Hi list.
Bit quiet round here aint it??
I'm researching the best approach to take for an ASP-driven login system
for
a web project I have coming up. It's nothing major, just providing a login
for members only areas and the ability to create new accounts.
I've done this a few times before but was wondering if my approach is the
best way:
I have a database with the relevant login details stored on the web server
but it is in a folder outside of the hosting folders. The ASP scripts can
access this database using the file system of the physical machine
(basically dropping out of the hosting folder to an alternative location on
the server's drive) but you can't access the database through an URI.
I then retrieve the relevant record based on username and drop the password
into a variable. This variable is compared to password input to check it's
the same. If everything's OK then I set an ASP session cookie and proceed
into the members area.
Every page in the members area checks the state of this session cookie
before it processes anything. If the cookie isn't valid then the pages
redirect to the login page.
Now this has always worked fine for me because I've never needed
particularly secure systems. By having the user database in a physcially
different drive location to the hosting folder does prevent you downloading
the thing via an URI so I'm OK with that, but can you get at its content
any
other way? SQL injections?
So, as I said, I'm after tips and suggestions on best practices.
TIA!
MOU
___________________________________________________________
Now you can scan emails quickly with a reading pane. Get the new Yahoo! Mail. http://uk.docs.yahoo.com/nowyoucan.html
____ The WDVL Discussion List from WDVL.COM ____
To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] or
use the web interface http://e-newsletters.internet.com/discussionlists.html/
Send Your Posts To: [email protected]
To change subscription settings, add a password or view the web interface:
http://intm-dl.sparklist.com/read/?forum=wdvltalk
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
