469,950 Members | 1,934 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,950 developers. It's quick & easy.

ASP Admin system pointers

Hi All

I've been creating a number of admin systems now for my classic ASP sites
and although they seem to keep the wolves from the door, I just wanted to
ask if you have any additional security pointers that I should watch out
for.

For your ref, the ones that I have already been told are:

a) Always have a login/password section in place and use session vars to
allow access into the protected pages. If the browser won't work with
session vars then they can't get in and the end user will have to sort it
out to get session vars to work. NOTE: my ISP charges for HTAccess
functionality so I don't use this.

b) Put login and protected pages in an obscurely named sub-directory.

c) When on the live site, make sure the pages are set to On Error Resume
Next so that no unwanted database error messages are shown to the user.

Any more?

Should I expire the pages so that web logs can't log the referrer (ie the
end user goes from the admin system to somebody's else site) and don't
appear in a web site's history? Is this actually possible?

Many thanks for any pointers you can give.

Regards

Robbie
Jul 22 '05 #1
0 1050

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Smitro | last post: by
9 posts views Thread by Andy Sutorius | last post: by
reply views Thread by Egyd Csaba | last post: by
11 posts views Thread by AnhTai | last post: by
13 posts views Thread by walterbyrd | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.