asp+|server| Firewall | Web page author: Li Yanfang
Excerpt from Sadie Net
The main purpose of setting up a firewall for a Web page is to provide different services to different visitors based on the content of the Web page, which we can easily do with Java script or VB script. But the source of the Web page in the client browser can be seen, visitors can view the user identification method used, this is only a surface form of the firewall. ASP is the middle tier of client/server architecture on the Web, although it is written using scripting language (Java script,vb script, etc.), program code runs on the server, and the client sees only dynamic HTML files exported by ASP, but the ASP still has some vulnerabilities. Take certain means can also see the source code of the ASP program. By combining ASP with SQL Server, we can design simple, efficient, and reliable applications. The following is a brief introduction to its establishment process.
I. Establishment of LOGIN
Create login and password for visitors on SQL Server.
Second, create a database DSN on a network server
Use the ODBC Data Source Administrator in Control Panel to create an ODBC data resource name for a database, DSN, so that you can later connect to a specific database by using a database DSN.
The ODBC Data Source Administrator provides three types of DSN, User DSN, System DSN, and File DSN, respectively. The user DSN saves the appropriate configuration information in the Windows registry, but only the logged-on user who created the DSN is allowed to use it. The System DSN also saves the configuration information in the system registry, but unlike the user DSN, the System DSN allows all users who log on to the server to use it.
Unlike the two database DSNs, the file DSN saves specific configuration information in a specific file on your hard disk. File DSNs allow all users who log on to the server to use it, and can provide access support for the database DSN even if no user is logged on. In addition, because the file DSN is saved in the hard disk file, it can be easily copied to another machine. This allows users to make any changes to the system registry and use DSN created on other machines directly.
In the above three kinds of database DSN, it is recommended that users select System DSN or File DSN, if users prefer File DSN portability, you can set the file access rights under the NT system to obtain higher security.
To create a new DSN, the user first selects Add, and then in the pop-up window, selects the type of database to which the user will establish the connection and selects the SQL Server item in the list. If the user is creating a file DSN, click the Next button and in the subsequent dialog box, enter the filename and save path for the file DSN that you want to create. If the user is creating a System DSN, click Finish.
After the database has been selected, the user needs to set up the database DSN. Users need to select the specific server that provides the database service, set the login username and password, and the database to which the user will connect.
Third, program design
The next thing to implement is a simple page firewall function. This page restricts access to the intranet of the Organization (assuming that the IP address of the intranet is from 10.61.96. to 10.65.97.) and requires an access username and password if it is an external user of the organization. Here you use the ServerVariables property of the Request object to obtain the value of the environment variable.
' Use Request.ServerVariables (' remote_addr ') to get the IP address and save it in the variable Remoteip
Remoteip=request.servervariables ("REMOTE_ADDR")
Stip=cstr (REMOTEIP)
' Get the value of the third segment of the IP address and save it in STIP
For I=1 to 2
Stip=right (Stip,len (STIP)-instr (1,stip, "."))
Next
Stip=left (Stip,instr (1,stip, ".") -1)
' IP address validity test and password verification, including two aspects: if the IP address is met by authentication; If the IP address does not match, verify that the username and password are entered correctly
if (left (remoteip,5) 〈〉 "10.61" or Stip〈 "stip〉") Then
Username=request.form ("T1")
Password=request.form ("T2")
Set fs = CreateObject ("Scripting.FileSystemObject")
Congratulations, you have passed the verification, you can directly use the resources of this site!
〈%end if%〉
〈/body〉
〈/html〉
Slightly modify the above such as IP address information, the program can be run.
Of course, the above only implements the firewall function in a page. If a site has more than one page, you can set a session variable to flag the user, in the following pages are judged.
Note: I did not read the original, is a friend introduced me. If you feel bad, don't look at it. Anyway, we're all dotnet now. Ha ha
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.