Is this secure enough? I don't have any experience with classic ASP or VBScript.
I have a classic ASP page that takes in form data and sends it to another classic ASP page that makes a connection to the database. I use this for my CSRF token on the form input page:
<%
Dim token
token = CreateGUID()
Function CreateGUID()
Dim tmpTemp
tmpTemp = Right(String(4,48) & Year(Now()),4)
tmpTemp = tmpTemp & Right(String(4,48) & Month(Now()),2)
tmpTemp = tmpTemp & Right(String(4,48) & Day(Now()),2)
tmpTemp = tmpTemp & Right(String(4,48) & Hour(Now()),2)
tmpTemp = tmpTemp & Right(String(4,48) & Minute(Now()),2)
tmpTemp = tmpTemp & Right(String(4,48) & Second(Now()),2)
CreateGUID = tmpTemp
End Function
%>
<input type="hidden" ng-model="user.token" value="<%=token%>">
I'm using an AJAX call (with AngularJS if that matters) in the same page to post the form data to the page that will make a connection to the database.That page looks like this:
<%@ LANGUAGE="VBScript" %>
<%If Request.ServerVariables("REQUEST_METHOD") = "POST" Then%>
<%If Request.Form("token") = Session("token") Then %>
'here I make connection to database and and insert rest of form data in database