Re: Question regarding bypassing security
- From: "Robbe Morris [C# MVP]" <info@xxxxxxxxxxxxxxxx>
- Date: Sun, 10 Apr 2005 23:04:42 -0400
That is a HUGE security risk. So much so that microsoft.com
won't let you authenticate to windows like that anymore.
--
2005 Microsoft MVP C#
Robbe Morris
http://www.robbemorris.com
http://www.masterado.net/home/listings.aspx
"tim almond" <vv@iijjhh> wrote in message
news:OWI7FDSPFHA.1884@xxxxxxxxxxxxxxxxxxxxxxx
>I currently have a system where the client has a login page which has a SQL
>server database behind it and does authentication.
>
> The client wants to have a page which can be logged into by passing a user
> ID/password into the URL. I also need the system to say that if there is
> no user ID/password, it needs to check the session status.
>
> The best approach I can think of is to drop any role requirements off this
> page but when the page load, manually do a check on the login credentials
> passed in the URL against the database and if OK (or if there is already a
> session), create a session and continue.
>
> Any other cleverer ideas than that?
>
> Thanks in advance.
.
- References:
- Question regarding bypassing security
- From: tim almond
- Question regarding bypassing security
- Prev by Date: Re: spoiled by visual web developer 2005
- Next by Date: Re: Update Access Memo field from ASP.NET
- Previous by thread: Question regarding bypassing security
- Next by thread: Control panel visibility inside datagrid
- Index(es):
Relevant Pages
|
