Top 10 measures to ensure system security

Recently, a background management system has been improved. The requirements of superiors are security, and sweat ...... I also know how important the security of a system is. The following are ten important protection measures taken online. To sum up these measures, you can add them to your favorites, I think there are better options for everyone to come up and learn together.

1. MD5 encryption of user passwords
In this system, the user password is encrypted with MD5, which is a highly secure encryption.AlgorithmIs widely used in file verification, bank password encryption and other fields, because of the irreversible nature of this encryption, when using a random password consisting of more than 10 letters and numbers, there is almost no possibility of cracking.

Ii. Cookies Encryption
When the system saves cookies, it adopts an improved dedicated encryption algorithm based on MD5 encryption and adds random encryption factors to the data stored in cookies. Because standard MD5 encryption is not used, the data stored in cookies in the system cannot be decrypted. Therefore, it is completely impossible for hackers to attack the system by forging cookies, and the user information of the system becomes very secure.

III. SQL Injection Protection
the system has set up four security measures to prevent SQL injection:
1. System-level SQL anti-injection detection. The system traverses the data that the system uses to send get, post, and cookies to the server, if an exception Code is found, the Program is terminated and logs are recorded. Before connecting to the database, this security protection can submit almost all SQL injection and data that harms website security in the front of the database connection.
2. Program-level security imitation SQL injection system. In an application, the system obtains data from the outside before creating an SQL query statement, and bring the assembled SQL variables for security legality verification to filter the characters that may constitute the injection.
third, external submission forms are prohibited. The system prohibits the submission of forms from other domain names outside the current domain name to prevent transmission of attack code from external jumps.
4. Database Operations use all important data operations of the stored procedure system for parameter query to avoid assembling SQL strings, so that even the SQL injection and filtering through layers of attacking characters still cannot play a role.

Iv. Trojan and virus protection
In view of possible Trojan and virus problems, the system believes that when the server is set to secure, external security problems are mainly caused by the possibility of users uploading viruses and Trojans, the system provides the following layer-4 protection:
First, check the client file. before uploading, check the file to be uploaded. If the file type is not set by the server, the system rejects the upload. If the client shields the detection statement, the upload program is blocked at the same time, and the system cannot upload any files.
2. server-side file security check. before uploading files to the server, the program checks the file type before writing the files to the disk. if it finds that the files may constitute the file type of server security problems, that is, all programs that can be executed on the server are not allowed to be written to the disk. To prevent viruses and Trojans that may not be uploaded on the server.
3. for servers with permissions, the system adopts an upload-as-you-go compression policy. All uploaded files, except image files and video files, are uploaded only once, immediately compress the file to rar, so the file cannot run even if it contains Trojans. It cannot be a threat to website security.
4. The underlying file type detection system detects the file type at the underlying level. because it not only detects the extension, but also detects the actual file type, therefore, security verification cannot be escaped by modifying the extension.

V. Permission Control System
The system has set up a strict and effective permission Control System, which allows users to send messages, and who can delete information. The system has dozens of detailed settings, different permissions can be set for different sections of the website. All permissions are strictly controlled at multiple levels.

Vi. IP record
In addition to the IP addresses that record all important operations, the IP address Library also records the IP address location. About 0.17 million IP address feature records are embedded in the system.
Detailed IP records all creation records and edit record behaviors (such as sendingArticleThe IP address, IP address location, and operation time of the operation are recorded for future reference. This data is critical and necessary to identify security issues.

7. hidden program Portals,
The system has a static page generated by the whole site. The system can generate HTML static files on the whole site so that website execution programs are not exposed to Web Services. html pages do not interact with server programs, it is difficult for hackers to attack HTML pages and find targets.

8. Limited file writing
All file write operations in the system only take place in one upfile directory, and all files in this directory only need to be read and written. You can set file read-only writes in this directory through Windows security settings, do not execute, and the other folders where the program is located only need to execute and read permissions, so that destructive files cannot destroy all program execution files, so that these files are not modified.

9. Order data for MD5 Verification
In order processing of the mall, MD5 verification is performed on the submitted order information to ensure that the data is not modified illegally.

10. Compiled and executed code
Because it is developed based on. NET, code compilation and execution is faster and safer.