Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Web page security

Status
Not open for further replies.

stewartwebb

Programmer
Jan 6, 2004
92
GB
Hi all,

I wonder if anyone can help me or has done anything like this before.
We have a system but users seem to copy the url then email it to someone else, who can then view data they're not suppose to see.
We are trying to find a quick and easy solution to stop this happening.
We really only want users to view pages if they have logged on via the logon page.
Has anyone got any ideas/suggestions.
If you need anymore details let me know.

Thanks

Stewart.
 
>>We really only want users to view pages if they have logged on via the logon page.
Has anyone got any ideas/suggestions.


why not use session checks in those pages???

Known is handfull, Unknown is worldfull
 
Hi vbkris,

Thanks for the reply, but session checks?
Can you elaborate on that a bit more?

Thanks

Stewart.
 
you have a login page right? that is a server side scripting implementation (cause you require DB) right?. if yes you should use that...

Known is handfull, Unknown is worldfull
 
What kind of data they're supposed not to see? Static or dynamic? How did you implement your login page?

Keep in mind that users will just have to share their passwords to share resources, so without a users policy, any effory will be useless.

Cheers,
Dian
 
What server-side technology do you have at your disposal - ASP.NET, PHP, ColdFusion, Perl, other? What kind of web server software are you running - IIS, Apache, Tomcat, etc. Find that out first, then research a solution based on the technology you have or can get.

Adam
 
Sessions are one of best means of implementing security navigating from one webpage to the other.

if you are using PHP you can do the following to take advantage of the sessions management:

Calling page:

Code:
session_name ('VisitID');
session_start();
$_SESSION['xyz'] = $some_variable;
			
header ("Location: [URL unfurl="true"]http://www.abc.com/abc.php");[/URL]


Called page:

Code:
session_name ('VisitID'); 
session_start(); 

if (!isset($_SESSION['xyz'])) 
{
  header ("Location:  [URL unfurl="true"]http://www.abc.com/index.php");[/URL]
  exit();
}

Anybody trying to go the called page without going thru the calling page (as in your case people are trying to go directly) will be taken to index.php instead of abc.php
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top