Security | data | database | Database Security | problem | security | Database security a lot of times everyone is worried about the security of the database! In general, everyone is the name of the database suffix is very complex, and then the suffix name should be. ASP, but this is not absolutely safe! The answer is yes, it's definitely not safe! Because when someone guesses your path, then you can use it after downloading the name of the database!
Some people are using #*.asp as the storage of the database, because according to IE coding principle, #后面的东西是不会下载的, but the average attacker knows # in IE decoding is%23, so once he input%23*.asp can still download your database, So the above methods are not good!
Now let's introduce one of my methods,
First of all, we need to know that the browser encountered an ASP will not think of the explanation, so your file suffix but still can be explained by the browser, once people download your file can also be used, then based on this we first put the database to create a table, Named Notdownload and then add a <%= ' a ' =1%> to this table as long as it's not the right ASP statement, so once he guesses your database, just enter your database path in the browser, because the browser interprets the ASP statement, But suddenly encountered you of which the old will stop the statement, and will be prompted with errors, and there is no type of error, simply can not read out of course will not be downloaded!
Some people start to worry that the database will not be affected by the use of, of course, because you are not alone to let the browser to explain your database, but each time it is a purposeful call to a table, so will not read out your error table information, so the database can still be used,
For further security, we still have to set a complex name, and still precede with a #,
Anyway, that's what the database looks like.
#45sdf34 #$%@#$.asp
There is also a table in the library
There is an incorrect ASP field in the table
Do not think that encryption, especially the use of access to small Web sites, is very safe, online password-breaking software n more! Of course, it is best to add the password, but also the number/letter and special letters combined!
You can try, if so others can download the database, I can only say that you are a master, the above set enough to withstand the majority of undesirable molecules pull
Hey!
If there are questions welcome to email and I discuss!
