登录后的会话以及被黑客入侵的可能性 [英] Session after login and the possible of hacking

问题描述

我想一劳永逸

在经典ASP中！

如果我有这样的表格

<form action="login.asp" method="post">
<input type="text" name="username" value="" />
<input type="password" name="password" value="" />
</form>

然后在login.asp页面中，我检查用户名和密码是否正确，我为session("loggedin")赋予一个值

and in the login.asp page i check if the username and password are correct i give a session("loggedin") a value

然后在每个页面中，我检查该会话和该值

then in everypage i check for that session and for that value

我的问题-是正确的，最常见的安全措施吗???还是我想念什么?

my question - is that the right, most common secure thing to do??? or i miss something?

推荐答案

我终于开始使用.Net(好和坏...我喜欢Classic ASP)，但是我如何在Classic ASP中对其进行处理以使其易于管理是:

I am finally moving to .Net (Good and bad...I loved Classic ASP), but how I handled it in classic ASP to make it manageable is:

创建一个包含文件，如下所示:

Create an include file, like this:

if (nz(session("users.userid"))=0) then
    'PUT YOUR LOGIN CODE HERE
    session("users.userid") = userId
else
    'CODE TO DISPLAY LOGIN FORM
    response.end
end if

在每个应确保安全的页面顶部都包含此内容.如果他们尚未登录，它将抛出登录表单.显然，您可以使它比这更有用，但是正如我可以解释的那样，这很清楚.

Include this at the top of every page that should be secure. If they haven't logged in, it will throw the login form. Obviously you can make this more useful than this, but this is as clearly as I could explain it.

这篇关于登录后的会话以及被黑客入侵的可能性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！