找回密码
 注册
搜索
热搜: 回贴
微赢网络技术论坛 门户 安全攻防 查看内容

PreventingSQLInjectionAttacks

2009-12-14 02:21| 发布者: admin| 查看: 17| 评论: 0|原作者: 冰淇淋

转自:http://blog.csdn.net/vivian315/
1Never trust user input(不要信任用户输入) Validate all textbox entries using validation controls, regular expressions, code, and so on (用验证控件验证所有的输入框,正则表达式,编码等)
2Never use dynamic SQL(不要使用动态sql) Use parameterized SQL or stored procedures(应该用参数化sql或存储过程)
3Never connect to a database using an admin-level account(不要用管理级账号连接数据库) Use a limited access account to connect to the database (用限制级账号连接数据库)
4Don't store secrets in plain text (不要保存秘密信息在纯文本中)Encrypt or hash passwords and other sensitive data; you should also encrypt connection strings (应该加密或搞乱密码和其它敏感数据,也应该加密连接字符串)
5Exceptions should divulge minimal information(异常应该泄漏最少信息) Don't reveal too much information in error messages; use customErrors to display minimal information in the event of unhandled error; set debug to false(不要在出错消息中暴露太多信息,如果发生未错误处理应该用自定义错误信息显示最少信息,设置调试为false)


最新评论

QQ|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )

GMT+8, 2024-11-6 03:03 , Processed in 0.531547 second(s), 12 queries , Gzip On, MemCache On.

Powered by Discuz! X3.5

© 2001-2023 Discuz! Team.

返回顶部