Security issues related to asp program login verification
First read a piece of code
<%
If Request. cookies (CookiesKey) ("xxxxxxadmin") = "" then
Call ERRORMESSAGE ()
Response. End ()
End if
%>
This is a piece of login verification code.
The error message is displayed if the COOKIE value xxxxxxadmin = is null.
Since it is not allowed to be empty, it will be forged, for example: asdf
Solution:
If Request. cookies (CookiesKey) ("xxxxxxadmin") = "" then changed to if Request. cookies (CookiesKey) ("xxxxxxadmin") <> password then
The password function queries the database.
<> Not equal
The error message is displayed if xxxxxxadmin is not the same as the password.
What if he guessed your MD5 password ?? If he cannot crack it, he will counterfeit the MD5.
Solution: Use SESSION Verification
The SESSION adds security because the SESSION can only be obtained from the server.
Even if hackers get the MD5 value of your password
The SESSION is generated unless the other servers are noticed.