recently a friend said his website is linked to the horse, was very distressed, traffic losses do not count, the horse will give users a fatal blow, which completely lose interest on your web site. The webmaster do not easy, isn’t a Essien made out of the site, so the end face of the horse? How can we cope with the challenge,
?The simplicity of
ASP development makes it possible for more and more web daemons to use the scripting language. However, due to ASP itself there are certain security vulnerabilities, a little careless, will provide an opportunity for hackers. At present, ASP programs on most websites have such and such security vulnerabilities, but it can be avoided if you write a program with a little more attention.
one, free program is left with back door
is the usual way of downloading what is known as a free program download. He can leave a small back door in a very inconspicuous directory or file, or simply put a Trojan in ASP. So do not easily use unknown procedures, download the program as far as possible to regular large sites. If you have to use it, please check each directory, the code for each file, and make sure it’s foolproof. Front desk as far as possible not to leave executable program, can generate HTM, all generated. It must be important to have the directory renamed in the background, which will be mentioned below.
two, background password is cracked,
users when debugging a program to set the username and password is very simple, and some even directly by default, it is extremely dangerous, others can simply by guessing or simple crack, easy to get permission, as can be imagined. Programs that involve user names and passwords should be encapsulated on the server side and try not to appear in the ASP file. The safer approach is that the background is verified by server-side SESSION, which is encrypted by MD5.
three, validation is bypassed by
today’s ASP program is in the page header plus a judgment statement, but this is not enough, there may be bypassed by the horse to verify the direct access. The solution is to have a validated ASP page that tracks the name of the last page and reads only the session from the previous page. Of course, if you change the name of the background directory, this intrusion is much less likely.
four, SQL injection
ASP program must be filtered, for some special characters such as’ the program must determine whether the client data submitted by compliance with the requirements of the procedure, SQL injection is a "qianlizhidi, ulcer in the colony". Now online SQL general anti injection procedures are many, download a slowly study, put it
five, database downloaded,
uses Access as a backend database, if someone knows or guesses the A> of the server in various ways