At present, the Access database is very extensive in small and medium-sized Web projects, and the security issue of Access database cannot be ignored. Among them, "Preventing the Access Database File Download" is a core problem. Now there is a method of "preventing the Access database file directly downloaded", but most of them are wrong, for example, give a complex file name to the MDB file, plus "#" in the MDB file, the suffix name Change to ASP, ASA, and so on. For several of the above prevention methods, just download the URL of the MDB file, you can download it directly with the download tool flashget. Others say that you can set your password in Access, even if the hacker gets the database is useless. In fact, the encryption mechanism of the Access database is very fragile. After encrypting the database system, the database system forms a doubling string by "distinguishing the user input password" videolic, and stores it in * .mdb file from address " & H42 "started the area. Use programs to easily write crack code. There is already such a program online. Now I will tell you about my two very simple methods: 1. If you are a native debug, you can control the IIS of the website server, so simple, put the MDB file outside the web home directory. For example, your web directory is in the D: / Website directory, then save the database in the D: / root directory. The attacker has no ability to download. 2, if you are a virtual host applied online, first change the database "db.mdb" to "db.asp", write a text file 1.txt, the content is as follows: <% response.redirect "err.asp"% > Write an err.asp file: <% response.write "Prohibits downloading database!"%> And enter in cmd: COPY DB.ASP / B 1.Txt / a db2.asp This command means file Merger copy, let DB.asp use binary, 1.txt copies in ASCII mode, and the synthesis file is db2.asp. The generated db2.asp is a secure database file. Whether it is downloading the download tools such as IE or FlashGet, only downloaded to Err.asp.
