Random | random password | Web page Our previous password scheme is relatively simple, is the use of ASP discriminant instructions to detect the submission of the Web site password. For example:
<% If Request ("PWD") = "password" then%>
...... (Manage Web content)
<% Else
Response.Write "Password Error"
End If%>
This scheme obviously has many drawbacks, for example, due to some software security vulnerabilities, so that the source code is downloaded, resulting in compromised; Student network management replacement, password loss; each change password has to modify the source code, increase the workload and so on. There are a number of solutions for these problems, such as setting permissions, IP address detection, and so on. This paper introduces an automatic random cipher scheme, which is not only simple but also has high security.
Generate Random passwords
First, a program for generating random passwords running locally on the WWW server is compiled, and the random password is written to a text file Password.txt in the same subdirectory as the ASP Management Web page. This part can be written in any development language, the author uses VB. The program is very simple, and the control has only one lable, one text, and one command. The main source code is as follows:
Private Sub Form_Load ()
Dim Upperbound, Lowerbound, myvalue as Double
' The highest number of passwords
Upperbound = 10000000000#
' Minimum number of passwords
Lowerbound = 1
' Random password seeds are valued by time
Randomize
' Get random passwords
MyValue = Int ((upperbound-lowerbound + 1) * Rnd + lowerbound)
' Show random password
Text1.Text = myvalue
' Write a password to a text file
Open "... (ASP Management Network subdirectory)/password.txt "for Output as #
Write, MyValue
Close #
End Sub
Read, verify, and eliminate passwords
First read the password in the Password.txt file, and then overwrite the Password.txt file, writing a string that cannot be detected through the Admin Web page, such as "NoPass". This randomly generated password disappears, even if password.txt and Admin Web page source files are downloaded, still cannot be detected by admin Web page password. ASP manages the operation and detection code for Web pages as follows:
<%
Dim pswd1,pswd2
Whichfile=server.mappath ("Password.txt")
Set Fs=createobject ("Scripting.FileSystemObject")
Set Thisfile=fs.opentextfile (Whichfile)
' Read password
Pswd1=thisfile.readline
Thisfile.close
Paswd2= "NoPass"
Set Out=fs.createtextfile (Whichfile)
' Override password
Out.writeline (PASWD2)
Out.close
Set fs=nothing
' vs. password submitted and verify password is valid
If Request ("PWD") =pswd1 and Pswd1 <> Pswd2 then%>
...... (Manage Web content)
<% Else
Response.Write "Password Error"
End If%>
Summary
Need to note that: After running the automatic password program, it is best to immediately start the Management Web page read and eliminate passwords, otherwise the password exists in Password.txt, after all, is very unsafe.