Security setup

Results 1 to 3 of 3

Thread: Security setup

  1. #1
    Join Date
    Dec 1969

    Default Security setup

    I am trying to setup security on my web site by using the security FAQ on the 4guys site. I have setup a page with the following code:<BR><BR>&#060;%<BR> dim conn<BR> dim strconn<BR><BR> strconn = "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" & _<BR> Server.MapPath("users.mdb") &#039;change the path as necessary<BR><BR> set conn = server.createobject("adodb.connection")<BR> strconn<BR><BR> &#039;Replace single quotes in username/password with two single quotes<BR> &#039;to protect from SQL Injection Attack<BR> Username = Replace(Request("Username"), "&#039;", "&#039;&#039;")<BR> Password = Replace(Request("Password"), "&#039;", "&#039;&#039;")<BR><BR> SQL = "SELECT * FROM my_users WHERE username = &#039;" & username & "&#039;" & _<BR> "AND password =&#039;" & password & "&#039;"<BR> set oRs = conn.Execute(SQL)<BR><BR> If oRs.EOF then<BR> Response.Redirect("urhere.htm")<BR> Else<BR> session("ID") = "my_session" &#039;any word you&#039;d like<BR> End If<BR><BR> Set conn = Nothing<BR> Set oRs = Nothing<BR><BR>%&#062;<BR><BR>I have created the db on the server and all appears to be correct. However, when I login with a username and password that is in the db it still goes to the re-direct page, it also goes to the re-direct if I type in a bogus userid and password.<BR><BR>Is there a way to check to see if the db is being accessed?

  2. #2
    Join Date
    Dec 1969
    Los Angeles, CA

    Default Debug

    check if the connection is open and what your recordset returns<BR><BR><BR>

  3. #3
    Join Date
    Dec 1969

    Default A better question is what SQL are

    you trying to execute ; )<BR><BR>Put this in before your execute statement and take a look. ; )<BR><BR>response.write SQL<BR>response.end

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts