compulsorily pass through the login.html
-
hello friends I am developing a web application to connect to a mariaDb database. I have 04 tables (table 1, table 2, table 3, table 4)
to have access to the first table I made a coinnection form but my problem is that if a person knows the link of table 2 he can display it. I want to force everyone to connect before having access to my web application... is this method possible? -
hello friends I am developing a web application to connect to a mariaDb database. I have 04 tables (table 1, table 2, table 3, table 4)
to have access to the first table I made a coinnection form but my problem is that if a person knows the link of table 2 he can display it. I want to force everyone to connect before having access to my web application... is this method possible?Never grant direct database access to your customers, even when they are authenticated. The problem is not that they can run all the
SELECTqueries, the problem is that they can run all sorts of queries;DROP,DELETE, etc. Now, the login.html part comes in based on your web framework. In ASP.NET, for example, you can require that the users be authenticated, and the same is the case for Python and other major frameworks. So, read the documentation on how to require only authenticated users to be able to make a request and read the page. [Overview of ASP.NET Core Authentication | Microsoft Docs](https://docs.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-6.0) Otherwise, always redirect to the login.html page. Again, tip: even when the user is authenticated, never grant them access to the open database connections. Only return the fetched results in a form of a list.The shit I complain about It's like there ain't a cloud in the sky and it's raining out - Eminem ~! Firewall !~
-
hello friends I am developing a web application to connect to a mariaDb database. I have 04 tables (table 1, table 2, table 3, table 4)
to have access to the first table I made a coinnection form but my problem is that if a person knows the link of table 2 he can display it. I want to force everyone to connect before having access to my web application... is this method possible?One of various ways to do this: Use a dynamically created web page for the page that you do not want to be directy accessed. When page one is accessed, properly, and with your predetermined permission; then page two is made available via a javascript that directs them to page two with it's dynamically created name. Example: Page 1 = daPage01.html Page 2 = [does not exist except in the database] User goes to Page 2 : Oh wait! There is no Page 2. That page is still in the database. User goes to Page 1. There is no link to Page 2. User does what YOU want them to do on Page 1. Page 2 is created dynamically with a changable name. Exmaple: daPage12E13F4576496587G5447868764K5P7q84578_02.html Page 2 is then added to Page 1 for that user to click on and to go to. Later that user goes to Page 2 via that link. Oh wait! When they were detected of having closed or left Page 1 and *also* closed or left Page 2 then Page 2 was removed from the system. There is no Page 2 for them.