Results for "Category: Security"
Checks the HTTP Referer header to ensure people are not posting from other websites. You can include this file if you use templates on your website, or just include it on the pages that receive form data posts. Warning - someone who knows there stuff can get around this by modifying there HOST file. this isn't 100% fool proof, but it may deter most from posting data from other websites.
This simple file (2 files including the text file of usernames/passwords) allows password protection of web pages. It was created with 2 thoughts in mind: 1. User does not need access to the web server the script resides on (NT authentication is impossible unless you own the Web Server) 2. Needs no database access.
Securing Your IIS Web & Content With Access MDB Based User Security (Simple Yet Comprehensive) This past week, I sat down to tackle the chore of securing my personal IIS web server... specifically, my web app I previously posted here (MP3Tool.Web). It was a learning experience to say the least, and so I thought I'd zip up my work and share that experience with the rest of you. The Chore: secure an IIS web or entire server via user logins. The Solution: the magic of my security approach is achieved by making use of the Global.ASA file and sessions. As it's name implies, it functions as something of a global over all the other asp pages on a web site. You can find documentation on the global.asa posted here on psc, so I won't repeat those details here (and the rest of this assumes you know what global.asa is). My security approach makes use of the Session_OnStart on event. It is triggered the first time a user tries to hit an ASP page on your site... and occurs BEFORE the target asp page is served up by the server. This is key to making this approach work. When a session is first started, a number of activities take place. 1) a connection to the database is established (held as an object in the session at the top of the page) 2) the "hit" is logged in the database by IP # and date 3) we test to see if the IP # has been "banned". If it has, I came up with a pretty slick way to implement the ban. Attached in this zip is a VB project for my ResponseHelper com object (my solution to my problem expressed in my previous post, MP3Tool.web, about streaming back binary data back directly on the asp response). In this case, we're not streaming back a binary persay, but an HTML page that looks and works exactly (with 1 smiling exception) to the Server Not Found page IE serves up. Because I use the com object to stream the file back, rather than a .Redirect, the end user is none the wiser (their browser location never changes). =) 4) this part is probably optional, but then I put in a browser check to ensure that IE is being used by the client. =) 5) we test to see if a specifically named cookie exists on the client. This cookie is used to "persist" a user's login... much the same way your developer login is persisted (if you so choose for it to be) here on psc. 6) if no cookie was detected, then we test to see if the Login.htm form is being posted. While the "target" of the Login.htm page is the Login.ASP page, we actually intercept and process all logins in the Global.asa file. Login.asp file theoritically should never actually be hit.
(Because of an error at PSC i had to re-upload this article :-S) This method can be used to authenticate users by letting them entering their email address and password. This method is highly secure due to its use of the MD5 algorithm to send the password encrypted. Provided security is better then the basic authentication featured in most browsers, and can be used in combination with HTTPS.
My first ASP project: a login page. It uses a database to verify usernames and passwords. Also includes registration ability. Comment is supplied so that less experienced programmers can also understand the code. PLEASE VOTE IF YOU LIKE THIS CODE!
Encrypts and Decrypts strings on a webpage. Source is hidden from the user, so that a cracker can only guess about the algorythm.
Need Security on your site. No need for global files or dll's, this DSN-Less Username and Password example is done using JavaScript and ASP. It not only checks for authentication but sets a session for different levels of usergroups. Check it out, very easy to use and to expand upon.
Prevent unauthorized viewing of website javascript and style sheet files. Simply rename all your style and javascript files to the .asp extension. Then include the validate_view.asp file at the top of each file. Open the validate_view.asp file and change the top the constants to those required. Then finally call the procedure name "validate_view" with the current files content type as the parameter.
Users can submit their Username, password, and E-Mail address to register for your site! You can then use a password/username checker from this site to see if the logged in correctly!
A file that replaces the old coder.c. Thanks to Brett Taylor. Found at http://www.cprogramming.com/source.html
Checks the HTTP Referer header to ensure people are not posting from other websites. You can include this file if you use templates on your website, or just include it on the pages that receive form data posts. Warning - someone who knows there stuff can get around this by modifying there HOST file. this isn't 100% fool proof, but it may deter most from posting data from other websites.
*UPDATED* Now uses a more recursive and less pattern oriented algorithm. Basically encrypts a text type file using a simple recursive character shift techinque. Pretty basic, but powerful.
*(UPDATED)* ADDED: -Code Re-written -Now updates file size if you no the file has been changed by a program. This program makes a list of all the .ini .sys and .com files on you hard-drive in the c:\windows directory and then calculates there size and keeps them in a log. and then every time the program starts it checks the file sizes against the logged ones to see if they differ, if they do then it tells you. I made this because virusses can sometimes alter files and hide inside them so this basicly keeps a eye on them..
This is an early version of the new password program I am working on, it saves Passwords to disk with very low level encryption and it allows you to call it with-In dos prompt with arguments. Please tell me what you think.
Have you ever fogot a password, but it is still inside your program, only that it is hidden with astricks? This source will show you how to remove those astricks and show whats really there. (see screenshot)
This program is my attempt at encryption. It's fairly secure, I think. It's definitely not a professional job, but it'll do. I devised a funky key representation/generation scheme. Check it out! Read the documentation for much more detail on how to operate it. (Tomb.txt)
This is a password script. Every charachter the user input it displays a star. the password is kcTHEgreat. Catches Control c (Taught to me by a friend :)) so the only way out is to enter the correct password. If you like and think it's secure put it in your autoexec.bat
Yet another password program!! This one takes into account the backspace key, a feature which i didn't find in the other password programs on this site.
Example of how to stream data behind a "facade" file. Stream 1M behind a 1K text file, and explorer/DIR still shows the file to be 1K. According to "Hacking Exposed 2ED" there is only one application that can find these streams.
UPDATED: UI and DLL Free REAL RSA encryption 2048 bits security library. WARNING NOTE: Use this RSA library wisely, I, Hariyanto Lim, the author, will NOT be liable for any damage of any kind caused by this FREE library. This is library is subject to export law of each country, consult your local law adviser (lawyer) before using this library for commercial purpose.