◆在ASP编程中,身份认证可以说是常要用到......
在ASP编程中,身份认证可以说是常要用到的。但怎么样才能做到认证的安全呢?
举例:
表单提交页面:sub.htm
管理员登陆</title> <br><body> <br><form name="form1" method="post" action="sub.asp"> <br><p> 管理员: <br><input type="text" name="UserID" size="25" maxlength="20"><br>密 码: <br><input type="text" name="Pass" size="12" maxlength="20"> <br><input type="submit" name="Submit" value="提交"> <br></p> <br></form> <br></body> <br></html> <br><br>SUB.asp程序 <br><% <br>接收表单中的数据 <br>user=request.from("UserID") <br>检察表单提交的数据是否为空(表单页面可能你用JAVASCRIPT OR VBSCRIPT控制了,但这里也不要忘记控制! <br>if user="" then <br>转到出错提示页面! <br>response.redirect "err1.htm" <br>这一句可能没用,但加上为好! <br>response.end <br>end if <br>pass=request.from("Pass") <br>if pass="" then <br>response.redirect "err2.htm" <br>response.end <br>end if <br>联接数据库 <br>file=server.mappath("你的数据库") <br>set conn=server.createobject("adodb.connection") <br>dr="driver={microsoft access driver (*.mdb)};dbq="&file <br>conn.open dr <br>set rs=server.createobject("adodb.recordset") <br>关键是这里的SQL语言 <br>sql="select * from 表 where user= "&user&" and pass= "&pass&" " <br>rs.open sql <br>if not rs.eof then <br>找到的话就进入管理页面 <br>reponse.redirect "login.asp" <br>else <br>没找到就进入错误页面 <br>response.write "err3.htm" <br>end if <br>%> <br>大家感觉以上代码应该没问题啊,但是这里有一个严重的安全隐患:<br>我如果想登录管理员的话可以在SUb.htm表单输入框中输入: <br>第一个文本框中输入:a or 1 = 1 或 OR = <br>第二个文本框中输入:a or 1 = 1 或 OR = <br>提交,大家会看到...“呜,听我说完好不好,砖头一会再丢过来..." <br>"a " 和“1”为任意字符 <br>有人会问为什么你输入这些字符会以管理员身份进入呢?? <br>其实这些字符是对你程序中SQL语言的欺骗,而成功进入的 <br>大家看:开始程序SQL中是对表进行查询满足user= "&user&" and pass= "&pass&" "条件的记录 <br>sql="select * from 表 where user= "&user&" and pass= "&pass&" " <br>我而输入上面的代码后就成了: <br>sql="select * from 表 where user= a or 1 = 1 and pass= a or 1 = 1 " <br>大家看看,能有不进入的理由吗??给我一个不进入的理由,先! <br>以上USER PASS字段为字符型 如果是数字型也一样的道理! <br><br>解决方法: <br>一、函数替代法: <br>用REPLACE将用户端输入的内容中含有特殊字符进行替换,达到控制目的啊!:) <br>sql="select * from 表 where user= "&replace(user," "," ")&" and pass= "&replace(pass," "," ")&" " <br>这种方法每次只能替换一个字符,其实危险的字符不只是" ",还有如">"、"<"、"&"、"%"等字符应该全控制起来。但用REPLACE函数好象不太胜任那怎么办呢?? <br>二、程序控制法 <br>用程序来对客户端输入的内容全部控制起来,这样能全面控制用户端输入的任何可能的危险字符或代码,我就的这个方法!:) <br>举例说明: <br><% <br>捕捉用户端提交的表单内容 <br>user=request.from("user") <br>pass=request.from("pass") <br>... <br>循环控制开始 <br>for i=1 to len(user) <br>用MID函数读出变量user中i 位置的一个字符 <br>us=mid(user,i,1) <br>将读出的字符进行比较 <br>if us=" " or us="%" or us="<" or us=">" or us="&" then <br>如果含有以上字符将出错提示,不能含有以上特殊字符 <br>response.redirect "err2.htm" <br>response.end <br>end if <br>next <br>... <br>%> <br></td></tr></table>
<!--[diy=diycontentbottom]--><div id="diycontentbottom" class="area"></div><!--[/diy]-->
<script src="data/cache/home.js?R1y" type="text/javascript"></script>
<div id="click_div"><table cellpadding="0" cellspacing="0" class="atd">
<tr></tr>
</table>
<script type="text/javascript">
function errorhandle_clickhandle(message, values) {
if(values['id']) {
showCreditPrompt();
show_click(values['idtype'], values['id'], values['clickid']);
}
}
</script>
</div>
<!--[diy=diycontentclickbottom]--><div id="diycontentclickbottom" class="area"></div><!--[/diy]-->
</div>
<div class="o cl ptm pbm">
<a href="https://bbs.weiying.cn/home.php?mod=spacecp&ac=favorite&type=article&id=7656&handlekey=favoritearticlehk_7656" id="a_favorite" onclick="showWindow(this.id, this.href, 'get', 0);" class="oshr ofav">收藏</a>
<a href="https://bbs.weiying.cn/home.php?mod=spacecp&ac=share&type=article&id=7656&handlekey=sharearticlehk_7656" id="a_share" onclick="showWindow(this.id, this.href, 'get', 0);" class="oshr">分享</a>
<a href="misc.php?mod=invite&action=article&id=7656" id="a_invite" onclick="showWindow('invite', this.href, 'get', 0);" class="oshr oivt">邀请</a>
</div>
</div>
<!--[diy=diycontentrelatetop]--><div id="diycontentrelatetop" class="area"></div><!--[/diy]-->
<!--[diy=diycontentrelate]--><div id="diycontentrelate" class="area"></div><!--[/diy]-->
<div id="comment" class="bm">
<div class="bm_h cl">
<h3>最新评论</h3>
</div>
<div id="comment_ul" class="bm_c"><form id="cform" name="cform" action="portal.php?mod=portalcp&ac=comment" method="post" autocomplete="off">
<div class="tedt">
<div class="area">
<textarea name="message" rows="3" class="pt" id="message" onkeydown="ctrlEnter(event, 'commentsubmit_btn');"></textarea>
</div>
</div>
<input type="hidden" name="portal_referer" value="portal.php?mod=view&aid=7656#comment">
<input type="hidden" name="referer" value="portal.php?mod=view&aid=7656#comment" />
<input type="hidden" name="id" value="0" />
<input type="hidden" name="idtype" value="" />
<input type="hidden" name="aid" value="7656">
<input type="hidden" name="formhash" value="5c75d370">
<input type="hidden" name="replysubmit" value="true">
<input type="hidden" name="commentsubmit" value="true" />
<p class="ptn"><button type="submit" name="commentsubmit_btn" id="commentsubmit_btn" value="true" class="pn"><strong>评论</strong></button></p>
</form>
</div>
</div>
<!--[diy=diycontentcomment]--><div id="diycontentcomment" class="area"></div><!--[/diy]-->
</div>
<div class="sd pph">
<div class="drag">
<!--[diy=diyrighttop]--><div id="diyrighttop" class="area"></div><!--[/diy]-->
</div>
<div class="bm">
<div class="bm_h cl">
<h2>相关分类</h2>
</div>
<div class="bm_c">
<ul class="xl xl2 cl"><li><a href="https://bbs.weiying.cn/portal.php?mod=list&catid=38">ASP/.NET</a></li>
<li><a href="https://bbs.weiying.cn/portal.php?mod=list&catid=59">PHP</a></li>
<li><a href="https://bbs.weiying.cn/portal.php?mod=list&catid=60">JSP/Java</a></li>
<li><a href="https://bbs.weiying.cn/portal.php?mod=list&catid=61">CGI/perl</a></li>
<li><a href="https://bbs.weiying.cn/portal.php?mod=list&catid=62">VB/.NET</a></li>
<li><a href="https://bbs.weiying.cn/portal.php?mod=list&catid=63">C/C++</a></li>
<li><a href="https://bbs.weiying.cn/portal.php?mod=list&catid=64">Delphi</a></li>
<li><a href="https://bbs.weiying.cn/portal.php?mod=list&catid=65">Xml</a></li>
</ul>
</div>
</div>
<div class="drag">
<!--[diy=diy2]--><div id="diy2" class="area"></div><!--[/diy]-->
</div>
</div>
</div>
<div class="wp mtn">
<!--[diy=diy3]--><div id="diy3" class="area"></div><!--[/diy]-->
</div>
<input type="hidden" id="portalview" value="1"> </div>
<div id="ft" class="wp cl">
<div id="flk" class="y">
<p>
<a href="//wpa.qq.com/msgrd?v=3&uin=8828254&site=微赢网络技术论坛&menu=yes&from=discuz" target="_blank" title="QQ"><img src="static/image/common/site_qq.jpg" alt="QQ" /></a><span class="pipe">|</span><a href="https://bbs.weiying.cn/forum.php?mod=misc&action=showdarkroom" >小黑屋</a><span class="pipe">|</span><a href="topic-sitemap.html" target="_blank" >最新主题</a><span class="pipe">|</span><a href="https://bbs.weiying.cn/forum.php?showmobile=yes" >手机版</a><span class="pipe">|</span><strong><a href="http://bbs.weiying.cn" target="_blank">微赢网络技术论坛</a></strong>
( <a href="https://beian.miit.gov.cn/" target="_blank">苏ICP备08020429号</a> )<script>
var _hmt = _hmt || [];
(function() {
var hm = document.createElement("script");
hm.src = "https://hm.baidu.com/hm.js?a66c064273122db3a05de72f6cd924eb";
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(hm, s);
})();
</script></p>
<p class="xs0">
GMT+8, 2024-9-30 23:31<span id="debuginfo">
, Processed in 0.175400 second(s), 12 queries
, Gzip On, MemCache On.
</span>
</p>
</div>
<div id="frt">
<p>Powered by <strong><a href="https://www.discuz.vip/" target="_blank">Discuz!</a></strong> <em>X3.5</em></p>
<p class="xs0">© 2001-2023 <a href="https://code.dismall.com/" target="_blank">Discuz! Team</a>.</p>
</div></div>
<script src="home.php?mod=misc&ac=sendmail&rand=1727710281" type="text/javascript"></script>
<div id="scrolltop">
<span hidefocus="true"><a title="返回顶部" onclick="window.scrollTo('0','0')" class="scrolltopa" ><b>返回顶部</b></a></span>
</div>
<script type="text/javascript">_attachEvent(window, 'scroll', function () { showTopLink(); });checkBlind();</script>
</body>
</html>
|
