I need to improve the login security in webshop system running in classic ASP / VBscript.
Right now the password is salted and hashed but I want to improve the protection against session hijacking. I'd prefer it in the form of a function that validates the user.
I have my own dedicated server and Persit installed ([url removed, login to view]).
You will not get access to the server.
I expect you to be experienced in this field.
I will also require you to describe the funtionality, the pros and the cons. You need to do this together with your bid, otherwise there is no way for me to determine that you are the right one for the job.
I'm open to suggestions regarding how you want to solve this. I've browsed around a lot for a acceptable solution to this but I cant find anything specific that caught my eyes. Right now I do not have access to SSL, but from what I understand SSL does not really solve the problem.
I do understand that there's nothing that can garantuee 100% security. But that's why it is so important why you describe and explain the solution you are suggesting.
I recommend that you look at the functions available from Persit ([url removed, login to view]) because that might save you some work if you want to hash or encrypt. I have ready functions for hashing and encypting/decrypting. If you want it in md5 you just enter *hashmd5("myvalue")* or *hashsha1("myvalue")* for SHA1 hash. I also have a symmetric encryption function *encryptB64("myvalue")* and *decryptB64("myvalue")* which is based on this: [url removed, login to view]
You are of course welcome to use any functionality in Persit you want or provide your own scripts. However, any scripts of your now must be in plain text so that I can check that it does not contain any harmful code.
Please understand that your suggestion might turn up on [url removed, login to view] in order to discuss the pros and cons.
Since you will not be give access to my server the solution must be implementable by me. This is why I suggest making this in the form of a function that can be called. Example: