资源描述:
《asp安全英文文献及翻译》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库。
1、asp安全英文文献及翻译ASPsecurityenvironmentanalysisAbstract ArticlefromtheoverallsituationoftheAspsystem,fromtheWebserver,databaseclient,AspProgrammingAspthreeareasofsecuritytechnologyfortheanalysisandconclusion,andpointedoutthatsecurityshouldbebasedonAspprevention.I. IntroductionAspisaMicrosoftserv
2、er-sidescriptingenvironment,itisthescript,HTML,ActiveXcomponentscombinetoformadynamic,interactiveandefficientWebserverapplications.Atpresent,IIS+ASP+SQL(orAccess)programhasbecomethesmallandmedium-sizedenterprisestobuildtheirownonlineinformationsystemofchoicefortheprogram.AlthoughtheAsphasth
3、eabilitytoquicklydevelop,butthereareAspsecurityvulnerabilitiesthatcannotbeignored,thesesecurityissuesisAspdevelopersandmanagershavebeenworkingtoresolve.Thispaperattemptstoclientfromtheserver,databaseclient,AspProgrammingAspthreeareasofsecuritytechnologyfortheanalysis.II. ASPanalysisofthesec
4、uritytechnology(A)Webserver-sidesecuritytechnology 1.Directoryfileprotection (1)NTFSpermissions. NTFSfilesystemprovidesmoresecuritythantheFat32filemanagement,fileaccesscontrolthroughatable(ACL)definestheuseraccesstofilesanddirectory-levelpermissions,iftheuserhaspermissionstoopenthefile,th
5、ecomputerallowstheusertoaccessfiles.Directoriesandfilesbysettingaccessrights,theprohibitionhasnothingtodousersofthedirectoryfilecopy,modify,delete,etc.operations,restricttheinvasionofthesystem. (2)Virtualdirectoryanditsproperty.Virtualdirectoryhidethedirectorystructureonthesiteofimportanti
6、nformation,intheAspenvironment,asaferapproachistoAspseparatescriptsandHTMLfilesstoredindifferentdirectory,willbestoredasHTMLfilesread-onlyattributewillbestoredAspscriptdirectoryattributeissettoimplement. (3)TopreventthedocumentviewAsp. IISorCode.aspownShowcode.aspdocument,youcanviewthesour
7、cecodeofAspproceduresinordertostealinformation.Webservercandeleteordisableaccesstothedocumentsstoredinthefiles. 2.Restrictaccesstotechnology (1)IPaddressrestrictions.IISwillauthorizeorrejectaspecificIPaddressoftheirvisit,byrefusingavisittoaspecificIPadd