In ASP programming, identity authentication can be said to be commonly used. But how can we achieve authentication security?
Form submission page: sub.htm
<html>
<head>
<title>Administrator login</title>
<body>
<form name=form1 method=post action=sub.asp>
<p>Admin:
<input type=text name=UserID size=25 maxlength=20>
password:
<input type=text name=Pass size=12 maxlength=20>
<input type=submit name=Submit value=Submit>
</p>
</form>
</body>
</html>
SUB.asp program
<%
Receive data from form
user=request.from(UserID)
Check whether the data submitted by the form is empty (you may use JAVASCRIPT or VBSCRIPT to control the form page, but don’t forget to control it here!
if user= then
Go to the error message page!
response.redirect err1.htm
This sentence may not be useful, but it’s good to add it!
response.end
end if
pass=request.from(Pass)
if pass= then
response.redirect err2.htm
response.end
end if
Join database
file=server.mappath(your database)
set conn=server.createobject(adodb.connection)
dr=driver={microsoft access driver (*.mdb)};dbq=&file
conn.open dr
set rs=server.createobject(adodb.recordset)
The key is the SQL language here
sql=select * from table where user= &user& and pass= &pass&
rs.opensql
if not rs.eof then
If you find it, go to the management page.
response.redirect login.asp
else
If not found, you will enter an error page.
response.write err3.htm
end if
%>
Everyone feels that the above code should be fine, but there is a serious security risk here:
If I want to log in as an administrator, I can enter in the SUb.htm form input box:
Enter in the first text box: a or 1 = 1 or OR =
Enter in the second text box: a or 1 = 1 or OR =
Submit, everyone will see... Oh, listen to me, okay, I will throw the bricks over later...
a and 1 are any characters
Some people may ask why you enter these characters to enter as an administrator? ?
In fact, these characters are used to deceive the SQL language in your program and successfully enter.
As you can see: in the starting program SQL, the table is queried for records that satisfy user= &user& and pass= &pass& conditions.
sql=select * from table where user= &user& and pass= &pass&
After I entered the above code, it became:
sql=select * from table where user= a or 1 = 1 and pass= a or 1 = 1
Let's take a look. Is there any reason not to enter? ? Give me a reason not to enter, first!
The above USER PASS field is of character type and the same is true if it is of numeric type!
Solution:
1. Function substitution method:
Use REPLACE to replace special characters contained in the content input by the user to achieve control purposes! sql=select * from table where user= &replace(user, , )& and pass= &replace(pass, , )&
This method can only replace one character at a time. In fact, not only dangerous characters, but also characters such as >, <, &, %, etc. should be controlled. But what should I do if I don’t seem to be able to use the REPLACE function? ?
2. Program control method
Use a program to control all content entered by the client, so that any possible dangerous characters or codes entered by the user can be fully controlled. This is my method!
<%
Capture form content submitted by the user
user=request.from(user)
pass=request.from(pass)
...
Loop control starts
for i=1 to len(user)
Use the MID function to read a character at position i in the variable user
us=mid(user,i,1)
Compare read characters
if us= or us=% or us=< or us=> or us=& then
If it contains the above characters, an error message will appear. It cannot contain the above special characters.
response.redirect err2.htm
response.end
end if
next
...
%>