Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Feb 2007
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    hiding CDOSYS authentication info

    Hello,
    I am a librarian who started my new job seven months ago, knowing only HTML and CSS.... Since starting, I've been picking up ASP on my own. I have had to change all our forms from CDONTS to CDOSYS, and it is functioning properly when I test it. (The code is below; I changed email addresses and the server information for security).

    My question is, how do I hide the authentication information so no one else can download it from my form and use it to get into our server? Does the CDOSYS code inherently hide that info? I know that when I look at source code running ASP, I can never see that portion of the code. Being self-taught in ASP, I wanted to be sure I was covering all the security bases. Is this fine as it is?

    Note that the area to which I am referring should be bold and red in the code below -- that is what I don't want anyone to be able to get to. Thank you so much for your input.
    ~librarian7

    ' SEND EMAIL
    Const cdoSendUsingPickup = 1 'Send message using the local SMTP service pickup directory.
    Const cdoSendUsingPort = 2 'Send the message using the network (SMTP over the network).

    Const cdoAnonymous = 0 'Do not authenticate
    Const cdoBasic = 1 'basic (clear-text) authentication
    Const cdoNTLM = 2 'NTLM



    Dim StrFromEmail ' Added Code to allow form with blank email to be sent
    if Len(strEmail) = 0 then
    strFromEmail = "form@myemail.org"
    else
    strFromEmail = request.Form("Email")
    end if


    Set objMessage = CreateObject("CDO.Message")
    objMessage.Subject = "Subject goes here"
    objMessage.From = strFromEmail
    objMessage.To = "MyEmail@myemail.org"
    objMessage.TextBody = "Patron: " & strName & vbCrLf & vbCrLf & "Address: " & strStreet & vbCrLf & strCity & "," & strState & " " & strZipCode & vbCrLf & vbCrLf & "email: " & strEmail & vbCrLf & vbCrLf & "phone: " & strPhone & vbCrLf & vbCrLf & "> > > > " & vbCrLf & "Request: " & strDescription

    '==This section provides the configuration information for the remote SMTP server.

    objMessage.Configuration.Fields.Item _
    ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2

    'Name or IP of Remote SMTP Server
    objMessage.Configuration.Fields.Item _
    ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "NameOfMyServer.MyServer.org"

    'Type of authentication, NONE, Basic (Base64 encoded), NTLM
    objMessage.Configuration.Fields.Item _
    ("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = cdoBasic

    'Your UserID on the SMTP server
    objMessage.Configuration.Fields.Item _
    ("http://schemas.microsoft.com/cdo/configuration/sendusername") = "???How_Do_I_Hide_This?"

    'Your password on the SMTP server
    objMessage.Configuration.Fields.Item _
    ("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "How_Do_I_Hide_This?"

    'Server port (typically 25)
    objMessage.Configuration.Fields.Item _
    ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25

    'Use SSL for the connection (False or True)
    objMessage.Configuration.Fields.Item _
    ("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = False

    'Connection Timeout in seconds (the maximum time CDO will try to establish a connection to the SMTP server)
    objMessage.Configuration.Fields.Item _
    ("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60

    objMessage.Configuration.Fields.Update

    '==End remote SMTP server configuration section==

    objMessage.Send
    %>

  • #2
    Senior Coder
    Join Date
    Nov 2002
    Location
    North-East, UK
    Posts
    1,265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ASP is server-side. It is processed on the server before any output.
    This means that people cannot view the source code of the script.

    If they can then ASP is not setup correctly.

  • #3
    New to the CF scene
    Join Date
    Feb 2007
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Smile

    Thanks for this info! That was my understanding... but since I'm self-taught and new to ASP I wanted to confer with much more knowledgeable people to be safe. Thanks again.

  • #4
    New to the CF scene
    Join Date
    Feb 2007
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yes thats correct. People won't be able to view your ASP code.
    Sincerly,
    Zeeshan Ahmed
    CEO
    itHighway


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •