18 security rules for using Access databases in ASP
Source: Internet
Author: User
1. First, we need to filter the content submitted by all clients, including? Id = N and other types. In addition, the select and asp file operation syntaxes of the database for operations in the submitted html code can be escaped and then stored in the database.
2. Then, you need to authorize the page for accessing the Access database. For the displayed data page, you can only use the select statement to filter other updates. asp files are divided into the authorized Access database page and restricted Access page.
3. Modify the data connection file name conn. asp to a file similar to 123ljuvo345l3kj34534v. asp.
4. Modify the database name to a file similar to q1_d0394pjsdlkfgjwetoiu. asp.
5. Add a connection password to the Access Database (although it can be cracked, it can be used to deal with cainiao, and prevent unlimited connection to the database by uploading files ).
6. Use the Access software to encrypt the database.
7. Use md5 and other encryption algorithms to encrypt the user's password. The password prompts a problem-type field.
8. Restrict search engines from searching related pages.
9. Prevent the database from being downloaded by the download tool, such as adding statements to the database to prevent output to the client.
10 secure management of asp file upload templates to prevent asp trojans from being uploaded.
11. The client is denied access to the data inventory connection file. Only asp files on the server can be accessed.
12. restrict the number of times the same client ip address accesses the database.
13. If it is necessary to encrypt the content stored in the database and return it to the client for decryption, it is impossible to obtain the encrypted original content even if the database is downloaded.
14. Restrict the header content of the Connection Service, for example, only allow Internet Explorer access.
15. prevents database information from being obtained through File Viewing. You can use a client to enter a password. You can use a certain algorithm to store the password and content to the database. when outputting the password, the client can enter a password to decrypt the content.
16. You can change the table name and field name to a character similar to aslkejrwoieru and werkuwoeiruwe.
17. prevent adding Data Execution that is renamed as. asp in the database, escape code, and other content that causes errors in asp execution.
18. Note that it is best to Use odbc to connect to the database and add the connection password.
19. The solution provided by the script house is that a common VM will provide a data directory to store the. mdb database in this directory, so that it cannot be downloaded in any case. If it is a separate server, add a. mdb file for parsing and use a new empty dll file for parsing.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
A Free Trial That Lets You Build Big!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
