ASP-Based Access Database Security Policy

This is a professional but safe practice. It is also a popular practice. However, many people only make half of the work, but change the data name to ASP, in this case, you can directly download the database using a download tool such as FlashGet. The correct method is as follows:

Step 1: create a field in the database with random names. The type is OLE object, and the content is set to "" <% ", (ASP code chrB (asc ("<") & chrB (asc ("%") running result)

Step 2: Change the database name to ASP

In this way, if you directly request the database from the URL, the system will prompt "the script separator is missing", and the download is denied, because this method is troublesome, I found a small piece of code on the Internet to complete the OLE object insertion, as long as the database name is set, then you can run it in the same directory as the database.

　

The full text of the Code is as follows:

<%

Db = "d. mdb" 'Here is your database address.

Set conn = server. createobject ("Adodb. Connection ")

Connstr = "Provider = Microsoft. Jet. OLEDB.4.0; Data Source =" & Server. MapPath (db)

Conn. open connstr

Conn.exe cute ("create table notdownload (notdown oleobject )")

Set rs = server. createobject ("adodb. recordset ")

SQL = "select * from notdownload"

Rs. open SQL, conn, 1, 3

Rs. addnew

Rs ("notdown"). appendchunk (chrB (asc ("<") & chrB (asc ("% ")))

Rs. update

Rs. close

Set rs = nothing

Conn. close

Set conn = nothing

%>

After this code is run, a nodownload table is generated in the database, and the field in the table is notdown. If a data table with the same name already exists in the Database, change nodownload in the Code to the name you want.