ASP security and DB security - advice

[tomothy]

Hi,

I am wanting to learn more about ASP security. I want to know how to create secure login's and secure forms (so people can not see or snipe the info being processed). Also I want to learn about making MS DBs secure on the web. Can any one give me some sample code, tutorials or a good book title to start learning about this? Any help you can give would be very much appericated.

Thank you for your time
Andrew

 

[jlgdeveloper]

Andrew

There is a lot of ground on your question, so a few things:
Some common methods of website (not db) security:

> Session security - where you bounce someone to a login area to be authenticated or re-authenticated against a db etc. Good for many users so that you do not have to give them individual logins.

> Domain security - where you take off the permissions for the iuser_machine/everyone person person in iis, not allowing anonomous users, only challenge response, and the same removal and granting of permissions on the file system component of the webiste files.

Database:
Generally, to have the website furnish data to the anon web user, you have to grant read (and write if you want them to generate data) over the db. SQL Server is much better for this than access. With SQL, you can grant these permissions per table.

There is so much more.
Jonathan Galpin

http://www.keen.com/categories/categorylist_expand.asp?sid=5215353&gid=0&pmode=0