-
January 6th, 2004, 02:52 PM
#1
Web App and XP
I have just install a new web app on an intranet. Ever time you log onto the the app it make you do it twice before accepting it.
Web server Win2000
Clients WinXP
Thank for any info on this.
let me know if you need any more info about my problem.
Mad Beaver
-
January 6th, 2004, 03:05 PM
#2
-
January 6th, 2004, 04:13 PM
#3
It is an invoice app I designed that inputs data into two different databases.
When you log on it checks one of the databases for Uname and Password.
The app works great on another network that has a win2000 server and win98 clients.
So that make me think it has something to do with the XP Clients.
Oh ya it mostly uses asp's
Mad Beaver
-
January 6th, 2004, 04:22 PM
#4
So in other words, there is your login screen which you coded, then there is another login screen? Is it the same login screen you coded, or is the other login screen look a little different from yours?
If so, my first guess is that there is something not quite right with the permissions on the server - I'm assuming that you are using IIS and Active Server Pages, correct?
Let me know some more about these logins, then we can go from there...
-
January 6th, 2004, 04:39 PM
#5
It is the same login screen that I coded, and it always goes through on the second try.
Yes I am using IIS and Active Server Pages.
when you login it sends you to an asp page at this point it verifies the info and stores the Uname and Pword in cookies then redirects to the appropreate page.
Mad Beaver
-
January 6th, 2004, 05:24 PM
#6
Storing the username and password in a cookie is a silly thing to do. I'd rethink your authentication code if I were you. You can fix your double login problem while you're at it.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
January 6th, 2004, 05:46 PM
#7
Mad Beaver
-
January 7th, 2004, 10:16 AM
#8
Storing the username and password in a cookie is indeed a very bad thing to do. There are numerous ways to steal cookies. If someone stole your cookie they have all the info they need to logon your site.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
January 7th, 2004, 02:25 PM
#9
It is on a intranet. The only way you can access the site is through a computer on the network. The password protection is only ment as a deterrentm, like locking your car (If someone really wants to get in they will find a way).
Could you please tell me a better way to secure the site.
Also any information about the original issue of having to login twice on the start page would be very helpful.
Mad Beaver
-
January 7th, 2004, 02:41 PM
#10
Originally posted here by MadBeaver
It is on a intranet. The only way you can access the site is through a computer on the network. The password protection is only ment as a deterrentm, like locking your car (If someone really wants to get in they will find a way).
Could you please tell me a better way to secure the site.
There are numerous ways to do it. This is one way to do it.
*Note: Only look at the way they've used global.asa. The authentication script is vulnerable to an SQL injection attack (just enter a' or 1=1 -- as a username and a bogus password )
Also any information about the original issue of having to login twice on the start page would be very helpful.
Perhaps you are redirecting to a different url? The users would start on webapp.my.domain and after logging on they may be redirected to servername.my.domain. Eventhough webapp.my.domain and servername.my.domain are actually the same machine the cookies will be different.
Oliver's Law:
Experience is something you don't get until just after you need it.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|