Help
Posted 21 October 2004 - 01:23 AM
IM looking for an .ASP registration script, with no PHP at all. It absolutly can NOT be PHP. It needs to be injection safe, and it can be simplistic, but CAN NOT be PHP. I need it because i want to host it elsewhere, cause i dont want to setup a whole apache server on my machine for 1 thing. So, any help would be awesome.
Page 1 of 1
Request Asp .ASP Registration Script
#2
kg4hpz 
- Average Member
-
- Group: Members
- Posts: 168
- Joined: 20-January 04
Posted 21 October 2004 - 03:37 AM
check out the ASP info pages stuff i posted. i'm working on the major update to it...but the reg page(not written by me, but modified some) is included. that should help you. the newest update is almost done. i'm adding in a login section, and user permissions right now.
#5
maldiablo
- Spread too thin.
-
- Group: Administrators
- Posts: 1428
- Joined: 31-July 03
- Gender:Male
Posted 22 October 2004 - 01:56 AM
Easiest way to make a script safe from injection whether it's php or asp is to have it used the built in aegis stored procedures. You don't even have to validate the input that way since stored procedures can't be injected.
The only way a stored procedure can be vulnurable to injection is if there is an exec statement within it, and even then it can be avoided with a little validation.
What are you looking for in your registration page exactly? Just username, password, sex, email address? Or maybe a bit more? The only reason I'm even asking is that I'm currently working with asp at my job and could use a very very small side project to practice on.
No promises though, but still, lay some details on me and I'll see what I can do.
**edit. I have a registration script built now, does the following:
- works completely through aegis stored procedures
- includes md5 encryption support without external addons.
- validates all input (username/password length)
- validates that a username isn't taken
- partial email address validation (checks for @ and .)
I'll release it some time in the future when I'm less busy and clean up the code a bit to allow for more customizations. For now, a simple screen shot should suffice.
http://asb.groundtactics.com/maldiablo/registrationtest1.jpg
See? very simple on the outside, but what's going to make it unique is the fact that it's probably the most secure out there. To add to it, if I so desired, I could add input validation anyway to lock out certian char sequences to stop injection attempts altogether, but that shouldn't be necessary.
At first I was suprised nobody's done this by now, but then I realized why when the code I wrote to use the just 3 stored procedures is over 300 lines long.
The only way a stored procedure can be vulnurable to injection is if there is an exec statement within it, and even then it can be avoided with a little validation.
What are you looking for in your registration page exactly? Just username, password, sex, email address? Or maybe a bit more? The only reason I'm even asking is that I'm currently working with asp at my job and could use a very very small side project to practice on.
No promises though, but still, lay some details on me and I'll see what I can do.
**edit. I have a registration script built now, does the following:
- works completely through aegis stored procedures
- includes md5 encryption support without external addons.
- validates all input (username/password length)
- validates that a username isn't taken
- partial email address validation (checks for @ and .)
I'll release it some time in the future when I'm less busy and clean up the code a bit to allow for more customizations. For now, a simple screen shot should suffice.
http://asb.groundtactics.com/maldiablo/registrationtest1.jpg
See? very simple on the outside, but what's going to make it unique is the fact that it's probably the most secure out there. To add to it, if I so desired, I could add input validation anyway to lock out certian char sequences to stop injection attempts altogether, but that shouldn't be necessary.
At first I was suprised nobody's done this by now, but then I realized why when the code I wrote to use the just 3 stored procedures is over 300 lines long.
Share this topic:
Page 1 of 1