Article Discussion: Tips To Prevent Improper Use Of Your ASP Scripts

Tips To Prevent Improper Use Of Your ASP Scripts If you have any questions or comments on this article then please post them here.

You can read the article here .

Nice article. One small issue.

The article pretty much says that client based info isn't trustworthy. I agree 100%. But the author then goes on to use HTTP_REFFERER with his script. Users should be warned that this is client based, and can be faked.

HTTP_REFERER could be faked but by combining all these techniques, scripts should be much more secure. Also I would like to add something that I think I discovered was wrong after I originally wrote this: when you check to see if variable data is a number, do NOT check if it is also less than 0 in the same If/Then statement; nest another if statement for if the data passes as a number.

Though this article was written quite a time ago, I have just found it and liked it. I have one question:
I need to pass an SQL string from one ASP page to another. I need it to be done without using forms, as well as without using session variables (since, as I quess, if I will open more than one instance of the page, the same session variable will be overwritten, and I don't need it). Can you please advice what to do? At the present time I am used to pass the SQL string via querystring, and have put the HTTP_reffer check you suggested.
Thank you.

Whats wrong with just using another session variable?

Actually, I spent whole the night doing it and have done it!
I have used a session variable, which name is current date/time (this allows it to be unique all the time). The next page simply pass this ID as a URL parameter, and so on.
Thank you!