472,146 Members | 1,363 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,146 software developers and data experts.

ASP Admin system pointers

Hi All

I've been creating a number of admin systems now for my classic ASP sites
and although they seem to keep the wolves from the door, I just wanted to
ask if you have any additional security pointers that I should watch out
for.

For your ref, the ones that I have already been told are:

a) Always have a login/password section in place and use session vars to
allow access into the protected pages. If the browser won't work with
session vars then they can't get in and the end user will have to sort it
out to get session vars to work. NOTE: my ISP charges for HTAccess
functionality so I don't use this.

b) Put login and protected pages in an obscurely named sub-directory.

c) When on the live site, make sure the pages are set to On Error Resume
Next so that no unwanted database error messages are shown to the user.

Any more?

Should I expire the pages so that web logs can't log the referrer (ie the
end user goes from the admin system to somebody's else site) and don't
appear in a web site's history? Is this actually possible?

Many thanks for any pointers you can give.

Regards

Robbie
Jul 22 '05 #1
0 1094

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Smitro | last post: by
9 posts views Thread by Andy Sutorius | last post: by
reply views Thread by Egyd Csaba | last post: by
11 posts views Thread by AnhTai | last post: by
13 posts views Thread by walterbyrd | last post: by
reply views Thread by Saiars | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.