17 ways to improve the security of Web program
1. When making a program plan, put different file types in different folders, such as the HTM page, put in the Static folder, the ASP page is placed in the Dynamic folder, INC, and MDB type to put into the include folder for different Folders, set different access rights 2. When designing the database, deposit different information in different databases. This is even if one of the databases are broken, saved in other databases or secure 3. Design the database, the name of the database, the name, the name of the table, the field name should not be regular, the length is longer, to prevent the database 4. When inserting data into the database, you want to verify the length to prevent data overflow errors. For the Access database, it is best to connect the database using an ODBC mode. If you don't have to use an ODBC method, you don't have the name of the database, you need to have a length, and put it in multiple-level directory to prevent the database name. Another solution, parsing the .mdb type file, resolving with asp.dll 6. Encrypting the important information, such as password fields, retrieves the password prompts, and answers. This will not receive sensitive information even if you get your database. 7. Thesession variable name should not have law. Prevent the SESSION Variable Name for session deception 8. For the form page, try to minimize the user's input. Filtering the content input by the user to prevent the use of SQL injection vulnerability 9. For information obtained, the content submitted, or the URL is sure to filter. Filtered characters include ';:,% - (Note - Annotation in the SQL statement) 10. For submitting forms, multi-purpose POST mode. Get form content, use the request.form ("") mode 11. For the obtained variable, it is a must-validation of the digital type. It is a digital alphanumeric, must be verified as a digital alphabetic combination 12. Consider comprehensively and perform as many error processes on programming. 13. Multi-line text boxes, use the UBB tag, at least filter out the JS statement 14. Prevent the external submission of data. A method that can be required to enter the verification code as required. 15. Upload the files of the file image, do strict restrictions, prevent back door and virus programs 16. Parameter spoof. If you can pass the parameter URL? P = adsfsf, p = adsfsf is useless parameters
17. IP to users illegally accessed IP
