ASP and SQL Server: How to build Web firewall and aspsqlserver
ASP is the middle layer of the Client/Server structure on the Web. Although it is written in a scripting language (Java Script, VB Script, etc.), the program code runs on the server, only the dynamic HTML file output by ASP can be seen on the client, but ASP still has some vulnerabilities. You can also see the source code of ASP program by some means. At this time, through the combination of ASP and SQL Server, we can design simple, efficient, and reliable applications.
The main purpose of setting a firewall for a webpage is to provide different services to different visitors based on the webpage content. We can easily achieve this by using Java Script or VB Script. However, the source code of the web page can be seen in the customer's browser. Visitors can view the user identification method used. This is just a superficial firewall.
The following describes the creation process.
1. Create a Login
Create a Login and Password for the visitor on SQL Server.
2. Create a database DSN on the network server
Use "ODBC data source Manager" in "Control Panel" to create an ODBC data resource name for a database, that is, DSN. In this way, you can use the database DSN to connect to a specific database.
The ODBC Data Source manager provides three DSN types: User DSN, system DSN, and file DSN. The user DSN stores the corresponding configuration information in the Windows registry, but only allows the login users who create the DSN to use it. The system DSN also saves the related configuration information in the system registry, but unlike the user DSN, the system DSN allows all users who log on to the server to use it.
Different from the two kinds of database DSN, the file DSN stores the specific configuration information in a specific file on the hard disk. The file DSN allows all users who log on to the server to access the database DSN even if no user logs on to the server. In addition, because the file DSN is saved in the hard disk file, it can be easily copied to other machines. In this way, you can directly use the DSN created on other machines without making any changes to the system registry.
Among the three database DSN types, we recommend that you select the system DSN or file DSN. If you prefer the portability of file DSN, you can set file access permissions in the NT System to ensure high security.
Create a new DSN. Select "add", select the database type to be connected by the user in the pop-up window, and select "SQL Server" in the list. If you are creating a file DSN, click "Next" and enter the file name and save path of the file DSN to be created in the subsequent dialog box. If you have created a system DSN, click "finish.
After selecting a database, you need to set the database DSN. You need to select a specific server that provides the database service, set the login user name and password, and the database to be connected by the user.
Iii. Program Design
The following is a simple page firewall function. This page only limits access by users on the Intranet of the current Unit (assuming that the Intranet IP address is from 10.61.96 .? To 10.65.97 .? If the user is an external user, enter the access user name and password. Use the ServerVariables attribute of the request object to obtain the value of the environment variable.
The program source code (firewall. asp) is as follows:
<Html>
Modify the preceding information, such as IP address, to run the program.
Of course, the above only implements the firewall function on a page. If a website has multiple pages, you can set a session variable to mark users and make judgments on the following pages.
I hope this article will help you.