1, ensure the security of the server systemThe first step is to ensure that the server software does not have any vulnerabilities to prevent attackers from invading. Make sure the server is up to date with the latest system and security patches. Remove unused services on the server and close unused ports. For Web sites running on the server, make sure that they have the latest patches and no security holes.2. Hide the server real IPServer front-end pl
processing capacity restrictions, users will feel the speed of the Internet more and more slowly. When the ARP cheat Trojan program stops running, the user restores the Internet from the switch (at this point the Switch MAC Address Table is normal) and the user will break the line again during the handover. When the virus occurs, it only affects the normal access to the machine in the same network segment.
The measures taken
First, the user should enhance the network security consciousness, d
Ways to prevent Cross-site scripting attacks
1. Use space to replace special characters% 2. Use @, specifically the following statement
exec= "INSERT into User (Username,psw,sex,department,phone,email,demo) VALUES (' username" ', ' "PSW ', ' sex ', ' ' department ', ' ' phone ' ', ' ' email ', ' ' @demo ' )"
Conn.execute exec
Replace with:
exec= INSERT INTO User (Username,psw,sex,department,phone,email,d
Asp.net| attacks Web site security, many times, almost represents the security of a unit network. For the site as a corporate external image of the enterprise or Government, the site security is more important. Now many sites have installed a firewall and other security equipment, but some simple offense, but rather nerve-racking. For example, through the site, the submission of malicious code, which is more difficult to
parameter value contains a single quotation mark, the single quotation mark is treated as a single quote character instead of the beginning and end character of the string. This eliminates the condition of the SQL injection attack in some way.
code example: 1 static void Main (string[] args) 2 {3 String userName = "Joe"; 4 string Passwor D = "123456"; 5 6 String strconn = @ "Server=joe-pc;database=accountdbforsqlinjection;uid=sa;pwd=root"; 7 SqlConnection conn = new SqlConnection (strconn)
userConsole.WriteLine ("Please enter the vehicle code to be queried:"); stringCode =Console.ReadLine (); //Connecting ObjectsSqlConnection conn =NewSqlConnection ("server=.; Database=mydb;user=sa;pwd=123"); //Create Command ObjectSqlCommand cmd =Conn. CreateCommand (); //an SQL statement to the command object//make code= a variableCmd.commandtext ="SELECT * from Car where [email protected]"; //cmd.commandtext = "SELECT * from Car where [email protected] or [email protected]"; //chang
treated as a string as a whole, even if the parameter value contains a single quotation mark, the single quotation mark is treated as a single quote character instead of the beginning and end character of the string. This eliminates the condition of the SQL injection attack in some way.
code example:1 Static voidMain (string[] args)2 {3 stringUserName ="Joe";4 stringPassword ="123456";5 6 stringstrconn =@"Server=joe-pc;database=accountdbforsq
]. Value = Model.remark; Dbhelpersql.executesql (Strsql.tostring (), parameters); }The parameter uses the @ variable's masterpiece parameter to specify the parameters corresponding to the parameter type and size when instantiating the SqlParameter, thus guaranteeing the data security.GM-a chestnut:sqlparameter[] Paramerters = new Sqlparameter[parametersname.length];for (int i = 0; i Returns a data set. At the bottom, if you are using the MVC pattern for development, it is recom
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.