Form Protection
How do people protect input from forms submitted that are
dangerous such as scripts, etc..
How do people protect input from forms submitted that are
dangerous such as scripts, etc..
I've recently had my ASP site attacked by these stupid bots and have tried a captcha protection, but it doesn't help.
Here's the problem:
I have a form where people send an enquiry to a client from my database (over 5000). After hitting the submit button, an email is posted to the client, a copy is sent to us and the info is published to a database for record / stat keeping.
I have put the captcha protection in the form, but although the tests show that the captcha form works, the emails are still sent off, therefore allowing the bot attacks.
There must be a gap I can plug with the captcha before the email is posted off or info sent to the database.
I have a formchecker running which forces required fields, and that works fine. I'd like the captcha to work the same. Before the form goes to the confirmation page, it must validate the captcha.
What can I do?
I have a site that currently is password protected, using a combination of ldap authentication and asp session management.
So for every asp page, I check the session to make sure they're authenticated, if not I send them to the login page.
BUT.... there is a robohelp componenet that is almost a website within this website. All these robohelp files are htm or html based, so I'm unable to put asp scripting (to check for session authentication).
So, my problem is, how do i protect these pages using my existing framework?
I have a locally hosted (via an executable) asp application. Does anyone know what would be the best (cheapest) way to add copy protection in it?
The application is an exe web server with the asp pages embedded in the executable.
No one can copy the asp pages, but they can copy the executable and distribute it that way. I don't want them to do that.
If there is some sort of wrapper or asp code I could add to it for licensing or registration, please let me know.
I have allways validated user input to pieces prior to integrating it into a SQL statement, in order to avoid SQL Injection attacs. A colleague of mine told me that binding my vars would make them SQL scalar, but I have been left in the dark as to HOW... The web left me none the wiser, as well, so here goes: Anyone got a brief example of binding vars in ASP to get me started?
View Replies View RelatedAfter trying out 3/4 password scripts which I've used before and won't work today.I've come to the end of my tether! I need a ready made script asap to password protect a set of webpages, something simple with login and p/w for one user.
View Replies View RelatedI have a webpage. However I only want people to access it if they are members of a certain group. When I say group I mean Active Directory group. The log into windows with their Active Directory username and PW, and lets say they are members of 'employee1' group in Active Directory. I'm pretty sure I use ASP, to restrict access to a webpage depending on the users group. how I would go about doing this?
View Replies View Relatedhelp me with asp password protection? I need to have a login and register script as well as complete password protection.
View Replies View RelatedI have a webpage where user upload ms-word doc.. for supervisor, they can d/w the doc and print... but the normal user can just see the doc..
how to make ms-word password protetion only to normal user but not to supervisors?
Can anyone find fault with this code? I wrote in in hopes of preventing users from "breaking" SQL queries and getting places they shouldn't by using SQL Injections.
Code: ....
Can anyone help me with an ASP function to perfom the following:
Series of page like this
item.asp?ItemId=2345
news.asp?NewsId=23456
Sale.asp?SaleId=344444
I need a function i can include in lots of pages that basically says
if query string is "ItemId" then only allow numerics of a maximum of 4
if query string is "NewsId" then only allow numerics of a maximum of 5
if query string is "SaleId" then only allow numerics of a maximum of 6
In all of the above query strings of 1,2,3 etc numerals must also work.
Any help appreciated as I'm in deep "poop" battling Chinese hackers.
we have a folder with pictures of signed up users. we are trying to protect this folder from the public in two ways. hide the relative path
e.g. /welcome/images/544235432.gif
makes it easy for a user to easily download this file . put a password and access the folder through this passwords .
where can I get straightforward step-by-step instructions to password protect part of a site?
View Replies View RelatedUsing ASP in a VBScript environment, how can I check the protection on a directory, or a
particular file?
I have been using two forms of password protection:
A) On working web sites I use an ASP script that is included in every page requiring protection: uses session - works fine
B) On quick test sites or temporary stuff I use the Windows Network Authentication provided by my web host. A whole folder is protected at once which is very convenient but it has a problem. If a user types the wrong password and is denied access, the next time they go to type the password, their browser sometimes remembers the wrong password as so they go straight to the 'access denied' 401 page.
How to proceed?
1) Does anyone know of a way of preventing all browsers from cacheing the login info.
2) Is there any way of using ASP to protect whole folders?
I need to be able to secure files on my web server. I am using asp to secure access to links and pages, for example:
<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>
The place I'm running into problems is with files. I have a lot of charts and such in PDF version. I kind of doubt there is a way to secure these files with asp, but I thought it would be worth a try.
My biggest issue is that PDFs are stored in the browser's history, so once the page has been accessed, anyone using the browser can get to thatunsecured PDF. As a brute force fix, is there some way to simply erase the site from the browser history? If not, is there a way to secure the PDF, or does someone know of a better group to post on?
is there any way to protect files or a folder from unauthorised access, i.e.when a variable is false?
e.g.
when variable li = 1 then grant access to folder and files within
when variable li <> 1 then deny access
i have a folder with images and word documents i only want people with the variable set to 1 to be able to access them.is there a way?
I´m having a problem using ASP Upload with an insert form..
If I use ENCTYPE="multipart/form-data" the all the parametres i might get with request.form don´t appear.. but i can upload the files.. Besides if I take away the ENCTYPE tag, i can´t upload but the INSERT INTO form works propertly
my form contains two text fields(name, address) and two file field control where user can insert image(photo1 and photo2), i want to insert this data in to ms access when the user submits the form?
this is my code for insert text fields to access data base.but i have no idea about the code for image fields. In my access data base i set photo1 and photo2 as herf (binary data). Code:
I have a form that is dynamically generated since it is populated with values retrieved from a database. The form can of course also be submitted, which is where I run into some problems.
Since I never know in advance what the length of the form (or for that matter what the different elements' names and values) will be I don't know how to write the code in "receive.asp" to retrieve all values from the form correctly without excess use of "request.....".
I shouldn't have to write requests for every single potential element name that is stored in the DB. Please note that the form can sometimes also contain radio buttons and check boxes, even though they are not present in this short example Code:
I have a form as follows:
<form action="dropboxsubmit.asp" method="post" enctype="multipart/form-data">
<input type="file" name="FILE1" size="30">
<input type="text" name="def" value="0" size="10">
etc.....
and can't get my asp to recognize data in other form input boxes using Request.Form
Any thoughts?
In my prototype asp page (with no javascript and no password validation, I have a registration form with the following action:
<form name="form" method="post" action="RegDetails.asp">
This works fine, the form details are collected by RegDetails.asp
I am attempting to include javascript server side validation for the pasword, which obviously requires password and password2 fields (to be verified). I have used the script available at:
http://javascript.internet.com/forms/val-pass.html
It works fine in a new blank page with the form action:
<form name=myForm onSubmit="return validatePwd()">
The final stage in this javascript demo form displays an alert box:
else {
alert('Nice job.');
return true;
When I change the first line of my original form to:
<form name=myForm onSubmit="return validatePwd()">
how do I get my original action of - action="RegDetails.asp" instead of this alert box?
I have a form on an ASP page that has 5 text boxes, for data entry. I am trying to get data from the text box, and pass it to a hidden text box on the form.
The hidden text box is called "MyDateTime" (a SQL date and time value). I am attempting to concatenate data from two other textboxes (one for date and one for time) to give a string like : "8/8/2004 8:00 AM" I am trying to use the following: Code:
I have some ASP server-side code that works perfectly when the client is running on Windows (IE, Netscape, Firefox, etc.) but doesn't work at all when the client is running on Macintosh (IE, Omniweb, Safari, etc.) This is the client-side Javascript code:
View Replies View RelatedIm having problems with my form, separately both forms work perfectly, but having problem sending the email once submitted, however the upload fuction is working fine. The message im getting is,
Request object error 'ASP 0207 : 80004005'
Cannot use Request.Form
/forminfo.asp, line 42
Cannot use Request.Form collection after calling BinaryRead.
Heres the script Code:
Would anyone be able to give some guideance in ASP code as to how I would repeat a section of input fields in a form based upon the number of guests that are attending an event?
Basically, what needs to happen is if 3 guests are attending, I need the Name, address, city, state fields to repeat so they can be filled in with information.
Then all of the information from the whole form is submitted which returns an email to the administrator of the event.
<%@Language=VBScript %>
<%option explicit%>
<%
MESSAGE = (Request.Form("type"))
MESSAGE=MESSAGE & vbcrlf & "Name" & (Request.Form("name"))
MESSAGE=MESSAGE & vbcrlf & (Request.Form("address"))
MESSAGE=MESSAGE & vbcrlf & (Request.Form("handphone"))
MESSAGE=MESSAGE & vbcrlf & (Request.Form("phonenumber"))
MESSAGE=MESSAGE & vbcrlf & vbcrlf & (Request.Form("comments"))
MESSAGE=MESSAGE & vbcrlf & vbcrlf
MESSAGE=MESSAGE & "____________________________________________"
Set objMail = Server.CreateObject("CDONTS.NewMail")
objMail.From =Request.Form(email)
objMail.To = "icepricessa@hotmail.com"
objMail.Subject = "Business/Career Enquiries"
objMail.Body = ""&MESSAGE&""
objMail.Send
Set objMail = Nothing
%>
but somehow i'm not able to send the mail....
I have a series a forms that submit data to different tables in a database. As it stands, when a user completes FORM 1 and clicks the SUBMIT button, the FORM 1 data is submitted (action = form2.asp, method = post) to ASP code at the top of FORM 2 (request.form("form1 field name") etc...), and submitted to the database with SQL code, also at the top of FORM 2(INSERT into...). Hence the submit button on FORM 1 directs the user to FORM 2, and submits the data which is exaclty what I wanted. However, I now need the users to submit multiple sets of data with FORM 1, and direct them to FORM 2 once they have finished using FORM 1. Most importantly, I need to pass a few parameters from FORM 1 to FORM 2, and have these parameters submitted to the database.
My main problem is getting a fresh form1 after submiting the same form1, in preparation for anoter set of data using the same form. Basically, the database has 'one to many' relationship tables. Form1 and form2 are both populating the 'many' tables, so that each form needs to be filled-in several times while retaining the key field of the 'one' table. At the moment submiting form1 takes me to form2. Is is possible to submit the data to the database, get form1 back again to submit more data, as many times as required, then click another button to load form2 when the user is finished with form1?
Can anyone please give me some pointers? or at least explain the concept of what I need to do. I am a novice and it's taking me a while to get to this stage. Any help will be greatly appreciated.
Is it possible to post FORM1 to itself and insert the data (i.e. place the request.form at the top of FORM 1) If so, how do I direct users to FORM 2 while retaining my parameters?
While I can extract the option value from the following:
<Select name='Keystring' MULTIPLE>
<option value='1' name='status'>Pending</option>
.....
</select>
I cannot seem to extract the corresponding 'display' value when I do a
For...Next Loop:
for each keystring in Request.Form("Keystring")
keystring=request("keystring")
Next
How do I aslo get hold of that 'display' value eg 'Pending'...is it
possible?
I have a simple form to accept two form fields and display the values
entered on pressing the submit button. The following is the form I have
created to accept the two entries and display the form fields on
pressing the submit form. It does not work can somebody please correct
the code or provide a simple equivalent code where I can have the form
and the validation and usage of the form values in the same ASP page.
Code:
I am a new programmer seeking a right way for transferring data between forum to forum, as i am creating a site wich have a page keeping 20's of server controls like drop down list and text boxes the value of ddl2 changging on change of ddl1 and displaying its corresponding value in text box and i have 10 rows in this way and i wanna display all selected values of server controls in next page as report.
View Replies View RelatedI have a form that has approximately 7 text fields and 1 checkbox.
Generally when this form is submitted(to itself BTW) it works fine,
however, when the checkbox is only field that has been
modified/clicked the form doesn't always submit. When it does work, a
Stored procedure is passed form variables and updates to the db are
made. When it doesn't, its as if the form wasn't submitted, it
reloads and resets the page, but the stored procedure isn't triggered.
I have an html form where a serial # is entered and goes to an asp page to determine wether it is a res or comm number, then directs to another form where they can finish entering info to register the serial number. I want the second form to display the serial # entered in the first form. How do I do that??
View Replies View Related