CoverYourASP --> Security

Free membership

Join in the fun! Sign in
Member Services

Site navigation
Download the entire site!
Search my articles
Free Magazines
Browse the directory

Send me feedback
Buy my boxer shorts

Recommend this page
Printer-friendly page

Resources I recommend
Link to my site
Advertising slashed!
About your privacy
Legal stuff
Site statistics
43 active users
2793 visitors today
2067 pages today
(only part of today)
Tools I use

CoverYourASP
Copyright © 1999-2016 James Shaw.
All rights reserved.

ASP.NET Blog
RSS submissions
E-commerce

Now open source with SourceForge!

The problem with giving away a whole site for free is that there are certain things you want kept secret!

For example, in the new generic database administration pages I had to stop you from seeing the actual email addresses of people who had subscribed to my newsletter. But I needed to see them through the same browser! Another example is the page where I mail my newsletter.

First, I used to ask for the password in a form field, but with the latest articles it became impractical - some pages didn't even have a form!

Second, I used the database path as a password, which was good because you need to set full read/write/create permissions on that folder, and therefore it's a very good idea to keep the database in a secret folder! That stopped working while changing over from Access to SQL Server, when the path became a little more complex!

Now I use a secret word hardcoded into include/config.asp, and changed regularly. As downloaded the word is SECRET.

This password is added to the URL of the page. For example, to access this page with the password you would type: http://CoverYourASP.com/Security.asp?SECRET=1

To help write the pages there's a helper function called LookForMagicWord(), defined in utils/Init.asp. Calling this function sets up two variables for you to use.

bValidUser - set to non-zero when the valid password appears in the URL.

sMagicWord - set to "&SECRET;=1" when the password is found. Use this in related links to pass the password to other pages.

Featured sponsor
My favorite resources


I share my content

Supporting ASPRSS

Do you need a quick and easy way to link to my articles? All the information you need is published with ASPRSS...


New Proposal Kit Professional 5.1
Brand yourself as a top professional: create quotes and amazing proposals and get many legal documents free!

The latter saved me 3 times the purchase price on the first day I owned it!