I have an Oracle application which I am configuring to access via intranet pages. I have a NT web server running IIS linking to Oracle using ODBC. <br><br>At the moment I am investigating suitable products to use for the ASP development (Visual InterDev, Dreamweaver UltraDev). Where I am getting stuck is understanding how to <br>first capture the user ID/password and then pass this information between ASPs so that the same access rights are always enforced. I imagine it should happen using encrypted parameters passed with the URL which are used to reconnect to the database for every screen. So far I have not written any ASP code manually, it has been done by the development tools. I think I have got to bite the bullet now and go into things in more detail.<br><br>Am I heading the right way in terms of database security?<br>Am I doing the right things to acheive my goals?<br>Am I using the right toolset?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
State information in ASP's
- Thread starter axw
- Start date
The quick & easy way would be to store it in the Session variable. Don't get carried away and store a gazillion things in there, as every value in the Session variable takes away from available memory on the server. <br><br>What you might want to store in there instead of UserID & Password is some sort of 1-byte flag that indicates that the user has been authenticated (and perhaps to what level). Anything beyond that ought to be stored in a table in your Oracle TEMP tablespace.<br><br>Chip H.<br>
- Status
Similar threads
- Locked
- Question
- Locked
- Question