Secure
I may be in over my head on this one... VERY new to ASP. I have a potential client which is a marine loan broker. He wants an online credit application for the boat dealers he works with (20 different ones). He wants the credit app to be co-branded. Dealer/LoanCompany logos at the top would be sufficent. The dealer would have a link on there own site to the loan company's site but wants it to look like they are "Partners" and not just being shullde from one site to the next.
Is there a way to display different dealer logos based on the referrer URL? I would rather have one creditapp.asp that displays the proper logos depending on the referrer over building 20 creditapp.asp's. He doesn't need the form data written to a database. He just wants the form data emailed to him. (this I can do) How secure is that emailed data?
View Complete Forum Thread with Replies
Related Forum Messages:
Secure And Non Secure Data
i have an ecommerce site that is split across two domains, a secure space that retains cc details and the main site where contact information and order details are held. I need to be able to produce a report that displays both sets of info in a printable document. aside from using iframes is there a better way of doing this?
View Replies !
Secure
How do I stop pages being active in the history. I have tried this, <% Response.Expires = -1 %> But the pages are still active in the history and are being cached somewhere on the machine win2k.
View Replies !
Secure
If I create a simple login page and then store the UserId is a session and check its validity in the subsequent pages, How secure will the site be. I know the same question has been asked in the PHP forum Code: http://www.sitepoint.com/forums/showthread.php?t=233118 But how can I make my site secure enough in asp
View Replies !
Secure FTP With ASP?
Right now, I'm trying to use WSH to run PSCP (command-line version of PuTTY). I've tested the command I'm using by opening a DOS box manually on the server, and the test file is successfully transferred. I've run Filemon and Regmon while running my sample ASP page, and see no permissions problems. I've tried running cmd.exe and passing PSCP as the parameter. I've tried running PSCP.exe directly. I've even tried using ASPexec to run it instead of WSH. None of these have worked. I always get the same thing -- error code 0 (success) returned from WSH or ASPexec, but when I look at the second server the file never got there, and when I look at terminal services on the Web server PSCP is still running.
View Replies !
Secure Login
I'd like to create a secure login from an ASP page to a specific SQL Server 2000 Db. Is there an accepted methodology for doing this? Are there any resourses that show how this can be done?
View Replies !
Secure Page
I need to secure my web page, when it is reading a file from the physical folder. Say for eg.. I have a page Page1.aspx, which displays a list of links that corresponds to the available text files in one of the files. All the other pages are secured except this page. So when I click the link, it redirects it to for eg.. http://localhost/folder1/one.txt. But this should not happen. As the user can type this without even logging into the website. So I need to know how to stream this file and display it in another page, rather than just showing it.
View Replies !
Secure Page
I´ve made a loginpage in asp, and a page that receives the data from the form and logs you in. But how do i make the loginpage secure? Do i have to use https, and if so, how do i change from http to https when the loginpage is included in another asp-file?I don´t know if i have explained myself correctly
View Replies !
Application Secure
Here's what I/m doing to sanitize/validate/secure my input. 1. The front end checks what kind of data is entered. 2. I am using parameterized query instead of concatenated strings (Against XSS) 3. I am replacing symbols like <,>,# etc with their appropriate entity number eg. & #32; without the space. (Agains SQL Injection)
View Replies !
Secure Connection
Can someone please explain to me the basics of creating a secure connection (we're looking at using Authorize.net) and possibly point me in the direction of other resources for getting some info?
View Replies !
How To Secure Code?
I have a site designed with ASP 3.0 code (HTML and vbscript) that I want to protect from being visible. I want this code to be non-visible and hack-proof. Is there a way to either encrypt or protect another way to ensure that my code is not stolen?
View Replies !
Secure SMTP App?
I have a client with their own W2k server and their IT guy refuses to turn on the SMTP service for fear of it becoming hijacked by spammers. However, they also want their web site to perform some emailing functions I would normally use CDOSYS for. I'm having them look into alternate SMTP servers to use with CDOSYS, but I was wondering if anyone here can recommend a 3rd-party ASP-based SMTP app that might be more secure than IIS' built-in service?
View Replies !
Secure Information
I've an ASP page in wich the customer write his card number for the payment. How can I make this information secure when it's sent to the server?
View Replies !
How Secure Is Global.asa?
I have written a simple script that is called every 75 seconds or so to test whether the SQL Server database is running. The script is contained in a page that is not linked to in the site. The thing is I have hard coded the database information on the page, I was thinking of putting the connectionstring into my global.asa file as an application variable. How secure are the two options? Will there be any performance issues? Bearing in mind that this page is called every 75 seconds.
View Replies !
Secure A Database
I have set up an asp script which writes the output of a form to a database.I have achieved my database connection like this:Code: DIM objConn Set objConn = Server.CreateObject("ADODB.Connection") objConn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & _ Server.MapPath ("contact-2000.mdb") & ";User ID=admin" objConn.Open How do i go about making the database secure? at the moment anyone could view the source of the asp script and download the database.Which folder should the database be stored in? iv heard of using the root folder? at present the database is located in the same folder as my asp file.is there a way of setting up a password on the databas ein access and passing the password from my asp script to the database. the password would have to be encrypted though.
View Replies !
Secure Web Page
We have a need to allow our users to enter Credit Card #'s on a web page, so we need a secure page (have the little lock at the bottom of the browser) in order to do this. 1) What is this called? (I've heard the term SSL (Secure Socket Layer)tossed around, I don't know if this is the same or something different). 2) If I need a certificate of some sort for our server, how do I get it?
View Replies !
Secure Statement
I have written a web app in asp3 which is used by lots of users.The data is all held server side.However,I want it so that the users can export the data in a csv file,much like you can download a statement from online banking. However,I don't want to save the file to the server,as then anyone else might guess the filename and download it.Is there any way to directly generate a file from an asp script.i.e.instead of asp returning html,it returns csv data which the user can save away.
View Replies !
Secure Issue
there is a way to post form variables in the best secure way... i don't sure how or what is the technical way to do this and that is the aim of this subject... but somehow the form write all the inputes into cookie and than the asp file read the form outputs from the cookie and not from the form itself... why? how it works?
View Replies !
Secure ASP Application
I have an ASP application that I would like to give out to customers. how do I control the licencing. They will get the source code.. (I know I can put it into a DLL - its a possibility) but even then they can simple copy it elsewhere. So what I thought was some code looks at the servers name, IP and current date and generates a code based on that. Then, I create a code at my end that will only work for that server name, IP and up to a date I specify. The code would be encrypted somehow. Does that sound like it would work?
View Replies !
Secure ASP File
how do i restrict anyone by changing an asp file. can it be done using visual source safe? Is there any way that i can stop any one from making changes in my asp file.
View Replies !
Session Secure
Is it safe to store credit card information in the ASP session state to be ultimately transmitted to VeriSign? I have a set of forms that are in the format of a wizard and I need to maintain the information through the pages. I know cookies are potentially unsafe, and I don't want to be responsible for credit card information being stored in my databases. I would use this type of method... Code: <% Session("CCNumber") = Request.Form("CCNumber") %> If it helps, I have a VeriSign SSL certificate.
View Replies !
Secure Layer Use
Are there any down sides to making the whole site jump to a secure layer from the word go? I have a site which does this from the point of login, but for people who don't login it stays in the normal zone. Just wondering about any possible side effects from making the default.asp jump straight into https unless it's there already.
View Replies !
Secure Documents
I have a client who needs to be able to upload confidential documents (.doc and PDF) to a "hidden" area within their website so other members of their organization can later view them at their convenience. This area would be restricted by logins and passwords, but it also needs to be secure enough that no outsiders could gain access to these documents if they tried. I've read on here about placing files in a directory outside of the root directory and then reading them back with a script but I'm wondering if there are other options that would be even more secure than this. Maybe with using some sort of file encryption or something else used in conjunction with files outside the root. I would be open to any 3rd party commercial software if someone has had good experience with it. Does anyone have suggestions to offer?
View Replies !
Secure Passwords
what is the best way to create secure passwords in a database. I have a login system that can create users but it saves the users passwords in clear text. how would i go about doing this so if people look in the database they will not know the password.
View Replies !
Secure Login
any good tutorial sites that could help me code a members area. In a nut shell what im planning to do is. member login - 3 attempts at accessing members area.different access levels for different users. i also want to allow admin to upload files [word docs mainly] and allow the members to download them. I have previously built an asp login but it was very basic and had no security put in place. if you know of more security features i need then please share the knowledge, it has been a while since i coded a dynamic site.
View Replies !
Secure The Code
i have to secure my asp code. I tried "screnc.exe", it is very useful but not hard to crack. give an alternate and better way.
View Replies !
Need To Secure Pdf Files
i currently have an asp authorization system setup on my website for access to certain html pages. this works great, but i need to restrict access to some pdf files as well. as of right now if the user is authenicated they have access to links to certain the pdf. the problem is if i change a users access privileges they or anyone could open the file directly if they save or can guess the correct path. i have tried to setup webserver folder security and use usernameassword@domain.com but this doesn't work in ie. I thought about placing the pdfs in a database but im afraid that will slow down access to the files.
View Replies !
Secure Page
I dont have a secure page for I got this page when after logging in I could still login after using the back button.
View Replies !
Secure Site
I have had a programming utility suggested for use at work, which builds pages using ASP 3.0 . I am curious to know what the security possibilities are with this ASP. And if I should hold out for using ASP.NET instead?
View Replies !
Secure Website
If this is not an HTTPs page, then how come the login on the page is considered SSL? http://www.bankofamerica.com/
View Replies !
Secure Emails
i have to do a few stuff in ASP for a client. I'm used to code in PHP but I'll manage to do it... I just have a question though. The app will have to send an email with sensitive data (cc info). The pages dealing dealing with these info are secured (SSL) but what about the email? Can you encrypt it? Is it safe to send an email just like that or should you do something to secure your data? If yes, what are the measueres to be taken?
View Replies !
CDO Email From SSL Secure Server
I've built a survey and tested everything is working fine - except fo one problem, that i have been told MUST be fixed I am using CDO.Message to send email message to the respondants of the survey - a lovely thank you message. It is sending the emails fine to all email address i have tested, except for email address here where I work, and I have been unable to find a reason for this the web scripts are running on a secure server (SSL certificate) and all is working great except the email issue. the actual code that is sending the emails works perfectly on non-secure server, and seems to be fina on the secure server except for the most important(apparently) email addresses. Does anyone have any ideas why the scripts would not send to one set of email addresses, but seems to work for all other when on SSL, but works for ALL email address when not on SSL.
View Replies !
Generating A Secure Email....
On our website, a user can order products from us. When they "submit" the order, the website designer has written some ASP code to auto send an email to our Exchagne 2000 server. Due to the contents of the email, we need to secure it... How can we send a "secured" email from ASp script or would this not be a function of ASp at all but the server the email is being sent from? There must be something in the ASP code to indicate the email needs to be secured?
View Replies !
Secure Socket Layer
I wish to learn about ssl (secure socket layer's ) as I'm trying to build my own cart, I looking to take card details using this ssl and manually make the payments off line, new to ssl, do I simply store the form pages that request the customers card details within the ssl and that will encrypt anything sent from that page to my database hope someone knows a little more than me, or knows any good links on info about using ssl when making a cart.
View Replies !
Download Secure Web Page
I have used the "Microsoft.XMLHTTP" object to successfully download web pages from other sites. However, I need to download a page from a secure page. Can anyone point me to sample code for that? I need to "post" data to a form on that page, so any sample code for that would also be helpful.
View Replies !
Secure Communication Over Https !
I am developing an application over the web(intranet app). Now my problem has to do with secure communication between browser and webserver. I want to enable secure communication using https. Are there any alternatives other than buying certificate for virtual directory ?
View Replies !
Display A Secure Item
Is there a way to display a Secure / Non-secure item from a ASp web page.Does anyone have any idea what i could type in in the URl or anywhere in the page to break it.
View Replies !
Secure Session Variables
I am trying to develop a forum in asp. I want to try and make it as secure as possible. I understand that if someone knows or guesses a session ID they can post requests to the server and potentially gain unauthorised access. How can I go about doing this securely? I did think about using random strings as session id's but then how could i check to see if the user is logged in if i dont know what the session id is.
View Replies !
Connecting To Secure Server
Maybe I'm doing something wrong, but I'm having troubles with connecting using SSL. I have a website at http://www.*****.com I have a login form directly on that index page. When you click sign in it directs to https://www.hostingcompany.com/******. However, it fails the first time, then it works the second time. The second time I am on the https://www.hostingcompany.com/****** page.
View Replies !
Secure Dynamic Includes
Is there a way to make this script more secure? I usually do my coding in php where i can strip slashes and tags to prevent evil code from being included. can something similar be done with asp? <% dim pid pid = Request.QueryString("pid") if pid = "" then fil = "content/page1.asp" else fil = "content/" & pid & ".asp" end if Server.Execute(fil) %>
View Replies !
Secure Session Keys
I would like to implement user authentication and session management for my applications. I've been using solution 1 (below) for most of my applications in the past since the target audience is mostly intranet based. Now that I'm creating a more global application, I want to use a method that does not require cookies, yet maintain a farily high level of security and fault tolerance. Is there a better way to handle this problem? What method does the big Internet shopping companies use? Scenario: A user is authenticated and is given a session key. The session key is passed to the user in an HTML page and returned to the server using a query string. The user then copies the URL and gives it to his friend to see. Since the URL now contains the session key, how does the server distinguish between the authenticated user and his friend? Solution 1: Use an ASP session variable to store the session key between page requests. This solution requires that the client have session cookies enabled. If the session is not encrypted (i.e. SSL), the ASP session id is still passed via. clear text, and is vulnerable. Solution 2: Use a session key that identifies the location (IP address) of the user. If the submitted session key doesn't match the user's location, then the session key is invalid. The session key can be passed as part of the URL and does not require cookies. This method is vulnerable to IP spoofing, and breaks if the user is behind a NAT server, or web caching server that masks the true IP address. Solution 3: Have the session key returned to the server via an HTTP POST request. This method does not require cookies, but is clear text and vulnerable if the session is not encrypted. The session key is lost if the user navigates to a page manually issuing an HTTP GET request.
View Replies !
Secure Login Page
How can I secure the pages for login users in a "professional way"? I could set a global variable to true when a user successfully sign in but that's not how the experts do it right?
View Replies !
Send Secure Data
I've sent private data back to the IIS by implementing the web page reference to HTTPS, but how can secure data be sent to the client computer over the internet using SSL?
View Replies !
Download Secure Web Page
I have used the "Microsoft.XMLHTTP" object to successfully download web pages from other sites. However, I need to download a page from a secure page. point me to sample code for that? I need to "post" data to a form on that page.
View Replies !
Grabbing Secure Web Page
I am working on automating a workflow process for my company. Part of the process requires the user to send a snapshot of their benefits from a secure web site to their manager. I am trying to extract the web page using Microsoft.XMLHTTP but am having problems due to user validation which is required to access the benefits web page. There are 2 layers. First, user is required to login with user name and password, then user is redirected to another page that asks for PIN. Only if both authentications pass, the user is considered validated and is redirected to the benefits page. I am not able to through any of the validation pages. What can I do?
View Replies !
Setup Secure Communications
For testing purposes, I need to setup secure communications for a folder on a website in my WinXP Pro IIS. When I right click on the directory in the IIS services window, an go to the Directory Security tab, everything is ghosted.
View Replies !
Secure Are Session Variables
Example: session("IsLoggedIn")=false Can this be changed on the user's machine by editing the cookie directly? (Please tell me it can't!). If so, will ASP know it has been tampered with, and refuse to "accept" it if changed to "true" ?
View Replies !
Are Server Variables Secure?
I'm working on a shopping cart page. In page A (checkout) the user enters their credit card information. On postback, if everything is correct, it sends the user to page B (confirmation). My question is, can I (or should I) use server variables to send CC information to page B? My boss doesn't want me to store this information in the SQL database we're using. Obviously cookies are out of the question and so is passing info through request.querystring, so I was thinking on using session variables for this, but not sure if it's safe. What should I do?
View Replies !
How To Secure File Downloading
I have been lately dealing with developing an ASP based web application which uploads documents to a folder. Application itself is password protected by the session. I am now looking for securing the documents that are uploaded. For example; Let's say AAA.doc is uploaded to "/docs" folder by this password-protected application. But, I can't prevent the following link to download this Word document: (URL address blocked: See forum rules) How can I prevent the above link to download AAA.doc? Is it something possible to restrict it with a session variable? I also want the user who are authenticated at the beginning to view or download the file, but unauthenticated users shouldn't view it. I found some articles but they are speaking about IIS level things. Folders may be created dynamically. Is it possible to have this security feature at application level?
View Replies !
Secure Download (stream)
I have a directory on my site where the users do not have direct access so I need to stream the files throuh an asp file for them to download these files. Like this: download.asp?File=myfile.mdb or download.asp?File=myfile.xsl or whatever. The problem is that I dont know the type of file (.mdb, .xsl, .wks, .doc, ...) so I dont know what to put in the header for this to go smoothly. This is some code (that does not work :-)).... Just ignore my code completely if you feel like it... I only need asp code to download any type of file.. Code:
View Replies !
Most Secure Way To Provide Log-in Area
I've got a CMS, which currently requests that you provide your username and password to gain entry. Upon submitting this form, your username and password are checked and a session is set if they match: <%if request("strUserName") = "bob" and request("strPassword") = "bobspassword" then session("Login") = true response.redirect("mainmenupage.asp")%> Each page in the CMS then checks for the session to be set to true before rendering the page. People say that I should check these values in a database rather than on the page itself, but I don't see why? Can anyone recommend a more secure way of doing this, or is this secure anyway?
View Replies !
|
TRACKER
