My client has purchased 'software' - it really is just a series of html documents. I need to ensure that these pages are protected and only those who log in can view them.
I am building an asp/db based login front end to ensure that users have paid for the system. I just do not know how to protect the files from there because they are html. Converting them to asp is not an option.
How do I go about securing download files on my site so users can download those files only by clicking a link and not by typing the files address in the address bar. Is this even possible?...
I have a client who has a password protected page (via session) that lists a bunch of pdf's. They are a little worried that you are able to browse and see the pdf's via the url without being logged in.
I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?
I need to implement the following functionality in asp. I have got an asp page which renders some html onto the browser.Now instead of rendering the html to the browser i should save that as an html file in server itself. Please advise how i can accomplish this.
I need to implement the following functionality in asp. I have got an asp page which renders some html onto the browser.Now instead of rendering the html to the browser i should save that as an html file in server itself.
im wondering if there is a method/command which can be used so that when an asp page is called, it can 'explode' content from a text file (.txt) onto a web page, thus enabling a n00b to alter the text within the file, rather than the web page itself?
Further more, if I wanted to incorporate the text which is exploded into a CSS to give it some style flava, how would I do this? Is it possible?
I'm building a site which runs on 4 templates, each a different colour. I would like to pull in different content into each template using ASP.NET, similar to the php version of index.php?page=content.
I've not programmed in ASP before so am hoping someone can either supply me with a script or point me in the right direction.
i am using the following code to generate a xls file using the content type now when the user opnes the file at his pc it takes long time to open..if the no of records in file is large does the use of html tags has slow down the process of opening in excel. Code:
I am wriging a web application which cosists of a main directory with all the main code, and a subdirectory with the administration features. althogh the two locations will share configuration resources, I need to protect the admin folder from unauthorised access. I know that in apache their is some kind of authentication (I think it is used through an ".htaccess" command or someting) and I'm wanting to do a similar thing in ASP.
Are there some easy to use (and free) web scanning tools that can check for security vulnerabilities (SQL injection, cross site attacks) on classic ASP apps and suggest ways to fix them?
Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.
Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog. Anyone care to offer a solution?
I recently developed my first website and I hosted it on my pc.But when I try to access it from other computers, I am able to do that only when I turned the firewall off.Is there any possibility to access my website in internet on providing security to my system?
And one more problem is when ever I access any control on my webpage in internet, I am getting a dailogue box indicating that "connecting to mysite.dnsalias.com" and it is asking for userid and password.If any one knows please tell me why I'm getting the dailogue box and how to avoid getting it.
I have a client who has a password protected page via session that lists a bunch of pdf's.They are a little worried that you are able to browse and see the pdf's via the url without being logged in.
I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?
How can I make my asp page secure so that I can sell it and not have people be able to view the code. I know one way to do this would be to make it a component, but I dont really know how to convert ASP into Visual Basic.
I have a website setup which has MS-Access DB. The web pages are in ASP and uses ADO to connect to DB. The DB is located in the Folder "/Database". I have the Connection string setup in the Global.asa file.
As my virtual Directory is "/" and all files and folders including the "Database" folder are with in the folder so any one who knows the Database folder name and database name can directly download the database from the website.
The physical Directory for the virtual directory is: -
I am using Dreamweaver with ASP VBSCRIPT and want to secure a password that the user puts in and sends to my sql server 2000 database. Can anyone give me any guidance how I could do this?
tell me a way to programmatically with script at the server, reset the current user's security context from the IUSR_ account to a different one? what we'd do is anyone who is already logged in as a customer through our ASP page login setting customer-specific session variables.
we'd programmatically impersonate them as a different windows account,switching them from the anonymous IIS account they start off as. Bottom line is that we don't want them to have to login a 2nd time to get to these new pages. We've got other non-asp files that I cannot simply put behind an ASP-based login, which is why we need to lock the directory down behind Windows security.
I've learned how to basically access the database. Set ADOConn = Server.CreateObject ("ADODB.Connection")ADOConn.Open "myDataSource", "sa", "ItsASecret" But putting that code in each asp pages or putting it in the global.asa will be insecure. Since if the hacker gets the asp files or the global.asa files they will know the user id and password for the database. In this case, it's "sa" and "ItsASecret".
How can I do it so that they will never see this? I know of a way by using the Metabase. if I'm not running my own IIS server to do that and that I'm just gonna rent a webspace what are their options? Will they let me change or add this in their metabase? If not, what's the term for securing it? How should I go about securing my database id and password?
all my ASP sites use an Access database. Most are parts of our company intranet and i want to protect the databases from being opened but have it so that i can open the tables and make adjustments if needed.
I've tried adding a password to the database but of course that prevents it from being accessed via ASP. Just wondered if anyone had come across this problem and found a viable solution.
I intend to send word documents thru mail to my clients. I don't want my clients to save the word document to there system and i don't want them to print the word documents. How can i achieve both the tasks ?
Looking for a way to secure string. Have connect.asp page as an include file, but want to still use dsn-less connection and not have this in an asp page. Though about putting this in the global.asa file. Don't want to create a DSN and give IUSR_ rights to SQL DB.
I recently put together a site for a friend that needed a database to drive part of it. I tried and failed miserably at trying to learn ASP.NET & PHP so my friend sourced a web developer graduate who said he'd done a CMS for his final degree work. Great I thought, that takes care of the DB side of things.
On the back end, there are 4 web pages that deal with managing the database submissions:
1.) A login page
2.) A page to add a record to the database
3.) A page to delete a record from the database
4.) A page to update a record on the database
The login page has some sort of encryption within its ASP code but is not in protected directory so I guess it's probably subject to a brute force attack, but this I think my friend is prepared to live with as his site is so specialist and low-traffic. Code:
Ive created a site using ASP and an Access database. At the moment the database is unprotected, and I haven't used any usernames or passwords to access the database. Now that development of the core site is almost complete, i want to secure the database.
I have a table having 3 columns. There is a checkbox for each line. I need to get those lines whose checkboxes are checked, and show those lines to another webpage. Is there any way to do that? My concern is that all information in the table are in <tb></tb> pairs without any name tag. Any idea?
I have a website that we display images we have saved into a SQL Server 2000 database as binary BLOB. This is on a Windows 2003 Server. Just recently (a week ago) this website began to save the images it is displaying on the website as ASP pages in the Temporary Internet Files > IE.Content > Folder.
We have other websites where we use the exact same code and these do not save files on the server when they are displayed.
Here is the code to display the image: Set rs = objConn.Execute( SQL ) Response.ContentType = "application/octet-stream" Response.BinaryWrite rs("Product_Image")
SQL is the SQL String to get the image from database
When I add this code:
Response.ContentType = "image/jpeg"
The images still display on the website, but now are saved in the Temporary Internet Files folder as JPG's.
I'm doing a content management system, whereby the user can enter the HTML code for a currency symbol, eg £ for £.y . when I bring this data backup, say they want to edit the settings, then my ASP/HTML page is rendering the HTML code, eg £, rather than showing the original value, eg £.
If for example I put a space between the '&' and the 'pound;', eg & pound; then this will cause me problems because the user will think that they have to a put a space in or they file it with the space, which means the HTML code won't work any more. Is there a way round this?
Can a php file be executed inside an asp file? I need to execute a php file in another asp file but i'm not so sure it's possible. My server can run both asp and php and they run without any problems... I just need to find a way to include the execution results of the php file in the asp one. Is it possible to use SSI and include the executed php file and then the executed asp file in a main ssi file?
I have installed PWS in windows 98 in each of the system at various places and put my Sales program files in the WWWROOT directory in all the branches. I'm afraid that the users may tamper my ASP files. Is there any way of converting .ASP files to .exe files so that the dont see my program.
i need to include the html inside another html, though it might appear simple, the catch is this, my one html is in one server and my another html is in another server.I cannot read the html and stream it as it has images and their path gets changed when i do that.
More over i donot have any control over the html which i am going to include all i have is a url http:abcxx.htm whose content i want to show in another asp page. The technology is ASP (vbscript and javascript).
I was wondering how some sites let you search by using a form, then present the results as static .htm files.
The reason I ask is that I tend to use ASP to process form information, then give the user a list of results presented on an .asp page. The list is simply drawn from a database in real-time and formatted into a template page.
The problem with this is that search engines can't see any of the information in the database, since they can't do the form submission. Is there a way around this?