Hi everyone,

Can anyone tell me how you can stop users from URL Hacking your website?
So for example if you have a password and username form on the front of your website and only want authorised members to gain access to your web site.

So for example just say you had a page e.g: somepage.htm and a user who was not logged in types www.somesite.com/somepage.htm. How can you stop them from getting access to the that page if they are not logged in?

P.S: Do you have any sample code?

Please help,

Jay.

Sorry forgot to mention, I wanted to know how this is done in ASP

Post in the ASP forum. There's nothing you can do with HTML or client-side script.

what do you mean can i ask?

I mean, if you're asking a question about ASP, then you need to ask your question in the ASP forum:

http://www.daniweb.com/techtalkforums/forum62.html

There is no way to secure a website using only client-side code, which is the focus of this forum.

I agree you need to ask this at your language's area, but just so you know I wouldn't consider your scenario URL Hacking, since visitors are not doing anything wrong but requesting a public page.

It is your responsability as a developer to make sure pages that need to be secure ARE NOT AVAILABLE PUBLICLY (to begin with). For the most part, the best approach is using sessions and bounce off to the entry page any user that has not started a session with a password.

As the next step, security is a problem even when your URLs are not public anymore. A real hack attempt is about someone trying to get access to pages that you have already secured. To protect yourself from such attacks there are special considerations you need to keep in mind, such as sanitazing any and all user input.

BTW, just so it's out there,

You can secure areas of your site through server configuration without having to deal with programming, but since you already have ASP in mind I would suggest you use that since it gives you more control.

No probs guys will move this topic to the ASP forum.