ACCESS攻守：防止数据库被下载的几种方法-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

ACCESS攻守：防止数据库被下载的几种方法

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 03:12 PM

accessdownloadseveral kindsdatabasemethodusevirtualprevent

一、你用的是虚拟主机: 首先在你的MDB文件中建一个表.表中取一个字段名叫：NotDownLoad吧。在表名建一个字段。字段中填入：呵呵，再把数据库改名为.Asp的。为什么要取名为其实=’a’-1这里你可以乱输入只要不是正确的Asp语句就行了。因为这样把扩展名改成.

一、你用的是虚拟主机:

首先在你的MDB文件中建一个表.表中取一个字段名叫：NotDownLoad吧。

在表名建一个字段。字段中填入：

ACCESS攻守：防止数据库被下载的几种方法

呵呵，再把数据库改名为.Asp的。为什么要取名为其实=’a’-1这里你可以乱输入只要不是正确的Asp语句就行了。因为这样把扩展名改成.ASP后在IE中输入的时候。遇到了他就会去解释之间的代码，让他解释吧。呵呵会出错，所以数据库绝对不会正确的被下载

ACCESS攻守：防止数据库被下载的几种方法

你让为安全了吗?呵呵还不安全。我们还得在数据库名前加上一个#号。如：#Data.Asp这里的#号并不是用来作防止下载的。防止下载的刚才的过程已经作了解释。当你有多个MDB文件,并放在同一个目录下.如:某个网站（由于安全原因，就不公布了）的整站系统。如果我们猜到管理员MDB文件的位置并且从另一个系统中得到SQL注入漏洞的同时可以采用ACCESS跨库查询的方法。来取得管理员库中的记录。如果我们在库名前面加上#号的时候，就算你猜测到了，我们也不怕提交：select * from d:webdata#data.asp.admin

sql查询语句，系统会提示出错。因为#在SQL语法中有表示日期的作用.语法出错也就不会去执行查询条件了。（呵呵，此网站目前还有一个漏洞我用access跨库的方法攻击成功过!）

我认为比较安全的数据库就应该是#文件名.Asp 并且建一个临时表,表中有一字段输入ASP代码,让ASP不能被正确的解释。

二、你用的是托管主机拥有主机权：

这种防下载的方法就太好办了。呵呵把你的数据库放到IIS以外的目录。打死我，我也下不了。如你的WEB目录在D:WebWebSite目录下. 那么就把数据库保存在D:WebData目录下，当然目前某些虚拟主机，也提供专门的data目录。

三、设置文件不可以下载

在IIS中，数据库上右键属性中。设置文件不可以读取

ACCESS攻守：防止数据库被下载的几种方法

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

What Are the Limitations of Using Views in MySQL?May 14, 2025 am 12:10 AM

MySQLviewshavelimitations:1)Theydon'tsupportallSQLoperations,restrictingdatamanipulationthroughviewswithjoinsorsubqueries.2)Theycanimpactperformance,especiallywithcomplexqueriesorlargedatasets.3)Viewsdon'tstoredata,potentiallyleadingtooutdatedinforma

Securing Your MySQL Database: Adding Users and Granting PrivilegesMay 14, 2025 am 12:09 AM

ProperusermanagementinMySQLiscrucialforenhancingsecurityandensuringefficientdatabaseoperation.1)UseCREATEUSERtoaddusers,specifyingconnectionsourcewith@'localhost'or@'%'.2)GrantspecificprivilegeswithGRANT,usingleastprivilegeprincipletominimizerisks.3)

What Factors Influence the Number of Triggers I Can Use in MySQL?May 14, 2025 am 12:08 AM

MySQLdoesn'timposeahardlimitontriggers,butpracticalfactorsdeterminetheireffectiveuse:1)Serverconfigurationimpactstriggermanagement;2)Complextriggersincreasesystemload;3)Largertablesslowtriggerperformance;4)Highconcurrencycancausetriggercontention;5)M

MySQL: Is it safe to store BLOB?May 14, 2025 am 12:07 AM

Yes,it'ssafetostoreBLOBdatainMySQL,butconsiderthesefactors:1)StorageSpace:BLOBscanconsumesignificantspace,potentiallyincreasingcostsandslowingperformance.2)Performance:LargerrowsizesduetoBLOBsmayslowdownqueries.3)BackupandRecovery:Theseprocessescanbe

MySQL: Adding a user through a PHP web interfaceMay 14, 2025 am 12:04 AM

Adding MySQL users through the PHP web interface can use MySQLi extensions. The steps are as follows: 1. Connect to the MySQL database and use the MySQLi extension. 2. Create a user, use the CREATEUSER statement, and use the PASSWORD() function to encrypt the password. 3. Prevent SQL injection and use the mysqli_real_escape_string() function to process user input. 4. Assign permissions to new users and use the GRANT statement.

MySQL: BLOB and other no-sql storage, what are the differences?May 13, 2025 am 12:14 AM

MySQL'sBLOBissuitableforstoringbinarydatawithinarelationaldatabase,whileNoSQLoptionslikeMongoDB,Redis,andCassandraofferflexible,scalablesolutionsforunstructureddata.BLOBissimplerbutcanslowdownperformancewithlargedata;NoSQLprovidesbetterscalabilityand

MySQL Add User: Syntax, Options, and Security Best PracticesMay 13, 2025 am 12:12 AM

ToaddauserinMySQL,use:CREATEUSER'username'@'host'IDENTIFIEDBY'password';Here'showtodoitsecurely:1)Choosethehostcarefullytocontrolaccess.2)SetresourcelimitswithoptionslikeMAX_QUERIES_PER_HOUR.3)Usestrong,uniquepasswords.4)EnforceSSL/TLSconnectionswith

MySQL: How to avoid String Data Types common mistakes?May 13, 2025 am 12:09 AM

ToavoidcommonmistakeswithstringdatatypesinMySQL,understandstringtypenuances,choosetherighttype,andmanageencodingandcollationsettingseffectively.1)UseCHARforfixed-lengthstrings,VARCHARforvariable-length,andTEXT/BLOBforlargerdata.2)Setcorrectcharacters

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055612 fails to install in Windows 10?

4 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Nordhold: Fusion System, Explained

4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Mandragora: Whispers Of The Witch Tree - How To Unlock The Grappling Hook

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

SublimeText3 Chinese version

Chinese version, very easy to use

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

SecLists

SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.