The main purpose of setting up firewalls for web pages is to provide different services to different visits according to web content, using Java Script or VB Script, we can easily do this. But the source code of the web page can be seen in the customer browser, and the visitor can view the user authentication method used, which is just a surface-form firewall. ASP is the intermediate layer of the client / server structure on the web. Although it is written using scripting languages (Java Script, VB Script, etc.), the program code is running on the server, and only the dynamic HTML file output by the ASP is only available. However, ASP still has certain vulnerabilities, and you can see the source code of the ASP program. At this time, combined with SQL Server is combined with SQL Server, we can design simple, efficient and reliable applications. The following is a brief introduction to its establishment process.
First, establish login
Establish visitors' login and password on SQL Server.
Second, create a database DSN on the web server
Use the "ODBC Data Source Manager" in the Control Panel to create an ODBC data resource name of a database, ie DSN, so you can connect the specific database by using the database DSN. "ODBC Data Source Manager" provides three DSNs, which are user DSN, system DSN, and file DSN, respectively. Wherein, the user DSN saves the corresponding configuration information in the registry of Windows, but only the login user of the DSN is allowed. The system DSN also saves the relevant configuration information in the system registry, but the user DSN is different from the system DSN allows users of all login servers. Unlike the above two database DSN, the file DSN saves the specific configuration information in a specific file on the hard disk. File DSN allows users of all login servers to use, and even if they do not have any user login, access support to the database DSN can be provided. In addition, because the file DSN is saved in the hard disk file, it can be easily copied into other machines. In this way, users can use DSN created on other machines without any changes to the system registry. In the above three database DSNs, it is recommended that the user selects the system DSN or file DSN. If the user prefer the portability of the file DSN, it can obtain a high security guarantee by setting the file under the NT system. Create a new DSN, the user first chooses "Add", then select the user to establish a connection to the database type and select the "SQL Server" item in the list. If the user is to create a file DSN, click the "Next" button and enter the file name and save path of the file DSN to be created in the subsequent dialog box. If the user builds a system DSN, click the "Finish" button. After selecting the database, the user needs to set the database DSN. Users need to select the specific server for providing the database service, set the login user name and password, and the database to connect.
Third, program design
The following is a simple page firewall function. This page only allows users to access users in this unit (here you assume that the IP address of the internal network is from 10.61.96. • Between 10.65.97. Name and password. To use the ServerVariables property of the Request object, get the value of the environment variable by it. The file source code (FireWall.asp is as follows:
<% 'Using Request.SerVariables ("remote_addr") to get IP addresses and save Remoteip = Request.ServerVariables ("remote_addr" in Variable Remoteip ) STIP = CSTR (Remoteip) Gets the value of the third segment of the IP address and saves for I = 1 to 2stip = Right (STIP, LEN (STIP) -instr (1, Stip, ")) NEXTSTIP = LEFT (stip, instr (1, stip, ") - 1) 'IP address validity check and password verification, including two aspects: If the IP address is in line with verification; if the IP address does not match, the input is verified. User name, password correct IF (Left (Remoteip, 5) <> "10.61" or stip <"96" or stip> "97") THENUSERNAME = Request.form ("T1") Password = request.form ("T2 ") Set fs = CreateObject (" Scripting.FileSystemObject ") Set thisfile = fs.OpenTextFile (" dsn.txt ") db_loc = thisfile.readlinethisfile.closecnstr = db_loc &&" uid = "&& username &&"; "&&" pid = "&& passwordon error Resume NextSet CN = Server.createObject ("AdoDb.Connection") CN.Open CNSTRIF ERR = 3709 THEN%>
Sorry, users: <% = username%> No access rights, Or password is incorrect!
