Solved

Include a password in an href link

Posted on 2014-03-06
3
748 Views
Last Modified: 2014-03-06
I have a chart which displays data. The primary, unique field for the table is ChartID. The first column displays city, state. The city and state link to another page which is an update form. The update form does have a password associated with it. I want the link to open a new form for the specific city,state associated with the ChartID. My SQL statement is:

 sql = "SELECT tblGeneral.ChartID, tblGeneral.City, tblGeneral.State, " & _
       "tblStaff.LNOStaffDesignation, tblStaff.StaffGenNotes, tblStaff.FTE,
      "FROM tblGeneral INNER JOIN tblStaff ON tblGeneral.ChartID= tblStaff.ChartID " & _
      "WHERE tblStaff.LNOStaffDesignation = 'In Transition' "

My display code for the link to the update form is:

      Response.Write "<TD class='CCTable' width='175px'><a target='_blank'
        href='http://vaww.MyWebSite/SiteDetails.asp?step=1&ChartID=" & objRS("ChartID")

Is there code I can use to pass the password to the SiteDetails page so it will open?
0
Comment
Question by:Malloy1446
3 Comments
 
LVL 32

Expert Comment

by:Big Monty
Comment Utility
it's not a very good idea to put a password directly into a url, anybody will be able to see it.

I recommend putting the password into a cookie or session variable, while still not totally secure, is a lot more secure than having it visibly seen in a url.

If you must put it in the url, I recommend encrypting it, there a lot of asp routines out there that'll do that for you.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
Comment Utility
You can pass the password just like any other field, and it would be just about the stupidest thing imaginable.  There is no point in using a password if you are going to expose it.  Even worse, you will give a hacker all the infprmation they need to accessyou database and totally trash it.

The proper way to do it is to use a form, a put method and an https protocol.  Sending a password as part of a link is insanity.

Cd&
0
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
Comment Utility
If the user is not already logged in and you just want to protect the page from the casual hacker, you could build your url so it is available only to the current user.

UserSession=Session.SessionID
MySecretWord="xlP28vbdQZ"
URLpass=sha256(date&UserSession&MySecretWord)

 Response.Write "<TD class='CCTable' width='175px'><a target='_blank'
        href='http://vaww.MyWebSite/SiteDetails.asp?step=1&ChartID=" & objRS("ChartID")&"&code="&URLpass

Open in new window

Then on the receiving page.
UserSession=Session.SessionID
MySecretWord="xlP28vbdQZ"
URLpass=sha256(date&UserSession&MySecretWord)
code=request.querystring("code")
If cstr(URLpass)=cstr(code) then
    ' you have a valid user
    else
    ' you do not have a valid user
end if

Open in new window

The above assumes the person that is on the page is ok to view the password protected page.  With that link generated, only the user with that session can view the 2nd page.  The session will be killed when the browser closes or if the worker process overloads and resets.  

That would not be the type of security you would want for personal information, but for showing a graph you want to keep the general public out and make it easy for your users it will work fine.

To use the sha256 hash, you have download the file I attached, changed the .txt to .asp and include it on both of your pages.  

At the top of your page you can include it like this
<!--#include virtual="/path_to/sha256.asp"-->
sha256.txt
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Column Spacing 3 33
Which CSS tag pertains to the color of the form field? 11 39
Setting Up a Responsive Form 24 40
Pass through dll 2 33
Someone recently asked me about how to display a progress indicator on a page while an iframe is loading. And I remember when I first came across this myself. It was a bit tricky to get my head around, but really, it's very simple. The most impor…
This article discusses how to create an extensible mechanism for linked drop downs.
In this tutorial viewers will learn how to code links for mobile sites that, once clicked, send a call or text to a specified number. For a telephone link (once clicked, calls a number), begin with a normal "<a href=" link tag. For the href, specify…
In this tutorial viewers will learn how to embed an audio file in a webpage using HTML5. Ensure your DOCTYPE declaration is set to HTML5: : The declaration should display (CODE) HTML5 is supported by the most recent versions of all major browsers…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now