Is this PIN stored in a database somewhere, or do they have to re-enter it after it "expires"?
On Thu, 3 Jan 2008 15:54:03 +0000, Paul Cowan <[EMAIL PROTECTED]> wrote: >Hi all,I am migrating an ASP app. to an ASP.NET and have spotted a potential security hole. >Most of the app. I am securing with Forms authentication but as stands they have another requirement where by users who are just contacts who exist in the system without a username or password can access certain parts of the site which are sensitive. They have been entered in the system by importing an excel or SAP feed. They have not been created via the system and as such do not have usernames or passwords. >The way things stand at the minute, the user gets redirected to a page where they create a 4 digit pin number which allows them to access the system via another page. >This seems terrible to me. >Can anyone think of a better way of handling this situation? >Cheers >[EMAIL PROTECTED] >_________________________________________________________________ >Telly addicts unite! >http://www.searchgamesbox.com/tvtown.shtml >=================================== >This list is hosted by DevelopMentorĀ® http://www.develop.com > >View archives and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
