hi,

i hope someone can help me out.
i made a projekt in my university .
the problem i have now is that i have coded with dreamweaver mx some asp pages.
now i have to make it secure.
my prob is that i have just started to code in asp and i don't have many ideas how i can secure it.
i thought on ssl for example but the only thing i find in google is how to configure the iis . is that all or have i to write some code in the asp page ?
and next question is: has anyone an idea what i can do more ?
a user login for example i just coded but its not a real authentication.

the page runs on an w2k system with iis 5.0 and mssql database, coded with dreamweaver

thx in advance

If you aren't planning on releasing the source to the public, I wouldn't worry so much about security. I especially wouldn't worry about it if it is just an EDU project, unless you anticipate some of the "users" of the application will be actively trying to compromise it.

Is part of the project securing the website?

When you say securing, do you mean making the code bug free and not succeptible to attacks, or making the webpage have a login?

What exactly do you need to do?

here are some basic ideas on CGI hardening...

Lock everything by default.
Use Session ID (expiring cookies)
Validate everything (Using the Session ID)
always use HASHES when available...
Check all data before allowing it to pass through your routines.

I can't think of anything else quite yet, but i'm sure a quick search on google would help

thx coder for the ideas
@ grindler: yes the security is the main part of this projekt. i have to manage to keep the code bugfree so that no user without priviledge can for example hack the login and i need some kind of authentication against man_in_the_middle_attacks .

thx for your answers now i have something to work on

ps : any otherideas are still welcome