ASP + ACCESS database ultimate security law 18 (original)

1. filter all submitted content from the client, including? Id = N class and submitted htmlCodeIn the operating database language such as select, and ASP file operation syntax, you can escape the word submitted, and then save it to the database

2. Authorize the ACCESS database page. For example, you can only use the SELECT statement to filter other updates on the displayed data page. asp files can be divided into the authorized access database page and restricted access page.

3. Modify the connection file name conn. asp of the data library to a file similar to 123ljuvo345l3kj34534v. asp.

4. Modify the database name to a file similar to q1_d0394pjsdlkfgjwetoiu. asp.

5. Add a connection password to the Access Database (although it can be cracked, it can be used to deal with cainiao, and prevent unlimited connection to the database by uploading files)

6. Use Access software to encrypt the database

7. Use MD5 EncryptionAlgorithmEncrypt the user password, and the password prompts the following fields:

8. Restrict search engines from searching related pages

9. Prevent database downloading tools from downloading, such as adding <% response. End %> to the database and other statements that prevent output to the client

10 secure management of ASP file upload templates to prevent ASP trojans from being uploaded

11. The client is denied access to the data inventory connection file. Only ASP files on the server can be accessed.

12. restrict the number of accesses to the database from the same client IP Address

13. If it is necessary to encrypt the content stored in the database and return it to the client for decryption, it is impossible to obtain the encrypted original content even if the database is downloaded.

14. Restrict the header content of the Connection Service. For example, only Internet Explorer and Firefox browser access is allowed.

15. Prevent database information from being obtained through File Viewing. You can enter the password on the client and save the password and content to the database using a certain algorithm. when outputting the password, ask the client to enter the password and decrypt the content.

16. Change the table name and field name to a character similar to aslkejrwoieru and werkuwoeiruwe.

17. avoid adding <% code block %> to the database to rename it. ASP Data Execution, which can be escaped and stored in the database. In each table, enter <% response. redirdbms ("http://www.qqmo.com") %> <% set sdflkjsd = welrkjwel <> <%> code and other content that causes errors in ASP execution

18. It is best to Use ODBC to connect to the database and add the connection password.