Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Microsoft: ASP (Active Server Pages) FAQ


Secure your file upload pages! by schase
Posted: 31 Mar 05

For anyone that has been writing in ASP for a period of time.  You will eventually want to make a file upload option for your users or clients.  It can easily be over looked while developing to not secure your file upload pages.

However no matter if you use an upload component (free or paid) such as:

Or create your own such as Pure ASP Upload, or using windows scripting.

Always make sure it is behind pages that check for authentication first (login page) - and make sure the upload page has authentication verification..  Recently a friend of mine tweaked his upload page, removing authentication checking during his debug process and forgot to put it back on.  Someone half a world away found it (probably through vulnerability scanners) and uploaded his own script that allowed him to view the entire drives contents and download or upload what he wished.

There are a couple of good FAQ's here about creating login pages and checking for authentication.



Double check - err on the side of caution.

Back to Microsoft: ASP (Active Server Pages) FAQ Index
Back to Microsoft: ASP (Active Server Pages) Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close