Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How can I confirm a valid UserName & Pass ASP to Oracle DB
- Thread starter spook007
- Start date
The easiest way I have found to validate a login is to select from the database for that username and password and then check if the recordset is EOF or not. If it is EOF than the username/password combination wasn't in the database and therefore I redirect back to login, if it isn't EOF than they were validated and I continue on with the site. One additional check you should make is against the length of the username and password before attempting to query the db. It is possible for someone to get the source for your form and then create their own page to send oversize fields to your validation script in the hopes to create a buffer overrun.
Hope that helps,
-Tarwn The three most dangerous things in the world are a programmer with a soldering iron, a hardware type with a program patch, and a user with an idea
-computer saying (Wiz Biz - Rick Cook)
Hope that helps,
-Tarwn The three most dangerous things in the world are a programmer with a soldering iron, a hardware type with a program patch, and a user with an idea
-computer saying (Wiz Biz - Rick Cook)
- Status
Similar threads
- Locked
- Question
- Locked
- Question