General Security Question

R

roy anderson

Hey all,
I'm not new to web development, but totally clueless regarding web
security/logins and such. I have a website which requires users to
login, checks their info against a SQL Server backend, then saves their
login as a session variable. As they browse through the various pages of
the site, each page checks to see if the Session variable exists/is not
null, etc. If the check fails, the page redirects them to the login
form.

Question: In general, how secure is my site?

TIA
 
D

Daniel TIZON

As a complement to the Elton reponse,
ASP.NET has already a mecanism to secure an ASP.NET website like defined in
your custom implementation, it is called "Forms authentication".
The beauty of the builtin solution is that the only responsability of the
developper is to write the logon page, and to write the logic to validate or
not the credentials of the user, against de database, a xml file or
what-else you want. You define the mode of authentication dans the
authorizations on the pages, or the folders, declaratively in the web
configuration file. Not necessary to write spaggetti code on the pages to
have benefits of securization. All your pages are secured by default. An
authentication cookie is used to make this work.

Better in ASP.NET 2.0, Rich Controls (logon, subscribtion,lost
password,...), DataBase, and APIs are provided, so you don't have no line of
code to secure your site :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top