Solved

web security

Posted on 2002-03-07
5
195 Views
Last Modified: 2010-05-02
hello

I wrote a dll in  VB and i would like it to be secured once
i'm opening it from web page?
What do i need to do ?
0
Comment
Question by:shahak
5 Comments
 
LVL 17

Accepted Solution

by:
inthedark earned 150 total points
ID: 6846756
Here is a simple way.

In your global.asa file place a list of allowed UserID's and Passwords.

e.g.
Sub APplication_OnStart()
Application.Lock

' you could load from a text file if you want.
Application("UIDS")="User1,PW1;User2,PW2,etc"

Application("OtherStuff")="etc"
Application.UnLock

End Sub

Or you could save the logins and passwords in a database.


Create a login.asp file:

User ID
Password



In your login.asp detect if the opertor has clicked on submit and validate the Login ID and Password.

Send the login details as cookies to the client.

response.cookies("UserID")=Request("UserID")
response.cookies("UserID").Expires=now+365

Do same for password.

In you DLL you can now call a function on every page which should be locked from the outside world:

If Not UserLoginOK() Then
   ' kick out the user
   response.redirect "http://www.yourserver.com/bogoff.htm"
   exit sub
end if

' now display your special page
response.write "<HTML><BODY>" ' etc....


Create a function

Public Function UserLoginOK() as Boolean

UserID=ucase(request.cookies("UserID"))
PW=Ucase(request.cookies("PW"))

'now check that this combination is valid'


'look up in database

' or check in application object list of users

IDS=Split(Application("UIDS"),";")

for c=0 to Ubound(IDS)
   UDets = Split(IDS(c),",")
   if ucase(udets(0))=UserID and ucase(Udets(1))=PW Then
      userloginok=true
      exit function
   end if
next c
End Function

Hope this helps.
0
 
LVL 17

Expert Comment

by:inthedark
ID: 6847244
Id this the kind of security you meant?

In an ideal world you would make your login.asp run in https mode.  But to do this you need yo buy a key from a company like www.verisign.com.  Once the key is insatlled on your system you can then use https.

0
 

Author Comment

by:shahak
ID: 6854263
I would like that my dll will be safe to initialize
from HTML page.
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6896624
Hi, this item is current but many others still open quite old.

ADMINISTRATION WILL BE CONTACTING YOU SHORTLY.  Moderators Computer101 or Netminder will return to finalize these if still open in seven days.  Please post closing recommendations before that time.

Question(s) below appears to have been abandoned. Your options are:
 
1. Accept a Comment As Answer (use the button next to the Expert's name).
2. Close the question if the information was not useful to you, but may help others. You must tell the participants why you wish to do this, and allow for Expert response.  This choice will include a refund to you, and will move this question to our PAQ (Previously Asked Question) database.  If you found information outside this question thread, please add it.
3. Ask Community Support to help split points between participating experts, or just comment here with details and we'll respond with the process.
4. Delete the question (if it has no potential value for others).
   --> Post comments for expert of your intention to delete and why
   --> You cannot delete a question with comments, special handling by a Moderator is required.

For special handling needs, please post a zero point question in the link below and include the URL (question QID/link) that it regards with details.
http://www.experts-exchange.com/jsp/qList.jsp?ta=commspt
 
Please click the Help Desk link on the left for Member Guidelines, Member Agreement and the Question/Answer process for further information, if needed.  http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp

Click you Member Profile to view your question history and keep them all current with updates as the collaboration effort continues, to track all your open and locked questions at this site.  If you are an EE Pro user, use the Power Search option to find them.  Anytime you have questions which are LOCKED with a Proposed Answer but does not serve your needs, please reject it and add comments as to why.  In addition, when you do grade the question, if the grade is less than an A, please add a comment as to why.  This helps all involved, as well as future persons who may access this item in the future to seek help.

To view your open questions, please click the following link(s) and keep them all current with updates.
http://www.experts-exchange.com/questions/Q.20082722.html
http://www.experts-exchange.com/questions/Q.20089300.html
http://www.experts-exchange.com/questions/Q.20089301.html
http://www.experts-exchange.com/questions/Q.20092191.html
http://www.experts-exchange.com/questions/Q.20096491.html
http://www.experts-exchange.com/questions/Q.20147905.html
http://www.experts-exchange.com/questions/Q.20269836.html
http://www.experts-exchange.com/questions/Q.20274295.html
http://www.experts-exchange.com/questions/Q.20280909.html


To view your locked questions, please click the following link(s) and evaluate the proposed answer.
http://www.experts-exchange.com/questions/Q.20093309.html
http://www.experts-exchange.com/questions/Q.20148460.html

PLEASE DO NOT AWARD THE POINTS TO ME.  
 
------------>  EXPERTS:  Please leave any comments regarding your closing recommendations if this item remains inactive another seven (7) days.  Also, if you are interested in the cleanup effort, please click this link http://www.experts-exchange.com/jsp/qManageQuestion.jsp?ta=commspt&qid=20274643

Moderators will finalize this question if still open in 7 days, by either moving this to the PAQ (Previously Asked Questions) at zero points, deleting it or awarding expert(s) when recommendations are made, or an independent determination can be made.  Expert input is always appreciated to determine the fair outcome.
 
Thank you everyone.
 
Moondancer
Moderator @ Experts Exchange

P.S.  For any year 2000 questions, special attention is needed to ensure the first correct response is awarded, since they are not in the comment date order, but rather in Member ID order.
0
 
LVL 5

Expert Comment

by:Netminder
ID: 6975364
Force-accepted by
Netminder
CS Moderator
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I’ve seen a number of people looking for examples of how to access web services from VB6.  I’ve been using a test harness I built in VB6 (using many resources I found online) that I use for small projects to work out how to communicate with web serv…
Introduction While answering a recent question (http://www.experts-exchange.com/Q_27402310.html) in the VB classic zone, I wrote some VB code in the (Office) VBA environment, rather than fire up my older PC.  I didn't post completely correct code o…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now