Re: Web application security
From: gdp (gp014i0613_at_blueyonder.co.uk)
Date: 05/27/04
- Next message: David C. Holley: "Re: ASP page: file upload from IE"
- Previous message: tony: "nText field not showing up (ASP)"
- In reply to: gdp: "Web application security"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 27 May 2004 18:53:19 +0100
thanks for the advice...appreciated
"gdp" <gp014i0613@blueyonder.co.uk> wrote in message
news:FOZsc.14132$UM1.14042@pathologist.blueyonder.net...
> Hi...
>
> I have to allow access for administrators to sections of my website which
> contain sensitive data. Ther is a link on the homepage called "Admin
> Login". They are asked for a PIN number which is a randon four letter
four
> number combo and if they get that correct then have to enter their
personal
> username and password.
>
> The text field inputs are cleaned before being used to make up dynamic SQL
> by replacing all apostrophes with the below function
>
> function clean(clean_this)
> clean=trim(replace(clean_this,"'","''"))
> end function
>
>
> Is this all safe....I am slightly uneasy about having the login on the
> website and it could be hidden in a special link only given to admins -
but
> this is the same mechanism that ebay and amazon etc rely on to let people
> log in....
>
> Could somebody please advise me of any dangers of this approach
>
> thanks
>
> gdp
>
>
- Next message: David C. Holley: "Re: ASP page: file upload from IE"
- Previous message: tony: "nText field not showing up (ASP)"
- In reply to: gdp: "Web application security"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
