By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
425,967 Members | 815 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 425,967 IT Pros & Developers. It's quick & easy.

Whats the most secure way of password protecting pages?

P: n/a
edd
Ive seen a few examples of how to password protect my pages by either
textfiles / access. But how can I make the pages so that no one can just
enter the url and bypass the login page.

Im trying to create a shop site and im trying to create a maintenance page
that only I have access to so that I can look at my database status without
having to open the database directly. I need these pages to be completley
locked from anyone but me.

Cheers.
Jul 19 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hello,

edd wrote:
Ive seen a few examples of how to password protect my pages by either
textfiles / access. But how can I make the pages so that no one can just
enter the url and bypass the login page.


In the page where you check the validity of the login and password, set a
session variable to a given value.
On top of every page, make a test on this session variable.
If the session variable has the expected value, display the page, if not,
redirect to the login page.

HTH
Yan

Jul 19 '05 #2

P: n/a
IPT
You can use many ways. Perhaps, easiest way would be:
1. Code you page to check session/cookies
2. If not valid, disallow entrance (redirect to other page)
3. You can use password and username matching, which may be stored in your
database, or hardcoded.

So, only ppl who know your username and password, would be able to access.
Example scenario: Web-based email service. Login before read email.
"edd" <ed*@homeonethe.net> wrote in message
news:aE************@newsfe1-gui.server.ntli.net...
Ive seen a few examples of how to password protect my pages by either
textfiles / access. But how can I make the pages so that no one can just
enter the url and bypass the login page.

Im trying to create a shop site and im trying to create a maintenance page
that only I have access to so that I can look at my database status without having to open the database directly. I need these pages to be completley
locked from anyone but me.

Cheers.

Jul 19 '05 #3

P: n/a
Perhaps have a login page that asks the user for his username and
password. And whatever page that posts to (which could be the same page
for a self posting form) tests these fields against what is in the
database, sets the username and userlevel session variables accordingly,
and then redirects to the proper page - i.e. back to the login page if
the password is wrong (perhaps with a JavaScript popup saying wrong
username/password combination) or to the main menu page if the password
is correct:

Session("UserName") = objRS("UserName")
Session("UserLevel") = objRS("UserLevel")
Response.Redirect "mainmenu.asp"

Then you can use If Then's or Select Case on each page to control
whether a user is allowed to actually be there and whether particular
links of where a user can go actually show up.

If (Session("UserLevel") <> "Admin") And (Session("UserLevel") <>
"Regular") Then
Response.Redirect "login.asp"
End If

Best regards,
J. Paul Schmidt, Freelance ASP Web Designer
http://www.Bullschmidt.com
ASP Designer Tips, ASP Web Database Demo, Free ASP Bar Chart Tool...
*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 19 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.