ASP scripting and Security

Results 1 to 2 of 2

Thread: ASP scripting and Security

  1. #1
    Matt G. Guest

    Default ASP scripting and Security

    &nbsp;<BR>Hello there --<BR><BR>I am a web designer who does HTML, scripting and graphics. I don&#039t do any sys admin or network administration. Assuming that the people who do maintain the network have the proper service packs and security patches in place, I am wondeirng if it is ok to do this:<BR><BR>For people that are allowed to update my pages (administrators),I have an admin section on my sites. The simple security I use is to have them submit their login names and passwords through a simple form, and them process that info with an ASP page that uses a select case statement to see if the info entered is correct, and if so, assign a "user level", which allows certain administrators certain capabilities. Then I store their user level in a session variable.<BR><BR>Is this ok?<BR><BR>My understanding is that although I have hardcoded their logins and passwords in the ASP page that processes their login, this code (since it is processed on the server side) will never be visible, and hence is not a security risk. Regarding the session variable, I guss I could use a cookie that expires at the end of session (like a session variable), but I don&#039t know how this would be an advantage (since the session variables use a cookies too).<BR><BR>Any comments are appreciated.<BR><BR>Sincerely,<BR><BR>Matt G.<BR><BR>

  2. #2
    Join Date
    Dec 1969

    Default RE: ASP scripting and Security

    Matt: What I would do to make this more maintainable I would store their admin info in a admin table then verify their login/password & retrieve the field you setup with their security codes.. like a varchar field with double digit alphanumeric codes that represent different securities. <BR><BR>But storing their user level in a session is okay but would be better with a application variable. Using a cookie would be a disadvantage as far as security goes, the session or app variable is very small on resourses and just kill it at the end of the session. set var = nothing to free up more memory.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts