Security of ASP Pages?

Results 1 to 4 of 4

Thread: Security of ASP Pages?

  1. #1
    Troy the ASP Boy Guest

    Default Security of ASP Pages?

    this question got asked by robert yesterday wasn&#039t followed up here goes.<BR><BR>can someone create a dummy html form, where the form data is changed from....<BR><BR>&#060;form method="post" action="logon.asp"&#062;<BR>&#060;input type="hidden" name="userid" value=(their id)&#062;<BR>to<BR>&#060;form method="post" action=""&#062;<BR>&#060;input type="hidden" name="userid" value=(someone else&#039s id)&#062;<BR><BR>...and access someone elses account. initial logon uses password/username, but after that the userid is passed. is this a security issue.<BR><BR>troy the asp boy<BR><BR>

  2. #2 Guest

    Default RE: Security of ASP Pages?

    Save the user logon information into the session,<BR>don&#039t use the "request form" method.<BR>or <BR>double check the form value with session valuable in the ASP.<BR><BR>I found some ASP base host which provide free home page have this problem. I can modify other peoples files via enter URL manullaly.<BR><BR>

  3. #3
    wken Guest

    Default RE: Security of ASP Pages?

    I use this to keep people from posting form submissions on other servers to my asps.<BR><BR>&#060;%<BR>Dim thisServer<BR>thisServer = "http://" & Request.ServerVariables("SERVER_NAME") <BR>If inStr( Request.ServerVariables("HTTP_REFERER"), thisServer ) = 0 Then<BR> Response.Clear<BR> Response.Redirect("home.asp")<BR> &#039 To test this, comment out the redirect and the following lines will execute<BR> Response.Write(Request.ServerVariables("HTTP_REFER ER")&"<BR>"&thisServer)<BR> Response.End<BR>End If<BR>%&#062;<BR><BR>hope this helps,<BR>wken

  4. #4
    Join Date
    Dec 1969

    Default RE: Security of ASP Pages?

    I would think not <BR><BR>The page comes from your server they would have to type the complete address and variable calls in the address bar and they would have to know the variables you are calling. so I don&#039t think it is vary likely that that could happen

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts