Hi Everyone!

I am really into programming with ASP. I work on it two years ago. I have learnt new stuff everyday via internet and by friends.
But one thing dat make me kinda stress is da security of transfering da information when u submit your form.

HELP ME

I got a form as below :

<form name="register" method="post" action="register.asp">
<input type="text" name="username">
<input type="password" name="password">
</form>

When we submit da form, in da "register.asp"

User=request.form("username")
Paswd=request.form("password")



The problem is

When we use a free software to scan all da data via TCP and UDP protocol ( IE ; Sniffer, Etheral...etc), we will all da information which is not crypted.
So when a user register on my page, and someone is auditing da network, he/she will see all da "username" and "password" before sending to da "register.asp" page.

Wat can we do?
Is there any option to modify or to cryt all the information before sending to da action page?
If not, pls suggest me one of da solution u have used.
I really need the information to be changed before sending to action page. Not after.

Thank a lot,
I wish to get a response from you.

Sammy

Are you using a secure page (https)?

Yes perhaps get your own SSL certificate (perhaps at www.thawte.com) and be sure you have a Web host that will install it so that you don't have to switch servers and lose session variables.

Then you can access any of your pages with https instead of http.

But if you have SSL for your Web site that doesn't mean that everyone HAS to go in with https URL's. They can go in with http URL's too. So on the pages you want protected you may want to see how a user is coming in and redirect to https if needed...

For instance at my site only the sample Web database used to use SSL although SSL was available for the whole site.

But a tricky thing is that on your SSL pages you're going to want to be sure that all filepaths for included files and even images all use https and not http (or nothing because http is then assumed) otherwise the user will probably get a message from his browser saying there is secure and unsecure information on the page.

If you use secured pages on a different server you many want to find some way (such as by posting or via querystring) to pass in values such as for a shopping cart without using session variables. Or if you have access to the database from each server, you could store things in the database as a way of moving info from non-secured to secured pages or back again.

First, lets me say Thank to you.....

I have learnt about those stuff too.
But I don use SSL neither https. Cos I don find it is necessary. It is true it is one of the solution to keep our data secure.

What I wish to know is :

1. Can I change or crypt all da submited data from a FORM before sending to the ASP page? Reason : If a person who is auditing da Network, even he/she get all my posted data, he/she wont know what it is.

2. I can crypt da data before saving them to da DataBase only when I got it by using request.form("var") , But I really cant make it changed before sending to da ASP page.

3. If I can find da solution, I will make sure dat all da information from my FORM which is running on da Network before sending to da ASP page is always secured. And other special thing is even someone hack my database server ( cos I got it on Free server ) and look through all da rows to find my username "Admin" and its password, they will cant use them to log in to my DataBase Administration page.

I wish i could have something more....

Best regards

Sammy

Hi....

i think u can solved ur problem using vbscript or javascript. here how i check my form field before submitting to asp page.

example:-
<SCRIPT Language = "VBScript">
<!--
Sub submitform()
Dim f

set f = Document.frmaddnewclient

If Trim(f.txtcompanyname.value) = "" Then
Msgbox "Please enter Company Name and try again!", vbInformation, "Electronic Client Database System"
Exit sub
End If
f.Method = "POST"
f.Action = "AddClient.asp"
f.Submit

End Sub
-->
</Script>

1. Put the script above between <head></head>
2. name ur form. for example in this case.
<form Name=frmaddnewclient>
3. submit button
<input type="button" OnClick=submitform value=" submit ">

this is just an idea. not sure work or not...

Thank a lot ,

Nice to see your response.

Thank, best regards

Sammy

hi...

hope that idea helped u in some way.

regards