Summary of Access database security setting method 1. First, we need to filter all content submitted by the client, including the ?id=N category, and also the select and asp file operation syntax for operating the database in the submitted HTML code. You can Escape the submitted characters before storing them in the database.
2. Then you need to authorize the page that accesses the Access database. You can only use select statements for the display data page and filter other updates. The asp file is divided into permitted access database pages and restricted access pages.
3. Modify the database data connection file name conn.asp to a file similar to 123ljuvo345l3kj34534v.asp.
4. Modify the database name to be similar to the q397d0394pjsdlkfgjwetoiu.asp file.
5. Add a connection password to the Access database (although it can be cracked, deal with novices, and prevent unrestricted connection to the database from uploading files).
6. Use Access software to encode and encrypt the database.
7. Use encryption algorithms such as md5 to encrypt fields such as user passwords and password prompt questions.
8. Limit search engines to search related pages.
9. Prevent the database from being downloaded by the download tool, such as adding statements in the database to prevent output to the client.
10. Do a good job in security management of ASP upload file templates to prevent ASP Trojans from being uploaded.
11. Deny the client access to the data inventory connection file, and only allow access to the server asp file.
12. Limit the number of times the same client IP accesses the database.
13. If it is necessary to encrypt the content stored in the database and return it to the client for decryption, even if the database is downloaded, it is impossible to easily obtain the original encrypted content.
14. Restrict the header content of the connection service, such as allowing only IE access.
15. To prevent database information from being obtained through file viewing, you can use the client to enter a password, use a certain algorithm to store the password and content in the database, and when outputting, ask the client to enter the password to decrypt the content.
16. You can change the table name and field name to characters similar to aslkejrwoieru, werkuwoeiruwe.
17. Prevent the addition of data in the database that causes data renamed to .asp to be executed, escape codes, etc. that may cause asp execution errors.
18. The last thing to note is that it is best to use odbc to connect to the database and add the connection password.