Review

Understanding ASP and IIS security isn't difficult, and you need to master the basic concepts in this chapter before you can start effectively using administrative Web pages. The most important lesson, as in any security discussion, is to trust no one. Always check input values and parameters to make sure they're what you expected, and always validate user identity before performing any tasks. ASP and VBScript provide some functionality to make identity validation and data scrubbing easy, and IIS itself provides a number of features to help secure and protect your administrative Web pages.

COMING UP

In the next chapter, I'll help you put it all together with two complete, systematic examples of designing and writing administrative Web pages. I'll build on the examples in Chapters 13 and 20, where you practiced your script design skills, and show you how to start with a basic static HTML page and create a functional, useful Web-based administrative tool.