Yesterday and the pig discussed the system of the BS architecture should pay attention to those problems. I thought about it, I got it, Hoho is some of my own, I hope everyone will give some things I have not mentioned.
Since it is a B / S institution, then start from b :)
B == Browser (browser, don't smash me.) Generally refer to the client, usually the client proposes a request, then the server side responds to request, which is also designed to retrieve, update the database. I will pay attention to the question at the client, I summarize the following:
1. About the settings of the control
What to say here is: For tables that need users, the item (String type) must be fixed. And the length cannot be greater than the corresponding database field length. Try to make our customers with less data, try to encapsulate the packaged data, for example, when the customer is required to fill in the gender, give two radio items, give the month, the month, month, The drop-down menu of the day is better than only give a text box.
2. About display
When the field in the database is displayed to the customer, you must perform HTMLENCODE (encoded) to output it, avoiding the database contains unsafe code.
Let's talk about matters that the server should pay attention to:
1. Try not to return the error message to the browser, this is to try to avoid errors when you have a certain permission of the server.
2 character of. Here is recommended to use regular expressions to check the legality of the data. There is not much to say about SQL injection, because this three points you have to mention the three points mentioned above, this problem will not appear.
3. For some systems to prevent the database from being downloaded, about the method, you can check it yourself. (Hoho)
I think so much for the time being, I will improve it slowly. Don't give me something. . .
