Posted by [IP Address: 209.214.107.221] 'HERC' on September 10, 2001 at 16:06:45 EST:
In Reply to: Passing LOGIN-ID to an ASP page posted by [IP Address: 209.214.107.221] 'SRK' on September 10, 2001 at 14:40:48 EST:
Do NOT pass that info in the URL.....it will be passed as READABLE text....I know it is just the login ID, but that can be enough for even a brute force hack. You don't really want that now do ya? Well, you mention ASP, so in a MS environment, you can now pass variables/params from the server back to itself basically. We did a similar thing on a recent project with the User ID and Password and the MS guys there hipped me to this *new* way. It's basically like the server asking itself for the credentials. Uhm....I will have to poke around and find exactly the info on it, but search around MS site's for ISAPI filter or server-side processing info. Aside from that, you can always use the simple ol' non-persistent cookie to grab the info.....that's the K.I.S.S. solution. haha Well, as always....hope this helps. Till next time...
HERC