Solved

Include a password in an href link

Posted on 2014-03-06
3
796 Views
Last Modified: 2014-03-06
I have a chart which displays data. The primary, unique field for the table is ChartID. The first column displays city, state. The city and state link to another page which is an update form. The update form does have a password associated with it. I want the link to open a new form for the specific city,state associated with the ChartID. My SQL statement is:

 sql = "SELECT tblGeneral.ChartID, tblGeneral.City, tblGeneral.State, " & _
       "tblStaff.LNOStaffDesignation, tblStaff.StaffGenNotes, tblStaff.FTE,
      "FROM tblGeneral INNER JOIN tblStaff ON tblGeneral.ChartID= tblStaff.ChartID " & _
      "WHERE tblStaff.LNOStaffDesignation = 'In Transition' "

My display code for the link to the update form is:

      Response.Write "<TD class='CCTable' width='175px'><a target='_blank'
        href='http://vaww.MyWebSite/SiteDetails.asp?step=1&ChartID=" & objRS("ChartID")

Is there code I can use to pass the password to the SiteDetails page so it will open?
0
Comment
Question by:Malloy1446
3 Comments
 
LVL 33

Expert Comment

by:Big Monty
ID: 39909990
it's not a very good idea to put a password directly into a url, anybody will be able to see it.

I recommend putting the password into a cookie or session variable, while still not totally secure, is a lot more secure than having it visibly seen in a url.

If you must put it in the url, I recommend encrypting it, there a lot of asp routines out there that'll do that for you.
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39910009
You can pass the password just like any other field, and it would be just about the stupidest thing imaginable.  There is no point in using a password if you are going to expose it.  Even worse, you will give a hacker all the infprmation they need to accessyou database and totally trash it.

The proper way to do it is to use a form, a put method and an https protocol.  Sending a password as part of a link is insanity.

Cd&
0
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
ID: 39910164
If the user is not already logged in and you just want to protect the page from the casual hacker, you could build your url so it is available only to the current user.

UserSession=Session.SessionID
MySecretWord="xlP28vbdQZ"
URLpass=sha256(date&UserSession&MySecretWord)

 Response.Write "<TD class='CCTable' width='175px'><a target='_blank'
        href='http://vaww.MyWebSite/SiteDetails.asp?step=1&ChartID=" & objRS("ChartID")&"&code="&URLpass

Open in new window

Then on the receiving page.
UserSession=Session.SessionID
MySecretWord="xlP28vbdQZ"
URLpass=sha256(date&UserSession&MySecretWord)
code=request.querystring("code")
If cstr(URLpass)=cstr(code) then
    ' you have a valid user
    else
    ' you do not have a valid user
end if

Open in new window

The above assumes the person that is on the page is ok to view the password protected page.  With that link generated, only the user with that session can view the 2nd page.  The session will be killed when the browser closes or if the worker process overloads and resets.  

That would not be the type of security you would want for personal information, but for showing a graph you want to keep the general public out and make it easy for your users it will work fine.

To use the sha256 hash, you have download the file I attached, changed the .txt to .asp and include it on both of your pages.  

At the top of your page you can include it like this
<!--#include virtual="/path_to/sha256.asp"-->
sha256.txt
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CDO.Message not able to send attachement 5 24
Wrapper for APPs 9 76
wordpress display sub menu only when click 12 38
ASP server side get value 15 15
Use these top 10 tips to master the art of email signature design. Create an email signature design that will easily wow recipients, promote your brand and highlight your professionalism.
Building a website can seem like a daunting task to the uninitiated but it really only requires knowledge of two basic languages: HTML and CSS.
In this tutorial viewers will learn how to style a corner ribbon overlay for an image using CSS Create a new class by typing ".Ribbon":  Define the class' "display:" as "inline-block": Define its "position:" as "relative": Define its "overflow:" as …
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now