1. First of all, we need to filter the content submitted by all clients, including the "Id=n", in addition to the operation of the database of select and ASP files in the submitted HTML code, you can escape the submitted word and then save it in the database.
1. First of all, we need to filter the content submitted by all clients, including the "Id=n", in addition to the operation of the database of select and ASP files in the submitted HTML code, you can escape the submitted word and then save it in the database.
2. Then you need to authorize access to the Access database page, for the Display data page can only use SELECT statements, filtering other update,asp files are divided into the licensing access to database pages and restricted access pages.
3. Modify the number of libraries according to the connection file name conn.asp to similar 123ljuvo345l3kj34534v.asp files.
4. Modify the database name to resemble q397d0394pjsdlkfgjwetoiu.asp file.
5. Add a connection password to the Access database (although it can be cracked, deal with rookie, and prevent uploading files from unrestricted connection to the database).
6. Encode and encrypt the database with Access software.
7. Use encryption algorithm such as MD5 to encrypt user password, password hint problem a kind of field.
8. Restrict search engine to related pages.
9. Prevent the database from downloading tools, such as in the database to prevent the output to the client statements.
10 do a good job of ASP upload file Template security management, to prevent uploading ASP Trojan.
11. Deny client access to data inventory connection files, only to server ASP file access.
12. Limit the number of times the same client IP accesses the database.
13. If it is necessary to encrypt the contents of the database, return to the client to decrypt, even if the database is downloaded, it is impossible to easily encrypt the original content.
14. Restrict the header content of the connection service, such as only IE access allowed.
15. Prevent through the file view way, get the database information, the client can enter the password, to the password and the content, uses certain algorithm to save the database, the output, lets the client enter the password, to decrypt the content.
16. You can change the table name and field name to Aslkejrwoieru,werkuwoeiruwe similar characters.
17. Prevent the inclusion of the data in the database to be renamed to. asp execution, can escape the code, etc. let the ASP execute error content.
18. Finally, it is best to use ODBC to connect to the database and to add the password for the connection.