is it safe to store password on asp server side script
Hi,
I have a webpage that is a form which displays the results upon submission of form.
I use html forms along with asp script to connect to a webservice to query from.
The form also has got a password field which i submit along with form data and validate in the asp code itself. This technique is able to hide the password from my users in the webpage-->view source area since the server side code is never visible.
I wanted a simple and low maintenance security solution and all my users should be able to share the same password therefore i used this technique.
Now my question is: how secure is this technique? is asp server side code a good place to hide important information?
Thanks.
I have a webpage that is a form which displays the results upon submission of form.
I use html forms along with asp script to connect to a webservice to query from.
The form also has got a password field which i submit along with form data and validate in the asp code itself. This technique is able to hide the password from my users in the webpage-->view source area since the server side code is never visible.
I wanted a simple and low maintenance security solution and all my users should be able to share the same password therefore i used this technique.
Now my question is: how secure is this technique? is asp server side code a good place to hide important information?
Thanks.
Surone1
how secure is your website host? i have found several places that allowed other customers read and sometimes even write access to all of the other customers documents on the webserver. i must admit it was free hosting, but still...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Padas for such detailed explanation.
ASKER
Hi,
for the problem described above, is it okay to leave the following IIS 7 setting as is?
'Enable Server Side Debugging === True'
are there any other setttings i should worry about?
Thanks.
for the problem described above, is it okay to leave the following IIS 7 setting as is?
'Enable Server Side Debugging === True'
are there any other setttings i should worry about?
Thanks.
Turn that off as well as send errors to the browser unless the only way you can debug is seeing the actual errors. Just turn it off when you are done.