Wrox Programmer Forums
| Search | Today's Posts | Mark Forums Read
Classic ASP Basics For beginner programmers starting with "classic" ASP 3, pre-".NET." NOT for ASP.NET 1.0, 1.1, or 2.0
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Classic ASP Basics section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old September 3rd, 2003, 11:03 AM
Registered User
 
Join Date: Jul 2003
Location: , , USA.
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default URL address Security

Hello All,

I have created a web report where user types his/her ID, a page checks and if there is a match the report is displayed. The problem I have is when the report is generated the URL address is something like this: http://companyname/reports/reports.asp?name=123. With this, when the user changes the 123 to say 124, it displays report for the user with ID 124. How do I stop this from happening? I posted this topic before and got one response but that didn't help. Thanks!


 
Old September 3rd, 2003, 01:06 PM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , USA.
Posts: 141
Thanks: 0
Thanked 0 Times in 0 Posts
Default

use POST instead of GET so that the '123' is posted to your report and no across the address bar like GET does.

Chris
 
Old September 4th, 2003, 04:34 AM
Friend of Wrox
 
Join Date: Jun 2003
Location: , , United Kingdom.
Posts: 1,212
Thanks: 0
Thanked 1 Time in 1 Post
Default

Why don't you do the checking in the page that actually displays the reports. That way if they change the name it won't let them view it. I don't think changing to POST will help much - someone could easily set up an HTML form that POSTs 124 to your address.
 
Old September 5th, 2003, 07:23 AM
Registered User
 
Join Date: Jul 2003
Location: , , USA.
Posts: 9
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Thanks, pgtips, I did the check at the report page and it worked.





Similar Threads
Thread Thread Starter Forum Replies Last Post
How do i encoding a url address kevo PHP How-To 3 July 17th, 2007 03:29 AM
Grab url address Mantis Pro PHP 3 December 23rd, 2005 09:04 AM
Print an web page without URL address rekha_jsr Servlets 1 September 16th, 2004 05:15 AM
URL address security CMensah Classic ASP Basics 1 August 7th, 2003 02:53 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.