[thelist] Elated ASPpassword protection - comments?

Flavia Tarzwell (FayeC) ftarzwell at fayec.com
Mon Nov 25 16:00:01 CST 2002


I understand the need for the txt to be outside the web root. That is
the case with my files.
The reason again for using a txt file is that the person in contact with
the client is not a programmer and she requested that it should be easy
to change the password from time to time.
I am really afraid of letting her manipulate the asp code to change the
password due to the fact that she doesn't really hand code even html let
alone asp...
But thank you for the password snippet anyways  :)

FayeC

Wade Armstrong wrote:

> If you're going to use a .txt file to store username/password combos, you
> should also make sure that that file is oustide the web root, for the same
> reasons as with the database.
>
> If you're only authenticating a small number of users, why use an external
> file at all? Something like:
>
> <%
> Dim bolAuthenticated
> bolAuthenticated = false
>
> Dim username, password
> username = Request.Form("username")
> password = Request.Form("password")
>
> Select Case username
>     Case "name1"
>         If (password = "password1") Then
>             bolAuthenticated = true
>         End If
>     Case "name2"
>            If (password = "password2") Then
>             bolAuthenticated = true
>         End If
> End Select
>
> If (bolAuthenticated = false) Then
>     Response.Redirect("loginfailed.html")
> End If
> %>
>
> Should do the trick just fine.
>
> Wade
>
>





More information about the thelist mailing list