User Account Security

F

farsad nasseri

Hi

I'm trying to design a web application where people can create user Ids and
passwords while signing up and then use that information to login to an
account. (I know, very basic). I just can't get my mind around how to make
this system most secure. the user id and password is verified at the time of
logging in and at that point, I would like to create something like a session
key before openning the new page. I basically don't want to start the new
page by passing regular parameters through the URL because that's very easy
to manipulate and break. Can someone give me some information about creating
a secure system like this and/or forward me some useful sources?? btw.. I'm
using, IIS as my server, ASP.Net and VB.Net.

Thanks

Farsad
 
R

Roland Hall

in message
: I'm trying to design a web application where people can create user Ids
and
: passwords while signing up and then use that information to login to an
: account. (I know, very basic). I just can't get my mind around how to make
: this system most secure. the user id and password is verified at the time
of
: logging in and at that point, I would like to create something like a
session
: key before openning the new page. I basically don't want to start the new
: page by passing regular parameters through the URL because that's very
easy
: to manipulate and break. Can someone give me some information about
creating
: a secure system like this and/or forward me some useful sources?? btw..
I'm
: using, IIS as my server, ASP.Net and VB.Net.

While it may seem to be a simple process, there is quite a lot involved to
make a complete solution. This include but may not be limited to:

verifying username does not exist before registering new user
email address confirmation
email verification before completion mailing autogenerated random link to
complete email verification
verification checking for lost passwords with pass phrases
visitor tracking for support and security
privacy notices re: user information being stored

Also, this is a Classic ASP newsgroup. You're going to have a better chance
getting answers in a .NET newsgroup.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Account Creation and Security 2
Amend default MVC5 template to allow admin to accept\reject account 0
Problem with a login script, SESSION user rights and put this together so it works with the other pages and MySQL. Code examples. 2
Create Secure Account Activation 3
How to login using PDO 3
How to Create a random password generator in a separate window 4
Bash scripts for web apps 1
Hw to create user Account using ASP 1

Members online

Total: 30 (members: 2, guests: 28)
Robots: 128

Forum statistics

Threads
473,772
Messages
2,569,592
Members
45,103
Latest member
VinaykumarnNevatia

Latest Threads

Top