Recommended: Object-oriented classes in ASP The reporting system someone made for the company is now planned to re-modify and optimize. It is using ASP. If you use object-oriented, you must have classes. Fortunately, VBS supports the following references: % class MyClass Dim var 'Public variables must use Dim Private var2' Private variables do not require Sub sub1 response.write var2 End Sub Private Sub sub2
18 security rules for ASP Access database:
1. First, we need to filter all the content submitted by the client, including the ?id=N category, and there is also the select and asp file operation syntax of the operation database in the submitted html code. You can escape the submitted characters and then save them into the database.
2. Then you need to authorize the pages that access the Access database. You can only use select statements for displaying data pages, filter other updates, and asp files are divided into permission access database pages and restricted access pages.
3. Modify the database connection file name conn.asp to a file similar to 123ljuvo345l3kj34534v.asp.
4. Modify the database name to a file similar to q397d0394pjsdlkfgjwetoiu.asp.
5. Add a connection password to the Access database (although it can be cracked, deal with novices, and prevent uploading files from connecting to the database without restrictions).
6. Use Access software to encode and encrypt the database.
7. Use md5 and other encryption algorithms to encrypt user passwords, and password prompts fields such as problems.
8. Restrict search engines to search for related pages.
9. Prevent the database from being downloaded by downloading tools, such as adding statements to the database, etc. to prevent output to the client.
10 Do a good job in security management of asp upload file templates to prevent uploading asp Trojans.
11. The client is denied access to the database and stores the connection files, and only the server's asp file access is allowed.
12. Limit the number of times the same client IP accesses the database.
13. If it is necessary to encrypt the content stored in the database and return it to the client for decryption, even if the database is downloaded, it is impossible to easily obtain the encrypted original content.
14. Restrict the header content of the connection service, such as only IE access is allowed.
15. Prevent the database information from being obtained through file viewing. The client can enter the password, and use a certain algorithm to store the password and content into the database. When output, let the client enter the password and decrypt the content.
16. You can change the table name and field name to characters similar to aslkejrwoieru and werkuwoeiruwe.
17. Prevent the data renamed .asp execution, escape code, etc. from adding content to the database that makes the asp execution error.
18. Finally, it is best to use ODBC to connect to the database and add the connection password.
Share: Refute the "ASP low energy theory" Many people mistakenly believe that ASP is synonymous with simple and inefficiency, and believe that ASP is incompetent and insignificant, and is also very simple. You can learn it and become proficient after you think about it. Some people say that ASP is not safe. When writing ASP programs, if you strictly follow the specifications of writing safe codes.