4) - like when some user decides to upload 2,1 meg file my server receives the whole file - and then inform him its too big =) I would rather check the file size when he browses his own HD.
I have been looking at the MS - Posting Acceptor. This component however is impossible to find on the net (well I tried and failed, so I guess it’s not on the net *cough cough*) You have to have some VB cd-rom it would appear. Code:
After a lot of head scratching, I've put together something I hope will be useful to others. Basically it allows multiple image uploads while limiting the type, size and dimensions of the images before doing the upload.
It uses three of Lewis Moten's classes: clsUpload.asp, clsImage, clsField.
My code (processupload.asp) is a bit lengthy, but it works together with his to allow multiple uploads while checking dimensions. (hopefully someone can cut it down) It can be downloaded here: http://www.activeice.co.za/brett/image_uploads.zip (I have included the class files for convenience)
I now have a login page for user authentication.
But I am kind of paranoid about security.
Is it enough just to have that to secure my site?
How do hackers do "sniffing"?
And how to prevent that?
If there is any GOOD website security tutorial, I would love to read it.
IIS can handle security on its own without the need for complex scripting and i like the idea of being able to just let the system do it however im not sure how to set such things up and would that mean that if you used something like integrated windows authentication that security is delt with by windows and its users info rather than getting the info from a database of my choosing ?
the whole concept is quite confusing to me but there must be a simple ish way to set up at least some form of secure site area within my web.
I am starting to learn asp and I have IIS installed on my WIN xp pro machine. Do I have to worry about security for any reason at all. I don't believe I have file sharing on at all, then again, I don't know if that has anything to do with this.
How do I run security through all of the pages? The users log in, an asp checks their password, then what do I do to secure the pages from users that do not enter the password?
View Replies View RelatedDeveloped a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Does anyone know how to implement one way hashing or encryption using ASP 3.0 and no additional components.
I need to secure a intranet application which is being moved online, currently the passwords are stored in plain text, ideally id like to hash the passwords in the database and hash the form data when testing, but I don't seem to be able to find any hashing methods for standard ASP, perhaps someone has a nice code snippet for hashing.
is there a way to login to a particular security group from asp?I use IP addresses and email addresses to identify web users and most have general IWAM_COMPUTERNAME access.
Once web users login is there a way to give SOME of them access to a NT security group based on stored NT user/password information?
I am working on a new feature on my website where people can write their own HTML files. They are actaully going to have .ASP extensions, and are hosted on my webserver. So, what security issues can you suggest? So far all I have got is disabling '<% %>' tags. Anything else?
View Replies View RelatedI'm developing a local intranet site. i'm just new in ASP, could anyone help me how to put security?i have username and password but i want the site not to go back on the previous pages after logging off.
I'm using macromedia dreamweaver and VBscript, i have a database using MS Access.
i am developing a project thats gonna handle some transactions too.Since this is my first commercial project so i am worried about its security. so my question is "is asp safe enough to use with something serious ?" or i should use something else like PHP .
View Replies View RelatedI'm about to embark on a project that will allow my clients to produce invoices via any internet enabled PC. This post is regarding the security options available to me.
I will implement a Username/Password scheme to restrict access to the facility, but since part of the facility will allow access to customer information I wondering if I should also look at a more secure protocol than simple HTTP.
I have very little knowledge regarding the options available to me and as such I'm hoping someone can give me some suggestions of an overview of the different things I could use.
One more conceptual thing! Tell me if i am right! I have developed a concept that SSL does three jobs!
1) It forces the client to connect ot the server through SSL port rather than 80
2) It sends data from client to server encrypted!
3) It provides a certificate from the third party (SSL provider) that we are the rightful owners of this website!
I've been apointed the task of looking through some code for security risks. Up until now it's been PHP, but now a person want's me to look through ASP and ASP.Net files.
The problem is that I don't really know what to look for. Can someone tell me. As many things as possible. in as much detail as possible. even things that normally aren't very risky.
I'm not really asking about "someone stole my credit card info through cookies".
Here's the deal:
I have 2 sites (different domain names) running from one server. One is SSL the other is not. The SSL site has a login and password, which return the user's unique id, which is stuck into a session cookie.
This cookie is then checked at every page because every page is built based on the user's id. If it is not present, the user is redirected to the login page.
If the id is wrong, there will be no information shown on the page.
My question is this, can the other (non-SSL) web site see this cookie? The site has no asp or anything else, but if someone "broke into" the non-secure site, could they read the cookie from the other site?
If I store login information in a cookie is it possible for the PC owner to modify the cookie without it making it valid?
For example if in the cookie I store the current user, say "Bob" - if Bob edits his cookie by hand to say "Alan" will the server accept the cookie as valid? Or will it realise that it has been tampered with and discard it?
Anyone recommend a good reference on this sort of thing?
my system is at testing phase. how do i test my system to check its security especially at the login page? i am running it at localhost. i have tried sql injection but nothing happened. i just saw the invalid login username or password error only.
View Replies View Relatedyou know when you have a browser based application (written in ASP or whatever), which uses a database, how can you ensure that the username and password of the database is secured?
My ASP application has got a file containing all the information you need to connect to the SQL database, if anyone happens to get hold of that file on the Web server then he'll be able to do anything he wants.is there a safer way to handle this?
Can anyone direct me to a resource/tutorial for something similar to: Toughen Forms' Security with an Image article on this site--but for ASP Classic
View Replies View RelatedI just finished my database. There is one problem however, I had to give write permissions to my file with the extension mdb its an access file. The thing is that now all anyone has to do is figure out the page name and their browser will begin to download my database.
That is a major security hazard, what the heck do I do. Am I supposed to just hope no one ever figures out what that specific page name is ?