Are Server Variables Secure?
I'm working on a shopping cart page. In page A (checkout) the user
enters their credit card information. On postback, if everything is
correct, it sends the user to page B (confirmation). My question is,
can I (or should I) use server variables to send CC information to page
B?
My boss doesn't want me to store this information in the SQL
database we're using. Obviously cookies are out of the question and so
is passing info through request.querystring, so I was thinking on using
session variables for this, but not sure if it's safe.
What should I do?
View Replies
ADVERTISEMENT
I am trying to develop a forum in asp. I want to try and make it as secure as possible. I understand that if someone knows or guesses a session ID they can post requests to the server and potentially gain unauthorised access. How can I go about doing this securely?
I did think about using random strings as session id's but then how could i check to see if the user is logged in if i dont know what the session id is.
View Replies
View Related
Example:
session("IsLoggedIn")=false
Can this be changed on the user's machine by editing the cookie directly? (Please tell me it can't!). If so, will ASP know it has been tampered with, and refuse to "accept" it if changed to "true" ?
View Replies
View Related
Are session variables more secure then cookies?
Session cookies (cookies with no expiration) are destroyed when the browser is destroyed.
Session variables are destroyed when the browser is destroyed OR after a time period.
So, in that way, they are secure from the data persisting on the client.
However, while they are in use, can cookies and/or session variables be made secure without encryption?
How much more secure are session variables than cookies?
View Replies
View Related
I've built a survey and tested everything is working fine - except fo one problem, that i have been told MUST be fixed
I am using CDO.Message to send email message to the respondants of the survey - a lovely thank you message.
It is sending the emails fine to all email address i have tested, except for email address here where I work, and I have been unable to find a reason for this
the web scripts are running on a secure server (SSL certificate)
and all is working great except the email issue.
the actual code that is sending the emails works perfectly on non-secure server, and seems to be fina on the secure server except for the most important(apparently) email addresses.
Does anyone have any ideas why the scripts would not send to one set of email addresses, but seems to work for all other when on SSL, but works for ALL email address when not on SSL.
View Replies
View Related
Maybe I'm doing something wrong, but I'm having troubles with connecting using SSL.
I have a website at http://www.*****.com
I have a login form directly on that index page.
When you click sign in it directs to https://www.hostingcompany.com/******. However, it fails the first time, then it works the second time. The second time I am on the https://www.hostingcompany.com/****** page.
View Replies
View Related
I have a directory (folder) in ISS 6.0 Web server. I need to upload to a secure server over an HTTPS connection. What is the best method to upload from this directory to a secure sever.
To access the server via a browser i have to type a password and username.
The file are Cxml files and need to be uploaded on a secure connection.(HTTPS)
I would need to run a schedule task every 2 minutes to check the directory for any files that are there.
What script or method should i use. Is there any particular sample script such as (ASP) i could use. I am sure this can be done in ASP...but does anyone know how.
View Replies
View Related
How to secure MySQL Data with encript, any data to encript have ''' and MySQL send Error, how to protect ASP Data o encript the code ?
View Replies
View Related
I need to be able to secure files on my web server. I am using asp to secure access to links and pages, for example:
<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>
The place I'm running into problems is with files. I have a lot of charts and such in PDF version. I kind of doubt there is a way to secure these files with asp, but I thought it would be worth a try.
My biggest issue is that PDFs are stored in the browser's history, so once the page has been accessed, anyone using the browser can get to thatunsecured PDF. As a brute force fix, is there some way to simply erase the site from the browser history? If not, is there a way to secure the PDF, or does someone know of a better group to post on?
View Replies
View Related
can anyone tell me difference between environment variables and server variables.
View Replies
View Related
What do you need to have on the server in order for LOGON_USER to work?Its not working on my server.Reverse DNS maybe?
View Replies
View Related
Need to know some about current user of NT domain. In my asp page i have used Request.ServerVariables("LOGON_USER") to get current NT user but some times it returns nothing and some times it gives correct user name.
In my application i am redirecting from one page to antoher and i need to keep server variable "LOGON_USER". For every page i have different kind of security. I don't know wheather i am missing some thing at IIS or this command works unusually.
View Replies
View Related
I just have a question for something I have been seeing out in the WWW.
Some websites that I goto display the city and state of where I live. The question is How are they doing that? is it a Server Variable ? If so does any one know what that Variable is?
View Replies
View Related
i have an ecommerce site that is split across two domains, a secure space that retains cc details and the main site where contact information and order details are held. I need to be able to produce a report that displays both sets of info in a printable document. aside from using iframes is there a better way of doing this?
View Replies
View Related
I try to make my page http://tudef.jezz.dk show the online users ip numbers, but i only get my own ip, even if more users are online.
I use request.server.variables and remote_addr
View Replies
View Related
I am trying to insert three variables into my table in my asp program. Can someone please tell me if my syntax us wrong. I keep getting this error:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Line 3: Incorrect syntax near '&'.
/credFeesEdit10.asp, line 735
Here is my insert statement: Code:
View Replies
View Related
Is there any way to deny a server variable to be run on a server such as LOCAL_ADDR?
View Replies
View Related
I cannot view Server Variables Specifically HTTP_REFERER, in an ASP Page that I access either by a From POST from anothe rpage or a link.
View Replies
View Related
I am trying to grab the server name and IP address using Response.Write (Request.ServerVariables("ALL_HTTP"). I am using this one because I wanted to see everything that is brought back.
The server name I am getting back seems to be the host name found in IIS not the fullly qualified domain name of the server. Is there a way to get the fully qualified domain name of the server?
Also this server is one of two servers in a cluster and the IP address being returned is the IP address of the cluster server. Is there a way to get the IP address of the server that I am actually logged into?
View Replies
View Related
At the moment I am building a small news board on my companys intranet. There are 2 different offices with 2 different domains. for each office I want to show different news relating to that office.
Is there any way with asp to get the name of the domain that the user is logged onto so I can filter different news for each domain. This will just save the hassle of putting the intranet on 2 different domains.
View Replies
View Related
I have built a site that works/worked absolutely fine on my test server. When I transferred it to a remote web host (the intended permanent home of the site) something very worrying keeps happening to my site.
I use, as is the norm, session variables to store login information. At the top of each page I do a check that Session("isLoggedIn") = "True", and if not then the system logs them back out.
The serious problem is that once you have logged into the site, the next page you try to open it fails the above check and logs you out! Obviously Session("isLoggedIn") is not equal to "True" so it assumes you aren't logged in. So basically the session variables are getting lost/cleared. This makes my site unusable, and is a disaster for it unless I can get a solution.
View Replies
View Related
Does ASP have a function to list all the server variable similar to PHP's phpinfo()?
View Replies
View Related
<%
response.write(Request.ServerVariables("REMOTE_USER"))
%>
When i use this it also gives me the domain name as well as the username. (example, amrswbouse) I know i can do js to trim off the first few letters but i want to know if there is a server variable that will save me the effort.
View Replies
View Related
isit possible to access variables (code) from ASP server script to ASP client page?? take for example the code supplied below:
'server script
<%@ Language=VBScript %>
<%
dim svalue
svalue="access me"
%>
'client code
<HTML>
<BODY>
<SCRIPT LANGUAGE="VBScript">
dim x
x = svalue 'svalue isfrom server script
response.write x
</SCRIPT>
</BODY>
</HTML>
View Replies
View Related
I want to be able to client process of the ASP page to get the value
populated in Request("rssFeed"), how can I do this because the Request
object is not available to the Client-side.
View Replies
View Related
I have a very odd situation here. I have an administration page, where based on a users permissions, a recordset is called from the SQL server which has a list of paths to "Module Menus". Each of these menus are then placed into the page by calling Server.Execute(rs_Modules("ModulePath")).
This works fine for up to 15 "menus" After that, the session variables that were set (not including those called by Global.ASA) are no longer set. Code:
View Replies
View Related
Request.ServerVariables("path_info")
I am able to get the full path, i.e
/community/default.asp
However is there a way that i can get the querystring as well on top of that.
for example if i am on:
/community/default.asp?pageid=3
This is my problem with a lot of my funcationailty, if you click a submit button, then it does not action, but sends it back to default.asp
/community/default.asp
View Replies
View Related
- I have a page with two radio boxes with values of "agree" and
"not_agree".
- The form is set to GET which goes to the below script for
processing.
- No matter which of the two radio boxes are selected, it always goes
to the page "/broadband/order.asp".
- There is no other code on the form processing page apart form what
is below. Code:
View Replies
View Related
How do I stop pages being active in the history.
I have tried this,
<% Response.Expires = -1 %>
But the pages are still active in the history and are being cached somewhere on the machine win2k.
View Replies
View Related
If I create a simple login page and then store the UserId is a session and check its validity in the subsequent pages, How secure will the site be. I know the same question has been asked in the PHP forum
Code:
http://www.sitepoint.com/forums/showthread.php?t=233118
But how can I make my site secure enough in asp
View Replies
View Related
I may be in over my head on this one... VERY new to ASP. I have a potential client which is a marine loan broker. He wants an online credit application for the boat dealers he works with (20 different ones). He wants the credit app to be co-branded. Dealer/LoanCompany logos at the top would be sufficent. The dealer would have a link on there own site to the loan company's site but wants it to look like they are "Partners" and not just being shullde from one site to the next.
Is there a way to display different dealer logos based on the referrer URL? I would rather have one creditapp.asp that displays the proper logos depending on the referrer over building 20 creditapp.asp's. He doesn't need the form data written to a database. He just wants the form data emailed to him. (this I can do) How secure is that emailed data?
View Replies
View Related
Right now, I'm trying to use WSH to run PSCP (command-line version of
PuTTY). I've tested the command I'm using by opening a DOS box
manually on the server, and the test file is successfully transferred.
I've run Filemon and Regmon while running my sample ASP page, and see
no permissions problems. I've tried running cmd.exe and passing PSCP
as the parameter.
I've tried running PSCP.exe directly. I've even
tried using ASPexec to run it instead of WSH. None of these have
worked. I always get the same thing -- error code 0 (success) returned
from WSH or ASPexec, but when I look at the second server the file
never got there, and when I look at terminal services on the Web server
PSCP is still running.
View Replies
View Related
I'd like to create a secure login from an ASP page to a specific SQL Server
2000 Db. Is there an accepted methodology for doing this? Are there any
resourses that show how this can be done?
View Replies
View Related
