Re: Dumb Question Regarding Password & Sessions

From: Kevin Spencer (kevin_at_DIESPAMMERSDIEtakempis.com)
Date: 03/22/05 

Date: Tue, 22 Mar 2005 11:03:52 -0500

What? You have a problem with my vocabulary? It's how I talk. Sorry if it
bothers you. Perhaps I should dumb it down so that I don't offend people
like yourself.

BTW, coz u didn't give me the stuff I axed for, i can not help u more. 

-- 
HTH,
Kevin Spencer
Microsoft MVP
.Net Developer
What You Seek Is What You Get.
"Dumb Question" <anonymous@discussions.microsoft.com> wrote in message 
news:231a01c52e52$cf893980$a401280a@phx.gbl...
> "Enumerated", impressive Kevin...MVP.
>
>
>>-----Original Message-----
>>The problem with your question is that you have
> enumerated the business
>>requirements of your app, but nothing about the app
> itself. There are all
>>kinds of ways to do security, and all kinds of
> programming technologies to
>>do them with. Describing the interface of an application
> tells you about as
>>much about the app as describing the part of an iceberg
> that you can see
>>tells you about the iceberg.
>>
>>For example, is this ASP, PHP, CGI, CF, or what? And HOW
> does it work?
>>
>>-- 
>>HTH,
>>
>>Kevin Spencer
>>Microsoft MVP
>>..Net Developer
>>What You Seek Is What You Get.
>>
>>"Dumb Question" <anonymous@discussions.microsoft.com>
> wrote in message
>>news:079301c52e4d$de657e00$a501280a@phx.gbl...
>>> Okay...I cant figure this one out but then again I'm
> not
>>> much of a programmer.
>>>
>>> I have a website that the security is constructed in
> this
>>> manner:
>>>
>>> Login Page - Submits to Validation Page
>>> Validation Page - Checks database for User/Password
>>> Verified users are past to the requested URL.
>>>
>>> I have 1 database with:
>>> 1 records table
>>> 1 Admin LogIN
>>> 1 Client LogON
>>>
>>> The Admin can edit records and perform Admin duties
> with
>>> no problems.
>>>
>>> Clients can log on and view account info by entering
>>> their account name.
>>>
>>> The problem is even though the two LOGIN (Admin) &
> LOGON
>>> (Client) pages are validating the user/pass out of
>>> different tables...once validated the Client can click
>>> the Admin LOGIN link and become the Admin...obviuosly
>>> this will not work...sooo
>>>
>>> The dumb question is ...how do I fix this mess ?
>>>
>>> Would placing the Client page in a different directory
>>> make a differnce..etc?
>>>
>>> Thanks
>>
>>
>>.
>>

Relevant Pages

  • Re: Dumb Question Regarding Password & Sessions
    ... requirements of your app, but nothing about the app itself. ... > Validation Page - Checks database for User/Password ... > 1 Admin LogIN ... > 1 Client LogON ...
    (microsoft.public.frontpage.programming)
  • Re: Dumb Question Regarding Password & Sessions
    ... would be either admin or client. ... Then the secured pages can tell if it is a client ... Validation Page - Checks database for User/Password ... the Admin LOGIN link and become the Admin...obviuosly ...
    (microsoft.public.frontpage.programming)
  • Dumb Question Regarding Password & Sessions
    ... Validation Page - Checks database for User/Password ... Admin LogIN ... Client LogON ... the Admin LOGIN link and become the Admin...obviuosly ...
    (microsoft.public.frontpage.programming)
  • Re: sn.exe -Vr assembly
    ... CAS can also be disabled entirely, ... we could go so far as to say that an admin can install a modified ... and only ship to your clients the code that calls the web service. ... if you don't have any way on the client side to validate that the ...
    (microsoft.public.dotnet.security)
  • Re: Newbie question on User Priveleges
    ... The problems on the client are broad: We added an existing a machine (from ... > make the user a local admin on the machine...not a domain admin ... > We've recently stood up SBS2003 in a small and standard configuration. ... > local machine) where the database resides. ...
    (microsoft.public.windows.server.sbs)
Quantcast