Can anyone tell me how you can stop users from URL Hacking your website?
So for example if you have a password and username form on the front of your website and only want authorised members to gain access to your web site.
So for example just say you had a page e.g: somepage.htm and a user who was not logged in types www.somesite.com/somepage.htm. How can you stop them from getting access to the that page if they are not logged in?
I agree you need to ask this at your language's area, but just so you know I wouldn't consider your scenario URL Hacking, since visitors are not doing anything wrong but requesting a public page.
It is your responsability as a developer to make sure pages that need to be secure ARE NOT AVAILABLE PUBLICLY (to begin with). For the most part, the best approach is using sessions and bounce off to the entry page any user that has not started a session with a password.
As the next step, security is a problem even when your URLs are not public anymore. A real hack attempt is about someone trying to get access to pages that you have already secured. To protect yourself from such attacks there are special considerations you need to keep in mind, such as sanitazing any and all user input.
You can secure areas of your site through server configuration without having to deal with programming, but since you already have ASP in mind I would suggest you use that since it gives you more control.
No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Previous Thread in HTML and CSS Forum Timeline:help with a tag
Unsolved 
Offline 
