Essence | Digest paste-Give the ASP program a little more security (2000.03.28)
A little bit more security for ASP programs
# using on Error Resume Next
This line of statements is equal to telling the server handler: "If I make a mistake, OH
Oh leave me, go on ... Doing so allows you to capture a lot of things that you can
Catch and deal with the mistakes, than those who make a mistake on the family to look at the generation
Code better. It is best not to open when debugging, one side can not find out where
Wrong.
# Server IIS is set to an error and the server has an error while processing the URL.
Please contact your system administrator. "(Set in application configuration)
Can avoid the error after revealing details to the visitor, your secret will not worry from
The error message was disclosed.
# Check the validity of the parameters passed
This is very important, according to my test, many of the domestic site ASP
If a program changes the value of its arguments, it will generally go wrong. Check legality
Can obviously reduce the error probability. The concrete method is no longer described here.
# as little as possible to pass parameters in get way
From a basic point of view, this approach is more transmitted than the POST mode
The URL of the byte is given to the server, and the system resources occupied will increase accordingly.
From a security standpoint, it's also good to reduce the command-line
Attack.
# Use fewer Chinese filenames
Maybe you think it's cool to use the Chinese file name, but from a professional point of view,
There are many drawbacks in doing so. It becomes cumbersome to knock the address by hand;
Where you need to enter a filename, open the Input method or copy and paste the file.
The name itself is not professional;-)
======================================================================-Solve the main page of ASP Chinese garbled (2000.03.27)
Resolve the ASP Chinese garbled in the home page
: When you do an ASP homepage with VBScript, a form submission method is GET,
: When form is passed to ASP, enter ... asp?name= "John"
: Can John Chinese has garbled, how to use VBScript in the ASP to restore the garbled
: The correct Chinese.
: .......
Make the following cut () procedure for the text
<script Language=vbscript runat=server>
Function Cut (str)
Length = Len (str)
Count = 1
Do While Count <= length
If StrComp (Mid (str,count,1), "Z", 1) > 0 Then
Length = Length-1
End If
Count = Count + 1
Loop
Cut = Left (str,length)
If session ("version") <> 3 Then ' if a high version ASP is not required to deal with
Cut = str
End If
End Function
</script>
====================================================================== Paste-Use local (local) variables as much as possible (2000.03.24)
Use local (local) variables as much as possible
Local variables are defined in subroutines and functions (that is, variables that often say local scope), and these variables
is compiled into a digital point and placed in a table. The points of these local variables can be completed by one compilation.
The global variable is executed at run time. This means that local variables are accessed faster than global variables
several times. Also, multidimensional global variables are among the slowest, and when a multidimensional global variable is used for the first time,
Before a new object is produced, it is necessary to search the entire object model for an object with the same name.
Here's a very common example:
Foo.bar.blah.baz = Foo.bar.blah.qaz (1)
If Foo.bar.blah.zaq = Foo.bar.blah.abc Then
The runtime produces the following results:
1 variable foo is defined as a global variable
2 the variable bar is defined as a member of Foo
3) variable blah is defined as a member of the Foo.bar
4) variable Qaz is defined as a member of the Foo.bar.blah
5) Call Foo.bar.blah.quaz (1)
6) Repeat 1 to 3. The system does not know if the call Qaz changed the object model 1-3 steps must be performed again
7) define Baz as Foo.bar.blah member, output value
8) Repeat 1-3, execute Zaq
9) Repeat 1-3, perform ABC
As you can see, the quickest way to do this is to write the code in VBScript:
Set myobj = Foo.bar.blah ' Do the resolution of blah ONCE
Myobj.baz = Myobj.qaz (1)
If Myobj.zaq = Myobj.abc Then
======================================================================-Correct use of Global.asa (2000.03.23)
Using Global.asa correctly is a common problem for ASP developers. The main thing is to know when to use it.
Virtual application, when to use virtual directory, and know their differences.
Virtual directories (dummy directory)
In short, virtual directories is fictitious, not necessarily with web root in the same eye
On record, it can be something else. But you can use it just as you would with other directories on the Web root. When
After running Global.asa, the ASP sees all the virtual directories as subdirectories on the application's root directory.
It is worth noting that if your directory is already a physical directory on website Root, there is no need
Then make a virtual directory for that directory. Of course, you can do it as well. If the path to your directory
It is too long, long enough for you to bear, to think it a little shorter. You can use the method of building a virtual directory. Make it
Shorter, easier to remember. For example: the original directory Http://mysite.com/directory1/directory
2/file.asp, you can build a virtual directory for it, HTTP://MYSITE.COM/DIRECTORY2/FI
Le.asp. This is more convenient.
Virtual applications (dummy application)
Virtual applications is a Web applications that is independent of website, and it is with virtual
Directories is not necessarily a directory on the Web root. Can be from other directories virtual
Drawn up. ASP does not allow applications to share their application and session variables, in other words,
Is that application A cannot access application B (including Web root, because Web root is also considered a
The root of the application. Application and session variables, they are private. Vice versa. When you
Make sure that this application does not need to be shared with ASP scripts on the entire website, website other subdirectories
Application and session variables, or you want to isolate a process in the same memory space to run
Application. You are right to use virtual applications.
One thing to note: virtual directory created by the New Virtual Directory Wizard in IIS 4.0
[1] [2] [3] Next page