Security of a web page...

Level Extreme platform

Subscription

Corporate profile

Products & Services

Support

Legal

Français

Security of a web page...

Message

From

17/04/2000 10:28:31

Juan Flores
Nocorp
Somewhere, Virginia, United States

15/04/2000 08:14:54

Mike Azar
Micro Support Services, Inc.
Dothan, Alabama, United States

General information

Forum:

Internet

Category:

VBScript

Title:

Re: Security of a web page...

Miscellaneous

Thread ID:

00360000

Message ID:

00360370

Views:

>Correction
>
>Working on an organizational web site. Certain pages that require login, which I include this line at the top of the page
>
>#INCLUDE file="security.asp"
>
>the ‘security.asp’ page checks to see if the CusKey (customer account) session variable is set or not. If not displays the login screen or it continues on with the original page.
>
>It works great unless you pass a parameter the page like: events.asp?staff=1
>Events.asp has the #INCLUDE file="security.asp"
>
>At that point the request.querystring does not see the ?staff=1
>
>session("staffkey")=request.querystring("staff")
>
>How can I capture the parameter ?staff=1

The syntax seems to be ok. The problem that I see with your approach is that it will be too easy to bypass your login screen by typing this request on the address line.

Map

View

Click here to load this message in the networking platform