Re: Dumb Question Regarding Password & Sessions

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Kevin Spencer (kevin_at_DIESPAMMERSDIEtakempis.com)
Date: 03/21/05 

Date: Mon, 21 Mar 2005 14:50:03 -0500

The problem with your question is that you have enumerated the business
requirements of your app, but nothing about the app itself. There are all
kinds of ways to do security, and all kinds of programming technologies to
do them with. Describing the interface of an application tells you about as
much about the app as describing the part of an iceberg that you can see
tells you about the iceberg.

For example, is this ASP, PHP, CGI, CF, or what? And HOW does it work? 

-- 
HTH,
Kevin Spencer
Microsoft MVP
.Net Developer
What You Seek Is What You Get.
"Dumb Question" <anonymous@discussions.microsoft.com> wrote in message 
news:079301c52e4d$de657e00$a501280a@phx.gbl...
> Okay...I cant figure this one out but then again I'm not
> much of a programmer.
>
> I have a website that the security is constructed in this
> manner:
>
> Login Page - Submits to Validation Page
> Validation Page - Checks database for User/Password
> Verified users are past to the requested URL.
>
> I have 1 database with:
> 1 records table
> 1 Admin LogIN
> 1 Client LogON
>
> The Admin can edit records and perform Admin duties with
> no problems.
>
> Clients can log on and view account info by entering
> their account name.
>
> The problem is even though the two LOGIN (Admin) & LOGON
> (Client) pages are validating the user/pass out of
> different tables...once validated the Client can click
> the Admin LOGIN link and become the Admin...obviuosly
> this will not work...sooo
>
> The dumb question is ...how do I fix this mess ?
>
> Would placing the Client page in a different directory
> make a differnce..etc?
>
> Thanks

Relevant Pages

  • Re: Dumb Question Regarding Password & Sessions
    ... Perhaps I should dumb it down so that I don't offend people ... >>> Validation Page - Checks database for User/Password ... >>> 1 Admin LogIN ... >>> 1 Client LogON ...
    (microsoft.public.frontpage.programming)
  • Re: Dumb Question Regarding Password & Sessions
    ... would be either admin or client. ... Then the secured pages can tell if it is a client ... Validation Page - Checks database for User/Password ... the Admin LOGIN link and become the Admin...obviuosly ...
    (microsoft.public.frontpage.programming)
  • Dumb Question Regarding Password & Sessions
    ... Validation Page - Checks database for User/Password ... Admin LogIN ... Client LogON ... the Admin LOGIN link and become the Admin...obviuosly ...
    (microsoft.public.frontpage.programming)
  • Mimicking ValidateRequest
    ... For our asp.net app we have ValidateRequest turned on. ... to add client side validation that mimics this validation so the users ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Are ASP.NET user interfaces essentially dead now?
    ... interactive interface work -- they are fundamentally not suited to get the ... (or whatever client you choose). ... based app interface, or I can spend 2 months for the same windowsforms based ...
    (microsoft.public.dotnet.framework.aspnet)