Asp. NET network security simple protection public class

This afternoon looked at Itcast's public class, October 28, 2010, although very early, but only download the next look. Before watching all of Itcast's free video tutorials, the 2010 edition of the 13 season, 2011 version of the asp.net!= Drag control series, harvested a lot, thanks to itcast for free video. Also intend to past Beijing field training, apprentice Yang Zhengko teacher, but 10,005 of the cost (tuition + eat and live expenses, at least 10,005 bar) temporarily still can't bear. So only use a little more free resources, go to 51aspx Network Point project to observe and practice to meet their own learning.

Today, this issue is about ASP. NET security simple prevention, do the following notes (key points):
1.SQL Injection Vulnerability attack: Universal password: ' 0 ' or ' 1=1 '
2.XSS Cross-Site scripting attacks: ASP. NET intercepts potential XSS by default, if you need to use the editor to set Validaterequest=false
3. Client-side verification of the non-trusted principle: It is possible that the client disabled JavaScript
4. Poll, repeat click, Cookie, no Ajax can be brushed: determine the RequestType or urlreferer of a message request
5. Prevent brute force and robot post: Verification code, error n times to lock account 1 hours and so on method
6. Sensitive word filter: Set the forbidden words, audit this, replace words, etc., audit words ordinary users can not see, only the administrator to see, the administrator confirmed that will not cause security issues of the post to audit pass, otherwise cannot pass. Techs: caching, regular expressions
7.MD5 encryption algorithm: Irreversible algorithm, can not be reversed calculation, to ensure system security;
8.IIS Security Configuration: (1) file permission settings: Prohibit users from uploading files containing malicious code, such as xxx.aspx, etc.; (2) Prohibit directory browsing;

Several of them are in the free 2010 version of the video mentioned, the other is also a simple area, but the free public class video, you can not ask too much ha. After all, itcast can release so much video is already very good, and it is really in the conscience to make money (here inadvertently feel in the advertising to itcast, even if it is to advertise it, who said it really well.) If there is a chance, really want to go to Beijing field training, to see I've heard old Yang, there are wrinkles handyware teacher, there is also Zhang Xiaoxiang teacher, but Miss Zhang premature, mourning, for the rise of Chinese software and lectures to the task of the rising of Li live Ming and Lao Yang and other people, hope. NET reputation can be better in the right case of correct teacher correct method, no longer be looked down on by some language programmers, also hope that they can do a qualified. NET Programmer!!

Asp. NET network security simple protection public class