About Access database security

Source: Internet
Author: User
Tags access database security ole access database
See the security of Access database again today, every time you see this article to say the last two words, popular saying there are several:
First, the cipher type
A random and complex name for the database, avoiding being guessed to be downloaded, was popular in the past because everyone was confident about their code. But as the error prompts the database address to cause the database to be illegally downloaded, this way also less and more people use.
Second, "#" type
Add a # In the database name, when requested from the URL # is a separate character of the request address and request parameter, if the database name is known, the direct request, such as: Http://www.xx.com/access#.mdb, The Web server will think that the request is access rather than Access#.mdb, so you will be prompted not to find the file, but unfortunately, the URL for these special characters will have a special representation, #的特殊表示就是% 23, such as http://www.xx.com/ Access%23.mdb, then Access#.mdb will be downloaded. And if you use the download tool such as flashget can also download directly.
Three, ASP type
This practice is more professional but also very safe and is now more popular practice, but now a lot of people just do half, just change the data name to ASP, so that directly with the FlashGet such as download tools can download the database, this way the correct approach is two steps:
Step One: Create a field in the database with the name random, the type is an OLE object, and the content is set to a Single-byte "<%", i.e. (ASP code ChrB (ASC ("<") & ChrB ("%") run results)
Step Two: Rename the database to ASP
This will prompt a "missing shutdown script separator" If the database is requested directly from the URL. Thus refusing to download, because this way more trouble I found a small piece of code online to complete the OLE object insertion, as long as the database name set up, and then placed in the database and a directory to run it.
Code full number:
<%
Db= "D.mdb" is changed to your database address
Set Conn=server.createobject ("Adodb.connection")
Connstr= "Provider=Microsoft.Jet.OLEDB.4.0;Data source=" &server.mappath (db)
Conn.Open ConnStr
Conn.execute ("CREATE Table Notdownload (Notdown oleobject)")
Set Rs=server.createobject ("Adodb.recordset")
Sql= "SELECT * from Notdownload"
Rs.Open sql,conn,1,3
Rs.addnew
RS ("Notdown"). AppendChunk (ChrB (ASC ("<")) & ChrB (ASC ("%"))
Rs.update
Rs.close

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.