By Passing Security Login

[rdrunner40]

Hello there

I have a little problem (again). I thought i had been clever and created a secure area for our intranet until another user came along and after entering the correct user name and password and having it verified by the ASP Database he was passed along to the secure area - only for the user to highlight the curent secure page copy the details to the clipboard and then be able to close the intranet totally. Open a new Browswer window and then paste in the details from the clipboard and bypass all the security i had previously built in.

Imagine my despair at this ....

Can anybody help or tell me where to go to disable this feature or how to fix it so it cannot be used.

I am using Fronpage 2000, IE6, XP Pro the current script i use is vbscript and ASP pages with a DSN connection on the server.

regards

Murray Warner

 

[Vragabond]

Your problem is not html. Html cannot be secure, its contents are always public. You can limit access to some pages using server side scripting and since you are using asp already, that's where you should direct your questions: ASP Forum

 

[manarth]

Session management is the key: you can time limit sessions (users MUST logon every xx minutes).

Because HTML is stateless, webapps use tricks like cookies or URL re-writing to remember users. This means that - for as long as the server will accept that cookie / special URL - any browser presenting those credentials will have access.

Authorisation is a huge minefield, and there are hundreds of implementation methods depending on need.

Sorry to have no ready answer - hopefully the ASP Forum will have readier application-specific advice.

<marc> i wonder what will happen if i press this...[ul][li]please tell us if our suggestion has helped[/li][li]need some help? faq581-3339[/li][/ul]