发布错误哦我的! [英] post errors oh my!
本文介绍了发布错误哦我的!的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在创建一个asp页面来收集用户的用户名/密码
并对数据库进行验证。
问题是,它是这样的:
- 页面最初用提交按钮显示用户和密码输入
- 页面使用POST方法提交给自己
- 现在有用户和密码,使用ADO我验证信息
对数据库是否正确,主页面显示。
两个问题:
1)当我使用''post''时,密码信息是否安全?有人可以用嗅探器或其他东西偷走这个吗?
2)如果页面有问题,比如连接或其他问题,
浏览器显示''页面无法显示''并在页面下方
显示''POST数据:'',其中包括用户名和密码!这不可能
好吗?
我该怎样做才能提高安全性?
I am creating an asp page to collect username/password from the user
and validate it against the DB.
Problem is, it''s like this:
- Page initially shows user and pwd inputs with a submit button
- Page submits to itself using POST method
- Now armed with user and password, using ADO I verify information
against database and if it''s correct, the main page shows.
Two problems:
1) is the password information secure when I use ''post''? can someone
somehow steal this with sniffers or something?
2) If there is a problem in the page, like connection or otherwise,
the browser shows a ''The page cannot be displayed'' and down the page it
shows ''POST Data: '' which includes username and password! this can''t be
good can it?
What can I do to improve security here?
推荐答案
1。 HTTPS?这就是它的用途。您使用的是SSL吗?
2.它在哪里显示确切的?什么错误?你在使用自定义
错误吗?
Ray在工作
< wo ****** @ yahoo.com>在消息中写道
news:11 ********************* @ g14g2000cwa.googlegro ups.com ...
1. HTTPS? That''s what this is for. Are you using SSL?
2. Where does it show that exactly? On what errors? Are you using custom
errors?
Ray at work
<wo******@yahoo.com> wrote in message
news:11*********************@g14g2000cwa.googlegro ups.com...
我正在创建一个asp页面来收集用户的用户名/密码
并根据数据库验证它。
问题是,它是这样的:
- 页面最初显示用户和密码输入带有提交按钮
- 页面使用POST方法提交给自己
- 现在使用用户和密码,使用ADO我验证数据对数据库是否正确,主要页面显示。
两个问题:
1)当我使用''post''时,密码信息是否安全?有人可以用嗅探器或其他东西偷走这个吗?
2)如果页面出现问题,如连接或其他问题,浏览器会显示'页面无法显示' '并在页面下方显示''POST数据:'',其中包括用户名和密码!这不可能是好的吗?
我该怎样做才能提高安全性?
I am creating an asp page to collect username/password from the user
and validate it against the DB.
Problem is, it''s like this:
- Page initially shows user and pwd inputs with a submit button
- Page submits to itself using POST method
- Now armed with user and password, using ADO I verify information
against database and if it''s correct, the main page shows.
Two problems:
1) is the password information secure when I use ''post''? can someone
somehow steal this with sniffers or something?
2) If there is a problem in the page, like connection or otherwise,
the browser shows a ''The page cannot be displayed'' and down the page it
shows ''POST Data: '' which includes username and password! this can''t be
good can it?
What can I do to improve security here?
1)哦,不,我没有学习HTTPS,我会得到关于这个主题的一些信息。
2)就像让我们说我在asp中调用一个不存在的存储过程
代码,然后如果我尝试转到它显示的页面:
页面无法显示
有一个您尝试访问的页面出现问题且无法显示
。
--------------- -------------------------------------------------- ---------------
请尝试以下方法:
单击刷新按钮,或者稍后再试。
打开localhost主页,然后查找指向
信息的链接。
HTTP 500.100 - 内部服务器错误 - ASP错误
互联网信息服务
------------------- ------------------------ -------------------------------------
技术支持信息(支持人员)
错误类型:
用于SQL Server的Microsoft OLE DB提供程序(0x80040E14)
无法找到存储过程''createsession''。
/applications/includes/login/session.inc,第27行
浏览器类型:
Mozilla / 4.0(兼容; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322)
页:
POST 37个字节到/applications/login/login.asp
POST数据:
用户名= test& pwd = test123& smit =提交
时间:
2005年7月12日星期二,下午2:12:28
更多信息:
Microsoft支持
>
所以看到有一个部分实际上显示了来自
表格的发布字段,在我看来这很危险
1) oh, no I haven''t learned HTTPS, I''ll get some info on the subject.
2) like let''s say I call an unexistent stored procedure in the asp
code, then if I try to go to the page it shows this:
The page cannot be displayed
There is a problem with the page you are trying to reach and it cannot
be displayed.
--------------------------------------------------------------------------------
Please try the following:
Click the Refresh button, or try again later.
Open the localhost home page, and then look for links to the
information you want.
HTTP 500.100 - Internal Server Error - ASP error
Internet Information Services
--------------------------------------------------------------------------------
Technical Information (for support personnel)
Error Type:
Microsoft OLE DB Provider for SQL Server (0x80040E14)
Could not find stored procedure ''createsession''.
/applications/includes/login/session.inc, line 27
Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322)
Page:
POST 37 bytes to /applications/login/login.asp
POST Data:
username=test&pwd=test123&smit=Submit
Time:
Tuesday, July 12, 2005, 2:12:28 PM
More information:
Microsoft Support
So see there is a section that actually shows the posted fields from
the form, seems to me that this is dangerous
嗯,这是一个问题。您还可以查看自定义错误页面。它实际上就像制作一个这样的页面一样简单:
500.asp:
< ; html>
< body>
发生错误。很抱歉。
< / body>
< / html>
把它放在网站的根目录中,然后将/500.asp设置为IIS中该站点的
错误页面的URL。请参阅IIS配置的屏幕截图
。 http://www.aspfaq.com/show.asp?id= 2335
雷在工作
< wo ****** @ yahoo.com>在消息中写道
news:11 ********************** @ g14g2000cwa.googlegr oups.com ...
Hmm, that is an issue. You could also look into custom error pages. It
actually can be as simple as making a page like so:
500.asp:
<html>
<body>
An error occurred. Sorry about that.
</body>
</html>
Put that in the root of your site, then set /500.asp to be the URL of your
error page in IIS for that site. See screen shot of the IIS configuration
here. http://www.aspfaq.com/show.asp?id=2335
Ray at work
<wo******@yahoo.com> wrote in message
news:11**********************@g14g2000cwa.googlegr oups.com...
1)哦,不,我没有学习HTTPS,我会得到一些关于这个主题的信息。
2)就像让我说我在asp中调用一个不存在的存储过程一样br />代码,然后如果我尝试转到它显示的页面:
页面无法显示
您尝试访问的页面有问题,它不能
显示。
----------------------------------- ---------------------------------------
------ <请尝试以下操作:
单击刷新按钮,或稍后再试。
打开localhost主页,然后查找
你想要的信息。
HTTP 500.100 - 内部服务器错误 - ASP错误
互联网信息服务
----------------- -------------------------------------------------- -------
------
技术信息(支持人员)
错误类型:
用于SQL Server的Microsoft OLE DB提供程序(0x80040E14)
找不到存储过程''createsession''。
/ applications / includes /login/session.inc,第27行
浏览器类型:
Mozilla / 4.0(兼容; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322)
页面:
POST 37个字节到/applications/login/login.asp
POST数据:
用户名= test& pwd = test123& smit =提交
时间:
2005年7月12日星期二,下午2:12:28
更多信息:微软支持
所以看到有一个部分实际上显示了从表单中发布的字段,在我看来这很危险
1) oh, no I haven''t learned HTTPS, I''ll get some info on the subject.
2) like let''s say I call an unexistent stored procedure in the asp
code, then if I try to go to the page it shows this:
The page cannot be displayed
There is a problem with the page you are trying to reach and it cannot
be displayed.
-------------------------------------------------------------------------- ------
Please try the following:
Click the Refresh button, or try again later.
Open the localhost home page, and then look for links to the
information you want.
HTTP 500.100 - Internal Server Error - ASP error
Internet Information Services
-------------------------------------------------------------------------- ------
Technical Information (for support personnel)
Error Type:
Microsoft OLE DB Provider for SQL Server (0x80040E14)
Could not find stored procedure ''createsession''.
/applications/includes/login/session.inc, line 27
Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322)
Page:
POST 37 bytes to /applications/login/login.asp
POST Data:
username=test&pwd=test123&smit=Submit
Time:
Tuesday, July 12, 2005, 2:12:28 PM
More information:
Microsoft Support
So see there is a section that actually shows the posted fields from
the form, seems to me that this is dangerous
这篇关于发布错误哦我的!的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
