Start database protection and build a "copper wall and iron wall"

Welcome to the network security forum and interact with 3 million technical staff to access the database. What does it mean for a website? Many webmasters may say it is just a tool for recording data. This statement is true, but missing an important point. The database is also a center for website security. Once the database is obtained by hackers, the website is obtained.

Welcome to the network security forum and interact with 3 million technical staff> what does database access mean for a website? Many webmasters may say it is just a tool for recording data. This statement is true, but missing an important point. The database is also a center for website security. Once the database is obtained by hackers, the website is obtained.

Welcome to the network security forum and interact with 3 million technical staff> enter

What does a database mean for a website? Many webmasters may say it is just a tool for recording data. This statement is true, but missing an important point. The database is also a center for website security. Once the database is obtained by hackers, the website data and user privacy information are obtained, then penetrate the website, affecting the security of the entire server. Because many webmasters do not have sufficient awareness of database security, many security problems occur. This article will let everyone know the importance of a database to a website and build a "copper wall" for the database ".

I. database acquisition

The importance of databases for websites is self-evident. How can hackers obtain website databases?

　　1. Default database path

Many webmasters build websites or forums use off-the-shelf full-site programs, which creates a great security risk, that is, the default database path. Although the system prompts you to modify the default path of the database in the instruction documents of these programs, some webmasters with low security awareness will not modify the default path. In this way, when a hacker enters the path of the default database after the address of the website, it can be easily downloaded to the database.

　　2. Storm library display path

. The database is exposed successfully.

　　3. The anti-download settings are not strict enough.

The reason for excluding the program is that a large part of the database is downloaded because of human factors. Some Webmasters have realized the importance of databases. Although they have not modified the default path, they have changed the default database suffix "mdb" to "asp", so that even if others know the database path, it cannot be downloaded in a browser, but the database content is displayed directly on the page. Of course, it is garbled. However, although we cannot download data in a browser, we can use a dedicated download software to download the database, or copy all the content on the page to a text document, change the suffix of this document to "mdb ".

Another case is that the webmaster adds the "#" symbol to the database file name. For example, if the original database name is 123.mdb, add the "#" symbol and change it to "#123. mdb, so that when we enter "http: // www. ***. com/#123. mdb is unable to download the database. Instead, it displays "the Web page cannot be found ". This is because the browser's encoding format will change the "#" to "% 23" by default, which will become another Web site. Of course, it is impossible to download it to the database. In turn, we replace "% 23" with "#" and enter it in the URL. Can the database be downloaded correctly?

[1] [2] [3]