asp users security

Portal Home > Knowledgebase > Articles Database > asp users security

Posted by ashraf444, 01-01-2008, 06:05 AM
i want any users in database if he change url not pass to other user example : user1 login to databse by his user name and password and it is show in url asppagename.com/pageasp.asp?=user1 if he change user1 and write user2 he can pass to user 2 how to secure users from passing to each other
Posted by kuldeeps, 01-01-2008, 08:26 AM
You cannot prevent user1 to goto user2 by adding this value in url. I will suggest that you you use Sessions to store user info. When the user logs in, store the user in session. On the page pageasp.asp check the user value in the session. When the user logs out, clear the session variables.
Posted by Froweey, 01-03-2008, 02:50 AM
Be careful when using ASP :O. It can be easiely be used against you, to hack your database. It's better off if you use PHP and use MD5 encryption.
Posted by bear, 01-03-2008, 08:40 AM
So can PHP. No point spreading FUD like this about ASP or in fact any certain language.
Posted by ezserverhosting, 01-03-2008, 04:11 PM
You may want to use the 'POST' action instead of GET, then you don't need to worry about the queryString and URL. here is the link for the example http://www.elated.com/articles/asp-forms/
Posted by shakir, 01-06-2008, 03:13 AM
This way is wrong. There is many other ways like hidden field or session. its not good. You did nont mention about password also
Posted by Extreme43, 01-06-2008, 11:09 PM
Your best bet would be using sessions or cookies as other users have mentioned. This site (w3schools) is a great reference or starting point. To switch between user accounts you will need to first validate that the user in question is allowed to do so. Be an Administrator or other such higher ranking user. Just like PHP, ASP is a very powerful language but if used inappropriately will leave you vulnerable. YOU have to secure your applications with the methods provided, not the other way around.