How tight is this password protection?
Hi
I'm looking for a little clarification on whether my password
security is
robust enough.
I am using asp/vbscript on a windows server
I always POST variables from the form to the asp script, I
then use
something like vMYPIN=request.form("pin_number") to get the
pin that the
user typed
in. I then use some sql to see if that pin exists in the
database, and
if it does then i use session("PIN")=True to set the session
variable.
On subsequent pages the first line is if(session("PIN") then
page is ok
else redirect to logon page.
I hope that covers what i do, would really appreciate some
feedback on
whether this is a good and secure method.
Many thanks for this that has certainly helped me a lot
"Lionstone" <[email protected]> wrote in
message
news:[email protected]...
>
> "dave" <[email protected]> wrote in message
> news:[email protected]...
>> it's a mysql database of delegate data.
>>
>> I've been reading things about sql injection attacks
and have become a
>> little anxious about my site security.
>>
>> Are my methods secure or what should i be doing?
>>
>> Thanks for your reply
>
> This type of security and SQL injection are not really
related.
> In any case, session variables are your best option
since they reside on
> the server. If someone has server access, then you've
got bigger problems
> to solve.
>
> If the user needs some sort of username/password
combination, then it's
> best to have an SSL certificate and to use https during
login. If you use
> normal http, then the username/password are transmitted
in plain text.
> Nothing is perfect, but a combination of https and
session-based security
> is about as good as you'll get on the web.
>
> Rather than just check for somevar=true, consider
storing the username in
> a session variable (which is what DW's log in user
behavior does). That
> way, should you desire, you can even tell who did what
instead of just
> that "a logged in user" did something.
>
> As far as web security goes, protecting against SQL
injection is at least
> as important as controlling access. Beating SQL
injection is simple, but
> don't confuse simple with "very little work." There is
only one rule -
> validate, validate, validate. Client-side (javascript)
validation is
> useless for security purposes. You can use it as a
front-line option so
> the user doesn't have to wait for the form to submit if
they've made an
> honest mistake, but that's all it's good for. Validate
again on the
> server. Validation consists of two parts:
> 1. Data type
> 2. Data domain
>
> Data type is easy; you can use isNumeric, isDate, etc.
Data domain will
> take more thought. This is where you protect against
people entering
> in -1 for age, for instance, or Jan 31, 1799 as their
birthdate (and no,
> you can't rely on your form since anybody can build a
form that submits to
> YOUR web site). Also check string lengths - if a text
box allows up to 50
> characters, check the length of the input to make sure
it's no more than
> that.
>
> Last step - use prepared statements for your SQL. This
often means stored
> procedures, but doesn't have to. DW with the 8.02
updater will use
> prepared statements, so look at the code generated by
any of the server
> behaviors for the basics.
>
> Again, nothing and nobody is perfect, so make sure that
the account used
> to access the database has minimal permissions - exactly
what it needs,
> and not one drop more. I prefer to leverage stored
procedures for this;
> if the web account is allowed to take an action, then
there's a procedure
> for it. The account has zero permissions on any tables
and cannot do
> anything besides execute those procedures I've given
permission for.
>
> Hope that gets you started. :)
>
Similar Messages
-
How do I open password protected email attachment?
Does anyone know how to open a password protected attachment in email.
My email will not download the attachment if it is password protectedI have the same problem. When a password protected attachement is sent to my iPhone, there is no icon attached, only the code in the email. However, it's normal when I view the email with my PC (Fire Fox or IE). The same thing happens on the iPhone 3, 4 and iPad 3. If a PDF file is not password protected, the PDF icon appears and all I have to do is click on it and it opens. Does anyone have any ideas? Apple Support is clueless on this one.
-
How to import a password protected p12 certificate to keystore?
Hi all,
I am new in java security programming.
And I got something very urgent need your help..
How to import a password protected p12 certificate to keystore programmatically?
Does anyone have sample codes on this issue?
thanks very much
WyanHi omslion,
I responded to a similar post from you (and moved it to the Acrobat forums). Password protecting a file requires Adobe Acrobat. You are welcome to download a free 30-day trial of Acrobat. For more information, see www.adobe.com/products/acrobat.html.
Best,
Sara -
How to setup a password protection in my wireless airPort?
How to setup a password protection to my wireless AirPort?
To configure the AirPort base station for wireless security, you will need to use the AirPort Utility.
AirPort Utility > Select the AirPort > Manual Setup > AirPort > Wireless tab
Wireless Security: <None | WEP (Transitional Security Network) | WPA/WPA2 Personal | WPA2 Personal>
Wireless Password: <enter your desired password>
Verify Password: <reenter your desired password> -
How to split a password-protected PDF file?
There is a tutorial to let you know how to split a password-protected pdf file, check in here:http://www.kvisoft.com/tutorials/split-a-password-protected-PDF-file.html
Yup. You all are right. I ordered Adobe Acrobat today and the order is still processing. I can get to Adobe Acrobat.com but that too does not work. I guess I will have to wait until my order is processed before I get the keys to the kingdom. Thanks for your help and please forgive my ignorance.Regards,Bob
-
How do I remove password protection from a PDF file in Adobe Reader
How do I remove password protection from a PDF file in Adobe Reader?
PDF security can only be implemented or removed using Adobe Acrobat.
-
Want to play tv shows purchased on iPad on Apple tv. When I touch icon for apple tv and choose "apple tv" it asks for an apple tv password. We have never set up any password and can't get past this screen. Does anyone know how to find this password?
You can remove the Airplay password from the Settings menu on your AppleTV.
-
How robust is PDF-Password protection? Does it also work for PDF/A?
Several sources say that PDF passwords can be removed with appropriate software. Is this true?
Can I also protect a PDF/A with a password? If not, how can I be sure that I can still open a regular password protected PDF in 10 years from now?
Many thanks.Actually PDF/A is specifically designed to guarantee that the documents can be read in the distant future (barring global destruction, end of reality as we know it, alien sheep invasions, etc.)
While we cannot predict which vendor will be providing the software to do it, or how the data will be stored by then (holographic data mice are still in beta) the PDF/A standard is designed to do two very important things:
The standard is open, so the structure of a PDF/A file can be interpreted by anyone who can open it and compare the contents to the standard (which itself is also published in PDF/A). It's basically a text file with lots of symbols in it.
PDF/A forbids any encryption or licensed algorithms (e.g. H.264) that could be impossible or illegal for a future viewer to use, for example if a password is lost or the inventor of a proprietary algorithm goes crazy and cancels all the licenses.
Combined, these points make PDF/A impossible not to be parsable. It may end up projected directly into your brain by the aforementioned holographic data mouse, but you'll be reading it all the same.
MichaelKazlow wrote:
As to your ability to open a secured password in 20 years from now? Heck there is no guarantee that your non-secured pdf file will be readable in 20 years. With PDF/A your chances are pretty good as it uses standards based file format, but there is no guarentee that Adobe or any other company doing business today will be in business 20 years from now. -
How to creat a Password Protected Folder
Hi
I was wondering how do I create a single folder that contains all of my passwords (Banking ...etc) that only I have access to - I would like to password protect this foder and if possible have the information inside encripted.
I was looking into security vault - but I'm afraid it encripts all the folders on my Mac. I just want to create a single folder - everything else should be as it was.
Any help is greatly appreciated
ThanksCreate a password-protected (encrypted) disk image
1. Open Disk Utility at /Applications/Utilities.
2. Images>New>Blank Image... or click the "New Image" button in the Toolbar.
• go to step 3
2a. To encrypt an existing folder..
• Go to...Images>New>Image from Folder.
• In the dialog window, select the folder and press "Open"
3. Type and/or select from popup window .....
• Name • location • Format
• Size (no size option for folder)
• Encryption .....AES-128 must be selected
4. Click the "Create" button ..... or if Image from folder was used, click "Save"
5. Enter and verify your password when prompted and click "OK".
6. The .dmg will appear on the desktop and the left pane of Disk Utility.
•Important...If you forget the password, the data stored will be lost.If you save your password in the keychain file, it will be available to you there.
An easy way to password-protect certain folders
To password protect a specific folder in any version of OS X, if you're an administrator, simply change the permissions in the "Get Info" box so that the folder is owned by the system. You'll be prompted for a password. To access the folder again, just change the ownership back - and it will require a password to be made accessible.
Secret Folder lets you conceal a folder and its contents.
http://apimac.com/secret_folder/index.php -
How to Undo A Password Protected Folder
I have a folder on my computer that is password protected. However, I forgot the password. The folder contains very improtant information and I need to unlock it. How do I do this?
The password only keeps them from opening the folder without the password. If they have access to the account, then they have the same abilities as you to install or delete files or folders.
If you don't want someone messing with your data, then they should have their own account on the computer and log out of yours when your done. You can create an account each of the other family members, or create one account for the rest of the family to use and one for you. That way you can restrict what they can and can't do on the computer such as installing applications, etc. -
How do I encrypt/password protect an external drive?
Hey, I have over 80 gigs of music saved on an external hard drive I use with my MBP. I take this disk to different studios, etc and want to make sure that I am the only one who can access the external drive when it is plugged into a computer. Is there a way to encrypt/passwork protect an entire external drive? I looked into the disk image thing, but as far as I can tell there are space limitations with this (or am I wrong)?
I would really appreciate anyones help with this. Thanks.If you want to password protect a folder ...
Launch /Applications/Applescript/Script Editor
Paste this in:
on opening folder This_Folder
repeat
tell application "Finder"
set dialogresult to display dialog "Restricted Folder. Please enter the password to access folder:" buttons {"Ok", "Close"} default button 1 default answer "" with hidden answer
copy the result as list to {PWText, button_choice}
set button_choice to the button returned of dialogresult
if button_choice is equal to "Ok" then
set PWText to the text returned of dialogresult
if not PWText = "your password" then
display dialog "Access Denied" buttons {"Ok"} default button 1
else
display dialog "Access Granted" buttons {"Ok"} default button 1
exit repeat
end if
else if button_choice is equal to "Close" then
tell application "Finder"
close folder This_Folder
exit repeat
end tell
end if
end tell
end repeat
end opening folder
Click 'Compile' then 'Save As'
(Where it says "*your password*" insert the one you want)
Then CTRL-click on a folder / (Enable Folder Actions if not on) / Configure Folder Actions / Activate and select your script. -
Acrobat 8.1 and C# - How can you detect password protected PDF files?
I am modifying our existing C# code that opens PDF files. But when ever we hit a password protected file, we are prompted for a password. This is an automated process, so if we detect a password protected file, we move the file to a manual processing folder to be processed later.
We are using Acrobat 8.1 Standard.
Our code looks like this:
using
System;
using
System.Collections.Generic;
using
System.Linq;
using
System.Text;
using
Acrobat;
using
System.IO;
using
Word = Microsoft.Office.Interop.Word;
using
System.Reflection;
AcroApp app = new AcroApp(); app.Hide();
try
if (app != null) {
app.CloseAllDocs();
AcroAVDoc av = new AcroAVDoc();
if (av.Open(filename, "Test") == true) {
AcroPDDoc doc = new AcroPDDoc(); doc = (
AcroPDDoc)av.GetPDDoc();
doc.Save((
short)Acrobat.PDSaveFlags.PDSaveFull,
Utilities.GeneratePath(FileVersion.TEMP) + fi.Name.RemoveFileExtension() + ".PDF"); doc.Close();
catch (Exception ex) {
ErrorLog.LogError(filename.RemoveFileExtension(), ex); }
finally
app.CloseAllDocs();
app.Exit();
This works great for non-password protected PDF files, but it prompts for a password if the file is password protected. I was looking at the FileOpenEX functionality, but I can not find the reference to bring into my C# project. It looks like it is only for C++, since I could only find C++ examples.
Any help would be appreciated.
Thanks,
TomThere are no methods in the Acrobat SDK for C# for what you wish to accomplish.
-
How to open a password-protected PDF in Safari on iPad(3)?
I have some password-protected PDFs available on my public-facing website (hosted by MS Office365) that I'm unable to open in Safari on my iPad(3). When attempting to open these files using Safari on my iPad, I receive a grey screen with no presentation of the Adobe Reader "insert password" dialogue box. I do have Adobe Reader installed on my iPad. These PDFs do open on my PC with both IE9 and Safari. I can also open these PDFs on my iPad independent of using Safari. And, I have some non-password-protected PDFs on my website that open using Safari on my iPad. The problem seems to be uniquely associated with the combination of 1) a password-protected PDF, 2) Safari, and 3) the iPad(3). Does anyone have a solution to this particular situation?
Someone on another forum said you can with the app Goodreader Lite, but I haven't gotten to try it yet. I will let you know in about 45 minutes.
P.S: Or this sounds even better - http://discussions.apple.com/thread.jspa?messageID=11780778�
Message was edited by: compwiz1202 -
How to convert a password protected pdf file?
How do I convert a password protected pdf file to Word?
Yup. You all are right. I ordered Adobe Acrobat today and the order is still processing. I can get to Adobe Acrobat.com but that too does not work. I guess I will have to wait until my order is processed before I get the keys to the kingdom. Thanks for your help and please forgive my ignorance.Regards,Bob
-
How to open a password protected PDF file on the iPhone
I've got a PDF file that is password protected and I transferred it to my iPhone using Air Sharing. When I go to open it, it asks for the password which I enter, but then it closes the program and doesn't open the PDF. Any ideas? Thanks
Someone on another forum said you can with the app Goodreader Lite, but I haven't gotten to try it yet. I will let you know in about 45 minutes.
P.S: Or this sounds even better - http://discussions.apple.com/thread.jspa?messageID=11780778�
Message was edited by: compwiz1202
Maybe you are looking for
-
Could not complete the smart sharpen command because there is not enough memory (RAM)
Hi, I'm trying to complete the AutoSharpen (Filter->Sharpen->AutoSharpen) feature but, i'm getting the following error when i click on "Ok". Error in Dialogue Box "Could not complete the smart sharpen command because there is not enough memory (RAM)"
-
Customization of Plant change for line items.
Hi , My requirement is to customize the plant determination for line items. Is there any Function module or any code to ensure this functionality. Please help. Regards Harish
-
TS1368 error in accessing iTunes Store Ox80092013
I have purchased an HP 5750, installed Home Premium, and Norton 2013 IS. My proxy server is American Family Online web browsing filter. I am able to get to iTunes through the proxy server, but as soon as I login to it I get the message, "Error in acc
-
Is Essbase 11.1.2 save text data?
Is Anyone know if Essbase 11.1.2 save text data? or it same as elder version just save a numeric code that link to RDBMS data on Hyperion Planning Thanks
-
How are VIs stored in 2010 .exe files?
Using the 8.x file structure, the VI's were all packaged such that you could access them with <Path>\<Application.exe>\<VIName.vi>. I just converted a project using 2010 and am trying to use the new file layout. However, it seems that the VIs are in