Solved

Setting Server Variables--How?

Posted on 2000-04-05
10
331 Views
Last Modified: 2010-08-05
I have a server variable being checked by someone else's code.  It's like this:

If Request.Server("PATH_INFO") <> "login.asp" Then
Response.Redirect("login.asp")
End If

Is there any way for me to set the PATH_INFO variable so that I can fool that line of code into evaluating into true even if the user came from "login.asp" ?
0
Comment
Question by:bsimmons
10 Comments
 
LVL 4

Expert Comment

by:FRehman
ID: 2688633
if you click the hyperlink from login.asp page and come to that page which you disscussed above then you simply use HTTP_REFERER
simply write the code in that page so it tell you from where the request are submitted
response.write request.servervariable("HTTP_REFERER")
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2688645
How about this;

If Not Request.ServerVariables("PATH_INFO") <> "login.asp" Then
Response.Redirect("login.asp")

I'm not really sure of what you are trying to do... do you not want the user to go to login.asp, or what?  By getting the path info what are you gaining?
0
 

Author Comment

by:bsimmons
ID: 2689796
The code MUST stay as is.  I need to write an ASP that will allow you to do the login in the background.  This code is just something that checks if they came from a page on that server.  The "login.asp" is coincidental.  I just want to know if I can change the Server("PATH_INFO") variable using another ASP.  In other words: can I set Server("PATH_INFO") to equal anything I want it to?
0
 
LVL 18

Expert Comment

by:mgfranz
ID: 2690059
Yes.

Server("PATH_INFO") = TRUE
or
Server("PATH_INFO") = Fred's page

I still don't see the logic behind using PATH_INFO though...
0
 

Author Comment

by:bsimmons
ID: 2690230
Thanks for the insight.  Send me an answer and I'll give you the points.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 18

Expert Comment

by:mgfranz
ID: 2690353
If you are asking if you can set the variable PATH_INFO before it gets to the vaildation page then the answer is no!  I assume you want to set the variable to something other than login.asp in order to trick the <> Redirect into thinking that you already logged in...  The fact is that besides this beig a malitious act, it is impossible to modify the information being passed to the server as a packet.  The server is going to check the info as required, not as you pass it to the script.  I'm sure there is a way to trick the server into thinking the page info being passed to it is = login.asp, but I'm not going to discuss it.  Especially since you stated that the code MUST remain the same..

This is an act of hacking... please do not ask these types of questions here, we do not condone the malitious acts of hackers.

If this is not a malitious act then explain why you request it.
0
 

Author Comment

by:bsimmons
ID: 2690392
I am the Intranet Applications administrator at Ciena Corporation.  I am far from a hacker, however, yes, I am trying to hack MY SERVER.  The code MUST stay as is because it was written by a contractor we hired to write it.  Our MIS team doesn't want us to change his code, but make add-ons.  Essentially what I am trying to do is make the logon occur on a separate server so that users can log on to multiple secure intranet sights via ONE LOGIN.  I can't do that if his code is checking the packets.  Do you see another way around it?
Feel free to call me to validate existance as a non-hacker: 410-694-8189.
Or email bsimmons@ciena.com
0
 
LVL 1

Expert Comment

by:nunya
ID: 2690592
too bad text inputs have no spell check.
;-)
0
 
LVL 18

Accepted Solution

by:
mgfranz earned 50 total points
ID: 2691102
OK, thanks for clarifying this.  :-)  Now on with the good stuff, I imagine this could be done with a Session property that is passed to the server from another server.  Essentially what you would do is when a user logs in, it will set a session property, (you could use a cookie too), the session values would then be used to pass values to the other server.  I think you could set the PATH_USER property this way.  To make ammendments to the Request.ServerValues("PATH_USER") on the other server is not going to happen, you will need to modify the var path to either remove the "" in the var string to make it call a seperate value var of PATH_USER.

But check on the Session value, this might be the ticket...

And I appologize.
0
 

Author Comment

by:bsimmons
ID: 2691121
Thanks for all the help.  I kinda figured I was stuck with no recourse.  I wanted a second opinion.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Grab data from remote page 10 60
API not working 33 55
Want the count number from this QUery 2 38
I am getting ASP error  xmlParseEntityRef: no name. Anyone can help ? 1 46
Hello, all! I just recently started using Microsoft's IIS 7.5 within Windows 7, as I just downloaded and installed the 90 day trial of Windows 7. (Got to love Microsoft for allowing 90 days) The main reason for downloading and testing Windows 7 is t…
This demonstration started out as a follow up to some recently posted questions on the subject of logging in: http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/Q_28634665.html and http://www.experts-exchange.com/Programming/…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Concerto provides fully managed cloud services and the expertise to provide an easy and reliable route to the cloud. Our best-in-class solutions help you address the toughest IT challenges, find new efficiencies and deliver the best application expe…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now