Securing Website?

[Kocheace]

I have a question about securing a small website. I have few ASP pages that I am going to use to receive data from remote offices and enter it into a local database that is not on the webserver. I'm using a DSN connection. Is there anyway for someone to be able to hack into the database and do damage?

IT Professional

 

[SIG357]

1. If your db is file based (like MS Access) make sure it is not in a URL addressable area, to prevent unauthorized download.

2. Use asp to restrict access to the actual web app, i.e. if the user's not already logged in, redirect to/display login.

3. In the asp code that accesses the db, make sure you check for field lengths, single quotes, etc. and handle them appropriately to prevent accidental or purposeful harm to the db.

4. If you're serious about security, pipe all of this through a secure channel, i.e. https:// via SSL to prevent the compromise of your users' login credentials.

Do all this, and you'll be pretty secure. On the web, nothing is 100% hack proof, but this will get you close.

 

[Kocheace]

In step three you mention to check field lengths, single quotes etc. I use MAXLENGTH property of the <INPUT TEXT> Element to limit the number of characters. And I'm using a script to make sure that the user enters numbers only. That should be enough to ensure the integrity of the data sent to the database right? The first two steps I have covered. The fourth step...... I'm not too sure if this site requires that.

IT Professional