DBSecurity.asp
资源名称:wap.rar [点击查看]
上传用户:sking1122
上传日期:2020-09-24
资源大小:1005k
文件大小:3k
源码类别:
手机WAP编程
开发平台:
ASP/ASPX
- <!--#include file="../admin_sb.asp"-->
- <%
- '************** ASPSecurity 数据库保护 **********
- ' Copyright 2006
- ' Thanks Internet
- ' Create:2006-7-28
- ' Update:2006-7-29
- '**************************************************
- %>
- <html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=gb2312">
- <link rel="stylesheet" rev="stylesheet" href="../inc/control.css" type="text/css" media="all" />
- </head>
- <body class="ContentBody">
- <div class="MainDiv">
- <table width="100%" border="0" cellpadding="0" cellspacing="0" class="CContent">
- <tr>
- <th class="CTitle">雷客图ASP站长安全助手 数据库安全保护
- </tr>
- <tr>
- <td class="CPanel">
- <div id="updateInfo" style="background:ffffe1;border:1px solid #89441f;padding:4px;display:none"></div>
- <form name="form1" method="post" action="">
- <table width="100%" border="0" cellpadding="0" cellspacing="0">
- <tr>
- <td valign="top" style="padding:5px;width:140px"><img src="../images/Icon/ControlPanel.png" width="128" height="128"/></td>
- <td valign="top"> <div align="left" style="padding:5px;line-height:170%;clear:both;font-size:12px">
- <p></p>
- <b>功能描述: </b>有人为了防止 Access 数据库被下载而把数据库后缀改为 asp/asa ,但这样其实并不能防止数据库被下载,而且还有可能产生更大的安全问题让黑客有可乘之机。本功能就是通过对改后缀之后的数据库文件进行处理,消除安全隐患。<br/>
- * 数据库后缀要改为ASP或ASA才能真正防下载<br/>
- <br/>
- <b>要保护的 Access 数据库相对路径:</b><br>
- <input name="mdbpath" type="text" style="border:1px solid #999" size="50">
- <br>
- * 从站点根目录算起,例:databasedata.asp <br>
- <strong>添加的防下载表名:</strong><br>
- <input name="TableName" type="text" id="TableName" style="border:1px solid #999" value="DBSecurity" size="16">
- <br>
- <br>
- <input type="submit" name="Submit" value="提 交" style="border:1px solid #999">
- <br>
- <br>
- <%
- tName = request.Form("TableName")
- if request.Form("mdbpath") <> "" and tName <> "" then
- set conn=server.createobject("Adodb.Connection")
- connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath("")&""&request.Form("mdbpath")
- on error resume next
- conn.open connstr
- if conn.state=0 then
- conn.errors.clear
- set conn=nothing
- response.Write Server.MapPath("")&""&request.Form("mdbpath")&"<br>不存在或者不是数据库文件!"
- response.End()
- end if
- conn.execute("create table " & tName & "(notdown oleobject)")
- If Err Then
- err.Clear
- end if
- set rs=server.createobject("adodb.recordset")
- sql="select * from " & tName
- rs.open sql,conn,1,3
- rs.addnew
- rs("notdown").appendchunk(ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%")))
- rs.update
- rs.close
- set rs=nothing
- conn.close
- set conn=nothing
- response.Write("数据库保护完毕!")
- end if
- %>
- <p><br/>
- </p>
- <a href="#" onClick="javascript:history.go(-1);">返回插件首页</a> </div>
- </tr>
- </table></form>
- </td></tr></table>
- </div>
- </body>
- </html>