"farsad nasseri" wrote in message
news:B5**********************************@microsof t.com...
: I'm trying to design a web application where people can create user Ids
and
: passwords while signing up and then use that information to login to an
: account. (I know, very basic). I just can't get my mind around how to make
: this system most secure. the user id and password is verified at the time
of
: logging in and at that point, I would like to create something like a
session
: key before openning the new page. I basically don't want to start the new
: page by passing regular parameters through the URL because that's very
easy
: to manipulate and break. Can someone give me some information about
creating
: a secure system like this and/or forward me some useful sources?? btw..
I'm
: using, IIS as my server, ASP.Net and VB.Net.
While it may seem to be a simple process, there is quite a lot involved to
make a complete solution. This include but may not be limited to:
verifying username does not exist before registering new user
email address confirmation
email verification before completion mailing autogenerated random link to
complete email verification
verification checking for lost passwords with pass phrases
visitor tracking for support and security
privacy notices re: user information being stored
Also, this is a Classic ASP newsgroup. You're going to have a better chance
getting answers in a .NET newsgroup.
--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center -
http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation -
http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library -
http://msdn.microsoft.com/library/default.asp 
