In ASP programming, identity authentication can be said to be commonly used. But how can we achieve authentication security?
Form submission page: sub.htm
<html>
<head>
<title>Administrator login</title>
<body>
<form name="form1" method="post" action="sub.asp">
<p>Admin:
<input type="text" name="UserID" size="25" maxlength="20">
password:
<input type="text" name="Pass" size="12" maxlength="20">
<input type="submit" name="Submit" value="Submit">
</p>
</form>
</body>
</html>
SUB.asp program
<%
Receive data from form
user=request.from("UserID")
Check whether the data submitted by the form is empty (you may use JAVASCRIPT or VBSCRIPT to control the form page, but don’t forget to control it here!
if user="" then
Go to the error message page!
response.redirect "err1.htm"
This sentence may not be useful, but it’s good to add it!
response.end
end if
pass=request.from("Pass")
if pass="" then
response.redirect "err2.htm"
response.end
end if
Join database
file=server.mappath("your database")
set conn=server.createobject("adodb.connection")
dr="driver={microsoft access driver (*.mdb)};dbq="&file
conn.open dr
set rs=server.createobject("adodb.recordset")
The key is the SQL language here
sql="select * from table where user= "&user&" and pass= "&pass&" "
rs.open sql
if not rs.eof then
If you find it, go to the management page.
response.redirect "login.asp"
else
If not found, you will enter an error page.
response.write "err3.htm"
end if
%>
Everyone feels that the above code should be fine, but there is a serious security risk here:
If I want to log in to the administrator, I can enter it in the SUb.htm form input box:
Enter in the first text box: a or 1 = 1 or OR =
Input in the second text box: a or 1 = 1 or OR =
Submit, everyone will see... "Oh, listen to me, okay, I will throw the bricks over later..."
"a " and "1" are any characters.
Some people may ask why you enter as an administrator when you enter these characters? ?
In fact, these characters are a deception of the SQL language in your program. For those who have successfully entered,
please see: When starting the program SQL, the table is queried for records that meet the user= "&user&" and pass= "&pass&" "conditions
sql="select * from table where user= "&user&" and pass= "&pass&" "
After I entered the above code, it became:
sql="select * from table where user= a or 1 = 1 and pass= a or 1 = 1 "
Let's see, is there any reason not to enter? ? Give me a reason not to enter!
The same is true if the above USER PASS field is numeric!
Solution:
1.
Use REPLACE Replace special characters in the content entered by the user to achieve control purposes! sql="select * from table where user= "&replace(user," "," ")&" and pass= "&replace(pass," "," ")&" "
This method can only replace one character at a time. In fact, the dangerous characters are not only " ", but also characters such as ">", "<", "&", "%" and so on, which should be fully controlled. But what should I do if the REPLACE function is not suitable?
2. The program control method
uses a program to control all the content entered by the client, so that any possible dangerous characters or codes entered by the user can be fully controlled. , this is my method!
<%
Capture form content submitted by the user
user=request.from("user")
pass=request.from("pass")
...
Loop control starts
for i=1 to len(user)
Use the MID function to read a character at position i in the variable user
us=mid(user,i,1)
Compare read characters
if us=" " or us="%" or us="<" or us=">" or us="&" then
If it contains the above characters, an error message will appear. It cannot contain the above special characters.
response.redirect "err2.htm"
response.end
end if
next
...
%>