0

Hi everyone,

Can anyone tell me how you can stop users from URL Hacking your website?
So for example if you have a password and username form on the front of your website and only want authorised members to gain access to your web site.

So for example just say you had a page e.g: somepage.htm and a user who was not logged in types www.somesite.com/somepage.htm. How can you stop them from getting access to the that page if they are not logged in?

P.S: Do you have any sample code?

Please help,

Jay.

3
Contributors
7
Replies
8
Views
11 Years
Discussion Span
Last Post by JC_2000
0

Sorry forgot to mention, I wanted to know how this is done in ASP

0

I agree you need to ask this at your language's area, but just so you know I wouldn't consider your scenario URL Hacking, since visitors are not doing anything wrong but requesting a public page.

It is your responsability as a developer to make sure pages that need to be secure ARE NOT AVAILABLE PUBLICLY (to begin with). For the most part, the best approach is using sessions and bounce off to the entry page any user that has not started a session with a password.

As the next step, security is a problem even when your URLs are not public anymore. A real hack attempt is about someone trying to get access to pages that you have already secured. To protect yourself from such attacks there are special considerations you need to keep in mind, such as sanitazing any and all user input.

0

BTW, just so it's out there,

You can secure areas of your site through server configuration without having to deal with programming, but since you already have ASP in mind I would suggest you use that since it gives you more control.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.