Inventory Management System
Fajar Saleem
Registration Number: 03-3-1-015-22
| # | Security Feature | Description |
|---|---|---|
| 1 | Role-Based Access Control (RBAC) | The system restricts access to specific pages and functionalities based on user roles (Admin, Manager, Viewer). For example, only Admins can access product or shipment management pages. This prevents unauthorized access. |
| 2 | Session Management | After successful login, session variables store user role and ID. Each protected page verifies session status to ensure the user is logged in and authorized. If not, the user is redirected to the login page. |
| 3 | Input Validation | All form fields use ASP.NET validation controls (e.g., RequiredFieldValidator, RegularExpressionValidator) to ensure only valid, well-structured data is submitted to the backend. This prevents broken or malicious inputs. |
| 4 | Parameterized SQL Queries | Database queries are written using parameters to prevent SQL Injection attacks. This ensures that user input cannot alter the intended SQL commands. |
| 5 | Authentication System | The login mechanism checks the username and password against database records. Credentials are verified before granting session access, ensuring only registered users can use the system. |
| 6 | Secure Redirection and Page Access Check | Each sensitive ASPX page (e.g., AdminDashboard.aspx, ManageProducts.aspx) has code that checks user role using session variables. Unauthorized users are redirected to login, preventing direct access via URL. |
| 7 | CAPTCHA on Login Page | Prevents automated bots or brute-force attacks on your login page. Use Google reCAPTCHA or a simple custom math CAPTCHA (like "What is 5 + 3?") before login is processed. |