web protection sophos

1. Database Security 1, ms SQL Server database security Sa-level users are not allowed to connect to the database on the Web. Solution: Delete the sa user and create a new user with the sa permission. the user name and password are as complex as they are. To prevent brute-force cracking. Create a web connection user, remove all server roles, and add the database and db_public identity to the user ing. If yo

I. Common Web security and protection principles1.sql Injection principleis by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually reaching a malicious SQL command that deceives the server.protection, in general there are the following points:1, never trust the user's input, to check the user'

Objective Tencent as a company-level webserver vulnerability protection system, the current Tencent Door God System (hereinafter referred to as God) has covered nearly million webserver servers, daily processing of HTTP data packets up to tens of billions of. There are many kinds of realization of WAF, see "Mainstream WAF architecture analysis and exploration" in details. According to the company's business characteristics, we have adopted the "serv

must be deployed for websites engaged in network transactions; 2. Web application protection based on attack behaviors; 3. Able to protect the architecture of Web websites, with Web specificity and report functions. "In addition, the real WAF should take both security and performance into account," Grant Murphy added.

SQL injection principleis by inserting a SQL command into a Web form to submit or entering a query string for a domain name or page request, eventually reaching a malicious SQL command that deceives the server.In general there are the following points:1. Never trust the user's input, to verify the user's input, you can use regular expressions, or limit the length, the single quotation mark and the double "-" to convert, and so on.2. Never use dynamica