All geek questions in one place

How to make the admin site safe?

very simple question: I have an admin site in my web project. So how can I do this in safety?

What I have so far:

  • The database processes the user with userID and userlevel
  • in pageload of the administrator’s main page (which includes all admin sites) there is a suggestion to check whether userID is in order (get the user from the database) and if the user level is right.
  • If not, redirect to Default.aspx with the usual main page
  • if yes, go

How safe is it?

Edit:

  • The user ID is stored in a session on the server.
  • Unable to save login (without cookies).
  • The user must be logged in to receive the user ID in the session
  • user_log , , ip, loginsucceeded userID
+3
2

. , UserID, . , . sometype , . SSL, IP .., .

- , . . , .

: , , , . ? SSL? highjacking? IP- IP- IP- UserID ?

. , , , .

+1

Windows.

  • IIS " "
  • " "
  • " Windows"

, , . , - , . -, ..

, , SQL-, ASP.NET. . ASP.NET, , ASP.NET - , , , .

0

Source: https://habr.com/ru/post/1721905/

More articles:


All Articles