| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 30533 | 2003-02-22 07:49:00 | ASP Error: " required | agent (30) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 123222 | 2003-02-22 07:49:00 | Microsoft VBScript runtime (0x800A01A8) Object required: '' /tmp.asp, line 903 That's the error I'm getting. The only code sitting on line 903 is DB.Close Never got this error before. Don't know what the hell it's on about, because you don't need a " to close a database connection. This is just part of the trouble I've gone to to make encryption in ASP. I can pass a string to the page, which in turn breaks the string into it's individual characters (code for this involves multiple Left, Right functions), then replaces each character with it's corresponding randomly-generated 128 character long string and puts it all together to form the final password which will go into the official database - anyone know of an easier way? Takes up 1800+ lines of code at the moment, and still needs completion, taking it up by a further ~1000 lines. |
agent (30) | ||
| 123223 | 2003-02-22 07:53:00 | Sorry, don't know if it matters, but I didn't realise it was two inverted commas, not speech marks | agent (30) | ||
| 123224 | 2003-02-23 02:00:00 | I'm not quite sure why you are reinventing the wheel when it comes to data encryption. There are numerous asp and com objects available that handle encryption out there, try google search: asp encryption script, or asp encryption com object. I always let other software handle encryption because native languages such as c/c++ are more suited to the types of data manipulation you are doing. If you are entering an encrypted password into a database you will find most offer inbuilt functions, for example mySQL has the MD5() function and many others. If you are using an Access database I would suggest trying MySQL as it offers far more flexibility, speed and upscaling (and its opensource - www.mysql.com). Use it in conjunction with the mySQLFront GUI and you can't go wrong. To use the encryption the SQL statement would read: INSERT INTO yourtable (name, password) VALUES ($NAME, md5($PASSWORD)) where $NAME and $PASSWORD are asp variables. Back to your first question ensure the variable DB has been declared as the database (not db, dB or Db) and also change the line to read: DB.close() as close is actually a function with no variables. I'm not really a VBScripter but it is good programming to include such things. P.S. 1800 lines seems very long for such a simple encryption algorythm. You would be better off reading the password string one byte at a time and passing this byte to an encryption function, at max 100 lines. |
paintbuoy (3087) | ||
| 123225 | 2003-02-23 04:29:00 | I would recommend taking a look at ASP 101 (www.asp101.com) for a scripting encryption. You will see a .zip to download there. GL radz:p |
raddersnz (684) | ||
| 123226 | 2003-02-23 04:34:00 | Or better yet, MSDN (msdn.microsoft.com) is where you download the script encoder from. radz:p |
raddersnz (684) | ||
| 123227 | 2003-02-23 10:20:00 | Heh, well, here's something you probably don't know - I prefer to do everything myself. No using third party ASP applications, such as forums, or registration forms, stuff like that. I build everything (except the login - got that from Brinkster) from scratch. Any errors I try to fix, then search for if that doesn't have any results. I prefer VBScript over JScript - probably because it's easier for beginners, but also because the functions are more straight foward to me, kind of like me comparing ASP (which I have knowledge of) to PHP (which looks like jargon, but on closer inspection I can see the ASP equivalents, eg PHPs Require is like ASPs Include function). And here's the line count for the final page, which does actually work (that error just disappeared): 5004 lines of code, largely taken up by If Then statements for the password being between 5 and 40 characters, then having 5-40 lines of separating each character, then 5-40 'SELECT encyrpted FROM table WHERE character = single character from password' statements, then 5-40 database queries and updates :D At least it works, though I might take your advice, paintbuoy. And I guess MD5 is probably better than what I'm doing - at least then I wouldn't be able to reverse-encrypt people's passwords and find out what they are (not that I'm planning on, though I could do it for users with forgotten passwords). Don't know how my "encryption" compares to MD5 or other standards - if anyone can tell me, I replace each character with 128 characters, which are essentially, very very random (random password generator used here). Does this make my crap, able-to-be-reversed "encryption" 128-bit? I could always increase it to 1024 characters... |
agent (30) | ||
| 123228 | 2003-02-23 22:23:00 | Take a look at this site: aspnet.4guysfromrolla.com It has a good introduction to MD5 encryption and database security. The code is in VB.Net however. MD5 encyption is a one way hash encoding system. A one way hash function is based on very large numbers that has only a single pair of solutions. The key to this encryption is knowing the very large factors of the even larger number. Because of the maths involved each encrypted entry will have a globally unique value. Your system runs the risk of generating duplicate entries due to the random number generation code. You should also note that the VB random number function is not so random... If you are interested in doing your own complex stuff then maybe you should look at learning VB.Net (which has support for a wider range of functionality) A good book for this is "Beginning ASP.Net with VB.Net" by Wrox Press. Its a great introduction to both VB.Net and the .Net platform (XML, Web Services, Security and Object Orientated design principles). PS. Don't be put off by the local price of the book. If you order it from Amazon you can save $$ |
paintbuoy (3087) | ||
| 123229 | 2003-02-23 23:04:00 | Without seeing the code I don't know but it appears the equivalent of a case statement would be more efficient than most of the if statements. I program in Delphi so am looking at it from that perspective. |
mikebartnz (21) | ||
| 123230 | 2003-02-24 04:38:00 | If you are still stuck on the original problem, check the lines before the error line. The " is probably required there to close something before you start the new command "close". | Heather P (163) | ||
| 123231 | 2003-02-24 07:28:00 | Thanks for the help folks. Anyway, for the moment, I might stick with my encryption, though I am currently thinking of expanding it. If I do expand it (and it's very likely I will), then I will use the Windows Script Encoder (thanks to radz for that ;)) to encode the entire page that I use for the encryption process, so that none of that code will be visible, including the password to access the encryption key database. I'll also build on the encryption key database (which will also mean the encryption page...) so that it uses a different set of keys depending on how long the password is. This will mean I will have a further long time adding complete new tables and data to the database. A lot of work. And, once I'm finished, as I currently can see (point it out if I'm wrong), nobody can decrypt the stored passwords without using Windows Script [Un-]Encoder (can it actually unencrypt the page?) and then opening the encryption key database, working out which set of keys was used (could be rather hard when you'll be looking at a string (the encoded password) that could range between 40960 and 2621440 characters - yes, that's right, I forgot to mention that after the password string has initially been encoded with a set of keys that depend on a certain length, that resulting string will then be encoded with a fixed set of keys. And as for me being able to unencrypt it all... I'll just keep the code to do that away somewhere safe where only I know it is, as there may be a need to unencrypt information from the database sometimes, but it's not as if I would actually want users passwords... after all, as an admin, I get far more features than normal users, and the option to pose as a normal user or an admin. |
agent (30) | ||
| 1 | |||||