I'm working on a shopping cart page. In page A (checkout) the user
enters their credit card information. On postback, if everything is
correct, it sends the user to page B (confirmation). My question is,
can I (or should I) use server variables to send CC information to page
B?
My boss doesn't want me to store this information in the SQL
database we're using. Obviously cookies are out of the question and so
is passing info through request.querystring, so I was thinking on using
session variables for this, but not sure if it's safe.
What should I do?
I am trying to develop a forum in asp. I want to try and make it as secure as possible. I understand that if someone knows or guesses a session ID they can post requests to the server and potentially gain unauthorised access. How can I go about doing this securely?
I did think about using random strings as session id's but then how could i check to see if the user is logged in if i dont know what the session id is.
Can this be changed on the user's machine by editing the cookie directly? (Please tell me it can't!). If so, will ASP know it has been tampered with, and refuse to "accept" it if changed to "true" ?
I've built a survey and tested everything is working fine - except fo one problem, that i have been told MUST be fixed
I am using CDO.Message to send email message to the respondants of the survey - a lovely thank you message.
It is sending the emails fine to all email address i have tested, except for email address here where I work, and I have been unable to find a reason for this
the web scripts are running on a secure server (SSL certificate) and all is working great except the email issue.
the actual code that is sending the emails works perfectly on non-secure server, and seems to be fina on the secure server except for the most important(apparently) email addresses.
Does anyone have any ideas why the scripts would not send to one set of email addresses, but seems to work for all other when on SSL, but works for ALL email address when not on SSL.
Maybe I'm doing something wrong, but I'm having troubles with connecting using SSL.
I have a website at http://www.*****.com I have a login form directly on that index page. When you click sign in it directs to https://www.hostingcompany.com/******. However, it fails the first time, then it works the second time. The second time I am on the https://www.hostingcompany.com/****** page.
I have a directory (folder) in ISS 6.0 Web server. I need to upload to a secure server over an HTTPS connection. What is the best method to upload from this directory to a secure sever.
To access the server via a browser i have to type a password and username. The file are Cxml files and need to be uploaded on a secure connection.(HTTPS) I would need to run a schedule task every 2 minutes to check the directory for any files that are there.
What script or method should i use. Is there any particular sample script such as (ASP) i could use. I am sure this can be done in ASP...but does anyone know how.
I need to be able to secure files on my web server. I am using asp to secure access to links and pages, for example:
<%If Session("manager")=FALSE Then%> You are not authorized to view this page <%Else%> <<<Page Code>>> <%End If%>
The place I'm running into problems is with files. I have a lot of charts and such in PDF version. I kind of doubt there is a way to secure these files with asp, but I thought it would be worth a try.
My biggest issue is that PDFs are stored in the browser's history, so once the page has been accessed, anyone using the browser can get to thatunsecured PDF. As a brute force fix, is there some way to simply erase the site from the browser history? If not, is there a way to secure the PDF, or does someone know of a better group to post on?
Need to know some about current user of NT domain. In my asp page i have used Request.ServerVariables("LOGON_USER") to get current NT user but some times it returns nothing and some times it gives correct user name.
In my application i am redirecting from one page to antoher and i need to keep server variable "LOGON_USER". For every page i have different kind of security. I don't know wheather i am missing some thing at IIS or this command works unusually.
I just have a question for something I have been seeing out in the WWW.
Some websites that I goto display the city and state of where I live. The question is How are they doing that? is it a Server Variable ? If so does any one know what that Variable is?
i have an ecommerce site that is split across two domains, a secure space that retains cc details and the main site where contact information and order details are held. I need to be able to produce a report that displays both sets of info in a printable document. aside from using iframes is there a better way of doing this?
I try to make my page http://tudef.jezz.dk show the online users ip numbers, but i only get my own ip, even if more users are online. I use request.server.variables and remote_addr
I am trying to grab the server name and IP address using Response.Write (Request.ServerVariables("ALL_HTTP"). I am using this one because I wanted to see everything that is brought back.
The server name I am getting back seems to be the host name found in IIS not the fullly qualified domain name of the server. Is there a way to get the fully qualified domain name of the server?
Also this server is one of two servers in a cluster and the IP address being returned is the IP address of the cluster server. Is there a way to get the IP address of the server that I am actually logged into?
At the moment I am building a small news board on my companys intranet. There are 2 different offices with 2 different domains. for each office I want to show different news relating to that office.
Is there any way with asp to get the name of the domain that the user is logged onto so I can filter different news for each domain. This will just save the hassle of putting the intranet on 2 different domains.
I have built a site that works/worked absolutely fine on my test server. When I transferred it to a remote web host (the intended permanent home of the site) something very worrying keeps happening to my site.
I use, as is the norm, session variables to store login information. At the top of each page I do a check that Session("isLoggedIn") = "True", and if not then the system logs them back out.
The serious problem is that once you have logged into the site, the next page you try to open it fails the above check and logs you out! Obviously Session("isLoggedIn") is not equal to "True" so it assumes you aren't logged in. So basically the session variables are getting lost/cleared. This makes my site unusable, and is a disaster for it unless I can get a solution.
When i use this it also gives me the domain name as well as the username. (example, amrswbouse) I know i can do js to trim off the first few letters but i want to know if there is a server variable that will save me the effort.
I want to be able to client process of the ASP page to get the value populated in Request("rssFeed"), how can I do this because the Request object is not available to the Client-side.
I have a very odd situation here. I have an administration page, where based on a users permissions, a recordset is called from the SQL server which has a list of paths to "Module Menus". Each of these menus are then placed into the page by calling Server.Execute(rs_Modules("ModulePath")).
This works fine for up to 15 "menus" After that, the session variables that were set (not including those called by Global.ASA) are no longer set. Code:
If I create a simple login page and then store the UserId is a session and check its validity in the subsequent pages, How secure will the site be. I know the same question has been asked in the PHP forum
Code: http://www.sitepoint.com/forums/showthread.php?t=233118 But how can I make my site secure enough in asp
I may be in over my head on this one... VERY new to ASP. I have a potential client which is a marine loan broker. He wants an online credit application for the boat dealers he works with (20 different ones). He wants the credit app to be co-branded. Dealer/LoanCompany logos at the top would be sufficent. The dealer would have a link on there own site to the loan company's site but wants it to look like they are "Partners" and not just being shullde from one site to the next.
Is there a way to display different dealer logos based on the referrer URL? I would rather have one creditapp.asp that displays the proper logos depending on the referrer over building 20 creditapp.asp's. He doesn't need the form data written to a database. He just wants the form data emailed to him. (this I can do) How secure is that emailed data?
Right now, I'm trying to use WSH to run PSCP (command-line version of PuTTY). I've tested the command I'm using by opening a DOS box manually on the server, and the test file is successfully transferred. I've run Filemon and Regmon while running my sample ASP page, and see no permissions problems. I've tried running cmd.exe and passing PSCP as the parameter.
I've tried running PSCP.exe directly. I've even tried using ASPexec to run it instead of WSH. None of these have worked. I always get the same thing -- error code 0 (success) returned from WSH or ASPexec, but when I look at the second server the file never got there, and when I look at terminal services on the Web server PSCP is still running.
I'd like to create a secure login from an ASP page to a specific SQL Server 2000 Db. Is there an accepted methodology for doing this? Are there any resourses that show how this can be done?