/webadmin/Plugins/dbsecurity.asp代码页
<!--#include file="../admin_sb.asp"-->
<%
'************** ASPSecurity  数据库保护  **********
' Copyright 2006
' Thanks Internet
' Create:2006-7-28
' Update:2006-7-29
'**************************************************

%>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<link rel="stylesheet" rev="stylesheet" href="../inc/control.css" type="text/css" media="all" />
</head>

<body class="ContentBody">
<div class="MainDiv">
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="CContent">
  <tr>
    <th class="CTitle">雷客图ASP站长安全助手 数据库安全保护
  </tr>
  <tr>
    <td class="CPanel">
        <div id="updateInfo" style="background:ffffe1;border:1px solid #89441f;padding:4px;display:none"></div>
<form name="form1" method="post" action="">
	<table width="100%" border="0" cellpadding="0" cellspacing="0">
	 <tr>
		 <td valign="top" style="padding:5px;width:140px"><img src="../images/Icon/ControlPanel.png" width="128" height="128"/></td>
		 <td valign="top">		 <div align="left" style="padding:5px;line-height:170%;clear:both;font-size:12px">
		     <p></p>
		     <b>功能描述: </b>有人为了防止 Access 数据库被下载而把数据库后缀改为 asp/asa ,但这样其实并不能防止数据库被下载,而且还有可能产生更大的安全问题让黑客有可乘之机。本功能就是通过对改后缀之后的数据库文件进行处理,消除安全隐患。<br/>
* 数据库后缀要改为ASP或ASA才能真正防下载<br/>
<br/>
<b>要保护的 Access 数据库相对路径:</b><br>
<input name="mdbpath" type="text" style="border:1px solid #999" size="50">
<br>
* 从站点根目录算起,例:database\data.asp <br>
<strong>添加的防下载表名:</strong><br>
<input name="TableName" type="text" id="TableName" style="border:1px solid #999" value="DBSecurity" size="16">
<br>
<br>
<input type="submit" name="Submit" value="提  交" style="border:1px solid #999">
<br>
<br>
<%
tName = request.Form("TableName")
if request.Form("mdbpath") <> "" and tName <> "" then
	set conn=server.createobject("Adodb.Connection")
	connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath("\")&"\"&request.Form("mdbpath")
	on error resume next
	conn.open connstr
	if conn.state=0 then
		conn.errors.clear
		set conn=nothing
		response.Write Server.MapPath("\")&"\"&request.Form("mdbpath")&"<br>不存在或者不是数据库文件!"
		response.End()
	end if
	conn.execute("create table " & tName & "(notdown oleobject)")
	If Err Then
		err.Clear
	end if
	set rs=server.createobject("adodb.recordset")
	sql="select * from " & tName
	rs.open sql,conn,1,3
	rs.addnew
	rs("notdown").appendchunk(ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%"))&ChrB(Asc("<"))&ChrB(Asc("%")))
	rs.update
	rs.close
	set rs=nothing
	conn.close
	set conn=nothing
	response.Write("数据库保护完毕!")
end if
%>
<p><br/>  
                </p>
		<a href="#" onClick="javascript:history.go(-1);">返回插件首页</a> </div>    	  
	 </tr>
	</table></form>
</td></tr></table>

</div>
</body>
</html>
相关源码
字母检索
回到顶部