a security issue, feedbacks welcome

From: "Jeff" <it_consultant1@xxxxxxxxxxxxxxxxxx>
Date: Mon, 30 Oct 2006 21:58:28 +0100

Hey

asp.net 2.0

I'm creating a web site where users must login to access to secured part of
the site. When Logged in, the user can view a list of all the registered
users... each person's name on this list is their login name... I assume
this is bad, because then all the others can see what login name another
user is using...

When clicking on a user in this list, a page opens viewing this persons
public profile. When the user clicks on the user in the list I add this
user's UserName as a parameter to the URL... -> Default.aspx?user=noob... I
guess this is bad, but I'm not sure my workarround is any better: replace
username with the users Id in aspnet_Users table..... I could use POST, but
I've read POST is slow

What is your thoughts about this?

Jeff

.

Prev by Date: Refresh web page when receive a message?
Next by Date: Re: Refresh web page when receive a message?
Previous by thread: Refresh web page when receive a message?
Next by thread: Login Redirect
Index(es):
- Date
- Thread

Relevant Pages

Re: Auto-authenticate Domain Users through ASP?
... To get the NT username, ... turn off Anonymous Access on your Web site (either manually using IIS Admin ... will be presented the ugly login box. ...
(microsoft.public.inetserver.iis.security)
MySpace Data Phished and Leaked
... MySpace user login and password data has recently been ... exposed and posted online. ... researchers looking into the phishing techniques ... were quickly updated to warn users visiting the Web site. ...
(comp.security.misc)
Re: application can access by login in web site
... username and password (login) ... this username and password is not for proxy, ... the web site. ... http://mindprod.com Java custom programming, consulting and coaching. ...
(comp.lang.java.help)
RE: Back Button
... The web site contains 3 frames,. ... the top frame has a link to another external site, ... external site, but if the user decide later to go back to my web site, he always got redirected to the login page ... If I click the Back button, the code does not get executed on the server side, since, I cannot catch it neither ...
(microsoft.public.vsnet.general)
Re: Email "portal" in Python?
... > aggregator, weather forecast, comics, etc. ... > web site, think of all of it being sent daily as an email. ... I've nearly completed a 'login module' for use with Python CGIs. ...
(comp.lang.python)