Security risks and Countermeasures of ASP + Access (continued)

To prevent unregistered users from directly accessing the application system through the registration interface, you can use the Session object for registration verification. The biggest advantage of a Session object is that it can retain the information of a user so that subsequent web pages can be read. For example, design the registration page shown in 1.

After the user registration is successful, the system starts hrmis. asp? Page = 1 page. If the Session object is not used for registration verification, the user clicks "URL/hrmis. asp?" in the browser? Page = 1 "to bypass the registration interface and directly access the system. The Session object can effectively prevent this situation. The related program code is as follows:

 

<% Read the account and password entered by the user
UserID = Request ("UserID ")
Password = Request ("Password ")
Check whether UserID and Password are correct (the actual program may be complicated)
If UserID <> "hrmis" Or Password <>
"Password" Then
Response. Write "Account Error !"
Response. End
End If
Set the Session object to the verified status
Session ("Passed") = True
%>

After entering the application, first verify:

<% If the verification fails, the Login status is returned.
If Not Session ("Passed") Then
Response. Redirect logs login.htm"
End If
%>