passwords in the source?
am 16.10.2007 22:02:31 von jp2code
I've got some files that are not very sensitive. Mostly history files from
email sessions using our contact forms.
I'd like to password protect these files so that if someone happened to get
a link to it, they couldn't start passing it all around for anyone to read,
and I certainly wouldn't want the link to find its way into a Google search!
I've thought about creating a password string that I could hold in the <%
[code] %> portion of my .asp pages. Then, if someone tries to open a history
file, they are first prompted for a password. If it matches what is in the
<% [code] %> section, they get in.
I just feel like my password is left out in the clear if I include it as
part of the asp code.
Is this way ok, or bad?
Is there a better way?
What is a good, simple way to implement this? If someone knows of an example
application somewhere, I'd be happy to see that link.
Re: passwords in the source?
am 16.10.2007 23:13:51 von Anthony Jones
"jp2code" wrote in message
news:upnv79CEIHA.4228@TK2MSFTNGP02.phx.gbl...
> I've got some files that are not very sensitive. Mostly history files from
> email sessions using our contact forms.
>
> I'd like to password protect these files so that if someone happened to
get
> a link to it, they couldn't start passing it all around for anyone to
read,
> and I certainly wouldn't want the link to find its way into a Google
search!
>
> I've thought about creating a password string that I could hold in the <%
> [code] %> portion of my .asp pages. Then, if someone tries to open a
history
> file, they are first prompted for a password. If it matches what is in the
> <% [code] %> section, they get in.
>
> I just feel like my password is left out in the clear if I include it as
> part of the asp code.
>
> Is this way ok, or bad?
>
> Is there a better way?
>
> What is a good, simple way to implement this? If someone knows of an
example
> application somewhere, I'd be happy to see that link.
>
Is this your server or is the site hosted by a third party?
On your own server it would be a simple matter of just turning off anonymous
access and turning on Windows Integrated security.
--
Anthony Jones - MVP ASP/ASP.NET
Re: passwords in the source?
am 16.10.2007 23:38:25 von jp2code
No, it is a hosted site. The server is not mine.
"Anthony Jones" wrote:
> Is this your server or is the site hosted by a third party?
Re: passwords in the source?
am 17.10.2007 09:20:21 von exjxw.hannivoort
jp2code wrote on 16 okt 2007 in microsoft.public.inetserver.asp.general:
> I've got some files that are not very sensitive. Mostly history files
> from email sessions using our contact forms.
>
> I'd like to password protect these files so that if someone happened
> to get a link to it, they couldn't start passing it all around for
> anyone to read, and I certainly wouldn't want the link to find its way
> into a Google search!
>
> I've thought about creating a password string that I could hold in the
> <% [code] %> portion of my .asp pages. Then, if someone tries to open
> a history file, they are first prompted for a password. If it matches
> what is in the <% [code] %> section, they get in.
>
> I just feel like my password is left out in the clear if I include it
> as part of the asp code.
>
> Is this way ok, or bad?
>
> Is there a better way?
>
> What is a good, simple way to implement this? If someone knows of an
> example application somewhere, I'd be happy to see that link.
<%
if request.form("pw") = "blahblah" then
session("ok")="ok"
end if
if session("ok")="" then
%>
<%
response.end
end if
%>
You are in!