1. Filter all client submissions, including ?id=N, and the verb names of the operation database in the submitted html code, such as select and asp file operation syntax. The submitted characters can be escaped and stored in the database.
2. Authorize the pages that access Access database. For example, you can only use the select statement to display the data page to filter other updates. Asp files are divided into permission access database pages and restricted access pages.
3. Modify the database connection file name conn.asp to a file similar to 123ljuvo345l3kj34534v.asp
4. Modify the database name to a file similar to q397d0394pjsdlkfgjwetoiu.asp
5. Add a connection password to the Access database (although it can be cracked, deal with novices, and prevent uploading files without restrictions to connect to the database)
6. Encoding and encrypting the database with Access software
7. Use md5 and other encryption algorithms to encrypt user passwords, and password prompts fields such as problems
8. Restrict search engines to search related pages
9. Prevent the database from being downloaded by the download tool, such as adding <%response.end%> to the database to prevent the output to the client.
10 Do a good job in security management of asp upload file templates to prevent uploading asp Trojans
11. Denied the client access to the database to store connection files, only the server's asp file access is allowed
12. Limit the number of times the same client IP accesses the database
13. If it is necessary to encrypt the content stored in the database, return it to the client for decryption. Even if the database is downloaded, it is impossible to easily obtain the encrypted original content.
14. Restrict the header content of the connection service, such as only ie, Firefox Browsing access
15. Prevent the database information from being obtained through file viewing. The client can enter the password. The password and content are stored in the database using a certain algorithm. When outputting, the client can enter the password and decrypt the content.
16. Change the table name and field name to characters similar to aslkejrwoieru and werkuwoeiruwe
17. Prevent the data renamed .asp from being executed by adding <%code block %> in the database. The data can be escaped and stored in the database. In each table, enter <%response.redirect("http://www.qqmo.com")%><%setsdflkjsd=welrkjwel<><><%> code, etc., to make the asp execution errors.
18. If you have the conditions, it is best to use ODBC to connect to the database and add the connection password.