Server Security experience to prevent illegal Login

1. Perform Security Configuration on the database. For example, the account/password/permission used by your program to connect to the database. If you are browsing news, use the read-only permission; you can use different accounts/permissions for different modules. In addition, you must strictly Configure which stored procedures can be called for the database, and disable all unused stored procedures (especially cmd ), prevent system calling by using database Stored Procedures after injection;

2. Strictly filter parameters submitted by the client, including the parameter length and type;

3. Strictly protect the Administrator's background. If conditions are met, you should set it to only allow access from specific IP addresses (for example, only access from administrator CIDR blocks). This depends on the actual situation;

4. Perform Security Configuration on the operating system to prevent system calling after injection. For example

Cmd.exe/tftp.exe/ftp.exe/net.exe

All these files are transferred to other directories, and strict permission assignment is performed on the directories;

5. Set network access control;

6. If conditions are met, configure HTTP Content Filtering to filter out viruses and malicious scripts;

7. If necessary, you can consider using HTTPS to prevent many injection tool scans. When I used to develop an injection detection tool, I considered using HTTPS, however, it has not been implemented yet.

As you can see, in general, the program mainly considers permissions and parameter filtering. Permissions mainly include IIS browsing permissions and Database Calling permissions. In addition, security configurations of databases and operating systems must be considered. In addition, I don't know if you will use components developed by others during the development process, such as slice upload. Have you studied the security of these components? Or in the development process, the vast majority of people will use off-the-shelf Code provided on the Internet and books, such as user login verification, and other public code, also need to study its security issues.