Results for "Category: Security"
Need Security on your site. No need for global files or dll's, this DSN-Less Username and Password example is done using VBScript and ASP. It not only checks for authentication but sets a session for different levels of usergroups. This code was expanded based on several email received asking how to do more with it. Enjoy!!!
Prevent unauthorized viewing of website javascript and style sheet files. Simply rename all your style and javascript files to the .asp extension. Then include the validate_view.asp file at the top of each file. Open the validate_view.asp file and change the top the constants to those required. Then finally call the procedure name "validate_view" with the current files content type as the parameter.
Simple way of preventing access to your client side javascripts and even style sheets
Users can submit their Username, password, and E-Mail address to register for your site! You can then use a password/username checker from this site to see if the logged in correctly!
Provides your site with security. A login and password, with the ability for the user to change their own password. It uses a DSN-less Access database so that you do not need to set up a DSN on the server.
MyLogin is created entirely in ASP. With just a few simple steps you can password protect any of your pages without knowing how to code ASP (But it Helps!) You can assign individual access levels or you can assign Group access levels. You an also assign Expiration Dates on Groups or Individual Levels. MyLogin uses a DSNLess Access database so you will not have to set up an ODBC. Best of all MyLogin is absolutely FREE!
Requests users to login to website with NT Account.
Authenticates a user to make sure if they have previously logged into the site. Requires Session("UserID") to be populated. This usually represents the Users ID within a data base. (Users.UserID) If a user is not loged in, they are redirected to a page to attempt a login. This is useful when the ability to "Auto-Login" has been enabled to use previously saved login information in the users cookies. When a user is redirected to the login page, The URL they were attempting to view is passed along in the Query String along with the reason why they need to login. If the user was posting data to the protected page (perhaps a session timed out), then the previous page they were posting from is sent as the URL that the user is redirected to after they have successfully logged in. This is done to help reduce errors when visiting a page that expected posted form data.
This simple file (2 files including the text file of usernames/passwords) allows password protection of web pages. It was created with 2 thoughts in mind: 1. User does not need access to the web server the script resides on (NT authentication is impossible unless you own the Web Server) 2. Needs no database access.
Securing Your IIS Web & Content With Access MDB Based User Security (Simple Yet Comprehensive) This past week, I sat down to tackle the chore of securing my personal IIS web server... specifically, my web app I previously posted here (MP3Tool.Web). It was a learning experience to say the least, and so I thought I'd zip up my work and share that experience with the rest of you. The Chore: secure an IIS web or entire server via user logins. The Solution: the magic of my security approach is achieved by making use of the Global.ASA file and sessions. As it's name implies, it functions as something of a global over all the other asp pages on a web site. You can find documentation on the global.asa posted here on psc, so I won't repeat those details here (and the rest of this assumes you know what global.asa is). My security approach makes use of the Session_OnStart on event. It is triggered the first time a user tries to hit an ASP page on your site... and occurs BEFORE the target asp page is served up by the server. This is key to making this approach work. When a session is first started, a number of activities take place. 1) a connection to the database is established (held as an object in the session at the top of the page) 2) the "hit" is logged in the database by IP # and date 3) we test to see if the IP # has been "banned". If it has, I came up with a pretty slick way to implement the ban. Attached in this zip is a VB project for my ResponseHelper com object (my solution to my problem expressed in my previous post, MP3Tool.web, about streaming back binary data back directly on the asp response). In this case, we're not streaming back a binary persay, but an HTML page that looks and works exactly (with 1 smiling exception) to the Server Not Found page IE serves up. Because I use the com object to stream the file back, rather than a .Redirect, the end user is none the wiser (their browser location never changes). =) 4) this part is probably optional, but then I put in a browser check to ensure that IE is being used by the client. =) 5) we test to see if a specifically named cookie exists on the client. This cookie is used to "persist" a user's login... much the same way your developer login is persisted (if you so choose for it to be) here on psc. 6) if no cookie was detected, then we test to see if the Login.htm form is being posted. While the "target" of the Login.htm page is the Login.ASP page, we actually intercept and process all logins in the Global.asa file. Login.asp file theoritically should never actually be hit.
(Because of an error at PSC i had to re-upload this article :-S) This method can be used to authenticate users by letting them entering their email address and password. This method is highly secure due to its use of the MD5 algorithm to send the password encrypted. Provided security is better then the basic authentication featured in most browsers, and can be used in combination with HTTPS.
Sorry guys, my first submission! Didn't realize it read my article as html! Please read it again. Ta. I was looking at password protection, and found nothing like this. It uses a file name as the password, with the file extension. The code searches the current directory on the hosting server for the file, and takes appropriate action.
My first ASP project: a login page. It uses a database to verify usernames and passwords. Also includes registration ability. Comment is supplied so that less experienced programmers can also understand the code. PLEASE VOTE IF YOU LIKE THIS CODE!
Encrypts and Decrypts strings on a webpage. Source is hidden from the user, so that a cracker can only guess about the algorythm.
IAO login is an authorization suit, which enhances the security of your private pages. It uses best security algorithms to protect your data and pages from cracker. It uses GIMPY Captcha to fight against Spam Bots and automated submitting. Users can login even in cookie disabled browsers. Feel free to manage your users at administration panel and send newsletters to your users. Add more administrators and describe their role. It doesn't use ANY DLL and hence easy to install and use own various web servers.
A.L.F.G is a sort of anti-leech technical, which mainly based on Browser Referrer and Cookie checking technologies. The advantage of A.L.F.G identifying to others is that A.L.F.G process file requirement as a transparence file gateway, whereas other anti-leech technologies need to cooperate with additional files. Also, A.L.F.G record every leech attempt and traffic byte, those record and setting can be viewed or checked in a Integrated console which come with the A.L.F.G. FOR DEMO OR FUTURE VERSION RELEASE PLEASE REFER TO http://www.21code.com/alfgate/index.php Please Give Me Credit Where Credit Is Due! Thanks!
Hopefully aiding in writing more secure PHP scripts.
Crypt and decrypt a string without the standard PHP functions.
Use this code for secure pages on you're website. You have to login with a username and password, the code will check if the user excists, if so the code will generate a unique sessionid and save that sessionid into the database. On every page that you want to secure this code will first check if the sessionid is in the temptable. So no changes for hackers! After unzipping the files first open ReadMeFirst.txt!
New version. This will detect any suspicious open socket that the user is running and if found in an array, it will not let the user proceed to the website, with the ability to allow certain hosts to pass the scan, and disallowing certain hosts completely. You can define a redirect page to redirect the user to upon open socket.