Recommended: ASP tip example: Use ASP to record the number of online users The number of visits to the Internet is a very concerning issue for every netizen who builds a website. How do you know how many people are visiting your website? How to record the number of visits every day? Here is a solution. When a user starts to access the website, the Gl on the server side
Due to the convenience and ease of use of ASP, more and more website background programs use the ASP scripting language. However, because ASP itself has some security vulnerabilities, it will provide hackers with an opportunity to take advantage of it if they are not careful. In fact, security is not only a matter of network management, but programmers must also pay attention to certain security details and develop good security habits, otherwise it will bring huge security risks to their website. At present, most ASP programs on websites have various security vulnerabilities, but if you pay attention to it when writing programs, it can still be avoided.
1. Username and password are cracked
Principle of attack: Username and password are often what hackers are most interested in. If the source code is seen in some way, the consequences will be serious.
Prevention tips: Programs involving user names and passwords should be packaged on the server side and should be minimized in ASP files. User names and passwords involving connections to the database should be given the minimum permissions. Usernames and passwords that appear frequently can be written in a relatively hidden inclusion file. If it involves connecting to the database, in an ideal state, only permissions to execute stored procedures are given, and do not directly give the user permission to modify, insert, or delete records.
2. Verification is bypassed
Attack principle: Most ASP programs that need to be verified now mostly add a judgment statement at the head of the page, but this is not enough, and it may be bypassed by hackers and entered directly.
Prevention tips: A verified ASP page can track the file name of the previous page. Only sessions transferred from the previous page can read this page.
3. Inc file leakage problem
Attack principle: When the homepage of an ASP is being created and not final debugging is completed, it can be automatically appended as a search object by some search engines. If someone uses search engines to search these web pages at this time, they will get the location of the files and can view the details of the database location and structure in the browser, thereby revealing the complete source code.
Prevention tips: Programmers should thoroughly debug the web page before it is published; security experts need to strengthen ASP files so that external users cannot see them. First, encrypt the content of the .inc file, and secondly, you can use .asp file instead of the .inc file to make it impossible for users to view the source code of the file directly from the browser. Do not use the name of the inc file default or has special meanings that are easily guessed by users. Try to use unruly English letters.
Share: ASP batch generates static pages Since my space is limited, I cannot generate all static pages in batches at once, so I wrote a small program to share with you. The program is quite simple, so don't laugh at experts! This code is a waste of time. The code is as follows
2 pages in total Previous page 12 Next page