asp安全问题 - 编程论坛

#2

jishang19832013-05-29 09:56

被攻击的两个页面中，一个使用了ajax，另一个是被ajax调用，是说明ajax容易被攻击吗，我把ajax相关的页面和js全部删除了，会安全一些吗？？

#3

hu9jj2013-05-29 20:40

关注这个问题。我的个人网站留言簿经常被发布莫明其妙的留言（见下图），我怀疑是用程序自动发的，但找不到防范的办法。

只有本站会员才能查看附件，请登录

#4

jishang19832013-05-30 08:59

回复 3楼 hu9jj

恶意留言和攻击文件的性质不同吧，asp文件有没有什么用来加密和反加密的工具呀

#5

dzt00012013-05-30 10:06

asp网站被攻击很大可能还是被注入，就是传递的参数判断不够严格造成的

#6

jishang19832013-05-30 10:15

回复 5楼 dzt0001

只要在连接数据库以前加上防注入的代码就行了吗？

#7

jishang19832013-05-30 10:15

asp代码加密工具 10.0，我刚用这个工具加密了，不知道大侠们用没用过这个工具，安全性如何。

#8

ysf01812013-05-30 15:31

过滤不安全字符，加密的话，最好搞成dll有服务器条件。

<%
function CheckStr(mystring) ''过滤危险字符函数
  mystring=replace(mystring,"'"," ")
  mystring=replace(mystring,","," ")
  mystring=replace(mystring,""," ")
  mystring=replace(mystring,"="," ")
  mystring=replace(mystring,"-"," ")
  mystring=replace(mystring,"/"," ")
  mystring=replace(mystring,""""," ")
  mystring=replace(mystring,"&"," ")
  mystring=replace(mystring,"<"," ")
  mystring=replace(mystring,">"," ")
  mystring=replace(mystring,"%"," ")
  mystring=replace(mystring,";"," ")
  mystring=replace(mystring,"?"," ")
  mystring=replace(mystring,"or"," ")
  mystring=replace(mystring,"*"," ")
  mystring=replace(mystring,"chr"," ")
  mystring=replace(mystring,"select"," ")
  mystring=replace(mystring,"and"," ")
  mystring=replace(mystring,"exec"," ")
  mystring=replace(mystring,"insert"," ")
  mystring=replace(mystring,"delete"," ")
  mystring=replace(mystring,"update"," ")
  mystring=replace(mystring,"count"," ")
  mystring=replace(mystring,"master"," ")
  mystring=replace(mystring,"char"," ")
  mystring=replace(mystring,"mid"," ")
  mystring=replace(mystring,"declare"," ")
  mystring=replace(mystring,"truncate"," ")
  mystring=replace(mystring,"“"," ")
  mystring=replace(mystring,"‘"," ")
  mystring=replace(mystring," ","")
  mystring=replace(mystring," ","")
  'Fy_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
  CheckStr=mystring
end function '过滤危险字符函数
%>