Instruction Of Password Protection
where can I get straightforward step-by-step instructions to password protect part of a site?
View Replieswhere can I get straightforward step-by-step instructions to password protect part of a site?
View RepliesAfter trying out 3/4 password scripts which I've used before and won't work today.I've come to the end of my tether! I need a ready made script asap to password protect a set of webpages, something simple with login and p/w for one user.
View Replies View Relatedhelp me with asp password protection? I need to have a login and register script as well as complete password protection.
View Replies View RelatedI have been using two forms of password protection:
A) On working web sites I use an ASP script that is included in every page requiring protection: uses session - works fine
B) On quick test sites or temporary stuff I use the Windows Network Authentication provided by my web host. A whole folder is protected at once which is very convenient but it has a problem. If a user types the wrong password and is denied access, the next time they go to type the password, their browser sometimes remembers the wrong password as so they go straight to the 'access denied' 401 page.
How to proceed?
1) Does anyone know of a way of preventing all browsers from cacheing the login info.
2) Is there any way of using ASP to protect whole folders?
I inherited an application that has code similar to:
set conn = server.CreateObject("ADODB.Connection")
set New_app = server.CreateObject("ADODB.Recordset")
set New_app = conn.Execute("SELECT * FROM TableName WHERE Blah = '"&
blah & "'")
The code executes a "set New_app" instruction TWO TIMES. Doesn't the
second "set New_app" instruction override the first "set New_app"
instruction?
And is it correct that the
set New_app = server.CreateObject("ADODB.Recordset")
instruction is totally unnecessary anyway?
I have a client who wants to password protect a learning course that is set up in modules. Each module needs to have it's own password protection so users can only access them as they progress through the course.
Each user should have their own password (for each module) and, said client would like the password to expire for the user at some (predetermined?) point. Is this possible? It seems like a lot (in terms of setup), but I don't know much about password stuff.
If it is possible, can someone give me an overview of how it works (theoretically) or where to find more specific info on setting something like this up (in ASP.net)
If it isn't possible, can someone suggest what is more reasonable in terms of protecting the modules?
I have a site that currently is password protected, using a combination of ldap authentication and asp session management.
So for every asp page, I check the session to make sure they're authenticated, if not I send them to the login page.
BUT.... there is a robohelp componenet that is almost a website within this website. All these robohelp files are htm or html based, so I'm unable to put asp scripting (to check for session authentication).
So, my problem is, how do i protect these pages using my existing framework?
I have a locally hosted (via an executable) asp application. Does anyone know what would be the best (cheapest) way to add copy protection in it?
The application is an exe web server with the asp pages embedded in the executable.
No one can copy the asp pages, but they can copy the executable and distribute it that way. I don't want them to do that.
If there is some sort of wrapper or asp code I could add to it for licensing or registration, please let me know.
I have allways validated user input to pieces prior to integrating it into a SQL statement, in order to avoid SQL Injection attacs. A colleague of mine told me that binding my vars would make them SQL scalar, but I have been left in the dark as to HOW... The web left me none the wiser, as well, so here goes: Anyone got a brief example of binding vars in ASP to get me started?
View Replies View RelatedI have a webpage. However I only want people to access it if they are members of a certain group. When I say group I mean Active Directory group. The log into windows with their Active Directory username and PW, and lets say they are members of 'employee1' group in Active Directory. I'm pretty sure I use ASP, to restrict access to a webpage depending on the users group. how I would go about doing this?
View Replies View RelatedHow do people protect input from forms submitted that are
dangerous such as scripts, etc..
I have a webpage where user upload ms-word doc.. for supervisor, they can d/w the doc and print... but the normal user can just see the doc..
how to make ms-word password protetion only to normal user but not to supervisors?
Can anyone find fault with this code? I wrote in in hopes of preventing users from "breaking" SQL queries and getting places they shouldn't by using SQL Injections.
Code: ....
Can anyone help me with an ASP function to perfom the following:
Series of page like this
item.asp?ItemId=2345
news.asp?NewsId=23456
Sale.asp?SaleId=344444
I need a function i can include in lots of pages that basically says
if query string is "ItemId" then only allow numerics of a maximum of 4
if query string is "NewsId" then only allow numerics of a maximum of 5
if query string is "SaleId" then only allow numerics of a maximum of 6
In all of the above query strings of 1,2,3 etc numerals must also work.
Any help appreciated as I'm in deep "poop" battling Chinese hackers.
we have a folder with pictures of signed up users. we are trying to protect this folder from the public in two ways. hide the relative path
e.g. /welcome/images/544235432.gif
makes it easy for a user to easily download this file . put a password and access the folder through this passwords .
I've recently had my ASP site attacked by these stupid bots and have tried a captcha protection, but it doesn't help.
Here's the problem:
I have a form where people send an enquiry to a client from my database (over 5000). After hitting the submit button, an email is posted to the client, a copy is sent to us and the info is published to a database for record / stat keeping.
I have put the captcha protection in the form, but although the tests show that the captcha form works, the emails are still sent off, therefore allowing the bot attacks.
There must be a gap I can plug with the captcha before the email is posted off or info sent to the database.
I have a formchecker running which forces required fields, and that works fine. I'd like the captcha to work the same. Before the form goes to the confirmation page, it must validate the captcha.
What can I do?
Using ASP in a VBScript environment, how can I check the protection on a directory, or a
particular file?
I created sessions to authenticate username and password. How can I utilize this same script to alert the user to change password at 3rd login? In other words when a user logs into a site after the 3 or 4th time which ever, they are prompted to change their password. Code:
View Replies View RelatedI need to be able to secure files on my web server. I am using asp to secure access to links and pages, for example:
<%If Session("manager")=FALSE Then%>
You are not authorized to view this page
<%Else%>
<<<Page Code>>>
<%End If%>
The place I'm running into problems is with files. I have a lot of charts and such in PDF version. I kind of doubt there is a way to secure these files with asp, but I thought it would be worth a try.
My biggest issue is that PDFs are stored in the browser's history, so once the page has been accessed, anyone using the browser can get to thatunsecured PDF. As a brute force fix, is there some way to simply erase the site from the browser history? If not, is there a way to secure the PDF, or does someone know of a better group to post on?
is there any way to protect files or a folder from unauthorised access, i.e.when a variable is false?
e.g.
when variable li = 1 then grant access to folder and files within
when variable li <> 1 then deny access
i have a folder with images and word documents i only want people with the variable set to 1 to be able to access them.is there a way?
where do you enter in the password for the connection to use?
set objConn = server.createObject("ADODB.CONNECTION")
objConn.Provider="Microsoft.Jet.OLEDB.4.0";"Password"
?
I am logged into nt and running an asp page.
I know that I can get my username from the server variable LOGON_USER or
AUTH_USER but the AUTH_PASSWORD seems to be empty.
Is there a way to retreive the current logged passsword
I just setup a passwrod button in Outlook Web Access by using the IISADMPWD directory in IIS.I have a few problems.can u solve it.
1. I would like the account section to be automatically filled by IIS.
2. I would like the back button to actually be a button not a link.
I have created one of those change your password forms whereby the the old password and new password are provided.
What I am having trouble with is ensuring that the old password entered actually exists already. Below is what I have tried, but I am getting a syntax error:
Code:
'Check Password
if request.form("CusPassword")<>rsCheckUser.fields("CustomerPassword") then
response.write "Invalid password"
end if
Else
if request.form("CusPassword")= rsCheckUser.fields("CustomerPassword") then
'write new password to databasestrSQL ="UPDATE Customer Set CustomerPassword ='"& NewPassword& "',CustomerPasswordverified ='"& NewPassword& "' where CustomerEmail = '"&CusEmail&"' "
I want to create a password validation system..... There are two text boxes.... I want to make sure that the passwords are the same and that they are more than 8 characters.
View Replies View RelatedIm planning to encrypt the password that was stored on msaccess database and
also the text inputed from a password textbox. Also, if I want to get the
password from the database, I need to decrypt it so it can be comparable to
the one that is inputed on the textbox. Is there a way on how to handle
this?
Public Shared Function Encriptar(ByVal cleanString As String) As String
Dim clearBytes As [Byte]()
clearBytes = New UnicodeEncoding().GetBytes(cleanString)
Dim hashedBytes As [Byte]() = CType(CryptoConfig.CreateFromName("MD5"),
HashAlgorithm).ComputeHash(clearBytes)
Dim hashedText As String = BitConverter.ToString(hashedBytes)
Return hashedText
End Function
this function encrypt user password, I need to un-encrypt that password
thanks to sitepoint forum,i am requesting a problem about forgot password .
if user forgot his/her password how can i retun his/her same password in email address?
i did like this:
......................
<%
Set myMail=CreateObject("CDO.Message")
myMail.Subject="your password"
myMail.From="codes"
myMail.To=ml 'ml var return current email address
myMail.TextBody=yrpass 'yrpass variable return password
myMail.Send
set myMail=nothing
%>
...................
does anybody here have codes for "change password"?i am using dreamweaver 8 and MS Access
View Replies View RelatedI have a form and iwant to check if the password which gives the user is between 3 to 6 characters "alpanumeric" there is something in asp code to do this?
View Replies View RelatedAny thoughts on requirements for a password?I've been thinking about
the following
Minimum six characters
Must contain at least 1 number and at least 1 letter
Cannot contain the user's first or last name
Cannot contain the user name of the person's email address
Cannot contain the domain name of the person's email address
My form accepts user name and password. I want to encrypt the password when I send it to the server. I think I can use windows advapi32.dll functions to encrypt and decrypt the data. Does anybody know if I can use this dll directly in my asp? Do I have to write customized dll which uses advapi32.dll and then use the customized dll in the asp?
View Replies View Relatedi wanted some help in the bewlo subject i tried in different code but some time it is showing wrong error.is anybody give me the example or site linke where i can donwload the the password checking script from database.
I have pulled data from database and shown those user name in suer tab ( drop dwon box) user need to select the his name and to type password.once user type the password it should check with database . if it exists then it should capture that user name and move on to next page.