Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > security issue on error page with ASP code

Reply
Thread Tools

security issue on error page with ASP code

 
 
Pharoh
Guest
Posts: n/a
 
      07-10-2006
I've inherrited an application that I have to both support and maintain
here at work but it comes with one very big headache...

The employees who use it are not allowed access to the server it's
requried to sit on which means that my username and password have to be
included in the logon.asp page which I HATE! So when this fails, it
publishes my usernanme and password on the screen for the user to
see...brilliant!

Since nobody is willing to create a dummy account is there a way that I
can keep that line of code from displaying if in error? I've added the
code to this thread...

thanks!!

<authentication mode="Windows"/> Line 44: <!--<identity
impersonate="true"/>--> Line 45: <identity impersonate="true"
userName="########" password="########"/>

 
Reply With Quote
 
 
 
 
Bob Barrows [MVP]
Guest
Posts: n/a
 
      07-10-2006
Pharoh wrote:
> I've inherrited an application that I have to both support and
> maintain here at work but it comes with one very big headache...
>
> The employees who use it are not allowed access to the server it's
> requried to sit on which means that my username and password have to
> be included in the logon.asp page which I HATE! So when this fails, it
> publishes my usernanme and password on the screen for the user to
> see...brilliant!
>
> Since nobody is willing to create a dummy account is there a way that
> I can keep that line of code from displaying if in error? I've added
> the code to this thread...
>
> thanks!!
>
> <authentication mode="Windows"/> Line 44: <!--<identity
> impersonate="true"/>--> Line 45: <identity impersonate="true"
> userName="########" password="########"/>


This looks like an extract from a web.config file, so you're not talking
about ASP: you are talking about ASP.Net:

There was no way for you to know it (except maybe by browsing through
some
of the previous questions before posting yours - always a recommended
practice), but this (I am posting this via .inetserver.asp.general) is
a classic asp newsgroup.
ASP.Net is a different technology from classic ASP.
While you may be lucky enough to find a dotnet-savvy person here who
can
answer your question, you can eliminate the luck factor by posting your
question to a newsgroup where the dotnet-savvy people hang out. I
suggest
microsoft.public.dotnet.framework.aspnet.

The answer of course is to use Try...Catch to handle all errors and
avoid the error page you are talking about.
Alternatively, you should turn off detailed errors in your production
web.config. Either:
<customErrors mode="On" />
or
<customErrors mode="RemoteOnly" />


cc and Followup-To set to microsoft.public.dotnet.framework.aspnet

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cross-Page PostBack, Master page, and GridView issue in ASP.Net 2.0 steve.craver@gmail.com ASP .Net 0 05-22-2006 10:07 PM
ASP.NET framework issue, javascript code _ctl1:mainForm breaks IE, Error Expected ';' jbrag ASP .Net 0 12-15-2005 03:29 PM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM
Security problem with Managed Code calling Unmanaged Code in a Web Page GAH ASP .Net Security 0 07-11-2003 06:27 PM
Calling a html page from an asp page then returning to the next statement on the original asp page Chuck ASP General 0 07-05-2003 02:00 AM



Advertisments