Filtering usernames and passwords

TheMSsForum.com: The Microsoft Software Forum

I'm a newbie at VBScript so I apologize beforehand if this is something
that's been asked a dozen times already. I've inherited a login page
with a username and a password. The maxlen for the password is 64 and
the maxlen for the username is 100 (no problem handling this). However,
this is used against a Crystal Reports server that allows letters,
numbers and punctuation in these login fields.

I need to filter out characters that are not letters, numbers or
punctuation before the login is submitted. I work for a govt. agency
and a security expert was able to type in some script into one of the
fields and run it via VBScript and print a screenshot, so it's a big
deal and I've gotta disable it. Any help or pointers would be greatly
appreciated!
Top

Re: Filtering usernames and passwords by Al

Al
Tue Feb 21 21:07:40 CST 2006


<wgblackmon@yahoo.com> wrote in message
news:1140555907.001522.61510@o13g2000cwo.googlegroups.com...
> I'm a newbie at VBScript so I apologize beforehand if this is something
> that's been asked a dozen times already. I've inherited a login page
> with a username and a password. The maxlen for the password is 64 and
> the maxlen for the username is 100 (no problem handling this). However,
> this is used against a Crystal Reports server that allows letters,
> numbers and punctuation in these login fields.
>
> I need to filter out characters that are not letters, numbers or
> punctuation before the login is submitted. I work for a govt. agency
> and a security expert was able to type in some script into one of the
> fields and run it via VBScript and print a screenshot, so it's a big
> deal and I've gotta disable it. Any help or pointers would be greatly
> appreciated!

Do you want us to re-write this for you from scratch, or can you share some
of the code?

/Al


Top

Re: Filtering usernames and passwords by jefrie

jefrie
Wed Feb 22 07:37:29 CST 2006

Hi,

if i understand your question you need a way to check if a string contains
special characters like "!","§",";" and so on.

This is (imho) not a good solution, but maybe its a start:
Define your forbidden chars in an array like
forbiddenChars = Array("!","§",";")

WScript.Echo "--" & checkString("hallo;")



Use this function:

Function checkString(strCheckThis)
For i=0 To UBound(forbiddenChars)
If(InStr(strCheckThis,forbiddenChars(i))<>0) Then
checkString = True
Exit Function
End If
checkString = False
Next
End Function


kind regards
--
Jens Frieben (Germany)


"Al Dunbar [MS-MVP]" wrote:

>
> <wgblackmon@yahoo.com> wrote in message
> news:1140555907.001522.61510@o13g2000cwo.googlegroups.com...
> > I'm a newbie at VBScript so I apologize beforehand if this is something
> > that's been asked a dozen times already. I've inherited a login page
> > with a username and a password. The maxlen for the password is 64 and
> > the maxlen for the username is 100 (no problem handling this). However,
> > this is used against a Crystal Reports server that allows letters,
> > numbers and punctuation in these login fields.
> >
> > I need to filter out characters that are not letters, numbers or
> > punctuation before the login is submitted. I work for a govt. agency
> > and a security expert was able to type in some script into one of the
> > fields and run it via VBScript and print a screenshot, so it's a big
> > deal and I've gotta disable it. Any help or pointers would be greatly
> > appreciated!
>
> Do you want us to re-write this for you from scratch, or can you share some
> of the code?
>
> /Al
>
>
>
Top