QueryString Security Breech...HELP!!!! (this is a

Results 1 to 2 of 2

Thread: QueryString Security Breech...HELP!!!! (this is a

  1. #1
    Josh Hames Guest

    Default QueryString Security Breech...HELP!!!! (this is a

    ok, heres the problem. I have child pages communicating to each other w/ QueryStrings in my framed ASP application. The strings are encrypted and this application requires the user to login in first. I need to validate the user and check their ID before allowing them to do anything. If they look in thier history the pages theyve looked at in my app are of coarse there. They wont be able to understand it because the querystrings are encrypted. However, the problem is, whats to stop some random person from just walking in, opening the history, and clicking a link to send a URL to the application that contains one of the valid encrypted querystrings? essentially, they are logging in w/o even knowing any of the username or password data. This is a major security breech that im stumped on and i dont want to use session variables. How do i prevent this?? help me!!!<BR><BR><BR>ive already tried using the &#060;meta&#062; expiration date to turn off the cache,that still doesnt solve the problem...any more suggestions???

  2. #2
    Join Date
    Dec 1969

    Default RE: QueryString Security Breech (Ian & Fl1rt read)

    One idea is to have a table set up for active users - basically creating a session variable. When a user logs in, an entry with the userid and time would go in. Then on each page, you could check the userid and time, make sure the "session" hasn&#039t expired, and if it has, delete the record from the table, and send them to the login page. If the "session" has not expired, then update the time, so the user will be able to continue working.<BR><BR>This may be a clunky way - not sure of the overhead, but it is an option.<BR><BR>I think Ian or Fl1rt were working on a sessionless authentication method at one time, but I am not 100% sure.<BR><BR><BR>HTH<BR><BR>Jerry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts