Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home Database Mysql Tutorial 谈使用Access数据库应对的安全策略

谈使用Access数据库应对的安全策略

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 07, 2016 pm 05:53 PM
access security strategy database

Microsoft Office Access(前名 Microsoft Access)是由微软发布的关联式数据库管理系统。它结合了 Microsoft Jet Database Engine 和 图形用户界面两项特点,是 Microsoft Office的成员之一。 Access能够存取 Access/Jet、Microsoft SQL Server、Oracle(甲

  Microsoft Office Access(前名 Microsoft Access)是由微软发布的关联式管理系统。它结合了 Microsoft Jet Database Engine 和 图形用户界面两项特点,是 Microsoft Office的成员之一。

  Access能够存取 Access/Jet、Microsoft SQL Server、Oracle(甲骨文软件公司),或者任何 ODBC 兼容数据库内的资料。熟练的软件设计师和资料分析师利用它来开发应用软件,而一些不熟练的程序员和非程序员的"进阶用户"则能使用它来开发简单的应用软件。虽然它支援部份面向对象(OO)技术,但是未能成为一种完整的面向对象开发工具。

  其实Access 也是微软公司另一个通讯程序的名字,想与 ProComm 以及其他类似程序来竞争。可是事后微软证实这是个失败计划,并且将它中止。数年后他们把名字重新命名于数据库软件。

攻略篇:  

  一、发挥你的想象力 修改数据库文件名,从理论上讲不一定能防止被.

   修改数据库名,其目的就是防止我们猜到数据库而被下载.

   但是万一我们猜到数据库名,就直接可以下载了.所以这不能保证100%不能被下载.

   猜解数据库的常用的办法就是写程序去猜解数据库名,判断WEB返回的是不是404错误,如果提交一个MDB文件,没有返回404错误,那就猜对了,就直接下载.

   当然这有一定的局限性,因为如果数据库名非常复杂,会产生大量的日志.管理员可能早 发现了.并且还有猜解的时间会变得很长.  

  二:数据库名后缀改为ASA、ASP等,不一定能防止被下载.

   IIS在通过asp.dll处理.asp扩展名文件的时候,对以外的内容,不做任何处理就直接输出,但是MDB文件中如果没有之类的ASP标实符,我们直接在IE中输入URL返回在IE中的数据,就是MDB文件的数据,我们直接用FLASHGET之类的软件就可以下载,下载后改名这后就可以用了.
  
  如图1:  
谈使用Access数据库应对的安全策略

  三: 数据库名前加“#”,一定能防止被下载.  

  有些人误认为:

  "只需要把数据库文件前名加上#、然后修改数据库连接文件(如conn.asp)中的数据库地址。原理是下载的时候只能识别 #号前名的部分,对于后面的自动去掉."  

  这样是比较安全的.这只是对于一般的人无法下载.因为他们不知道,也没有去了解有关IE编码的技术.在编码中我们用%23来代替#号.所以我们如果有一个数据库是:

  http://www.xxx.com/data/#datapro.mdb

  我们直接在IE中输入:

  http://www.xxx.com/data/%23datapro.mdb

  就可以下载了.

  如图2:
谈使用Access数据库应对的安全策略


Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

How to fix KB5055523 fails to install in Windows 11?
3 weeks ago By DDD
How to fix KB5055518 fails to install in Windows 10?
3 weeks ago By DDD
Roblox: Grow A Garden - Complete Mutation Guide
2 weeks ago By DDD
Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
How to fix KB5055612 fails to install in Windows 10?
3 weeks ago By DDD
Show More

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Java Tutorial
1663
14
CakePHP Tutorial
1419
52
Laravel Tutorial
1313
25
PHP Tutorial
1263
29
C# Tutorial
1237
24
Show More
Related knowledge
How to configure zend for apache How to configure zend for apache Apr 13, 2025 pm 12:57 PM

How to configure Zend in Apache? The steps to configure Zend Framework in an Apache Web Server are as follows: Install Zend Framework and extract it into the Web Server directory. Create a .htaccess file. Create the Zend application directory and add the index.php file. Configure the Zend application (application.ini). Restart the Apache Web server.

Oracle's Role in the Business World Oracle's Role in the Business World Apr 23, 2025 am 12:01 AM

Oracle is not only a database company, but also a leader in cloud computing and ERP systems. 1. Oracle provides comprehensive solutions from database to cloud services and ERP systems. 2. OracleCloud challenges AWS and Azure, providing IaaS, PaaS and SaaS services. 3. Oracle's ERP systems such as E-BusinessSuite and FusionApplications help enterprises optimize operations.

MySQL vs. Other Databases: Comparing the Options MySQL vs. Other Databases: Comparing the Options Apr 15, 2025 am 12:08 AM

MySQL is suitable for web applications and content management systems and is popular for its open source, high performance and ease of use. 1) Compared with PostgreSQL, MySQL performs better in simple queries and high concurrent read operations. 2) Compared with Oracle, MySQL is more popular among small and medium-sized enterprises because of its open source and low cost. 3) Compared with Microsoft SQL Server, MySQL is more suitable for cross-platform applications. 4) Unlike MongoDB, MySQL is more suitable for structured data and transaction processing.

Using Dicr/Yii2-Google to integrate Google API in YII2 Using Dicr/Yii2-Google to integrate Google API in YII2 Apr 18, 2025 am 11:54 AM

VprocesserazrabotkiveB-enclosed, Мнепришлостольностьсясзадачейтерациигооглапидляпапакробоглесхетсigootrive. LEAVALLYSUMBALLANCEFRIABLANCEFAUMDOPTOMATIFICATION, ČtookazaLovnetakProsto, Kakaožidal.Posenesko

MySQL: Structured Data and Relational Databases MySQL: Structured Data and Relational Databases Apr 18, 2025 am 12:22 AM

MySQL efficiently manages structured data through table structure and SQL query, and implements inter-table relationships through foreign keys. 1. Define the data format and type when creating a table. 2. Use foreign keys to establish relationships between tables. 3. Improve performance through indexing and query optimization. 4. Regularly backup and monitor databases to ensure data security and performance optimization.

What is apache server? What is apache server for? What is apache server? What is apache server for? Apr 13, 2025 am 11:57 AM

Apache server is a powerful web server software that acts as a bridge between browsers and website servers. 1. It handles HTTP requests and returns web page content based on requests; 2. Modular design allows extended functions, such as support for SSL encryption and dynamic web pages; 3. Configuration files (such as virtual host configurations) need to be carefully set to avoid security vulnerabilities, and optimize performance parameters, such as thread count and timeout time, in order to build high-performance and secure web applications.

Nginx performance monitoring and troubleshooting tools Nginx performance monitoring and troubleshooting tools Apr 13, 2025 pm 10:00 PM

Nginx performance monitoring and troubleshooting are mainly carried out through the following steps: 1. Use nginx-V to view version information, and enable the stub_status module to monitor the number of active connections, requests and cache hit rate; 2. Use top command to monitor system resource occupation, iostat and vmstat monitor disk I/O and memory usage respectively; 3. Use tcpdump to capture packets to analyze network traffic and troubleshoot network connection problems; 4. Properly configure the number of worker processes to avoid insufficient concurrent processing capabilities or excessive process context switching overhead; 5. Correctly configure Nginx cache to avoid improper cache size settings; 6. By analyzing Nginx logs, such as using awk and grep commands or ELK

How to solve nginx current limit How to solve nginx current limit Apr 14, 2025 pm 12:06 PM

The Nginx current limit problem can be solved by: use ngx_http_limit_req_module to limit the number of requests; use ngx_http_limit_conn_module to limit the number of connections; use third-party modules (ngx_http_limit_connections_module, ngx_http_limit_rate_module, ngx_http_access_module) to implement more current limit policies; use cloud services (Cloudflare, Google Cloud Rate Limiting, AWS WAF) to DD

See all articles