10 types of security measures in ASP.

One, MD5 encrypted user password

The system user password using MD5 encryption, which is a very high security encryption algorithm, is widely used in file authentication, bank password encryption and other fields, due to the irreversibility of this encryption, in the use of more than 10 letters plus the number of random passwords, there is little likelihood of ************.

Second, the cookie encryption a

When you save cookies, the data stored in cookies is improved with a special encryption algorithm based on MD5 encryption and a random encryption factor is added. Because it is not using standard MD5 encryption, the data stored in cookies cannot be decrypted. Therefore, hackers trying to use counterfeit cookies to attack the system becomes completely impossible, the system user information becomes very safe.

Third, SQL injection protection

The system has four security protections in the area of anti-SQL injection:

First, system-level SQL anti-injection detection, the system will traverse the detection of all use of Get, POST, cookies submitted to the server data, if found to be used to construct an injected SQL exception code, the system will terminate the program run, and log logs. This security shield, before connecting to the database, is able to block almost all SQL injections and data submissions that compromise the site's security before connecting to the database.

Second, program-level Security imitation SQL injection system, in the application, before the SQL query statement, the system will be taken from the external data, and brought into the SQL-assembled variables for security validation, filtering may constitute injected characters.

Third, prohibit external submission of forms, the system prohibits the submission of forms from other domain names outside of this domain name, preventing the transmission of offensive code from external jumps.

The database operation uses all the important data operations of the stored procedure system, all using stored procedures, to avoid assembling SQL strings, so that even through the layer of SQL injection filtering offensive characters still do not work.

Four, Trojan Horse and virus protection

For possible trojan and virus problems, the system believes that in the case of server settings security, external security issues, mainly users may upload viruses and Trojans, made the following four layers of protection

First, the client file detection, before uploading, to prepare the uploaded files to detect, if found not the server set to allow the upload of the file type, the system refused to upload. If the client masks the detection statement, the upload program is also blocked and the system cannot upload any files.

Second, server-side file security detection, to the file uploaded to the server, the program before the file is written to disk, detect the type of file, such as the discovery is likely to constitute a server security issue of the file type, that is, all the programs can be executed on the server, the system refused to write to disk. This ensures that the virus and Trojan programs that are not uploaded may be propagated on the server.

Third, to have the rights of the server, the system adopts the upload is the compression policy, all uploaded in addition to picture files, video files, and other types of files, one but upload, immediately compressed to RAR, so, even if the included Trojan can not run. Does not pose a threat to website security.

The bottom of the file type detection system to the file type of the underlying level detection, because not only to detect the extension, but the actual type of the file detection, so can not be changed by extension to escape security authentication.

V. Authority control SYSTEM

System set up a strict and effective rights control system, who can send information, who can delete information and other rights set the system a total of dozens of detailed settings, and the site can be set different columns completely different permissions, all permissions on multiple levels strictly control permissions.

Vi. IP Records

The IP address library, in addition to recording all the important operations of the IP, also recorded the IP region, the system built about 170,000 IP signature records.

Detailed IP record all creation record, edit record behavior (such as send article, comment, send station inside letter etc.), all record this operation occurrence Ip,ip area, operation time, for future reference. This data is critical and necessary when security issues are identified.

Vii. Hidden Program Entry

There is a full-station generation static page system can generate HTML static files, so that the site's execution program is not exposed to the Web services, HTML pages do not interact with the server-side programs, hackers are difficult to attack the HTML page, it is difficult to find the target attack.

Viii. Limited written documents

All the write file operation of the system only occurs in one Upfile directory, and the files in this directory are all just read and write, can be set by Windows security settings, the files in this directory are read-write only, not executed, and other folders where the program is in the execution and read permissions, This makes it impossible for destructive files to destroy all program execution files and ensure that these files are not modified.

Nine, the order data of MD5 calibration

In the Mall order processing, the submitted order information is MD5 verified, so that the data is not illegally modified.

X. Code to compile and execute

Code compilation execution is faster and more secure because of. NET development

I use these methods, make the website program called the website Express, everyone to see, is not safe.

10 types of security measures in ASP.