The main purpose of setting up firewalls for web pages is to provide different services to different visks according to web content, using Java Script or VB
Script, we can easily do this. But the source code of the web page can be seen in the customer browser, and the visitor can view the user authentication method used, which is just a surface-form firewall. ASP is the intermediate layer of client / server structure on the web, although it uses scripting languages (Java
Script, VB
Script, etc.), the program code is running on the server, only the dynamic HTML file output by the ASP is only available, but the ASP still has some vulnerabilities, and you can see the source code of the ASP program. At this time, through ASP and SQL
Server combined, we can design simple, efficient, and reliable applications. The following is a brief introduction to its establishment process.
First, establish login
Establish visitors' login and password on SQL Server.
Second, create a database DSN on the web server
Use the ODBC Data Source Manager in Control Panel to create an ODBC for a database
The data resource name, that is, DSN, which can be connected to the specific database by using the database DSN.
"ODBC Data Source Manager" provides three DSNs, which are user DSN, system DSN, and file DSN, respectively. Wherein, the user DSN saves the corresponding configuration information in the registry of Windows, but only the login user of the DSN is allowed. The system DSN also saves the relevant configuration information in the system registry, but the user DSN is different from the system DSN allows users of all login servers.
Unlike the above two database DSN, the file DSN saves the specific configuration information in a specific file on the hard disk. File DSN allows users of all login servers to use, and even if they do not have any user login, access support to the database DSN can be provided. In addition, because the file DSN is saved in the hard disk file, it can be easily copied into other machines. In this way, users can use DSN created on other machines without any changes to the system registry.
In the above three database DSNs, it is recommended that the user selects the system DSN or file DSN. If the user prefer the portability of the file DSN, it can obtain a high security guarantee by setting the file under the NT system.
Create a new DSN, the user first chooses "Add", then select the user to establish the database type and select "SQL in the list in the pop-up window and select" SQL in the list "
Server ". If the user is to create a file DSN, click the" Next "button and enter the file name and save path of the file DSN to be established in the subsequent dialog. If the user is established, the system DSN, click" Complete "Button.
After selecting the database, the user needs to set the database DSN. Users need to select the specific server for providing the database service, set the login user name and password, and the database to connect.
Third, program design
The following is a simple page firewall function. This page only allows users to access users in the inner network (here, the IP address of the internal network is between 10.61.96. to 10.65.97.), if it is an external user to access the access user Name and password. To use the ServerVariables property of the Request object, get the value of the environment variable by it.
The file source code (FireWall.asp is as follows:
HEAD>
<%
'Get the IP address and save it in the variable Remoteip using Request.ServerVariables ("remote_addr")
Remoteip = Request.ServerVariables ("remote_addr")
STIP = CSTR (Remoteip)
Take the value of the third segment of the IP address and save it to STIP
For i = 1 to 2
Stip = Right (STIP, LEN (stip) -instr (1, stip, "))))
NEXT
Stip = Left (stip, instr (1, stip, ") - 1)
'IP address validity test and password verification, including two aspects: If the IP address is in line with verification; if the IP address does not meet, the user name is verified, whether the password is correct
IF (Left (Remoteip, 5) <> "10.61" or stip <"96" or stip> "97") THEN
UserName = Request.form ("T1")
Password = Request.form ("t2")
Set fs = creteObject ("scripting.filesystemobject")
SET thisfile = fs.opentextfile ("dsn.txt")
DB_LOC = thisfile.readline
thisfile.close
CNSTR = DB_LOC && "Uid =" && UserName && ";" && "pid =" && password
ON Error ResMe next
SET CN = Server.createObject ("AdoDb.Connection")
CN.Open CNSTR
IF ERR = 3709 THEN%>
Sorry, users: <% = username%> No access rights, or password is incorrect!
font> p>