There are 18 security rules that you need to pay attention to when using Access database under ASP. If you pay attention to the following points, basically your Access database will not be easily stolen by others. 1. First of all, we need to filter all the content submitted by the client, including the ?id=N category, as well as the select and asp file operation syntax in the submitted html code for operating the database. You can escape the submitted characters. , and then store it in the database.
2. Then you need to authorize the page that accesses the Access database. You can only use select statements for the display data page and filter other updates. The asp file is divided into permitted access database pages and restricted access pages.
3. Modify the database data connection file name conn.asp to a file similar to 123ljuvo345l3kj34534v.asp.
4. Modify the database name to be similar to the q397d0394pjsdlkfgjwetoiu.asp file.
5. Add a connection password to the Access database (although it can be cracked, deal with novices, and prevent unrestricted connection to the database from uploading files).
6. Use Access software to encode and encrypt the database.
7. Use encryption algorithms such as md5 to encrypt fields such as user passwords and password prompt questions.
8. Limit search engines to search related pages.
9. Prevent the database from being downloaded by the download tool, such as adding statements in the database to prevent output to the client.
10. Do a good job in security management of ASP upload file templates to prevent ASP Trojans from being uploaded.
11. Deny the client access to the data inventory connection file, and only allow access to the server asp file.
12. Limit the number of times the same client IP accesses the database.
13. If it is necessary to encrypt the content stored in the database and return it to the client for decryption, even if the database is downloaded, it is impossible to easily obtain the original encrypted content.
14. Restrict the header content of the connection service, such as allowing only IE access.
15. To prevent database information from being obtained through file viewing, the client can be used to enter the password, and the password and content are stored in the database using a certain algorithm. When outputting, the client is asked to enter the password to decrypt the content.
16. You can change the table name and field name to characters similar to aslkejrwoieru, werkuwoeiruwe.
17. Prevent the addition of data in the database that causes data renamed to .asp to be executed, escape codes, etc. that may cause asp execution errors.
18. The last thing to note is that it is best to use odbc to connect to the database and add the connection password.
19. The method provided by Script Home is that a general virtual host will provide a data directory and place the .mdb database in this directory, so that it cannot be downloaded anyway. If it is a separate server, then add a .mdb file for analysis and use a new empty dll file for analysis.