Nate was excited. He landed his first "Fortune 500" contract at, not just a Fortune 500 company, but a Fortune 50 one. It was a fairly small project and a great foot in the door. Today an interactive brochure website, tomorrow a global content management system that leverages collective synergy to drive "outside of the box" thinking and formulate key objectives into a win-win game plan with a quality-driven approach that focuses on empowering key players to drive-up their core competencies and increase expectations with an all-around initiative to drive up the bottom-line. Nate could almost taste the enterpriesy goodness.

Though Nate's application didn't utilize any security or authentication, it was part of The Extranet and needed to follow a "strict set of Enterprise Security guidelines." No big deal. The guidelines were straight forward and mostly common sense: avoid SQL Injection, don't assume client-side code will run, etc. The only thing Nate needed was the "SecurityInclude.asp" file that all pages were required to include.

"Oh, no no no," the Corporate Information Technology Liaison chuckled, "that's a *secure* code file; we don't release *secure* code to vendors!"

No big deal. Nate used a dummy include file, developed the application, and sent it off to Corporate IT Liaison for deployment. Unfortunately, the application didn't work. It seemed to be a problem with the secret security include file.

The liaison suggested that Nate "try making various changes" to ensure that the application could accommodate the added security code. As you might imagine, this got him nowhere. He needed the secret security code.

Nate begged and pleaded with Corporate IT. No luck; it was simply too secure. Nate's client begged and pleaded with Corporate IT. Still, no luck. Nate's client's boss' boss begged and pleaded with Corporate IT. Finally! They gave in and allowed Nate to go on site and diagnose the problem in their testing environment.

And finally, Nate had a chance to see this secret security code file ...

''' BEGIN SecurityInclude.asp

Dim userID
userID = Request.Cookies("userid").Value

If (Len(userID) = 0 or Trim(userID) = "") Then 
  Response.Redirect ("/default.asp")
End If

''' END SecurityInclude.asp

... though it wasn't the cause of the problem, it sure gave Nate an idea of what type of enterprisey coding he'll need to soon master.