4 Security ways to learn about Access databases

Source: Internet
Author: User
Tags iis root directory

First, the cipher type

A random and complex name for the database, avoiding being guessed to be downloaded, was popular in the past because everyone was confident about their code. But as the error prompts the database address to cause the database to be illegally downloaded, this way also less and more people use.

Second, "#" type

Add a # In the database name, when requested from the URL # is a separate character of the request address and request parameter, if the database name is known, the direct request, such as: Http://www.xx.com/access#.mdb, The Web server will think that the request is access rather than Access#.mdb, so you will be prompted not to find the file, but unfortunately, the URL for these special characters will have a special representation, #的特殊表示就是% 23, such as http://www.xx.com/ Access%23.mdb, then Access#.mdb will be downloaded. And if you use the download tool such as flashget can also download directly.

Three, ASP type

This practice is more professional but also very safe is now more popular practice, but now many people just do half, just change the data name to ASP, so that directly with the FlashGet such as download tools can download the database, this way the correct approach:

Create a field in the database with the name random, the type is an OLE object, and the content is set to a single-byte type

After this code is run, a nodownload table is generated in the database, and the field in the table is Notdown. If a data table with the same name already exists in the database, change the nodownload within the code to the name of the datasheet you want.

Four, the ASA type

The true meaning of this approach is the use of IIS to the ASA file Protection, so that the database file can not be directly requested from the URL download, but this way is misunderstood as long as the file suffix to ASA can be changed. To know that IIS is only global.asa this file name has a request to protect, so this way can only set the database name to Global.asa, but also note that it is best not to put it in the host or virtual directory of the root directory, otherwise it will be IIS of course normal GLOBAL.A SA file to try to run the

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.