954,604 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
6 Years Ago
0

URL Hacking

Hi everyone,

Can anyone tell me how you can stop users from URL Hacking your website?
So for example if you have a password and username form on the front of your website and only want authorised members to gain access to your web site.

So for example just say you had a page e.g: somepage.htm and a user who was not logged in types www.somesite.com/somepage.htm . How can you stop them from getting access to the that page if they are not logged in?

P.S: Do you have any sample code?

Please help,

Jay.

JC_2000
Newbie Poster
17 posts since Oct 2005
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Sorry forgot to mention, I wanted to know how this is done in ASP

JC_2000
Newbie Poster
17 posts since Oct 2005
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Post in the ASP forum. There's nothing you can do with HTML or client-side script.

tgreer
Made Her Cry
Team Colleague
2,118 posts since Dec 2004
Reputation Points: 227
Solved Threads: 37
 
6 Years Ago
0

what do you mean can i ask?

JC_2000
Newbie Poster
17 posts since Oct 2005
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

I mean, if you're asking a question about ASP, then you need to ask your question in the ASP forum:

http://www.daniweb.com/techtalkforums/forum62.html

There is no way to secure a website using only client-side code, which is the focus of this forum.

tgreer
Made Her Cry
Team Colleague
2,118 posts since Dec 2004
Reputation Points: 227
Solved Threads: 37
 
6 Years Ago
0

I agree you need to ask this at your language's area, but just so you know I wouldn't consider your scenario URL Hacking, since visitors are not doing anything wrong but requesting a public page.

It is your responsability as a developer to make sure pages that need to be secure ARE NOT AVAILABLE PUBLICLY (to begin with). For the most part, the best approach is using sessions and bounce off to the entry page any user that has not started a session with a password.

As the next step, security is a problem even when your URLs are not public anymore. A real hack attempt is about someone trying to get access to pages that you have already secured. To protect yourself from such attacks there are special considerations you need to keep in mind, such as sanitazing any and all user input.

Esopo
Junior Poster in Training
50 posts since Feb 2006
Reputation Points: 14
Solved Threads: 1
 
6 Years Ago
0

BTW, just so it's out there,

You can secure areas of your site through server configuration without having to deal with programming, but since you already have ASP in mind I would suggest you use that since it gives you more control.

Esopo
Junior Poster in Training
50 posts since Feb 2006
Reputation Points: 14
Solved Threads: 1
 
6 Years Ago
0

No probs guys will move this topic to the ASP forum.

JC_2000
Newbie Poster
17 posts since Oct 2005
Reputation Points: 10
Solved Threads: 0
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed