In-depth analysis of ASP/Access security countermeasures for Virtual Hosts

Source: Internet
Author: User
Tags microsoft website
1. Use Server. mappath () as few as possible to obtain the database address, and use the absolute path E: wwwrootskjdlkfjsld. mdb. It is best to use Server. mappath () to get the address and write it directly in the file. 2. Try to use a complex file named slkgjopi6lf09eodknvlwoieu9thlvkcs. mdb. 3. Add # In front of the file name # slkgjopi6

1. Use Server. mappath () as few as possible to obtain the database address, and use the absolute path E: \ wwwroot \ skjdlkfjsld. mdb. It is best to use Server. mappath () to get the address and write it directly in the file. 2. Try to use a complex file named slkgjopi6lf09eodknvlwoieu9thlvkcs. mdb. 3. Add # In front of the file name # slkgjopi6

1. Use Server. mappath () as few as possible to obtain the database address, and use the absolute path E: \ wwwroot \ skjdlkfjsld. mdb. It is best to use Server. mappath () to get the address and write it directly in the file.

2. Try to use a complex file like slkgjopi6lf09eodknvlwoieu9thlvkcs. mdb.

3. Add # In front of the file name # slkgjopi6lf09eodknvlwoieu9thlvkcs. mdb, # indicates the end in the HTTP protocol. For example, refer

4. is the extension asp, that is, slkgjopi6lf09eodknvlwoieu9thlvkcs. asp, but it turns out that it can still be downloaded because it is not included in asp. You can use the access database anti-download tool to process it. after processing, change the mdb extension to asp. Is it a http://www.bookcn.net/michaeltyp/download/download.asp? Downloads = 1 & id = 1057

5. when writing ASP code, it is best to encrypt the password and write it into the database. The md5 algorithm is commonly used. after the form is submitted, the encrypted ciphertext is compared, so that the quotation marks can be filtered out.

6. Add a password to the Access file. Although it is easy to crack the password, it still has a certain protection effect. Use a complex password whenever possible.

7. Add on error resume next before conn. open to prevent the error message from being output to the user's browser when an error occurs in the database. This error may include the path of the database file.

8. You can encrypt ASP pages. Use Microsoft script Encoder to encrypt ASP pages.

The running program of script encoderis screnc.exe, which is used as follows:

Screnc [/s] [/f] [/xl] [/l defLanguage] [/e defExtension] inputfile outputfile

The parameter meanings are as follows:

S: screen shielding;

F: Specifies whether the output file overwrites the input file with the same name;

Xl: whether to add the @ Language command to the top of the. asp file;

L: defLanguag specifies the default script language;

E: defExtension specifies the extension of the file to be encrypted.

You can encrypt files in batches. Use script Encoder to encrypt all ASP files in the current directory, and output the encrypted files to the corresponding directory. For example:

Screnc *. asp c: \ temp

Script Encoder is a free software. This encryption software can be downloaded from the Microsoft Website: http://msdn.microsoft.com/scripting/vbscript/download/x86/sce10en.exe. After the download, run and install.

Note that VirtualYes Virtual HostEncrypted asp files may not be supported.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.