I have been searching for a solution to a permissions problem: Currently, I have an app that creates an html file in a folder on the web server, closes the file, opens it again and dumps the contents into an HTML-formatted e-mail message. In order to create and open the file, I had to set permissions for anonymous browsers to READ/WRITE. The app works fine, but this poses a security problem, because the files contain personal data that anyone may intentionally or unintentionally view. My question is: Is it possible to modify the folder permissions within the ASP app? I'd like to open the folder for READ/WRITE in order to create the file and open it for sending the e-mail and then immediately turn off all permissions for anonymous browsers.
Using the following query I get my desired results. However, in the resulting recordset, how can I show for example 10 words before and 10 words after the keyword or phrase that was searched upon? If I get 20 resulting records I think it would be easier for the user to decide which they want to view.
DECLARE @SearchString varchar(100) SET @SearchString = ' "stress" ' SELECT KEY_TBL.RANK, Title, Body FROM Articles INNER JOIN FREETEXTTABLE(Articles,*, @SearchString) AS KEY_TBL ON Articles.ID = KEY_TBL.[KEY] ORDER BY Rank DESC
I have a simple png image file which has a white background and one layer of text. Is there a way in ASP/VB to dynamically change the contents of the text layer? I guess the steps would be to load the image, extract and replace the text, rebuild the image and save to the file system under a new name.
Instead of locking this bit of code down to the "crreport1.rpt" entry I was wanting to have it receive a "POST" command(from a form page that would post to the page that contains this code) so that it can be more dynamic. Here's the original: Code:
Set session("oRpt") = session("oApp").OpenReport(basePath & "report1.rpt", 1) Would something like this work in my asp page?Code:
Set session("oRpt") = session("oApp").OpenReport(basePath & Request.Form("report"), 1) and then use something like www.test.com?report=report1.rpt
I have downloaded some sample code from the net to display a calendar etc.
The code is below.
How can I modify this code so that when called in a popup window and a date is clicked, that date is inserted into a form field on the original page. I know how to pass this value back but do not know how to modify this code to include the correct line. Code:
if I could use the same 'Thank You' page but display a different message depending on which page it was referred to from: eg an order page or a mailing list page. Is there a way ASP can tell which was the preceding page?
I currently have a sql query that pulls all records based on a variable(var1) inputed by a user from a form. Each record in my database has a time stamp assoicated with it. I want to give the user the option of pulling all records based on (var1) and allow them to sort based on date or time stamp also with a two fields that will take a range.
(ex. Beginning date and Ending date). So my default sql query will allow for var1 to be inserted and to have all records returned for the current day. BUT, IF A USER HAS ENTERED
A DATE RANGE then all records will be returned for that date range based on the var1's value. How could i go about about structuring my code for this? I was thinking about a "Switch" statement that could response to different user options with different sql queries. What do you guys think?
I am using a SQL Server database. I am using a bit datatype. O is true and 1 is False. How do I get the radio button to have the correct value checked for a certain record?
Does anyone have and easy way of modifying the format of a number once pulled from an Access database? In the thread listed above, Access is stripping the 0's in front of my numbers. As a work around I have an If statement that checks to see if the number is < 10 and if so write a 0 before pulling from the recordset. I'm looking for a simpler, one line code instead of the big If statement.
I know that using Word Automation inside an ASP page is no good idea.Anything I want to do in the current project is: open document, change some text, save and close document. Basically changing some variables, consting of a name embraced by special chars, to some value. As for example: change "[FirstName]" to "Michael".
Does anybody know whether there is a way for achieving this with basic "file input / output". Can I regard a Word document as some binary data, perform the replacement, and save the data, without destroying Word's internal structure?
i have absolutely no experience using ASP or PHP, but I've been tasked with making a simple login page for certain clients. I found this tutorial which is almost what i'm looking for.
The one thing that i need to modify is each username, after login, must be directed to a specific protected page. Since the username and password get split into an array, i know there must be a way to also keep track of which pages are associated with which usernames, and then have that URL be evaluated in this line of code:
Code: Response.Redirect ("/protected/default.asp") if anyone has a better way of doing this simple form that would be very helpful as well, thanks -ak
if it is possible to open a text file using FSO and modifying the content of it.I have a template of a file (template.bsi) as a text file and I want to change variables within the text file by a simple replace command, but I'm not sure whether this is possible.
i'm wondering if it's possible to modify the design of an sql database from within a script. I don't have MS SQL installed on my machine but i need to add a few fields to some of the tables.
I know it's possible to create and drop tables so that is one option. ie: drop the existing one and create it again with the extra fields. the problem with that way is I'll lose all the data. so long story short. how do i modify the design of a table from within a vbscript?
What I'm trying to accomplish is the ability to post information to the querystring based upon values that are within a drop down that was generated from a database. Code:
How would I get a windows account name through ASP? Say I login with veamon, and the start menu says Bob Barker ...how would I get the Bob name...i can get the login name
I'm looking for an ASP script or tutorial to lockout an account after 3 or 5 failed attempts. It should be the best way to prevent my login screen against the brute force attack.
Does ASP only use the IUSR_<IIS Machine Name> to gain access to files located on a LAN, or can another user account name and password be setup? To create a file on another computer on the LAN in ASP using the FileSystemObject requires permissions on that other computer. Using a DSN for a ODBC driver requires permissions to SELECT records from a database file on another computer on the LAN. Must I use the IUSR_ account only?
I have an application that references a database on my hard drive, however I am unsure how to transfer the files to the server and keep the integrity of the database reference string.
Using classic ASP I want to check if a username and password are correct before passing the details on to an object (stocktake module) that uses them to authenticate the object. The object defaults to a preset user if the authentication fails and doesn't warn the user, so I wanted to do the check manually before passing it to the object.
I was asked by a client to make changes for their Outlook Web Access page where I need to validate Expiry Date of the Password and also the Password Length for the NT Account Policy. Initially I use javascript to do a static validation for the password expiry and password length. There request now include dynamic changes to the Javascript where if the password length is changed on the NT Account Policy, it will reflect on the client side script. Also they request for server side validation as an alternate just in case.
Can someone point me to the resources available for this. I am stuck on this one for quite a while now and no idea on how to proceed?
I am working on a commercial ASP web application which use MS Access 2000 as database.When configuring the database access,I got an error saying that this database is a read-only database.
I checked the database property,it shows that this database is archive,not read only.I can directly make change on the database using Access, so, my guess is the problem is not really database related, am I right?
According to the instruction of the software, the database folder must have read and write permissions given to the "anonymous web user account", I have set the database folder to share and gave all permissions to "anonymous logon " and "every one", but the problem is still there. I am just wondering, what is the "anonymous web user account" in Windows 2000 server and IIS?
I was just looking things over and I noticed a new account under my users. It's and ASPNET user, (account used for ASP.NET worker process....) I hadn't noticed it before. What is is? What does it do? Should it be disabled? Should I make any changes? Have been out of the loop for a while, could someone bring me up to speed.
I wrote this script which for now it works fine. The purpose of this code is to lock the account whenever a particular document comes to its expiration date. So, if I have a document that expired on 7/31/06, the it should lock the user's account once they'd logged in.
However, the problem I am having is that is locking everyone that has already an expired document. What I would like it for the code to check during the current month. If a document expired, say yesterday 8/9/06, lock the account, else let then user continue to access their account. Code:
I have this page in which emails will be send simultaneously, one is to send at the my-sites email while the other is on the users email. Problem is once the email page is sent the my-sites email was also recorded in users email account and vise versa. Code:
I am using the FileSystemObject to look at the contents of a directory. The process has always worked. Recently in an attempt to increase our security, we removed full rights for everyone to files on the D:. Now I only get a blank page.
Does anyone know what USER ACCOUNT is being used to access the folder. My guess is I need to grant access to some account.
I often have permission problems when I move my pages unto different servers.It would be very handy if I could programmatically determine the anonymous user account name from my asp page.How can this be done since it is not in the request header for anonymous requests?
I'm trying to design a web application where people can create user Ids and passwords while signing up and then use that information to login to an account. (I know, very basic). I just can't get my mind around how to make this system most secure. the user id and password is verified at the time of logging in and at that point, I would like to create something like a session key before openning the new page.
I basically don't want to start the new page by passing regular parameters through the URL because that's very easy to manipulate and break. Can someone give me some information about creating a secure system like this and/or forward me some useful sources?? btw.. I'm using, IIS as my server, ASP.Net and VB.Net.
IIS set up after VS.NET. On a virtual directory for a web app...I go to properties and click on the 'Directory Security' tab, click the 'Edit' button,check anonymous access, type in username/password for account, check 'Integrated Windows authentication' at the bottom...then OK out.
in web.config, I add the tag identity impersonate="true" />
firstload I get the account I typed in above...on postback it changes to my personal windows account. strange. Also when I switch on the anon user account for the whole website it works.
We have a simple asp page that query LDAP attribrute. Everithing is working fine using a native domain account. but when using an external account we have an error 70, acces denie.
Here's some basic info on our structure.
- Domain/Forest A with Exchange - Domain/Forest B with external accounts. - Forest A Trus Forest B and "Vice Versa" - asp page on a Exchange FrontEnd server on default web site (same as Exchange)
- asp page is using basic authentification. - Authentification work fine using native domain account or External domain Account.
- Getting native Windows attributes work fine with External account but the attributes starting with "ms-Exch" do not come out.(Exchange Attribute). Code:
I don't know if this is a unique problem, or I'm going about it the wrong way. I currently connect to one of our SQL servers via a priviliged account (by using RUNAS). Works with no problem. I now need the ability to connect to the same SQL server using ASP. I have the following connect string, but I'm not sure how to specify the domain in the string, or is there some other way?