I have created a html login page using asp and storing the username, passwords, and level of security on a access database. The user logs in the database is quireed and if the password and user name match the user is brought to an admin control panel page, if not they are brought to an asp page notifiyng them of the incorrect enytry.
Which page or pages should be in the secured part of the server, the login page? the admin control panel page? or both? and why?
:stunned:
If you are worrying about encrypting the username/password transfer from browser to server then the login input page will need to be on a secure page so the data will be encrypted when sent to the login script to query the database.
If you’re only concerned with encrypting sensitive infomation within the admin area, then redirecting to a secure page after login is all you need to do.
:tb:
Thanks Abzoid.
Abzoid, so if i have any forms where I am entering sensitive information to be either checked against the database or entered against the database they should be on a secured page?
:p:
Yes, if you feel that there is a potential risk of the login data being “captured” if transmitted un-encrypted, and the consequences of un-authorized access into the password protected area warrants such caution.
In my opinion, unless you are dealing with customer credit card info or other sensitive data of a personal or financial nature, there really isn’t a need to encrypt the login, or even the admin area. However, if you already have a secure certificate for the domain the additional steps required to encrypt the login and admin are so are so minor that you may as well do so.
(for those that may not know, all you need to do to activate SSL once the certificate is installed on the server, is use full paths in all links and use https:\ in place of http:\)
Thanks again Abzoid. Very thourough.
:: Copyright KIRUPA 2024 //--