I've got some files that are not very sensitive. Mostly history files from
email sessions using our contact forms.
I'd like to password protect these files so that if someone happened to get
a link to it, they couldn't start passing it all around for anyone to read,
and I certainly wouldn't want the link to find its way into a Google search!
I've thought about creating a password string that I could hold in the <%
[code] %portion of my .asp pages. Then, if someone tries to open a history
file, they are first prompted for a password. If it matches what is in the
<% [code] %section, they get in.
I just feel like my password is left out in the clear if I include it as
part of the asp code.
Is this way ok, or bad?
Is there a better way?
What is a good, simple way to implement this? If someone knows of an example
application somewhere, I'd be happy to see that link.
6  1548 
"jp2code" <poojo.com/mailwrote in message
news:up******** ******@TK2MSFTN GP02.phx.gbl...
I've got some files that are not very sensitive. Mostly history files from
email sessions using our contact forms.
I'd like to password protect these files so that if someone happened to
get
a link to it, they couldn't start passing it all around for anyone to
read,
and I certainly wouldn't want the link to find its way into a Google
search!
>
I've thought about creating a password string that I could hold in the <%
[code] %portion of my .asp pages. Then, if someone tries to open a
history
file, they are first prompted for a password. If it matches what is in the
<% [code] %section, they get in.
I just feel like my password is left out in the clear if I include it as
part of the asp code.
Is this way ok, or bad?
Is there a better way?
What is a good, simple way to implement this? If someone knows of an
example
application somewhere, I'd be happy to see that link.
Is this your server or is the site hosted by a third party?
On your own server it would be a simple matter of just turning off anonymous
access and turning on Windows Integrated security.
--
Anthony Jones - MVP ASP/ASP.NET
No, it is a hosted site. The server is not mine.
"Anthony Jones" wrote:
Is this your server or is the site hosted by a third party?
jp2code wrote on 16 okt 2007 in microsoft.publi c.inetserver.as p.general:
I've got some files that are not very sensitive. Mostly history files
from email sessions using our contact forms.
I'd like to password protect these files so that if someone happened
to get a link to it, they couldn't start passing it all around for
anyone to read, and I certainly wouldn't want the link to find its way
into a Google search!
I've thought about creating a password string that I could hold in the
<% [code] %portion of my .asp pages. Then, if someone tries to open
a history file, they are first prompted for a password. If it matches
what is in the <% [code] %section, they get in.
I just feel like my password is left out in the clear if I include it
as part of the asp code.
Is this way ok, or bad?
Is there a better way?
What is a good, simple way to implement this? If someone knows of an
example application somewhere, I'd be happy to see that link.
<META NAME="robots" CONTENT="noinde x,nofollow">
<body>
<%
if request.form("p w") = "blahblah" then
session("ok")=" ok"
end if
if session("ok")=" " then
%>
<form method='post'>
You are out! Try to get in.<br>
<input type='password' name='pw'passwo rd<br>
<input type='submit'>
</form>
</body>
<%
response.end
end if
%>
You are in!
</body>
--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
I modified your code just a little, but that worked great!
Special thanks for the meta tag! I never would have thought to look there.
Thanks a lot!
"Evertjan." wrote:
<META NAME="robots" CONTENT="noinde x,nofollow">
<body>
<%
if request.form("p w") = "blahblah" then
session("ok")=" ok"
end if
if session("ok")=" " then
%>
<form method='post'>
You are out! Try to get in.<br>
<input type='password' name='pw'passwo rd<br>
<input type='submit'>
</form>
</body>
<%
response.end
end if
%>
You are in!
</body>
Gazing into my crystal ball I observed "jp2code" <poojo.com/mail>
writing in news:Od******** ******@TK2MSFTN GP02.phx.gbl:
I modified your code just a little, but that worked great!
Special thanks for the meta tag! I never would have thought to look
there.
You should also use robots.txt (Google for it). Understand that
misbehaving robots may not follow directives, so it IS a very good idea
to check server side. You can also do something like:
<a href="http://www.example.com " rel="noindex, nofollow">Some offsite
URL I want to give to my visitors, but don't want robots to follow</a>
Google and Slurp follow the above directive as well as robots.txt and
meta.
>
"Evertjan." wrote:
><META NAME="robots" CONTENT="noinde x,nofollow">
<body>
<%
if request.form("p w") = "blahblah" then
session("ok")=" ok"
end if
if session("ok")=" " then
%>
<form method='post'>
You are out! Try to get in.<br>
<input type='password' name='pw'passwo rd<br>
<input type='submit'>
</form>
</body>
<%
response.end
end if
%>
You are in!
</body>
--
Adrienne Boswell at Home
Arbpen Web Site Design Services http://www.cavalcade-of-coding.info
Please respond to the group so others can share
Thanks! I have implemented that as well.
"Adrienne Boswell" wrote:
You should also use robots.txt (Google for it). Understand that
misbehaving robots may not follow directives, so it IS a very good idea
to check server side. You can also do something like:
<a href="http://www.example.com " rel="noindex, nofollow">Some offsite
URL I want to give to my visitors, but don't want robots to follow</a>
Google and Slurp follow the above directive as well as robots.txt and
meta.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Stone |
last post by:
I have a compiled Pcode VB6 application with 1 published and 9
never-published
alphanumeric string contants embedded in the program for passwords.
The code simply has lines like this in a FORM to use as a cheap access
match.
A(1)= "sbddy-ttqxfg
A(2)= "hidvh-deehg
I started getting 50 downloads an hour and traced this back to a site
|
by: Max |
last post by:
I have a collection of system admin scripts (on Win 2k) that I would
like to automate the execution of. However, some of them require the
use of logins with admin rights, and would therefore prefer not to
store the IDs in the clear text of the source. If memory serves
correctly, the "compiled" .pyc files do not provide much security in
this area.
Are there are recommended methods for supplying scripts with login
information in a secure...
|
by: Florian Lindner |
last post by:
Hello,
I've a scripts that allows limited manipulation of a database to users. This
script of course needs to save a password for the database connection. The
users, on the other hand need read permission on the script in order to
execute it but should not be able to read out the password.
What is the common way to solve this problem?
My current way is to allow the users to execute the script with sudo while
not having read permission...
|
by: Miranda |
last post by:
Hi, I have a ASP/vbscript program that generates random passwords. The
problem is I need to insert those passwords into an Access database of
327 clients.
I have the random password program generating the 327 passwords, but
have had no luck inserting them.
===============================================
Here is the code that generates the passwords:
===============================================
<% Option Explicit %>
|
by: Dino Vliet |
last post by:
Hi folks,
probably this is a question you've heard so many times
but I wasn't able to find a solution to it.
I'm using a shell script to create a textfile for me.
It looks like
#!/usr/local/bin/bash
psql -c "select foo from bar;" -d database1 -t
psql -c "\q" -d database1
exit 0
| | |
by: Jeremy Deuel |
last post by:
Just an Idea:
In PHP, passwords for different purposes often are stored plaintext in
the source. I often wondered, how this could be prevented.
So if you have a web-project, that is access-restricted, try the
following workaround:
include this snippet into your web-project:
function polyalph_encrypt($original, $key = FALSE) {
|
by: Macca |
last post by:
Hi,
My application uses passwords to limit access to certain parts of the app. I
was considering storing these in my database but have heard that there can be
problems with this. I have heard using the Global Assembly Cache (GAC) would
be a good place.
Does anyone have any opinions on this and how would I implement the GAC
scenario?
|
by: Cord-Heinrich Pahlmann |
last post by:
Hi,
I have written a tool wich de/encrypts a few of my forum and
bloggin-Passwords.
My question is how secure it is.
The following describes how I have encrypted my passwords.
When I log in, the Login-Password is changed into a md5-Hash and is
compared to the login-password in the db. If the passwords are the same
the use is logged in (common procedure). Then the clear-text
|
by: Simon.Whiteside |
last post by:
If someone has created a database for me and transferred it over is
there any way that I can check I have full access to all areas?
I am a beginner with Access and so the development has been done by a
temporary employee who has now handed the database over to me. Not
that I think he is an untrustworthy character but I would sleep easier
at night if I could check he has given me 100% of the database and
three months down the line I am...
|
by: John |
last post by:
Hi.
I have a number of batch jobs that are ran nightly on our Windows 2000 based
Oracle 8.1.7 (soon to be 9i) server. I have these designed just right, so
the Windows Scheduled Tasks runs them and then a parser goes through the
output and, in case of errors, sends me a page...
The database is our financial system which requires users to login using
Oracle based user ID / Password.
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
|
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
