Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Web page security

Status
Not open for further replies.
stewartwebb

stewartwebb

Programmer
Jan 6, 2004
92
GB
Hi all,

I wonder if anyone can help me or has done anything like this before.
We have a system but users seem to copy the url then email it to someone else, who can then view data they're not suppose to see.
We are trying to find a quick and easy solution to stop this happening.
We really only want users to view pages if they have logged on via the logon page.
Has anyone got any ideas/suggestions.
If you need anymore details let me know.

Thanks

Stewart.
 
Sort by date Sort by votes
>>We really only want users to view pages if they have logged on via the logon page.
Has anyone got any ideas/suggestions.


why not use session checks in those pages???

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
Hi vbkris,

Thanks for the reply, but session checks?
Can you elaborate on that a bit more?

Thanks

Stewart.
 
Upvote 0 Downvote
you have a login page right? that is a server side scripting implementation (cause you require DB) right?. if yes you should use that...

Known is handfull, Unknown is worldfull
 
Upvote 0 Downvote
What kind of data they're supposed not to see? Static or dynamic? How did you implement your login page?

Keep in mind that users will just have to share their passwords to share resources, so without a users policy, any effory will be useless.

Cheers,
Dian
 
Upvote 0 Downvote
What server-side technology do you have at your disposal - ASP.NET, PHP, ColdFusion, Perl, other? What kind of web server software are you running - IIS, Apache, Tomcat, etc. Find that out first, then research a solution based on the technology you have or can get.

Adam
 
Upvote 0 Downvote
Sessions are one of best means of implementing security navigating from one webpage to the other.

if you are using PHP you can do the following to take advantage of the sessions management:

Calling page:

Code: 
session_name ('VisitID');
session_start();
$_SESSION['xyz'] = $some_variable;
			
header ("Location: [URL unfurl="true"]http://www.abc.com/abc.php");[/URL]


Called page:

Code: 
session_name ('VisitID'); 
session_start(); 

if (!isset($_SESSION['xyz'])) 
{
  header ("Location:  [URL unfurl="true"]http://www.abc.com/index.php");[/URL]
  exit();
}

Anybody trying to go the called page without going thru the calling page (as in your case people are trying to go directly) will be taken to index.php instead of abc.php
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

chillay
  • Locked
  • Question
Add Control + F feature to a Web Page
Replies
3
Views
129
feherke
feherke
Rayj0000
  • Locked
  • Question
How to disable an html button for subsequent website visitors?
Replies
0
Views
306
Rayj0000
Rayj0000
penguinspeaks
  • Locked
  • Question
JS Open print dialog page to print a file
Replies
0
Views
152
penguinspeaks
penguinspeaks
RailBatyrshin
  • Locked
  • Question
Back on the Node(ExpressJS) fetch API from WEB Browser
Replies
0
Views
90
RailBatyrshin
RailBatyrshin
rogerte
  • Locked
  • Question
How to have several datepickers on same HTML page
Replies
1
Views
135
rogerte
rogerte

Part and Inventory Search

Sponsor

Back
Top