Database at the core of the site, all the SQL intrusion is directed to the database. Once the site's database is downloaded, even if your database is MD5 encrypted, it can be violently cracked.
Come out. The user's information is lost, is to oneself is also a kind of harm to the user.
How to prevent the database from being downloaded.
Here is an article I picked from the Internet.
-------------------------------------------------------------------------------------------
Several ways to prevent the database from being downloaded
Many dynamic sites use a large number of databases, and the database is naturally a core document of a site. Once the database is downloaded, it is highly likely that the site will be damaged by malicious people. Or
People to steal information. It's really sad. Is there any way to prevent the database from being downloaded?
The methods provided below apply to users who use virtual host space and to users with IIS control!
One: The purchase of virtual host space, suitable for no IIS control
1: Play Your imagination modify the database file name
This is the most basic. I don't think there are many people who don't bother to change their database file names right now. As for what to change into, you do it yourself, at least to ensure that the file name is complex, not guessing
。 Of course this time your database is located in the directory is not open Directory browsing permissions!
2: Database name suffix to ASA, ASP, etc.
This heard is very popular, but I tested many times, found that is not ideal, if you really want to play to prevent the role of download, to do some 2 into the field to add settings,---a word, complex
and complex (if you have a lot of database, this method is not very good)
3: Database name before adding "#"
Just add the first name of the database file to the #, and then modify the database address in the database connection file (such as conn.asp). The principle is that the download can only identify #号前名的部分, for
The back of the automatic removal, such as you want to download: http://www.pcdigest.com/date/#123. mdb (if present). Whether it's IE or flashget, it's all down.
Http://www.pcdigest.com/date/index.htm (index.asp, default.jsp etc you set up in IIS homepage document)
In addition, in the database file name to retain a number of spaces also play a similar role, because the HTTP protocol to address the specificity of resolution, the space will be encoded as "%", such as
http://www.pcdigest.com/date/123 456.mdb, download the time Http://www.pcdigest.com/date/123%456.mdb. And our catalogue has no 123%456.mdb.
This file, so the download is also invalid after such modifications, even if you expose the database address, under normal circumstances, others are also unable to download!
4: Encrypt the database
After you open your database in exclusive mode with access, after the tool-security-set database password, encrypt the database connection page, such as:
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
