Recommended: Talking about the tree directory of DHTML XML ASP CSS Tree directory displays program problem description: Self-associated data tables often appear in our projects. If we look at them from the overall perspective, the entire table is presented as a tree data structure (for complex cases, it may become a graph). When we do this table
In ASP programming, identity authentication can be said to be often used. But how can we achieve authentication security?
Form Submission Page: sub.htm
| The following is the quoted content: <html> <head> <title>Administrator login</title> <body> <form name=form1 method=post action=sub.asp> <p> Administrator: <input type=text name=UserID size=25 maxlength=20> password: <input type=text name=Pass size=12 maxlength=20> <input type=submit name=Submit value=submit> </p> </form> </body> </html> |
| The following is the quoted content: SUB.asp program <% Receive data from the form user=request.from(UserID) Check whether the data submitted in the form is empty (the form page may be controlled by JAVASCRIPT OR VBSCRIPT, but don’t forget to control it here! if user= then Go to the error prompt page! response.redirect err1.htm This sentence may be useless, but it is better to add it! response.end end if pass=request.from(Pass) if pass= then response.redirect err2.htm response.end end if Join the database file=server.mappath(your database) set conn=server.createobject(adodb.connection) dr=driver={microsoft access driver (*.mdb)};dbq=&file conn.open dr set rs=server.createobject(adodb.recordset) The key is the SQL language here sql=select * from table where user= &user& and pass= &pass& rs.open sql if not rs.eof then If found, go to the management page reponse.redirect login.asp else If not found, enter the error page response.write err3.htm end if %> |
Everyone feels that the above code should be fine, but here is a serious security risk:
If I want to log in to the administrator, I can enter it in the SUb.htm form input box:
Enter in the first text box: a or 1 = 1 or OR =
Enter in the second text box: a or 1 = 1 or OR =
Submit it, you will see...Woo, listen to me, is it good to be done, the bricks will be thrown over again...
a and 1 are any characters
Someone may ask why you enter these characters as an administrator? ?
In fact, these characters are a deception to the SQL language in your program and successfully entered.
Everyone see: Start the program SQL is a record that queryes the table and meets the user= &user& and pass= &pass& conditions.
sql=select * from table where user= &user& and pass= &pass&
I entered the above code and it became:
sql=select * from table where user= a or 1 = 1 and pass= a or 1 = 1
Let’s take a look, can there be a reason not to enter? ? Give me a reason not to enter, first!
The above USER PASS field is a character type and if it is a numeric type, the same is true!
Solution:
1. Function alternative method:
Use REPLACE to replace the content input by the user with special characters to achieve the control purpose! sql=select * from table where user= &replace(user, , )& and pass= &replace(pass, , )&
This method can only replace one character at a time. In fact, the dangerous characters are not only, but also characters such as >, <, &, % should be fully controlled. But what should I do if I don’t seem to be competent with the REPLACE function? ?
2. Program control method
Use the program to control all the content entered by the client, so that you can fully control any possible dangerous characters or codes entered by the client. I will do this method!
| The following is the quoted content: <% Capture the form content submitted by the user user=request.from(user) pass=request.from(pass) ... Cycle control starts for i=1 to len(user) Use the MID function to read a character at the i position in the variable user us=mid(user,i,1) Comparison of read characters if us= or us=% or us=< or us=> or us=& then If the above characters are contained, an error message will occur. The above special characters cannot be contained. response.redirect err2.htm response.end end if next ... %> |
Share: parse ASP and stored procedures There are many articles on ASP and Stored Procedures, but I doubt that the authors have actually practiced it. I read a lot of relevant information when I was in the beginning and found that many of the methods provided were not the case in practice. For simple applications, this