1. using your imagination to modify the database file name may not theoretically prevent downloading. The purpose of modifying the database name is to prevent the database from being downloaded. But if we guess the database name, we can download it directly. Therefore, this cannot guarantee that 100% cannot be downloaded. The common method to guess the database is
1. using your imagination to modify the database file name may not theoretically prevent downloading. The purpose of modifying the database name is to prevent the database from being downloaded. But if we guess the database name, we can download it directly. Therefore, this cannot guarantee that 100% cannot be downloaded. The common method to guess the database is
1. Use your imagination,
Modify
DatabaseFile Name. Theoretically, it may not be able to prevent
Download.
Modify
DatabaseIt is designed to prevent us from guessing
DatabaseHowever
Download. But in case we guess
DatabaseName, you can directly
Download. Therefore, this cannot guarantee that 100% cannot be
Download. Guess
DatabaseThe common method is to write a program to guess
DatabaseName: determines whether the WEB returns a 404 error. If an MDB file is submitted and no 404 error is returned, you can guess it.
Download. Of course, this has some limitations, because if
DatabaseThe name is very complex. A large number of logs are generated. The Administrator may have discovered it early. In addition, it may take a long time to guess.
II:
DatabaseChanging the name suffix to ASA or ASP may not prevent
Download. IIS is using asp. dll processing. when an asp extension file is used, it is output directly without any processing of any other content. However, if the MDB file does not contain any ASP entity, we directly input the URL in IE to return the data in IE, that is, the data in the MDB file. We can directly use software such as FLASHGET.
Download,
DownloadAnd then you can use it.
III:
DatabaseAdd "#" before the name to prevent
Download.
Some people mistakenly think: "You only need
DatabaseAdd # In front of the file, and then
Modify
DatabaseIn a connection file (such as conn. asp ),
DatabaseAddress. The principle is
DownloadYou can only identify the part before #, and remove it automatically ."
This is safer. This is not suitable for common users.
Download. Because they do not know or understand the IE coding technology. In encoding, we use % 23 instead. So if we have
DatabaseYes: http://www.xxx.com/data/#datapro.mdb. We can simply enter: http://www.xxx.com/data/%23datapro.mdb in IE.
DownloadNow:
Iv. Encryption
Database.
Some people think that
DatabaseEncrypted to obtain
DatabaseHe cannot get any information in it. This is an error.
DownloadAnd then two seconds later.
DatabasePassword. Access
DatabaseThe encryption mechanism is very fragile. After Encryption
DatabaseThe system creates an encryption string by "XOR" the password entered by the user and a fixed key, and stores it in *. the mdb file starts from the address "& H42. The program can easily write the cracking code. Such a program already exists on the Internet. Now I recommend an old but practical method for cracking.
DatabasePassword program: accesskey.exe
5. We used special requests to cause parsing errors in the script.
Database
Path.
On the network, many people directly use the following code to connect
DatabaseSee... DB_Path = "Data/ABCD1234! @ # 1po. mdb "DB_String =" Provider = Microsoft. jet. OLEDB.4.0; Data Source = "& Server. mapPath (DB_Path) Set Conn = Server. createObject ("ADODB. connection ") Conn. open DB_String ....
DatabaseThe file name is too complex to use a program to crack it. I think no one wants to try it. We can directly obtain a connection like this.
Database
Path. This method is too dangerous, and few people know this method. I am afraid to announce it here. Once the website is published
DatabaseWill be
Download. Wait and check the situation later. So here I will only provide you with temporary patches. Add a sentence ON Conn. Open DB_String: on error resume next to solve this problem.