[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 143
  • Last Modified:

Protect ASP database reports online

Hi
I use ASP pages to report database in Frontpage 2003 for lacrosse camps, clinics, etc.  The ASP pages contain names, addresses and payment info.  Google has indexed some of these report pages containing such information.

How do i reliably protect the ASP reports from being indexed by search engines or found by casual users?  I have tried putting them in a _directory, but then the ASP doesn't work.

Thank you.
0
flwebster
Asked:
flwebster
1 Solution
 
stengeljCommented:
Create a robots.txt file to exclude the folder from search engines.
http://www.webtoolcentral.com/webmaster/tools/robots_txt_file_generator/

Or,

Add a NOINDEX meta tag to the pages you want to be hidden.
http://www.robotstxt.org/wc/meta-user.html

I don't know what you mean by "found by casual users".  If you don't password protect a page it is, technically, available for viewing by anyone.
0
 
hhammashCommented:
Hi,

I think that you pages have been indexed because you send data via hyperlinks.  If you send the data between pages using Sessions your pages won't be indexed. Or at least add a code on the pages that you want to protect to check the http_referer.  This code will check if the page is coming through a certain page,  if yes then display otherwise redirect to that page.

You can put something like this at the top of the ASP page,  before the first <html>

<%
Dim HTTP_Referer

HTTP_Referer = Request.ServerVariables("HTTP_Referer")

If HTTP_Referer <> "logon.asp" Then
Response.Redirect "logon.asp"
End If
%>

You can also put a full address instead of "login.asp" only:

if HTTP_Referer <> "http://www.website.com/login.asp" then

So if you have a page that generates the information and another to display the info, this code will force the user to go back to the generating page.  Let's say that you have GenerateInfo.asp and DisplayInfo.asp.  You have info about a customer generated in GenerateInfo.asp  when you submit it opens DisplayInfo.asp.  Now, the DisplayInfo.asp in the URL will be like:

http://www.website.com/DisplayInfo?UserID=900&OrderID=123

If you type the above address directly or save it in the favorites it will not open because the HTTP_Referer code will sense that the user did not come through the GenerateInfo.asp page.  Here the code will return the user to the Generating page.



Regards
hhammash
0

Featured Post

Microsoft Certification Exam 74-409

VeeamĀ® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now